Exam 2

Question 1

What is a type of law that represents all that apply to a citizen (or subject) of a jurisdiction? (Single Choice) *
* criminal law
* private law
* civil law
* public law

Answer 1

• civil law

Question 2

What is the type of law that addresses violations harmful to society and that is enforced by prosecution by the state? (Single Choice) *
* criminal law
* private law
* public law
* civil law

Answer 2

• criminal law

Question 3

Which law regulates the role of the healthcare industry in protecting the privacy of individuals? (Single Choice) *
* Gramm-Leach-Bliley Act of 1999 (GLB or GLBA)
* Freedom of Information Act of 1966 (FOIA)
* Health Insurance Portability and Accountability Act of 1996 (HIPAA)
* Computer Fraud and Abuse Act of 1986 (CFAA)

Answer 3

• Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Question 4

The generally recognized term for the government protection afforded to intellectual property (written and electronic) is called which of the following?(Single Choice) *
* computer security law
* copyright law
* aggregate information
* data security standards

Answer 4

• copyright law

Question 5

The cornerstone of many current federal computer-related criminal laws is the Computer Fraud and Abuse Act of 1986? (Single Choice) *
* True
* False

Answer 5

• True

Question 6

Regardless of what information a company manages, it is shielded from local and state laws and regulations because the federal laws supersede them? (Single Choice) *
* True
* False

Answer 6

• False

Question 7

Which of the following is an American contribution to an effort to improve copyright protection internationally? (Single Choice) *
* Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)
* Digital Millennium Copyright Act (DMCA)
* Privacy and Electronic Communications Regulations of 2003
* Telecommunications Act of 1997

Answer 7

• Digital Millennium Copyright Act (DMCA)

Question 8

Payment Card Industry ______ Standards are designed to enhance the security of customers’ payment card account data? (Single Choice) *
* data safety
* data security
* data practices
* account security

Answer 8

• data security

Question 9

The ______ attempts to prevent trade secrets from being illegally shared?(Single Choice) *
* Electronic Communications Privacy Act
* Financial Services Modernization Act
* Sarbanes-Oxley Act
* Economic Espionage Act

Answer 9

• Economic Espionage Act

Question 10

According to the National Information Infrastructure Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except? (Single Choice) *
* for purposes of commercial advantage
* for private financial gain
* to harass
* in furtherance of a criminal act

Answer 10

• to harass

Question 11

The method by which systems determine whether and how to admit users into a trusted area of the organization is known as which of the following? (Single Choice) *
* attribute
* accountability
* access control
* auditability

Answer 11

• access control

Question 12

Which term is used to describe the process of validating a supplicant’s purported identity? (Single Choice) *
* accountability
* authentication
* authorization
* biometrics

Answer 12

• authentication

Question 13

The authentication factor “something a supplicant has” relies upon individual characteristics, such as fingerprints, palm prints, hand topography, hand geometry, or retina and iris scans? (Single Choice) *
* True
* False

Answer 13

• False

Question 14

The biometric technology criteria that describes the number of legitimate users who are denied access because of a failure in the biometric device is known as which of the following? (Single Choice) *
* false reject rate
* false accept rate
* crossover error rate
* accountability rate

Answer 14

• false reject rate

Question 15

What type of firewall examines every incoming packet header and can selectively filter packets based on header information, such as destination address, source address, packet type, and other key information? (Single Choice)*
* packet filtering
* proxy server
* media access control (MAC) layer
* application

Answer 15

• packet filtering

Question 16

Which type of firewall filtering allows the firewall to react to an emergent event and update or create rules to deal with the event? (Single Choice) *
* static
* stable
* unstable
* dynamic

Answer 16

• dynamic

Question 17

All traffic exiting from the trusted network should be filtered? (Single Choice) *
* True
* False

Answer 17

• False

Question 18

A network filter that allows administrators to restrict access to external content from within a network is known as which of the following? (Single Choice)*
* content filter
* dynamic filter
* static filter
* stateful filter

Answer 18

• content filter

Question 19

Which VPN technology uses circuits from a service provider and conducts packet switching over these leased circuits? (Single Choice) *
* secure VPN
* hybrid VPN
* trusted VPN
* transport VPN

Answer 19

• trusted VPN

Question 20

What is used to dial every number in a configured range and checks to see if a person, answering machine, or modem picks up? (Single Choice) *
* war dialer
* number redialer
* modem redialer
* incident redialer

Answer 20

• war dialer

Question 21

Which of the following is an event that triggers alarms when no actual attacks are in progress? (Single Choice) *
* evasion
* false positive
* false attack stimulus
* false negative

Answer 21

• false attack stimulus

Question 22

The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives is known as which of the following? (Single Choice) *
* tuning
* filtering
* clustering
* footprinting

Answer 22

• tuning

Question 23

In which IDPS control strategy are all IDPSs control functions implemented and managed in a central location? (Single Choice) *
* centralized control strategy
* fully distributed control strategy
* partially distributed control strategy
* network-based control strategy

Answer 23

• centralized control strategy

Question 24

What term is used to describe decoy systems designed to lure potential attackers away from critical systems? (Single Choice) *
* trap
* honeypot
* trace
* sniffer

Answer 24

• honeypot

Question 25

A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network? (Single Choice) *
* True
* False

Answer 25

• True

Question 26

What is a network tool that collects copies of packets from the network and analyzes them? (Single Choice) *
* footprint
* router
* network trap
* packet sniffer

Answer 26

• packet sniffer

Question 27

A scanner that listens in on a network and identifies vulnerable versions of both server and client software is known as which of the following? (Single Choice) *
* port scanner
* active vulnerability scanner
* sniffer
* passive vulnerability scanner

Answer 27

• passive vulnerability scanner

Question 28

Which of the following terms are used to describe organized research of the internet addresses owned or controlled by the target organization? (Single Choice) *
* fingerprinting
* trapping
* tracing
* footprinting

Answer 28

• footprinting

Question 29

Which type of IDPS resides on a computer or appliance connected to a segment of an organization’s network and monitors traffic on that segment looking for indications of on-going or successful attacks? (Single Choice) *
* network-based IDPS
* host-based IDPS
* wireless NIDPs
* attack surface IDPS

Answer 29

network-based IDPS

Question 30

What detection method examines the system or network data for patterns that match known attack signatures? (Single Choice) *
* anomaly-based detection
* knowledge-based detection
* protocol stack verification
* log file monitor (LFM)

Answer 30

• knowledge-based detection

Question 31

Which step of the systems development life cycle (SDLC) reviews issues with a current system and establishes the requirements of the new system being created?
a. maintenance and change
b. investigation
c. analysis
d. physical design

Answer 31

c. analysis

Question 32

When reviewing the Microsoft SDL (System Development Lifecycle), what is the final phase of their plan where an incident response plan is executed?
a. response
b. verification
c. design
d. training

Answer 32

a. response

Question 33

What is the situation called when a project manager spends more time adjusting a project management software file than focusing on the project itself?
a. project creep
b. projectitis
c. task delegation
d. strategic project management

Answer 33

b. projectitis

Question 34

When changing a security blueprint, training employees is not included as part of the process.
A. True
B. False

Answer 34

B. False

Question 35

Major tasks that are part of a work breakdown structure (WBS) are known as subtasks.
A. True
B. False

Answer 35

A. True

Question 36

Which layer of the bulls-eye model should information security projects focus the most on?
a. networks
b. policies
c. systems
d. applications

Answer 36

a. networks

Question 37

Which changeover strategy should be used when transitioning from an old system to a new system gradually?
a. direct
b. pilot
c. phased
d. parallel

Answer 37

c. phased

Question 38

Which consideration is focused on the selection of equipment and services for a project?
a. staffing
b. organizational feasibility
c. procurement
d. scope

Answer 38

c. procurement

Question 39

The parallel operations conversion strategy often involves running two systems concurrently.
a. True
b. False

Answer 39

a. True

Question 40

The Center for Internet Security (CIS) outlines three categories of control to detect, prevent, respond to, and mitigate damage from attacks: Basic, Foundational, and Organizational.
a. True
b. False

Answer 40

a. True