Intro to Cybersecurity

Janet identifying the set of privileges that should be assigned to a new employee in her organization. Which phrase of the access control process is she performing?

Authorization

What is NOT a goal of information security awareness programs?

Punish users who violate policy

TRUE or FALSE: Performing security testing includes vulnerability testing and penetration testing.

True

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

TRUE or FALSE: A remediation liaison makes sure all personnel are aware of and comply with an organizations' policies.

False

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection

Which of the following is NOT one of the four fundamental principles outline by the Internet Society that will drive the success of Internet of Things (IoT) innovation?

Secure

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

TRUE or FALSE: The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.

True

TRUE or False: During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.

True

Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?

Health Insurance Portability and Accountability Act (HIPAA)

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?

Health Monitoring

Which organization pursues standards for the Internet of Things(IoT) devices and is widely recognized as the authority for creating standards of the internet?

Internet Engineering Task Force

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?

Interoperability

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?

Payment Card Industry Data Security Standard (PCI DSS)

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is tp prevent fraud. Which principle is Karen enforcing.

Separation of duties

Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?

Software as a Service (SaaS)

TRUE or FALSE: Application service provides (ASPs) are software companies that build applications hosted in the cloud and on the internet.

True

TRUE or FALSE: Classification scope determines what data you should classify; the classification process determines how you handle classified data.

True

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Waterfall

Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries?

E-commerce

TRUE or FALSE: Configuration changes can be made at any time during a system life cycle and no process is required.

False

TRUE or FALSE: During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.

False

TRUE or FALSE: Mandatory vacations minimize risk by rotating employees among various systems or duties.

False

TRUE or FALSE: Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.

False

TRUE or FALSE: In e-business, secure web applications are one of the critical security controls that each organization must implement to reduce risk.

True

TRUE or FALSE: In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.

True