4 Practice Questions

Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow its client?

service level agreement

HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?

privacy

Which policy specifically protects PII

PRIVACY

Which of the following defines an acceptable use agreement?

an agreement which identifies the employee's rights to use company property such as Internet access and Computer equipment for personal use

You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?

contact your customer to let them know of the security breach

When informing an employee that they are being terminated, what is the most important activity?

disabling their network access

What is the most effective means of improving or enforcing security in any environment?

user awareness training

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which method should you use to best prevent extracting data from the discs?

shredding

Which of the following best describes the concept of due care or due diligence?

reasonable precautions, based on industry best practices, are utilized and documented

Which of the following is a high-level, general statement about the role of security in the organization?

policy

Which of the following is a recommendation to use when a specific standard or procedure does not exist?

guideline

Which of the following is the best protection against security violations?

defense in depth

Who has the responsibility for the development of a security policy?

senior management

What is the primary purpose of source code escrow?

to obtain change rights over software after the vendor goes out of business

What is the primary purpose of change control?

prevent unmanaged change

When recovery is being performed due to a disaster, which services are to be stabilized first?

mission critical

In business continuity planning, what is the primary focus of the scope?

business processes

What is the primary goal of business continuity planning?

maintaining business operations with reduced or restricted infrastructure capabilities or resources

The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing?

the resting of control procedures to see if they are working as expected and are being implemented in accordance with management policies

When is a BCP or DRP design and development actually completed?

never

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?

collect and destroy all old plan copies

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals.
Which type of BCP test is this considered?

tabletop exercise

Which of the following is not a valid response to a risk discovered during a risk analysis?

denial

Which of the following best defines Single Loss Expectancy (SLE)?

the total monetary loss associated with a single occurrence of a threat

What is the average number of times that a specific risk is likely to be realized?

ARO(annualized rate of occurrence)

When analyzing assets, which analysis method assigns financial values to assets?

quantitative

Which of the following statements is true in regards to risk analysis? (Select two.)

dont implement a countermeasure if the cost is greater than loss; ARO identifies how often in a single year the successful threat attack will occur

When would choosing to do nothing about an identified risk be acceptable?

when the cost of protecting the asset is greater than the potential loss

If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?

negligence

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?

through historical data provided by insurance companies and crime statistics

Purchasing insurance is what type of response to risk?

transference

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?

delphi method

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?

network DLP

You are a network administrator over two Windows-based sites. You have almost 2000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data.
You decide to implement e-mail and instant messaging communication controls so that messages that violate your organizations security policy are blocked at the workstation before being transmitted on the network. Which DLP solution should you implement?

endpoint DLP

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?

back up all logs and audits regarding the incident

Which of the following is an important aspect of evidence gathering?

backing up all log files and audit trails

Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

hashing

The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?

rebooting the system

How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?

create a checksum using a hashing algorithm

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains.
What should you do first?

make a bit-level copy of the disk

During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence?

disconnect the access point from the network

You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next?

perform a memory dump

When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?

document what's on the screen

What is the best definition of a security incident?

violation of security policy

When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence?

document what's on the screen

What is the most important element related to evidence in addition to the evidence itself?

chain of custody document

The chain of custody is used for what purposes?

listing people coming into contact with evidence

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?

chain of custody

What is the primary countermeasure to social engineering?

awareness

How can an organization help prevent social engineering attacks? (Select two.)

Educate employees on the risks and countermeasures. Publish and enforce clearly-written security policies.

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site?

phishing

phishing

An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information.

whaling

An attacker gathers personal information about the target individual, who is a CEO.

spear phishing

An attacker gathers personal information about the target individual in an organization.

dumpster diving

An attacker searches through an organization's trash looking for sensitive information.

piggybacking

An attacker enters a secured building by following an authorized employee through a secure door without providing identification.

vishing

An attacker uses a telephone to convince target individuals to reveal their credit card information.

Which of the following is a common form of social engineering attack?

Hoax virus information e-mails.

You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service.
What should you do?

Verify that the e-mail was sent by the administrator and that this new service is legitimate.

Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?

vishing

A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule.
Which type of an attack best describes the scenario?

whaling

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?

authority

By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized?

pretexting

Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?

social validation

You've just received an e-mail message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat.
What should your first action based on this message be?

Verify the information on well-known malicious code threat management Web sites

Dictionary attacks are often more successful when performed after what reconnaissance action?

social engineering

Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?

Assurance

Which of the following defines system high mode?

All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.

Which of the following is not used by the reference monitor to determine levels of access?

Ring architecture

Which of the following defines layeringin regards to system access control?

...

4 Practice Questions - Subjecto.com

4 Practice Questions

Your page rank:

Total word count: 1984
Pages: 7

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow its client?

service level agreement

HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?

privacy

Which policy specifically protects PII

PRIVACY

Which of the following defines an acceptable use agreement?

an agreement which identifies the employee’s rights to use company property such as Internet access and Computer equipment for personal use

You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?

contact your customer to let them know of the security breach

When informing an employee that they are being terminated, what is the most important activity?

disabling their network access

What is the most effective means of improving or enforcing security in any environment?

user awareness training

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which method should you use to best prevent extracting data from the discs?

shredding

Which of the following best describes the concept of due care or due diligence?

reasonable precautions, based on industry best practices, are utilized and documented

Which of the following is a high-level, general statement about the role of security in the organization?

policy

Which of the following is a recommendation to use when a specific standard or procedure does not exist?

guideline

Which of the following is the best protection against security violations?

defense in depth

Who has the responsibility for the development of a security policy?

senior management

What is the primary purpose of source code escrow?

to obtain change rights over software after the vendor goes out of business

What is the primary purpose of change control?

prevent unmanaged change

When recovery is being performed due to a disaster, which services are to be stabilized first?

mission critical

In business continuity planning, what is the primary focus of the scope?

business processes

What is the primary goal of business continuity planning?

maintaining business operations with reduced or restricted infrastructure capabilities or resources

The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing?

the resting of control procedures to see if they are working as expected and are being implemented in accordance with management policies

When is a BCP or DRP design and development actually completed?

never

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?

collect and destroy all old plan copies

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals.
Which type of BCP test is this considered?

tabletop exercise

Which of the following is not a valid response to a risk discovered during a risk analysis?

denial

Which of the following best defines Single Loss Expectancy (SLE)?

the total monetary loss associated with a single occurrence of a threat

What is the average number of times that a specific risk is likely to be realized?

ARO(annualized rate of occurrence)

When analyzing assets, which analysis method assigns financial values to assets?

quantitative

Which of the following statements is true in regards to risk analysis? (Select two.)

dont implement a countermeasure if the cost is greater than loss; ARO identifies how often in a single year the successful threat attack will occur

When would choosing to do nothing about an identified risk be acceptable?

when the cost of protecting the asset is greater than the potential loss

If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?

negligence

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?

through historical data provided by insurance companies and crime statistics

Purchasing insurance is what type of response to risk?

transference

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?

delphi method

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?

network DLP

You are a network administrator over two Windows-based sites. You have almost 2000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data.
You decide to implement e-mail and instant messaging communication controls so that messages that violate your organizations security policy are blocked at the workstation before being transmitted on the network. Which DLP solution should you implement?

endpoint DLP

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?

back up all logs and audits regarding the incident

Which of the following is an important aspect of evidence gathering?

backing up all log files and audit trails

Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

hashing

The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?

rebooting the system

How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?

create a checksum using a hashing algorithm

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains.
What should you do first?

make a bit-level copy of the disk

During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence?

disconnect the access point from the network

You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next?

perform a memory dump

When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?

document what’s on the screen

What is the best definition of a security incident?

violation of security policy

When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence?

document what’s on the screen

What is the most important element related to evidence in addition to the evidence itself?

chain of custody document

The chain of custody is used for what purposes?

listing people coming into contact with evidence

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?

chain of custody

What is the primary countermeasure to social engineering?

awareness

How can an organization help prevent social engineering attacks? (Select two.)

Educate employees on the risks and countermeasures. Publish and enforce clearly-written security policies.

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site?

phishing

phishing

An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information.

whaling

An attacker gathers personal information about the target individual, who is a CEO.

spear phishing

An attacker gathers personal information about the target individual in an organization.

dumpster diving

An attacker searches through an organization’s trash looking for sensitive information.

piggybacking

An attacker enters a secured building by following an authorized employee through a secure door without providing identification.

vishing

An attacker uses a telephone to convince target individuals to reveal their credit card information.

Which of the following is a common form of social engineering attack?

Hoax virus information e-mails.

You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service.
What should you do?

Verify that the e-mail was sent by the administrator and that this new service is legitimate.

Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?

vishing

A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn’t know and he is asking for immediate clarification on several of the project’s details so the project can get back on schedule.
Which type of an attack best describes the scenario?

whaling

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?

authority

By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized?

pretexting

Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?

social validation

You’ve just received an e-mail message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat.
What should your first action based on this message be?

Verify the information on well-known malicious code threat management Web sites

Dictionary attacks are often more successful when performed after what reconnaissance action?

social engineering

Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?

Assurance

Which of the following defines system high mode?

All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.

Which of the following is not used by the reference monitor to determine levels of access?

Ring architecture

Which of the following defines layeringin regards to system access control?

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending