Final

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What information should an auditor share with the client during an exit interview?

Details on major issues

What is a key principle of risk management programs?

Don't spend more to protect an asset than it is worth.

What protocol is responsible for assigning IP addresses to hosts on most networks?

Dynamic Host Configuration Protocol (DHCP)

Which recovery site option provides readiness in minutes to hours?

Hot site

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?

Presentation

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan horse

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

What type of firewall security feature limits the volume of traffic from individual hosts?

Flood guard

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Honeypot

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic virus

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

Qualitative

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

What firewall approach is shown in the figure?

Screened subnet

What is NOT an effective key distribution method for plaintext encryption keys?

Unencrypted email

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Virtual LAN (VLAN)

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

Vulnerability

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Application proxying

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

What standard is NOT secure and should never be used on modern wireless networks?

Wired Equivalent Privacy (WEP)

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy (WEP)

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

disaster

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?

25

What is the maximum value for any octet in an IPv4 IP address?

255

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

443

Which information security objective allows trusted entities to endorse information?

Certification

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

Which security testing activity uses tools that scan for services running on systems?

Network mapping

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Nonrepudiation

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

Reduce

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

SOC 3

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?

Spear phishing

Which type of virus targets computer hardware and software startup functions?

System infector

Which type of cipher works by rearranging the characters in a message?

Transposition


Set pelajaran terkait

Chapter 4 (page 77) - Calculate Correct and Incorrect Rates of Response When Assessing Skill Development

View Set

Lewis Chapter 54 male reproductive disorders cancer

View Set

(Health) Chapter 1: Field Underwriting Procedures

View Set

Assessment Chapter 12: Assessment of Aptitude

View Set

Wrist and Hand MSK with a few Case Studies

View Set

HA 315 - Intro to Health Assessment

View Set