Info Security Questions

Your page rank:

Total word count: 2829
Pages: 10

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

The System/Application Domain holds all the mission-critical systems, applications, and data.

True

The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.

True

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?

Password protection

Which one of the following measures the average amount of time that it takes to repair a system, application, or component?

Mean time to repair (MTTR)

Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?

Distributed denial of service (DDoS)

Which network device is capable of blocking network connections that are identified as potentially malicious?

Intrusion prevention system (IPS)

The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.

True

For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.

True

Juans web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web
server uptime for that month?

96.67%

Which element of the security policy framework offers suggestions rather than mandatory actions?

Guideline

Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.

True

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?

Applying strong encryption

In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

False

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Policy

Which one of the following is NOT a good technique for performing authentication of an end user?

Identification number

The asset protection policy defines an organizations data classification standard.

False

Which term describes any action that could damage an asset?

Threat

Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted
connections?

22

Which one of the following is typically used during the identification phase of a remote access connection?

Username

The weakest link in the security of an IT infrastructure is the server.

False

Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?

Collaboration

Gwens company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should
implement before accepting credit card transactions?

Payment Card Industry Data Security Standard (PCI DSS)

Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?

Health Insurance Portability and Accountability Act (HIPAA)

Which one of the following is NOT a market driver for the Internet of Things (IoT)?

Global adoption of non-IP networking

Which one of the following is NOT an example of store-and- forward messaging?

Telephone call

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MNs current network?

Home agent (HA)

Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate?

Deidentification

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?

Interoperability

Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet?

Internet Engineering Task Force

Which one of the following is an example of a business-to- consumer (B2C) application of the Internet of Things (IoT)?

Health monitoring

Kairas company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendors site, using a web browser. Which service delivery model is Kairas company using?

Software as a Service (SaaS)

In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?

Correspondent node (CN)

From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)?

Security risks will increase.

Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States?

Federal Information Security Management Act (FISMA)

Which scenario presents a unique challenge for developers of mobile applications?

Selecting multiple items from a list

Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for countries?

Technical and industry development

Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?

Secure

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting
business requirements?

Applying security updates promptly

Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries?

E-commerce

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to
allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?

Bring Your Own Device (BYOD)

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any
modifications. What type of wiretap is Tony placing?

Passive wiretap

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking
place?

Address Resolution Protocol (ARP) poisoning

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type
of attack is Florian using?

Typosquatting

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

Fabrication

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as
part of a paid contract. What type of person is Yuri?

White-hat hacker

Marias company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales
through its online site. Which type of loss did the company experience as a result of
lost sales?

Opportunity cost

Which control is not designed to combat malware?

Firewalls

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the
attacker using?

Urgency

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

Logic attack

Which password attack is typically used specifically against password files that contain cryptographic hashes?

Birthday attacks

Which one of the following is an example of a disclosure threat?

Espionage

Which term describes an action that can damage or compromise an asset?

Threat

Users throughout Alisons organization have been receiving unwanted commercial messages over the organizations instant messaging program. What type of attack is
taking place?

Spim

What type of malicious software masquerades as legitimate software to entice the user to run it?

Trojan horse

In which type of attack does the attacker attempt to take over an existing connection between two systems?

Session hijacking

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Zero-day attack

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port
should Bob expect to be open to support this service?

80

Which tool can capture the packets transmitted between systems over a network?

Protocol analyzer

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an
open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

Evil twin

Which group is the most likely target of a social engineering attack?

Receptionists and administrative assistants

What is NOT a common motivation for attackers?

Fear

What ISO security standard can help guide the creation of an organizations security policy?

27002

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwens companys website by manipulating
Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

The CEO of Kellys company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to
view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEOs computer. What type of attack took place?

Spear phishing

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web
application to the database?

SQL injection

Which type of virus targets computer hardware and software startup functions?

System infector

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Honeypot

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

What is NOT a typical sign of virus activity on a system?

Unexpected power failures

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?

Whitelisting

What type of malicious software allows an attacker to remotely control a compromised computer?

Remote Access Tool (RAT)

What program, released in 2013, is an example of ransomware?

Crypt0L0cker

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?

Internet Control Message Protocol (ICMP)

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has
he discovered?

Polymorphic virus

What file type is least likely to be impacted by a file infector virus?

.docx

Brian would like to conduct a port scan against his systems to determine how they look from an attackers viewpoint. What tool can he use for this purpose?

Nmap

What is NOT one of the four main purposes of an attack?

Data import

Breannes system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware
did she likely encounter?

Trojan horse

Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?

Bobs public key

Which information security objective allows trusted entities to endorse information?

Certification

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution

Which type of cipher works by rearranging the characters in a message?

Transposition

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Alices public key

Which approach to cryptography provides the strongest theoretical protection?

Quantum cryptography

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alices private key

Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?

Online Certificate Status Protocol (OCSP)

What is the only unbreakable cipher when it is used properly?

Vernam

What is NOT a symmetric encryption algorithm?

Rivest-Shamir- Adelman (RSA)

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Nonrepudiation

What standard is NOT secure and should never be used on modern wireless networks?

Wired Equivalent Privacy (WEP)

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

Chosen plaintext

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

What is NOT a valid encryption key length for use with the Blowfish algorithm?

512 bits

What mathematical problem forms the basis of most modern cryptographic algorithms?

Factoring large primes

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

What is NOT an effective key distribution method for plaintext encryption keys?

Unencrypted email

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he
use?

VPN concentrator

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?

Presentation

Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

Wi-Fi

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

Switch

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology
can she use?

Virtual LAN (VLAN)

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

Hub

What is NOT a service commonly offered by unified threat management (UTM) devices?

Wireless network access

What type of network connects systems over the largest geographic area?

Wide area network (WAN)

What firewall approach is shown in the figure?

Screened subnet

Henrys last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow?

3389

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy (WEP)

What type of firewall security feature limits the volume of traffic from individual hosts?

Flood guard

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

Captive portal

Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?

Smurf

What is the maximum value for any octet in an IPv4 IP address?

255

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?

25

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

443

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Application proxying

What protocol is responsible for assigning IP addresses to hosts on most networks?

Dynamic Host Configuration Protocol (DHCP)

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?

Fibre Channel over Ethernet (FCoE)

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending