Final Exam (Chapter 10-18)

____________________________ is the ability of an organization to quickly adapt to disruptions while still maintaining continuous business operations and safeguarding people, assets, and overall brand equity. A. Business resilience B. Business continuity C. Sustain business continuity management D. None of the above

A

Which of the following is a major criteria in designing a biometric system in which the difficulty of circumventing the system should meet a required threshold? A. Circumvention B. Permanence C. Acceptability D. Performance

A. Circumvention

These agreements define a set of service level objectives. These objectives may concern availability, performance, security, and compliance/privacy. A. Cloud service level agreements B. Customer agreement C. Policy agreement D. None of the above

A. Cloud service level agreements

Which of the following are NOT some useful guidelines for developing a change management strategy? A. Cold site, direct attached storage and device emulation and access control B. Critical change, plan the change and document the change C. Communication, maintenance window, change committee D. Test the change, execute the change, keep a record of the change

A. Cold site, direct attached storage and device emulation and access control

Which of the following is not an informational incident? A. Minor informational misunderstanding B. Lead to minor social impact or no social C. Act on ordinary information systems D. Result in minor business loss or no business loss

A. Minor informational misunderstanding

A ________________________ is a contract between a network provider and a customer that defines specific aspects of the service that is to be provided. A. Network provider SLA B. Computer security incident team SLA C. Cloud service provider SLA D. None of the above

A. Network provider SLA

This threat includes the destruction of equipment and data. A. Vandalism B. Equipment mishandling C. Theft D. None of the above

A. Vandalism

These policies describe the different types of information collected; how that information is used, disclosed, and shared; and how the provider protects that information. A. Information policies B. Privacy policies C. Security policies D. Data policies

B

This arises from the fact that cloud service users consume delivered resources through service models, thereby making the customer-built IT system dependent on those services. A. Service provider lock-in B. Responsibility ambiguity C. Loss of governance D. None of the above

B.

ISO 27002 advocates the which of the following ways to protect emails? A. Using file sharing instead of sending sensitive data unencrypted over email B. All of the above C. Obtaining approval prior to using external public services such as instant messaging and social network D. Giving legal consideration, such as requirements for electronic signatures

B. All of the above

These actions may include adjustments in management, technical, and operational areas. This step of implementing the monitoring and reporting function is known as: A. Adjustment actions B. Apply corrective action C. Develop business case D. None of the above

B. Apply corrective action

This threat could prevent end users from being able to send or receive email. A. Confidentiality-related threat B. Availability-related threat C. Integrity-related threat D. Authenticity-related threat

B. Availability-related threat

Which of the following has a wider scope than disaster recovery? A. Business continuity plan B. Business resilience C. Business recovery/restoration D. Business simulation

B. Business resilience

Which of the following is an element of business continuity? A. Accessibility B. Resilience C. Maintenance D. None of the above

B. Resilience

Which of the following is NOT a security control of the provenance family? A. Provenance policy and procedures B. Security management for provenance C. Auditing roles responsible for provenance D. Tracking provenance and developing a baseline

B. Security management for provenance

Which of the following human-caused physical threats measures suggest that it should be strictly on a need basis and preventive measures include using locks and other hardware? A. Theft B. Unauthorized physical access C. Vandalism D. Longer blackouts

B. Unauthorized physical access

This technique searches for exact matches to data loaded from a database, which can include multiple-field combinations, such as name, credit card number, and CVV number. This method is known as: A. Exact data match B. Exact file matching C. Database fingerprinting D. None of the above

C

Which of the following is NOT a objective of a business continuity awareness program? A. Identify external awareness opportunities B. Communicate the implications of not conforming to BCM requirements C. Identify the legal and regulatory requirements for the institution's business D. Identify, acquire or develop awareness

C.

Which of the following is NOT an element of business continuity? A. Resilience B. Contingency C. Accessibility D. Recovery

C. Accessibility

Which of the following is NOT included under the reporting phase in the digital forensics process? A. Alternative explanations B. Analysis explanation C. Audience consideration D. Actionable information

C. Audience consideration

Major criteria in designing a biometric system requires no two people should have identical characteristics? A. Uniqueness B. Individuality C. Distinctiveness D. None of the above

C. Distinctiveness

Which of the following is NOT a key component of cloud services according to the Standards Customer Council? A. Customer agreement B. Acceptable use policy C. Increase governance D. Privacy policies

C. Increase governance

A(an) _______________________ is a firewall that monitors, filters, or blocks data packets as they travel to and from a web application. A. Web application firewall B. Antivirus software C. Intrusion prevention system D. None of the above

C. Intrusion prevention system

Which of the following is NOT a key characteristic of a security architecture A. It consists of a transparent and coherent overview of models, principles, starting points, and conditions that give a concrete interpretation of the information security policy, usually without speaking in terms of specific solutions. B. It reduces a complex problem into models, principles and subproblems that can be understood. C. It must be capable of identifying common types of malware as well as attacker tools D. All of the above

C. It must be capable of identifying common types of malware as well as attacker tools

Which or the following provides a useful way of characterizing the risk of an authentication system by using the concept of authentication assurance level? A. NDIP SP 80 B. NIST SP AAL 63 C. NIST SP 800-63 D. NIST DP 800-63

C. NIST SP 800-63

Which of the following is NOT an important measure that are effective in addressing technical threats? A. Brief power interruptions B. Longer blackouts C. Physical and environmental security D. Electromagnetic interference

C. Physical and environmental security

Which of the following is NOT a typical phase in a digital forensics process? A. Preservation B. Evaluation C. Reporting D. Analysis

C. Reporting

A _________________________________ is an independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. A. Security audit management B. Security audit trail C. Security audit D. None of the above

C. Security audit

One of the key threats for VoIP usage is: A. Integrity-related threat B. Breach of security C. Spam over Internet telephone (SPIT) D. None of the above

C. Spam over Internet telephone (SPIT)

ISO 27002 advocates the which of the following ways to protect emails? A. Protecting messages from unauthorized access, modification, or denial of service commensurate with the classification scheme adopted by the organization. B. Ensuring reliability and availability of the service. C. Ensuring correct addressing and transportation of the message. D. All of the above

D. All of the above

Which of the following key environmental threats of physical security covers damage from a broad range of living organisms, including mold, insects, and rodents? A. Fire and smoke B. Water C. Dust D. Infestation

D. Infestation

Which of the following is NOT a threat to cloud service users? A. Security breach B. Responsibility ambiguity C. Insecure cloud service user access D. Lack of information/asset management

D. Lack of information/asset management

This is the inverse of the encryption algorithm: It uses the ciphertext and the secret key and produces the original plaintext. A. Plaintext B. Encryption algorithm C. Ciphertext D. None of the above

D. None of the above

Which of the following is not a human-caused physical threat measure an organization can counter? A. Unauthorized physical access B. Theft C. Vandalism D. Physical and environmental security

D. Physical and environmental security

When a firewall controls access to a service according to which user is attempting to access it, is known as: A. Service control B. None of the above C. Personal control D. User control

D. User controls

Which of the following is a major vulnerability of password file protection? A. Instead of capturing the system password file, another approach to collecting user IDs and passwords is through sniffing network traffic when a user is trying to log in to an unsecured channel B. A lack of weakness in physical security may aid a hacker C. A hacker may be able to exploit a software vulnerability in the operating system to bypass the access control system long enough to extract password file D. None of the above are major vulnerabilities of password file protection E. All of the above are major vulnerabilities of password file protection

E. All of the above are major vulnerabilities of password file protection

Which of the following is NOT a major criteria in designing a biometric system? A. Universality B. Distinctiveness C. Accessibility D. Performance E. Host attack

E. Host attack

T or F: The NIST SP 800-63 describes the degree of confidence in the registration and authentication processes.

F

DUPLICATE

NEED ANSWER (NOT B)

T or F: One of the policies an organization can ensure effective backup include: derived data should be backed up only if restoration is more efficient than re-creation in the event of failure

T

Which of the following is an overlapping phase focused on fast restoration and recovery of critical business/processes? A. Business recovery/restoration B. Emergency response C. Crisis management D. Simulation

A. Business recovery/restoration

This refers to the scrambled message produced as output. It depends on the plaintext and the secret key. For a given data block, two different keys produce two different ciphertexts. A. Ciphertext B. Decryption algorithm C. Secret key D. None of the above

A. Ciphertext

When the attacker makes repeated failed attempts to access the server, which may cause the server to lock out the legitimate client. This is referred to as: A. Denial of service B. Denial of access C. Denial of data D. None of the above

A. Denial of service

This is all about emulating all network and storage (block) devices that different native drivers in VMs are expecting, mediating access to physical devices by different VMs. A. Device emulation and access control B. Emulation and access management C. Emulation and access of VMs D. None of the above

A. Device emulation and access control

_________________________ is when the attacker gains access to the device and clones it. A. Duplication B. Cloning technique C. Host attack D. None of the above

A. Duplication

Interception of control packets enables an adversary to listen in on an unsecured VoIP call, is known as: A. Eavesdropping B. None of the above C. Theft of service D. Spam over Internet telephone (SPIT)

A. Eavesdropping

SP 800-83 indicates that good malware software has the following capabilities: A. It must scan each file for known malware. Anti-malware software on hosts should be configured to scan all hard drives regularly to identify any file system infections and, optionally, depending on organization security needs, to scan removable media inserted into the host before allowing its use B. Provides users with the accounts and access rights C. Local, regional, or business units make the decisions for all access choices, provisioning, management, and technology D. None of the above

A. It must scan each file for known malware. Anti-malware software on hosts should be configured to scan all hard drives regularly to identify any file system infections and, optionally, depending on organization security needs, to scan removable media inserted into the host before allowing its use

This technique looks for a partial match on a protected document. It involves the use of multiple hashes on portions of the document, such that if a portion of the document is extracted and filed elsewhere or pasted into an email, it can be detected. This technique is known as: A. Partial document matching B. Data matching C. Exact file matching D. None of the above

A. Partial document matching

In this model, the consumer can deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. A. Platform as a service B. Infrastructure as a service C. Software as a service D.None of the above

A. Platform as a service

The enterprise should deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. As a good practice, patches should be applied to all systems. This is known as: A. Remediate vulnerabilities B. Log and report C. Scan for vulnerabilities D. None of the above

A. Remediate vulnerabilities

A_______________________________ is a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a security-relevant transaction from inception to final results. A. Security audit trail B. Security audit C. Security audit management D. None of the above

A. Security audit trail

One of the technical tools used to prevent delivery is a program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents. This program is known as: A. Web application firewall B. Antivirus software C. Web application firewall D. None of the above

B. Antivirus software

Which of the following is a key responsibility of a security coordinator? A. Management needs to address range of issues including product selection B. Coordinate are response to information security risk audit requests as directed C. Secure critical facilities against cyber attack D. None of the above

B. Coordinate are response to information security risk audit requests as directed

Which of the following is an overlapping phase characterized by safeguarding the organization? A. Emergency response B. Crisis management C. Business recovery/restoration D. None

B. Crisis management

In this model, the consumer is provided with processing, storage, network, and other fundamental computing resources where the consumer is able to deploy and run software, which can include operating systems and applications. A. Platform as a service B. Infrastructure as a service C. Software as a service D. None of the above

B. Infrastructure as a service

These are the source of a wide range of environmental threats to data centers, other information processing facilities, and personnel. Which key environmental threat best describe this? A. Inappropriate temperature/humidity B. Natural disasters C. Fire and smoke D. Water

B. Natural disasters

Which of the following is NOT a service model of cloud computing, according to NIST? A. Software as a service B. Private cloud as a service C. Infrastructure as a service D. Platform as a service

B. Private cloud as a service

Which of the following is NOT a key step are involved in vulnerability management? A. Scan for vulnerabilities B. Remove known vulnerabilities C. Remediate vulnerabilities D. Discover known vulnerabilities

B. Remove known vulnerabilities

This refers to a reduction in full control of IT systems. The decision by an enterprise to migrate a part of its own IT system to a cloud infrastructure implies giving partial control to the cloud service providers A. Responsibility ambiguity B. Service provider lock-in C. Loss of trust D. None of the above

B. Service provider lock-in

The attack on password-based authentication in which the attacker uses a popular password and tries it against a wide range of user IDs, is known as: A. Offline dictionary attack B. Specific account attack (or Popular password attack) C. Exploiting multiple password use D. Electronic monitoring

B. Specific account attack (or popular password attack)

The security controls of the provenance family that provides details concerning the tracking process. A. Provenance policy and procedures B. Tracking provenance and developing a baseline C. Auditing roles responsible for provenance D. None of the above

B. Tracking provenance and developing a baseline

The security controls of the provenance family that indicates the role auditing plays in an effective provenance policy. A. Provenance policy and procedures B. Tracking provenance and developing a baseline C. Auditing roles responsible for provenance D. None of the above

C. Auditing roles responsible for provenance

The _______________________________ (AAL) describes the degree of confidence in the registration and authentication processes. A higher level of AAL indicates that an attacker must have better capabilities and expend greater resources to successfully subvert the authentication process. A. Access Assurance Level B. Authentication Access Level C. Authentication Assurance Level D. None of the above

C. Authentication Assurance Level

A firewall controls how particular services are used. For example, the firewall may filter email to eliminate spam, or it may enable external access to only a portion of the information on a local web server. This control is known as the: A. Direction control B. User control C. Behavior control D. Service control

C. Behavior control

What is the fifth step for security compliance monitoring? A. Identify key stakeholders and/or partners across the organization B. Identify key standards, regulations, contractual commitments, and other areas that address specific requirements for security and privacy C. Develop a compliance policy, standard, roles, and responsibilities, and/or procedures in collaboration with other stakeholders D. None of the above

C. Develop a compliance policy, standard, roles, and responsibilities, and/or procedures in collaboration with other stakeholders

Which of the following is a common security threat mentioned in NIST SP 800-123? A. Operational groups should monitor configuration compliance and implement an exception policy tailored to their environment B. This is internal server hard drives that are generally captive to the attached server C. Malicious entities may gain unauthorized access to resources elsewhere in the organization's network via successful attack on the server D. Approved server configuration guides must be established and maintained by each operational group, based on business needs.

C. Malicious entities may gain unauthorized access to resources elsewhere in the organization's network via successful attack on the server

This is about configuring guest VMs and controlling VM states A. Execution management of VMs B. Administration of hypervisor platform and hypervisor software of VM C. Management of VMs (VM life cycle management) D. Execution of privileged operations by hypervisor for guest VMs

C. Management of VMs (VM life cycle management)

This consists of monitoring security performance regularly and reporting to specific audiences, such as executive management. A. Information risk reporting B. Information security compliance monitoring C. Security monitoring and reporting D. None of the above

C. Security monitoring and reporting

In this model, the consumer can use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser. A. Platform as a service B. Infrastructure as a service C. Software as a service D. None of the above

C. Software as a service

Which of the following is not an important SLA? A. Network provider SLA B. Computer security incident team SLA C. Software security executives SLA D. Cloud service provider SLA

C. Software security executives SLA

The change should be tested prior to implementation. This guideline for developing a change management strategy is known as: A. Critical change B. Plan the change C. Test the change D. Execute the change

C. Test the change

Which of the following is NOT an objective for security incident management in ISO 27035-1? A. Information security events are detected and dealt with efficiently. This involves deciding when they should be classified as information security incidents B. After an exploit is discovered and removed, it may be necessary to restore a valid copy of data from a backup C. The adverse effects of information security incidents on the organization and its operations are minimized by appropriate controls as part of incident response D. Information security vulnerabilities are assessed and dealt with appropriately to prevent or reduce incidents

C. The adverse effects of information security incidents on the organization and its operations are minimized by appropriate controls as part of incident response

Which of the following is NOT a human-caused disasters that hamper business continuity A. Theft of equipment B. Accidental equipment breakage C. Unauthorized use of equipment D. Deliberate loss of power supply

C. Unauthorized use of equipment

The attack on password-based authentication in which the attacker waits until a logged-in workstation is unattended, is known as: A. Password guessing against a single use B. Exploiting user mistakes C. Workstation hijacking D. Electronic monitoring

C. Workstation hijacking

Which of the following is NOT a possible threat to possession-based authentication? A. Theft B. Replay C. Workstation hijacking D. None of the above

C. Workstation hijacking

If the attacker can interpose between the token device and the server, this constitutes a man-in-the-middle attack, in which the attacker assumes the role of the client to the server and the server to the client. This possible threat to possession-based authentication is known as: A. Eavesdropping B. Host attack C. Theft D. Replay

D

ISO 27035 classifies security incidents in which of the following ways? A. Emergency B. Critical C. Warning D. All of the above

D. All of the above

ISO 27035-1 lists which of the following objectives for security incident management? A. Information security events are detected and dealt with efficiently. This involves deciding when they should be classified as information security incidents. B. Identified information security incidents are assessed and responded to in the most appropriate and efficient manner. C. The adverse effects of information security incidents on the organization and its operations are minimized by appropriate controls as part of incident response. D. All of the above

D. All of the above

Important measures that are effective in addressing technical threats includes which of the following? A. Brief power interruptions B. Electromagnetic interference C. Longer blackouts or brownouts D. All of the above

D. All of the above

SP 800-161 organizes security controls for SCRM into which of the following categories? A. Access control B. Maintenance C. Risk assessment D. All of the above

D. All of the above

SP 800-161 organizes security controls for SCRM into which of the following categories? A. Awareness and training B. Audit and accountability C. Configuration management D. All of the above

D. All of the above

Security architecture is a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. Its key characteristics are as follows: A. It consists of a transparent and coherent overview of models, principles, starting points, and conditions that give a concrete interpretation of the information security policy, usually without speaking in terms of specific solutions. B. It reduces a complex problem into models, principles and subproblems that can be understood. C. The models and principles show where to take which type of measures, when the principles are applicable, and how the principles connect with other principles. D. All of the above

D. All of the above

Some of the threats to cloud service users are: A. Loss of trust B. Loss of governance C. Responsibility ambiguity D. All of the above

D. All of the above

Which of the following is a common security threat mentioned in NIST SP 800-123? A. Sensitive information on the server may be read by unauthorized individuals or changed in an unauthorized manner. B. Denial-of-service (DoS) attacks may be directed to the server or its supporting network infrastructure, denying or hindering valid users from making use of its services. C. Malicious entities may exploit software bugs in the server or its underlying operating system to gain unauthorized access to the server. D. All of the above

D. All of the above

Which of the following is a key objective of a business continuity awareness program? A. Establish objectives of the business continuity management awareness and training program B. Identify, acquire, or develop awareness tools C. Oversee the deliver of awareness activities D. All of the above

D. All of the above

Which of the following is a key responsibility of a security coordinator? A. Develop the local environment profile B. Determine the best way to implement enterprise security policy in the local environment C. Oversee or coordinate end-user awareness training D. All of the above

D. All of the above

Which of the following is a security performance function? A. Security monitoring and reporting B. Information risk reporting C. Information security compliance monitoring D. All of the above

D. All of the above

Which of the following is a step for security compliance monitoring? A. Identify key stakeholders and/or partners across the organization B. Identify key standards, regulations, contractual commitments, and other areas that address specific requirements for security and privacy C. Develop a prioritized action plan to help organize remedial efforts D. All of the above

D. All of the above

Which of the following is an auditable item suggested in the X.816 model of security audits and alarms? A. Events such as access denials, authentication, and attribute changes B. Individual security services such as authentication results, access control results, non-repudiation, and integrity responses C. Security-related events related to management, such as management operations/notifications D. All of the above

D. All of the above

Which of the following is an effective backup policy an organization can ensure? A. Recovery procedures must be tested on an annual basis. B. At minimum, one fully recoverable version of all data must be stored in a secure offsite location C. Tri level or better, N level redundancy must be maintained at the server level D. All of the above

D. All of the above

Which of the following is one of the best practices for avoiding common security mistakes with IAM? A. Patch promptly to guard against attacks. B. Sensibly encrypt data. C. Deploy multi factor authentication judiciously. D. All of the above

D. All of the above

Which of the following security performance metrics help with implementing the monitoring and reporting function? A. Prepare for data collection B. Collect data and analyze results C. Identify corrective actions D. All of the above

D. All of the above

Which of the following is NOT a good malware software capability of SP 800-83 A. It must be capable of identifying common types of malware as well as attacker tools B. It must be capable of disinfecting and quarantining files. Disinfecting files refers to removing malware from within a file C. It must scan critical host components, such as startup files and boot records D. All of the above are capabilities

D. All of the above are capabilities

Which of the following is a common attack on password-based authentication? A. Offline dictionary attack B. Specific account attack C. Workstation hijacking D. All of the above are common attacks on password-based

D. All of the above are common attacks on password-based

Which one of the following is one of the human-caused physical threats? A. Unauthorized physical access B. Theft C. Vandalism D. All of the above are human-caused physical threats

D. All of the above are human-caused physical threats

Which of the following is a major vulnerability of password file protection? A. An accident of protection or a manual slip might render the password file readable, thus compromising all the accounts. B. Some users may have accounts on other machines in other protection domains, for which they might use the same password. C. A lack of or weakness in physical security may aid a hacker. D. All of the above are major vulnerabilities of password file protection

D. All of the above are major vulnerabilities of password file protection

Human-caused disasters that hamper business continuity include which of the following? A. Deliberate loss of power supply B. Deliberate failure of air conditioning C. Deliberate flood D. All of the answers above

D. All of the answers above

This threat could result in unauthorized disclosure of sensitive information. A. Integrity-related threat B. None of the above C. Authenticity-related threat D. Confidentiality-related threat

D. Confidentiality-related threat

Which of the following is NOT an auditable item suggested in the X.816 model of security audits and alarms? A. Security-related events related to a specific connection, such as connection request/confirmation B.Events such as access denials, authentication, and attribute changes C. Security-related events related to the use of security services such as security service requests D. Events such as user-level audit trail and physical access audit trail

D. Events such as user-level audit trail and physical access audit trail

The attempt to gain unauthorized access over wireless networks. Intrusion detection systems, antivirus software, and firewalls are mitigation techniques, is known as______________________. A. None of the above B. Eavesdropping C. Unauthorized attacks D. Hacker attacks

D. Hacker attacks

Poor performance may be due to an imbalance in the use of access points, insufficient capacity planning, or a denial-of-service (DoS) attack. This is known as A. Traffic analysis eavesdropping B. Hacker attacks C. Physical security deficiencies D. Insufficient network performance

D. Insufficient network performance

Which of the following is NOT one of the best practices for avoiding common security mistakes with IAM? A. Implement portals for accessing the web as SaaS applications using single sign-on (SSO) B. Proactively train staff to spot warning signs of phishing attacks and social engineering C. Patch promptly to guard against attacks D. Search exact matches to data loaded from a database

D. Search exact matches to data loaded from a database