Disaster-Recovery

Ace your homework & exams now with Quizwiz!

Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.)

1. Education 2. Medical 3. Employment

What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?

DDoS

Transferring large batchos of data to an off-site facility is known as _____________.

Electronic vaulting

All human created threats are caused by malicious actons.

False

What is an example of an Internet data domain?

Linkedin

Intrusion Detection and Prevention Systems can be implemented in all of the following except

Outside the network

True or False. A Subject who exploits a vulnerability perpetrates an attack on the system.

True

True or False. It is impossible to obtain perfect security.

True

What occurs on a computer when data goes beyond the limits of a buffer?

a buffer overflow

What does the term BYOD represent?

bring your own device

What name is given to hackers who hack for a cause?

hactivist

What does a rootkit modify?

operating system

What mechanism can organizations use to prevent accidental changes by authorized users?

version control

Which is an acceptable definition of information?

All are acceptable definitions

Which of the followng considers the impact that events could have on the organization in order to identify and prioritize critical functions?

Business impact analysis

What are two common indicators of spam mail? (Choose two.)

The email has misspelled words or punctuation errors or both. The email has keywords in it.

True or False. To achieve balance, level of security must allow reasonable access, yet protect against threats.

True

What is a secure virtual network called that uses the public network?

VPN

What are two ways to protect a computer from malware? (Choose two.)

1. Keep software up to date. 2. Use antivirus software.

What are two methods that ensure confidentiality? (Choose two.)

1. encryption 2. authentication

Thwarting cyber criminals includes which of the following? (Choose two.)

1. establishing early warning systems 2. changing operating systems

Which two methods help to ensure data integrity?

1. hashing 2. data consistency checks

Which of the following is the overall plan to anticipate, react to, and recover from threats that impact the security of information and assets within an organization?

Contingency Plan

A malicious attacker must have this:

1. Method 2. Opportunity 3. Motive

What are three types of sensitive information? (Choose three.)

1. PII 2. business 3. classified

What are two common hash functions? (Choose two.)

1. SHA 2. MD5

Which two reasons describe why WEP is a weak protocol? (Choose two.)

1. The key is transmitted in clear text. 2. The key is static and repeats on a congested network.

What are three access control security services? (Choose three.)

1. accounting 2. authorization 3. authentication

What are the three foundational principles of the cybersecurity domain? (Choose three.)

1. availability 2. confidentiality 3. integrity

What three tasks are accomplished by a comprehensive security policy? (Choose three.)

1. defines legal consequences of violations 2. gives the security staff the backing of management 3. sets rules for expected behavior

What three design principles help to ensure high availability? (Choose three.)

1. eliminate single points of failure 2. detect failures as they occur 3. use encryption

What are the three states of data? (Choose three.)

1. in-process 2. in-transit 3. at rest

What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)

1. intimidation 2. urgency

For the purpose of authentication, what three methods are used to verify identity? (Choose three.)

1. something you have 2. something you know 3. something you are

Periodically occuring unexpected activities that have the potential to be defined as incidents are called _______.

Adverse events

Consilidating multiple alarms of the same type to trigger a higher-level alarm from an Intrusion Detection and Prevention System is called ___________.

Alarm clustering

What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?

Algorithm

What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?

Analyze

A ____________ is the long-term storage of a document or data file that is retained for legal or regulatory purposes.

Archive

Which are the most critical characteristics of information? Select all that apply.

Avaliability, Confidentiality, Integrity

The _______ is the group that is responsible for the overall planning and development of the contingency plan, including organizations of subordinate teams and oversight of subordinate plans.

Contingency Planning Management Team

A ________ is a backup that only updates the files that have been changed or added since the last backup.

Differential

It is not important to consider where you place an Intrusion Detection and Prevention System. Since they monitor netowork traffic, they can be equally effective anywhere on the network.

False

It is not the Computer Security Incident Response Team's (CSIRT) responsibility to inform users that their system is under attack. The CSIRT should focus only on controlling the incident.

False

Once an information security incident has been resolved and systems are functioning normally, the Incident Response plan is no longer involved and the incident is closed.

False

The Computer Security Incident Response Team (CSIRT) is easily staffed since incidents only happen during the normal work day and staff is readily available to respond.

False

There are no legal concerns with gathering information about and tracing attacks on your network. Since they were on your network first, it is considered a defensive response.

False

True or False. A threat is a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm.

False

True or False. An interruption means that some unauthorized party has gained access to an asset.

False

True or False. The ARPANET Program Plan is considered the first step in the development of the Internet. Access Control was one of its primary concerns.

False

When creating contingency plans, all decisions should be be made by the information security specialists alone since they are the ones who best understand the threats that are being faced and how to protect against those threats.

False

When selection which controls to implement, an organization should focus only on the threats that could be the most damaging if they were to happen.

False

Which of the following training exercises for the CSIRT has the highest risk of causing an issue for the organization?

Full interruption

____________ are system resources that are placed in functional systems, but they do not have a use within the system. As a result, any access of the resource is an indication of a potential incident.

Honey token

Which of the following backup site options is the hardest to justify from a cost perspective.

Hot site

The _____ plan is a detailed set of processes and procedures that anticipate, detect and mitigate the effects of an unexpected event that might compromise information resources and assets.

Incident response

What does the acronym IoE represent?

Internet of Everything

A type of attack that involves the attacker trying to gain unauthorize access into or disrupt a system or network is referred to as ___________

Intrusion

What name is given to a storage device connected to a network?

NAS

Indicators of spam mail

No subject line, requesting an update to an account, misspelled words, cryptic links, requests user open an attachment

A ________ is a document from senior management to provide guidance for the employees that make decisiions and perform actions on the behalf of the company.

Policy

A threat that changes it's apparen shape over time in an effort to avoid detection is demonstrating which of the following?

Polymorphism

What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?

Privacy

A ______ is a set of step-by-step instructions to complete a task so that users can be sure to complete the task correctly.

Procedure

Which of the following RAID configurations provides perfomance increases without providing redundancy?

RAID 0

The _____ is the goal time period when all systems, applications and functions can be recovered to after an outage.

Recovery point objective (RPO)

The point in time to which lost systems and data can be restored after an event or outage is the ________.

Recovery point objective (RPO)

The process of transferring transactions as they happen to an off-site facility is called ___________.

Remote journaling

The process of assigning a risk rating or score to an information asset is know as _______.

Risk assessment

What type of attack targets an SQL database using the input field of a user?

SQL injection

Which of the following concepts used in RAID configurations does not provide some protection from lost data.

Striping

The incident response plan can be activated by either the IR team leader or _______.

The IR Duty officer

Accounts on a systm should be monitored since the creation of new accounts (especially ones with high levels of access) and the activation of dormant accounts can be an indiction of an attack.

True

After every incident, the Computer Security Incident Response Team (CSIRT) should debrief and evaluate the response to the incident to see if there are any improvement to be developed.

True

All parts of an organization's contingency planning should be reviewed and tested regularly.

True

As the Computer Security Incident Response Team (CSIRT) is being implemented, an increase in the number of identified incidents is a sign of progress and that the team is gaining trust of others within the organization.

True

For every system, there is a point where the cost of the disruption becomes more expensive than the cost to recover. It is important to know this balance point in order to determine what resources should be dedicated to protect the system.

True

In addition to technical skills to respond to incidents, the Computer Security Incident Response Team (CSIRT) should be selected based on nontechnical sills such as the ability to communicate with one another as well as with others within the company.

True

In order to considered an information security incident, an event has to have three characteristics-it is directed towards company assets, it has a realistic chance of success, and it threatens the confidentiality, integrity or availability of the asset.

True

Incident response planning is focused on starting with the middle rather than the end result. The main goal is to decide what actions should be taken during the incident.

True

It is common to use a six-tape rotation for backups since this allows for daily backups on-site during the week and then off-site storage of weekly backups.

True

It is critical to gain support from upper managment for all contingency planning.

True

It is important to create a process for evaluating business needs that is well defined before gathering information so that you can avoid bias or adjusting the evaluations to meet your needs.

True

The Computer Security Incident Response Team (CSIRT) plan should be reviewed at least annually.

True

The Incident Response Planning Committee is responsible for collecting information and designing the organization of the Computer Security Incident Response Team (CSIRT).

True

The concepts of "need to know" and "least privlege" should be implemented to minimize risks.

True

True or False. Data owner: responsible for the security and use of a particular set of information .

True

True or False. The primary mission of information security is to ensure systems and contents stay the same.

True

When designing the Computer Security Incident Response Team (CSIRT) plan, it is important to determine the chain of command during an incident and to decide what actions can be taken to control the incident.

True

While the outsourcing of Incident Response processes can be risky, there are advatages. These include the ability to find out about potential attacks being carried otu in the region before you are a target.

True

When implementing an Intrusion Detection and Prevention system, it is important to adjust the configuration in order to maximize true positive alarms, while minimizing both false positives and false negatives. This process is referred to as _________.

Tuning

_______ can replicate themeselves constantly, without human interaction or other programs.

Worms

What is the difference between a virus and a worm?

Worms self-replicate but viruses do not.

What is the meaning of the term logic bomb?

a malicious program that uses a trigger to awaken the malicious code

A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?

a type of ransomware

What does the term vulnerability mean?

a weakness that makes a target susceptible to an attack

What is the name for the type of software that generates revenue by generating annoying pop-ups?

adware

What service determines which resources a user can access along with the operations that a user can perform?

authorization

What is the name given to a program or program code that bypasses normal authentication?

backdoor

An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?

bluesnarfing

What principle prevents the disclosure of information to unauthorized people, resources, and processes?

confidentiality

What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?

cross-site scripting

What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?

modification

What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?

phishing

What name is given to an amateur hacker?

script kiddie

Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?

smishing

What is a method of sending information from one device to another using removable media?

sneaker net

What is the term used to describe an email that is targeting a specific person employed at a financial institution?

spear phishing

A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?

spyware

What two methods help to ensure system availability? (Choose two.)

up-to-date operating systems, equipment maintenance


Related study sets

CITI social and behavioral research

View Set

Chapter 12 Test, (1930s America: The New Deal)

View Set

Health Assessment Chapter 11 Questions

View Set

Chapter 21: Respiratory Care Modalities

View Set

Pediatric HESI Practice Questions

View Set