Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Generally speaking, vendors use similar mechanisms for downloading and installing
patches.
Answer:
Focusing electronic attacks on specific high-value targets is known as promiscuous
attacks.
Answer:
Social engineering is rarely used in hacking.
Answer:
A false acceptance occurs when a person is improperly matched to a template.
Answer:
Policies should not require that backup data be encrypted.
Answer:
Data is the principal element of any information system.
Answer:
Backup media should be encrypted.
Answer:
Using a secure cryptographic system can prevent attacks while data is being processed.
Answer:
In 802.11i, EAP outer authentication takes place before inner authentication.
Answer:
Security metrics allow a company to know if it is improving in its implementation of
policies.
Answer:
In relational database, a row is different from a record.
Answer:
To use an access point, you must know its SSID.
Answer:
With CDP, the backup site already has the proper equipment, and data and recovery is
instantaneous.
Answer:
Focusing electronic attacks on specific high-value targets is known as whaling.
Answer:
Windows offers only 3 directory permissions.
Answer:
Attackers frequently create exploits within hours or days after a fix is released by a
vendor.
Answer:
In fraud, the attacker deceives the victim into doing something against the victim's
financial self-interest.
Answer:
To test the digital signature, the verifier will use sender's public key.
Answer:
To get to the super user account in UNIX, the administrator can use the RunAs
command.
Answer:
Any device with an IP address is a host.
Answer:
When assigning initial permissions, it is good to give the least permissions believed to
be necessary and then add permissions if appropriate.
Answer:
The act of taking over a super user account is called hacking root.
Answer:
Changing the default listening port is an effective way of discouraging attackers from
accessing the database.
Answer:
Identity theft is stealing credit card numbers.
Answer:
Preventative countermeasures identify when a threat is attacking and especially when it
is succeeding.
Answer:
Image backup is a fast form of backups.
Answer:
CDP requires expensive high-speed transmission link between the sites.
Answer:
Writing data to an array of hard drives has several advantages over writing to a single
drive.
Answer:
The book recommends hard-headed thinking about security ROI analysis.
Answer:
Federal jurisdiction typically does not extend to computer crimes that are committed
entirely within a state and that do not have a bearing on interstate commerce.
Answer:
An example of "pressure" from the fraud triangle would include paying back embezzled
money.
Answer:
With centralized backup, each location backs up the other in real time.
Answer:
________ tell the attacker that a certain IP address has a live host or router.
A) ICMP Echo replies
B) ICMP error messages
C) Both A and B
D) Neither A nor B
Answer:
An IDS is a ________ control.
A) preventative
B) detective
C) restorative
D) All of the above
Answer:
The fastest propagation occurs with some types of ________.
A) viruses
B) worms
C) Trojan horses
D) bots
Answer:
In ________ filtering, the firewall filters packets when they are leaving the network.
A) ingress
B) egress
C) Both A and B
D) Neither A nor B
Answer:
To ensure that a digital certificate is valid, the receiver of the certificate must check
________.
A) the digital signature
B) the valid period
C) whether the certificate has been revoked
D) All of the above.
Answer:
A ________ is a material deficiency, or combination of significant deficiencies, that
results in more than a remote likelihood that a material misstatement in the annual or
interim financial statements will not be prevented or detected.
A) material control failure
B) material control deficiency
C) critical control deficiency
D) critical control failure
Answer:
Which of the following are reasons to ensure WWW Service and E-Commerce
security?
A) Cost of disruptions
B) Customer fraud
C) Exposure of sensitive private information
D) All of the above
Answer:
Mobile code usually is delivered through ________.
A) webpages
B) e-mail
C) directly propagating worms
D) All of the above
Answer:
An organization with a ________ domain name must maintain one or more DNS
servers.
A) first-level
B) second-level
C) third-level
D) All of the above.
Answer:
DoS attacks can cause harm by ________.
A) stopping a critical service
B) slowly degrading services over a period of time
C) Both A and B
D) Neither A nor B
Answer:
A ________ card is an access card that has a built-in microprocessor and memory.
A) magnetic stripe
B) smart
C) Both A and B
D) Neither A nor B
Answer:
If an attacker takes over a firewall, he or she will be able to ________.
A) allow connection-opening requests that violate policy
B) reroute internal data to alternate paths
C) provide the false sense that the firewall is still working correctly
D) All of the above
Answer:
When a system runs out of storage space, ________.
A) new events are not saved
B) the IDS will start a new log file
C) Both A and B
D) Neither A nor B
Answer:
Stealing credit card numbers is also known as ________.
A) identity theft
B) carding
C) Both A and B
D) Neither A nor B
Answer:
A ________ is an older attack that uses an illegally large IP packet to crash an operating
system.
A) smurf flood
B) P2P redirect
C) ping of death
D) None of the above
Answer:
Which of the following gives the best estimate of the complete cost of a compromise?
A) ALE
B) ARO
C) TCI
D) Life cycle cost
Answer:
Directory servers from different vendors are synchronized through ________.
A) LDAP
B) central authentication servers
C) AD servers
D) None of the above
Answer:
The organization that funded the creation of the Internet is ________.
A) the IETF
B) ISO
C) DARPA
D) the National Science Foundation
Answer:
Which CobiT domain has the most control objectives?
A) Planning & Organization
B) Acquisition & Implementation
C) Delivery & Support
D) Monitoring
Answer:
Under what Internet Options tabs are cookies controlled?
A) Privacy
B) Security
C) Protection
D) Advanced
Answer:
In 802.11i, ________ authentication always uses SSL/TLS.
A) inner
B) outer
C) Both A and B
D) Neither A nor B
Answer:
The ISO/IEC 2700 family focuses on ________.
A) corporate governance
B) IT governance
C) IT security governance
D) All of the above about equally
Answer:
Which of the following is an example of a wireless attack?
A) Unauthorized network access
B) Man-in-the-middle attack using an evil twin
C) Wireless DOS attacks
D) All of the above
Answer:
________ is a social engineering trick where an intruder may follow an authorized user
through a door that the authorized user opens with an access device.
A) Shoulder surfing
B) Shadowing
C) Trailing
D) Piggybacking
Answer:
When two parties in an IPsec connection communicate back and forth, there are
________ security associations.
A) 1
B) 2
C) 3
D) 4
Answer:
VoIP traffic and data traffic tend to be segregated from each other on a network for
added security.
A) True.
B) False. This would increase costs too much.
C) False. This would negate the benefits of convergence.
Answer:
Image backup is attractive because ________.
A) it requires minimal additional work to restore a fully functioning PC
B) it is faster than file/directory backup
C) it takes up less storage space than file/directory backup
D) Both A and C
Answer:
Which of the following is a type of VPN?
A) Host-to-host
B) Remote access
C) Both A and B
D) Neither A nor B
Answer:
Which of the following is a formal process?
A) Annual corporate planning
B) Planning and developing individual countermeasures
C) Both A and B
D) Neither A nor B
Answer:
When a new EAP authentication is added, software does not have to be changed on the
________.
A) client
B) authenticator
C) central authentication server
D) No software has to be changed on ANY device
Answer:
If a firewall cannot keep up with traffic volume, it will ________.
A) continue passing all packets but slow operation
B) drop packets it cannot process
C) pass any packets it cannot filter
D) shut down, failing safely
Answer:
Why did hackers attack Sony Corp?
A) To test their technical skills
B) Because Sony was suing a fellow hacker
C) As part of a larger cyberwar exercise
D) Because Sony put a malicious rootkit on certain music disks
Answer:
In a crisis, human cognition ________.
A) is degraded
B) is enhanced
C) Both A and B
D) Neither A nor B
Answer:
Mobile computers should be backed up ________.
A) before being taken off site
B) as soon as brought back on-site
C) Neither A nor B. Mobile computers do not need to be backed up.
D) Both A and B
Answer:
________ specify how a company will restore IT functions after a disaster.
A) Business continuity plans
B) IT disaster recovery plans
C) Both A and B
D) Neither A nor B
Answer:
