final3
Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating?
Blacklisting
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
Business continuity plan (BCP)
What is not a privacy principle created by the Organisation for Economic Co-operation and Development (OECD)?
An organization should share its information.
Maria is writing a policy that defines her organization's data classification standard. The policy designates the IT assets that are critical to the organization's mission and defines the organization's systems, uses, and data priorities. It also identifies assets within the seven domains of a typical IT infrastructure. Which policy is Maria writing?
Asset classification policy
Juan's web server was down for an entire day in April. It experienced no other downtime during that month. What represents the web server uptime for that month?
96.67%-April has 30 days, so the web server had 29 days of uptime: 29/30 = 0.9667 or 96.67%.
Testimonial evidence is often the most important evidence in court because it provides relevance for other types of evidence
True
Today's mobile devices almost all run with either iOS or Android
True
True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource
True
True or False? A computer virus is an executable program that attaches to, or infects, other executable programs
True
True or False? A port-scanning tool enables an attacker to escalate privileges on a network server
True
True or False? Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily
True
True or False? Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents
True
True or False? Security breaches perpetrated by current and former employees often go undetected due to weak personnel and security policies or ineffective countermeasures
True
True or False? Spyware does not use cookies.
True
True or False? The User Domain of a typical IT infrastructure defines the people and processes that access an organization's information systems
True
True or False? The term "computer crime" typically refers to crimes that target computer resources, either data that computers store or the services they provide (or both).
True
In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy?
User
Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?
Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk
In which type of computer crime do cybercriminals engage in activities to either impersonate victims or to convince victims to carry out transactions that benefit the criminals, with a focus on extracting revenue from victims?
Online fraud
Gwen's company is planning to accept credit cards over the Internet. What governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?
Payment Card Industry Data Security Standard (PCI DSS
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?
Payment Card Industry Data Security Standard (PCI DSS)
A computing device does not play which role in a crime?
Perpetrator
Jermaine is a security administrator for his company. He is developing a defense against attacks based on network-mapping methods. He prevents the Internet Control Message Protocol (ICMP) from operating to stop attackers from using ping packets to discover the network layout, but he must also guard against operating system fingerprinting since many attacks are tailored to specific operating systems. What must Jermaine be concerned about?
Port mapping- With operating system fingerprinting, an attacker uses port mapping to learn which operating system and version are running on a computer.
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
Procedure
The FAT32 and NTFS file systems are associated with which of the following?
Windows; ext3 and ext4 for Linux, and APFS for macOS.
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
XSS cross script
What is the least likely goal of an information security awareness program?
Punish users who violate policy
Which data source comes first in the order of volatility when conducting a forensic investigation?
Random access memory (RAM)
Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs?
Reciprocal agreement with another school district
A brute-force password attack and the theft of a mobile worker's laptop are risks most likely found in which domain of a typical IT infrastructure?
Remote Access Domain
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose?
Remote Access Tool (RAT)
From a security perspective, what should organizations expect will occur as they become more dependent on the Internet of Things (IoT)?
Security risks will increase.
Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting?
Security testing
As a follow-up to her annual testing, Isabella would like to conduct quarterly disaster recovery tests. These tests should include role-playing and introduce as much realism as possible without affecting live operations. What type of test should Isabella conduct?
Simulation test
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered?
Slow virus
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?
Software as a Service (SaaS)
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
Spear phishing
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database?
Structured Query Language (SQL) injection
Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred
Text Information
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter?
Trojan Horse
A Faraday bag stops any electromagnetic emanations from passing into or out of the bag, preventing a mobile device from communicating with the outside world.
True
A hash function is a mathematical function that takes arbitrary data as input and returns a fixed-length output (number).
True
A primary concern for collected evidence is the preservation of its collected state, which means assurance that evidence remains unchanged from its state when it was collected
True
Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner?
Clustering
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent node (CN)
All types of evidence are subject to the chain of custody procedures
True
An example of a nonaccess computer crime is crashing a target's critical functionality to prevent normal (revenue-creating) processes from occurring
True
Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution?
FFIEC
True or False? A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
False
True or False? System infectors are viruses that attack document files containing embedded macro programming capabilities.
False
E-discovery is an iterative process of examining storage media, searching for items of interest, identifying likely items that may have value as evidence, and then recovering those items
True
The macOS operating system uses the ext3 or ext4 file systems
False. APFS
The process of collecting evidence is called evidence preservation.
False; acquisition
Oscar is a digital forensic specialist. He has been given a suspect hard disk that has been physically damaged. He wants to try to recover data. What is the first step he should take?
He should install the disk in a test system. Doing this would show whether the original system was the problem.
Dawn is selecting an alternative processing facility for her organization's primary data center. She needs a facility with the least switchover time, even if it's the most expensive option. What is the most appropriate option in this situation?
Hot site
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct, which one of the tenets of information security did this attack violate?
Integrity (unauthorized user made a change to information stored in a protected system. The integrity tenet requires that only authorized users have the ability to change information.)
Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?
Kali Linux
Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?
Macro virus
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller
botnets
True or False? Attackers have established thousands of botnets, which they use to distribute malware and spam and to launch denial of service (DoS) attacks against organizations or even countries
botnets
The ________ establishes that evidence was collected and handled using proper techniques and procedures, which is also a trusted method to determine the ________, or point of origin, of a piece of evidence.
chain of custody, provenance
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD).
disaster
True or False? A rootkit is a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
true
True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses
true
True or False? The function of homepage hijacking is to change a browser's homepage to point to the attacker's site
true
An effective audit report gets right to the point and often begins with a summary followed by the details. Because the summary may find its way outside the organization's leadership, what should auditors take care not to do?
Expose security weaknesses
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Extensible Markup Language (XML) injection
Cyberterrorism is the use of online media and assets to harass individuals.
F, cyberstalking
True or False? Hijacking refers to the use of social engineering to obtain access credentials, such as usernames and passwords
false
Because __________, auditing every part of an organization and extending into all outsourcing partners may not be possible
of resource constraints
Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _________________, except that, unlike Leola, they would not have consent to perform this action against the system
penetration testing