ItSY-1300 FInal
Henry wants to use an open-source forensic suite. Which of the following tools should he select
Autopsy
What type of malware connects to a command-and-control system, allowing attackers to manage, control, and update it remotely?
BOT
Which element of the SCAP (Security Content Automation Protocol) framework can be used to consistently describe vulnerabilities?
CVE
Edward Snowden was a government contractor who disclosed sensitive government documents to journalists to uncover what he believed were unethical activities. Which two of the following terms best describe Snowden's activities? Each correct answer represents a complete solution. Choose two
Insider Hacktivist
Which one of the following items is not normally included in a request for an exception to security policy?
Proposed revision to the security policy
A biometric factor is an example of what type of factor?
Something you are
Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm's customers. He expects that a compromise of that database would result in $500,000 of fines against his firm. Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer's personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year. What is the annualized rate of occurrence (ARO)?
0.05
Acme Widgets has 10 employees and they all need the ability to communicate with one another using the symmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?
10
Acme Widgets has 10 employees and they all need the ability to communicate with one another using the asymmetric encryption system. The system should allow any two employees to securely communicate without other employees eavesdropping. If an 11th employee is added to the organization, how many new keys must be added to the system?
2
What ISO standard provides guidance on privacy controls?
27701
The company that Hui works for has built a device based on an Arduino and wants to standardize its deployment across the entire organization. What type of device has Hui's organization deployed, and where should Hui place her focus on securing it?
A microcontroller, and on physical security
James notices that a macro virus has been detected on a workstation in his organization. What was the most likely path for the infection?
A user intentionally enabled macros for an infected file
How does technology diversity help ensure cybersecurity resilience? This task contains the radio buttons and checkboxes for options. Press the enter key to select the option. A It means that a misconfiguration will not impact the company's entire infrastructure. B All of these. C It ensures that a vulnerability in a single company's product will not impact the entire infrastructure. D If a single vendor goes out of business, the company does not need to replace its entire infrastructure.
All
Michelle wants to prevent unauthorized applications from being installed on a system. What type of tool can she use to allow only permitted applications to be installed?
Allow list application
Megan's organization uses the Diamond Model of Intrusion Analysis as part of their incident response process. A user in Megan's organization has discovered a compromised system. What core feature would help her determine how the compromise occurred?
Capability
Question 18 : Which of the following attacks occurs after a skimmer captures card information?
Cloning
Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance?
Code signing
Which one of the following statements is not true about compensating controls under the Payment Card Industry Data Security Standard (PCI DSS)?
Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of control needed to meet another requirement.
Helen's organization maintains medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helen's organization?
Data processor
Which of the following measures is not commonly used to assess threat intelligence?
Detail
Tonya is concerned about the risk that an attacker will attempt to gain access to her organization's database server. She is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement?
Deterrent
Tim is working on a change to a web application used by his organization to fix a known bug. What environment should he be working in? A Staging B Development C Test D Production
Development
Alex has been handed a flash media device that was quick-formatted and has been asked to recover the data. What data will remain on the drive?
Files will remain, but the file indexes will be gone.?
Gary identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?
Geographic dispersal
What compliance regulation most directly affects the operations of a healthcare provider?
HIPAA
Amanda wants to create a view of her buildings that shows Wi-Fi signal strength and coverage. What is this type of view called?
Heatmap
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?
IoC
Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats?
Nonrepudiation
Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information?
OPENID
Tina works for a hospital system and manages the system's patient records. What category of personal information best describes the information that is likely to be found in those records
PHI
Laura wants to deploy a WPA2 secured wireless for her small business, but she doesn't have a RADIUS server set up. If she wants her Wi-Fi to be encrypted, what is her best option for wireless authentication?
PSK
Which of the following technologies is the least effective means of preventing shared accounts?
Password complexity requirements
You notice a high number of SQL injection attacks against a web application run by your organization, so you install a web application firewall to block many of these attacks before they reach the server. How have you altered the severity of this risk?
Reduced the probability
Susan wants to ensure that the threat of a lost phone creating a data breach is minimized. What two technologies should she implement to do this?
Remote wipe and FDE
Grace recently completed a risk assessment of her organization's exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to manage this risk.Grace's first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?
Risk mitigation
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information
Rules of engagement
What tool is specifically designed to support incident responders by allowing unified, automated responses across an organization?
SOAR
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service?
SaaS
Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy to obtain if her attack will be successful?
Session Cookie
Tracy is concerned about attacks against the machine learning algorithm that her organization is using to assess its network. What step should she take to ensure that her baseline data is not tainted?
She should run the ML algorithm on the network only if she believes it is secure.
Which of the following employs social engineering techniques to attempt to get recipients to open the message or to click on links inside of it?
Spam
Tony is reviewing the status of his organization's defenses against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering?
Strategic
Chris has turned on logon auditing for a Windows system. Which log will show them?
The Windows Security log
Ryan is selecting a new security control to meet his organization's objectives. He would like to use it in their multicloud environment and would like to minimize the administrative work required from his fellow technologists. What approach would best meet his needs?
Third-party control
A caller reached a member of the IT support person at Carlos's company and told them that the chairman of the company's board was traveling and needed immediate access to his account but had been somehow locked out. They told the IT support person that if the board member did not have their password reset, the company could lose a major deal. If Carlos receives a report about this, which of the principles of social engineering should he categorize the attacker's efforts under?
Urgency
Greg wants to use a tool that can directly edit disks for forensic purposes. What commercial tool could he select from this list?
WINHEX
Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to have data stolen from it?
When the machine is off
Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting?
White-box test
Alyssa wants to use her Android phone to store and manage cryptographic certificates. What type of solution could she choose to do this using secure hardware?
microSD HSM (hardware security module)
Maddy wants to implement a camera system but is concerned about the amount of storage space that the video recordings will require. What technology can help with this?
motion recognition