SecurityTest1 (Ch1-3)

Which one of the following is an example of a disclosure threat? Espionage Alteration Denial Destruction

Espionage

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Evil twin Wardriving Bluesnarfing Replay attack

Evil twin

Which type of attack involves the creation of some deception in order to trick unsuspecting users? Interception Interruption Fabrication Modification

Fabrication

Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? 20 22 23 80

22

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service? 21 23 80 443

80

Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? 96.67% 3.33% 99.96% 0.04%

96.67

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? Address Resolution Protocol (ARP) poisoning Internet Protocol (IP) spoofing URL hijacking Christmas attack

Address Resolution Protocol (ARP) poisoning

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? Applying security updates promptly Using encryption for communications Removing IoT devices from the network Turning IoT devices off when not in use

Applying security updates promptly

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? Securing wiring closets Applying patches promptly Implementing LAN configuration standards Applying strong encryption

Applying strong encryption

During what phase of a remote access connection does the end user prove his or her claim of identity? Identification Authentication Authorization Tokenization

Authentication

Which password attack is typically used specifically against password files that contain cryptographic hashes? Brute-force attacks Dictionary attacks Birthday attacks Social engineering attacks

Birthday attacks

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? Privacy Bring Your Own Device (BYOD) Acceptable use Data classification

Bring Your Own Device (BYOD)

Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Voice over IP (VoIP) Audio conferencing Video conferencing Collaboration

Collaboration

What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access? Laptop Firewall Router Content filter

Content Filter

In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)? Home agent (HA) Foreign agent (FA) Care of address (COA) Correspondent node (CN)

Correspondent node (CN)

Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? Encryption Decryption Deidentification Aggregation

Deidentification

Which risk is most effectively mitigated by an upstream Internet service provider (ISP)? Distributed denial of service (DDoS) Lost productivity Firewall configuration error Unauthorized remote access

Distributed denial of service (DDoS)

Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries? Wastewater treatment Water supply management E-commerce Agriculture

E-commerce

Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States? Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) Family Educational Rights and Privacy Act (FERPA) Federal Information Security Management Act (FISMA)

Federal Information Security Management Act (FISMA)

Which control is not designed to combat malware? Firewalls Antivirus software Awareness and education efforts Quarantine computers

Firewalls

Which one of the following is NOT a market driver for the Internet of Things (IoT)? Global adoption of non-IP networking Smaller and faster computing Growth of cloud computing Advancements in data analytics

Global adoption of non-IP networking

Which element of the security policy framework offers suggestions rather than mandatory actions? Policy Standard Guideline Procedure

Guideline

Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer? -Federal Information Security Management Act (FISMA) -Health Insurance Portability and Accountability Act (HIPAA) -Children's Internet Protection Act (CIPA) -Gramm-Leach-Bliley Act (GLBA)

Health Insurance Portability and Accountability Act (HIPAA)

Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals? Payment Card Industry Data Security Standard (PCI DSS) Federal Financial Institutions Examination Council (FFIEC) Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Virtual workplace Infrastructure monitoring Health monitoring Supply chain management

Health monitoring

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? Home agent (HA) Foreign agent (FA) Care of address (COA) Correspondent node (CN)

Home agent (HA)

Which one of the following is NOT a good technique for performing authentication of an end user? Password Biometric Identification Number Token

Identification Number

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? Confidentiality Integrity Availability Nonrepudiation

Integrity

Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet? Internet Society Internet Engineering Task Force Internet Association Internet Authority

Internet Engineering Task Force

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? Security Privacy Interoperability Compliance

Interoperability

Which network device is capable of blocking network connections that are identified as potentially malicious? Intrusion Prevention Sytem (IPS) Intrusion Detection System (IDS) Demilitarized Zone (DMZ) Web Server

Intrusion Prevention Sytem (IPS)

Which type of denial of service attack exploits the existence of software flaws to disrupt a service? SYN flood attack Smurf attack Logic attack Flooding attack

Logic attack

Which one of the following measures the average amount of time that it takes to repair a system, application, or component? Uptime Mean time to failure (MTTF) Mean time to repair (MTTR) Recovery time objective (RTO)

Mean time to repair (MTTR)

Beth must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput? OC-12 DS1 DS3 OC-3

OC-12

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales? Replacement cost Opportunity cost Manpower cost Cost of good sold

Opportunity cost

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? Active wiretap Between-the-lines wiretap Piggyback-entry wiretap Passive wiretap

Passive wiretap

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? Password Protection Antivirus Software Deactivating USB Ports Vulnerability Scanning

Password Protection

Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions? Health Insurance Portability and Accountability Act (HIPAA) Family Educational Rights and Privacy Act (FERPA) Communications Assistance for Law Enforcement Act (CALEA) Payment Card Industry Data Security Standard (PCI DSS)

Payment Card Industry Data Security Standard (PCI DSS)

Which element of the security policy framework requires approval from upper management and applies to the entire organization? Policy Standard Guideline Procedure

Policy

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? Policy Standard Guideline Procedure

Procedure

Which tool can capture the packets transmitted between systems over a network? Wardialer OS fingerprinter Port scanner Protocol analyzer

Protocol analyzer

Which group is the most likely target of a social engineering attack? Receptionists and administrative assistants Information security response team Internal auditors Independent contractors

Receptionists and administrative assistants

Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation? Connect Secure Share Speak

Secure

From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)? Security risks will increase. Security risks will decrease. Security risks will stay the same. Security risks will be eliminated.

Security risks will increase.

Which scenario presents a unique challenge for developers of mobile applications? Applying encryption to network communications Selecting multiple items from a list Obtaining Internet Protocol (IP) addresses Using checkboxes

Selecting multiple items from a list

In which type of attack does the attacker attempt to take over an existing connection between two systems? Man-in-the-middle attack URL hijacking Session hijacking Typosquatting

Session hijacking

Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using? Platform as a Service (PaaS) Software as a Service (SaaS) Communications as a Service (CaaS) Infrastructure as a Service (IaaS)

Software as a Service (SaaS)

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? Spam Phishing Social engineering Spim

Spim

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used? Policy Standard Guideline Procedure

Standard

Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for countries? Technical and industry development Confidentiality of personal information Network security devices Broadband capacity

Technical and industry development

Which one of the following is NOT an example of store-and-forward messaging? Telephone call Voicemail Unified messaging Email

Telephone call

Which term describes an action that can damage or compromise an asset? Risk Vulnerability Countermeasure Threat

Threat

Which term describes any action that could damage an asset? Risk Countermeasure Vulnerability Threat

Threat

Which classification level is the highest level used by the U.S. federal government? Top Secret Secret Confidential Private

Top Secret

What type of malicious software masquerades as legitimate software to entice the user to run it? Virus Worm Trojan horse Rootkit

Trojan horse

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using? Cross-site scripting Session hijacking SQL injection Typosquatting

Typosquatting

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? Vishing Urgency Whaling Authority

Urgency

Which one of the following is typically used during the identification phase of a remote access connection? Username Password Token Fingerprint

Username

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? Cracker White-hat hacker Black-hat hacker Grey-hat hacker

White-hat hacker

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? SQL injection Cross-site scripting Cross-site request forgery Zero-day attack

Zero-day attack