ITM 350 midterm study guide
Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted several subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. If the exposure factor (EF) for a $10 million facility is 20 percent, what is the single loss expectancy (SLE)? Answers: A.$2,000 B.$200,000 C.$2,000,000 D.$20,000
2,000,000 given
Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor (EF)? Answers: A.10 percent B.1 percent C.20 percent D.50 percent
20 % $mill
Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)? Answers: A.$2,000,000 B.$2,000 C.$20,000 D.$200,000
20,000 1%(2,000,000)
Devaki is capturing traffic on her network. She notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? A.80 B.23 C.20 D.22
22 Reason: The Secure Shell (SSH) protocol uses port 22. SSH is a network protocol for performing remote terminal access to another device. SSH encrypts data for maintaining the confidentiality of communications. Port 20 corresponds to the File Transfer Protocol (FTP), which is a cleartext protocol. Port 23 corresponds to the Telnet protocol, which is a cleartext protocol. Port 80 corresponds to the Hypertext Transfer Protocol (HTTP), which is a cleartext protocol.
What network port number is used for unencrypted web-based communication by default?
80
Juan's web server was down for an entire day in April. It experienced no other downtime during that month. What represents the web server uptime for that month? A.96.67% B.3.33% C.1.03% D.99.96%
96.67% reason: April has 30 days, so the web server had 29 days of uptime: 29/30 = 0.9667 or 96.67%.
Devaki is evaluating different biometric systems. She understands that users might not want to subject themselves to retinal scans due to privacy concerns. Which concern of a biometric system is she considering?
Acceptability
Jackson is a cybercriminal. He is attempting to keep groups of a company's high-level users from accessing their work network accounts by abusing a policy designed to protect employee accounts. Jackson attempts to log in to their work accounts repeatedly using false passwords. What security method is he taking advantage of?
Account lockout policies
A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place? A. Birthday attack B. Replay attack C. Phreaking D. Credential harvesting
Credential harvesting
Which attack is typically used specifically against password files that contain cryptographic hashes?
Birthday
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort? A. Disaster recovery plan (DRP) B. Business continuity plan (BCP) C. Service-level agreement (SLA) D. Business impact analysis (BIA)
Business continuity plan (BCP)
A company's IT manager has advised the business's executives to use a method of decentralized access control rather than centralized to avoid creating a single point of failure. She selects a common protocol that hashes passwords with a one-time challenge number to defeat eavesdropping-based replay attacks. What is this protocol?
Challenge-Handshake Authentication Protocol (CHAP)
A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place?
Credential harvesting
Arturo is a network engineer. He wants to implement an access control system in which the owner of the resource decides who can change permissions, and permission levels can be granted to specific users, groups of people in the same or similar job roles, or by project. Which of the following should Arturo choose?
Discretionary access control (DAC)
Maria is using accounting software to compile sensitive financial information. She receives a phone call and then momentarily leaves her desk. While she's gone, Bill walks past her cubicle and sees that she has not locked her desktop and left data exposed. Bill uses his smartphone to take several photos of this data with the intent of selling it to the company's competitor. What access control compromise is taking place?
Eavesdropping by observation
Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do?
Enables a 30-day password change policy
Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution? A. HIPAA B. FISMA C. PCI DSS D. FFIEC
FFIEC
True or False? An information system is a safeguard or countermeasure an organization implements to help reduce risk.
False
True or False? Bluejacking is an attack in which wireless traffic is sniffed between Bluetooth devices.
False
True or False? Corrective controls are implemented to address a threat in place that does not have a straightforward risk-mitigating solution.
False
True or False? Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure webpages.
False
Anya is a cybersecurity engineer for a high-secrecy government installation. She is configuring biometric security that will either admit or deny entry using facial recognition software. Biometric devices have error rates and certain types of accuracy errors that are more easily tolerated depending on need. In this circumstance, which error rate is she likely to allow to be relatively high?
False rejection rate (FRR)
Bob is the information security and compliance manager for a financial institution. Which regulation is most likely to directly apply to Bob's employer? A.Gramm-Leach-Bliley Act (GLBA) B.Federal Information Security Management Act (FISMA) C.Children's Internet Protection Act (CIPA) D.Health Insurance Portability and Accountability Act (HIPAA)
Federal information security management act (FISMA) reason: GLBA requires all types of financial institutions to protect customer's private financial information.
Arturo would like to connect a fibre channel storage device to systems over a standard data network. What protocol should he use? A. Secure Shell (SSH) B. Fibre Channel (FC) C. Internet Small Computer System Interface (iSCSI) D. Fibre Channel over Ethernet (FCoE)
Fibre Channel over Ethernet (FCoE)
Isabella is in charge of the disaster recovery plan (DRP) team. She needs to ensure that data center operations will transfer smoothly to an alternate site in the event of a major interruption. She plans to run a complete test that will interrupt the primary data center and transfer processing capability to a hot site. What option is described in this scenario? A. Parallel test B. Simulation test C. Structured walk-through D. Full-interruption test
Full-interruption test
Carrie is a network technician developing the Internet Protocol (IP) addressing roadmap for her company. While IP version 4 (IPv4) has been the standard for decades, IP version 6 (IPv6) can provide a much greater number of unique IP addresses. Which addressing system should she designate for primary use on her roadmap and why? A. IPv6 is only slowly being adopted. She should make IPv4 the primary addressing scheme in her roadmap until IPv6 is more widely adopted. B. IPv6 is rapidly replacing IPv4 worldwide. She should make IPv6 the primary addressing scheme in her roadmap. C. There will be adequate IPv4 addresses available well into the future. She should make IPv4 the primary addressing scheme. D. Few commercial businesses still use IPv4. She should feature IPv6 strongly in her roadmap rather than have her company fall behind technologically.
IPv6 is only slowly being adopted. She should make IPv4 the primary addressing scheme in her roadmap until IPv6 is more widely adopted.
Keisha is a network administrator. She wants a cloud-based service that will allow her to load operating systems on virtual machines and manage them as if they were local servers. What service is Keisha looking for?
Infrastructure as a Service (IaaS)
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct, which one of the tenets of information security did this attack violate? A.Nonrepudiation B.Integrity C.Confidentiality D.Availability
Integrity
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? A. Payment Card Industry Data Security Standard (PCI DSS) B. Federal Information Security Management Act (FISMA) C. Federal Financial Institutions Examination Council (FFIEC) D. Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
An automatic teller machine (ATM) uses a form of constrained user interface to limit the user's ability to access resources in the system. Specifically for ATMs, which method is being used?
Physically constrained user interfaces
Hajar is developing a business impact assessment for her organization. She is working with business units to determine the target state of recovered data that allows the organization to continue normal processing after a major interruption. Which of the following is Hajar determining? A. Recovery point objective (RPO) B. Recovery time objective (RTO) C. Business recovery requirements D. Technical recovery requirements
Recovery point objective (RPO)
A brute-force password attack and the theft of a mobile worker's laptop are risks most likely found in which domain of a typical IT infrastructure? A.Remote Access Domain B.User Domain C.Local Area Network (LAN) Domain D.Workstation Domain
Remote Access Domain
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of duties
As a follow-up to her annual testing, Isabella would like to conduct quarterly disaster recovery tests. These tests should include role-playing and introduce as much realism as possible without affecting live operations. What type of test should Isabella conduct? A. Checklist test B. Simulation test C. Parallel test D. Structured walk-through
Simulation test
What is an example of two-factor authentication (2FA)?
Smart card and personal identification number (PIN)
Hajar is investigating a denial of service attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? A. Land B. Smurf C. Teardrop D. Cross-site scripting (XSS)
Smurf
Which of the following principles is not a component of the Biba integrity model? A subject may not ask for service from subjects that have a higher integrity level. B. Subjects cannot read objects that have a lower level of integrity than the subject C. Subjects cannot change objects that have a lower integrity level. D. Subjects at a given integrity level can call up only subjects at the same integrity level or lower.
Subjects cannot change objects that have a lower integrity level.
True or False? A data classification standard provides a consistent definition for how an organization should handle and secure different types of data.
True
True or False? Impact refers to the amount of risk or harm caused by a threat or vulnerability that is exploited by a perpetrator.
True
True or False? A social engineering consensus tactic relies on the position that "everyone else has been doing it" as proof that it is okay or acceptable to do.
True
True or False? An IT security policy framework is like an outline that identifies where security controls should be used.
True
True or False? An alteration threat violates information integrity.
True
True or False? Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
True or False? Availability is the tenet of information security that deals with uptime and downtime.
True
True or False? Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
True
True or False? In a browser or uniform resource locator (URL) hijacking attack, users are directed to websites other than what they requested, usually to fake pages that attackers have created.
True
True or False? In a masquerade attack, one user or computer pretends to be another user or computer.
True
True or False? Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
True
True or false: A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.
True
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use? A. Router B. Firewall C. VPN concentrator D. Unified threat management (UTM)
VPN concentrator
Wen is a network engineer. For several months, he has been designing a system of controls to allow and restrict access to network assets based on various methods and information. He is currently configuring the authentication method. What does this method do?
Verifies that requestors are who they claim to be
Which of the following is used to perform a scan of the network and create a network topology chart?
Zenmap
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? Answers: A.Internet Protocol (IP) address spoofing B.Address resolution protocol (ARP) poisoning C.Christmas attack D.Uniform resource locator (URL) hijacking
address resolution protocol (ARP) poisoning
Carl recently joined a new organization. He noticed that the firewall technology used by the firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used? A. Application proxying B. Packet filtering C. Stateful inspection D. Network address translation
application proxy firewall
Maria is writing a policy that defines her organization's data classification standard. The policy designates the IT assets that are critical to the organization's mission and defines the organization's systems, uses, and data priorities. It also identifies assets within the seven domains of a typical IT infrastructure. Which policy is Maria writing? A.Asset protection policy B.Asset classification policy C.Security awareness policy D.Asset management policy
asset classification policy
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? Guideline Policy Procedure Baseline
baseline
Which security model does not protect the integrity of information? Clark-Wilson Brewer-Nash Biba Bell-LaPadula
bell-laPadula
True or False? Common methods used to identify a user to a system include username, smart card, and biometrics.
true
Miriam is a network administrator. She would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? A. Lightweight Extensible Authentication Protocol (LEAP) B. Protected Extensible Authentication Protocol (PEAP) C. Captive portal D. Remote Authentication Dial-In User Service (RADIUS)
captive portal
Rodrigo is a security professional. He is creating a policy that gives his organization control over mobile devices used by employees while giving them some options as to the type of device they will use. Which approach to mobile devices is Rodrigo focusing on in the policy? A. Choose Your Own Device (CYOD) B. Bring Your Own Device (BYOD) C. Company-owned business-only (COBO) D. Company-owned/personally enabled (COPE)
choose your own device (CYOD)
Forensics and incident response are examples of __________ controls. Answers: A.deterrent B.detective C.preventive D.corrective
corrective
Which of the following is the point at which two error rates of a biometric system are equal and is the measure of the system's accuracy expressed as a percentage?
crossover error rate (CER)
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
security kernel
Which type of password attack is used on weak passwords and compares a hashed value of the passwords to the system password file to find a match?
dictionary attack
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
evil twin
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Answers: A.Jamming/interference B.Evil twin C.Near field communication D.Bluesnarfing
evil twin
True or False? A border router can provide enhanced features to internal networks and help keep subnet traffic separate.
false
True or False? A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
false
True or False? A packet-filtering firewall remembers information about the status of a network communication.
false
True or False? A router is a security appliance that is used to filter Internet Protocol (IP) packets and block unwanted packets.
false
True or False? A smart card is an example of a logical access control.
false
True or False? An authentication, authorization, and accounting (AAA) server, such as Remote Authentication Dial-In User Service (RADIUS), is a type of decentralized access control.
false
True or False? An uninterruptible power supply (UPS) is an example of a reactive component of a disaster recovery plan (DRP).
false
True or False? Another name for a border firewall is a demilitarized zone (DMZ) firewall.
false
True or False? Authentication by characteristics/biometrics is based on something you have, such as a smart card, a key, a badge, or either a synchronous or asynchronous token.
false
True or False? Authorization controls include biometric devices.
false
True or False? In mandatory access control (MAC), access rules are closely managed by the security administrator and not by the system owner or ordinary users for their own files.
false
True or False? In most organizations, focusing on smaller issues rather than planning for the most wide-reaching disaster results in a more comprehensive disaster recovery plan.
false
True or False? Internet Protocol version 4 (IPv4) uses the Internet Control Message Protocol (ICMP) within a network to automatically assign an Internet Protocol (IP) address to each computer.
false
True or False? Kerberos is an example of a biometric method.
false
True or False? Passphrases are less secure than passwords.
false
True or False? Regarding data-center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.
false
True or False? Service-level agreements (SLAs) are a common part of the Local Area Network (LAN)-to-Wide Area Network (WAN) Domain of a typical IT infrastructure.
false
True or False? Temporal isolation is commonly used in combination with rule-based access control.
false
True or False? The business continuity plan (BCP) identifies the resources for which a business impact analysis (BIA) is necessary.
false
True or False? The four central components of access control are users, resources, actions, and features.
false
True or False? The number of failed logon attempts that trigger an account action is called an audit logon event.
false
True or False? Voice pattern biometrics are accurate for authentication because voices cannot easily be replicated by computer software.
false
true or false: Configuration changes can be made at any time during a system life cycle and no process is required.
false
true or false: Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.
false
True or False? A phishing attack "poisons" a domain name on a domain name server (DNS).
false Pharming is another type of attack that seeks to obtain personal or private financial information through domain spoofing. A pharming attack doesn't use messages to trick victims into visiting spoofed websites that appear legitimate, however. Instead, pharming "poisons" a domain name on the domain name server (DNS), a process known as DNS poisoning.
True or False? A smishing attack is a type of phishing attack involving voice communication.
false a vishing attack is a type of phishing attack involving voice communication
Dawn is selecting an alternative processing facility for her organization's primary data center. She needs a facility with the least switchover time, even if it's the most expensive option. What is the most appropriate option in this situation? A. Hot site B. Cold site C. Mobile site D. Warm site
hot site
Remote access security controls help to ensure that the user connecting to an organization's network is whom the user claims to be. A username is commonly used for _______, whereas a biometric scan could be used for _______. A.authentication, authorization B.authorization, accountability C.identification, authorization D.identification, authentication
identification, authentication
Maria is a freelance network consultant. She is setting up security for a small business client's wireless network. She is configuring a feature in the wireless access point (WAP) that will allow only computers with certain wireless network cards to connect to the network. This feature filters out the network cards of any wireless computer not on the list. What is this called? A. Service set identifier (SSID) broadcasting B. Uniform Resource Locator (URL) filtering C. Media Access Control (MAC) address filtering D. Subnetting
media access control (MAC) address filtering
Isabella is a network engineer. She would like to strengthen the security of her organization's networks by adding more requirements before allowing a device to connect to a network. She plans to add authentication to the wireless network and posture checking to the wired network. What technology should Isabella use? A. Virtual private network (VPN) B. Virtual LAN (VLAN) C. A demilitarized zone (DMZ) D. Network access control (NAC)
network access control (NAC)
Because network computers or devices may host several services, programs need a way to tell one service from another. To differentiate services running on a device, networking protocols use a(n) ________, which is a short number that tells a receiving device where to send messages it receives. A. ping B. Internet Protocol (IP) address C. Media Access Control (MAC) address D. network port
network port
which type of authentication includes smart cards?
ownership
What is an example of a logical access control?
password
Which one of the following is an example of logical access control? Password Fence Key for a lock Access card
password
Susan is troubleshooting a problem with a computer's network cabling. At which layer of the Open Systems Interconnection (OSI) Reference Model is she working? A. Physical B. Application C. Session D. Presentation
physical
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? A.Policy B.Guideline C.Procedure D.Standard
procedure
Aditya is the security manager for a mid-sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take? A. Avoid B. Accept C. Transfer D. Reduce
reduce
Hakim is a network engineer. He is configuring a virtual private network (VPN) technology that is available only for computers running the Windows operating system. Which technology is it? A. Secure Socket Tunneling Protocol (SSTP) B. OpenVPN C. Internet Protocol Security (IPSec) D. Point-to-Point Tunneling Protocol (PPTP)
secure socket tunneling protocol (SSTP)
There are a large number of protocols and programs that use port numbers to make computer connections. Of the following, which ones do not use port numbers? A. Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) B. Simple Mail Transfer Protocol (SMTP) or Post Office Protocol v3 (POP3) C. Secure Sockets Layer (SSL) or Transport Layer Security (TLS) D. File Transfer Protocol (FTP) data transfer or FTP control
secure sockets layer (SSL) or transport layer security (TLS)
In which type of attack does the attacker attempt to take over an existing connection between two systems? Answers: A.Session hijacking B.Uniform resource locator (URL) hijacking C.Man-in-the-middle attack D.Typosquatting
session hijacking
A ________ is used to identify the part of an Ethernet network where all hosts share the same host address. A. switch B. access point C. router D. subnet mask
subnet mask
On early Ethernet networks, all computers were connected to a single wire, forcing them to take turns on a local area network (LAN). Today, this situation is alleviated on larger networks because each computer has a dedicated wire connected to a ___________ that controls a portion of the LAN. A. server B. firewall C. router D. switch
switch
The availability of commands in the Cisco IOS (Internetwork Operating System) is based on:
the privilege level of the user
Purchasing an insurance policy is an example of the ____________ risk management strategy. Answers: A.accept B.transfer C.reduce D.avoid
transfer
True or False? A Chinese wall security policy defines a barrier and develops a set of rules to ensure that no subject gets to objects on the other side.
true
True or False? A business continuity plan (BCP) directs all activities required to ensure that an organization's critical business functions continue when an interruption occurs that affects the organization's viability.
true
True or False? A degausser creates a magnetic field that erases data from magnetic storage media.
true
True or False? A disaster recovery plan (DRP) is part of a business continuity plan (BCP) and is necessary to ensure the restoration of resources required by the BCP to an available state.
true
True or False? A firewall can be used to segment a network.
true
True or False? A home user connecting to a website over the Internet is an example of a wide area network (WAN) connection.
true
True or False? A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
true
True or False? A network protocol governs how networking equipment interacts to deliver data across the network.
true
True or False? A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded link or opening an email attachment.
true
True or False? A protocol is a set of rules that govern the format of messages that computers exchange.
true
True or False? A threat analysis identifies and documents threats to critical resources, which means considering the types of disasters that are possible and what kind of damage they can cause.
true
True or False? A unified threat management (UTM) device can provide content inspection, where some or all network packet content is inspected to determine whether the packet should be allowed to pass.
true
True or False? A wireless access point (WAP) is the connection between a wired network and wireless devices.
true
True or False? Access control lists (ACLs) are used to permit and deny traffic in an Internet Protocol (IP) router.
true
True or False? Anti-malware programs and firewalls cannot detect most phishing scams because the scams do not contain suspect code.
true
True or False? Authentication by action is based on something you do, such as typing.
true
True or False? Authentication by knowledge is based on something the user knows, such as a password, passphrase, or personal identification number (PIN).
true
True or False? Authentication controls include passwords and personal identification numbers (PINs).
true
True or False? Changes to external requirements, such as legislation, regulation, or industry standards, that require control changes can result in a security gap for an organization.
true
True or False? Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
true
True or False? Cryptography is the practice of making data unreadable.
true
True or False? Each layer of the Open Systems Interconnection (OSI) Reference Model needs to be able to talk to the layers above and below it.
true
True or False? Encrypting data within databases and storage devices gives an added layer of security.
true
True or False? For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public-domain categories.
true
True or False? If a company informs employees that email sent over the company's network is monitored, the employees can no longer claim to have an expectation of privacy.
true
True or False? Log files are one way to prove accountability on a system or network.
true
True or False? Mobile device management (MDM) includes a software application that allows organizations to monitor, control, data wipe, or data delete business data from a personally owned device.
true
True or False? OCTAVE is an approach to risk-based strategic assessment and planning.
true
True or False? Physically disabled users might have difficulty with biometric system accessibility, specifically with performance-based biometrics.
true
True or False? Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.
true
True or False? Screen locks are a form of endpoint device security control.
true
True or False? Single sign-on (SSO) can provide for greater security because with only one password to remember, users are generally willing to use stronger passwords.
true
True or False? Storage segmentation is a mobile device control that physically separates personal data from business data.
true
True or False? The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.
true
True or False? The Local Area Network (LAN) Domain of a typical IT infrastructure includes both physical network components and logical configuration of services for users.
true
True or False? The Local Area Network (LAN)-to-Wide Area Network (WAN) Domain is where the IT infrastructure links to a WAN and the Internet.
true
True or False? The recovery time objective (RTO) expresses the maximum allowable time in which to recover the function after a major interruption.
true
true or false: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
true
true or false: Failing to prevent an attack all but invites an attack.
true
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? A.Vishing B.Urgency C.Authority D.Whaling
urgency
In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy? A.Local Area Network (LAN) Domain B.System/Application Domain C.Workstation Domain D.User Domain
user domain
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered? A. Vulnerability B. Impact C. Threat D. Risk
vulnerability
