nt2580 final exam – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following is an action that could damage an asset?
answer
Threat
question
Which law requires all types of financial institutions to protect customers' private financial information?
answer
Gramm-Leach Bliley
question
An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality?
answer
Protecting Private Data
question
Which of the following is a detailed written definition of how software and hardware are to be used?
answer
-Standard
question
identify the common types of data classification standards?
answer
• Private data
• Confidential
• Internal use only
• Public domain data
question
What does a lapse in a security control or policy create?
answer
Gaps
question
Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?
answer
Vulnerabilities and Threats
question
Which of the following terms refers to the likelihood of exposure to danger?
answer
Risk
question
Which domain is primarily affected by weak endpoint security on a VPN client?
answer
Remote Access Domain
question
Identify two phases of the access control Process?
answer
Authentication and authorization
question
You log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. This is an example of which of the following?
answer
Logical access control
question
Which of the following is a type of authentication?
answer
Knowledge, ownership, characteristics
question
Identify an example of an access control formal model.
answer
DAC,
question
Which of the following access control models is based on a mathematical theory published in 1989 to ensure fair competition?
answer
Brewer and Nash Integrity
question
Which of the following are primary categories of rules that most organizations must comply with?
answer
Regulatory Compliance, Organizational Compliance
question
Which of the following is not a part of an ordinary IT security policy framework?
answer
standards, procedures, baselines, and guidelines.
question
Which of the following helps you determine the appropriate access to classified data?
answer
Data classification standards
question
Which of the following refers to the management of baseline settings for a system device?
answer
Configuration control
question
Identify a primary step of the SDLC.
answer
Design is a primary step
question
Which of the following is a process to verify policy compliance?
answer
Security Auditing
question
When monitoring a system for anomalies, the system is measured against _.
answer
-Baseline
question
Which of the following is not a type of penetration test?
answer
Black-box testing, White-box testing, Grey-box testing
question
Identify a drawback of log monitoring.
answer
Monitoring Issues
question
Which of the following is not a type of monitoring device?
answer
IDS,IPSs
question
Identify the primary components of risk management.
answer
Reduction, Avoidance, Mitigation
question
Which of the following is not a part of a quantitative risk assessment?
answer
- BCP
question
What are the primary components of business continuity management (BCM)?
answer
BCP and DRP
question
Which of the following determines the extent of the impact that a particular incident would have on business operations over time?
answer
Business Impact Analysis
question
What does risk management directly affect?
answer
security controls
question
Which of the following is a cipher that shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A?
answer
Caesar
question
Identify a security objective that adds value to a business
answer
Authorization or privacy
question
Which of the following is an asymmetric encryption algorithm?
answer
Rivest-Shamir-Adelman RSA
question
Identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature.
answer
Nonrepudiation
question
Which of the following is a mechanism for accomplishing confidentiality, integrity, authentication, and nonrepudiation?
answer
Cryptography
question
In which OSI layer do you find FTP, HTTP, and other programs that end users interact with?
answer
Application Layer
question
Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives.
answer
Multilayered Firewalls
question
Which of the following would you not expect to find on a large network?
answer
HUBS
question
Which of the following is a weakness of WLANs?
answer
SSID
question
Identify an advantage of IPv6 over IPv4.
answer
Larger address space)
question
identify one of the first computer viruses to appear in the world.
answer
Lehigh
question
Which of the following is not a primary type of computer attack?
answer
Unstructured attacks, Structured attacks, Direct attacks, Indirect attacks
question
How do worms propagate to other systems?
answer
through servers
question
Which of the following type of program is also commonly referred to as a Trojan horse?
answer
Backdoor Trojan
question
Which defense-in-depth layer involves the use of chokepoints?
answer
Network
question
How does a standard differ from a compliance law?
answer
- Standards
question
Which of the following is not a principle of the PCI DSS?
answer
Build and maintain policy
question
Identify the compliance law that requires adherence to the minimum necessary rule.
-
answer
- HIPPA
question
. Identify the compliance law whose primary goal is to protect investors from financial fraud.
answer
SOX
question
U.S. organizations must comply with
answer
federal laws AND laws of the states
