CIS 160 CH11-25

What ISO security standard can help guide the creation of an organization's security policy?

27002

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic virus

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?

Request for comment (RFC)

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan horse

What file type is least likely to be impacted by a file infector virus?

.docx

Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?

802.11

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with?

Application and Session

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Honeypot

Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?

Network

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

What type of malicious software allows an attacker to remotely control a compromised computer?

Remote Access Tool (RAT)

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?

Spear phishing

Which type of virus targets computer hardware and software startup functions?

System infector

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?

Credit card information