SecurityTest2(Ch4-5)

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation? -11 -13 -15 -18

13

What is NOT one of the three tenets of information security? -Confidentiality -Integrity -Safety -Availability

Safety

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering? -Accuracy -Reaction time -Dynamism -Acceptability

Acceptability

Which one of the following is the best example of an authorization control? -Biometric device -Digital certificate -Access control lists -One-time password

Access control lists

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about? -Identification -Authentication -Authorization -Accountability

Accountability

During which phase of the access control process does the system answer the question,"What can the requestor access?" -Identification -Authentication -Authorization -Accountability

Authorization

Which security model does NOT protect the integrity of information? -Bell-LaPadula -Clark-Wilson -Biba -Brewer and Nash

Bell-LaPadula

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? -Dictionary attack -Rainbow table attack -Social engineering attack -Brute-force attack

Brute-Force Attack

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort? -Disaster recovery plan (DRP) -Business impact analysis (BIA) -Business continuity plan (BCP) -Service level agreement (SLA)

Business continuity plan (BCP)

Which characteristic of a biometric system measures the system's accuracy using a balance of different error types? -False acceptance rate (FAR) -False rejection rate (FRR) -Crossover error rate (CER) -Reaction time

Crossover error rate (CER)

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? -Support ownership -Onboarding/offboarding -Forensics -Data ownership

Data ownership

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario? -Discretionary access control (DAC) -Mandatory access control (MAC) -Rule-based access control -Role-based access control (RBAC)

Discretionary access control

What is the first step in a disaster recovery effort? -Respond to the disaster -Follow the disaster recovery plan (DRP) -Communicate with all affected parties -Ensure that everyone is safe.

Ensure that everyone is safe

Which one of the following is an example of a direct cost that might result from a business disruption? -Damaged reputation -Lost market share -Lost customers -Facility repair

Facility repair

What compliance regulation applies specifically to the educational records maintained by schools about students? -Family Education Rights and Privacy Act (FERPA) -Health Insurance Portability and Accountability Act (HIPAA) -Federal Information Security Management Act (FISMA) -Gramm-Leach-Bliley Act (GLBA)

Family Education Rights and Privacy Act (FERPA)

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? -FFIEC -FISMA -HIPAA -PCI DS

HIPPA

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)? -Secure European System for Applications in a Multi-Vendor Environment (SESAME) -Lightweight Directory Access Protocol (LDAP) -Security Assertion Markup Language (SAML) -Kerberos

Kerberos

Which of the following is NOT a benefit of cloud computing to organizations? -On-demand provisioning -Improved disaster recovery -No need to maintain a data center -Lower dependence on outside vendors

Lower dependence on outside vendors

Which of the following is an example of a hardware security control? -NTFS permission -MAC filtering -ID badge -Security policy

MAC filtering

Which one of the following is an example of a reactive disaster recovery control? -Moving to a warm site -Disk mirroring -Surge suppression -Antivirus software

Moving to a warm site

What is NOT a commonly used endpoint security technique? -Full device encryption -Network firewall -Remote wiping -Application control

Network Firewall

What level of technology infrastructure should you expect to find in a cold site alternative data center facility? -Hardware and data that mirror the primary site -Hardware that mirrors the primary site, but no data -Basic computer hardware -No technology infrastructure

No technology infrastructure

Which type of authentication includes smart cards? -Knowledge -Ownership -Location -Action

Ownership

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario? -Checklist test -Full interruption test -Parallel test -Simulation test

Parallel test

Which one of the following is an example of a logical access control? -Key for a lock -Password -Access card -Fence

Password

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? -Health Insurance Portability and Accountability Act (HIPAA) -Payment Card Industry Data Security Standard (PCI DSS) -Federal Information Security Management Act (FISMA) -Federal Financial Institutions Examination Council (FFIEC)

Payment Card Industry Data Security Standard (PCI DSS)

Which one of the following is NOT an advantage of biometric systems? -Biometrics require physical presence -Biometrics are hard to fake -Users do not need to remember anything -Physical characteristics may change.

Physical characteristics may change

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining? -Recovery time objective (RTO) -Recovery point objective (RPO) -Business recovery requirements -Technical recovery requirements

Recovery time objective (RTO)

Which of the following does NOT offer authentication, authorization, and accounting (AAA) services? -Remote Authentication Dial-In User Service (RADIUS) -Terminal Access Controller Access Control System Plus ------Redundant Array of Independent Disks (RAID) -DIAMETER

Redundant Array of Independent Disks (RAID)

Which formula is typically used to describe the components of information security risks? -Risk = Likelihood X Vulnerability -Risk = Threat X Vulnerability -Risk = Threat X Likelihood -Risk = Vulnerability X Cost

Risk = Threat X Vulnerability

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use? -Risk Management Guide for Information Technology Systems (NIST SP800-30) -CCTA Risk Analysis and Management Method (CRAMM) -Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) -ISO/IEC 27005, "Information Security Risk Management"

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? -Description of the risk -Expected impact -Risk survey results -Mitigation steps

Risk survey results

What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications? -Security Assertion Markup Language (SAML) -Secure European System for Applications in a Multi-Vendor Environment (SESAME) -User Datagram Protocol (UDP) -Password Authentication Protocol (PAP)

Security Assertion Markup Language (SAML)

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control. -Security kernel -CPU -Memory -Co-processor

Security Kernel

Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following? -Least privilege -Security through obscurity -Need to know -Separation of duties

Separation of duties

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? -Checklist test -Parallel test -Simulation test -Structured walk-through

Simulation test

Which one of the following is an example of two-factor authentication? -Smart card and personal identification number (PIN) -Personal identification number (PIN) and password -Password and security questions -Token and smart card

Smart card and personal identification number (PIN)

Which one of the following principles is NOT a component of the Biba integrity model? -Subjects cannot read objects that have a lower level of integrity than the subject -Subjects cannot change objects that have a lower integrity level -Subjects at a given integrity level can call up only subjects at the same integrity level or lower -A subject may not ask for service from subjects that have a higher integrity level.

Subjects cannot change objects that have a lower integrity level.

Which one of the following is NOT a commonly accepted best practice for password security? -Use at least six alphanumeric characters. -Do not include usernames in passwords -Include a special character in passwords -Include a mixture of uppercase characters, lowercase characters, and numbers in passwords.

Use at least six alphanumeric characters

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation? -Hot site -Warm site -Cold site -Primary site

Warm Site


Set pelajaran terkait

Chapter 2: The Role of Biology in Psychology

View Set

Small Business Management Chapter 4

View Set

Lesson 2 Estructura 2.1 Present tense of -ar verbs Review

View Set

Lesson 2 - Software and Hardware

View Set