In-Class Quizzes Flashcards

1
Q

What type of network connects systems over the largest geographic area?

a. Storage area network (SAN)
b. Wide area network (WAN)
c. Local area network (LAN)
d. Metropolitan area network (MAN)

A

b. Wide area network (WAN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

a. Hub
b. Switch
c. Router
d. Firewall

A

b. Switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

a. Virtual private network (VPN)
b. Transport Layer Security (TLS)
c. Virtual LAN (VLAN)
d. Firewall

A

c. Virtual LAN (VLAN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What protocol is responsible for assigning IP addresses to hosts on most networks?

a. Simple Mail Transfer Protocol (SMTP)
b. Virtual LAN (VLAN)
c. Dynamic Host Configuration Protocol (DHCP)
d. Transport Layer Security (TLS)

A

c. Dynamic Host Configuration Protocol (DHCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What wireless security technology contains significant flaws and should never be used?

a. Wi-Fi Protected Access (WPA)
b. Wired Equivalent Privacy (WEP)
c. WPA2
d. Remote Authentication Dial-In User Service (RADIUS)

A

b. Wired Equivalent Privacy (WEP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What category of attacker might also be called cyberterrorists? Choose the best response.

a. Script kiddies
b. Hacktivists
c. Shadow IT
d. Nation states

A

b. Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your company has long maintained an email server, but it’s insecure and unreliable. You’re considering just outsourcing email to an external company that provides secure cloud-based email services. What risk management strategy are you employing? Choose the best response.

a. Risk mitigation
b. Risk transference
c. Risk avoidance
d. Risk acceptance

A

b. Risk transference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What element of your risk mitigation strategy helps keep future additions to your network from introducing new security vulnerabilities? Choose the best response.

a. Security audits
b. Technical controls
c. Change management
d. Incident management

A

c. Change management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a Windows operating system tool that displays or refreshes IP settings for network interfaces? Choose the best response.

a. Curl
b. Pathping
c. Scanless
d. Ipconfig

A

d. Ipconfig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

__________ is a simulated attack designed to determine whether an attacker could compromise an asset.

a. vulnerability scan
b. reconnaissance
c. Pivot
d. penetration test

A

d. penetration test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Evil twins are mostly used as part of what kind of attack? Choose the best response.

a. Trojan horse
b. On-path
c. Denial of service
d. Phishing

A

b. On-path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You’ve just discovered a kind of malware that overwrites the hosts file to redirect web searches to a malicious site. What technique does it most likely use? Choose the best response.

a. VLAN hopping
b. ARP poisoning
c. Domain hijacking
d. DNS poisoning

A

d. DNS poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You’re configuring a router, and want it to check the properties of incoming traffic before passing it on. What will this require? Choose the best response.

a. Configuring routing tables
b. Configuring ACLs
c. Only a fully featured firewall can do this
d. Either would have the same effect

A

b. Configuring ACLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What DMZ topology is displayed? Choose the best response.

a. Bastion Host
b. Dual firewall
c. Three-homed firewall
d. UTM firewall

A

c. Three-homed firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

On a subnet with limited physical security, you’re worried about ARP poisoning and DHCP spoofing attacks. What switch feature could help prevent both? Choose the best response.

a. Port security
b. DHCP snooping
c. MAC filtering
d. MACsec

A

d. MACsec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following statements is true?

a. The auditee is the person running the audit, and the client is the subject of the audit.
b. The auditor is the person running the audit, and the client is the subject of the audit.
c. The client is the person setting the scope for the audit, and the auditor performs the work.
d. The client pays for the audit, and the auditor sets the scope of the audit that will follow.

A

c. The client is the person setting the scope for the audit, and the auditor performs the work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following assurance methods is acceptable for external use, including licensing?

a. Independent audit
b. Internal audit
c. External audit
d. Assessment

A

a. Independent audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the definition of a standard as compared to a guideline?

a. Standards are mandatory controls designed to support a policy. Following guidelines is discretionary.
b. Guidelines are recommended controls necessary to support standards, which are discretionary.
c. Standards are discretionary controls used with guidelines to aid the reader’s decision process.
d. Guidelines are intended to designate a policy, whereas standards are used in the absence of a policy

A

a. Standards are mandatory controls designed to support a policy. Following guidelines is discretionary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following types of risk are of the most interest to an IS auditor?

a. Inherent, noninherent, control, lack of control
b. Unknown, quantifiable, cumulative
c. Control, detection, noncompliance, risk of strike
d. Sampling, control, detection, inherent

A

d. Sampling, control, detection, inherent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the purpose of the audit charter?

a. To authorize the creation of the audit committee
b. To engage external auditors
c. To provide detailed planning of the audit
d. To grant responsibility, authority, and accountability

A

d. To grant responsibility, authority, and accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which type of cryptography is most commonly used for key exchange? Choose the best response.

a. Symmetric encryption
b. Hashing
c. Asymmetric encryption
d. One-Time Pad

A

c. Asymmetric encryption

22
Q

What type of cryptography is usually used for password storage? Choose the best response.

a. One-Time Pad
b. Symmetric encryption
c. Hashing
d. Asymmetric encryption

A

c. Hashing

23
Q

Which of the following encryption ciphers is the strongest.

a. DES
b. AES
c. Blowfish
d. 3DES

A

b. AES

24
Q

What process gives integrity, authenticity, and non-repudiation? Choose the best response.

a. Diffie-Hellmann key exchange
b. Digital signature
c. HMAC
d. Hashing

A

b. Digital signature

25
Q

You’ve received an assortment of files along with accompanying hashes to guarantee integrity. Some of the hash values are 256-bit, and some are 512-bit. Assuming they all use the same basic algorithm, what might it be? Choose the best response.

a. MD5
b. RIPEMD
c. SHA-1
d. SHA-2

A

d. SHA-2

26
Q

What is true of a digital certificate, but not true of a digital signature?

a. Provides non-repudiation
b. Proves the authenticity of a message
c. Has a valid starting and ending date and proves the authenticity of a person or system
d. Requires a hashing algorithm
e. Requires both an asymmetric key pair and a hashing algorithm

A

c. Has a valid starting and ending date and proves the authenticity of a person or system

27
Q

What defines an EV certificate? Choose the best response.

a. It lasts longer than a standard certificate\
b. It applies to more than one domain
c. It uses more robust cryptography
d. It requires a stricter identity verification process on application

A

d. It requires a stricter identity verification process on application

28
Q

What certificate formats commonly use the web of trust model? Choose the best response.

a. ASN.1
b. Bridge
c. X.509
d. OpenPGP

A

d. OpenPGP

29
Q

You’re receiving many unauthorized network scans using methods carefully designed to get by existing firewall rules. What device or feature would be the best way to recognize and block those scans? Choose the best response.

a. IPS
b. Stateful firewall
c. IDS
d. Application layer firewall

A

a. IPS

30
Q

Your department just deployed some fake DNS servers which only interact with automated scripts, never legitimate clients. When they receive unexpected requests, they send an alert to the SIEM. What technique is being used? Choose the best response.

a. Honeypot
b. IPS
c. Sinkhole
d. NGFW

A

a. Honeypot

31
Q

What SNMP component is a database for a particular device? Choose the best response.

a. OID
b. MIB
c. Agent
d. Manager

A

b. MIB

32
Q

Which of the following is the meaning of Value 4 of the syslog file? Choose the best response.

a. Critical
b. Warning
c. Error
d. Alert

A

b. Warning

33
Q

What SIEM software feature finds broader trends and relationships formed by individually insignificant events? Choose the best response.

a. Synchronization
b. Deduplication
c. Correlation
d. Aggregation

A

c. Correlation

34
Q

Which of the following is the file format for Linux to store log? Choose the best response.

a. Syslog
b. MIB
c. MySQL
d. SysVar

A

a. Syslog

35
Q

Which of the following is a popular network analyzer? Choose the best response.

a. Linux
b. Wireshark
c. Networkpro
d. Network Traffic Plus

A

b. Wireshark

36
Q

Who sets the priorities and objectives of the IT balanced scorecard (BSC)?

a. Chief executive officer (CEO)
b. IT steering committee
c. Chief information officer (CIO)
d. Chief financial officer (CFO)

A

a. Chief executive officer (CEO)

37
Q

The Software Engineering Institute’s Capability Maturity Model (CMM) is best described by which of the following options?

a. Measurement of resources necessary to ensure a reduction in coding defects
b. Baseline of the current progress or regression
c. Relationship of application performance to the user’s stated requirement
d. Documentation of accomplishments achieved during program development

A

b. Baseline of the current progress or regression

38
Q

Which of the following options contains the steps for business process reengineering (BPR) in the proper sequence?

a. Evaluate, envision, redesign, reconstruct, review
b. Envision, initiate, diagnose, redesign, reconstruct, evaluate
c. Initiate, evaluate, diagnose, reconstruct, review
d. Diagnose, envision, redesign, reconstruct

A

b. Envision, initiate, diagnose, redesign, reconstruct, evaluate

39
Q

The organization’s is focused on exploiting trends forecast in the next three to five years.

a. Operational plan
b. Long‐term planning
c. Managerial plan
d. Strategy

A

d. Strategy

40
Q

Which of the following statements is true concerning the steering committee?

a. Steering committee membership is composed of people with authority to make decisions from each department.
b. The steering committee conducts formal management oversight reviews.
c. The steering committee focuses Information Security Issues
d. The steering committee focuses the agenda on IT issues.

A

a. Steering committee membership is composed of people with authority to make decisions from each department.

41
Q

On an IPsec VPN, what protocol negotiates security associations? Choose the best response.

a. IKE
b. AH
c. ESP
d. L2TP

A

a. IKE

42
Q

You have a lingering problem with mobile users who connect to untrusted Wi-Fi networks without enabling their VPN, out of forgetfulness or lack of technical knowledge. What technology might help solve the problem? Choose the best response.

a. Full tunneling
b. Secure shell
c. ESP
d. Always-on VPN

A

d. Always-on VPN

43
Q

What’s the most essential tool for segmenting broadcast domains? Choose the best response.

a. Routers
b. VLANs
c. Bridges
d. Switches

A

a. Routers

44
Q

Which Wi-Fi feature should you disable to improve security? Choose the best response.

a. 802.1X
b. MAC filtering
c. WPA2
d. WPS

A

d. WPS

45
Q

What VPN type is secure, compatible with nearly any application, and supported by most operating systems? Choose the best response.

a. L2TP/IPsec
b. SSH
c. PPTP
d. SSL/TLS

A

a. L2TP/IPsec

46
Q

What is the biggest difference between disaster planning and business continuity planning?

a. Business continuity plans are run by IT.
b. Disaster planning is an extension of facility plans.
c. Business continuity plans span department boundaries.
d. Disaster plans are usually specific to a department.

A

c. Business continuity plans span department boundaries.

47
Q

What is the principal reason you might use a hot site?

a. It’s already configured for your use
b. You will have to install and configure new equipment
c. Expensive and prevents you from using other warm or cold site alternatives
d. May not be available during a crisis

A

a. It’s already configured for your use

48
Q

A critical success factor is defined as which of the following?

a. Something that must occur perfectly every time
b. An asset to be planned
c. A factor that is calculated for insurance purposes
d. A measure or score of efficiency

A

a. Something that must occur perfectly every time

49
Q

When can a warm site be used for recovery?

a. When the recovery is of high priority
b. When the actual recovery exceeds the recovery time objective
c. When it’s not profitable to operate a hot site
d. When the downtime is acceptable to the business without breaching any legal requirements

A

d. When the downtime is acceptable to the business without breaching any legal requirements

50
Q

Name one of the purposes of creating a business continuity plan.

a. To maximize the number of decisions made during an incident
b. To minimize decisions needed during a crisis
c. To lower business insurance premiums
d. To provide guidance for federal regulations

A

b. To minimize decisions needed during a crisis