ITC 560 Test 2
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
Captive portal
What type of firewall security feature limits the volume of traffic from individual hosts?
Flood Guard
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
Hub
What is a set of concepts and policies for managing IT infrastructure, development, and operations?
IT infrastructure library (ITIL)
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
Is the security control likely to become obsolete in the near future?
Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet his needs?
Mantraps
Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?
Prudent
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?
Authorizaiton
In an accreditation process, who has the authority to approve a system for implementation?
Authorizing official
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System integrity monitoring
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?
VPN Concentrator
What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?
An organization should share its information
Which regulatory standard would NOT require audits of companies in the US?
Correct Personal Information Protection and Electronic Documents (PIPEDA)
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
Audit
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
443
Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?
Application Proxying
When should an organization's managers have an opportunity to respond to the findings in the audit?
Managers should include their responses to the draft audit report in the final audit report
Barbara is investigating an attack against her network. She notices that the internet control message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?
Smurfing
Joe is responsible for security of the industrial control systems for a power plant. What type of environment does Joe administer?
Supervisory Control and Data Acquisition (SCADA)
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
Virtual LAN (VLAN)
Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?
Wi-Fi
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?
Baseline - Baselines provide basic configurations for specific types of computers or devices. Baselines are the benchmarks that help make sure a minimum level of security exists across multiple systems and across different products.
Forensics and incident response are examples of ___________ controls.
Corrective
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?
Fiber Channel over ethernet
Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?
Phishing
Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking?
Project initiation and planning
Which data sources comes first in the order of volatility when conducting a forensic investigation?
RAM
What is the correct order of steps in the change control process?
Request, impact assessment, approval, build/test, implement, and monitor
What term describes the risk that exists after an organization has performed all planned countermeasures and controls?
Residual risk
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Report Writing
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
Switch
What is NOT generally a section in an audit report?
System configurations
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?
Vulnerability
What is NOT a good practice for developing strong professional ethics?
Assume that information should be free
Which of the following would NOT be considered in the scope of organizational compliance efforts?
Laws
Nancy performs a full backup of her server every Sunday at 1AM and differential backups on Mondays through Fridays at 1AM. Her server fails at 9AM Wed. How many backups does Nancy need to restore?
1
What is the maximum value for any octet in an IPv4 IP address?
255
Henry's last firewall rule must allow inbound access to a Windows Terminal server. What port must he allow?
3389
Which recovery site option provides readiness in minutes to hours?
Hot site
Which security testing activity uses tools that scan services running on systems?
Network Mapping
Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?
Warm site
In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?
Waterfall
What wireless security technology contains significant flaws and should never be used?
Wired Equivalent Privacy (WEP)
