Quiz1 cybersec

Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month?

96.67%

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?

Applying strong encryption

Which one of the following is an example of a disclosure threat?

Espionage

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

Fabrication

Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?

Health Insurance Portability and Accountability Act (HIPAA)

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

Integrity

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

Logic attack

Which one of the following measures the average amount of time that it takes to repair a system, application, or component?

Mean time to repair (MTTR)

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?

Passive wiretap

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?

Password protection

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Policy

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?

Procedure

In which type of attack does the attacker attempt to take over an existing connection between two systems?

Session hijacking

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?

Spim

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?

Standard

Which classification level is the highest level used by the U.S. federal government?

Top Secret

What type of malicious software masquerades as legitimate software to entice the user to run it?

Trojan horse

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Typosquatting

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?

Urgency

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

evil twin

A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

f

A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.

f

An attacker uses exploit software when wardialing.

f

Cryptography is the process of transforming data from cleartext into ciphertext.

f

In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

f

Spam is some act intended to deceive or trick the receiver, normally in email messages.

f

The Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.

f

A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.

t

A IT security policy framework is like an outline that identifies where security controls should be used.

t

A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.

t

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachmen

t

An alteration threat violates information integrity.

t

For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.

t

Organizations should start defining their IT security policy framework by defining an asset classification policy.

t

Rootkits are malicious software programs designed to be hidden from normal methods of detection.

t

Spyware gathers information about a user through an Internet connection, without his or her knowledge.

t

Which control is not designed to combat malware?

Firewall

Which tool can capture the packets transmitted between systems over a network?

Protocol analyzer

Which group is the most likely target of a social engineering attack?

Receptionists and administrative assistants

Which password attack is typically used specifically against password files that contain cryptographic hashes?

birthday attacks

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri?

White-hat hacker

The anti-malware utility is one of the most popular backdoor tools in use today.

f

The main difference between a virus and a worm is that a virus does not need a host program to infect.

f

The weakest link in the security of an IT infrastructure is the server.

f

The System/Application Domain holds all the mission-critical systems, applications, and data

t

The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.

t

Using a secure logon and authentication process is one of the six steps used to prevent malware.

t

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.

t

Which term describes an action that can damage or compromise an asset?

threat

Which term describes any action that could damage an asset?

threat