Official Study Guide Flashcards

1
Q

the Digital Millennium Copyright Act (DMCA) requires ISP’s to act promptly when notified of copyright infringement to address data stored or cached on systems controlled by it, but not on ___

A

data actively transmitted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

the ___ act provides protection of trade secrets

A

Economic Espionage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Patents are registered with the ___

A

United States Patent and Trademark Office (USPTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

the ___ requires federal agencies to implement information security programs

A

Federal Information Security Management Act (FISMA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

a ___ audit covers business continuity planning

A

SOC 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

the threshold for malicious damage to a federal computer system that triggers the Computer Fraud and Abuse Act is ___

A

$5,000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

___ is a control objective framework that is widely accepted around the world and focuses specifically on information security controls

A

ISO 27002

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

___ requires that communications service providers cooperate with law enforcement requests

A

The Communications Assistance for Law Enforcement Act (CALEA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

the ___ of a company is not typically involved in BDP meetings, but should approve it when it is complete

A

CEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

the cutoff age below which parents must give consent in advance of the collection of personal information from their children under the Children’s Online Privacy Protection Act (COPPA) is ___

A

13

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

reliability of the materials and equipment used by a company are addressed in its ___

A

supply chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A ___ most often refers to a formal US government process for assessing security controls and is often paired with a Security Test and Evaluation (ST&E) process.

A

security controls assessment (SCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Control Objectives for Information and Related Technology (COBIT) would be used by a ___ to help balance IT security needs with business needs

A

business owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

the security baseline applied to a system is primarily determined by ___

A

the classification of data it contains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

even if it has been anonymized, personal health information should be classified as ___

A

Private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

to make sure the windows workstations are in compliance with a security baseline, use ___

A

Microsoft Group Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

data with the military classification of ___ would, if disclosed, could cause serious harm to national security

A

Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

due to danger of remnant data, the US National Security Agency requires the ___ of SSD’s when no longer needed

A

physical destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The ___ requires conspicuously posted privacy policies on commercial websites that collect the personal information of California residents

A

California Online Privacy Protection Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

data “in motion” means data that is travelling ___ only

A

electronically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

the earliest detection of fires can detect them in the ___ phase

A

incipient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

business “Confidential” classification is equivalent to ___ or the military classification ___ and poses ___ danger, even though “Confidential” is the lowest military classification

A

proprietary; top secret; exceptionally grave

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

restricting access of a process to system resources to limit its impact on other processes (like a sandbox) is known as ___

A

confinement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

if a customer is using IaaS and leaves sensitive information on a vendor’s drive, it is the ___ responsibility to remove the data

A

vendor’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
in assessing and accepting security controls, ___ means it has been validated by a company's testers, ___ means it has been accepted by management (or an approved authority), and ___ means it has been validated by a third party
certification; accreditation; verification
26
to deter a casual intruder, fences should be ___ high, to deter a determined intruder it should be ___ high and have ___ at the top
6 ft; 8 ft; 3 strands of barbed wire
27
Halon is no longer used for fire suppression because ___
it contains CFC's
28
___ sensors detect changes in electromagnetic fields to detect motion
capacitance
29
___ is malware which exploits port __ and infects IoT devices
Mirai, 23
30
Frame Relay supports ___, unlike X.25
multiple private virtual circuits (PVCs)
31
wireless clients on a LAN typically operate in ___ mode, which allows them to communicate with other clients through a Access Point
Infrastructure (or Master)
32
The RST flag is used to ___ in a TCP packet
reset or disconnect a session
33
The ___ Authentication Protocol is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks
Challenge-Handshake (CHAP)
34
DNS ___ is when an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems, and DNS ___ occurs when an attacker sends false replies to a requesting system, beating valid replies from the actual DNS server
poisoning; spoofing
35
___ is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel
iSCSI
36
1000BaseT is capable of a ___-meter run
100
37
the two classes of Integrated Services Digital Network (ISDN) are ___ and ___
Basic Rate Interface (BRI); Primary Rate Interface (PRI)
38
SPIT stands for ___
Spam over Internet Telephony
39
one risk of non-IP protocols on a network is that ___
firewalls may not be able to filter them out
40
Ethernet uses a ___ topology
bus
41
___ is used to allow assertions of domain identity | to validate email
Domain Keys Identified Mail (DKIM)
42
of the most commonly found LAN authentication technologies, Kerberos is SSO but ___ is not
RADIUS
43
Kerberos uses ___ to encrypt authentication information
AES
44
when an access table has no roles, rules or classifications, it is likely a simple ___ system, which is becoming more popular with cloud-based systems
resource-based access
45
an LDAP Distinguished Name (DN) can have values separated by ___ or ___, but cannot end with any character like ___
"," or "+" | ";"
46
The stored sample of a biometric factor is called a ___ or a ___
reference profile; reference template
47
SAML does not have a security mode and relies on | ___ and ___ to ensure security if needed
TLS; digital signatures
48
badge readers are considered a category ___ control
physical
49
in Mandatory Access Control a user with a Secret classification can access data classified as ___
Secret only (not higher or lower)
50
The ___ for LDAP provides support for a range of authentication types, including secure methods
Simple Authentication and Security Layer (SASL)
51
in ___ access control, the owner of the data rather than a system administrator sets permissions
discretionary
52
Nikto is useful for ___
vulnerability scanning web servers and applications
53
if nmap shows a port being "Filtered" is means ___
it cannot be reached due to firewall interference
54
if you learn about a zero day vulnerability on systems you use, your first step should be to check ___
the versions you are running to see if the vulnerability applies to you
55
only ___ wireless scans can reveal rogue devices
passive
56
Linux, wireless and firewall systems all generate a syslog, but ___ systems use a proprietary format
windows
57
a TCP ___ scan can be used to identify active services on a network without using any elevated privileges
connect
58
in reporting on a pen test, care should be taken to avoid ___
accidental additional exposure if the wrong people see the vulnerabilities reported
59
Port ___ is used for administrative connections
22 (SSH)
60
besides disk space, excessive logging can also tax ___
system processing power (slow things down)
61
___ scans use a read-only account to access configuration files, allowing more accurate testing of vulnerabilities
Authenticated
62
anything that disrupts operations can be considered a ___
disaster
63
___ refers to the privileges granted to users when an account is first provisioned
Entitlement
64
The ___ phase of incident response focuses on actions that can contain the damage incurred during an incident. This includes limiting the scope and or effectiveness of the incident
Mitigation
65
for something to be considered a security ___, an actual security compromise or policy violation must take place
incident
66
mandatory vacations should be for at least ___ days
7
67
Egress filtering scans outbound traffic for potential security policy violations. This includes traffic with a private IP address as the destination, traffic with a broadcast address as the destination, and traffic that has a falsified source address not belonging to the organization, but shouldn't include ___
Traffic with a destination address on an external network
68
many firewalls use ___ as part of their anti-SYN-flood response
spoofing
69
a ___ can help manage assets by gathering information about all systems on a network (even mobile devices), the OS and applications installed, security settings, etc.
System Center Configuration Manager (SCCM or ConfigMgr)
70
the degree of a table is the number of ___
columns (Attributes)
71
___ is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone. An ___ problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity
Aggregation; inference
72
___ viruses use multiple propagation mechanisms to defeat system security controls but do not necessarily include techniques designed to hide the malware from antivirus software.
Multipartite
73
___ viruses tamper with the operating system to hide their existence
Stealth
74
___ is typically the last phase of the software testing process
User acceptance testing (UAT)
75
___ provides the most effective defense against session hijacking because it encrypts all traffic between the client and server, preventing the attacker from stealing session credentials
Transport Layer Security (TLS)
76
When a system uses shadowed passwords, the /etc/passwd file would contain ___ to indicate that the password hash is in the shadow file
an x
77
A ___ in an website input field is used to escape outside the input field in a SQL injection attack
single quotation mark
78
parameterization and ___ restricted characters in an input field prevents them from being passed to the database
Escaping
79
expert systems have two main components, a knowledge base and ____
an inference engine
80
testing software with knowledge of the code, but from the user's perspective is ___ box testing
grey
81
limiting ___ is one way to limit the abuse of API's
request rates