Security+ Chapters 17-25
True
A common technical mistake during initial response to an incident includes "killing" rogue processes.
True
A key security methodology revolves around the attempt to avoid a single point of failure in critical functions within an organization.
Statutory law
A law that is passed by a legislative branch of government is known as a(n)
Documentary evidence
Business records, printouts, and manuals are which type of evidence?
Free space
Clusters that are marked by the operating system as usable is referred to as
False
Falsifying header information is not covered by the CAN-SPAM Act.
Real evidence
Tangible objects that prove or disprove fact are what type of evidence?
Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications
The Electronic Communications Privacy Act (ECPA) of 1986
Protects K-12 student records from being accessed by anyone other than the student or student?s parents
The Family Education Records and Privacy Act of 1974
Affects the financial industry and contains significant privacy provisions for individuals
The Gramm-Leach-Bliley Act is a major piece of legislation that
Spear phishing attack
Which is the BEST example of a threat vector?
Hard drive
Which of the following has the least volatile data?
True
A reverse DNS lookup fights off bogus mail senders because it verifies the sender's email address before accepting the email
residual risk
A risk that remains after implementing controls is termed a(n) ____________________.
FERPA
A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school. The principle may have violated which law?
False
JavaScript is part of the Java environment.
True
RAID increases reliability through the use of redundancy.
False
Restoration from a full backup is a complex process.
False
Since developers create and enhance programs, they should be able to install them on the production system.
False
When deleted, a file is removed from its original place on the storage device and is only available in the recycle bin.
RAID 5
Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives?
RAID 0
Which RAID configuration, known as striped disks, simply spreads the data that would be kept on the one disk across several disks?
Warm site
Which alternative site is designed to be operational within a few days?
Warm site
Which alternative site is partially configured, usually having peripherals and software, but perhaps not the more expensive main processing components?
Remote administration Trojan (RAT) attack
Which attack involves the planting of software in the victim?s network, creating network backdoors and tunnels to allow stealth access to its infrastructure?
Cross-site scripting attack
Which attack is a code injection attack in which an attacker sends code in response to an input request?
Buffer overflow
Which attack is the most common exploit used to hack into software?
ALE
Which calculated value determines the threshold for evaluating the cost/benefit ratio of a given countermeasure?
China
Which country has a long reputation of poor privacy practices?
Management of risks associated with technology in its many forms
Which description is an example of a business risk?
Endangerment of staff or customers
Which event is an example of a tangible impact?
A linear, multistep process
Which feature characterizes the waterfall model?
SLE = asset value (AV) x exposure factor (EF)
Which formula represents the single loss expectancy (SLE)?
Watering hole attack
Which infection method involves planting malware on a Web site that the victim employees will likely visit?
User Rights encryption of data Locked rooms
Which is a risk mitigation factor to protect against data loss?
FACTA
Which law mandates that information that is no longer needed must be properly disposed of, either by burning, pulverizing, or shredding?
CAN-SPAM Act
Which law regulates unsolicited commercial e-mail?
A standard keyboard
Which of the following would NOT be considered an asset that should be included in a risk assessment?
Disaster recovery plan (DRP)
Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?
TCP port 443
Which port is used by HTTPS?
PCI DSS
Which standard provides guidance on the elements of a credit card transaction that needs protection and the level of expected protection?
A low-impact exposure incident only involves repairing the broken system
Which statement applies to a low-impact exposure incident?
Fuzzing
Which technique can be used to find potentially exploitable buffer overflows, without any specific knowledge of the coding?
Vulnerabilities
Which term describes characteristics of resources that can be exploited by a threat to cause harm?
Exposure factor (EF)
Which term is a measure of the magnitude of loss of an asset?
Load balancing
Which term is a mechanism where traffic is directed to identical servers based on availability?
Risk
Which term refers to the possibility of suffering harm or loss?
Mean time to failure
Which term refers to the predicted average time that will elapse before failure (or between failures) of a system (generally referring to hardware components)?
Incident management
Which term refers to the process responsible for managing the lifecycle of all incidents?
Kill chain
Which term refers to the targeting of specific steps of a multistep process with the goal of disrupting the overall process?
MTTF and MTTR (Mean Time to Failure and Mean Time to Repair)
Which two values are needed to calculate availability?
Hot site
Which type of alternative site is a fully configured environment that is similar to the normal operating environment and can be operational immediately or within a few hours, depending on its configuration and the needs of the organization?
SQL injection
Which type of attack is particularly targeted against databases?
Code injection
Unvalidated input that changes the code functioning in an unintended way is which type of coding error?
A value that can determine if a file stream has been changed (Ex: Hash)
What is a message digest?
Software that can destroy or modify files when commands are executed on the computer
What is a software bomb?
Do no harm.
What is the first rule of incident response investigation?
To restore the system to its previous operating condition
What is the primary goal of a backout plan?
To enable modifications with minimum disruption to IT services
What is the primary objective of change management?
To return the IT service to users as quickly as possible
What is the primary objective of incident management?
The team should confirm the existence, scope, and magnitude of the event and then respond accordingly.
What should an incident response team do when they are notified of a potential incident?
True
Click fraud is an example of computer-based fraud that deals with Internet advertising.
CVE by Mitre Corporation
Enumerations of known software weaknesses and vulnerabilities have been compiled and published here:
Hearsay rule
Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, falls under which rule of evidence?
Relevant evidence
Evidence that is material to the case or has bearing on the matter at hand is known as
True
Export control rules for encryption technologies fall under the Wassenaar Arrangement.
False
FTP encrypts traffic by default.
False
The archive bit is cleared in a differential backup.
True
The impact of an event is a measure of the actual loss when a threat exploits a vulnerability.
True
The space allocated by the operating system for a file that is left over in a cluster is called slack space.
threat actor
This is the entity behind a threat
300
A local library has reported they experienced a failure of a $600 laser printer every other year. What is the ALE for laser printers?
A zero-day vulnerability
A newly discovered vulnerability has no patch. This is known as:
False
As part of configuration identification, a baseline serves as a foundation for comparison or measurement.
True
As part of configuration identification, a baseline serves as a foundation for comparison or measurement.
False
Backups can prevent a security event from occurring.
The complexity of cloud-based and virtualized systems can increase risk exposure.
From a risk perspective, which basic consideration applies to cloud computing?
Most APTs begin through a phishing or spear phishing attack.
How do most advanced persistent threats (APTs) begin?
With the erection of firewalls that restrict communication between machines
How is quarantine accomplished?
False
In order to identify a specific individual, the entire set of PII must be disclosed.
opt-out; opt-in
In the United States the primary path to privacy is _______________. In Europe the primary path to privacy is _______________
Requirements phase
In the secure development lifecycle, in which phase must the specific security needs of software being developed be defined?
White-box testing
In this testing model, the test team has access to the design and coding elements
Extends the tap and trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet
One characteristic of the USA Patriot Act of 2001 is that it
False
Oral testimony that proves a specific fact is considered real evidence.
True
POP3S uses port 995 for transmission.
International arrangement on export controls for conventional arms, dual-use goods, and technologies
The Wassenaar Arrangement can be described as a(n)
Recovery Time Objective (RTO)
This describes the target time set for resumption of operations after an incident
Computer trespass
_____________ is the unauthorized entry into a computer system via any means
