cybersecCourse

Ace your homework & exams now with Quizwiz!

Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?

Collaboration

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official (AO)

Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries?

E-commerce

Which one of the following is an example of a direct cost that might result from a business disruption?

Facility repair

Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.

False

Which network device is capable of blocking network connections that are identified as potentially malicious?

Intrusion prevention system (IPS)

Which regulatory standard would NOT require audits of companies in the United States?

Personal Information Protection and Electronic Documents Act (PIPEDA)

Which term describes any action that could damage an asset?

Threat

A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.

True

In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?

Correspondent node (CN)

Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?

Crossover error rate (CER)

Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.

False

Cryptography is the process of transforming data from cleartext into ciphertext.

False

During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.

False

Passphrases are less secure than passwords.

False

Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications.

False

Temporal isolation is commonly used in combination with rule-based access control.

False

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.

False

The four central components of access control are users, resources, actions, and features.

False

The four main types of logs that you need to keep to support security auditing include event, access, user, and security.

False

The main difference between a virus and a worm is that a virus does not need a host program to infect.

False

The number of failed logon attempts that trigger an account action is called an audit logon event.

False

User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity.

False

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).

False

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?

Home agent (HA)

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

Which one of the following is an example of a reactive disaster recovery control?

Moving to a warm site

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?

Passive wiretap

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?

Standard

Which one of the following principles is NOT a component of the Biba integrity model?

Subjects cannot change objects that have a lower integrity level.

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

Threat

Common methods used to identify a user to a system include username, smart card, and biometrics.

True

The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.

True


Related study sets

Psych CH.4- Developing Through the Lifespan Examples

View Set

Study Set for History Test on the American Civil War

View Set

NV common insurance law quiz (4)

View Set

Training and Development Test #2

View Set

Ch. 10: Managing Conflict and Negotiations (powerpoint)

View Set

KSA Mental Health: Eating disorders

View Set

Managerial Finance Chapter 6 and 7

View Set

chapter 5, 6 strategic management

View Set