Cyber Midterm

Ace your homework & exams now with Quizwiz!

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

80

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Access to a high level of expertise

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?

Applying security updates promptly

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorization

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

Fabrication

A report indicating that a system's disk is 80% full is a good indication that something is wrong with that system

False

Which of the following is an example of a hardware security control?

MAC filtering

Which one of the following measures the average amount of time that it takes to repair a system, application, or component?

Mean time to repair (MTTR)

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?

Opportunity cost

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?

Passive wiretap

Which one of the following is an example of a logical access control?

Password

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Policy

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic virus

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Which approach to cryptography provides the strongest theoretical protection?

Quantum cryptography

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

Reduce

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?

Secure

Gina is preparing to monitor network activity using packet sniffing, Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer(SSL)

From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)?

Security risks will increase.

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for a timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Service level agreement (SLA)

Which one of the following is an example of two-factor authentication?

Smart card and personal identification number (PIN)

What type of security monitoring tool would most likely to identify an unauthorized change to a computer system?

System Integrity Monitoring

Which type of virus targets computer hardware and software startup functions?

System infector

Which term describes an action that can damage or compromise an asset?

Threat

Which term describes any action that could damage an asset?

Threat

Which type of cipher works by rearranging the characters in a message?

Transposition

An SOC 1 report primarily focuses on security

True

What is NOT a typical sign of virus activity on a system?

Unexpected power failures

Which one of the following is NOT a commonly accepted best practice for password security?

Use at least six alphanumeric characters.

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

What type of network connects systems over the largest geographic area?

Wide area network (WAN)

What is NOT a good practice for developing strong professional ethics?

Assume that information should be free

During which phase of the access control process does the system answer the question,"What can the requestor access?"

Authorization

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?

Bring Your Own Device (BYOD)

Which information security objective allows trusted entities to endorse information?

Certification

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Discretionary access control (DAC)

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of the audit?

Does the firewall properly block unsolicited network connection attempts?

What protocol is responsible for assigning IP addresses to hosts on most networks?

Dynamic Host Configuration Protocol (DHCP)

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place

Evil twin

A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

False

Change doesn't create risk for a business.

False

Configuration changes can be made at any time during a system life cycle and no process is required.

False

Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events

False

The weakest link in the security of an IT infrastructure is the server.

False

You must always use the same algorithm to encrypt information and decrypt the same information.

False

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an admin connects to a server using Secure Shell(SSH). What type of error is occurring?

False positive error

Which one of the following is NOT a market driver for the Internet of Things (IoT)?

Global adoption of non-IP networking

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

Integrity

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

SOC 3

Which of the following is not a Tenant of Information Systems Security

Security

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan horseq

An alteration threat violates information integrity.

True

Anomaly-based intrusion detection systems compare current activity with stored profiles of normal(expected) activity

True

Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.

True

In security testing, reconnaissance involves reviewing a system to learn as much as possible about he organization, its systems, and its networks

True

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer


Related study sets

English Midterms: A Marriage Proposal

View Set

cellular molecular biology exam 3

View Set

SUBJECT PRONOUNS and OBJECT PRONOUNS

View Set

Mental Health Nursing Exam 1 questions

View Set

Chapter 6: Values, Ethics, and Advocacy

View Set

Lehne - Ch. 52 - Anticoagulant, Antiplatelet, and Thrombolytic Drugs

View Set

Chapter 69+70: ALS, MS, & MG (Module 21/Unit 4)

View Set

Tissues Study Guide - Ch. 4 (Question 7)

View Set

Chapter 7 Finance: Interest Rates and Bond Valuation

View Set