PIRKO quiz 2 (CH 3 and 4)

Ace your homework & exams now with Quizwiz!

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).

False

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

80

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

Data Ownership

What is the first step in a disaster recovery effort?

Ensure that everyone is safe

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

Evil Twin

A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.

False

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

An attacker uses exploit software when wardialing.

False

DOS Attakcs are larger in scope than DDOS attacks

False

Most enterprises are well prepared for a disaster should one occur.

False

Using a secure logon and authentication process is one of the six steps used to prevent malware.

False

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

PCI DSS

Which tool can capture the packets transmitted between systems over a network?

Protocol Analyzer

What is NOT one of the three tenets of information security?

Safety

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.

True

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

A surge protector is an example of a preventative component of a disaster recovery plan (DRP).

True

An alteration threat violates information integrity.

True

Failing to prevent an attack all but invites an attack.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Typo squatting

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?

Urgency

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

Warm Site

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Zero-day attack

Which one of the following is the best example of an authorization control?

Access Control lists

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

False

Which one of the following is an example of a reactive disaster recovery control?

Moving to a warm site

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?

Passive Wiretap

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation Test

Which term describes an action that can damage or compromise an asset?

Threat

What type of malicious software masquerades as legitimate software to entice the user to run it?

Trojan Horse

Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

True

Rootkits are malicious software programs designed to be hidden from normal methods of detection.

True


Related study sets

Personal Finance LU3 (Chapters 4 and 5)

View Set

BAS 282: Public Relations: SmartBook

View Set

Short Sale Course California Real Estate

View Set

ATI Learning System 3.0 Pharm PN

View Set

5.4- solve higher-order polynomials equations and inequalities in one and two variables

View Set

Chapter 12 Terms and Quiz: Shock

View Set