Wiley P2 Flashcards
What activity is being performed when you apply security controls based on the specific needs of the IT system that they will be applied to?
Scoping is the process of reviewing and selecting security controls based on the system that they will be applied to.
Mark’s company is involved in a civil case. What evidentiary standard is he likely to need to meet?
Civil cases typically rely on a preponderance of evidence.
What type of websites are regulated under the terms of COPPA?
The Children’s Online Privacy Protection Act (COPPA) regulates websites that cater to children or knowingly collect information from children under the age of 13.
What two types of attacks are VoIP call managers and VoIP phones most likely to be susceptible to?
Call managers and VoIP phones can be thought of as servers or appliances and embedded or network devices. That means that the most likely threats that they will face are denial-of-service (DoS) attacks and attacks against the host operating system. Malware and Trojans are less likely to be effective against a server or embedded system that doesn’t browse the internet or exchange data files; buffer overflows are usually aimed at specific applications or services.
George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George’s company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George’s testimony?
The hearsay rule says that a witness cannot testify about what someone else told them, except under very specific exceptions. The courts have applied the hearsay rule to include the concept that attorneys may not introduce logs into evidence unless they are authenticated by the system administrator. In this question, scenario George might also be able to provide a sworn affidavit.
Martha is the information security officer for a small college and is responsible for safeguarding the privacy of student records. What law most directly applies to her situation?
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of students in any educational institution that accepts any form of federal funding.
Which one of the following intellectual property protection mechanisms has the shortest duration in the United States?
Patents have the shortest duration of the techniques listed: at most, 20 years. Copyrights last for 70 years beyond the death of the author if owned by an individual, or 95 years from publication or 120 years from creation if owned by a corporation. Trademarks are renewable indefinitely, and trade secrets are protected as long as they remain secret.
What is passive monitoring?
This is employing a network tap, span port, or other means of copying actual traffic to a monitoring system that can identify performance and other problems. This will avoid introducing potentially problematic traffic on purpose while capturing actual traffic problems.
What is active monitoring?
Active monitoring relies on synthetic or previously recorded traffic, and both replay and real time are not common industry terms used to describe types of monitoring.