ITC 560 Test 2

Ace your homework & exams now with Quizwiz!

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

Captive portal

What type of firewall security feature limits the volume of traffic from individual hosts?

Flood Guard

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

Hub

What is a set of concepts and policies for managing IT infrastructure, development, and operations?

IT infrastructure library (ITIL)

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet his needs?

Mantraps

Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?

Prudent

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorizaiton

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?

VPN Concentrator

What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?

An organization should share its information

Which regulatory standard would NOT require audits of companies in the US?

Correct Personal Information Protection and Electronic Documents (PIPEDA)

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

443

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Application Proxying

When should an organization's managers have an opportunity to respond to the findings in the audit?

Managers should include their responses to the draft audit report in the final audit report

Barbara is investigating an attack against her network. She notices that the internet control message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?

Smurfing

Joe is responsible for security of the industrial control systems for a power plant. What type of environment does Joe administer?

Supervisory Control and Data Acquisition (SCADA)

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Virtual LAN (VLAN)

Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

Wi-Fi

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Baseline - Baselines provide basic configurations for specific types of computers or devices. Baselines are the benchmarks that help make sure a minimum level of security exists across multiple systems and across different products.

Forensics and incident response are examples of ___________ controls.

Corrective

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?

Fiber Channel over ethernet

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?

Phishing

Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking?

Project initiation and planning

Which data sources comes first in the order of volatility when conducting a forensic investigation?

RAM

What is the correct order of steps in the change control process?

Request, impact assessment, approval, build/test, implement, and monitor

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report Writing

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

Switch

What is NOT generally a section in an audit report?

System configurations

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

Vulnerability

What is NOT a good practice for developing strong professional ethics?

Assume that information should be free

Which of the following would NOT be considered in the scope of organizational compliance efforts?

Laws

Nancy performs a full backup of her server every Sunday at 1AM and differential backups on Mondays through Fridays at 1AM. Her server fails at 9AM Wed. How many backups does Nancy need to restore?

1

What is the maximum value for any octet in an IPv4 IP address?

255

Henry's last firewall rule must allow inbound access to a Windows Terminal server. What port must he allow?

3389

Which recovery site option provides readiness in minutes to hours?

Hot site

Which security testing activity uses tools that scan services running on systems?

Network Mapping

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Warm site

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Waterfall

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy (WEP)


Related study sets

AP 24 IF U KNOW THE ANSWER THE EDIT PASSWORD IS "HELP" PLS CHANGE THE WRONG ONES

View Set

"Tom Hanks | Biography, Movies, & Facts." Encyclopedia Britannica. N. p., 2018. Web. 13 Mar. 2018.

View Set

DECA Hospitality and Tourism Cluster Practice Exam

View Set