Intro to Cybersecurity
Janet identifying the set of privileges that should be assigned to a new employee in her organization. Which phrase of the access control process is she performing?
Authorization
What is NOT a goal of information security awareness programs?
Punish users who violate policy
TRUE or FALSE: Performing security testing includes vulnerability testing and penetration testing.
True
Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?
Black-box test
TRUE or FALSE: A remediation liaison makes sure all personnel are aware of and comply with an organizations' policies.
False
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
False positive error
In what type of attack does the attacker send unauthorized commands directly to a database?
SQL injection
Which of the following is NOT one of the four fundamental principles outline by the Internet Society that will drive the success of Internet of Things (IoT) innovation?
Secure
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Secure Sockets Layer (SSL)
Which intrusion detection system strategy relies upon pattern matching?
Signature detection
TRUE or FALSE: The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.
True
TRUE or False: During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
True
Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?
Health Insurance Portability and Accountability Act (HIPAA)
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?
Health Monitoring
Which organization pursues standards for the Internet of Things(IoT) devices and is widely recognized as the authority for creating standards of the internet?
Internet Engineering Task Force
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
Interoperability
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
Is the security control likely to become obsolete in the near future?
Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?
Payment Card Industry Data Security Standard (PCI DSS)
Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is tp prevent fraud. Which principle is Karen enforcing.
Separation of duties
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?
Software as a Service (SaaS)
TRUE or FALSE: Application service provides (ASPs) are software companies that build applications hosted in the cloud and on the internet.
True
TRUE or FALSE: Classification scope determines what data you should classify; the classification process determines how you handle classified data.
True
In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?
Waterfall
Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries?
E-commerce
TRUE or FALSE: Configuration changes can be made at any time during a system life cycle and no process is required.
False
TRUE or FALSE: During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.
False
TRUE or FALSE: Mandatory vacations minimize risk by rotating employees among various systems or duties.
False
TRUE or FALSE: Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.
False
TRUE or FALSE: In e-business, secure web applications are one of the critical security controls that each organization must implement to reduce risk.
True
TRUE or FALSE: In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.
True