IT 2531-Systems Security Mid-term
vulnerability
A weakness that allows a threat to be realized or to have an effect on an asset
Risk
Likelihood that something bad will happen to asset.
A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
True
A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.
True
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
True
A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.
True
A trusted operating systems (TOS) provides features that satisfy specific government requirements for security.
True
Access control lists (ACLs) are used to permit and deny traffic in an IP router.
True
An bricks-and-mortar strategy includes marketing and selling goods and services on the Internet.
True
The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
True
The weakest link in the security of an IT infrastructure is the server.
True
Unified messaging allows you to download both voice and email messages to a smartphone or tablet.
True
When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.
True
Written security policies document management's goals and objectives.
True
Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.
False
The Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.
False
The anti-malware utility is one of the most popular backdoor tools in use today.
False
The auto industry has not yet implemented the Internet of Things (IoT).
False
The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.
False
The four central components of access control are users, resources, actions, and features.
False
The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.
False
The number of failed logon attempts that trigger an account action is called an audit logon event.
False
The term risk methodology refers to a list of identified risks that results from the risk-identification process.
False
Common methods used to identify a user to a system include username, smart card, and biometrics.
True
Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones.
True
E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls.
True
Fingerprints, palm prints, and retina scans are types of biometrics.
True
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
True
In e-business, secure web applications are one of the critical security controls that each organization must implement to reduce risk.
True
Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
True
World Wide Web
A system that defines how documents and resources are related across network machines
A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.
False
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
False
An attacker uses exploit software when wardialing.
False
Bricks-and-mortar stores are completely obsolete now.
False
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).
False
Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.
False
Most enterprises are well prepared for a disaster should one occur.
False
Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.
False
Passphrases are less secure than passwords.
False
Procedures do NOT reduce mistakes in a crisis.
False
Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.
False
Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications.
False
Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software.
False
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).
False
You should use easy-to-remember personal information to create secure passwords.
False
A VPN router is a security appliance that is used to filter IP packets.
False Virtual private network (VPN) is a method of encryptingIP packets from one end to another, as in atunnel.
Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks.
False. An SLA is a contract that guarantees a minimum monthly availability of service for wide area network (WAN) and Internet access links. SLAs accompany WAN services and dedicated Internet access links. Availability measures a monthly uptime service-level commitment.
Information Systems Security
The collection of activities that protect the information system and the data stored in it
A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
True
A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.
True
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.
True
Failing to prevent an attack all but invites an attack.
True
One advantage of using a security management firm for security monitoring and is that it has a high level of expertise.
True
Organizations should start defining their IT security policy framework by defining an asset classification policy.
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection.
True
Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance.
True
Social engineering is deceiving or using people to get around security controls.
True
Standards are used when an organization has selected a solution to fulfill a policy goal.
True
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.
True
The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
True
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
Threat
any action that can damage an asset.
