Information Security Fundamentals CIST 1401: Chapters 9-15

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Information Systems Security Certification Consortium, Inc. (ISC)2 is the baseline for federal and DoD work-role definitions. a) True b) False

b) False

Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address. a) True b) False

b) False

Master's programs are generally broad and don't focus on a particular field of study. a) True b) False

b) False

Which type of virus targets computer hardware and software startup functions? a) Hardware infector b) System infector c) File infector d) Data infector

b) System infector

Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message? a) Alice's public key b) Alice's private key c) Bob's public key d) Bob's private key

c) Bob's public key

The purpose of continuing education is to provide formal training courses that lead to a certificate or professional certification and NOT a degree. a) True b) False

a) True

What wireless security technology contains significant flaws and should never be used? a) Wired Equivalent Privacy (WEP) b) Wi-Fi Protected Access (WPA) c) WPA2 d) Remote Authentication Dial-In User Service (RADIUS)

a) Wired Equivalent Privacy (WEP)

Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees? a) Monthly b) Semi-annually c) Annually d) Biannually

c) Annually

A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is. a) True b) False

a) True

The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN). a) True b) False

a) True

The HealthCare Certified Information Security and Privacy Practitioner (HCISPP) credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations. a) True b) False

a) True

The National Institute of Standards and Technology (NIST) 800 Series publications cover all NIST-recommended procedures for managing information security. a) True b) False

a) True

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? a) Whois b) Simple Network Management Protocol (SNMP) c) Ping d) Domain Name System (DNS)

a) Whois

Continuing professional education (CPE) credits typically represent ________ minutes of classroom time per CPE unit. a) 30 b) 50 c) 60 d) 120

b) 50

How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? a) 7 b) 8 c) 9 d) 10

b) 8

What program, released in 2013, is an example of ransomware? a) BitLocker b) Crypt0L0cker c) FileVault d) CryptoVault

b) Crypt0L0cker

A border router can provide enhanced features to internal networks and help keep subnet traffic separate. a) True b) False

b) False

DoD Directive 8570.01 is a voluntary certification requirement. a) True b) False

b) False

Federal agencies fall under the legislative branch of the U.S. government. a) True b) False

b) False

IP addresses are eight-byte addresses that uniquely identify every device on the network. a) True b) False

b) False

Sarbanes-Oxley Act (SOX) Section 404 compliance requirements are highly specific. a) True b) False

b) False

Symantec offers vendor-neutral certifications as well as certifications for its product lines. a) True b) False

b) False

The Centers for Medicare & Medicaid Services (CMS) investigates and responds to complaints from people who claim that a covered entity has violated the Health Insurance Portability and Accountability Act (HIPAA). a) True b) False

b) False

What federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries? a) National Security Administration (NSA) b) National Institute of Standards and Technology (NIST) c) Department of Defense (DoD) d) Federal Communications Commission (FCC)

b) National Institute of Standards and Technology (NIST)

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking? a) Integrity b) Availability c) Accounting d) Confidentiality

d) Confidentiality

A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment? a) Servers b) Workstations c) Printers d) Personally owned devices

d) Personally owned devices

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances? a) Addressable b) Standard c) Security d) Required

d) Required

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? a) Router b) Hub c) Access point d) Switch

d) Switch

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? a) Alice's public key b) Alice's private key c) Bob's public key d) Bob's private key

a) Alice's public key

Distance learning is another term for online study. a) True b) False

a) True

A digitized signature is a combination of a strong hash of a message and a secret key. a) True b) False

b) False

The main goal of the Gramm-Leach-Bliley Act (GLBA) is to protect investors from financial fraud. a) True b) False

b) False

Under the Health Insurance Portability and Accountability Act (HIPAA), a security incident is any impermissible use or disclosure of unsecured PHI that harms its security or privacy. a) True b) False

b) False

You must always use the same algorithm to encrypt information and decrypt the same information. a) True b) False

b) False

What certification organization began as an offshoot of the SANS Institute training programs? a) International Information Systems Security Certification Consortium, Inc. (ISC)2 b) CompTIA c) Certified Internet Webmaster (CIW) d) Global Information Assurance Certification (GIAC)

d) Global Information Assurance Certification (GIAC)

What organization offers a variety of security certifications that are focused on the requirements of auditors? a) International Information Systems Security Certification Consortium, Inc. (ISC)2 b) CompTIA c) Global Information Assurance Certification (GIAC) d) ISACA

d) ISACA

Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time? a) Certificate revocation list (CRL) b) International Data Encryption Algorithm (IDEA) c) Transport Layer Security (TLS) d) Online Certificate Status Protocol (OCSP)

d) Online Certificate Status Protocol (OCSP)

__________ is a continuous process designed to keep all personnel vigilant. a) Awareness b) Training c) Education d) Professional development

a) Awareness

What mathematical problem forms the basis of most modern cryptographic algorithms? a) Factoring large primes b) Traveling salesman problem c) Quantum mechanics d) Birthday problem

a) Factoring large primes

Which approach to cryptography provides the strongest theoretical protection? a) Quantum cryptography b) Asymmetric cryptography c) Elliptic curve cryptography d) Classic cryptography

a) Quantum cryptography

Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC)2 certification. Which certification is most appropriate for his needs? a) Systems Security Certified Practitioner (SSCP) b) Certified Information Systems Security Professional (CISSP) c) Certified Secure Software Lifecycle Professional (CSSLP) d) Certified Cloud Security Professional (CCSP)

a) Systems Security Certified Practitioner (SSCP)

A GIAC credential holder may submit a technical paper that covers an important area of information security. If the paper is accepted, it adds the Gold credential to the base GIAC credential. a) True b) False

a) True

A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks. a) True b) False

a) True

An algorithm is a repeatable process that produces the same result when it receives the same input a) True b) False

a) True

An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage. a) True b) False

a) True

Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses. a) True b) False

a) True

Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily. a) True b) False

a) True

The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems. a) True b) False

b) False

The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies. a) True b) False

b) False

The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements. a) True b) False

b) False

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working? a) Application b) Presentation c) Session d) Data Link

b) Presentation

What is the only unbreakable cipher when it is used properly? a) Rivest-Shamir-Adelman (RSA) b) Vernam c) Elliptic Curve Diffie-Hellman in Ephemeral mode (ECDHE) d) Blowfish

b) Vernam

What is the maximum value for any octet in an IPv4 IP address? a) 65 b) 129 c) 255 d) 513

c) 255

Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals? a) Chief information officer (CIO) b) Chief technology officer (CTO) c) Chief information security officer (CISO) d) Chief financial officer (CFO)

c) Chief information security officer (CISO)

Vincent recently went to work for a hospital system. He is reading about various regulations that apply to his new industry. What law applies specifically to health records? a) Health Insurance Portability and Accountability Act (HIPAA) b) Sarbanes-Oxley (SOX) Act c) Payment Card Industry Data Security Standard (PCI DSS) d) Gramm-Leach-Bliley Act (GLBA)

a) Health Insurance Portability and Accountability Act (HIPAA)

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? a) Polymorphic virus b) Stealth virus c) Cross-platform virus d) Multipartite virus

a) Polymorphic virus

What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012? a) Senior System Manager b) System Administrator c) Information Assurance Officer d) Risk Analyst

a) Senior System Manager

In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system. a) True b) False

a) True

Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer. a) True b) False

a) True

Many security training courses specifically prepare students for certification exams. a) True b) False

a) True

Master of science (MS) degree programs prepare a student to enter the field of information security and perform the work of securing systems. a) True b) False

a) True

Network access control (NAC) works on wired and wireless networks. a) True b) False

a) True

One requirement of the GIAC Security Expert (GSE) credential is that candidates must hold three GIAC credentials, with two of the credentials being Gold. a) True b) False

a) True

A packet-filtering firewall remembers information about the status of a network communication. a) True b) False

b) False

A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information. a) True b) False

b) False

Advantages of self-study programs include self-motivation, low-cost, and interaction with other students or an instructor. a) True b) False

b) False

What type of security communication effort focuses on a common body of knowledge? a) Emails b) Acceptable use policy (AUP) c) Education d) Professional development

c) Education

Whereas a master of science (MS) program prepares students to perform information security work, a master of business administration (MBA) program prepares students to manage and maintain the people and environment of information security. a) True b) False

a) True

Another name for a border firewall is a DMZ firewall. a) True b) False

b) False

What type of malicious software allows an attacker to remotely control a compromised computer? a) Worm b) Polymorphic virus c) Remote Access Tool (RAT) d) Armored virus

c) Remote Access Tool (RAT)

The (ISC)2 Systems Security Certified Practitioner (SSCP) credential covers the seven domains of best practices for information security. a) True b) False

a) True

Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow? a) 143 b) 443 c) 989 d) 3389

d) 3389

Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? a) Teardrop b) Land c) Smurf d) Cross-site scripting (XSS)

c) Smurf

What type of malware does NOT have an anti-malware solution and should be covered in security awareness training? a) Ransomware c) Zero-day c) Virus d) Worm

c) Zero-day

Product cipher is an encryption algorithm that has no corresponding decryption algorithm. a) True b) False

b) False

Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system? a) Family Educational Rights and Privacy Act (FERPA) b) Federal Information Security Management Act (FISMA) c) Gramm-Leach-Bliley Act (GLBA) d) Sarbanes-Oxley (SOX) Act

b) Federal Information Security Management Act (FISMA)

Which of the following programs requires passing a standardized examination that is based upon a job-task analysis? a) Certificate of completion b) Professional certification c) Bachelor's degree d) Doctoral degree

b) Professional certification

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? a) Hypertext Transfer Protocol (HTTP) b) Transmission Control Protocol (TCP) c) Internet Control Message Protocol (ICMP) d) User Datagram Protocol (UDP)

c) Internet Control Message Protocol (ICMP)

Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her? a) Certified Information Systems Security Professional (CISSP) b) GIAC Security Expert (GSE) c) Security+ d) CompTIA Advanced Security Practitioner (CASP)

c) Security+

What level of academic degree requires the shortest period of time to earn and does NOT require any other postsecondary degree as a prerequisite? a) Bachelor's degree b) Master's degree c) Doctoral degree d) Associate's degree

d) Associate's degree

Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices? a) CISSP b) CCIE c) Security+ d) CCSA

d) CCSA

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? a) Blacklisting b) Context-based screening c) Packet filtering d) Whitelisting

d) Whitelisting

Spyware does NOT use cookies. a) True b) False

b) False

Which of the following is NOT an advantage to undertaking self-study of information security topics? a) Self-motivation b) Flexible materials c) Fixed pace d) Low cost

c) Fixed pace

RSA is a global provider of security, risk, and compliance solutions for enterprise environments. a) True b) False

a) True

Security awareness training should remind employees to ensure confidentiality by not leaving any sensitive information or documents on their desks. a) True b) False

a) True

The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service. a) True b) False

a) True

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks. a) True b) False

b) False

Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals? a) Certified Authorization Professional (CAP) b) Certified Cloud Security Professional (CCSP) c) Certified Information Systems Security Professional (CISSP) d) Systems Security Certified Practitioner (SSCP)

c) Certified Information Systems Security Professional (CISSP)

A certificate of completion is a document that is given to a student upon completion of a continuing education program and is signed by the instructor. a) True b) False

a) True

A certification is an official statement that validates that a person has satisfied specific job requirements. a) True b) False

a) True

Compliance not only includes the actual state of being compliant, but it also includes the steps and processes taken to become compliant. a) True b) False

a) True

Integrity-checking tools use cryptographic methods to make sure nothing and no one has modified the software. a) True b) False

a) True

It is common for rootkits to modify parts of the operating system to conceal traces of their presence. a) True b) False

a) True

Juniper Networks offers vendor-specific certifications. a) True b) False

a) True

The Payment Card Industry (PCI) Council has only one priority: to assist merchants and financial institutions in understanding and implementing standards for security policies, technologies, and ongoing processes that protect their payment systems from breaches and theft of cardholder data. a) True b) False

b) False

What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act? a) Non-profit organizations b) Publicly traded companies c) Government agencies d) Privately held companies

b) Publicly traded companies

Taylor is a security professional working for a retail organization. She is hiring a firm to conduct the Payment Card Industry Data Security Standard (PCI DSS) required quarterly vulnerability scans. What credential should she seek in a vendor? a) Qualified security assessor (QSA) b) Self-assessment vendor (SAV) c) Approved scanning vendor (ASV) d) Independent Scanning Assessor (ISA)

c) Approved scanning vendor (ASV)

What is the highest level of academic degree that may be earned in the field of information security? a) Bachelor of science (BS) b) Master of business administration (MBA) c) Doctor of philosophy (PhD) d) Master of science (MS)

c) Doctor of philosophy (PhD)


Set pelajaran terkait

ECON 2105: Principles of Macroeconomics Final Exam Copy

View Set

Cell Membrane Homework Mastering Biology

View Set

Switched Digital Video Overview and Components

View Set

Financial Accounting Midterm Exam

View Set