Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
To outsource some security functions, a firm can use an MISP.
Answer:
After access is granted to a network, many NACs continue to monitor network PCs.
Answer:
Antivirus protections may be deliberately turned off by users.
Answer:
There is a legitimate reason for systems administrators to crack user passwords.
Answer:
The goal of IT security is reasonable risk reduction.
Answer:
The 802.11 standards were developed by the IEEE 802.11 Working Group.
Answer:
Julia encrypts a message to David using public key encryption for confidentiality. After
encrypting the message, can Julia decrypt it?
Answer:
With image backup, even if the entire hard drive is lost, its content can be restored onto
the same machine or a different machine.
Answer:
When your mobile phone is on a network, it is a host.
Answer:
Senior officers often have an additional code of ethics.
Answer:
Compared to non-computer crime, computer crime is very small.
Answer:
It is very important for testers to get permission before running a password cracking
program on their company's computers to check for weak passwords even if such
testing is in their job definitions.
Answer:
The factors that require a firm to change its security planning, protection, and response
are called driving forces.
Answer:
A Microsoft domain can have multiple domain controllers.
Answer:
Traditionally, Ethernet LANs offered no access security.
Answer:
Detective countermeasures identify when a threat is attacking and especially when it is
succeeding.
Answer:
TCP has a comprehensive security protocol comparable to IPsec for IP.
Answer:
In a firewall policy database, the source field and destination field are fairly
explanatory.
Answer:
UNIX offers more directory and file permissions than Windows.
Answer:
A firewall does note set aside resources for a connection when a SYN segment arrives,
so handling a large number of false SYN segments is only a small burden.
Answer:
Secure wireless networks can be legally accessed by anyone and are frequently posted
as such.
Answer:
Using a secure cryptographic system can prevent attacks while data is being
transmitted.
Answer:
Verification requires more matches against templates than does identification.
Answer:
Magnetic tape can store large amounts of data at the lowest cost per bit of any backup
medium.
Answer:
Only an expert witness is allowed to interpret facts for juries.
Answer:
The hash size in SHA-1 is 160 bits.
Answer:
Companies are responsible for filtering sexually or racially harassing messages and can
be sued for not doing so.
Answer:
ICMP can be best described as the second part of a three-way TCP handshake sent in
response to a SYN.
Answer:
Mesh backup is where client PCs in an organization back up each other.
Answer:
An IDS provides query and reporting tools to help administrators analyze the data
interactively during and after an incident.
Answer:
Communication between IDS ________ must be secure.
A) managers and agents
B) vendors and managers
C) Both A and B
D) Neither A nor B
Answer:
Which of the following are ways that trade secret espionage occur?
A) Theft through interception
B) By bribing an employee
C) None of the above
D) All of the above
Answer:
The most common attack against a wireless network is a ________.
A) man-in-the-middle attack using an evil twin
B) wireless DOS attacks
C) unauthorized network access
D) None of the above
Answer:
What usually is the longest stage in a cryptographic system dialogue?
A) Ongoing communication
B) Negotiation of security methods and parameters
C) Keying
D) Mutual authentication
Answer:
COSO focuses on ________.
A) corporate internal and financial controls
B) IT governance
C) IT security governance
D) All of the above
Answer:
________ is the use of mathematical operations to protect messages travelling between
parties or stored on a computer.
A) Cryptography
B) Encryption
C) Authentication
D) Confidentiality
Answer:
Which of the following statements accurately describes iris recognition?
A) Iris recognition has high FARs.
B) Iris recognition technology is expensive.
C) Iris recognition scans the eye with lasers.
D) All of the above
Answer:
UNIX allows permissions to be assigned to ________.
A) the account that owns the file or directory
B) a group associated with the directory
C) everyone else
D) All of the above
Answer:
Firms still choose to use WPA in order to ________.
A) avoid configuration expenses for access points
B) avoid configuration expenses for wireless clients
C) Both A and B
D) Neither A nor B
Answer:
In manual procedures, the segregation of duties ________.
A) reduces risk
B) increases risk by creating blind spots
C) increases risk by reducing accountability
D) can only be done safely through information technology
Answer:
Which of the following measures do HMACs use?
A) Symmetric key encryption
B) Public key encryption
C) Hashing
D) All of the above
Answer:
The FTC can ________.
A) impose fines
B) require annual audits by external auditing firms for many years
C) Both A and B
D) Neither A nor B
Answer:
Informing employees that monitoring will be done is a bad idea.
Answer:
In order to demonstrate support for security, top management must ________.
A) ensure that security has an adequate budget
B) support security when there are conflicts between the needs of security and the needs
of other business functions
C) follow security procedures themselves
D) All of the above
Answer:
TCP electronic signatures ________.
A) do not exist
B) have automatic key exchange
C) Both A and B
D) Neither A nor B
Answer:
One of the two characterizations of expert hackers is ________.
A) automated attack tools
B) dogged persistence
C) Both A and B
D) Neither A nor B
Answer:
A ________ occur(s) when a single security element failure defeats the overall security
of a system.
A) spot failure
B) weakest link failure
C) defense in depth departure
D) critical failure
Answer:
In e-mail, the ________ protocol is fused or downloading new mail from the recipient's
mail server to the recipient's PC.
A) SMTP
B) POP
C) Both A and B
D) Neither A nor B
Answer:
What security functions typically are outsourced?
A) Intrusion detection
B) Vulnerability testing
C) Both A and B
D) Neither A nor B
Answer:
The decision to let an attack continue should be made by ________.
A) IT
B) IT security
C) senior business executives
D) public relations
Answer:
Attackers can exploit WEPs weaknesses by ________.
A) using WEP cracking software
B) reading two messages encrypted with the same key
C) Both A and B
D) Neither A nor B
Answer:
Precedents can be created by ________.
A) U.S. Circuit Courts of Appeal.
B) U.S. District Courts
C) Both A and B
D) Neither A nor B
Answer:
Eavesdropping can be thwarted by encrypting ________.
A) signaling traffic
B) transport traffic
C) Both A and B
D) Neither A nor B
Answer:
IDS false alarms cause ________.
A) companies to ignore IDS alerts
B) companies to install multiple IDSs using different methods
C) Both A and B
D) Neither A nor B
Answer:
What security function(s) usually is(are) not outsourced?
A) Planning
B) Intrusion detection
C) Vulnerability testing
D) All of the above
Answer:
________ evidence is evidence that is acceptable for court proceedings.
A) Title 18
B) Title 11
C) Forensic
D) Expert
Answer:
Companies address the risk of losing a security key by using ________.
A) encryption key resets
B) key escrow
C) Both A and B
D) Neither A nor B
Answer:
If Directory Server A trusts Directory Server Band Directory Server B trusts Directory
Server A, this is ________ trust.
A) Mutual
B) One-way
C) Transitive
D) Intransitive
Answer:
Which of the following is not a common problem with antivirus protections?
A) Users may turn the AV off.
B) The virus program contract may expire.
C) Automatic updates of virus signatures might be inadvertently turned off.
D) All of the above are common problems with antivirus protections.
Answer:
________ servers synchronize directory servers from different vendors.
A) Synchronization
B) LDAP
C) Metadirectory
D) Central authentication
Answer:
SSL/TLS is used for ________ VPNs.
A) host-to-host
B) remote access
C) Both A and B
D) Neither A nor B
Answer:
Which of the following is an OSI standards agency?
A) ISO
B) ITU-T
C) Both A and B
D) Neither A nor B
Answer:
________ means implementing no countermeasures and absorbing any damages that
occur.
A) Risk reduction
B) Risk acceptance
C) Risk avoidance
D) None of the above
Answer:
