Quiz #2
True
Failing to prevent and attack all but invites an attack
Urgency
An attacker attempting to break into a facility pulls the alarms to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using
Stimulation testing
As a follow up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the technology resources. What type of test should Holly conduct?
Evil Twin
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifies (SSID) of an open network owned by the coffee shop in the lobby. Which type of attack is likely taking place?
80
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service
False
Continuity of critical business functions and operations is the balanced business continuity plan
warm site
Dawn is selecting an alternative processing facility for her organizations primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Opportunity cost
Maria's company recently experienced a major system outage due to the failure of a critical component. During the time period the company did not register any sales through its online site. Which type of loss did the company experience?
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection?
False
Spam is some act intended to deceive or trick the receiver, normally in email messages
True
The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.
True
The term risk management describes the process of identifying, assessing, prioritizing and addressing risks
True
The tools for conducting a risk analysis can include the documents that define, categorize and rank risks.
The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios
True
Spim
Users throughout Alison's organization have been receiving unwanted messages over the organizations instant messaging program. What type of attack is taking place
Safety
What is not one of the three tenets of information security?
Firewalls
Which controls is not designed to combat malware?
Risk = Threat x Vulnerability
Which formula is typically used to describe the components of information security risks?
data ownership
Which item in a BYOD policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?
Fabrication
Which type of attack involves the creation of some deception in order to trick unsuspecting users?