Prepare for Exam 2

Ace your homework & exams now with Quizwiz!

A salt value is a set of random characters you can combine with an actual input key to create the encryption key.

*True* False

A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks.

*True* False

Digital signatures require asymmetric key cryptography.

*True* False

Integrity-checking tools use cryptographic methods to make sure nothing and no one has modified the software.

*True* False

The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE).

*True* False

The financial industry created the ANSI X9.17 standard to define key management procedures.

*True* False

What standard is NOT secure and should never be used on modern wireless networks?

*Wired Equivalent Privacy (WEP)* Wi-Fi Protected Access (WPA) Wi-Fi Protected Access version 2 (WPA2) 802.11ac

What file type is least likely to be impacted by a file infector virus?

.docx

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

2

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?

25

What is the maximum value for any octet in an IPv4 IP address?

255

What is NOT a valid encryption key length for use with the Blowfish algorithm?

32 bits 64 bits 256 bits *512 bits*

Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow?

3389

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

443

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

443 HTTP over SSL

Continuing professional education (CPE) credits typically represent ________ minutes of classroom time per CPE unit.

50

What is NOT a valid encryption key length for use with the Blowfish algorithm?

512 bits

How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam?

8

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?

800

Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?

802.11

________ refers to a program of study approved by the State Department of Education in the state that a school operates.

Accredited

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alice's public key *Alice's private key* Bob's public key Bob's private key

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Application proxying

What level of academic degree requires the shortest period of time to earn and does NOT require any other postsecondary degree as a prerequisite?

Associate's degree

Which set of characteristics describes the Caesar cipher accurately?

Asymmetric, block, substitution < wrong Asymmetric, stream, transposition Symmetric, stream, substitution Symmetric, block, transposition

Howard is leading a project to commission a new information system that will be used by a federal government agency. He is working with senior officials to document and accept the risk of operation prior to allowing use. What step of the risk management framework is Howard completing?

Authorize the IT system for processing

Howard is leading a project to commission a new information system that will be used by a federal government agency. He is working with senior officials to document and accept the risk of operation prior to allowing use. What step of the risk management framework is Howard completing?

Authorize the IT system for processing.

__________ is a continuous process designed to keep all personnel vigilant.

Awareness

What program, released in 2013, is an example of ransomware?

BitLocker

Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?

Bob's public key

Joe is the CEO of a company that handles medical billing for several regional hospital systems. How would Joe's company be classified under the Health Insurance Portability and Accountability Act (HIPAA)?

Business associate of a covered entity

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

Captive portal

Which information security objective allows trusted entities to endorse information?

Certification

Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard?

Certified Information Security Manager (CISM)

Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications?

Certified Information Security Manager (CISM)

Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals?

Certified Information Systems Security Professional (CISSP)

Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals?

Chief information security officer (CISO)

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Confidentiality *Integrity* Authentication Nonrepudiation

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?

Consumer

What is NOT one of the four main purposes of an attack?

Data import

Betty receives a ciphertext message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect?

Encryption

Which technology category would NOT likely be the subject of a standard published by the International Electrotechnical Commission (IEC)?

Encryption

What mathematical problem forms the basis of most modern cryptographic algorithms?

Factoring large primes Traveling salesman problem Quantum mechanics < wrong Birthday problem

A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.

False

A subnet mask is a partition of a network based on IP addresses.

False

Another name for a border firewall is a DMZ firewall.

False

IP addresses are eight-byte addresses that uniquely identify every device on the network.

False

Retro viruses counter the ability of antivirus programs to detect changes in infected files.

False

Which of the following is NOT an advantage to undertaking self-study of information security topics?

Fixed pace

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

Vincent recently went to work for a hospital system. He is reading about various regulations that apply to his new industry. What law applies specifically to health records?

Health Insurance Portability and Accountability Act (HIPAA)

Which recovery site option provides readiness in minutes to hours?

Hot site

Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?

IEEE 802.3

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

Incident

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

Mantraps

Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records?

Masking

Helen is an experienced information security professional who earned a four-year degree while a full-time student. She would like to continue her studies on a part-time basis. What is the next logical degree for Helen to earn?

Master's degree

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"

National Institute of Standards and Technology (NIST)

What federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries?

National Institute of Standards and Technology (NIST)

What government agency sponsors the National Centers of Academic Excellence (CAE) for the Cyber Operations Program?

National Security Agency (NSA)

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Nonrepudiation

Which one of the following statements best describe traditional economics theories?

Not all of the above

Which type of decision making is usually more likely to be controlled by the brain region neocortex, instead of amygdala?

Not instinctive

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?

Presentation

Which data source comes first in the order of volatility when conducting a forensic investigation?

RAM

What type of malicious software allows an attacker to remotely control a compromised computer?

Remote Access Tool (RAT)

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?

Request for comment (RFC)

What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4016?

Risk Analysts

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Rivest, Shamir, Adelman (RSA) Message digest algorithm (MD5) Blowfish *Diffie-Hellman*

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL Injection

What firewall approach is shown in the figure?

Screened subnet

Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her?

Security+

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

Supervisory Control and Data Acquisition (SCADA)

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

Switch

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution

Which of the following items would generally NOT be considered personally identifiable information (PII)?

Trade secret

A network protocol governs how networking equipment interacts to deliver data across the network.

True

A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources.

True

Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.

True

It is common for rootkits to modify parts of the operating system to conceal traces of their presence.

True

Network access control (NAC) works on wired and wireless networks.

True

TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.

True

The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).

True

The OSI Reference Model is a theoretical model of networking with interchangeable layers.

True

The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.

True

The goal of a command injection is to execute commands on a host operating system.

True

The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.

True

The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.

True

The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.

True

Unlike viruses, worms do NOT require a host program in order to survive and replicate.

True

A private key cipher is also called an asymmetric key cipher.

True *False*

Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

Wi-Fi

Gary is configuring a smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

Wi-Fi

What type of network connects systems over the largest geographic area?

Wide area network (WAN)

What standard is NOT secure and should never be used on modern wireless networks?

Wired Equivalent Privacy (WEP)

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy (WEP)

What is NOT a service commonly offered by unified threat management (UTM) devices?

Wireless network access

Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information?

World Wide Web Consortium (W3C)

Forensics and incident response are examples of __________ controls.

corrective

Security training programs typically differ from security education programs in their focus on ______________.

hands-on skills

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

*Alice's public key* Alice's private key Bob's public key Bob's private key

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

*Chosen plaintext* Ciphertext only Known plaintext Chosen ciphertext

What is NOT a symmetric encryption algorithm?

*Rivest-Shamir-Adelman (RSA)* Data Encryption Standard (DES) International Data Encryption Algorithm (IDEA) Carlisle Adams Stafford Tavares (CAST

A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.

*True* False

What ISO security standard can help guide the creation of an organization's security policy?

27002

Jane is a manager at a federal government agency and recently hired a new employee, Mark, who will work with sensitive information. How much time does Jane have from Mark's hire date to get him security training?

60 days

What DoD directive requires that information security professionals in the government earn professional certifications?

8140

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alice's private key

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Alice's public key

Which organization created a standard version of the widely used C programming language in 1989?

American National Standards Institute (ANSI)

Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees?

Annually

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with?

Application and Session

Which of the following is NOT a role described in DoD Directive 8140, which covers cybersecurity training?

Attack

Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices?

CCSA

What is NOT an effective key distribution method for plaintext encryption keys?

CD

Rod has been a Certified Information Systems Security Professional (CISSP) for 10 years. He would like to earn an advanced certification that demonstrates his ability in information security architecture. Which of the following CISSP concentrations would meet Rod's needs?

CISSP-ISSAP

Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?

Certificate revocation list (CRL) < wrong International Data Encryption Algorithm (IDEA) < wrong Transport Layer Security (TLS) Online Certificate Status Protocol (OCSP)

What certification focuses on information systems audit, control, and security professionals?

Certified Information Systems Auditor (CISA)

Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?

Certified Secure Software Lifecycle Professional (CSSLP)

Which of the following circumstances would NOT trigger mandatory security training for a federal agency under Office of Personnel Management (OPM) guidelines?

Change of senior leadership

Which of the following Cisco certifications demonstrates the most advanced level of security knowledge?

Cisco Certified Internetwork Expert (CCIE) Security

Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

Bobbi recently discovered that an email program used within her health care practice was sending sensitive medical information to patients without using encryption. She immediately corrected the problem because it violated the company's security policy and standard rules. What level of the Health Insurance Portability and Accountability Act (HIPAA) violation likely took place?

Tier A

Which type of cipher works by rearranging the characters in a message?

Transposition

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan Horse

A computer virus is an executable program that attaches to, or infects, other executable programs.

True

A wireless access point (WAP) is the connection between a wired and wireless network.

True

ActiveX is used by developers to create active content

True

Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.

True

Backdoor programs are typically more dangerous than computer viruses.

True

Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.

True

The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.

True

How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations?

Two

What is NOT a typical sign of virus activity on a system?

Unexpected power failures

What is the only unbreakable cipher when it is used properly?

Vernam

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Virtual LAN (VLAN)

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

Vulnerability

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Warm site

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?

Whitelisting

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

What type of malware does NOT have an anti-malware solution and should be covered in security awareness training?

Zero-day

What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012?

a) Senior System Manager

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

disaster

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

What a key principle of risk management programs?

Don't spend more to protect an asset than it is worth.

What protocol is responsible for assigning IP addresses to hosts on most networks?

Dynamic Host Configuration Protocol (DHCP)

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Encryption Hashing *Decryption* Validation

Which organization creates information security standards that specifically apply within the European Union?

European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)

What mathematical problem forms the basis of most modern cryptographic algorithms?

Factoring large primes

Spyware does NOT use cookies.

False

A packet-filtering firewall remembers information about the status of a network communication.

Falsle

What entity is responsible for overseeing compliance with Family Educational Rights and Privacy Act (FERPA)?

Family Policy Compliance Office (FPCO)

What is NOT a common motivation for attackers?

Fear

Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system? Federal Information Security Management Act

Federal Information Security Management Act (FISMA)

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?

Fibre Channel over Ethernet (FCoE)

What type of firewall security feature limits the volume of traffic from individual hosts?

Flood guard

What certification organization began as an offshoot of the SANS Institute training programs?

Global Information Assurance Certification (GIAC)

Which unit of measure represents frequency and is expressed as the number of cycles per second?

Hertz

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Honeypot

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

Hub

What organization offers a variety of security certifications that are focused on the requirements of auditors?

ISACA

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

Which organization promotes technology issues as an agency of the United Nations?

International Telecommunication Union (ITU)

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?

Internet Control Message Protocol (ICMP)

Which of the following graduate degree programs focuses on managing the process of securing information systems, rather than the technical aspects of information security?

MBA

Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?

Network

Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?

Online Certificate Status Protocol (OCSP)

What is NOT an effective key distribution method for plaintext encryption keys?

Paper *Unencrypted email* CD Smart card

Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability Act (HIPAA). Which of the following topics must be included?

Password management

A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment?

Personally owned devices

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic virus

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Which of the following programs requires passing a standardized examination that is based upon a job-task analysis?

Professional certification

Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process?

Proposed Standard (PS)

What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act?

Publicly traded companies

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

Qualitative

Which approach to cryptography provides the strongest theoretical protection?

Quantum cryptography

Which approach to cryptography provides the strongest theoretical protection?

Quantum cryptography Asymmetric cryptography < wrong Elliptic curve cryptography Classic cryptography

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

Reduce

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances?

Required

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances? Required

Required

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Which of the following is NOT one of the rights afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)?

Right to delete unwanted information from records

What is NOT a symmetric encryption algorithm?

Rivest-Shamir-Adelman (RSA)

What is the only unbreakable cipher when it is used properly?

Rivest-Shamir-Adelman (RSA) *Vernam* Elliptic Curve Diffie-Hellman in Ephemeral mode (ECDHE) Blowfish

Taylor is preparing to submit her company's Payment Card Industry Data Security Standard (PCI DSS) self-assessment questionnaire. The company uses a payment application that is connected to the Internet but does not conduct e-commerce. What self-assessment questionnaire (SAQ) should she use?

SAQ C

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

Which of the following study options provides little to no opportunity for feedback?

Self-study programs

What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012?

Senior System Manager

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking

Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?

Smurf

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?

Spear phishing

What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)?

Subject matter expertise on routing and switching

What is NOT a typical sign of virus activity on a system?

Sudden sluggishness of applications

Which type of virus targets computer hardware and software startup functions?

System Infectors

Which type of virus targets computer hardware and software startup functions?

System infector

Which element is NOT a core component of the ISO 27002 standard?

Cryptography

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y?

Customer

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

What program, released in 2013, is an example of ransomware?

Crypt0L0cker

Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?

Credit card information

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Elliptic curve Decryption Encryption *Hash*

What type of security communication effort focuses on a common body of knowledge?

Education

In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.

*True* False

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

A worm is a self-contained program that has to trick users into running it.

False

Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

False

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.

False

Taylor is a security professional working for a retail organization. She is hiring a firm to conduct the Payment Card Industry Data Security Standard (PCI DSS) required quarterly vulnerability scans. What credential should she seek in a vendor?

Approved scanning vendor (ASV)

Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact?

International Council of E-Commerce Consultants (EC-Council)

When you are designing some small, non-intrusive features in the environment that would still attract people's attention and in doing so impact their behavior, you are creating _______

Nudget

A firewall is a basic network security defense tool.

True

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?

VPN concentrator

Which information security objective allows trusted entities to endorse information?

Validation <wrong Authorization Certification Witnessing

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor?

20 percent

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Confidentiality Integrity Authentication < wrong Nonrepudiation

Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC)2 certification. Which certification is most appropriate for his needs?

Systems Security Certified Practitioner (SSCP)

What is the highest level of academic degree that may be earned in the field of information security?

Doctor of philosophy (PhD)

A border router can provide enhanced features to internal networks and help keep subnet traffic separate.

False

Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.

False

System infectors are viruses that attack document files containing embedded macro programming capabilities.

False

The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.

False

Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols.

False

Which of the following agencies is NOT involved in the Gramm-Leach-Bliley Act (GLBA) oversight process?

Federal Communications Commission (FCC)

Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system?

Federal Information Security Management Act (FISMA)

How many years of post-secondary education are typically required to earn a bachelor's degree in a non-accelerated program?

Four

Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities?

GIAC Certified Forensic Examiner (GCFE)

Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve?

Integrity

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?

International Organization for Standardization (ISO)

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan horse

An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage.

True

Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer.

True

Cryptographic key distribution is typically done by phone.

True *False*

The term certificate authority (CA) refers to a trusted repository of all public keys.

True *False*

You must always use the same algorithm to encrypt information and decrypt the same information.

True *False*

In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.

True *False* it's *Ciphertext-only attack (COA)*

Product cipher is an encryption algorithm that has no corresponding decryption algorithm.

True *False* it's *One-way algorithm*

Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors?

Children's Internet Protection Act (CIPA)

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

Chosen plaintext

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?

$2,000,000

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?

$20,000


Related study sets

Exam 2--Ch 44: Digestive and Gastrointestinal Treatment Modalities

View Set

Price Elasticity of Demand (PED)

View Set

ch. 16 blood-borne pathogens CMA review

View Set

Medicare : Basic Principles of Medicare

View Set

Ch. 13 Food Drugs and Related Supplements, Chapter 13, Chapter 12, Ch. 11, nutrition exam 3, Chapter 10 Health, Nutrition Chapter 8 : Minerals, Vitamins, Chapter 8 Minerals, chapter three science, Chapter 12, Chapter 8-13 (Final), water, electrolytes...

View Set

AUSTRALIAN RQ-7B SHADOW 200 SYSTEM LOGIC.

View Set