IFT 481 - Final Exam
True
A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.
False
A packet-filtering firewall remembers information about the status of a network communication.
True
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
False
A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
Polymorphic virus
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?
Threat
Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?
Smurf
Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?
corrective
Forensics and incident response are examples of __________ controls.
Integrity
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
Secure Sockets Layer (SSL)
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Integrity
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
True
The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the National Institute of Standards and Technology (NIST) guidelines.
True
The goal of a command injection is to execute commands on a host operating system.
True
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.
True
The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
True
The purpose of continuing education is to provide formal training courses that lead to a certificate or professional certification and NOT a degree.
Passive wiretap
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Encryption
Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect?
Request, impact assessment, approval, build/test, implement, monitor
What is the correct order of steps in the change control process?
Zero-day
What type of malware does NOT have an anti-malware solution and should be covered in security awareness training?
Internet Control Message Protocol (ICMP)
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?
Recovery time objective (RTO)
Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?
Acceptability
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?
IEEE 802.3
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?
Payment Card Industry Data Security Standard (PCI DSS)
Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?
$2,000,000
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?
Cross-site scripting (XSS)
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Opportunity cost
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Application and Session
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with?
Credit card information
Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?
Assume that information should be free
What is NOT a good practice for developing strong professional ethics?
Safety
What is NOT one of the three tenets of information security?
Don't spend more to protect an asset than it is worth.
What is a key principle of risk management programs?
IT Infrastructure Library (ITIL)
What is a set of concepts and policies for managing IT infrastructure, development, and operations?
Switch
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
Education
What type of security communication effort focuses on a common body of knowledge?
System integrity monitoring
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
Awareness
__________ is a continuous process designed to keep all personnel vigilant.
True
A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
False
A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
True
A common method for identifying what skills a security professional possesses is his or her level of certification.
True
A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.
True
A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.
Alice's private key
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
Confidentiality
Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?
Baseline
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?
Systems Security Certified Practitioner (SSCP)
Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC)2 certification. Which certification is most appropriate for his needs?
Qualitative
Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?
HIPAA
Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?
Alice's public key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Health Insurance Portability and Accountability Act (HIPAA)
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?
Password management
Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability Act (HIPAA). Which of the following topics must be included?
Address Resolution Protocol (ARP) poisoning
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Nmap
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?
Prudent
Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?
False
Configuration changes can be made at any time during a system life cycle and no process is required.
False
Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.
False
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).
True
Defense Information Systems Agency (DISA) is the agency arm of the U.S. Department of Defense that provides information technology and communications support to the White House, Secretary of Defense, and all military sectors that contribute to the defense of the United States of America.
True
DoD and NSA have adopted several training standards to serve as a pathway to satisfy Directive 8140. Although they are called standards, they are really training requirements for specific job responsibilities.
True
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
Authentication
During what phase of a remote access connection does the end user prove his or her claim of identity?
Authorization
During which phase of the access control process does the system answer the question,"What can the requestor access?"
Risk survey results
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?
Accountability
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
Security+
Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her?
Presentation
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?
True
In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.
False
In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
SQL injection
In what type of attack does the attacker send unauthorized commands directly to a database?
Session hijacking
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Is the security control likely to become obsolete in the near future?
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
Collaboration
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?
Software as a Service (SaaS)
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?
Separation of duties
Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?
20 percent
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor?
Application proxying
Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?
Which approach to cryptography provides the strongest theoretical protection?
Quantum cryptography
True
RSA is a global provider of security, risk, and compliance solutions for enterprise environments.
True
Security awareness training should remind employees to ensure confidentiality by not leaving any sensitive information or documents on their desks.
hands-on skills
Security training programs typically differ from security education programs in their focus on ______________.
True
Standards provide guidelines to ensure that products in today's computing environments work together.
Hub
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
True
The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).
True
The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE).
False
The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements.
False
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.
True
The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.
True
The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
False
The skills necessary to manage a technical environment are the same as the skills necessary to perform technical work.
Business continuity plan (BCP)
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
Separation of duties
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
False
User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity.
True
Using Mobile IP, users can move between segments on a local area network (LAN) and stay connected without interruption.
Virtual LAN (VLAN)
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
8140
What DoD directive requires that information security professionals in the government earn professional certifications?
Certified Information Systems Auditor (CISA)
What certification focuses on information systems audit, control, and security professionals?
National Institute of Standards and Technology (NIST)
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"
Screened subnet
What firewall approach is shown in the figure?
Dynamic Host Configuration Protocol (DHCP)
What protocol is responsible for assigning IP addresses to hosts on most networks?
800
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?
Maximum tolerable downtime (MTD)
What term describes the longest period of time that a business can survive without a particular critical system?
Whois
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Hash
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?
Remote Access Tool (RAT)
What type of malicious software allows an attacker to remotely control a compromised computer?
802.11
Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?
Interoperability
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
Applying security updates promptly
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?
Configuration control
Which activity manages the baseline settings for a system or device?
Memorandum of understanding (MOU)
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Checklist
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Crossover error rate (CER)
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
Warm site
Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?
Chosen plaintext
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?
Policy
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Risk = Threat X Vulnerability
Which formula is typically used to describe the components of information security risks?
Certification
Which information security objective allows trusted entities to endorse information?
Resumes of system administrators
Which item is an auditor least likely to review during a system controls audit?
Password protection
Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?
Intrusion prevention system (IPS)
Which network device is capable of blocking network connections that are identified as potentially malicious?
Attack
Which of the following is NOT a role described in DoD Directive 8140, which covers cyber security training?
Secure
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?
Physical characteristics may change.
Which one of the following is NOT an advantage of biometric systems?
Moving to a warm site
Which one of the following is an example of a reactive disaster recovery control?
Access control lists
Which one of the following is the best example of an authorization control?
Subjects cannot change objects that have a lower integrity level.
Which one of the following principles is NOT a component of the Biba integrity model?
Hot site
Which recovery site option provides readiness in minutes to hours?
Distributed denial of service (DDoS)
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?
Selecting multiple items from a list
Which scenario presents a unique challenge for developers of mobile applications?
Network mapping
Which security testing activity uses tools that scan for services running on systems?
Symmetric, stream, substitution
Which set of characteristics describes the Caesar cipher accurately?
Network
Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?
Threat
Which term describes any action that could damage an asset?
Protocol analyzer
Which tool can capture the packets transmitted between systems over a network?
Zero-day attack
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Fabrication
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Ownership
Which type of authentication includes smart cards?
Logic attack
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
System infector
Which type of virus targets computer hardware and software startup functions?
Home agent (HA)
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?