Test 1 Coms and Security
Which of the following is NOT a benefit of cloud computing to organizations?
Lower dependence on outside vendors
Which formula is typically used to describe the components of information security risks?
Risk = Threat X Vulnerability
Spyware gathers information about a user through an Internet connection, without his or her knowledge.
True
Standards are used when an organization has selected a solution to fulfill a policy goal.
True
Based on your interpretation of the Zenmap Intense Scan, the purpose/results of the ARP Ping Scan was to:
discover how many hosts are alive.
By creating users, assigning those users to groups, and then applying groups to resources in the domain, the administrator sets up both authentication using the Active Directory Domain authentication policies, and builds a series of nested __________ to control the access to domain resources.
Access Control Lists
What is NOT a good practice for developing strong professional ethics?
Assume that information should be free
Which of the following tools helps discover unwanted operating system changes and non-compliant systems within the network?
Baseline analyzers
Which security model does NOT protect the integrity of information?
Bell-LaPadula
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Brute-force attack
Which activity manages the baseline settings for a system or device?
Configuration control
In Wireshark, which of the following enable you to find only the traffic you wish to analyze?
Display filters
A phishing attack "poisons" a domain name on a domain name server
False
The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.
False
The term risk methodology refers to a list of identified risks that results from the risk-identification process.
False
The __________ on the Wireshark toolbar is used to filter all packets and only show those packets that meet certain criteria.
Filter box
In the lab, you used the __________ to link the new password group policy object to the Active Directory domain for the virtual lab environment.
Group Policy Management Console
Which element of the security policy framework offers suggestions rather than mandatory actions?
Guideline
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?
Home agent (HA)
In the Host Name (or IP address) box of the PuTTY Configuration dialog box, you typed in 172.16.8.5, which is the:
IP address for LanSwitch1.
Which of the following would NOT be considered in the scope of organizational compliance efforts?
Laws
Which of the following is an example of a hardware security control?
MAC filtering
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of understanding (MOU)
What is NOT a goal of information security awareness programs?
Punish users who violate policy
During which phase of a hacker's five-step approach does the hacker scan a network to identify IP hosts, open ports, and services enabled on servers and workstations?
Reconnaissance
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Redundant Array of Independent Disks (RAID)
What is the correct order of steps in the change control process?
Request, impact assessment, approval, build/test, implement, monitor
The __________ can identify the services using the TCP protocol, but not the versions of these applications.
SYN scan
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?
Secure
Which one of the following is NOT an example of store-and-forward messaging?
Telephone call
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.
True
Using Mobile IP, users can move between segments on a local area network (LAN) and stay connected without interruption
True
Which of the following tools is used to capture data packets over time (continuously or overnight)?
Wireshark
In the lab, Wireshark continued to capture data in the background until the:
capture process was manually stopped later in the lab.
Keeping up with technology advances, newly discovered vulnerabilities, and system updates is best done through:
change control management.
Which of the following statements is true regarding the rules for password selection?
Change your passwords frequently.
Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)?
Enforcing the integrity of computer-based information
During the vulnerability assessment, any known vulnerabilities or bugs will be flagged and identified by:
Nessus.
Which one of the following is an example of a logical access control?
Password
Which one of the following is NOT an advantage of biometric systems?
Physical characteristics may change.
Which one of the following is an example of two-factor authentication?
Smart card and personal identification number (PIN)
The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
True
With proactive change management, management initiates the change to achieve a desired goal.
True
Which of the following would NOT be considered in the scope of organizational compliance efforts?
Which of the following would NOT be considered in the scope of organizational compliance efforts?
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Zero-day attack
Conducting a vulnerability scan on entire subnets:
is time consuming and noisy (making them easily detected).
Active Directory:
makes the process of accessing machines that are not on the domain much easier.
Using Group Policy Objects, __________ can be set within Active Directory and automatically enforced.
password policies
A successful __________ assessment of a network is all about using the right tools to map the network and identify any vulnerabilities that can be the opening for a future attack.
scanning and vulnerability