In-Class Quizzes Flashcards
What type of network connects systems over the largest geographic area?
a. Storage area network (SAN)
b. Wide area network (WAN)
c. Local area network (LAN)
d. Metropolitan area network (MAN)
b. Wide area network (WAN)
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
a. Hub
b. Switch
c. Router
d. Firewall
b. Switch
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
a. Virtual private network (VPN)
b. Transport Layer Security (TLS)
c. Virtual LAN (VLAN)
d. Firewall
c. Virtual LAN (VLAN)
What protocol is responsible for assigning IP addresses to hosts on most networks?
a. Simple Mail Transfer Protocol (SMTP)
b. Virtual LAN (VLAN)
c. Dynamic Host Configuration Protocol (DHCP)
d. Transport Layer Security (TLS)
c. Dynamic Host Configuration Protocol (DHCP)
What wireless security technology contains significant flaws and should never be used?
a. Wi-Fi Protected Access (WPA)
b. Wired Equivalent Privacy (WEP)
c. WPA2
d. Remote Authentication Dial-In User Service (RADIUS)
b. Wired Equivalent Privacy (WEP)
What category of attacker might also be called cyberterrorists? Choose the best response.
a. Script kiddies
b. Hacktivists
c. Shadow IT
d. Nation states
b. Hacktivists
Your company has long maintained an email server, but it’s insecure and unreliable. You’re considering just outsourcing email to an external company that provides secure cloud-based email services. What risk management strategy are you employing? Choose the best response.
a. Risk mitigation
b. Risk transference
c. Risk avoidance
d. Risk acceptance
b. Risk transference
What element of your risk mitigation strategy helps keep future additions to your network from introducing new security vulnerabilities? Choose the best response.
a. Security audits
b. Technical controls
c. Change management
d. Incident management
c. Change management
Which of the following is a Windows operating system tool that displays or refreshes IP settings for network interfaces? Choose the best response.
a. Curl
b. Pathping
c. Scanless
d. Ipconfig
d. Ipconfig
__________ is a simulated attack designed to determine whether an attacker could compromise an asset.
a. vulnerability scan
b. reconnaissance
c. Pivot
d. penetration test
d. penetration test
Evil twins are mostly used as part of what kind of attack? Choose the best response.
a. Trojan horse
b. On-path
c. Denial of service
d. Phishing
b. On-path
You’ve just discovered a kind of malware that overwrites the hosts file to redirect web searches to a malicious site. What technique does it most likely use? Choose the best response.
a. VLAN hopping
b. ARP poisoning
c. Domain hijacking
d. DNS poisoning
d. DNS poisoning
You’re configuring a router, and want it to check the properties of incoming traffic before passing it on. What will this require? Choose the best response.
a. Configuring routing tables
b. Configuring ACLs
c. Only a fully featured firewall can do this
d. Either would have the same effect
b. Configuring ACLs
What DMZ topology is displayed? Choose the best response.
a. Bastion Host
b. Dual firewall
c. Three-homed firewall
d. UTM firewall
c. Three-homed firewall
On a subnet with limited physical security, you’re worried about ARP poisoning and DHCP spoofing attacks. What switch feature could help prevent both? Choose the best response.
a. Port security
b. DHCP snooping
c. MAC filtering
d. MACsec
d. MACsec
Which of the following statements is true?
a. The auditee is the person running the audit, and the client is the subject of the audit.
b. The auditor is the person running the audit, and the client is the subject of the audit.
c. The client is the person setting the scope for the audit, and the auditor performs the work.
d. The client pays for the audit, and the auditor sets the scope of the audit that will follow.
c. The client is the person setting the scope for the audit, and the auditor performs the work.
Which of the following assurance methods is acceptable for external use, including licensing?
a. Independent audit
b. Internal audit
c. External audit
d. Assessment
a. Independent audit
What is the definition of a standard as compared to a guideline?
a. Standards are mandatory controls designed to support a policy. Following guidelines is discretionary.
b. Guidelines are recommended controls necessary to support standards, which are discretionary.
c. Standards are discretionary controls used with guidelines to aid the reader’s decision process.
d. Guidelines are intended to designate a policy, whereas standards are used in the absence of a policy
a. Standards are mandatory controls designed to support a policy. Following guidelines is discretionary.
Which of the following types of risk are of the most interest to an IS auditor?
a. Inherent, noninherent, control, lack of control
b. Unknown, quantifiable, cumulative
c. Control, detection, noncompliance, risk of strike
d. Sampling, control, detection, inherent
d. Sampling, control, detection, inherent
What is the purpose of the audit charter?
a. To authorize the creation of the audit committee
b. To engage external auditors
c. To provide detailed planning of the audit
d. To grant responsibility, authority, and accountability
d. To grant responsibility, authority, and accountability