Control and Security of Financial Information Theory and Practice
c. Business impact analysis
A _____ is an investigation and assessment of adverse events that can affect the organization; it includes a determination of how critical a system or data are to the organization's core processes and its recovery priorities? a. Recovery time objective b. 3-2-1 back-up c. Business impact analysis d. Alert roster
a. Packet sniffer
A hacker will typically utilize IP spoofing to install a _____ to monitor data traveling over a network? a. Packet sniffer b. Mail bomb c. Integer bug d. Denial of service attack
a. Privilege escalation
A hacker would typically attempt to attain the following in order to gain advanced access and control over the compromised system? a. Privilege escalation b. Zombie control c. A man in the middle attack d. Identify of the CEO through social media
a. Content filter
A network filter that allows administrators to restrict access to external content from within a network is known as which of the following? a. Content filter b. Dynamic filter c. Static filter d. Stateful filter
a. Vulnerability
A potential weakness in an asset or its defensive control systems is a _____? a. Vulnerability b. Threat Agent c. Exploit d. Countermeasure
d. Passive vulnerability scanner
A scanner that listens in on a network and identifies vulnerable versions of both server and client software is known as which of the following? a. Port scanner b. Active vulnerability scanner c. Sniffer d. Passive vulnerability scanner
a. True
A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network? a. True b. False
a. True
A zero-day attack makes use of malware that is not yet known by the anti-virus software companies? a. True b. False
d. SysSP
Access control lists (ACL) are a unique form of what kind of policy? a. EISP b. ISSP c. GRC d. SysSP
c. To harass
According to the National Information Infrastructure Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except? a. For purposes of commercial advantage b. For private financial gain c. To harass d. In furtherance of a criminal act
d. Enterprise staff/employees
According to the text and the information security governance roles and responsibilities graphic, who is responsible for policy implementation, reporting security vulnerabilities, and breaches? a. Chief Executive Officer b. Mid-level managers c. Janitorial staff d. Enterprise staff/employees
b. False
All traffic exiting from the trusted network should be filtered? a. True b. False
d. Defense in Depth
As indicated earlier, one of the foundations of security architectures is the requirement to implement security in layers. This layered approach is referred to as which of the following? a. Framework b. Security Perimeter c. Security Domain d. Defense in Depth
a. Evidentiary Material (EM)
As the text describes, the purpose of digital forensics is to preserve? a. Evidentiary Material (EM) b. Database Shadowing c. Warm Sites d. Recovery Criticality
a. Economic Feasibility Study
Before deciding on a treatment strategy for a specific TVA triple, the organization should perform which of the following to determine the merits of the treatment? a. Economic Feasibility Study b. Threat Assessment Only c. Risk Appetite Calculation d. Asset Valuation Only
a. True
Cloud-based provisioning can be both a potential continuity option for production systems and a mechanism to manage recovery from disrupted operations? a. True b. False
b. False
Email is the most private form of communication and it is safe to use with personal information? a. True b. False
a. True
Everyone has responsibility to protect company confidential and sensitive information? a. True b. False
d. Assets
For information security purposes, which of the following terms is used to describe the systems that use, store, and transmit information? a. Inventory b. Threats c. Controls d. Assets
b. Simulation
In a _____, the organization creates a role-playing exercise in which the CP (Contingency Planning) Team is presented with a scenario of an actual incident or disaster and is expected to react as if it had occurred? a. Desk Check b. Simulation c. Full-interruption test d. Structured walk-through
d. As disruption time increases, cost to recover goes down and cost of disruption goes up
In determining recovery criticality, which of the following is true? a. As disruption time increases, both cost to recover and cost of disruption go up b. As disruption time increases, both cost to recover and cost of disruption go down c. As disruption time increases, cost to recover goes up and cost of disruption goes down d. As disruption time increases, cost to recover goes down and cost of disruption goes up
a. Policy, standards, guidelines, procedures
In developing information security guidance, which is the hierarchy of development? a. Policy, standards, guidelines, procedures b. Policy, procedures, standards, guidelines c. Standards, procedures, guidelines, policy d. Practices, policy, standards, guidelines
a. Centralized control strategy
In which IDPS control strategy are all IDPSs control functions implemented and managed in a central location? a. Centralized control strategy b. Fully distributed control strategy c. Partially distributed control strategy d. Network-based control strategy
b. Simulation
Incidence response (IR) actions can be organized into three phases. Which of the following is not an IR phase? a. Detection b. Simulation c. Reaction/Response d. Recovery
d. Personal Identifiable Information
Information about a person's history, background, and attributes that can be used to commit identity theft is called? a. Enhanced credentials b. Passwords c. Authenticity d. Personal Identifiable Information
d. Provides for the broad and easy access of an organization's intellectual property among companies in the same industry
Information security performs all of the following functions for an organization except? a. Safeguards the organization's technology assets b. Protects the organization's ability to function c. Protects the data and information the organization collects and uses whether physical or electronic d. Provides for the broad and easy access of an organization's intellectual property among companies in the same industry
b. False
Major tasks that are part of a work breakdown structure (WBS) are known as subtasks. a. True b. False
b. False
Notification from an IDPS (Intrusion Detection and Prevention System) always indicates a definite incident is in progress since these tools are easy to configure and operate? a. True b. False
b. False
Passwords should only be shared with trusted people and the IT Security Department? a. True b. False
b. Data security
Payment Card Industry _____ Standards are designed to enhance the security of customers' payment card account data? a. Data safety b. Data security c. Data practices d. Account security
b. False
Pretexting to gain confidential information is no longer considered a viable threat as the human element is considered the strongest link in the security chain? a. True b. False
c. Mission/business process
Providing customer billing as mentioned in the text is an example of what? a. Potential incident that can occur in an organization b. Additional resource detail c. Mission/business process d. Description and estimated cost
b. False
Regardless of what information a company manages, it is shielded from local and state laws and regulations because the federal laws supersede the? a. True b. False
b. Risk Management
Risk identification is performed within a larger process of identifying and justifying risk controls that is called which of the following? a. Risk Assessment b. Risk Management c. Risk Control d. Risk Tolerance
a. True
SP 800-18 "Guide for Developing Security Plans for Federal Information Systems," is considered the foundation for a comprehensive security blueprint and framework? a. True b. False
b. False
Service level agreements (SLA) are considered optional in most cases when an organization engages a third party for cloud computing services or other outsourced services? a. True b. False
a. True
Strategic planning sets the long-term direction to be taken by the organization and each of its component parts. It should also guide organizational efforts and focus resources toward specific, clearly defined goals? a. True b. False
c. Shareability
The CIA Triad industry standard for computer security has all of the following characteristics except? a. Confidentiality b. Integrity c. Shareability d. Availability
a. True
The Center of Internet Security (CIS) outlines three categories of control to detect, prevent, respond to, and mitigate damage from attacks: Basic, Foundational, and Organizational. a. True b. False
d. Economic Espionage Act
The _____ attempts to prevent trade secrets from being illegally shared? a. Electronic Communications Privacy Act b. Financial Services Modernization Act c. Sarbanes-Oxley Act d. Economic Espionage Act
b. CISO
The _____ has primary responsibility for the assessment, management and implementation of information security in the organization? a. Board Chairperson b. CISO c. CIO d. CFO
c. Monitor
The _____ process entails the review and assessment of organizational information security performance toward goals and objectives by the governing body? a. Evaluate b. Direct c. Monitor d. Assure
c. Risk Control
The application of controls that reduce the risks to an organization's information assets to an acceptable level is known as which of the following? a. Risk Assessment b. Risk Management c. Risk Control d. Risk Identification
b. False
The authentication factor "something a supplicant has" relies upon individual characteristics, such as fingerprints, palm prints, hand topography, hand geometry, or retina and iris scans? a. True b. False
a. False reject rate
The biometric technology criteria that describes the number of legitimate users who are denied access because of a failure in the biometric device is known as which of the following? a. False reject rate b. False accept rate c. Crossover error rate d. Accountability rate
a. True
The cornerstone of many current federal computer-related criminal laws is the Computer Fraud and Abuse Act of 1986? a. True b. False
b. Phishing
The following form of social engineering attempts to direct a target to provide personal or confidential information? a. Ransomware b. Phishing c. Adware d. Worm
d. Intellectual property (IP)
The following is often a main trophy for corporate espionage? a. Key products b. Names of Board members c. SEC reports d. Intellectual property (IP)
b. Copyright law
The generally recognized term for the government protection afforded to intellectual property (written and electronic) is called which of the following? a. Computer Security Law b. Copyright law c. Aggregate information d. Data security standards
a. True
The information technology community of interest must assist in risk management by configuring and operating information systems in a secure fashion? a. True b. False
c. Access control
The method by which systems determine whether and how to admit users into a trusted area of the organization is known as which of the following? a. Attribute b. Accountability c. Access control d. Auditability
a. True
The parallel operations conversion strategy often involves running two systems concurrently. a. True b. False
a. True
The person responsible for the storage, maintenance, and protection of information is the data custodian? a. True b. False
c. Likelihood
The probability that a specific vulnerability within an organization will be the target of an attack is known as which of the following? a. Probability b. Manageability c. Likelihood d. Practicality
b. False
The process an organization uses to assign a risk rating or score to each information asset is a risk evaluation? a. True b. False
a. Tuning
The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives is known as which of the following? a. Tuning b. Filtering c. Clustering d. Footprinting
c. Back Door
Using a known or previously installed access mechanism is known as which of the following? a. Hidden bomb b. Vector c. Back Door d. Spoof
b. Knowledge-based detection
What detection method examines the system or network data for patterns that match known attack signatures? a. Anomaly-based detection b. Knowledge-based detection c. Protocol stack verification d. Log file monitor (LFM)
d. Packet sniffer
What is a network tool that collects copies of packets from the network and analyzes them? a. Footprint b. Router c. Network trap d. Packet sniffer
c. Civil law
What is a type of law that represents all that apply to a citizen (or subject) of a jurisdiction? a. Criminal law b. Private law c. Civil law d. Public law
b. Projectitis
What is the situation called when a project manager spends more time adjusting a project management software file than focusing on the project itself? a. Project creep b. Projectitis c. Task delegation d. Strategic project management
b. Contingency Planning
What is the term called which represents the actions taken by management, specifically the organization's efforts and actions if an adverse even becomes an incident or disaster? a. CSIRT Plan (Computer Security Incident Response Team) b. Contingency Planning c. Business Continuity Planning d. Business Process
a. Criminal law
What is the type of law that addresses violations harmful to society and that is enforced by prosecution by the state? a. Criminal law b. Private law c. Public law d. Civil law
a. War dialer
What is used to dial every number in a configured range and checks to see if a person, answering machine, or modem picks up? a. War dialer b. Number redialer c. Modem redialer d. Incident redialer
b. Honeypot
What term is used to describe decoy systems designed to lure potential attackers away from critical systems? a. Trap b. Honeypot c. Trace d. Sniffer
a. Packet filtering
What type of firewall examines every incoming packet header and can selectively filter packets based on header information, such as destination address, source address, packet type, and other key information? a. Packet filtering b. Proxy server c. Media access control (MAC) layer Application
b. Tactical
What type of planning occurs where the actions taken by management to specify the intermediate goals and objectives of the organization in order to obtain specified strategic goals are followed by estimates and schedules for the allocation of resources necessary to achieve those goals and objectives? a. Strategic b. Tactical c. Operational d. Financial
b. False
When changing a security blueprint, training employees is not included as part of the process. a. True b. False
c. Top-down
When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow which approach? a. Executive-led b. Trickle-down c. Top-down d. Bottom-up
a. Response
When reviewing the Microsoft SDL (Systems Development Lifecycle), what is the final phase of their plan where an incident response plan is executed? a. Response b. Verification c. Design d. Training
c. Trusted VPN
Which VPN technology uses circuits from a service provider and conducts packet switching over these leased circuits? a. Secure VPN b. Hybrid VPN c. Trusted VPN d. Transport VPN
c. Phased
Which changeover strategy should be used when transitioning from an old system to a new system gradually? a. Direct b. Pilot c. Phased d. Parallel
c. Procurement
Which consideration is focused on the selection of equipment and services for a project? a. Staffing b. Organizational feasibility c. Procurement d. Scope
c. Health Insurance Portability and Accountability Act of 1996 (HIPPA)
Which law regulates the role of the healthcare industry in protecting the privacy of individuals? a. Gramm-Leach-Bliley Act of 1999 (GLB or GLBA) b. Freedom of Information Act of 1966 (FOIA) c. Health Insurance Portability and Accountability Act of 1996 (HIPPA) d. Computer Fraud and Abuse Act of 1986 (CFAA)
a. Networks
Which layer of the bulls-eye model should information security projects focus the most on? a. Networks b. Policies c. Systems d. Applications
e. All of the above
Which of the following could be considered highly desirable trophies for corporate espionage? (check all that apply) a. Customer information b. Intellectual property (IP) c. Financial results d. Elon Musk flight details e. All of the above
b. Security Perimeter
Which of the following defines the edge between the outer limit of an organization's security and the beginning of the outside world? a. Framework b. Security Perimeter c. Security Domain d. Defense in Depth
b. Digital Millennium Copyright Act (DMCA)
Which of the following is an American contribution to an effort to improve copyright protection internationally? a. Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) b. Digital Millennium Copyright Act (DMCA) c. Privacy and Electronic Communications Regulations of 2003 d. Telecommunications Act of 1997
c. False attack stimulus
Which of the following is an event that triggers alarms when no actual attacks are in progress? a. Evasion b. False positive c. False attack stimulus d. False negative
d. Presence of unfamiliar files
Which of the following is not a definite indicator of an incident? a. Change to logs b. Presence of hacker tools c. Use of dormant accounts d. Presence of unfamiliar files
d. Footprinting
Which of the following terms are used to describe organized research of the internet addresses owned or controlled by the target organization? a. Fingerprinting b. Trapping c. Tracing d. Footprinting
c. Information security framework
Which of the following terms best describes a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls? a. Blueprint b. The NIST handbook c. Information security framework d. Security plan
c. An information security professional with authorization to compromise a system seeking vulnerabilities
Which of the following would be considered an attack and penetration tester? a. An expert hacker with bad intentions b. A packet monkey focused on denial of service mischief c. An information security professional with authorization to compromise a system seeking vulnerabilities d. A foreign national focused on industrial espionage
d. Mitigation
Which risk control strategy attempts to reduce the impact of a successful attack through planning and preparation? a. Transference b. Defense c. Acceptance d. Mitigation
a. Transference
Which risk control strategy attempts to shift residual risk to other assets, other processes, or other organizations? a. Transference b. Defense c. Acceptance d. Mitigation
c. Analysis
Which step of the systems development life cycle (SDLC) reviews issues with a current system and establishes the requirements of the new system being created? a. Maintenance and change b. Investigation c. Analysis d. Physical design
b. Authentication
Which term is used to describe the process of validating a supplicant's purported identity? a. Accountability b. Authentication c. Authorization Biometrics
a. Network-based IDPS
Which type of IDPS resides on a computer or appliance connected to a segment of an organization's network and monitors traffic on that segment looking for indications of an on-going or successful attacks? a. Network-based IDPS b. Host-based IDPS c. Wireless NIDPs d. Attack surface IDPS
b. Research and Development
Which type of asset might a company take a zero-tolerance risk exposure posture? a. Product Lists b. Research and Development c. Location Addresses d. Public Analyst Call Recordings
d. Dynamic
Which type of firewall filtering allows the firewall to react to an emergent event and update or create rules to deal with the event? a. Static b. Stable c. Unstable d. Dynamic