Security Class Midterm Exam

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

Which activity manages the baseline settings for a system or device?

Configuration Control

Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?

Crossover error rate (CER)

A hardware configuration chart should NOT include copies of software configurations.

False

An attacker uses exploit software when wardialing.

False

Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.

False

Deterrent controls identify that a threat has landed in your system.

False

Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.

False

Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files.

False

The anti-malware utility is one of the most popular backdoor tools in use today.

False

Vishing is a type of wireless network attack.

False

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Formatting

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

Which group is the most likely target of a social engineering attack?

Receptionists and administrative assistants

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

Security Kernel

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM)

Which one of the following is NOT an example of store-and-forward messaging?

Telephone call

A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

True

A personnel safety plan should include an escape plan.

True

Fencing and mantraps are examples of physical controls.

True

Fingerprints, palm prints, and retina scans are types of biometrics.

True

In remote journaling, a system writes a log of online transactions to an offsite location.

True

Screen locks are a form of endpoint device security control.

True

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.

True

The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.

True

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Typosquatting

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?

Urgency

Which one of the following is the best example of an authorization control?

Access control lists

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?

Address Resolution Protocol (ARP) poisoning

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?

BYOD

What information should an auditor share with the client during an exit interview?

Details on major issues

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

Configuration changes can be made at any time during a system life cycle and no process is required.

False

During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.

False

IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge.

False

Jake has been asked to help test the business continuity plan at an offsite location while the system at the main location is shut down. He is participating in a parallel test.

False

Mandatory vacations minimize risk by rotating employees among various systems or duties.

False

Most enterprises are well prepared for a disaster should one occur.

False

The auto industry has not yet implemented the Internet of Things (IoT).

False

The four central components of access control are users, resources, actions, and features.

False

Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet?

Internet Engineering Task Force

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of understanding (MOU)

Which one of the following is an example of a reactive disaster recovery control?

Moving to a warm site

Which type of authentication includes smart cards?

Ownership

Which one of the following is an example of a logical access control?

Password

Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?

Payment Card Industry Data Security Standard (PCI DSS)

Which tool can capture the packets transmitted between systems over a network?

Protocol analyzer

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

Any component that, if it fails, could interrupt business processing is called a single point of failure (SPoF).

True

Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.

True

Authentication controls include passwords and personal identification numbers (PINs).

True

Social engineering is deceiving or using people to get around security controls.

True

Unified messaging allows you to download both voice and email messages to a smartphone or tablet.

True

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Waterfall

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?

20, 000

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?

Home agent (HA)

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Business continuity plan (BCP)

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?

Health Monitoring

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).

False

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to health care providers?

HIPAA

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?

Kerberos

Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?

Redundant Array of Independent Disks (RAID)

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual Risk

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Purchasing an insurance policy is an example of the ____________ risk management strategy.

Transfer

A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.

True

Standards are used when an organization has selected a solution to fulfill a policy goal.

True