ISEC 5305 test 1

Ace your homework & exams now with Quizwiz!

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

? Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

443

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support the service?

80

Which password attack is typically used specifically against password files that contain cryptographic hashes?

Birthday attacks

Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?

Collaboration

Jody would like to find a solution that allows realtime document sharing and editing between teams. Which technology would best suit her needs?

Collaboration

In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?

Correspondent node

In Mobile IP, what term describes a device that would like to communicate with a mobile node(MN)?

Correspondent node (CN)

? Which network device is capable of blocking network connections that are identified as potentially malicious?

Demilitarized Zone (DMZ)

Which risk is most effectively mitigated by an upstream Internet Service Provider (ISP)?

Distributed Denial of Service (DDoS)

What is the first step in a disaster recovery effort?

Ensure that everyone is safe

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

Fabrication

?True or False: A VPN router is a security appliance that is used to filter IP packets

False

True or False: A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.

False

True or False: Denial of service (DoS) attacks are larger in scope than Distributed Denial of Service (DDoS) attacks

False

True or False: Store-and-Forward communications should be used when you need to talk to someone immediately.

False

True or False: You should use easy-to-remember personal information to create secure passwords

False

True or False: Cryptography is the process of transforming data from cleartext to ciphertext.

False (Encryption not Cryptography)

True or False: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

False: Apply first level and second level tokens and biometrics

True or False: Cryptography is the process of transforming data from cleartext into ciphertext

False: Encryption

True or False: A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False: Gap analysis

True or False: The anti-malware utility is one of the most popular backdoor tools in use today

False: Netcat

True or False: A phishing attack "poisons" a domain name on a domain name server.

False: Pharming

True or False: Vishing is a type of wireless network attack

False: Social Engineering attacks

True or False: User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity

False: Task-based

True or False: Bricks-and-mortar stores are completely obsolete now.

False: They have global reach

True or False: Voice patter biometrics are accurate for authentication because voices can't easily be replicated by computer software

False: easy to replicate

What compliance regulation applies specifically to the educational records maintained by schools about students?

Family Education Rights and Privacy Act (FERPA)

Which element of the security policy framework offers suggestions rather than mandatory actions?

Guideline

Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?

HIPPA

Which law governs the use of the IoT by healthcare providers, such as physicians and hospitals

HIPPA

Which act governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?

Health Insurance Portability and Accountability Act (HIPAA)

What do organizations expect to occur with the growth of the IoT?

Higher Risks

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

Integrity

Which organization pursues standards for the IoT devices and is widely recognized as the authority for creating standards of the Internet?

Internet Society

Which IoT challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?

Interoperability

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

Logic attack

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Policy

Which tool can capture the packets transmitted between systems over a network?

Protocol analyzer

Which formula is typically used to describe the components of information security?

Risk = Threat X Vulnerabilities

Earl is preparing a risk register for his organization's risk management program. Which data is LEAST likely to be included in a risk register?

Risk Survey results

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Rule-based access control

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Simulation Test

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?

Spim

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?

Standard

Which term describes an action that can damage or compromise an asset?

Threat

What type of malicious software masquerades as legitimate software to entice the user to run it?

Trojan Horse

? True or False: IoT devices cannot share and communicate you IoT device data to other systems and applications without your authorization or knowledge

True

?True or False: Networks, routers, and equipment require continuous monitoring and management to keep WAN service available

True

True or False: A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side of the wall

True

True or False: A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.

True

True or False: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

True or False: A trusted operating system (TOS) provides features that satisfy specific government requirements for security.

True

True or False: An IT security policy framework is like an outline that identifies where security controls should be used

True

True or False: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.

True

True or False: Authorization is the process of granting rights to use an organizations IT assets, systems, applications, and data to a specific user.

True

True or False: Bring your own device (BYOD) opens the door to considerable security risks

True

True or False: Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer.

True

True or False: Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it

True

True or False: Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones

True

True or False: E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls.

True

True or False: Each 4g device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.

True

True or False: Encrypting the data within databases and storage devices gives an added layer of security

True

True or False: Failing to prevent an attack all but invites an attack

True

True or False: Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.

True

True or False: IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations

True

True or False: Metadata of IoT devices can be sold to companies seeking demographic marketing data about users and their spending habits

True

True or False: One of the first industries to adopt and widely use mobile applications was the healthcare industry

True

True or False: Organizations should start defining their IT security policy framework by defining as asset classification policy

True

True or False: Rootkits are malicious software programs designed to be hidden from normal methods of detection

True

True or False: The Director of IT security is generally in charge of ensuring that the Workstation Domain conforms to Policy

True

True or False: The Government Information Security Reform Act of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

True or False: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services

True

True or False: The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

True or False: The system/application domain holds all the mission critical systems, applications, and data.

True

True or False: The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

True or False: The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

True or False: Using a secure logon and authentication process is one of the six steps to prevent malware.

True

True or False: When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks

True

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Typosquatting

Which of the following is an example of a hardware security control? a) Security Policy b) NTFS permission c) MAC filtering d) ID badge

d

Which of the following is an example of two-factor authentication? a) personal identification number (PIN) and password b) token and smart card c) password and security questions d) smart card and personal identification number (PIN)

d

Which of the following is NOT an area of critical infrastructure where the Internet of Things (IOT) is likely to spur economic development in less developed countries? a) Water Supply management b) Agriculture c) Wastewater Treatment d) E-commerce

d) e-commerce

True or False: A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet

false: e-commerce

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through it's online site. Which type of loss did the company experience as a result of lost sales?

opportunity cost


Related study sets

Chapter 3 - Open Responses + True/False

View Set

RN pharmacology online practice 2019 B

View Set

Real Estate Practice, Edition 9, Chapter 8 Quiz

View Set

Systematic Reviews and Meta-Analyses

View Set

Arkansas Insurance Exam for Life & Health: Policy Provisions, Riders, & Options

View Set