IT 2531-Systems Security Mid-term

Ace your homework & exams now with Quizwiz!

vulnerability

A weakness that allows a threat to be realized or to have an effect on an asset

Risk

Likelihood that something bad will happen to asset.

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

True

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.

True

A trusted operating systems (TOS) provides features that satisfy specific government requirements for security.

True

Access control lists (ACLs) are used to permit and deny traffic in an IP router.

True

An bricks-and-mortar strategy includes marketing and selling goods and services on the Internet.

True

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

The weakest link in the security of an IT infrastructure is the server.

True

Unified messaging allows you to download both voice and email messages to a smartphone or tablet.

True

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.

True

Written security policies document management's goals and objectives.

True

Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.

False

The Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.

False

The anti-malware utility is one of the most popular backdoor tools in use today.

False

The auto industry has not yet implemented the Internet of Things (IoT).

False

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.

False

The four central components of access control are users, resources, actions, and features.

False

The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.

False

The number of failed logon attempts that trigger an account action is called an audit logon event.

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False

Common methods used to identify a user to a system include username, smart card, and biometrics.

True

Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones.

True

E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls.

True

Fingerprints, palm prints, and retina scans are types of biometrics.

True

Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.

True

In e-business, secure web applications are one of the critical security controls that each organization must implement to reduce risk.

True

Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.

True

World Wide Web

A system that defines how documents and resources are related across network machines

A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.

False

A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.

False

An attacker uses exploit software when wardialing.

False

Bricks-and-mortar stores are completely obsolete now.

False

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

False

Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.

False

Most enterprises are well prepared for a disaster should one occur.

False

Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.

False

Passphrases are less secure than passwords.

False

Procedures do NOT reduce mistakes in a crisis.

False

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

False

Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications.

False

Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software.

False

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).

False

You should use easy-to-remember personal information to create secure passwords.

False

A VPN router is a security appliance that is used to filter IP packets.

False Virtual private network (VPN) is a method of encryptingIP packets from one end to another, as in atunnel.

Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks.

False. An SLA is a contract that guarantees a minimum monthly availability of service for wide area network (WAN) and Internet access links. SLAs accompany WAN services and dedicated Internet access links. Availability measures a monthly uptime service-level commitment.

Information Systems Security

The collection of activities that protect the information system and the data stored in it

A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.

True

A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.

True

Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.

True

Failing to prevent an attack all but invites an attack.

True

One advantage of using a security management firm for security monitoring and is that it has a high level of expertise.

True

Organizations should start defining their IT security policy framework by defining an asset classification policy.

True

Rootkits are malicious software programs designed to be hidden from normal methods of detection.

True

Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance.

True

Social engineering is deceiving or using people to get around security controls.

True

Standards are used when an organization has selected a solution to fulfill a policy goal.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.

True

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

Threat

any action that can damage an asset.


Related study sets

Curriculum & Instruction: Primary Reading Final Exam

View Set

Investments 4360 Chapter 1 review

View Set

The Iroquois Creation Myth: "The World on Turtle's Back"

View Set

Declaration of Independence facts

View Set