ISEC 5305 test 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
True or False: Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer.
answer
True
question
Which law governs the use of the IoT by healthcare providers, such as physicians and hospitals
answer
HIPPA
question
Jody would like to find a solution that allows realtime document sharing and editing between teams. Which technology would best suit her needs?
answer
Collaboration
question
What do organizations expect to occur with the growth of the IoT?
answer
Higher Risks
question
In Mobile IP, what term describes a device that would like to communicate with a mobile node(MN)?
answer
Correspondent node (CN)
question
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?
answer
HIPPA
question
True or False: An IT security policy framework is like an outline that identifies where security controls should be used
answer
True
question
True or False: Authorization is the process of granting rights to use an organizations IT assets, systems, applications, and data to a specific user.
answer
True
question
Which organization pursues standards for the IoT devices and is widely recognized as the authority for creating standards of the Internet?
answer
Internet Society
question
True or False: Store-and-Forward communications should be used when you need to talk to someone immediately.
answer
False
question
True or False: IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations
answer
True
question
True or False: Metadata of IoT devices can be sold to companies seeking demographic marketing data about users and their spending habits
answer
True
question
True or False: Bring your own device (BYOD) opens the door to considerable security risks
answer
True
question
Which IoT challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
answer
Interoperability
question
Which tool can capture the packets transmitted between systems over a network?
answer
Protocol analyzer
question
True or False: Denial of service (DoS) attacks are larger in scope than Distributed Denial of Service (DDoS) attacks
answer
False
question
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
answer
Fabrication
question
True or False: Rootkits are malicious software programs designed to be hidden from normal methods of detection
answer
True
question
True or False: When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks
answer
True
question
True or False: Cryptography is the process of transforming data from cleartext to ciphertext.
answer
False (Encryption not Cryptography)
question
True or False: The Director of IT security is generally in charge of ensuring that the Workstation Domain conforms to Policy
answer
True
question
True or False: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services
answer
True
question
?True or False: Networks, routers, and equipment require continuous monitoring and management to keep WAN service available
answer
True
question
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
answer
Policy
question
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
answer
Standard
question
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
answer
Integrity
question
True or False: The system/application domain holds all the mission critical systems, applications, and data.
answer
True
question
True or False: Each 4g device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.
answer
True
question
True or False: One of the first industries to adopt and widely use mobile applications was the healthcare industry
answer
True
question
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
answer
Logic attack
question
? Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
answer
443
question
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?
answer
Spim
question
True or False: A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
answer
False
question
True or False: Cryptography is the process of transforming data from cleartext into ciphertext
answer
False: Encryption
question
Which risk is most effectively mitigated by an upstream Internet Service Provider (ISP)?
answer
Distributed Denial of Service (DDoS)
question
True or False: Organizations should start defining their IT security policy framework by defining as asset classification policy
answer
True
question
True or False: Encrypting the data within databases and storage devices gives an added layer of security
answer
True
question
True or False: Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
answer
True
question
? Which network device is capable of blocking network connections that are identified as potentially malicious?
answer
Demilitarized Zone (DMZ)
question
True or False: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
answer
True
question
True or False: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
answer
False: Apply first level and second level tokens and biometrics
question
Which element of the security policy framework offers suggestions rather than mandatory actions?
answer
Guideline
question
?True or False: A VPN router is a security appliance that is used to filter IP packets
answer
False
question
Which of the following is NOT an area of critical infrastructure where the Internet of Things (IOT) is likely to spur economic development in less developed countries? a) Water Supply management b) Agriculture c) Wastewater Treatment d) E-commerce
answer
d) e-commerce
question
True or False: Bricks-and-mortar stores are completely obsolete now.
answer
False: They have global reach
question
True or False: Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones
answer
True
question
True or False: E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls.
answer
True
question
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?
answer
Collaboration
question
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
answer
Correspondent node
question
True or False: A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet
answer
false: e-commerce
question
? True or False: IoT devices cannot share and communicate you IoT device data to other systems and applications without your authorization or knowledge
answer
True
question
Which act governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?
answer
Health Insurance Portability and Accountability Act (HIPAA)
question
Which term describes an action that can damage or compromise an asset?
answer
Threat
question
True or False: The anti-malware utility is one of the most popular backdoor tools in use today
answer
False: Netcat
question
Which password attack is typically used specifically against password files that contain cryptographic hashes?
answer
Birthday attacks
question
What type of malicious software masquerades as legitimate software to entice the user to run it?
answer
Trojan Horse
question
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through it's online site. Which type of loss did the company experience as a result of lost sales?
answer
opportunity cost
question
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support the service?
answer
80
question
True or False: A phishing attack "poisons" a domain name on a domain name server.
answer
False: Pharming
question
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
answer
Typosquatting
question
True or False: Vishing is a type of wireless network attack
answer
False: Social Engineering attacks
question
True or False: A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
answer
True
question
True or False: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
answer
True
question
True or False: Using a secure logon and authentication process is one of the six steps to prevent malware.
answer
True
question
True or False: Failing to prevent an attack all but invites an attack
answer
True
question
Which formula is typically used to describe the components of information security?
answer
Risk = Threat X Vulnerabilities
question
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
answer
Simulation Test
question
True or False: The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
answer
True
question
True or False: The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
answer
True
question
True or False: A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
answer
False: Gap analysis
question
What is the first step in a disaster recovery effort?
answer
Ensure that everyone is safe
question
True or False: The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
answer
True
question
True or False: The Government Information Security Reform Act of 2000 focuses on management and evaluation of the security of unclassified and national security systems.
answer
True
question
What compliance regulation applies specifically to the educational records maintained by schools about students?
answer
Family Education Rights and Privacy Act (FERPA)
question
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
answer
13
question
Earl is preparing a risk register for his organization's risk management program. Which data is LEAST likely to be included in a risk register?
answer
Risk Survey results
question
True or False: User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity
answer
False: Task-based
question
True or False: A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side of the wall
answer
True
question
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
answer
Rule-based access control
question
Which of the following is an example of two-factor authentication? a) personal identification number (PIN) and password b) token and smart card c) password and security questions d) smart card and personal identification number (PIN)
answer
d
question
Which of the following is an example of a hardware security control? a) Security Policy b) NTFS permission c) MAC filtering d) ID badge
answer
d
question
True or False: Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it
answer
True
question
True or False: Voice patter biometrics are accurate for authentication because voices can't easily be replicated by computer software
answer
False: easy to replicate
question
True or False: You should use easy-to-remember personal information to create secure passwords
answer
False
question
True or False: A trusted operating system (TOS) provides features that satisfy specific government requirements for security.
answer
True