Domain 5- Protection of Information Assets
What is the best overall performance indicator for biometrics?
(CROSS ERROR RATE) OR (EQUAL ERROR RATE) (FAR/FRR is equal)
What are the measure for biometrics? FAR, FRR, CRR/EER (False Acceptance Rate) (False Rejection Rate) (Cross Error Rate)/(Equal Error Rate)
(False Acceptance Rate) (False Rejection Rate) (Cross Error Rate)/(Equal Error Rate)
aims to identify and potentially stop unauthorized use, misuse, and abuse of information systems by both internal network users and external attackers in near real-time. An IDS continuously runs in the background and alerts security administrators when a potential threat is detected.
(IDS) - Intrusion Detection System
What power failures indicates a complete loss of power?
Blackout
What has the capacity to store frames and act as a storage and forward device?
Bridge
What power failure indicates severely reduced voltage, may place a strain on electronic equipment or lead to damange
Brownout
How can compliance with psswd policy be best ensured?
With automated psswd mgmt tools Automated psswd mgmt tools will ensure that psswd complexity is defined as per the approved policy. It will prevent the use of passwords that are not allowed per the policy. It will also mandate compulsory password change at a defined frequency.
the effectiveness of the incident response process determined by a. business and financial impacy of each security incident b. number of new patch installations c. team size d. number of assets included in a penetration test
a. business and financial impacy of each security incident
What is a weakness in PKI? a. certificate authorities are centrally located, however customers are wide spread b. transactions are made by computer or mobile c. certificate authority has multiple data processing center to managec certificates D. org. is the owner of the certificate authority
a. certificate authorities are centrally located, however customers are wide spread
what does data diddling rely on since there are no preventative controls in place? a. compensatory b. logical acces c. access controls
a. compensatory
What is used to prevent alteration attack? a. cryptographic code b. prisonment c. security policy
a. cryptographic code
inherent risk for data entry process for which there are no preventive control a. data diddling
a. data diddling
Which of the following is an objective of incident response management? a. Using the incident data in enhancing the risk assessment process b. Containing and repairing damage from incidents c. Preventing future damages d. All of the answer choices are correct.
d. All of the answer choices are correct.
(1) A communication system designed for intra-building data communications. (2) A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables a device to interact with any other on the network. A user-owned, user-operated, high volume data transmission facility connecting a number of communicating devices (e.g., computers, terminals, word processors, printers, mass storage units) within a single building or several buildings within a physical area. (3) A computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a Wide Area Network (WAN).
(LAN)- Local Area Network
system collects network traffic data from IDS, IPS, and other network security tools. SIEM offers real-time network traffic monitoring and analysis and triggers alerts for potential attacks.
(SIEM)- System Information and Event Management
What is the first step in reviewing an IT Security baseline? -To determine the sufficiency and adequacy of the baseline
- To determine the sufficiency and adequacy of the baseline
Important point to remember for SSO - acts as single authentication point for multiple applications -acts as a single point of failure if both options are there, select SSO "SSO ACTS AS SINGLE AUTHENTICATION POINT FOR MULTIPLE APPLICATIONS" this is more specific to the answer
- acts as single authentication point for multiple applications -acts as a single point of failure if both options are there, select SSO "SSO ACTS AS SINGLE AUTHENTICATION POINT FOR MULTIPLE APPLICATIONS" this is more specific to the answer
An org. proposes to use its existing client database to promote its new range of products. Which of the following is an area of concern for an IS Auditor?
-Are there any data privacy concern about this process?
Are these examples active or passive attacks? -Attempting to log into someone else's account -Deploying a wiretap to generate false messages -Denying services to legitimate users -Observing a user while they type a password
-Attempting to log into someone else's account (Active Attack) -Deploying a wiretap to generate false messages (Active Attack) -Denying services to legitimate users (Active Attack) -Observing a user while they type a password (Passive Attack)
What are the 4 types of power failure?
-Blackout, Brownout, Sags, and Spikes
How can data traffic over VoIP be eavesdropped? -By corrupting the address resolution protocol
-By corrupting the address resolution protocol The address resolution protocol is a communication protocol used to map IP and MAC addresses. It sends traffic to a designated port. Attackers may corrupt the ARP by a technique known as ARP poisoning. A corrupted ARP then sends the traffic to all the ports (instead of only designated ports)
What is the best way to authenticate users in an untrusted network (Email)
-Digital signatures (also known as hash value)
What is the most prevalent risk of VPN (Virtual private network?) -Entry of malicious code into the network One of the prevalent risk of VPN is that the firewall cannot adequately examine the encrypted VPN traffic. If a remote computer is compromised, intruder may send malicious code through VPN to enter inside the organization's private network.
-Entry of malicious code into the network One of the prevalent risk of VPN is that the firewall cannot adequately examine the encrypted VPN traffic. If a remote computer is compromised, intruder may send malicious code through VPN to enter inside the organization's private network.
What featuers should VoIP have? -Firewall arrangements for network traffic -Date encryption -Updated patches and antivirus for VoIP infrastructure -Need-to-know access -Use of VLAN to segregate VoIP from telehone systems and the implementation of firewalls between these two types of infrastructure -Use of session border controllers (SBC) to provide security to VoIP traffic, monitor DoS attacks, and to provide networ address and protocol translation features
-Firewall arrangements for network traffic -Date encryption -Updated patches and antivirus for VoIP infrastructure -Need-to-know access -Use of VLAN to segregate VoIP from telehone systems and the implementation of firewalls between these two types of infrastructure -Use of session border controllers (SBC) to provide security to VoIP traffic, monitor DoS attacks, and to provide networ address and protocol translation features
What is the most important control for SSO? -IMPLEMENTATION OF STRONG PASSWORD POLICY
-IMPLEMENTATION OF STRONG PASSWORD POLICY
What are examples of social engineering attacks?
-Phishing (an attack technique for attempting to acquire sensitive data such as bank account numbers through fraud solicitiation in email or on a website, which perpetrator masquerages as a legimitae business or person.) -Spear Phishing (type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents)
What are examples of social engineering attacks? -Phishing (an attack technique for attempting to acquire sensitive data such as bank account numbers through fraud solicitiation in email or on a website, which perpetrator masquerages as a legimitae business or person.) -Spear Phishing (type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents)
-Phishing (an attack technique for attempting to acquire sensitive data such as bank account numbers through fraud solicitiation in email or on a website, which perpetrator masquerages as a legimitae business or person.) -Spear Phishing (type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents)
What is the most effective way to minimize the impact of social engineering attacks? -SECURITY AWARENESS TRAINING
-SECURITY AWARENESS TRAINING
which technique is used to obtain the passwords without technical tools or programs? -SOCIAL ENGINEERING
-SOCIAL ENGINEERING
Which is the best method to ensure the security and reliability of VoIP and data traffic? -Segregation of VoIP infrastructure using VLAN
-Segregation of VoIP infrastructure using VLAN The best way to protect VoIP and data traffic is to segregate VoIP using a VLAN. This will help to protect against network based attacks and other issues.
what is the objective of the session border controller?
-deployed to protect the voip networks. -protect from malicious attacks -prevent toll fraud -provide quality of service -encryption of signals
what is the process of extraction and interrogation in evidence collection? -extraction process involves the identification and selection of data from imaged data -interrogation is the process of obtaining relevant data, such as IP addresses, telephone numbers, and other details from extracted data.
-extraction process involves the identification and selection of data from imaged data -interrogation is the process of obtaining relevant data, such as IP addresses, telephone numbers, and other details from extracted data.
The best indicator to determine the effectiveness of the incident response team is
-financial impact per security incident
A plan to detect and recover from an attack is known as:
-incident response plan
process of converting infomration to a format can be understood by investigator known as: -ingestion/normalization
-ingestion/normalization binary or hexadecimal data is converted into readable characters or in other formats suitable for data analysis tools
what is the primary requirement while considering a voip service? -reliability and quality of voip.
-reliability and quality of voip service -primary consideration when using a voip system is to have a reliable and quality voip service. voip is the transmission of voice and other content over IP networks. Voip is a cost-effective solution for long-distance costs. However, it should provide a reliable and quality service
what is the most appropriate access control for the voip system?
-role based access control (RBAC) a voip can be best protected by using a RBAC. RBAC can be provisioned as per the role or function of the employees and only need-to-know access should be made available.
the most important factor in improving the incident response process is
-simulated testing incident response plan at regular interval
Risks assoc. with VoIP -theft of data -loss of productivity due to unavilability of the infrastructure -fines and penalties for unlawful activitiy -security breaches
-theft of data -loss of productivity due to unavilability of the infrastructure -fines and penalties for unlawful activitiy -security breaches
Risk of phishing attack can be best addressed by -user education
-user education educating users will help address the risk of visiting untrusted webist or email links
What are the 4 types of Biometric attacks? 1. Replay: A residual biometric characteristic (ex. fingerprints left on a biometric device) is used by an attacker to gain unauthorized access. 2. Brute-Force: A brute force attack involves sending the numerous different biometric samples to a biometric device. 3. Cryptographic: A cryptographic attack target the algorithm, or the encrypted data transmitted between biometric device and access control system. 4. Mimic: In a mimic attack, the attacker attempts to fake the biometric characteristics similar to those of the enrolled user *such as imitating a voice)
1. Replay: A residual biometric characteristic (ex. fingerprints left on a biometric device) is used by an attacker to gain unauthorized access. 2. Brute-Force: A brute force attack involves sending the numerous different biometric samples to a biometric device. 3. Cryptographic: A cryptographic attack target the algorithm, or the encrypted data transmitted between biometric device and access control system. 4. Mimic: In a mimic attack, the attacker attempts to fake the biometric characteristics similar to those of the enrolled user *such as imitating a voice)
What are common attacks for Wireless networks? 1. War Driving 2. War Walking 3. War Chalking
1. War Driving- technique gain unauthorized access to wireless networks by using hacking tools. 2. War Walking- same as war driving just walking instead. 3. War Chalking- markings are made on building so can use unauthorized access.
Disadvantages of SSO 1.SSO acts as a single authentication point for multiple applications which constitute risk of single point of failure. 2. Support all major operating system enviornments is difficult
1.SSO acts as a single authentication point for multiple applications which constitute risk of single point of failure. 2. Support all major operating system enviornments is difficult
What attack intends to shut down a network or machine by flooding the same with traffic. In DoS attack, a single computer is used to flood a server with TCP or UDP packets.
A (dos)-Denial of service)
___ is similar to a Trojan horse because it is a program that contains hidden code, which usually performs some unwanted function as a side effect.
A computer virus
What is the best method for ensuring email authenticity?
A digital signature (hash value)
An org. is considering implementing biometric access control for one of its crticial system. The auditor should be MOST concerned with which of the following? A. (FAR) False Acceptance rate B (FRR) False Rejection Rate C. (EER) Equal Error Rate D. Number of staff enrolled for biometrics Note Most important indicator- FAR Most important overall performance indicator- CER or EER
A. (FAR) False Acceptance rate Most important indicator- FAR Most important overall performance indicator- CER or EER
What is the risk associated with the use of an access card for entering a computer room? A. The risk of an unauthorized person entering behind the authorized person B. The risk of using duplicated access cards C. The risk of the absence of an audit trail D. The risk of delay in deactivating the access of a terminated employee
A. (Piggy Backing) The risk of an unauthorized person entering behind the authorized person
Which has Highest Attentuation? A. (UTP)-Unshield Twist Pair B. (STP)-Shield Twist Pair C. Fiber Optics
A. (UTP)-Unshield Twist Pair
A default deny access control policy: A. Allows approved traffic and rejects all other B. Denies specific traffic and allows other C. Used for allowing access from a trusted network to a protected D. Allows traffic as per the discretion of the network admin
A. Allows approved traffic and rejects all other An organization can either have a default deny access control policy or an allow access control policy. In a default deny access policy, all traffic is denied except predefined approved traffic. In all allow, all traffic is allowed except restricted traffic. Default deny is more prevalient where traffic is from untrusted source to access a protected system. Allow all is more prevalent where traffic is more trusted sources to access an external system such as the internet.
which layer provides confidentiality, authentication, and data integrity services? A. Network B. Presentation C. Session Layer D. Physical Layer
A. Network layer "routing.IP Address'
The use of digital signature in an emaill application will: A. Assist in the detection of spam messages B. Provide assurances regarding content confidentaility C. Improve network speed D. Reduce Bandwidth Capability
A. Assist in the detection of spam messages Help detect spam messages
The best method to provide access to a user is: A. Authorization for access from the data owner and implementation of user authorization tables by the administrator. Note- It is the accountability and responsibility of the data owner for approving the access rights to the user. Once the user is approved, system administrator implement or update user authroization table.
A. Authorization for access from the data owner and implementation of user authorization tables by the administrator. Note- It is the accountability and responsibility of the data owner for approving the access rights to the user. Once the user is approved, system administrator implement or update user authroization table.
Which of the following is a prerequisite to IT security training? A. Awareness B. Training C. Education D. Certification
A. Awareness
An IS auditor is reviewing access control policy of an org. Which of the following is the BEST basis for determining the appropriate levels of information resource protection? A. Classification of Inform. Assets B. Data Owner C. Threat Assessment D. Cost of Info. Assets
A. Classification of Inform. Assets
Which of the following increases the effectiveness of DAC (Discrectionary Access Control- access given by data owner per discretion) A. DAC is aligned in accordance with MAC (Military Access Control) B. DAC is kept independent of MAC C. DAC allows users to bypass MAC as per the requirements D. DAC is approved by the IS policy
A. DAC is aligned in accordance with MAC (Military Access Control) MAC rules are goverend by an approved policy. Users or data owners cannot modify the access role, whereas DAC activated or modified by data owner as per their discretion. For DACs to be more effective, they have to be designed in accordance with MACs.
The objective of raising the floor in a computer room is to prevent: A. Damage to the cables of computers and servers B. Power failure C. Damage from an earthquake D. Damage from a tsunami
A. Damage to the cables of computers and servers The floor is raised to accomodate the ventilation system, power, and data calbes underneath the floor. This provides the safety of the cables, which otherwise would pose a large risk if kept on an open floor. A raised floor may not directly address other options.
Responsibility for reviewing user' access rights resides with: A. Data owner B. IS Auditor C. Library Controller D. Security Admin A. Data owner responsibility to grant access , review access.
A. Data Owner
Who is accountable for the appropriate maintenance of security controls over Information Assets? A. Data and system owners It is the responsibility of the appointed owner to ensure that their data and systems have appropriate security arrangements. System owners may delegate routine security responsibilities to a security administrator. However it is the owners who remain accountable for the maintenance of appropriate security measures.
A. Data and system owners It is the responsibility of the appointed owner to ensure that their data and systems have appropriate security arrangements. System owners may delegate routine security responsibilities to a security administrator. However it is the owners who remain accountable for the maintenance of appropriate security measures.`
Layer -2 Switch operates at which OSI layer A. Data link layer (2nd) B. Physical layer (1st) C. Network layer (3RD) D. Transport layer (4th)
A. Data link layer
Bridge operates at which OSI Layer? A. Data link layer (2nd layer) B. Physical layer (1ST layer) C. Network layer (3rd Layer) D. Transport layer (4th Layer)
A. Data link layer (2ND LAYER)
Responsibility of granting access to data with the help of security officer resides with: A. Data owners B. System developer C. Library Controller D. System Administrator
A. Data owners
Which transmission method would provide the best security? A. Dedicated lines B. Wireless Network C. Dial-Up D. Broadband network
A. Dedicated lines A dedicatted line is a communication cable or other facility dedicated to a specific application. Since no sharing of lines, data security can be assured.
Which of the following is considered the most secure method of removing confidential data from computer storage? A. Demagnetization of computer storage B. Formatting computer storage C. Deletion of data on computer storage D. Defragmentation of data on computer storage
A. Demagnetization of computer storage The right kind of formatting is very critical to ensure that residual data from media cannot be recovered by an unauthorized person. To the greatest extent possible, the media should be physically destroyed in such a way that they cannot be reused. It cannot be economical to destroy the media, and hence, for these cases, extreme care should be taken for the complete eraser of the data to make sure the data cannot be recoverable by any tool technique. One of these methods is to demagnetize the media record. This process involves increasing the alternating current field gradually from 0 to some maximum value and back to 0, leaving a very low residue of magnetic induction on the media. Demagnetization also known as degaussing
What is the first step of installing a firewall? A. Develop security policy B. Review settings C. Prepare access control list D. Configure firewall
A. Develop security policy
Which of the following is considered a major risk of the absence of an authorization process (approval from data owner) ? A. Difficult ot control role-based access B. Multiple users can log on as a specific user C. User accounts can be shared D. Need to know basis access can be assured
A. Difficult ot control role-based access In the absence of an authroization process, it will be impossible to establish and provide role-based access. Anyone can claim access
Which is caused by an electrical storn or noisy electrical equipment (motors, lighting, radio etc.) A. EMI B. Cross Talk C. Attentuation
A. EMI
Which of the following is a detective control in a LAN (local area network) environment? A. Electronic surveillance B. Contingency plan C. File recovery D. Locks and keys
A. Electronic surveillance
Which of the following is the first step in data classification? A. Establish ownership B. Conduct critical analysis C. Develop access matrix D. Tag classification nomenclature of assetts A. Establish ownership- Without the owner defined, it is difficult to conduct criticality analysis or develop access matrix.
A. Establish ownership
What is the first step in Data Classification? A. Establishing ownership The owner being defined, it is difficult to conduct criticality analysis or to develop an access matrix. Hence, establishing ownership is the first step in data classification.
A. Establishing ownership The owner being defined, it is difficult to conduct criticality analysis or to develop an access matrix. Hence, establishing ownership is the first step in data classification.
What is an IS auditors role in information security? A. Evaluate effectiveness of various security programs
A. Evaluate effectiveness of various security programs
Not affected by Cross Talk and EMI? A. Fiber Optics B. UTP C. STP
A. Fiber Optics
Which has the lowerst attenuation A. Fiber Optics B. UTP C. STP
A. Fiber Optics
Which is more secure A. Fiber Optics B. UTP C. STP
A. Fiber Optics
Preferred choice for high volume and long distance calls. A. Fiber optics B. (STP)- Shielded twisted pair C. (UTP)- Unshielded Twisted Pair
A. Fiber optics
Need to know access controls can best be ensured by: A. Implementing application-level access control B. Encrypting databases C. Enabling HTTPS control D. Deploying network monitoring control
A. Implementing application level access control Application level access control helps to limit access to an application per the funtionality required by users perform their jobs. They will not be able to access any other functionality of the application.
Need-to-know access control can be best ensured by: A. Implementing application-level access control B. Encrypting databases C. Enabling HTTPS control D. Deploying network monitoring control
A. Implementing application-level access control Limit access to an application as per functionality required by users to perform their jobs.
Risk of unauthorized access can be control by: A. Kerberos B. Vitality detection C. Multimodel biometrics D. Before/After image
A. Kerberos
Which of the following password-related factors can be tested with automated vulnerability testing tools? A. Length B. Policy C. Secrecy D. Social engineering
A. Length The correct answer is password length as it can be tested with automated vulnerability testing tools to ensure that short passwords are not selected. Password lifetime can also be tested to ensure that passwords have a limited lifetime. Passwords should be changed regularly or whenever they may have been compromised. Password storage can be tested to ensure that they are protected from disclosure or unauthorized modification.
Which of the following attack, attacker reproduces fake characteristics similar to those of enrolled user: A. MIMIC B. Brute-Force C. Crytpographic D. Replay
A. MIMIC (Attack imitaete a voice)
A packet filtering firewall operates on which layer of the following OSI model? A. Network B. Application C. Transport D. Session
A. Network
The most effective method to prevent unauthorized access to an unattended end user PC is: A. Password-protected screensaver B. Automatically switching off the monitor when there is no activity C. CCTV survelliance D. Terminate a session at specified intervals
A. Password-protected screensaver
which of the OSI model is concerned with electrical and physical specifications for the device? A. Physical B. Datalink C. Transport D. Session
A. Physical "electrical", 'electrical signal/ hardware device'
The prime objective of installing mantrap controlling access is to: A. Prevent tailgating. B. Prevent water leakage. C. Control fire. D. Prevent computer damage.
A. Prevent tailgating. A mantrap door is known as a deadman door or an airlock door. It is known as a mantrap or airlock door. Uses 2 doors and for the 2nd to open the other must close. 1 person is admitted at a time. This reduces the risk of piggybacking or tailgating wherein an unathorized person follow an authroized person through a secured entry.
Which of the following will be in scope for reviewing general operating system access control functions? A. Process of logging and monitoring user activities B. Process of logging data communication access activities C. Process of authorization of a user at the field level D. Process of the modification of data files
A. Process of logging and monitoring user activities
The objective of a web and email filtering tool is: A. Restrict spam and virus B. Improve employee productivity C. Ensure data confidentialtiy D. Endure data integrity
A. Restrict spam and virus
What is the objective of web and filtering tools? A. Restrict spam and virus B. Improve employee productivity C. Ensure data confidentialtiy D. Endure data integrity
A. Restrict virus and spam.
Which of the following is the most secure firewall implementaiton? A. Screen subnet firewall
A. Screen subnet firewall
An org. wants to protect network from internet attack. Which firwall would best ensure protection? A. Screened subnet B. Screened host C. Packet filtering D. Circuit level
A. Screened subnet
Which of the following is most important when reviewing system controls? A. Security and performance parameters are considered B. The capturing of change in logs C. The availability of a change authorization process D. Access to system parameters is restriced
A. Security and performance parameters are considered The most important aspect when reviewing system controls is the consideration of the security and performance parameters. This helps to ensure that the control objectives are aligned with the business objectives.
To minimize the risk of data corruption, which of the following options can be effective? A. Separate conduits for electrical and data cables B. Encryption C. Check-digits D. Hashing
A. Separate conduits for electrical and data cables Using separate conduits for data cables and electrical cables, minimizes the risk of data corruption to an induced magnetic field created by electrical current.
Which of the following OSI layer controls the connection est. between the systems? A. Session B. Transport C. Application D. Network
A. Session "connection, manages"
The most effective control to protect against a high-voltage power burst is: A. Surge devices B. Alternative power supplies C. A power line conditioner D. An uninterruptible power supply
A. Surge devices Surge and spike devices help to protect against high voltage power bursts. When supply is low, it provides its own power and maintains a constant voltage
Which of the following should be reviewed to determine the level of access available for different users? A. System file configuration B. Log files C. User access review D. Job descriptions
A. System file configuration Review of the system file configuration will show the level of access available for different users.
Who is responsible for reviewing users' access right? A. The data owner
A. The data owner
The availablility of printing options for all users increases: A. The risk of data confidentiality B.. Risk of Data integrity C. Risk of data availability D. Risk of reduced productivity
A. The risk of data confidentiality It is difficult to control the printing of confidential documents. The availability of printing options increases the risk of confidentiality
Which of the following is the most important concern for an access card entry system? A. The use of a shared access card by cleaning staff. B. The access card does not contain a label with the organization's name and address. C. Card issuance and card reconciliation are managed by different departments. D. Logs of access are not reviewed on a daily basis.
A. The use of a shared access card by cleaning staff. Accountability cannot be established in the case of issuance. Access Cards should not contain details of theo rg. to prevent unauthorized use by intruders. Log may bot be required to be reviewed daily. SOD is a good practice.
Which of the following is the most crucial element of a computer security incident response system? A. Time B. Tools C. People D. Procedures
A. Time Tools, people, and procedures are incorrect as these are elements of the incident response plan and not elements of the incident response system. The response plan should include all necessary people, procedures, tools, and techniques to limit the damage and mitigate any harm done. This requires proper development and testing of the plan.
The most effective control over visitor access to a data center is: A. To escort the visitors B. To issue a visitor's badge C. To frisk the visitor for storage media D. To maintain a visitor's register
A. To escort the visitors This will ensure that they follow the rules of the data center.
Which is the GREATEST concern would be addressed by firewall? A. Unauthroized access by external network B. Unauthorized access by internal network C. Delay in connectivity D. Delay in processing
A. Unauthroized access by external network
Which of the following standards is specifically related to the public key infrastructure? A. X.509 B. PCI DSS C. HIPAA D. ISAO 27001
A. X.509 The correct answer is X.509, a standard defining the format of public key certificates. The X.509 certificates are used in many internet protocols, including TLS/SSL (Transport Layer Security/Secure Sockets Layer), which secures HTPP (Hypertext Transfer Protocol) and other transport protocols.
An organization is introducing SSO. Under SSO, users will be required to enter only 1 user ID and password for access to all application systems. A major risk of using SSO is that it: A. acts as a single authentication point for multiple applications B. acts as a single point of failure (if A. not shown pick B)
A. acts as a single authentication point for multiple applications B. acts as a single point of failure (if A. not shown pick B)
A message and message hash in encrypted by the senders privat key will ensure: A. authenticity and integrity B. authenticity and confidentiality C. Integrity and Privacy D. confidentiality and non-repudiation
A. authenticity and integrity
What is the most important requirement for correct / appropriate data classification policy? A. awareness and training about org policies & standards B. security guidelines C. fulfillment of duties
A. awareness and training about org policies & standards
Authority that manages the certificate life cycle is the A. certificate authority (ca) B. certificate revocatio list (crl) C. certificatio practice statement (cps) D. registration authority (ra)
A. certificate authority (ca)
An IS auditor is reviewing access control policy of an org. Which of the following is the BEST basis for determining the appropriate levels of information resource protection? A. classification of info. assets B. data owner C. threat assessment D. cost of info. assets
A. classification of info. assets
Whose accountable for maintenance proper security controls over information assets? A. data owner/ system owner B. developer C. migrator D. approver
A. data owner/ system owner (if both appear , it should be data owner)
who is ultimately responsible for defining access rule? A. data owner/ system owner B. developer C. migrator D. approver
A. data owner/ system owner (if both appear , it should be data owner)
In co-ordination with database admin, granting access to data is the responsibility of: A. data owners B. system engineer C. security officer D. librarians
A. data owners
which of the following ensures confidentiality (encrypts recievers public key) and also authenticity (encrypts hash of senders private key) of sender message? A. encrypt hask of message with sender private ey and after encrypt message with reciever public key B. encryp hash of message with sender private key and after encrypt message with reciever private key C. encrypt hash of the message with recievers public key and after encrypts message with sender private key D. encrypts hash of the message with recievers public key and after encrypts message with senders public key
A. encrypt hask of message with sender private ey and after encrypt message with reciever public key
A stock broking firm sends invoices to clients through email and wants reasonable assurance tha no one has modified the newsletter. This objective can be achieved by: A. encrypting the hash of invoice using the firms private key B. encrupting hash of invoice using firms public key C. encrupting invoice using firms private key D. encrupting invoice using firms public key
A. encrypting the hash of invoice using the firms private key
which of the following is the most prevalent risk of using VPN for remote login? A. entry of malicious code in the network B. unauthorized access of data while in network C. logon spoofing D. adverse impact on network availability
A. entry of malicious code in the network
In a public key encryption (assymetric), to ensure integrity (encrypt hash by sender's private key) A. hash message to be encrypt by sender private key and decryption done by senders public key B. hash message to be encrypted by sender public key and decrypt is done by sender private key C. hash message to be encrypted by reciever private key and decrypt is done by reciever public key D. hash message to be encrypted by sender private key and decrypt done by reciever public key
A. hash message to be encrypt by sender private key and decryption done by senders public key
In a public key encryption (assymetric encryption) to authenticate (encrypt has by senders private key) the sender of the message: A. hash the message to be encrypted by sender's private key and decrypt is done by sender's public key B. hash of the message to be encrypted by sender's public key and decryption is done by sender's private key C. hash of the message to be encrypted by reciever's private key and decryption is done by reciever public key D. has of the message to be encrypted by reciever public key and decryption is done by recievers private key
A. hash the message to be encrypted by sender's private key and decrypt is done by sender's public key
which of the following is the best method to ensure the security and reliability of voip and data traffic? A. segregation of voip infrastructure using VLAN B. Use of Two Factor Authentication C. Traffic Encryption D. Availability Backup Power
A. segregation of voip infrastructure using VLAN
Message authenticity (hash sender private key) and confidentiality (reciever public key) is best achieved by encrypting hash of the message using the A. sender private key and encrypt message using reciever public key B. sender public key and encrypt message using reciever private key C. reciever private key and encrupt mesage using sender public key D. reciever public key and encrypt using sender private key
A. sender private key and encrypt message using reciever public key
The more simple and basic login controls include: A. validating user name and password. B. monitoring unsuccessful logins. C. sending alerts to the system operators. D. disabling accounts when a data breach occurs.
A. validating user name and password. Login controls specify the conditions users must meet to gain access to a system or resource. In the most simple and basic cases, access will be permitted only when both a username and password are provided.
while implementing a firewall, most likely error to occur is: A. wrong configuration of access list B. compromise of password due to shoulder surfing C. inadequate user training of firewalls D. inadequate anti-virus updation
A. wrong configuration of access list
What is the corruption of ARP (address resolution protocol) ?
ARP (address resolution protocol) Poisionoing
------- refer to a register of users who have been given permission to use a particular system resource and the types of access they are permitted to have.
Access Control Lists
Which layer contains programs that communicates directly to the end user? -Works closely to the user -Provides interface for applicants to communicate
Application layer contains programs that communicate directly to end user. -Works closely to end user -Provides interface for applicants to communicate.
what is the most secure firewall?
Application-Level Firewall
What type of firewall has the following characteristics? -wors on concept of batsion host and proxy server -seperate proxy for each application -application layer( (7th)
Application-level firewall
Which component is safe for Human Life
Argonatie and FM-200 Argonite; 50% Argon and 50% Nitrogen Gas Safe and non-toxic Halon and CO2 are NOT SAFE
(an attack technique for attempting to acquire sensitive data such as bank account numbers through fraud solicitiation in email or on a website, which perpetrator masquerages as a legimitae business or person.)
Phishing
What is the transmission error in wired as well as wireless network?
Attentuation
is a protection against fraudulent transactions.
Authentication
An IS auditor should review the router controls and settings during: A. The review of physical security B. The review of network security C. The review of backup process D. The review of data center
B The review of network security. The router is part of networking. Networik security reviews include reviewing router access control lists, port scanning, internal and external connections to the system, and so on
The safest form of a fire extinguisher that can be used in the presence of humans is: A. Carbon dioxide B. Halon gas C. FM-200 D. Argonite gas
C. FM-200 Colorless and odorless.
Which of the following establishes accountability in a LAN environment? A. Network monitoring tools B. Access logs C. Lock-and-key systems D. Card key systems
B. Access logs Access logs along with user IDs and passwords provide a reasonable amount of accountability in a local area network (LAN) environment since user actions are recorded.
The most effective control to protect against the long-term unavailability of the electrical power is: A. Surge devices B. Alternative power supplies C. A power line conditioner D. Spike devices
B. Alternative powier supplies (EX. Power generator)
An org. with the objective to prevent downward spiral of file through FTP (File transfer protocol) should configure which of the firewall type? A. Stateful inspection B. Application gateway C. Packet filter D. Circuite gateway
B. Application gateway
Which of the following transmission error can occur in wired as well as wireless communication? A. Cross-Talk B. Attenuation C. Sags, Spies, and Surges D. Multipath interference
B. Attenuation Attenuation is the weakening of signals during transmission. Exists in both wired and wireless. Length of wire impacts the severity of attenuation
Denial-of-service (DOS) attacks compromise which of the following properties of information systems? A. Integrity B. Availability C. Confidentiality D. Reliability
B. Availability DoS attacks prevent an information system from processing or responding to legitimate requests for resources and objects. Usually, a DoS attack will transmit such a large number of data packets to a server that the server cannot handle the volume and shuts down, causing business disruption. Note- -A denial-of-service attack does not affect integrity because integrity means that an object is changed only in a specified and authorized manner. -Denial-of-service attacks do not affect confidentiality because confidentiality is a property that ensures that data is disclosed only to authorized subjects (users). -Denial-of-service attacks do not affect reliability, which is defined as the probability that a given system is performing its mission adequately for a specified period under the expected operating conditions.
For appropriate data classification, the MOST important requirement is: A. Knowledge of technical controls for protection of data B. Awareness of training about org. policies and standards C. Use of automatic data control tools D. Understanding the requirements of data user.
B. Awareness of training about org. policies and standards
which of the following devices has the capacity to store frames and act as a storage and forward device? A. Hub B. Bridge C. Repeater D. Router
B. Bridge Bridges act as store and forward devices in moving frames toward their destination. This is achieved by analyzing the MAC header of a data packet. By examining the MAC address, the bridge can make decisions to direct the packet to its destination.
Which of the following attack involved sending numerous different bioometric samples to a biometric? A. Mimic B. Brute force C. Cryptographic D. Replay
B. Brute Force Attack sends numerous requests
Which of the following controls over telecommuting uses tokens and/or multifactor authentication? A. Firewalls B. Combined authentication methods C. Intrusion detection system D. Encryption
B. Combined authentication methods
what kind of protocols does the transport layer provide to ensure reliable communication? A. non-connection oriented protocol B. Connection-oriented protol C. Application-oriented protocl D. Non-application oriented protocol
B. Connection-oriented protol "congestion, reliable delivery, connection-oriented, delivery proper order"
Which is a electromagnetic interference from one unshielded twisted pair to another twisted pair? A. Attentuation B. Cross Talk C. EMI
B. Cross Talk
Who among the following should be made accountable for the appropriate maintenance of security controls over information assets?T A. Network administrator B. Data and system owners C. System Developer D. System Ops Group
B. Data and System Owners
Which of the following ensures security in a VPN? A. Data diddling B. Data encapsulation C. Data hashing D. Data compression B. Data encapsulation VPN uses data encapsulation or tunnelling method to encrypt the traffic payload for secured transmission of the data.
B. Data encapsulation VPN uses data encapsulation or tunnelling method to encrypt the traffic payload for secured transmission of the data.
Dynamic Host Configuration Protocol (DHCP). Which of the following statement is true when DHCP is disabled for wireless networks? A. Increases the risk of unauthorized access to the network B. Decreases the risk of unauthorized access to the network C. Automatically provides the IP address to anyone D. Disables SSID (Service Set Identifier)
B. Decreases the risk of unauthorized access to the network DHCP- assigns IP addresses to anyone connected to the network. If disabled the risk of unauthroized access decreases
The most important concern when conducting a post-implementation review of an org. network is: A. Mobile devices can be access w/out password B. Default passwords of network devices are not changed C. A proxy does not exist for internal communication D. Email links are not encrypted
B. Default passwords of network devices are not changed A major area of concern is that one of the factory default password not being changed for critical network devices. Anyone can change the system configuration using a default
A default allow access control policy: A. allows approved traffic and rejects all other B. Denies specific traffic and allows other C. Used for allowing access from untrusted networks to external D. Allows traffic per discretion of the network admin
B. Denies specific traffic and allows other
The most robust configuration in firewall rule base is: A. Allow all traffic and deny the specified traffic B. Deny all traffic and allow specific traffic C. Dynamically decide based on the traffic D. Control traffic on the basis of discretion of network admin
B. Deny all traffic and allow specific traffic
An IS auditor is evaluating the effectiveness of the biometric systems for extremely high secured enviornment. Which of the following stage should be reviewed first? A. Storage B. Enrollment C. Identification D. Termination Note- The Biometric lifecycle consists of: Enrollment, Transmission & Storage, Verification, Identification & Termination Processes
B. Enrollment Note- The Biometric lifecycle consists of: Enrollment, Transmission & Storage, Verification, Identification & Termination Processes
An org. is considering implementing access control for one of its critical systems. Among below mentioned control measure, the MOST effective control is: A. Cipher lcok B. Fingerprint scanner C. Photo ID D. Electronic Door Lock Note- Biometric controls are more reliable than any other form of access controls
B. Fingerprint scan Note- Biometric controls are more reliable than any other form of access controls
Which of the following is used to create webpages on the internet? A. HTTP B. HTML C. TCP/IP D. FTP
B. HTML
Logical Access Controls are designed and developed on the basis of: A. The user requirements B. Information System Security policy C. Industry Practices D. System Configuration Files
B. Information System security policy
Which of the following can help in the prevention of spoofed Internet Protocol (IP) addresses? A. Hypertext Transfer Protocol (HTTP) B. Internet Protocol Security (IPsec) C. Transport Layer Security (TLS) D. Secure Sockets Layer (SSL)
B. Internet Protocol Security (IPsec)
An org. is considering implementing access controls for one of its critical system. Among below mentioned control measures, the most effective control is: A. Token based PIN B. Iris Scan C. Photo Identification D. Password Note- Biometric controls are more reliable than any other form of access controls
B. Iris Scan Note- Biometric controls are more reliable than any other form of access controls
The most important benefit of proper naming conventions *Asset grouping as per criticality) for IS Resources is: A. It ensures that resource names are aligned as per function B. It helps with defining structed access rules C. Helps with user mgmt D. Ensures that industry standarization is maintained
B. It helps with defining structed access rules
The most effective safeguard for security software and data within an information processing facility is: A. Training and awareness B. logical access controls C. Phsycial control D. The Security Committee B. Logical Access Controls- are the most effective way to safeguard data within processing facilities. Logical access contrals are technical controls such as authentication, encryption, firewall, IS, and so on which are difficult to bypass.
B. Logical Access Controls
For man-in-the middle attack, which of the following encryption technique will BEST protect a wireless network? A. Wired equivalent privacy (WEP) B. MAC Based pre-shared key (PSK) C. Randomly generated pre-shared key (PSK) D. Service set identifier (SSID)
B. MAC Based pre-shared key (PSK) C. Randomly generated pre-shared key (PSK) B or C. but C. is the better choice.
Wireless local area networks (LANs) have more significant risks than wired LANs in which of the following areas? A. Masquerading and modification/substitution B. Modification/substitution and theft of equipment C. Eavesdropping and masquerading D. Eavesdropping and theft of equipment
B. Modification/substitution and theft of equipment "modification/substitution and theft of equipment." In wireless LANs, the more robust node could block the weaker one, substitute its own messages, and even acknowledge responses from other nodes. Theft of equipment is a significant risk in wireless LANs due to their portability.
Which of the following is considered a major risk in an organization's logical access control procedure? A. The sharing of passwords B. Password files are not protected C. Delay in the deactivation of a resigned employee login access D. Centralized issuance of login ID
B. Password files are not protected
Which of the following is considered a major risk in an organization's logical access control procedure? The sharing of passwords. B. Password files are not protected. C. Delay in the deactivation of a resigned employee's login access. D. Centralized issuance of logon IDs.
B. Password files are not protected.
HUB operates which of the following OSI layers? A. Data link layer (2) B. Physical layer (1) C. Network layer (3) D. Transport layer (4)
B. Physical layer
Which is a concern for an offshore operation? A. High cost of setup B. Privacy law preventing cross border flow C. Timezone differences D. Software development complications
B. Privacy law preventing cross border flow
Which of the following should be a concern to an IS auditor reviewing a wireless network? A. System hardening of all wireless clients B. SSID (service set identifier) broadcasting) has been enabled C. WPA-2 (Wi-Fi Protected Access Protocol) encryption is enabled D. DHCP (Dynamic Host Configuration Protocol) is disabled at all wireless access points
B. SSID (service set identifier) broadcasting) has been enabled
Which of the following is an example of single point of failure when accessing an application? A. Multifactor authentication B. Single sign-on C. Multiple passwords D. Redundancy
B. Single sign-on This is an example of single point of failure because if the sign-on system is compromised, the entire system is exposed to unauthorized parties.
The firewall that allows traffic from outside only if it is in response to traffic from internal is A. Applicaton from level gateway firewall B. Statefull inspection firewall C. Packet filtering router D. Circuite level gateway
B. Statefull inspection firewall
Which of the following is considered the best control for provided access rights to outsourced vendors? A. include penalty clause in the SLA B. Temporary user accounts created for a defined role with account expiration dates C. Temporary accounts created for full access for a limited period D. Employees of the vendors should be asked to sign a non-disclosure
B. Temporary user accounts created for a defined role with account expiration dates
Which of the following is a major aspect to be considered when reviewing telecommunication access control? A. The process for capturing and monitoring logs B. The proces for the authorization and authentication of a user C. The process for encrypting databases D. The process to control remote access
B. The process for the authorization and authentication of a user A major aspect to review the process of authorization and authentication of users. This is preventative control. Any loopholes in this process makes other controls irrelevant.
Which of the following is the greatest concern for an IS auditor reviewing the fire safety arrangements of an organization? A. The use of a wet pipe-based fire extinguisher in the computer room B. The use of a carbon dioxide-based fire extinguisher in the processing facility C. The use of handheld fire extinguishers in the board room D. Smoke detector not tested every month
B. The use of a carbon dioxide-based fire extinguisher in the processing facility CO2 should not be used where people are present. CO2 reduces oxygen posing a risk to human.
Which of the following is a prime objective for an IS auditor reviewing logical access control? A. To ensure the effectiveness of access control software B. To ensure that access is granted as per an approved process C. To ensure the protection of computer software D. To ensure the protection of computer hardware
B. To ensure that access is granted as per an approved process
Which of the following is a prime objective for an IS auditor reviewing logical access? A. To ensure the protection of computer hardware B. To ensure that access is granted as per an approved process C. To ensure that protection of computer software D. To ensure the effectiveness of access control software.
B. To ensure that access is granted as per an approved process
which iso/osi layer tracks the order in which packets are delivered to address the out-of-sequence message? A.Physical B. Transport C. Application D. Network
B. Transport "Delivery"
Which of the ISO/OSI model handles congestion control? A. Session layer B. Transport layer C. Application layer D. Network layer
B. Transport layer "congestion, reliable delivery, connection-oriented, delivery proper order"
which of the following is primarily concerned with the reliability of data transfer between the systems? A. Session layer B. Transport layer C. Applicaton layer D. Network layer
B. Transport layer "reliable delivery, connection-oriented, delivery, congestion"
Which of the following is a control used to respond to the risk of power failure? A. Water sprinklers B. Uninterruptible power supply (UPS) C. Smoke/fire detectors D. Fire or evacuation drills
B. Uninterruptible power supply (UPS) A UPS system contains a battery or gas-powered generator that connects with the electricity entering the building/facility and the electrical power entering the IT hardware.
The computer incident security response team (CSIRT) publishes security alerts and details of recent attacks on the organization. What is the MOST significant risk from this action? A. Users may post this information on social media websites, resulting in reputational damage for the organization. B. Users may use published information to perpetrate attacks on the organization. C. Users may contact IT for more information, wasting IT's time. D. Users may forward the attack information to customers to keep them updated on the recent attacks.
B. Users may use published information to perpetrate attacks on the organization.
Most comprehensive method to protect a remote access network with multiple and diversified systems is: A. firewall B. VPN C. Intrusion Detection System (IDS) D. Demilitarized zone
B. VPN A VPN is used to extend a private network through use of internet in a secure manner Firewall, IDS, and DMZ (Demilitarized zone) used to filter and control traffic between internal and external network.
For a small org. most economical and secured method for connecting a private network over internet is: A. Dedicated lease line B. Virtual private network C. Broadband connection D. VOIP
B. VPN, if properly configured will reduce risk assoc. with sensitive data travelling in an open public network
An IS auditor is evaluating access control policy of an org. The implementation of access controls FIRST requires: A. creation of an access control list B. an inventory of IS resources C. perform a impact analysis D. label IS resources
B. an inventory of IS resources 1. Have inventory 2. est. ownership 3. Classify info resc. 4. Label res. 5. Create access control list
A commercial website uses asymmetric encryption where there is one private key for the server and corresponding public key is made available to the customer. This ensures: A. authenticit of customer B. authenticity of website C. confidentiality of messages from website hosting org. to customer D. non-repudiation from customer
B. authenticity of website
With reference to VPN, which of the following set up is area of most concern? A. Computer located at org. remote office is getting connected through VPN B. computer located at empmloyees home is getting connected through VPN C. computer located at org. backup site is getting connected through VPN D. computer located at org. internal network is getting connected through VPN.
B. computer located at empmloyees home is getting connected through VPN Home computer are considered as having least security as compared to other computers. If a home computer is compromised, attacker can attempt to enter the org. internal network through VPN.
An IS auditor is reviewing access control policy of an org. Which of the following is responsible for authorizing access rights to production data and systems? A. process owner B. data owner C. data custodian D. security admin
B. data owner
In public key encryption (assymetric encryption) to secure message confidentiality (encrypt by reciever's public key) A. encrypt is done by private key and decrypt is done by public B. encrypt is done by public and decrypt is done by private C. both the key is used to encrypt and decrypt the data are public D. both the key is used to encrypt and decrypt the data are private
B. encrypt is done by public and decrypt is done by private If using public key to encrypt must use private to decrypt
Which of the following is the MOST important objective of classification of IS? A. creation of an access control list B. ensuring integrity of informtaion C. reduction in cost of control D. comply with risk management policy
B. ensuring integrity of informtaion i. ensure integrity/confidentiality of data ii. est. access control guidelies iii. reduce costs
An IS auditor is evaluating data classification policy of an organization. The FIRST (1ST) step in data classification is to: A. label the IS resources B. establish ownership C. perform a impact analysis D. define access control rules
B. establish ownership 1. inventory 2. ownership 3. classification 4. labeling 5. access control DUE TO INVENTORY NOT BEING AN OPTION. GO TO THE NEXT STEP WHICH IS STEP 2. OWNERSHIP
An org. is considering implementing a biometric access control for one of its critical system. Among below mentioned biometrics, the most effective biometric control system is A. highest equal-error rate (EER) B. lowest equal-error rate (EER) C. highest cross-error rate (CER) D. covers all the system in the org.
B. lowest equal-error rate (EER) CER or EER is a rate at which FAR and FRR is equal. The most effective biometric control system is the one with lowest CER (Cross error rate) or (Equal error rate)
A major risk based on trust and difficult to prevent is: A. effectively used authorized access. B. misused authorized access. C. unsuccessful unauthorized access. D. successful unauthorized access.
B. misused authorized access. Misused authorized access means policies are being ignored
Best method to ensure confidentiality of the data transmited in a wireless LAN is to: A. restrict access to predefined MAC addresses B. protect the session by encrypting the use of static keys C. protect the session by encrypting the use of dynamic keys D. initiate the session by encrypted device
B. protect the session by encrypting the use of static keys C. protect the session by encrypting the use of dynamic keys Both are good, out of BOTH, C. protect the session by encrypting the use of dynamic keys
Proper classification and labelling for system resources are important for access control because they: A. help avoid ambiguous resc. name B. reduce the number of rules required to adequately protect res. C. serve as stringent access control D. ensure that internationally recognized names are used to protect resc.
B. reduce the number of rules required to adequately protect res.
An org. is considering implementing access control for all PC that access critical data. This will: A. completely eliminate the ris of false acceptance (i.e., unathorized access will be elminiated completely) (note- not pos. eliminate all risk) B. require enrollment of all users that access critical data C. require fingerprint reader to be controlled by a seperate password (note- not required) D. provide reassurance that unauthorized access will be impossible (note-not poss to completely eliminate all risk)
B. require enrollment of all users that access critical data
Which of the following options increases the cost of cryptography? A. use of symmetric rather than assymetric B. use of long assymetric key rather than short C. only hash is encrypted rather than full message D. use of short asymmetric key rather than long
B. use of long assymetric key rather than short higher the key length higher the cost
In a public key infrastructure (PKI), role of a certificate authority is to A. ensure secured communication and secured network services based on certificates B. validate identifiy and authenticity of owning certificate and integrity of certificates issued by CA C. ensure secure communicate infrastructure D. Host private key subscribers in public domain
B. validate identifiy and authenticity of owning certificate and integrity of certificates issued by CA
Which of the following can provide a false sense of security? 1. Encryption protocols 2. Digital signatures 3. Firewalls 4. Certified authorities A. 1 and 2 B. 2 and 3 C. 1 and 3 D. 2 and 4
C. 1 and 3 Both encryption protocols and firewalls can provide a false sense of security. Encryption is used to provide confidentiality of data from the point of leaving the end user's software client to the point of being decrypted on the server system. Once the data is stored "in the clear" on the server, data confidentiality is no longer ensured. Data confidentiality aside, encryption will not prevent malicious attackers from breaking into the server systems and destroying data and transaction records. Firewalls have been used to protect internal computer systems from outside attacks as well as unauthorized inside users. The effectiveness of a firewall is usually in providing a deterrent for would-be attackers. However, most determined attackers can breach a firewall through web requests, which should be controlled.
The most effective control to protect against short-term reduction in electrical power is: A. Surge devices B. Spike devices C. A power line conditioner D. Alternative power supplies
C. A power line conditioner A poiwer line condition is a device intended to improve the quality of power that is delivered to electrical equipment. It compensates for the peaks and valleys in the power supply. When an electrical supply is low, it provides its own power and maintains a constant voltge. Alternative power supply is effective for long term power unavilability
Which type of firewall provides the most secure enviornment? A. Statefull inspection B. Packet filter C. Application gateway D. Circuit Gateway
C. Application gateway
Which OSI layer contains programs that communicate directly with the end user? A. Physical layer B. Transport layer C. Application layer D. Network layer
C. Application layer "end user"
An org. wants to connect a critical server to the internet. Which of the following would provide the best protection against hacking? A. Statefull B. Remote access server C. Application level gateway D. Port scanning
C. Application level gateway (highest level of OSI)
Which of the following is a major concern for the use of CO2 and Halon gas as fire extinguishers? A. Both of the extinguishers have a limited life span. B. Both of the extinguishers are not suitable for computer equipment. C. Both of the extinguishers have a risk of suffocation when used in a closed room. D. Both of the extinguishers have a high maintenance cost.
C. Both of the extinguishers have a risk of suffocation when used in a closed room.
Which of the following attacks targets the alogrithm or the encrypted data transmitted between biomtric device and access control system A. MIMIC B. BRUTE FORCE C. CRYPTOGRAPHIC D. REPLAY
C. CRYPTOGRAPHIC (attack that targets algorighm or encrypted data transmitted between biometric deice)
Deailed descriptions for dealing with a compromised private key is provided in which of the following public key infrastructures (PKI) elements? A. Certificate policy (CP) B. Certificate revocation list (CRL) C. Certification practice statement (CPS) D. PKI disclosure statement (PDS)
C. Certification practice statement (CPS)- Standard operating procedure of CA
Which of the following poses a major risk when using VOIP system as a sole means of voice communication? A. Failure of the hardware device B. Premium rate fraud C. DDoS attack D. Toll Fraud
C. DDoS attack
Which of the following observations is the greatest concern to the auditor reviewing biometric control for a critical system? A. Access to a biometric scanner is provided through VPN B. Biometric devices are not installed in restricted areas C. Data transferred between biometric device and access control system is not encrypted D. Risk analysis for biometric controls is conducted before 2 years
C. Data transferred between biometric device and access control system is not encrypted
The most effective method of removing data from a tape media during disposal is: A. Multiple overwriting B. Erasing the tapes C. Degaussing tapes D. Removing the tape header
C. Degaussing tapes
Which of the following is the most ciritical function of the firewall? A. Act on special router that connect different network B. Device for preventing authorized users from accessing LAN C. Device used for authorized users to trust network resc. D. Proxy server to increase speed of access to authroized access
C. Device used for authorized users to trust network resc.
The most effective, safe, and environment-friendly fire safety arrangement in a data centre is the use of: A. Halon gas B. Carbon dioxide C. Dry pipe sprinklers D. Wet pipe sprinklers
C. Dry pipe sprinkers Both wet and dry are safe, however dry prevent the risk of leakage.
The most overall quantitative performance indicator for biometric system is: A. FAR B. FRR C. EER D. Number of staff enrolled in biometrics Note Most important indicator- FAR Most important overall performance indicator- CER or EER
C. EER = overall Note Most important indicator- FAR Most important overall performance indicator- CER or EER
An auditor should be most concerned when reviewing a firewall? A. Properly defined security policy B. Use lastest firewall structure with most secure algorithm C. Effectiveness of the firewall is enforcing policy D. Technical knowledge of users
C. Effectiveness of the firewall is enforcing policy
Which of the following is the PRIMARY source of legal rights and privacy obligations over email? A. Size of employer B. Employee practices C. Employer policies D. None of the answer choices are correct.
C. Employer policies
The prime objective of data protection is to : A. Comply with contractual requirements B. Comply with legal requirements C. Ensure confidentaiity and integrity of information D. Improve operational efficiency
C. Ensure confidentaiity and integrity of information
Which of the following MOST accurately measures the effectiveness of physical access security control? A. User complaints B. False rejection rate C. False acceptance rate D. False alarm rate
C. False acceptance rate The false acceptance rate measures the probability that a physical access security control will incorrectly accept an access attempt by an unauthorized person User complaints would be a measure of effectiveness for customer service function, not physical entry control. A false alarm rate is too general and determines whether an alarm is valid or a nuisance alarm; since it is not specific enough, it does not measure physical access security control effectiveness. A false rejection rate is a percentage of instances whereby authorized personnel have been incorrectly rejected an entry. A false rejection rate would reflect the extent of inconvenience caused to authorized people trying to access the facility. It is not a measure of effectiveness for the physical access security control as it does not show how many unauthorized people gained access to the facility.
An org. is considering type of transmission media which provide best security against unauthorized access. Which of the following provides best security? A. Unshielded twisted pair B. Shielded twisted pair C. Fiber-Optic cables D. Coaxial cables
C. Fiber-Optic cables
What is the first step in classifying information assets? A. Establish ownership B. Classify Info. System resources C. Have inventory of Info. Assets D. Create Access Control List
C. Have inventory of Info. Assets 1. Have inventory of info assets 2. Est. ownership 3. classify info. system resco. 4. label info. sys. res. 5. create access control list
Which of the following best ensures compliance with a password policy? A. A simple version of a password policy B. A user friendly password policy C. Implemenation of an automated password mgmt tool D. Security awareness training for users
C. Implemenation of an automated password mgmt tool
An org. is introducing SSO. To prevent unauthroized access, MOST important actin is: A. monitor failed attempts B. Regular review of log C. Implement a strong password D. Deactivate unused acctunts Note- Most Important control for SSO, answer be to implement strong password policy
C. Implement a strong password
In an SSO environ. the most effective method to prevent unauthorized access is; A. Log monitoring B. Deactivating a dormant account C. Implementing a strong password policy D. User access review
C. Implementing a strong password policy
which of the following is a major concern as regards the VoIP system? A. same cable type used for LAN as well as telephone B. Common administrator for both telephone and network C. LAN switch is not connected to a UPS D. only single-factor authetication is required to access the VoIP
C. LAN switch is not connected to a UPS -A VoIP standard netowrking cable for voice communication. If network switches do not get power, a telephone will not get power either, so it is very important to have an arrangement for an uninterrupted power supply
which of the following ISO/OSI model layers provides services for how to route packets between notes A. Application B. Physical C. Network D. Data link
C. Network "Route / IP address" = Network
Router operates at which OSI layer? A. Data link layer (2nd layer) B. Physical layer (1ST layer) C. Network layer (3rd Layer) D. Transport layer (4th La
C. Network layer (3rd Layer)
Which of the following will not be in scope for reviewing database level access control functions? A. Monitoring database profile creation process B. Process for field level authorization C. Process for determining individual accountability D. Process for logging and monitoring database level
C. Process for determining individual accountability
which of the following access control methods is most appropriate for VoIP system? A. department based access B. Hiearchy based access C. Role based access D. Privilege access
C. Role based access
A wet pipe sprinkler contains: A. FM-200 gas. B. Nitrogen. C. Water resides in the pipe with special water-tight sealants. D. Water, but it enters the pipe only when a fire has been detected.
C. Water resides in the pipe with special water-tight sealants.
Which of the following is the most important concern for a badge entry access system? A. Security personnel is not monitoring the badge reader for any suspected tampering. B. Logs of access are not reviewed on a daily basis. C. The process for promptly disabling a lost or stolen badge is not followed. D. The backup frequency of logs is infrequent.
C. The process for promptly disabling a lost or stolen badge is not followed. It is very important to immediately deactivate a badge that is lost or stolen. An unauthorized individual can enter the room using a stolen badge. The other options are not as significant as deactivating stolen or lost badges.
Prevention of which of the following attacks is outside the scope of electronic mail security programs? A. Playback attacks B. Cryptanalytic attacks C. Traffic analysis D. Key management attacks
C. Traffic analysis To prevent traffic analysis, bogus traffic is injected into the real traffic, thus flooding the network channels. This increases the load on the network. However, the email security program cannot prevent or detect bogus traffic.
The most effective method to ensure that only authorized user can connect to the system is: A. Complex password requirement B. SSO C. 2 Factor authe. D. IP restrictions
C. Two factor
Which of the following is a major risk for using a wireless network? A. Complexity B. Responsiveness C. User authentication D. Technology
C. User authentication The correct answer is "user authentication." User authentication is crucial to ensure that unauthorized users cannot get access to sensitive information.
Which of the following is a major concern for an IS auditor reviewing a critical application? A. Access is provisioned on the basis of a user role B. Systems are hardened C. Users can access and modify the database directly D. Multi-factor authentication for user access
C. Users can access and modify the database directly
Which of the following is a major concern as regards the cabling arrangements for a voip system? A. the same cable type is used for LAN as well as telephone B. Networking wires are not arranged and labeled C. VoIP infrastructure is not connected to an uninterrupted power supply D. Power and telephone equipment are separated
C. VoIP infrastructure is not connected to an uninterrupted power supply voip uses standard network cabling for voice communication. If network switches do not get power, a telephone will not either. So it is important to have an arrangement for uninterrupted power supply
Which of the following techniques is more relevant to test wireless (Wi-Fi) security of an organization? A. WPA-2 B. War dialing C. War driving D. Social engineering
C. War driving identify weak signal.
Modern "dry pipe" systems: A. are less sophisticated than water-based sprinkler systems. B. maximize chances of accidental discharge of water. C. are a substitute for water-based sprinkler systems. D. None of the answer choices are correct.
C. are a substitute for water-based sprinkler systems.
Responsibility for the maintenance of proper control measures over Information Resouces resides with the: A. database admin B. security admin C. data and system owners D. system operations group
C. data and system owners
From control perspective, access to application data should be given by, A. database admin B. data custodian C. data owner D. security admin
C. data owner
An IS auditor is reviewing data classification policy of an org. From a control perspective, the PRIMARY objective of classifying Info. Assets is to: A. ensure that all assets are insured against losses B. assist in risk assessment C. est. appropriate access control guidelines D. ensure all info assets have access controls
C. est. appropriate access control guidelines i. ensure integrity and confidentiality of data ii. est. appropirate access control guidelines iii. reduce costs of protecting assets
Function of a VPN is to A. implement security policies B. compress data travelling in the network. C. hide data travelling in the network D. verify the content of the data packet
C. hide data travelling in the network Objective of VPN is to hide the data from the sniffer. VPN uses data encapsulation or tunnelling method to encrypt the traffic payload for secured transmission of the data.
When transmitting PII (personally identifiable information) data to a third party service provider through the internet, an organization must ensure: a. encryption of the PII (Personally identifiable information) b. obtain consent from the client c. privacy principles are adhered d. proper change mgmt
C. privacy principles are adhered to
Which of the following should be considered for use in a voip system? A. cryptographic function for the voip service B. availability of the VOIP service C. reliability and quality of the VOIP service D. Privacy of the VOIP service
C. reliability and quality of the VOIP service
The greatest concern for an IS auditor reviewing a user authentication procedure is A. automatic lockout not enabled B. Max password age not defined C. use of a shared account by system admin D. Password history control not implemented
C. use of a shared account by system admin The use of a shared account will not help to establish accountability for the transaction. System admin accounts are privileged accounts and should be named and allocated to each individual
----------- allows control over information because the ability to make changes resides with very few individuals instead of many in a decentralized environment. The limited access makes it less likely an intruder would be able to gain access at all.
Centralized Security Administration
Process of identifying, preserving, analyzing, and presenting evidence in such a manner that it demonstrates reliability and integrity of the evidence.
Chain of custody
Characteristics of Assymetric Encryption: -2 keys (Private and Public) -Private decrypts Public key (vice versa) -slower computatino and processing -expensive -No disadv.
Characteristics of Assymetric Encryption: -2 keys (Private and Public) -Private decrypts Public key (vice versa) -slower computatino and processing -expensive -No disadv.
Characteristics of Symmetric Encryption: - Single Key -Encrypts and Decrypts messages -Called Symmetrics because encrypt and decrypt uses same key -Fast computation & processing -Inexpensive as compared to Assympetric -Major DISADV.: Challenge to share keys
Characteristics of Symmetric Encryption: - Single Key -Encrypts and Decrypts messages -Called Symmetrics because encrypt and decrypt uses same key -Fast computation & processing -Inexpensive as compared to Assympetric -Major DISADV.: Challenge to share keys
What type of firwall has the following characteristics? -Works on concept of bation host and proxy server -same proxy for all services -session layer (5rd layer)
Circuit-level firewall
is the practice of using remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer.
Cloud Computing
hashing algorithms, including MD5 (Message Digest 5), are prone to a WHAT KIND of attack?
Collison Attack
Which attack does the following: the intruder tries to break into the algorithm to find out the private key. For example, breaking the data encryption standard algorithm would allow an intruder to read any given email message because the message itself is encrypted with a data encryption standard.
Cryptanalytic Attack
The most effective method to prevent unauthorized access to a system admin account is: A. Install IDS B. Enable system locout after 3 attempts C. Define password rules D. 2 Factor Authentication
D. 2 Factor Authentication A. Install IDS ( Detective control not preventative ) B. Enable system locout after 3 attempts C. Define password rules
The most effective method to prevent unauthorized access to a system admin account is: A. Installation of IDS B. Enable system lockout after 3 failed attempt C. Define password complexity rules D. 2 Factor authentication
D. 2 Factor authentication something you know (p-word, pin, or personal) something you have (token, OTP, smrt card) something you are (biometrics features)
Which of the following is a purpose of a security awareness, training, and education program? A. Developing skills and knowledge so users can perform their jobs more securely B. Improving awareness of the need to protect system resources C. Building in-depth knowledge to design, implement, or operate security programs for organizations and systems D. All of the answer choices are correct.
D. All of the answer choices are correct.
In public key infrastructure (PKI), the registration authority is responsible for: A. performing other certificate lifecycle management functions (certificate revocation). B. receiving and validating requests for digital certificates and public/private key pairs. C. securely storing all the certificates that are requested, received, and revoked by both the certificate authority and the registration authority. D. All of the answer choices are correct.
D. All of the answer choices are correct. A registration authority (RA) is an organization that is responsible for receiving and validating requests for digital certificates and public/private key pairs. The RA is authorized by the certificate authority (CA). It is also responsible for performing other certificate lifecycle management functions (certificate revocation). All the certificates that are requested, received, and revoked by both the certificate authority and registration authority are stored in an encrypted certificate database.
For effective data management, data classification should define which of the following items? A. Importance of the information asset B. Person responsible for approving the access rights and access levels C. Extent and depth of security controls D. All of the answer choices are correct.
D. All of the answer choices are correct. All of the answer choices are correct. Data classification is a key part of effective data management and should define the following: The importance of the information asset The information asset owner The process for granting access The person responsible for approving the access rights and access levels The extent and depth of security controls
Which of the following statements is TRUE about security awareness training and education programs? A. Security awareness training and education programs are an effective control to mitigate social engineering attacks. B. Security awareness training and education programs intend to alter user behavior. C. Security awareness training and education programs enhance awareness of the need to protect system resources. D. All of the answer choices are correct.
D. All of the answer choices are correct. All of the answer choices are correct. User behavior is a critical driver in implementing an effective security program in an organization. Altering users' existing behavior requires an organization to implement an environment where users are aware of and take responsibility for keeping a company's IT assets and data secure. The purpose of security awareness training and education programs is to enhance security by enhancing awareness of the need to protect system resources. Security awareness training is the most effective control in mitigating or reducing the impact of social engineering on organizations.
Which of the following is a disadvantage of virtualization? A. Snapshots B. Rootkits C. Misconfiguration of the hypervisor D. All of the answer choices are disadvantages of virtualization.
D. All of the answer choices are disadvantages of virtualization. Rootkits on the host may install themselves as a hypervisor below the operating system (OS), which would enable the interception of any operations of the guest OS (i.e., logging password entry) as the malware runs below the OS. Antivirus software may not detect this. Misconfiguration of the hypervisor splitting resources (central processing unit (CPU), memory, disk space, and storage) can result in unauthorized access to resources, and one guest operating system (OS) may inject malware into another. Snapshots are backups of virtual machines and provide a quick mechanism to recover from errors or incomplete updates; they contain sensitive data such as passwords and personal data. Snapshots contain the random‐access memory (RAM) contents when the snapshot was taken, and they may include sensitive information that was not stored on the drive.
Which of the following transmission error can be caused by the length of cable if UTP is more than 100 meters long? A. EMI B. Cross-Talk C. Sags, spikes, and surges D. Attenuation
D. Attenuation Attenuation is the weakening of signals during transmission. Exists in both wired and wireless. Length of wire impacts the severity of attenuation
Which of the following is an example of a boundary control? A. Gateway B. Bridge C. Modem D. Firewall
D. Firewall
Which of the following is the GREATEST concern to an IS auditor reviewing the firewall security architecture? A. SSL (Secure Socket Layer) has been implemented B. Firewall policies are updated on the basis of changing reqt. C. Inbound traffic is blocked unless traffic type and connection have been specifically permitted D. Firewall is placed on top of commercial operating system with all installation options
D. Firewall is placed on top of commercial operating system with all installation options A-C are good practices
What is the greatest risk of using sso? A. Admin inconvenience B. Increase in admin cost C. Increase in authentication time D. Greater impact of psswd leakage
D. Greater impact of psswd leakage
What is the best method to protect sensitive data inside the server is to? A. Create awareness on information security aspects B. Make security policies available to all users C. Establish a security committee D. Implement logical access controls
D. Implement logical access controls Logical access controls are the best preventative controls to ensure data integrity and confientiality
The best method to protect sensitive data inside the server is to: A. Create awareness on information security aspects. B. Make security policies available to all the users. C. Establish a security committee. D. Implement logical access controls.
D. Implement logical access controls. Logical access controls are the best preventive controls to ensure data integrity and confidentiality.
Which of the following is a major risk of shared user accounts? A. The frequent change of passwords. B. Unauthorized access to the system. C. The use of an easily guessable password. D. It is difficult to establish user accountability.
D. It is difficult to establish user accountability.
Which of the following is a major risk of electromagnetic emission from a computer room? A. It may damage the storage device. B. It may disrupt the processor functionality. C. It may impact the health of employees. D. It may be detected and displayed
D. It may be detected and displayed A major risk of electromagnetic emission is that it may be detected and displayed by the use of sophisticated devices and thus there is the possibilitiy of unauthorized data. Most electromagnetic emissions are of low frequency, so there is no impact on the health of the storage device or processor.
An auditor noted a weakness through which an intruder can update the server database containing a biographic template. Auditors should reccomend which of the controls A. before image/ after image B. Reduced sign on C. Multimodal biometrics D. Kerberos
D. Kerberos Is an authentication service used to validate services and users in distributed computing environment. (dce). In a client server enviornment, only users are authenticated, however in DCEs both users and servers authenticate themselve. At the initial logon time, the Kerberos third-party application is used to verify the identity of the client.
Which of the following controls work more in concert with audit trails? A. Physical access controls B. Environmental controls C. Management controls D. Logical access controls
D. Logical access controls By advising users that they are personally accountable for their actions, which are tracked by an audit trail that logs user activities, managers can help promote proper user behavior. Users are less likely to attempt to circumvent security policy if they know that their actions will be recorded in an audit log. Audit trails work in concert with logical access controls, which restrict use of system resources. Since logical access controls are enforced through software, audit trails are used to maintain an individual's accountability.
An org. has implemented 2 factor that involves a token and PIN. Which is important to be included in the security policy? A. Token not be taken out of workplace? B. Token should be seperate user laptop C. PIN should be random D. PIN should not be written anywhere
D. PIN should not be written anywhere
When implementing logical access security, which of the following complementary controls should be known only by the user? A. Access profiles B. User ID C. ID badge card D. Password
D. Password The correct answer is password. When effectively managed in a controlled environment, passwords can provide effective security. The security of a password system is dependent upon keeping passwords secret as well as following best practices in their use. The other options are incorrect. Access profiles and user IDs are pieces of information that may be known by those with a need to know, including system owners and auditors. An identification (ID) badge card is an example of a physical security control and is not complementary with the given logical security controls.
Which of the following use public-key (asymmetric) algorithms for data encryption? A. DES and SHA B. MD5 and ECC C. RSA and DES D. RSA and ECC
D. RSA and ECC R-River S-Shamir A-Adleman (RSA) is one of the oldest public-key and most popular cryptosystems to protect data transmission. E-Elliptic C-Curve C-Cryptography (ECC) is a faster alternative to RSA because it uses shorter keys and requires less computing power.
In which of the following attack, use of residual biometric information is done to gain unauthorized access: A. Mimic B. Brute-Force C. Cryptographic D. Replay
D. Replay (attack where use residual information gain unathorized access)
By examining the IP address, which of the following device can make intelligent decisions to direct the packet to its destination? A. Hub B. Layer 2 Switch C. Bridge D. Router
D. Router
Which of the following is the most intelligent device? A. Hub B. Layer-2 Switch C. Bridge D. Router
D. Router It is noted that the higher the layer at which the device operates, more intelligent the device will be. A. Hub (1) B. Layer 2 Switch (2) C. Bridge (2) D. Router (3) -highest
which of the following should be disable to increase security of wireless network against unauthorized access? A. MAC (Media Access Control) address filtering B. Encryption C. WPA-2 (Wi-Fi Protected Access Protocol) D. SSID (service set identifier) broadcasting
D. SSID (service set identifier) broadcasting The SSID makes your network visible to all. To prevent unauthorized access, the SSID would need to be disabled to prevent unauthroized access
Which of the following are the areas of most concern? A. The installation of an FM-200 gas fire extinguisher in a manned data center B. The installation of dry pipe sprinklers in an expensive data center facility C. The installation of wet pipe sprinklers in an expensive data center facility D. The installation of a carbon dioxide gas fire extinguisher in a manned data center
D. The installation of a carbon dioxide gas fire extinguisher in a manned data center
The primary consideration of an IS auditor when evaluating a fraudulent transaction is: A. to remain unbiased while evaluating the evidence B. the independence of the IS auditor C. to determine the source of the evidence D. To ensure that the integrity of the evidence is maintained.
D. To ensure that the integrity of the evidence is maintained.
Which of the following password selection procedures would be the most difficult to remember? A. Reverse or rearrange the characters in the user's birthday B. Reverse or rearrange the characters in the user's annual salary C. Reverse or rearrange the characters in the user's spouse's name D. Use randomly generated characters
D. Use randomly generated characters
A dry pipe fire extinguisher contains: A. FM-200 gas. B. Nitrogen. C. Water resides in the pipe with special water-tight sealants. D. Water, but it enters the pipe only when a fire has been detected.
D. Water, but it enters the pipe only when a fire has been detected.
VOIP system traffic can be eavesdropped if: A. only single-factor authentication is implemented B. VLAN is used for data transmission C. default password are used for the analog phone D. address resolution protocol is corrupted
D. address resolution protocol is corrupted Address resolution protocol is a communication protocol used to map IP and MAC addressed. It sends traffic to a port. Attackers may corrupt ARP by a technique known as ARP poisioning. A corrupted ARP then sends traffic to all ports instead of a designated port and the attacker can eavesdrop on traffic.
The org. can guarantee authenticity of the email to the recipient by: A. use of two-factor authentication B. encrypting all email communication C. installing an email antivirus scanner D. digitally signing all email communication
D. digitally signing all email communication
Which of the following is a measure to ascertain accuracy of a biometric system? A. response time B. registration time C. verification time D. false-acceptance time Note 3 main accuracy meaasures used for biometric solutions are 1. FAR (FALSE ACCEPTANCE RATE) 2. FRR (FALSE REJECTION RATE) 3. CRR/EER (Cross error rate) or Equal Error Rate)
D. false-acceptance time
Which of the following is a major risk of shared user accounts (single ID used by multiple users) ? A. Frequent change of passwords B. Unauthorized access to the systems C. The use of an easily guessable password D. It is difficult to establish user accountability
D. it is difficult to establish user accountability. A major risk of shared user accounts is that user accountability cannot be determined. Logs will caputre shared IDs individual employees or people cannot be traced.
Encryption of which of the following can be considered as efficient use of PKI: A. sender private key B. sender public key C. entire message D. symmetric session key
D. symmetric session key
In a public key infrastructure, role of a registration authority is to A. issue certificate to a subscriber B. manage certificate through life cycle C. maintain list of revoke certifcate D. validate info provided by subscriber requesting certificate
D. validate info provided by subscriber requesting certificate A-C are certificate authority role
Which of the following use private-key (secret-key) algorithms for data encryption (symmetric) encryption?
DES (Data Encryption Standard) DES is used in secret-key (symmetric) encryption and IDEA (International Data Encryption Algorithm) IDEA (International Data Encryption Algorithm) are examples of private-key (secret-key) algorithms that are based on the concept of a single, shared key.
Which layer connects to another device on the same network using a MAC address? -Bit stream is connected into data packets and sent to the network layer -Data packets (recieved from network layer) is converted into bit stream and sent to physical layer
Data Link layer Data Link layer connects to another device on the same network using a MAC address. Bit stream is connected into data packets and sent to the network layer -Data packets (recieved from network layer) is converted into bit stream and sent to physical layer -Frames consist of original data and control fields for sychronization, error detection and flow control
What attack aims at bringing down the VoIP infrastructure of the organizaton
Denial-of-service (DDoS)
What is the most robust configuration firewall rule?
Deny all traffic and allow specific traffic
Evidence used in legal proceedings provided has been preserved in original state. Evidence loses its integrity if chain of custody is not maintained
Digital evidence
What attack is known to attack multiple systems to flood the target system. The targeted networK is bombarded with packets from multiple locations
Distributed Denial-of-Service (DDoS)
What is more sophisticated compared to water-based sprinkler systems.
Dry Pipe
What systems reduce the likelihood of accidental water discharge because they discharge water only when needed.
Dry Pipe
WHAT sprinkling system, water is not present in the pipes and only flows when the system is activated?
Dry Pipe Sprinkling System
What technique for retrieving sensitive information from trash or garbage bin. a. dumpster diving b. DDOS (distribute denial of service) c. DOS (denial of service d. phishing
Dumpster Diving
What control refers to measures taken to protect systems, buildings, and related supporting infrasturcture against threats associate with their physical? -
Enviornmental
What is the best performance indicator?
False acceptance rate (Rate of acceptance of unauthorized people), biometric will allow unauthorized people access
What is the most secure transmission media
Fiber Optic
Functions of SMTP (Simple Mail Transfer Protocol) -Can transfer a message to more 1 request -can attach text, video, voice, or graphics in message -can transmit message on external network as well
Functions of SMTP (Simple Mail Transfer Protocol) -Can transfer a message to more 1 request -can attach text, video, voice, or graphics in message -can transmit message on external network as well`
computers that security administrators place as a trap for intruders. A honeynet is combination of two or more networked honeypots.
Honeypots
------- grants access based on the identity of the host originating the request, not the user making the request.
Host based authentication
What term is configured to both detect and prevent potential attacks on the IT environment and assets. Some IPSs are also designed to reconfigure other security mechanisms, e.g., a firewall. The IPS effectively limits damage to affected systems and must be appropriately configured to accept or deny network traffic correctly.
Intrusion prevention system (IPS)
Which attack does the following: the intruder tries to get a copy of the private key file and its associated passphrase. It is important to run the email program on a trusted machine, with keys exchanged in person.
Key Management Attack
---- is conducted to protect systems and data from intruders who access the systems without authority or with more than their assigned authority.
Keystroke Monitoring
What can help administrators assess and repair any damage intruders may cause; it does little to limit the intruders from gaining initial access to the system. It is more of a detective control and not a preventive control.
Keystroke Monitoring
What are examples of preventive controls as a part of physical security. Keys can be lost or stolen and therefore accountability is difficult to establish and control.
Lock-and-key systems and card key systems
What are examples of multiple points of failure
Multifactor authentication and multiple passwords -since the perpetrator will require more than one password or a combination of a password and a second piece of authentication (such as mobile-generated code or an answer to a secret question) before getting access to the network.
What is the function of the address resolution protocol?
Map IP and MAC addresses
What do digital signatures provide?
Message integrity
What is proxy -Middle man -sands bewteen internal and external -Will not allow direct communication between 2 networks -Proxy based firewall works at lower layer (session) referred to as circuit level proxy -Proxy based firewall work at higher layer (application) referred to as application level proxy
Middle man -sands bewteen internal and external -Will not allow direct communication between 2 networks -Proxy based firewall works at lower layer (session) referred to as circuit level proxy
Which of the following fakes the characteristics?
Mimic Mimic: In a mimic attack, the attacker attempts to fake the biometric characteristics similar to those of the enrolled user *such as imitating a voice)
Which layer has the responisibilities to insert information into packet header for proper addressing and routing. -Understands IP addresses are responsible for routing. -Provides confidentiality, authentication, and data integrity services
Network Layer The Network layer has the responisibilities to insert information into packet header for proper addressing and routing. -Understands IP addresses are responsible for routing. -Provides confidentiality, authentication, and data integrity services
What are an example of a detective control used by network management. As such, they do not show any accountability of the user. They watch the network traffic and develop trends.
Network Monitoring Tool
3 Factors of Authentication 1. something you now (Pin, Password) 2. something you have (token, smart card, One time password) 3. Something you are (fingerprint, biometrics, voice recognition)
Note / Examples: Password & Pin (Single factor- both somthing you know) Password & Token (Two factor- something you know and are) Iris scan & Access Card (Two Factor - something you are and something you have)
Note- Routers, Firewalls, and IDS protect the mail server (email server)
Note- Routers, Firewalls, and IDS protect the mail server (email server)
What type of firewall has the following characteristics? -simplest and earliest kind of firewalls -allow or deny action is done as per IP address and port number of source and destination of packets -network layer (3rd)
PACKET FILERINT FILTER FIREWALL
URL shortening services increase the risk of which attack.
Phishing attack
What control aims to protect IS processing facilities through physical mediums (locks, fences, CCTV)
Physical controls
What layer is concerned with electrical and physcial specifications for devices? -This layer provides hardware that transmits and recieves the bit. -This layer defines the cable, connector, cards, and physical aspects of hardware required for physical connection to the network
Physical layer Physical layer is concerned with electrical and physical specification. This layer provides hardware that transmits and recieves the bit (bit stream-recieved) -This layer defines the cable, connector, cards, and physical aspects of hardware required for physical connection to the network
Which attack does the following: an entire message is captured and played back later. To prevent playback attacks, the plaintext of each message should include some indication of the sender and recipient and a unique identifier (e.g., the date). The intruder could change the originator name in the email message.
Playback Attack
which layer converts data into presentable format that is acceptable by all? -Provides service such as encryption, text compression, and re-formatting.
Presentation is a layer that converts data into presentable format that is acceptable by all. -Provides service such as encryption, text compression, and re-formatting.
This term is called: -The right of an individual to self-determine the degree to which the individual is willing to share with others information about himself that may be compromised by unauthorized exchange of such information among other individuals or organizations. -b. The right of individuals and organizations to control the collection, storage, and dissemination of their information or information about themselves.
Privacy
What is the objective of a session border controller? -Protect session from malicious attacks, such as (DoS) Denial of Service or (DDoS). -Prevent toll fraud or premium rate fraud -Provide good quality
Protect session from malicious attacks, such as (DoS) Denial of Service or (DDoS). -Prevent toll fraud or premium rate fraud -Provide good quality
Which term offers failover to avoid single point of failure
Redundancy
What are residual biometric characteristics?
Replay (Biometric attack) Replay: A residual biometric characteristic (ex. fingerprints left on a biometric device) is used by an attacker to gain unauthorized access.
How does sages *decrease*, spikes and sages (increase) affect IT?
Result in data corruption in the server on the system.
Which is the most important benefit of SSO a. Easier admin password mgmt b. Avoid potential single point of failure issue c. Maintain SSO is easy not prone to human errors d. Protects network traffic
a. a. Easier admin password mgmt
Router characteristics -More intelligent version of switch -Operate in network layer -By examining IP address, router can make intelligent decisions to direct the packet to its destination -The network segments linked by a router, remain seperate and can function as independent networks -Router can block broadcast info, bloack traffic to unknown addresses, and filter traffic based on network or host information
Router characteristics -More intelligent version of switch -Operate in network layer -By examining IP address, router can make intelligent decisions to direct the packet to its destination -The network segments linked by a router, remain seperate and can function as independent networks -Router can block broadcast info, bloack traffic to unknown addresses, and filter traffic based on network or host information
What type of firewall has the following characteristics? -keeps track of destination of each packet that leaves the internal network. -ensures that incoming message is in response to the request that went out of the org. -network layer (3rd)
STATEFULL INSPECTION FIREWALL
What is a rapid decrease in volage level
Sag
An organization wants to enhance its incident response process. Which of the following is the MOST effective way to achieve this? Review and update the incident response playbook. Provide adequate training to the incident response team. Schedule incident response simulation drills. Hire external incident response specialists to review the program's alignment with best practices.
Schedule incident response simulation drills.
What is deployed to protect VoIP networks?
Session Border Controller.
Which layer is used to control connection that is established between systems? -Establishes, manages and terminates the connections between the application layer -It is like the telephone call in which first est. connection, exchange a message and then terminate the session.
Session is the control connection between systems Establishes, manages and terminates the connections between the application layer -It is like the telephone call in which first est. connection, exchange a message and then terminate the session.
What is an example of single point of failure
Single Sign ON
(type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents)
Spear Phishing
What is a rapid increase in votage level, can be prevented by properly placed protectured. Help protect against high voltage power burst.
Spikes and surges.
What is the most imporant consideration when reviewing system controls? -The alignment of security and performance requirements
The most important aspect when reviewing system controls is the consideration of the security and performance parameters. This helps to ensure that the control objectives are alsigned with the business objectives.
What is the basis for designing and developing logical access controls? a. The security policy Logical access controls are designed and developed on the basis of the approved information system security policy of the organization. The user requirements and industry practices should be considered when developing a security policy.
The security policy Logical access controls are designed and developed on the basis of the approved information system security policy of the organization. The user requirements and industry practices should be considered when developing a security policy.
What is the best way for social engineering attacks (phishing / spear phishing) to be addressed?
Through security awareness training of employees.
what is the objective of a uniform time (time synchronization through a common network) across all devices?
To support the incident investigation process if the timestamp is not the same on all devices, this will impact the process of investigating an incident. The audit trail may not be effective and reliable
what is toll fraud/premium fraud
Tol fraud or premium frad refers to a situation where intruder hacks the voip system and take over part of a voip phone
What term refers to a situation where an intruder hacks the VoIP system and uses it for their own calls
Toll Fraud/ Premium Rate fraud
Which layer is concerned with reliability of data transfer between 2 systems? -Ensures data reaches its destination -Layer also makes sure that packets on the recieving system are delivered in proper sequence -Uses connection - oriented sequence -Implementes a flow control mechanism that can detect congestion, reduce data transmission rates during congestion and increase transmission rates when the network appears to no longer be congested
Transport payer is concerned with reliability of data transfer between 2 systems. Ensures data reaches its destination -Layer also makes sure that packets on the recieving system are delivered in proper sequence -Uses connection - oriented sequence -Implementes a flow control mechanism that can detect congestion, reduce data transmission rates during congestion and increase transmission rates when the network appears to no longer be congested
Types of Firewalls 1. Packet Filtering Router 2. Statefull Inspection 3. Circuit-Level 4. Application-Level
Types of Firewalls 1. Packet Filtering Router 2. Statefull Inspection 3. Circuit-Level 4. Application-Level
What is the most secure and cost effective method for (Remote access)- VPN Virtual Private network
VPN
Which method is a cost effective solution for long distance costs and operated from IP infrastructure?
VoIP
What is the transmission of voice and other content over IP networks. Also known as IP telephony or internet telephony.
VoIP (Voice over Internet Protocol)
The fire suppression system is made up of what concepts:
Water based, Dry Pipe, Halon, FM-200, Argonite, and CO-2
What are the steps of digital signatures (hash values) messages? 1. Hash value (digital sign) uses an algorithm. 2. Hash encrypted using senders private key. 3. Reciever decrypts Hash by using the senders public key 4. Reciever creates hash value (dig. sign) using same algo. (step 1) 5. compares step 2 and 5 to make sure the private keys are same.
What are the steps of digital signatures (hash values) messages? 1. Hash value (digital sign) uses an algorithm. 2. Hash encrypted using senders private key. 3. Reciever decrypts Hash by using the senders public key 4. Reciever creates hash value (dig. sign) using same algo. (step 1) 5. compares step 2 and 5 to make sure the private keys are same.`
What is a computer system that sends and recieves email? -Mail Server (also known as Email server)
What is a computer system that sends and recieves email? -Mail Server (also known as Email server)
what method or attack is known to alter or modify without alternation. a. alternation attack b. dumpster diving c. DDOS (distributed denial of sservice) d. DDoS (denial of service)
a. alternation attack
Which of the following can be regarded as a risk for VoIP infrastructure? a. DDoS b. Social engineering c. Juice jacking d. premium rate fraud
a. DDoS significat risk on voip
Which of the following logical access controls is independent of physical access controls? a. Encryption controls b. Application system access controls c. Operating system access controls d. Utility programs
a. Encryption controls Most systems can be compromised if someone can physically access the CPU (central processing unit) machine or significant components, for example, by restarting the system with different software. Logical access controls are therefore dependent on physical access controls (except for encryption, which depends solely on the strength of the algorithm and the secrecy of the key).
Which is a major risk of SSO? a. Has a single authentication point b. represents only a single point of failure c. causes admin inconvenience d. causes user inconvenience
a. Has a single authentication point
what only monitors and records the intrusion activities? a. IDS b. IPS
a. IDS (intrusion detective system)
Which type of attack, internet traffic appears to originate from the internal IP of the organization? a. IP spoofing b. DDoS c. DoS
a. IP spoofing
what generates the most false positives (false alarms) as compared to any other IDS? a. statistical b. signature c. network d. host
a. Statistical based ids
the risk of phishing attacks can be addressed by a. educating users b. 2 factor authentication c. penetration testing d. IDS
a. educating users Educating users help address risk of visiting untrust links or websites
Which email attack/technique repeadedly sends an identical email to a particular address? a. email bombing b. email spamming c. email spoofing
a. email bombing email bombing- technique, abusers repeatedly send an identical email to a particular address
what IDS monitors a single computer? a. host based IDS b. signature IDS c. network IDS d. neural network
a. host based IDS Host based monitors a single computer
which of the following is a major concern in terms of dissemintating a detailed description of incident threats to users a. information can be used to launch an attack b loss of reputation c. high instances of security alerts d. threats can be ignored
a. information can be used to launch an attack
Which attack/technique invokes the operating system to execute a particular task, interrupting ongoing tasks? a. interrupt attack b. ddos c. dos
a. interrupt attack in this type of attack- the operating system is invoked to execute a particular task interrupting ongoing tasks
which technique/atttack is used in which the data is copied from a device attacked to a charging port (available at public places). a. juice jacking b. war dialing c. war driving
a. juice jacking
An org. is introducing SSO. In SSO unauthorized access: a. major impact b. mior impact c. not possible d. highly poss.
a. major impact
what is the best way to reduce the risk of shoulder surfing? a. mask password screen b. writing down password c. hiding password
a. mask password screen
Which type of attack/technique that captures messages and alters/deletes without authroization? a. message modification b. ddos c. logic bomb d. masquerading
a. message modification
Which type of attack/technique where the intruder creates a repository of information pertaining to a particular organization's internal network such as internal addresses, gateways, and firewalls? a. network analysis b. ip spoofing c. eavesdropping
a. network analysis
which is a function of a IDS (intrustion detection system) a. obtain evidence of a intrustion activity b. control access on basis of defined rule c. block access to websites for unauthorized users d. prevent access to servers for unauthorized user
a. obtain evidence of a intrustion activity b-d are firewall stuff
which is the most important aspect of security awareness training? a. organize traning frequent interval b. organize training on employee onboarding c. provide security policy all employees d. provide training related password complexity
a. organize traning frequent interval
Which type of attack/technique where the intruder captures the data packet as data moves along the vulnerable network? a. packet replay b. pharming c. email bombing d. war driving
a. packet replay
Which type of attack/technique involves the unauthorized modification of web application parameters with malicious intent? a. parameter tampering b. parameter sniffing c. pharming d. password sniffing
a. parameter tampering
Which type of risk is exposed due to a hidden file on a webpage? a. parameter tampering b. coherent c. audit d. inherent
a. parameter tampering
Which type of attack/technique involves a small program that listens to all traffic in the attached network(s), builds data streams out of TCP/IP packets, and extracts usernames and passwords? These passwords are then used to gain unauthroized access? a. password sniffing b. pharming c. ddos
a. password sniffing
Which type of attack/technique where the intruder redirects website traffic to a bogus website. This is done by exploiting vulnerabilities in DNS servers. a. pharming b. packet replay c. email bombing
a. pharming ex. wat32
Which type of attack/technique involves an intruder following an authorized person through a secure door to enter a restricted area without authorization? a. piggybacking (tailgating) b. pharming c. ddos
a. piggybacking (tailgating)
what are the 2 major causes of buffer overflow? a. poor programming/coding practices b. security policy/botnets c. botnets/phishing d. phishing/spear phishing
a. poor programming/coding practices
Which type of attack/technique involves high level system authority obtained by employees through some unauthorized methods exploiting security flaws? a. privilege escalation b. parameter sniffing c. pharming d. password sniffing
a. privilege escalation
which of the following types of attacks does an employee run a task scheduler w/o authorizatio to access restricted applications a. privilege escalation b. race condition c. social engineering d. buffer overflow
a. privilege escalation
Which type of attack/technique involves intruders exploiting a small windoes between time when services are used and the time when security controls are applied. The greater the time gap between time of use and time of service, the greater the chances of attack. a. race conditionn (time of use) b. parameter tampering c. pharming
a. race condition (time of us)
The component of an IDS that collects the data is: a. sensor b. analyzer c. user interface d. admin console
a. sensor 1. sensor- collects file 2. analyzer- analyze data and determine activity 3. user interface - enable user view results and take necessary action 4. admin console- manage IDS rule and functions
Which type of attack/technique involves an intruder or camera capturing sensitive information by overlooking the shoulder of the user. a. shoulder surfing
a. shoulder surfing
2 factor authentication is a combo of: a. smartcard and pin b. fingerprint and scan c. pin and passwd d. magnetic card and badge
a. smartcard and pin (have and know)
which of the following techniques is used to obtain passwords without tools or programs a. social engineering attack b. password sniffing c. back door d. man in the middle
a. social engineering attack an intruder attempts to obtain sensitive info from user through social and psychological skills- manipulation
what IDS determines normal (known or expected) behaviors of the system. Any activity falls outside the scope of normal behavior is flagged as intrusion? a. statistical b. signature c. network d. host
a. statistical
even for normal activity, which IDS will generate false alarms? a. statistical b. signature c. neural network d. host based
a. statistical statistical has a high false postive.
Which is regarded as a passive cyber attack? a. traffic analysis b. juice jacking c. denial of service d. IP spoofing
a. traffic analysis examples of passive attack: Traffic analysis/ network analysis/ eavesdroping
which type of attack / technique, has malicious software look legitimate software. Once installed in the system it starts taking control of the users system? a. trojan horse b. logic bomb c. trap door
a. trojan horse
Which type of attack/technique involves a type of malicious code that can self-replicate and spread from one computer to another. Can take control of a user's computer and delete or alter sensitive files. Also disrupte system functioning. a. virus b. worm
a. virus
which technique used to test wireless security?
a. war driving
What method or attack is are compromised computers, known as zombie computers. a. botnets b. buffer overflow/overrun c. phishing d. spear phishing
a.Botnets
What method or attack is primarily used to run malicious software for DDoS attacks, adware, or spam? a. botnets b. buffer overflow/overrun c. phishing d. spear phishing
a.Botnets
attempts of intrustion attacks and penetration threat to a network can be detected by which of the following by analyzing the behavior of the system? a. router b. IDS c. stateful inspection d. packet filter
b. IDS
what also prevents the intrustion activities? a. IDP b. IPS
b. IPS
The primary objective of an incident response plan is a. ensure approrpiate communication to mgmt b. reduce impact of system outages and incident on business c. facilitate public relation mgmt d. reduce cost of incident handlint
b. reduce impact of system outages and incident on business
An org. is considering implementing a biometric access control for one of its critical systems. Among below mentioned biometric which has the highest reliability and lowest FAR (False Acceptance Rate) a. Fingerprints b. Retina scan c. Face recognition d. Voice recognition
b. Retina scan In any given scenario, Retina scan has the highest reliability and lowest falce acceptance rate (FAR) among the current biometric methods.
Recommendations pertaining to the least privilege principle require that administrators should use: a. an administrative account. b. a regular account. c. an ad hoc account. d. a root account.
b. a regular account. Administrators should use a regular account as much as possible instead of logging in as administrator or root to perform routine activities such as reading mail. This access is based on the least privilege principle, which refers to the security objective of granting users only the access they need to perform their assigned duties. It is essential to ensure that the least privilege implementation does not interfere with having personnel substitute for each other without undue delay. Without careful planning, access control can interfere with contingency plans.
the most important aspect while recovering from an attack is a. activate a business continuity plan b. activate an incident response plan c. activate an alternate site d. hire expert investigators
b. activate an incident response plan
What method or attack is a common software coding mistake? a. botnets b. buffer overflow/overrun c. phishing d. spear phishing
b. buffer overflow/overrun
what method or attack causes the data to overflow into adjacent storage. Occurs when there is more data in a buffer than it can handle. Due to this, an attacker gets an opportunity to manipulate the coding errors for malicious actions. a. botnets b. buffer overflow/overrun c. phishing d. spear phishing
b. buffer overflow/overrun
what method or attack is known to alter data as it enters the computer? Mostly done by a data entry clerk or a computer virus. Data is altered before computer security is able to protect the data. a. dumpster diving b. data didding c. cryptographic code.
b. data didding
which of the following techniques is regarded as an inherent risk in data entry process for which no preventative control? a. shoulder surfing b. data diddling c. race condition d. dumpster diving
b. data diddling
Which email attack/technique sends unsolicited emals to thousands of users? a. email bombing b. email spamming c. email spoofing
b. email spamming email spamming- unsolicited emails are sent to thousands of users
an org. wants to detect attempts that the firewall is unable to recognize. a network IDS should be between: a. internet and firewall b. firewall and org. internal network c. internet and IDS d. IDS and internal network
b. firewall and org. internal network
Which attack/technique brings down the network with huge amounts of traffic. This causes the hosts memory buffer unable to handle huge volume of traffic. a. dos b. flooding c. phishing
b. flooding flooding is a type of DoS attack that brings down a network by flooding with huge amounts of traffic.
Which type of attack/technique is a program that is executed when a certain event happens? a. trojan horse b. logic bomb c. trap door
b. logic bomb A logic bomb- is a type of malicious code. executed when a certain event happend. Example, can be set to delete files or databases at a future date.
Which type of attack/technique, an intruder hides their original identify acting as someone else. This is done in order to access systems or data that is restricted. a. man in the middle b. masquerading c. phishing
b. masquerading
the use of hidden files on web pages to save certain info of client session can expose the risk of: a. race conditions b. parameter tampering c. flooding d. juice jacking
b. parameter tampering
Greatest assurance about E-mail authenticity (hash by sender private key) can be ensure using: a. prehash code using sender public key b. prehash code using sender private key c. prehash code using reciever public key d. prehash code using reciever private key
b. prehash code using sender private key
which will have the greatest impact on the collection and preservation of forensic evidence of an incident? a. isolating system from the network b. rebooting system c. taking images from original image d. copying memory content
b. rebooting system Rebooting the system could result in the loss or corruption of the evidence. a, c, and d if performed with care may not have a direct impact on evidence integrity
How do you address risk of dumpster diving? a. shredding b. security awareness training c. throwing away
b. security awareness training
what form of intrusion is identified on the basis of known type of attacks? Known patterns are stored in signatures? a. statistical b. signature c. network d. host
b. signature based ids
what is also known as "rule based IDS" a. statistical b. signature c. network d. host
b. signature based ids
With respect to the IT security baseline, the IS auditor should first ensure: a. Documentation b. sufficiency c audit and compliance d. process b. sufficiency- an IS auditor should first ensure the adequacy and sufficiency of the baseline to address security requirement of the organization. Other aspects can be determined once sufficency is evaluated.
b. sufficiency- an IS auditor should first ensure the adequacy and sufficiency of the baseline to address security requirement of the organization.
An IS auditor is reviewing install of IDS. Which is the greatest concern. a. number of non-alarming event identified as alarm (false positive) b. system not able to identify attacks c. automated tool used for analysis of reports d. traffic known source blocked by IDS
b. system not able to identify attacks
an is auditor is reviewing the incident mgmt process of an org. which is the primary concern a. end users are not trained in incident reporting processes b. the chain of custody is not followed for evidence integrity c. incident mgmt process is not reviewed every year d. post incident review is not conducted for each incident
b. the chain of custody is not followed for evidence integrity chain of custody refers to the process of identifying, preserving, analyzing, and presenting evidence to demonstrate reliability and integrity
Wireless infrastructure increases which of the following risks a. port scanning b. war driving c. war dialing d. backdoor
b. war driving
Which type of attack/technique involves destructive programs that can destroy sensitive data. But cannot replicate. a. virus b. worms c. pharming
b. worms
in which type of attack, computers are used as zombie to perform ddos, spam or other kind of attack
botnet
Which of the following sends numerous request to biometric devices?
brute force 2. Brute-Force: A brute force attack involves sending the numerous different biometric samples to a biometric device.
what is the primary risk due to poor programming and coding practices
buffer overflow
The most effective method to ensure that user can connect to the system is: a. Complex psswd requirement (can be compromised) b. SSO (increase risk of failure) c. 2 Factor d.IP resriction (IP address can be spooof)
c. 2 Factor
Which of the following PKI element control and manages digital certificate life cycle to ensure proper security exist in digital signature applications? a. Certification revocation list b. registration authority (RA) c. certificatio authrotiy (CA) d. certification practice statement
c. certification authrotiy (CA)
An IS auditor reviewing implementation of IDS should be concerned if; a. high instances of false alarms b. IDS placed between firewall and internal network c. IDS used to detect encrypt traffic d. Signature based IDS not ale to identify new threats
c. IDS used to detect encrypt traffic
which of the following is the most important factor for an IS auditor investigating an incident? a. incident reporting procedure b. data recovery procedure c. chain of custody for evidence d. reporting to external agencies
c. chain of custody for evidence chain of custody refers to the process of identifying, preserving, analyzing, and presenting evidence to demonstrate reliability and integrity
Which of the following attacks on cryptography or encryption?
crypotography Cryptographic: A cryptographic attack target the algorithm, or the encrypted data transmitted between biometric device and access control system.
to detect intrustion, best control would be a. control procedure for granting use access b. inactive system be automatically logged off after time limit c. actively monitor unsuccessful login attempts d. deactive the user ID after specified unsuccessful login attempts
c. actively monitor unsuccessful login attempts
which of the following is used for (ddos) distributed denial of service a. phishing techniques b. logic bombs c. botnets d. social engineering
c. botnets
what technique is used by in which tools are used to automatically scan a list of telephone numbers to determine the details of a computer, modem, and other machines? a. war driving b. data diddling c. war dialing
c. war dialing
which technique is used in which the intruder gathers information flowing through the network via unauthroized methods? a. war dialing b. war driving c. eavesdropping
c. eavesdropping
Which email attack/technique appears to originate from some other source and not the actual source. This is often an attempt to trick the user into disclosing sensitive information. a. email bombing b. email spamming c. email spoofing d. phishing
c. email spoofing
Which of the following process can be delegated by Certificate authority (CA)? a. issuance of digital certificate b. manage certificate through life cycle c. est. link between request entity and public key d. maintain list of revoke list
c. est. link between request entity and public key
which of the following is the most routine problems in implementation of intrustion detection system (ids) a. false rejection rate b. false acceptance rate c. false positive d. denial of service attack
c. false positive
a password sniffing attack can a. help an intruder act as another party b. help an intruder bypass physical security c. help an intruder gain unauthroized access d. help an intruder perform impersonation
c. help an intruder gain unauthroized access
a document that contains a plan to detect and recover from an attack is a. business continuity plan b. disaster recovery plan c. incident response plan d. an IT operating process
c. incident response plan
Write and edit access should always be prohibited for? A. Access Control lists B. Logging criteria C. Log files for suspected transactions D. Access control analyzers
c. log files for suspected transactions Log files should always be read only. Edit access should not be enabled for them. The integrity of the log file is very important to treat log files as an audit trail.
what IDS monitors a a specific/identified network? a. host based IDS b. signature IDS c. network based IDS d. statistical based IDS
c. network based IDS
the most effective way to reduce consequences of a social engineering attack is a. implement robust physical security b. implement robust logical security c. provide security awareness training d. prepare info security policy
c. provide security awareness training
To determine whether an org. has compiled with a privacy requirement, IS auditor should first: a. review the IT architecture b. review standard operating procedure for IT processes c. review legal and regulatory requirements d. review risk register
c. review legal and regulatory reqt.
the most effective ways to minimize impact of social engineering attack is a. install of firewall b. physical security c. security awareness training d. penetration testing
c. security awareness training
passwords entered in the computer screen should be masked to prevent- a. juice jacking b. tailgating c. shoulder surfing d. impersonation
c. shoulder surfing
in a public key, registration authoriy: a. issues certificate b. verify info supplied by subject request certificate c. signs certificate to achieve authentication and non-repudiation d. manages the certificate throughout its life cycle.
c. signs certificate to achieve authentication and non-repudiation a. issues certificate (certifying authority) b. verify info supplied by subject request certificate (owner of certificate) d. manages the certificate throughout its life cycle. (certify authority)
an attack in which internet traffic appears to originate from internal IP of the organization is known as: a. ddos b. parameter tampering c. spoofing d. port scanning
c. spoofing
the objective of synchronizing all computer clocks to a common network is a. remove duplicate transactions b. comply with audit reqt c. support incident investigation process d. have accurate timestamp messages
c. support incident investigation process if timestamp is not the same, audit trail is not as effective and unreliable.
which of the following techniques is used to gather info about encrypted data being transmitted over the network. a. ddos b. ip spoofing c. traffic analysis d. masquerading
c. traffic analysis
Which type of attack/technique is a program that is executed when malware is placed inside the application. Used to bypass normal security measures and gain unauthorized access? a. trojan horse b. logic bomb c. trap door (backdoor attack)
c. trap door (back door attack) Trap door is a type of malicious code. Placed in the application. Malware used bypass normal security measures and gain unauthorized access.
Which type of attack/technique, is a forged IP address to break a firewall? Can be regarded as masquerading of a machine? a. man in the middle b. ddos c. dos d. IP spoofing.
d. IP spoofing. IP spoofing is forging a IP address to break a firewall. regarded as asquerading of a machine
The most important factor in improving the incident response process is: a. walkthrough of the incident response plan at regular intervals b. train team members at regular intervals c. document all incidents d. stimulate the testing of the incident response plan at regular intervals
d. stimulate the testing of the incident response plan at regular intervals
what are examples of passive attacks a. traffic analysis b. network analysis c. eavesdropping d. all above
d. all above
What are types of malicious codes? a. trojan horse b. logic bomb c. trap door d. all of above
d. all of above
Effectiveness of awareness programs is indicated by a. users signed in and acknowledged policy b. number os users attending program c. inclusion security responsibility d. an improvement in reporting
d. an improvement in reporting
the most important criteria in determining the adequacy of an org. security program is a. fact that policy is available to all b. approriate level of funding initiatives c. awareness of sr. mgmt regarting protection of assets d. availability of job descriptions relation to info. security accountability
d. availability of job descriptions relation to info. security accountability inclusion of info security roles and responsibilites is important in demonstrating maturity of program. Ensures staff are aware of accountability.
the most important criteria ensuring evideence is admissible in court is: a. data is timestamped from reliable source b. data logged automatically c. data is encrypted d. data is verified for integrity
d. data is verified for integrity integrity is the most important criteria
the primary consideration of an is auditor when evaluation fraudulent transaction is a. remain unbiased b. independence of auditor c. determine source of evidence d. ensure integrity of evidence maintained
d. ensure integrity of evidence maintained digital evidence used in legal proceedsings. Evidence loses its integrity if the chain of custody has not maintained. A major obligation on the part of the auditor is to ensure that the integrity of the evidence is maintained.
The best universal means of user authentication is what the user: A. is. b. knows. c. has. d. has and knows.
d. has and knows. The correct answer is "has and knows." From a cost, convenience, and universal usage viewpoint, combining authentication techniques, such as mixing what the user has with what the user knows, is the best means of user authentication. An example is a bank's automated teller machine card used with a secret personal identification number (PIN).
most effective way to evaluate effectiveness of security awareness training is a. review security training calendar b. review job description c. ask security team d. interact with number of employees
d. interact with number of employees interaction and interviews will help and IS auditor evaluate the state of awareness of infor security requirements.
1 factor resulting in success of social engineering is; a. system error b. confidentiality c. technical expertise d. judgement error
d. judgement error Due to lack of judgement on the person, user provides critical info.
Which type of attack/technique, the attacker interferes while 2 devices are establishing a connection? a. trojan horse b. logic bomb c. dos d. man in the middle
d. man in the middle Attacker establishes connection between 2 devices and pretends to be each of them.
An org. installed a IDS which monitor general patterns of activity and creates the database. Which IDS (intrustion detect system) has this feature? a. packet filtering b. signature based c. statistical based d. neural network
d. neural network
what IDS / network is the most effective in detecting fraud? a. statistical b. signature c. network d. neural network
d. neural network
what ids / network is similar to statistical based ids with the ability of having added self-learning functionality? a. statistical b. signature c. network d. neural network
d. neural network
In PKI which is considered a weakness a. certificate authorities are centrally located, however customers are wide spread b. transactions are made by computer or mobile c. certificate authority has multiple data processing to manage certificates d. org. owner of the certificat authority
d. org. owner of the certificat authority (considered a conflict of interest, greater threat than A.)
in which of the following attacks is residual biometric information used to gain unauthroized access? a. brute force b. encrypted c. mimic d. replay
d. replay attacker makes use of residual biometric characteristics (fingerprint) to obtain access
an aditors first step when suspecting occurrent of an incident should be a. switch off the system b. do nothing and verify effectiveness of incident response team c. conduct a detailed investigation of incident d. report incident to mgmt.
d. report incident to mgmt.
The most important control in addressing the DoS attack on a VoIP system is: A. router B. IDS C. access control server D. session border control
d. session border controllers session border controllers 1. protect session from malicious attacks such as DoS, DDoS 2. Prevent toll fraud or premium rate fraud 3. Protect IP packets against malfunctioning encrypt signals
The most important factor in improving the incident response process is: a. walkthrough of the incident response plan at regular intervals b. train team members at regular intervals c. document all incident d. stimulate testing of the incident response plan at regular intervals
d. stimulate testing of the incident response plan at regular intervals
What technique involves an intrucder driving or walking around the building equipped with tools to identify unsecured networks? a. data diddling b. DDoS (distributed denial of service) c. DOS denial of service d. war driving
d. war driving
what method or attack is known for locating and getting access to wireless networks with the aid of specialized tools? a. data diddling b. DDoS (distributed denial of service) c. DOS denial of service d. war driving
d. war driving
what technique is used by auditors to identify unsecured networks and test the wireless security of an org.? a. data diddling b. DDoS (distributed denial of service) c. DOS denial of service d. war driving
d. war driving
Which of the following are TRUE (LAN) Local Area Network environments? a. Routers are used to connect network segments that use the same protocol. b. The risks associated with the use of local area networks (LANs) include granting users excessive access rather than on a need‐to‐know basis. c. The gateway, not the network operating system, is responsible for returning acknowledgments. d. The gateway is responsible for returning acknowledgments. e. all true
e. all are true
The main difference between a virus and a Trojan horse is that the
hidden code in a computer virus can only replicate by attaching a copy of itself to other programs and may also include an additional "payload" that triggers when specific conditions are met.
What are the objective of classification of info. assets? i. ensure integrity / confidentiality of data ii. establish appropriate access control guidelines iii. reduce costs of protecting assets
i. ensure integrity / confidentiality of data ii. establish appropriate access control guidelines iii. reduce costs of protecting assets
process of copying data bit for bit so as to avoid inflicting damage on the original data is known as -imaging
imaging
What is a major risk of shared user accounts? shared = no unique id
individua user accountability may not be established
which attack has capability to circumvent 2 factor authentication
man in middle
what is the best method to prevent reoccurrence of incident -root cause analysis. "why incident happened"
root cause analysis. "why incident happened"
what can you rely on if you only have SMTP (Simple Mail Transfer Protocol) -Digital Signature (a.k.a. integrity checks at transport level)
what can you rely on if you only have SMTP (Simple Mail Transfer Protocol) -Digital Signature (a.k.a. integrity checks at transport level)
What is a text-based protocol, similar to Session Initiation Protocol (SIP), and cannot prevent IP spoofing.
(HTTP) Hypertext Transfer Protocol
What are at a higher layer in the communication stack than IPsec, they cannot prevent IP spoofing.
(SSL) Secure Sockets Layer and (TLS) Transport Layer Security
What is a cryptographic system? A. A collection of software and hardware that can encrypt or decrypt information B. A type of anti-malware C. Hardware used in data encryption D. A prerequisite to data classification
A. A collection of software and hardware that can encrypt or decrypt information NOTE This process generally involves finding weaknesses in implementation, enabling an attacker to find the secret key or an equivalent algorithm for encryption and decryption that does not require knowing the secret key used.
Which of the following is a component in providing Integrated Services Digital Network (ISDN) services? A. An Internet service provider (ISP) B. A separate control channel C. A firewall D. A modem
B. A separate control channel ISDN is a set of integrated telecommunications services, available over public and private telecommunications networks. The services are defined over a digital point-to-point circuit-switched medium. ISDN establishes a dedicated circuit between two machines (e.g., computers or bridges). A key feature of ISDN is the use of a separate control channel for call setup and network management.
Which of the following can help in the prevention of spoofed Internet Protocol (IP) addresses? A. Secure Sockets Layer (SSL) B. Transport Layer Security (TLS) C. Hypertext Transfer Protocol (HTTP) D. Internet Protocol Security (IPsec)
D. Internet Protocol Security (IPsec) Since IPsec is at a lower layer in the communication stack than SSL or TLS, IPsec can help in the prevention of spoofed IP addresses. IPsec has the capability to completely encapsulate IP packets, including the source and destination addresses.
An employee is suspected of a crime, and his manager thinks there is supporting evidence on the employee's personal computer (hard disk). Before the IS auditor examines the hard disk, the IS auditor should: A. use software to do a keyword search of the disk to identify information of interest. B. copy the contents of the disk using the Windows "Copy" command, then use the copy for examination and keep the original for evidence. C. use the forensic software on the original disk because forensic software does not change the contents of the disk. D. make an image of the disk using specialized hardware or software, then use the imaged copy for examination and keep the original for evidence.
D. make an image of the disk using specialized hardware or software, then use the imaged copy for examination and keep the original for evidence. note- it is crucial to collect and gather evidence that does not modify the original evidence and preserve the chain of custody. When faced with a situation where evidence could be used in a criminal matter, it is best to retain the original disk.
is a set of integrated telecommunications services, available over public and private telecommunications networks.
ISDN
A fintech (financial technology) organization is planning to deploy a cloud-based application for processing employee payroll. Which of the following should be the MOST significant concern for an IS auditor? A. The cloud provider's data center is located in a different country. B. The contract does not require the cloud provider to provide its annual penetration testing results. C. Performance requirements are not specified in the service-level agreement (SLA). D. There is no right-to-audit clause in the contract.
A. The cloud provider's data center is located in a different country. NOTE- Data privacy regulations are different across different countries, and there may be regulatory and compliance issues due to different regulatory requirements.
Which of the following is a common attack against hashes? A. Man-in-the-middle attack B. Collision attack C. Denial of service D. Social engineering
B. Collision attack The correct answer is collision attack. Many hashing algorithms, including MD5 (Message Digest 5), are prone to a collision attack. This vulnerability allows bad actors to create different inputs that result in the same hash value. As a result, they can create two messages or executables such that their MD5 hash values are identical.
Incident response actions should be prioritized based on which of the following? A. Number of applications impacted B. Criticality of the impacted business process C. Number of staff impacted D. None of the answer choices are correct.
B. Criticality of the impacted business process note- Incident response teams have limited resources, and business processes deemed more critical to the business should be prioritized when responding to an incident.
Which of the following is an effective means of preventing and detecting computer viruses? A. Install an antivirus program on network servers B. Install an antivirus program on each personal computer C. Train all employees about potential risks D. Only company-certified portable storage devices should be used.
B. Install an antivirus program on each personal computer NOTE- Virus scanning programs are effective against viruses that have been reported, usually have additional features to protect the computer, and provide the best protection against viruses. Virus protection software does not provide 100% protection (for example, against new viruses or viruses written to attack a specific organization), so it is essential to also provide awareness training for employees. Why answers are incorrect: The answer choice "install an antivirus program on network servers" is incorrect. While installing an antivirus program on network servers is a good practice, employees' personal computers frequently connect directly to the network and can become infected with a virus. The server's antivirus program would not prevent this common method of infection. The answer choice "train all employees about potential risks" is incorrect. Trained employees alone cannot prevent or detect computer viruses. The answer choice "only company-certified portable storage devices should be used" is incorrect. Viruses are primarily downloaded through the internet nowadays and not only through portable storage media.
Which of the following activities cause most security vulnerabilities in web servers? A. Acquisition B. Maintenance C. Configuration D. Usage
C. Configuration note- The web server that an organization acquires is generic and must be customized during its configuration. Unnecessary software services and user accounts in the web server should be removed or redefined. The web server configuration scenarios should fit its established security policy.
A financial services company grants individual access cards to its employees to enter and exit the office facility. Which of the following is the MAJOR risk with this control? A. Unauthorized individuals may duplicate the access card and gain access to the facility. B. In case of a fire hazard, the evacuation process will be very slow as each employee needs to tap their card to exit the door. C. Unauthorized individuals may follow behind the employee and gain access to the facility. D. Employees may lose their access cards.
C. Unauthorized individuals may follow behind the employee and gain access to the facility. Note- Physical piggybacking is a significant problem when access cards are used to enter the building
In a local area network (LAN) environment, which of the following transmission media is the most used today? A. Coaxial cable B. Twisted-pair (shielded) cable C. Twisted-pair (unshielded) cable D. Fiber-optic cable
D. Fiber-optic cable NOTE- Optical fiber is more reliable, smaller, lightning fast, and lighter than the other media listed. It is not susceptible to electrical interference.
Which of the following is an example of a passive attack? A. Denying services to legitimate users B. Attempting to log into someone else's account C. Deploying a wiretap to generate false messages D. Observing a user while they type a password
D. Observing a user while they type a password Note- A passive attack is an attack in which the threat merely watches information move across the system. However, no attempt is made to introduce information in order to take advantage of and exploit a vulnerability. Observing a user while they type a password is an example of a passive attack.
Which of the following uses a secret key that is shared between the two communicating peers on a data network? A. Asymmetric encryption B. Hashing C. Digital envelope D. Symmetric encryption
D. Symmetric encryption
Authentication is a protection against fraudulent transactions. Which of the following is assumed by the authentication process? A. The size limit of messages being sent B. The authorization of the message originator C. The integrity of the message that is being transmitted D. The validity of the message originator
D. The validity of the message originator Authentication assures that the data received comes from the supposed origin. Authentication is a protection against fraudulent transactions by establishing the validity of messages being sent and the validity of the message originators.
Which of the following is the MOST effective detective control in discovering masquerading attacks? a. Report by the person who has been impersonated b. Security awareness training c. Analysis of audit logs d. Password violations
a. Report by the person who has been impersonated note- A masquerading attack is an attempt to gain access to a computer system or a physical facility by posing as an authorized user. The attacker pretends to be someone they are not to achieve unauthorized access to the facility or the system. The system informs the user about their last-time login information (date and time accessed) to alert the user if their account has been compromised.
Which of the following statements about virtualized deployment is FALSE? a. The hypervisor runs directly on the host OS. b. Containers include the application and its dependencies but share the kernel with other containers. c. The hosted virtualization usually has an additional layer of software running in the guest OS. d. All of the answer choices are true statements about virtualized deployment.
a. The hypervisor runs directly on the host OS. note- The hypervisor runs directly on the underlying hardware, without a host operating system (OS). This method is called bare metal.
Which of the following controls is best suited for a user to establish a secure intranet connection over the internet? a. Use virtual private network (VPN) software b. Install encrypted routers c. Install encrypted firewalls d. Implement password controls to the private web server
a. Use virtual private network (VPN) software
Which of the following is a major risk for using a wireless network? a. User authentication b. Complexity c. Responsiveness d. Technology
a. User authentication note- User authentication is crucial to ensure that unauthorized users cannot get access to sensitive information.
Which of the following MOST effectively discourages computer fraud? a. Willingness to prosecute b. Ostracizing whistleblowing c. Overlooking inefficiencies in the judicial system d. Accepting the lack of integrity in the system
a. Willingness to prosecute Staff will generally be deterred from committing fraud if they understand the consequences of committing fraud.
Nonrepudiation is achieved by using: a. digital signature. b. a message digest. c. SHA hashing. d. secret-key encryption.
a. digital signature. Note -A digital signature can be used to authenticate the sender (origin) of a message. For instance, imagine Jack has a document that needs to be digitally signed and sent to a third party. Jack has a private key that is only known to him. When Jack signs his document, a unique hash of the document is created and encrypted using Jack's private key. That encrypted hash is called a digital signature.
Which type of attack/technique involves a small amount of money being taken away? a. salami b. logic bomb c. virus
a. salami
A computer fraud occurred using an online accounts receivable database application system. Which of the following logs would be most useful in detecting which data files were accessed from which terminals? a. Access control security b. Telecommunications c. Application transaction d. Database
a. Access control security (detective control) note- Access logs show who accessed what data files, when, and from what terminal, including the nature of the security violation. Telecommunication logs list inbound and outbound communication records and are usually used to monitor and customer experience.
Which of the following comprises the information systems security triad? a. Availability, integrity, and confidentiality b. Reliability, maintainability, and auditability c. Accountability, assurance, and integrity d. Security, safety, and assurance
a. Availability, integrity, and confidentiality
Which of the following is the primary objective of an intrusion detection system (IDS)? a. Capture abnormal activity on the network b. Perform vulnerability scanning c. Rate system performance d. Resolve system failures
a. Capture abnormal activity on the network An IDS inspects audit logs and system events to detect abnormal activity indicating unauthorized access to the system.
Rank the following authentication mechanisms providing most to least protection against replay attacks. a. Challenge-response, one-time password, password and PIN, password only b. Challenge-response, password and PIN, one-time password, password only c. Password and PIN, challenge response, one-time password, password only d. Password only, password and PIN, challenge-response, one-time password
a. Challenge-response, one-time password, password and PIN, password only
Which of the following attacks involves making random data modifications during or before data entry into a system? a. Data diddling b. Eavesdropping c. Piggybacking d. Salami
a. Data diddling
Which of the following is the MOST significant concern with the use of intrusion detection systems (IDS)? a. False-positive incidents b. Obtaining knowledge of the IDS service provider's specific protocol c. Periodic update of signatures d. Preventing eligible traffic
a. False-positive incidents note -A significant issue with IDS is detecting events that do not pose any risk, i.e., that are not security incidents. Therefore, the security team needs to monitor IDS traffic carefully before triggering an alert for a potential incident.
Which of the following is the MOST relevant benchmark to evaluate the effectiveness of a computer security incident response team (CSIRT)? a. Financial impact per each incident b. Number of help desk calls attended c. Vulnerabilities reported and patched d. Number of incidents handled
a. Financial impact per each incident The CSIRT may not wholly prevent the incident; they should limit the cost of each incident through incident response procedures. Additional Information: - The CSIRT is not directly responsible for patching vulnerabilities. -The CSIRT is not primarily responsible for attending help desk calls. Help desk calls are attended by help desk operators or specialists who may escalate to CSIRT depending on the nature of the reported problem.
Which of the following network security tools is PRIMARILY used by the security team to enhance security in the IT environment? a. Honeypots b. Vulnerability scanner c. Intrusion prevention system d. Intrusion detection system
a. Honeypots Honeypots are computers that security administrators place as a trap for intruders. Hackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. The security team can use this knowledge to determine which areas of network require protection from such attacks.
Which of the following is the PRIMARY objective of the incident response plan? a. Minimize the incident impact on the organization. b. Help to inform customers at the earliest possible time in case of an incident. c. Ensure minimum costs are incurred during the incident. d. Inform relevant stakeholders regarding the incident on a timely basis.
a. Minimize the incident impact on the organization.
Which of the following is the MOST effective control in minimizing the impact of social engineering tactics? a. Enhanced physical security mechanisms b. Security awareness training c. Data loss prevention (DLP) d. Intrusion prevention systems (IPS)
b. Security awareness training
Which of the following is a component in providing Integrated Services Digital Network (ISDN) services? a. A modem b. A separate control channel c. A firewall d. An Internet service provider (ISP)
b. A separate control channel note -ISDN is a set of integrated telecommunications services, available over public and private telecommunications networks. The services are defined over a digital point-to-point circuit-switched medium. ISDN establishes a dedicated circuit between two machines (e.g., computers or bridges). A key feature of ISDN is the use of a separate control channel for call setup and network management.
Which of the following types of penetration testing is the MOST expensive? a. Internal testing b. Blind testing c. Targeted testing d. External testing
b. Blind testing note -the tester has very limited or no knowledge at all about the target system. Testing is usually expensive as the tester has to perform research on the target system based on publicly available information.
Which of the following describes a software as a service (SaaS) cloud-based service shared by a limited number of organizations? a. Public b. Community c. Hybrid d. Private
b. Community note- A community cloud provides a cloud computing solution to a limited number of organizations. This deployment model is a multi-tenant platform that enables multiple entities to work on the same platform.
Which of the following is true about installing a wireless local area network (LAN)? a. It provides greater security. b. It is low cost and takes less time to install. c. It requires high cost and takes more time to install. d. It creates obstacles in installing LAN cables.
b. It is low cost and takes less time to install. note -Wireless LANs have many advantages: flexibility, ease of installation, low cost, and less time to install. Each wireless LAN unit contains a radio transceiver, processor, and memory. Interference is possible even with wireless LANs.
Network security and integrity depend on which of the following controls? a. Data validation b. Logical access c. System backup d. Data editing
b. Logical access note- Logical access controls prevent unauthorized users from connecting to network nodes or gaining access to applications through computer terminals.
Which of the following correctly describes security standards? a. Govern how an organization's information assets are protected, managed, and monitored b. Mandatory requirements to implement technology and procedures across an organization c. Least level of security that every information system in the organization should meet d. Provide direction regarding which security mechanisms should be implemented
b. Mandatory requirements to implement technology and procedures across an organization note- Standards are tactical documents that describe mandatory requirements to implement technology and procedures across an organization. Standards help define steps or methods to achieve goals and provide overall direction as per security policies. The answer choice "govern how an organization's information assets are protected, managed, and monitored" is incorrect; this refers to guidelines. The answer choice "least level of security that every information system in the organization should meet" is incorrect; this refers to baseline. The answer choice "provide direction regarding which security mechanisms should be implemented" is incorrect; this refers to guidelines. Guidelines do not recommend a specific product or control; instead, they provide direction regarding which security mechanisms should be implemented.
Which of the following open system interconnection (OSI) layers provides confidentiality, authentication, and data integrity services? a. Physical b. Network c. Session d. Presentation
b. Network
Which of the following is a correct description of the public key infrastructure (PKI)? a. PKI is only comprised of hardware. b. PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). c. PKI facilitates encryption of data at rest. d. None of the answer choices are correct.
b. PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). note- This binding is established through the registration and issuance of certificates by a certificate authority (CA). Digital certificates are used to verify the identity of the machines and users. PKIs facilitate securing data in transit, provide authentication, and enable using services such as online banking, online shopping, and internet messaging with peace of mind. The other answer choices are incorrect. PKIs facilitate securing data in transit and not at rest. PKI is not only comprised of hardware; it is the set of hardware, software, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
Which of the security codes is generally the longest, thereby making it difficult to guess? a. Lockwords b. Passphrases c. Passwords d. Passcodes
b. Passphrases
Which of the following is an effective detective control against computer viruses? a. Encryption b. Periodic scanning c. System isolation d. Program change controls
b. Periodic scanning note- Computer scanning programs are an excellent way to detect viruses. Scanning software must be updated regularly to ensure newly reported viruses are included.
Which of the following benefits resulting from the use of secure gateways (also firewalls) is true? a. Prevents the spread of computer viruses b. Reduces risks from malicious hackers c. Prevents sending sensitive information outside the organization d. Increases internal system security overhead
b. Reduces risks from malicious hackers note- Secure gateways, often called firewalls, block or filter access between two networks, often between a private network and a larger, more public network such as the internet, which attract malicious hackers. Secure gateways allow internal users to connect to external networks and at the same time prevent malicious hackers from compromising the internal systems. Another benefit is the centralization of services. A secure gateway can be used to provide a central management point for various services, such as advanced authentication, email, or public dissemination of information. Having a central management point can reduce system overhead and improve service.
The business owner of a new application has requested that the different types of reports be viewed on a "need to know" basis. Which of the following access control methods would be the MOST effective to achieve this request? a. Single sign-on b. Role-based (RBAC) c. Rule-based d. Discretionary
b. Role-based (RBAC) (RBAC) restricts access according to job roles and responsibilities. RBAC would be the best method to view reports on a need-to-know basis for authorized users.
Which of the following is an example of single point of failure when accessing an application? a. Multifactor authentication b. Single sign-on c. Multiple passwords d. Redundancy
b. Single sign-on note- This is an example of single point of failure because if the sign-on system is compromised, the entire system is exposed to unauthorized parties. other notes- -Multifactor authentication and multiple passwords are examples of multiple points of failure since the perpetrator will require more than one password or a combination of a password and a second piece of authentication (such as mobile-generated code or an answer to a secret question) before getting access to the network. -Redundancy offers failover to avoid single point of failure.
What is the main drawback of the RSA algorithm? a. Key exchange is difficult. b. The complexity of the calculations involved and the time needed to complete them c. It is no longer supported by the creators of the algorithm. d. All of the answer choices are correct.
b. The complexity of the calculations involved and the time needed to complete them -As malicious actors get better at tools and techniques used to break the encryption, longer keys should be used to strengthen the algorithm. When the key length is increased, the computation becomes more complex and takes longer to complete.
When granting temporary access to a third party, which of the following is the MOST effective control? a. Administrator access is granted for a temporary period. b. User accounts are based on requested services and created with expiration dates. c. Once the services are delivered, user IDs are deleted. d. Third-party access commensurate to the service-level agreement
b. User accounts are based on requested services and created with expiration dates. note- Ensuring the granting of temporary access is based on services to be provided. An expiration date associated with each unique ID would be the most effective control.
The security team at a fintech (financial technology) organization is planning to conduct penetration testing in the next week. What is the MOST critical concern for the security team? a. Affected users must be notified immediately. b. Whether the target system can be restored to its original state c. Which teams will review the test results d. Whether the test will uncover all vulnerabilities in the target system
b. Whether the target system can be restored to its original state note- To perform a penetration test, the tester may make changes to system settings, e.g., creating test IDs, change in firewall rules, etc. The changes must be reversed to restore the system to its original state to ensure system operations and functionality are not impacted.
Electronic mail (e-mail) network systems are: a. centralized. b. decentralized. c. distributed. d. cooperative.
b. decentralized. note- An electronic message flows through the system, going from one machine to another. Eventually the message reaches the correct machine and is placed in the targeted person's electronic mailbox.
An access control policy for a bank teller is an example of the implementation being: a. user-directed. b. role-based. (RBAC) c. rule-based. d. identity-based.
b. role-based. (RBAC) note- With role-based access control (RBAC), access decisions are based on the roles that individual users have as part of an organization.
Which of the following is used to separate data traffic by routers? a. Secret key b. Secure hash c. Access control lists d. Label downgrade
c. Access control lists note- Access control lists (ACLs) are used to separate data traffic into that which it will route (permitted packets) and that which it will not route (denied packets). ACLs perform packet filtering to control the movement of packets through a network.
Tom, an IS auditor, is validating whether the organization complies with privacy regulations. What should Tom review first? a. The organization's privacy policy and guidelines b. Security awareness training and education program c. Applicable legal and regulatory requirements d. The IT asset inventory
c. Applicable legal and regulatory requirements
What must begin after a physical intrusion detection alarm is initiated and reported? a. Communication b. Deployment c. Assessment d. Interruption
c. Assessment note- Once a physical intrusion detection alarm is initiated and reported, assessment of the situation begins. One needs to know whether the alarm is valid or a nuisance alarm, as well as details about the cause of the alarm.
A pharmaceutical company is implementing a baseline of security controls in the organization and has identified some controls that are not applicable to the company's environment. What should be management's next step? a. Develop a new baseline according to the company's environment. b. Request assistance from the internal IS audit team to create a suitable baseline of security controls. c. Customize the baseline as per the company's needs. d. Implement all controls as per the baseline to achieve the best results.
c. Customize the baseline as per the company's needs.
Which of the following security techniques allows time for response by authorities? a. Deny b. Deter c. Delay d. Detect
c. Delay if a system perpetrator can be delayed longer while attacking a computer system, the perpetrator's origins and location can be traced by investigative authorities.
A bank website has been attacked, and hackers were able to obtain access to customer data. Which of the following actions should be taken FIRST? a. Inform the impacted customers to ensure compliance with the cybersecurity regulation. b. The server hosting the website should be powered off. c. Disconnect the web server from the company's network. d. Preserve the data for use in forensic investigations.
c. Disconnect the web server from the company's network. note- The server should be disconnected immediately to minimize the number of records that hackers can access. In addition, disconnecting the server will help to secure the evidence for further investigation and root cause analysis.
Which of the following is the MOST effective technique to ensure new security policies are understood and followed? a. E-mail communication from senior executives of each department b. Announcement from the CEO at the company's town hall c. Employee training sessions d. Communicate through the company's intranet
c. Employee training sessions Security awareness training ensures that new policies are communicated promptly and that employees are periodically reminded of existing policies through means such as monthly bulletins, an intranet website, and presentations to new employees.
Which of the following MOST accurately measures the effectiveness of physical access security control? a. False alarm rate b. User complaints c. False acceptance rate d. False rejection rate
c. False acceptance rate Note- The false acceptance rate measures the probability that a physical access security control will incorrectly accept an access attempt by an unauthorized person. Additional Notes (Not the answer) - User complaints would be a measure of effectiveness for customer service function, not physical entry control. - A false alarm rate is too general and determines whether an alarm is valid or a nuisance alarm; since it is not specific enough, it does not measure physical access security control effectiveness. - A false rejection rate is a percentage of instances whereby authorized personnel have been incorrectly rejected an entry. A false rejection rate would reflect the extent of inconvenience caused to authorized people trying to access the facility. It is not a measure of effectiveness for the physical access security control as it does not show how many unauthorized people gained access to the facility.
Which of the following is an example of a security standard? a. ISO 27001 b. NIST Cybersecurity Framework c. HIPAA d. All of the answer choices are correct.
c. HIPAA The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. regulation that includes data privacy and security provisions to protect sensitive healthcare data. The others are frameworks
Controlling access to the network is provided by which of the following pair of high-level system services? a. Access control lists and access privileges b. Certification and accreditation c. Identification and authentication d. Accreditation and assurance
c. Identification and authentication
Which of the following is the most popular network layer security control for protecting communications? a. Serial Line Internet Protocol (SLIP) b. Transport Layer Security (TLS) c. Internet Protocol Security (IPsec) d. Point-to-Point Protocol (PPP)
c. Internet Protocol Security (IPsec) IPsec has emerged as the most popular network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over IP networks.
Which of the following issues increases the complexity of network management? a. Multiple access b. Multiple protocols c. Multiple transmission media d. Multiple topologies
c. Multiple transmission media note- Increases in the number of transmission media increase the complexity of large distributed system network management. For example, each medium may require different protocols, equipment, and software, with additional expertise in a network administrator. An increased number of transmission media may complicate the standardization of management procedures across a large distributed system. Using different transmission media may result in different costs, system reliability, or performance.
What is the BEST control to prevent audit log deletion by unauthorized personnel in an organization? a. Track actions performed on log files in a separate log. b. Disable write access to audit logs. c. Only appropriate personnel should have privileges to view or delete audit logs. d. Perform periodic backups of audit logs.
c. Only appropriate personnel should have privileges to view or delete audit logs.
Which of the following is an example of an administrative measure to defend against computer damage? a. Audit trails b. Access controls c. Passwords d. Least privilege principle
c. Passwords
Which of the following is the weakest link in information security? a. Networks b. Hardware c. People d. Software
c. People
Gary is performing a forensic investigation following alleged computer fraud and has gathered some evidence. What is Gary's MOST significant concern regarding the evidence? a. Analyze the evidence b. Validate the evidence through inquiry with key witnesses c. Preserve the evidence d. Present the evidence to senior management
c. Preserve the evidence note- Evidence from the crime scene must be securely retained and preserved to present in a legal proceeding.
Samuel, an IS auditor, is assessing a third-party arrangement with a new cloud-based service provider. Which of the following considerations is the MOST important with regards to the privacy of the data stored in the cloud? a. Network and intrusion detection b. Data retention, backup, and recovery c. Return or destruction of information d. A patch management process
c. Return or destruction of information note- When reviewing a third-party agreement, the most important consideration about the privacy of the data is the clause concerning the return or secure destruction of information at the end of the contract. Additional notes -Data retention, backup, and recovery are essential controls; however, they do not guarantee data privacy. -Network and intrusion detection are helpful when securing the data, but on their own, they do not guarantee data privacy stored at a third-party provider. -A patch management process helps secure servers and may prohibit unauthorized disclosure of data; however, it does not affect the privacy of the data.
Which of the following is NOT an example of malicious code? a. Logic bomb b. Trapdoor c. Salami d. Trojan horse
c. Salami note- A salami is an attack technique that involves theft of small amounts of assets (primarily money) from several sources. For example, stealing a few cents from each customer account on many bank accounts might be unnoticed by customers. additional notes- A Trojan horse is a program placed in a system by a hacker or installed unknowingly by the user that conducts malicious actions while hiding or pretending to do something useful. A logic bomb goes off when a program being used normally arrives at a prespecified event (e.g., a financial calculation exceeds a specific dollar amount). A time bomb goes off at a prespecified time. A trapdoor allows a hacker to access a system through unusual ways, e.g., without entering a password. Hackers insert trapdoors to allow them entry into the system in the future. Sometimes system developers may leave debug trapdoors in software which hackers may exploit at a later date.
An organization wants to enhance its incident response process. Which of the following is the MOST effective way to achieve this? a. Provide adequate training to the incident response team. b. Hire external incident response specialists to review the program's alignment with best practices. c. Schedule incident response simulation drills. d. Review and update the incident response playbook.
c. Schedule incident response simulation drills. note- Training for the incident response team is essential, but simulation drills are the most effective in identifying and addressing program gaps. -While incident response programs must be aligned with best practices, simulation exercises will be more helpful in identifying and addressing program gaps.
Which of the following is NOT a drawback when using security guards at physical facilities? a. Security guards are usually considered an expensive physical access control. b. Security guards may not always be reliable. c. Security guards may not fully understand the scope of the operations at the facility. d. None of the answer choices are correct.
c. Security guards may not fully understand the scope of the operations at the facility. note- Security guards are usually not provided full knowledge of the scope of a facility's operations to minimize the likelihood that a security guard may disclose sensitive company information
Which of the following is NOT part of the TLS handshake? a. The server always checks and confirms the validity of the client certificate. b. The client requests a secure connection from the server and presents a list of supported cipher suites. c. The client always checks and confirms the validity of the server certificate. d. The server picks a cipher and hash function that it also supports from this list and notifies the client of the decision.
c. The client always checks and confirms the validity of the server certificate. note- Client certificate validation is an optional part of the Transport Layer Security (TLS) handshake and does not happen all the time.
Allen, an IS auditor, is reviewing the physical security and environment controls at a data center. Which of the following is the MOST significant concern for Allen? a. The backup power generator has not been tested in the last two years. b. A wire closet was broken, and a wire was hanging outside from the closet. c. The emergency exit door does not automatically unlock when the emergency alarm rings. d. There are no security guards outside the data center.
c. The emergency exit door does not automatically unlock when the emergency alarm rings. note- The most important asset to protect in case of an adverse event is human beings, and in case of emergency, all exit doors should unlock automatically to allow quick and safe departure of all employees.
Prevention of which of the following attacks is outside the scope of electronic mail security programs? a. Playback attacks b. Key management attacks c. Traffic analysis d. Cryptanalytic attacks
c. Traffic analysis To prevent traffic analysis, bogus traffic is injected into the real traffic, thus flooding the network channels. This increases the load on the network. However, the email security program cannot prevent or detect bogus traffic. Additional Notes -in a playback attack, an entire message is captured and played back later. To prevent playback attacks, the plaintext of each message should include some indication of the sender and recipient and a unique identifier (e.g., the date). The intruder could change the originator name in the email message. -In cryptanalytic attacks, the intruder tries to break into the algorithm to find out the private key. For example, breaking the data encryption standard algorithm would allow an intruder to read any given email message because the message itself is encrypted with a data encryption standard. -In key management attacks, the intruder tries to get a copy of the private key file and its associated passphrase. It is important to run the email program on a trusted machine, with keys exchanged in person.
Which of the following ISO/OSI layers provides access control services? a. Session b. Data link c. Transport d. Presentation
c. Transport NOTE- The transport layer ensures error-free, in-sequence exchange of data between endpoints. It is responsible for transmitting a message between one network user and another. It is the only layer listed in the question that provides access control services.
Which of the following is a control used to respond to the risk of power failure? a. Water sprinklers b. Fire or evacuation drills c. Uninterruptible power supply (UPS) d. Smoke/fire detectors
c. Uninterruptible power supply (UPS) note- A UPS system contains a battery or gas-powered generator that connects with the electricity entering the building/facility and the electrical power entering the IT hardware.
Which of the following standards is specifically related to the public key infrastructure? a. ISAO 27001 b. HIPAA c. X.509 d. PCI DSS
c. X.509 X.509, a standard defining the format of public key certificates. The X.509 certificates are used in many internet protocols, including TLS/SSL (Transport Layer Security/Secure Sockets Layer), which secures HTPP (Hypertext Transfer Protocol) and other transport protocols.
Local area network (LAN) security is threatened by: a. hub security. b. terminal servers. c. denial-of-service (DoS) attacks. d. authentication mechanisms.
c. denial-of-service (DoS) attacks. note- A denial-of-service attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e., employees, members, or account holders) of the service or resource they expected.
The greatest threat to any computer system is: a. hackers and crackers. b. untrained or negligent users. c. employees. d. vendors and contractors.
c. employees. Employees of all categories are the greatest threat to any computer system because they are trusted the most.They have access to the computer system, they know the physical layout of the area, and they could misuse the power and authority. Most trusted employees have an opportunity to perpetrate fraud if the controls in the system are weak.
Shoulder surfing can be prevented by: a. hashing passwords in storage. b. installing encryption techniques for password communication. c. promoting education and awareness. d. multifactor authentication.
c. promoting education and awareness. note- Shoulder surfing is an example of a social engineering attack which is used to acquire sensitive information such as passwords, personal identification numbers (PINs), and other confidential data by peeking over the victim's shoulder. The key concept in shoulder surfing is to make sure that no unintended party watches a user while the user is using devices or discussing confidential information. Security education and awareness can help mitigate the risk of shoulder surfing.
Which of the following statements about an intrusion prevention system (IPS) is TRUE? a. An IPS can determine which traffic to block from entering the internal network. b. An IPS can determine which traffic to allow into the internal network. c. IPS is both a preventive and detective tool. d. All of the answer choices are correct.
d. All of the answer choices are correct. Note -An IPS is placed in line with the traffic to ensure that all traffic navigates through the IPS. The IPS is programmed to decide which traffic to block and what traffic to allow into the network. This makes an IPS an effective tool in preventing malicious traffic from entering the network. -IPSs are configured to both detect and prevent potential attacks on the IT environment and assets before the traffic reaches the target systems.
Which of the following cryptographic security services for email and electronic messaging applications is provided by S/MIME? a. Data encryption b. Nonrepudiation c. Authentication and message integrity d. All of the answer choices are correct.
d. All of the answer choices are correct. note -S/MIME provides the following cryptographic security services for email and electronic messaging applications: *Authentication *Message integrity *Nonrepudiation of origin (using digital signatures) *Privacy *Data security (using encryption)
Which of the following is an advantage of a virtual local area network (LAN)? a. Users would have access to data residing on multiple systems. b. Network maintenance costs are lower. c. Equipment can be moved faster. d. All of the answer choices are correct.
d. All of the answer choices are correct. note- Network maintenance costs are lower, and equipment moves are done faster.
Which of the following is a disadvantage of virtualization? a. Snapshots b. Rootkits c. Misconfiguration of the hypervisor d. All of the answer choices are disadvantages of virtualization.
d. All of the answer choices are disadvantages of virtualization.
How is authorization different from authentication? a. Authorization is verifying the identity of a user. b. Authorization and authentication are the same. c. Authorization comes before authentication. d. Authorization comes after authentication.
d. Authorization comes after authentication. Note -users are granted access to a program (authorization) after they are fully authenticated.
The principle of least privilege refers to the security objective of granting users only those accesses they need to perform their job duties. Which of the following is a result of employees maintaining access rights for previously held positions? a. Users have little access to systems b. Users have significant access to systems c. Reauthorization when employees change positions d. Authorization creep
d. Authorization creep note- continue to have access from previously held positions
Logical access controls provide a technical means of controlling access to IT resources. Which of the following is a benefit of logical access controls? a. Speed b. Recovery c. Reliability d. Confidentiality
d. Confidentiality note- IT system-based access controls are called logical access controls. These controls can prescribe who or what is to have access to a specific system resource and the type of access that is permitted, usually in software. Logical access controls can help (1) protect operating systems and other systems software from unauthorized modification or manipulation (and thereby help ensure the system's integrity and availability), (2) protect the integrity and availability of information by restricting the number of users and processes with access, and (3) protect confidential information from being disclosed to unauthorized individuals.
Data diddling can be detected by which of the following? a. Access controls b. Program change controls c. Integrity checking d. Exception reports
d. Exception reports
Controls such as locked doors, intrusion alarm systems, and security guards address which of the following risks? a. Power failure b. Equipment failure c. Overheating d. Fraud or theft
d. Fraud or theft
Which of the following network security tools potentially blocks perpetrators from accessing a company's network? a. Security incident and event monitoring (SIEM) system b. Honeynet c. Intrusion detection system (IDS) d. Intrusion prevention system (IPS)
d. Intrusion prevention system (IPS) note- An IPS is configured to both detect and prevent potential attacks on the IT environment and assets. Some IPSs are also designed to reconfigure other security mechanisms, e.g., a firewall. The IPS effectively limits damage to affected systems and must be appropriately configured to accept or deny network traffic correctly.
Which of the following pairs of security objectives, rules, principles, and laws are greatly in conflict with each other, within the same pair? a. Transborder data flows and data privacy laws b. All-or-nothing access principle and the security perimeter rule c. File protection rules and access granularity principle d. Least privilege principle and employee empowerment
d. Least privilege principle and employee empowerment note- The least privilege principle is a security principle that requires each subject to be granted the most restrictive set of privileges needed to perform authorized tasks. Applying this principle limits the damage that can result from accidents, errors, or unauthorized use. This is in great conflict with employee empowerment, which gives employees the freedom to do a wide variety of tasks.
Which of the following controls work more in concert with audit trails? a. Physical access controls b. Environmental controls c. Management controls d. Logical access controls
d. Logical access controls
Controls to keep password-sniffing attacks from compromising computer systems include which of the following? a. Static and recurring passwords b. Encryption and recurring passwords c. Static and one-time passwords d. One-time passwords and encryption
d. One-time passwords and encryption Password-sniffing programs can monitor all traffic on areas of a network and collect the first 128 or more bytes of each network session. They extract login and password information.
Samantha, an IS auditor, has noted several observations in the physical and environmental security controls at an organization. Which of the following is the MOST significant concerns for Samantha? a. The receptionist is not always present at the front desk and visitors are not attended to during the absence. b. Physical access cards were not collected for 10 out of 20 sampled terminated users. c. A security camera at the entrance of the computer room was not operational during the tour of the data center. d. Physical access was not removed for 5 out of 20 sampled terminated users.
d. Physical access was not removed for 5 out of 20 sampled terminated users. note- A lack of termination of physical access privileges for terminated individuals may result in unauthorized access to the physical facility.
The most important element of intranet security is: a. authentication. b. filtering. c. encryption. d. monitoring.
d. monitoring. note- Vigilant monitoring of all network connections is required on a regular basis. Each time a new feature is added to a network, the security implications should be reviewed.
The logs vulnerable to eavesdropping on a web server are: a. agent logs. b. access logs. c. error logs. d. system logs.
d. system logs. System logs are vulnerable to traffic analysis, a form of eavesdropping. These log files contain information about each request made to the server. Attackers analyze these logs to find out the transactions performed, access codes used, and other information.
The protection of ----------------- from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
information and information systems