Chapter 1 Flashcards

1
Q

Information Security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Software manufacturers limit their liability when selling software using which of the following?

A. End-User License Agreements
B. Confidentiality agreements
C. Software Development agreements
D. By developing error-free software and code so there is no liability
E. None of the above
A

End-User License Agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The __________ tenet of information systems security is concerned with the recovery time objective.

A. Confidentiality
B. Integrity
C. Availability
D. All of the above
E. None of the above
A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

If you are a publicly-traded company of U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Organizations that require customer service representatives to access private customer data can best protect customer privacy and make it easy to access other customer data by using which of the following security controls?

A. Preventing customer service representatives from accessing private customer data.
B. Blocking out customer private data details and allowing access only to the last four digits of social security numbers or account numbers.
C. Encrypting all customer data.
D. Implementing second-tier authentication when accessing customer data bases
E. All the above

A

Blocking out customer private data details and allowing access only to the last four digits of social security numbers or account numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The ______ is the weakest link in an IT infrastructure.

A. System/ Application Domain
B. LAN-to-WAN Domain
C. WAN Domain
D. Remote Access Domain
E. User Domain
A

User Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following security controls can help mitigate malicious email attachments?

A. Email filtering and quarantining
B. Email attachment antivirus scanning
C. Verifying with users that email source is reputable
D. Holding all inbound emails with unknown attachments
E. All of the above

A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You can help ensure confidentiality by implementing _______.

A. An acceptable use policy.
B. A data classification standard.
C. An IT security policy framework
D. A virtual private network for remoter access.
E. Secure access controls
A

A virtual private network for remoter access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Encrypting email communications is needed if you are sending confidential information within an email message trough the public internet.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats.
A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data classification standard is usually part of which policy definition?

A. Asset protection policy
B. Acceptable use policy
C. Vulnerability assessment and management policy
D. Security awareness policy
E. Threat assessment and monitoring policy

A

Asset protection policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A data breach is typically performed after which of the following?

A. Unauthorized access to the systems and applications is obtained.
B. Vulnerability assessment scan.
C. Configuration change request.
D. Implementation of a new data center.
E. Implementation of a web application update.

A

Unauthorized access to the systems and applications is obtained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Maximizing availability primarily involves minimizing _____.

A. The amount of downtime recovering from a disaster
B. The mean time to repair a system of application
C. Downtime by implementing a business continuity plan.
D. The recovery time objective
E. All of the above.

A

All of the above.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is not a U.S. compliance law or act?

A. CIPA
B. FERPA
C. FISMA
D. PCI DSS
E. HIPAA
A

PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Internet IP packets are to cleartext what encrypted IP packets are to_____.

A. Confidentiality
B. Ciphertext
C. Virtual private networks.
D. Cryptography algorithms
E. None of the above
A

Ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The internet is an open, public network shared by the entire planet. Anyone can connect to the internet with a computer and a valid Internet connection and a browser.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following are challenges that IoT industry must overcome?

A. Security and privacy
B. Interoperability and standards
C. Legal and regulatory compliance
D. E-commerce and economic development
E. All of the above
A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which phenomenon helped drive near real-time, high-speed broadband connectivity to the endpoint device?

A. Internet connectivity
B. Email
C. VoIP
D. Social media sharing
E. All of the above
A

Social media sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following requires an IoT-connected automobile?

A. Near real-time access to household controls and systems
B. Ability to track the whereabouts of your children trough location finder GPS applications
C. Real-time alerts regarding reminders to pay bills on time.
D. Online e-commerce and online shopping with direct delivery
E. Traffic monitoring sensors that provide real-time

A

Traffic monitoring sensors that provide real-time updates for traffic conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following are impacts of the IoT on our business lives?

A. E-commerce
B. Integrated supply chain with front-end sales order entry
C. Companies now offering delivery services for products and services with real-time updates.
D. Customer reviews providing consumers with product and service reviews online and with more information about customer satisfaction
E. All of the above

A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following helps support remote teleworking?

A. Presence/ availability
B. IM chat
C. Video conferencing
D. Collaboration
E. All of the above
A

E. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which is a security challenges that IoT deployments must overcome?

A. Congestion of mobile IP traffic
B. Secure communication with other IoT devices
C. Liability of an IoT device failing to send an update message
D. Pricing for software licensing in the IoT device
E. Privacy data use sharing agreement

A

Secure communication with other IoT devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Unified messaging provides what functionality for users on the go?

A. Voice messages that are converted to audio files and emailed to the user's mailbox for playback while on the road
B. One-to-many communications
C. Many-to-many communications
D. VoIP communications and messaging
E. SIP communications and messaging
A

Voice messages that are converted to audio files and emailed to the user’s mailbox for playback while on the road

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following applications can eliminate the need for face-to-face training?

A. Audio/ Video conferencing
B. Collaboration
C. IM chat
D. Presence/ availability
E. All of the above
A

Collaboration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Why do e-commerce systems need the utmost in security controls?

A. It is a PCI DSS standard.
B. Private customer date is entered into websites
C. Credit card data is entered into websites
D. Customer retention requires confidence in secure online purchases.
E. All of the above

A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is not a challenge that must be overcome by IoT deployments?

A. Security
B. Availability
C. Legal and Regulatory
D. E-commerce and economic development
E. Privacy
A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Typically, data must be__________to be shared or used for research purposes.

A. Encrypted
B. Hashed
C. De-identified
D. Masked out
E. In clear text
A

De-identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The main goal of a hacker is to steal or compromise IT assets and potentially steal data.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following best describes intellectual property?

A. The items a business has copyrighted
B. All patents owned by a business
C. The unique knowledge a business possesses
D. Customer lists
E. All of the above
A

All of the above

30
Q

Which of the following terms best describes a person with very little hacking skills?

A. Hacker
B. Script Kiddie
C. Cracker
D. Wannabe
E. All of the above
A

Script Kiddie

31
Q

A(n)_______ is a software tool that is used to capture a packet from a network.

A

Packet Sniffer

32
Q

Which type of attacks results in legitimate users not having access to a system resource?

A. DDoS
B. Social engineering
C. Man in the middle
D. Phishing emails
E. SQL injection
A

DDoS

33
Q

A SYN flood attack floods a target with invalid or half-open TCP connection requests.

A. True
B. False

A

True

34
Q

Which of the following is an example of social engineering?

A. SQL injection
B. XML injection
C. Security design
D. Impersonation
E. All of the above
A

Impersonation

35
Q

Which of the following security countermeasures is best for end-point protection against malware?

A. Antivirus/ anti-malware protection
B. Data leakage prevention
C. Standardized workstation and laptop images
D. Security awareness training
E. All of the above
A

All of the above

36
Q

War driving involves looking for open or public wireless networks

A. True
B. False

A

True

37
Q

Which of the following impacts availability?

A. Cross-site scripting
B. SQL injection
C. DDoS
D. Packet sniffing
E. None of the above
A

DDoS

38
Q

Which type of attack involves capturing data packet from a network and transmitting them later to produce an unauthorized effect?

A. Man in the middle
B. SYN flood
C. Replay
D. Smurf
E. SQL injection
A

Replay

39
Q

A(n)______ is any action that could damage an asset.

A

Threat

40
Q

A(n)______ is any weakness that makes it possible for a threat to cause harm to a computer or network.

A

Vulnerability

41
Q

Which type of malware is a self-contained program that replicates and sends copies of itself to other computers, generally across the network?

A. Virus
B. Worm
C. Trojan
D. Rootkit
E. Cookie Manipulation
A

Worm

42
Q

Which type of malware involves extorting the user or organization into paying money to release a decryption key?

A. Virus
B. Trojan
C. Logic bomb
D. Cryptolocker malware
E. Your worst nightmare virus
A

Cryptolocker malware

43
Q

The basic model for how you can build and use a network and its resources is known as the __________.

A. Dynamic Host Configuration Protocol (DHCP) model
B. International Organization for Standardization (ISO) model
C. Open Systems Interconnection (OSI) Reference Model
D. None of the above

A

Open Systems Interconnection (OSI) Reference Model

44
Q

The basic job of a ________ is to enforce an access control policy at the border of a network

A. Firewall
B. Router
C. Switch
D. Access point

A

Firewall

45
Q

A(n) _________ is a critical element in every corporate network today, allowing access to an organization’s resources from almost anywhere in the world.

A. Local area network (LAN)
B. Wide area network (WAN)
C. Dynamic Host Configuration Protocol (DHCP)
D. None of the above

A

Wide area network (WAN)

46
Q

A secure virtual private network (VPN) creates an authenticated and encrypted channel across some form of public network.

A. True
B. False

A

True

47
Q

_______ is a suite of protocols that was developed by the Department of Defense to provide a highly reliable and fault-tolerance network infrastructure.

A. DHCP
B. VPN
C. PPPoE
D. TCP/IP

A

TCP/IP

48
Q

A _______ is a device that interconnects two or more networks and selectively interchanges packets of date between them.

A

Router

49
Q

Which simple network device helps to increase network performance by using the MAC address to send network traffic only to its intended destination?

A. Hub
B. Switch
C. Router
D. Gateway

A

Switch

50
Q

The three basic types of firewall are packet filtering, application proxy, and stateful inspection.

A. True
B. False

A

True

51
Q

What technology is the most secure way to encrypt wireless communications?

A. TCP
B. WEP
C. WPA
D. UDP

A

WPA

52
Q

IP addresses are assigned to computers by the manufacturer.

A. True
B. False

A

False

53
Q

Which VPN technology allows users to initiate connections over the Web?

A. SSL
B. PPTP
C. IPSec
D. ICMP

A

SSL

54
Q

What layer of the OSI Reference Model is most commonly responsible for encryption?

A. Application
B. Presentation
C. Session
D. Transport

A

Presentation

55
Q

DHCP provides systems with their MAC addresses.

A. True
B. False

A

False

56
Q

What firewall topology supports the implementation of a DMZ?

A. Bastion host
B. Multilayered firewall
C. Border firewall
D. Screened subnet

A

Screened subnet

57
Q

What technology allows you to hide the private IPv4 address of a system from the internet?

A. SSL
B. RADIUS
C. PPTP
D. NAT

A

NAT

58
Q

Which type of malware attaches to, or infects, other programs?

A. Spyware
B. Virus
C. Worm
D. Rootkit

A

Virus

59
Q

_________ is any unwanted message.

A

Spam

60
Q

Which type of malicious software is a standalone program that propagates from one computer to another?

A. Spyware
B. Virus
C. Worm
D. Snake

A

Worm

61
Q

In the malware context, which of the following best defines the term mobile code?

A. Website active content
B. Malware targeted at PDAs and smartphones
C. Software that runs on multiple operating systems.
D. Malware that uses networks to propagate

A

Website active content

62
Q

A(n)_________ is a network of compromised computers that attackers use to launch attacks and spread malware.

A.Black network
B. Botnet
C. Attacknet
D. Trojan store

A

Botnet

63
Q

What does the TCP SYN flood attack do to cause a DDoS?

A. Causes the network daemon to crash
B. Crashes the host computer
C. Saturates the available network bandwidth
D. Fills up the pending connections table

A

Fills up the pending connections table

64
Q

Which type of attack tricks a user into providing personal information by masquerading as a legitimate website?

A. Phreaking
B. Phishing
C. Trolling
D. Keystroke logging

A

Phishing

65
Q

The best defense form keystroke loggers is to carefully inspect the keyboard cable before using a computer because the logger must connect to the keyboard’s cable.

A. True
B. False

A

True

66
Q

How did viruses spread in the early days of malware?

A. Wired network connections
B. Punch cards
C. Diskettes
D. As program bugs

A

How did viruses spread in the early days of malware?

A. Wired network connections
B. Punch cards
C. Diskettes
D. As program bugs

67
Q

What is the most common first phase of an attack?

A. Vulnerability identification
B. Reconnaissance and probing
C. Target Selection
D. Evidence containment

A

Reconnaissance and probing

68
Q

Which software tool provides extensive port-scanning capabilities?

A. Ping
B. Whois
C. Rpcinfo
D. Nmap

A

Nmap

69
Q

The ____________ strategy ensures that an attacker must compromise multiple controls to reach any protected resource.

A

Defense in depth

70
Q

A honeypot is a sacrificial host with deliberately insecure services deployed at the edges of a network to act as a bait for potential hacking attacks.

A. True
B. False

A

True