Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Concepts and Practices, Exams of Information Systems

A wide range of cybersecurity topics, including access control, network security, incident response, and more. It provides an overview of various security concepts, techniques, and best practices that organizations can implement to protect their information systems and data. The importance of physical security controls, access management, encryption, vulnerability scanning, and incident response planning. It also covers common cyber threats such as ip spoofing, ddos attacks, and data diddling, and the measures that can be taken to mitigate these risks. Overall, this document serves as a comprehensive guide to understanding and applying fundamental cybersecurity principles to safeguard an organization's digital assets.

Typology: Exams

2023/2024

Available from 09/21/2024

josh1990
josh1990 🇺🇸

5

(2)

2.2K documents

Partial preview of the text

Download Cybersecurity Concepts and Practices and more Exams Information Systems in PDF only on Docsity! Domain 5- Protection of Information Assets Final Comprehensive Exam with Questions and Answers 100% Accuracy Which type of attack/technique involves a small amount of money being taken away? a. salami b. logic bomb c. virus - Correct Answer a. salami Which of the following is NOT part of the TLS handshake? a. The server always checks and confirms the validity of the client certificate. b. The client requests a secure connection from the server and presents a list of supported cipher suites. c. The client always checks and confirms the validity of the server certificate. d. The server picks a cipher and hash function that it also supports from this list and notifies the client of the decision. - Correct Answer c. The client always checks and confirms the validity of the server certificate. note- Client certificate validation is an optional part of the Transport Layer Security (TLS) handshake and does not happen all the time. Which of the following is NOT a drawback when using security guards at physical facilities? a. Security guards are usually considered an expensive physical access control. b. Security guards may not always be reliable. c. Security guards may not fully understand the scope of the operations at the facility. d. None of the answer choices are correct. - Correct Answer c. Security guards may not fully understand the scope of the operations at the facility. note- Security guards are usually not provided full knowledge of the scope of a facility's operations to minimize the likelihood that a security guard may disclose sensitive company information Which of the following describes a software as a service (SaaS) cloud-based service shared by a limited number of organizations? a. Public b. Community c. Hybrid d. Private - Correct Answer b. Community note- A community cloud provides a cloud computing solution to a limited number of organizations. This deployment model is a multi-tenant platform that enables multiple entities to work on the same platform. Which of the following issues increases the complexity of network management? a. Multiple access b. Multiple protocols c. Multiple transmission media d. Multiple topologies - Correct Answer c. Multiple transmission media note- Increases in the number of transmission media increase the complexity of large distributed system network management. For example, each medium may require different protocols, equipment, and software, with additional expertise in a network administrator. An increased number of transmission media may complicate the standardization of management procedures across a large distributed system. Using different transmission media may result in different costs, system reliability, or performance. What must begin after a physical intrusion detection alarm is initiated and reported? a. Communication b. Deployment c. Assessment d. Interruption - Correct Answer c. Assessment note- C. use the forensic software on the original disk because forensic software does not change the contents of the disk. D. make an image of the disk using specialized hardware or software, then use the imaged copy for examination and keep the original for evidence. - Correct Answer D. make an image of the disk using specialized hardware or software, then use the imaged copy for examination and keep the original for evidence. note- it is crucial to collect and gather evidence that does not modify the original evidence and preserve the chain of custody. When faced with a situation where evidence could be used in a criminal matter, it is best to retain the original disk. Shoulder surfing can be prevented by: a. hashing passwords in storage. b. installing encryption techniques for password communication. c. promoting education and awareness. d. multifactor authentication. - Correct Answer c. promoting education and awareness. note- Shoulder surfing is an example of a social engineering attack which is used to acquire sensitive information such as passwords, personal identification numbers (PINs), and other confidential data by peeking over the victim's shoulder. The key concept in shoulder surfing is to make sure that no unintended party watches a user while the user is using devices or discussing confidential information. Security education and awareness can help mitigate the risk of shoulder surfing. When granting temporary access to a third party, which of the following is the MOST effective control? a. Administrator access is granted for a temporary period. b. User accounts are based on requested services and created with expiration dates. c. Once the services are delivered, user IDs are deleted. d. Third-party access commensurate to the service-level agreement - Correct Answer b. User accounts are based on requested services and created with expiration dates. note- Ensuring the granting of temporary access is based on services to be provided. An expiration date associated with each unique ID would be the most effective control. Which of the following pairs of security objectives, rules, principles, and laws are greatly in conflict with each other, within the same pair? a. Transborder data flows and data privacy laws b. All-or-nothing access principle and the security perimeter rule c. File protection rules and access granularity principle d. Least privilege principle and employee empowerment - Correct Answer d. Least privilege principle and employee empowerment note- The least privilege principle is a security principle that requires each subject to be granted the most restrictive set of privileges needed to perform authorized tasks. Applying this principle limits the damage that can result from accidents, errors, or unauthorized use. This is in great conflict with employee empowerment, which gives employees the freedom to do a wide variety of tasks. Which of the following is an effective detective control against computer viruses? a. Encryption b. Periodic scanning c. System isolation d. Program change controls - Correct Answer b. Periodic scanning note- Computer scanning programs are an excellent way to detect viruses. Scanning software must be updated regularly to ensure newly reported viruses are included. A computer fraud occurred using an online accounts receivable database application system. Which of the following logs would be most useful in detecting which data files were accessed from which terminals? a. Access control security b. Telecommunications c. Application transaction d. Database - Correct Answer a. Access control security (detective control) note- Access logs show who accessed what data files, when, and from what terminal, including the nature of the security violation. Telecommunication logs list inbound and outbound communication records and are usually used to monitor and customer experience. Which of the following network security tools potentially blocks perpetrators from accessing a company's network? a. Security incident and event monitoring (SIEM) system b. Honeynet c. Intrusion detection system (IDS) d. Intrusion prevention system (IPS) - Correct Answer d. Intrusion prevention system (IPS) note- An IPS is configured to both detect and prevent potential attacks on the IT environment and assets. Some IPSs are also designed to reconfigure other security mechanisms, e.g., a firewall. The IPS effectively limits damage to affected systems and must be appropriately configured to accept or deny network traffic correctly. The security team at a fintech (financial technology) organization is planning to conduct penetration testing in the next week. What is the MOST critical concern for the security team? a. Affected users must be notified immediately. b. Whether the target system can be restored to its original state c. Which teams will review the test results d. Whether the test will uncover all vulnerabilities in the target system - Correct Answer b. Whether the target system can be restored to its original state note- To perform a penetration test, the tester may make changes to system settings, e.g., creating test IDs, change in firewall rules, etc. The changes must be reversed to restore the system to its original state to ensure system operations and functionality are not impacted. Logical access controls provide a technical means of controlling access to IT resources. Which of the following is a benefit of logical access controls? note- Access control lists (ACLs) are used to separate data traffic into that which it will route (permitted packets) and that which it will not route (denied packets). ACLs perform packet filtering to control the movement of packets through a network. An access control policy for a bank teller is an example of the implementation being: a. user-directed. b. role-based. (RBAC) c. rule-based. d. identity-based. - Correct Answer b. role-based. (RBAC) note- With role-based access control (RBAC), access decisions are based on the roles that individual users have as part of an organization. Gary is performing a forensic investigation following alleged computer fraud and has gathered some evidence. What is Gary's MOST significant concern regarding the evidence? a. Analyze the evidence b. Validate the evidence through inquiry with key witnesses c. Preserve the evidence d. Present the evidence to senior management - Correct Answer c. Preserve the evidence note- Evidence from the crime scene must be securely retained and preserved to present in a legal proceeding. Which of the following is the weakest link in information security? a. Networks b. Hardware c. People d. Software - Correct Answer c. People Which of the following activities cause most security vulnerabilities in web servers? A. Acquisition B. Maintenance C. Configuration D. Usage - Correct Answer C. Configuration note- The web server that an organization acquires is generic and must be customized during its configuration. Unnecessary software services and user accounts in the web server should be removed or redefined. The web server configuration scenarios should fit its established security policy. Which of the following is the MOST effective control in minimizing the impact of social engineering tactics? a. Enhanced physical security mechanisms b. Security awareness training c. Data loss prevention (DLP) d. Intrusion prevention systems (IPS) - Correct Answer b. Security awareness training A bank website has been attacked, and hackers were able to obtain access to customer data. Which of the following actions should be taken FIRST? a. Inform the impacted customers to ensure compliance with the cybersecurity regulation. b. The server hosting the website should be powered off. c. Disconnect the web server from the company's network. d. Preserve the data for use in forensic investigations. - Correct Answer c. Disconnect the web server from the company's network. note- The server should be disconnected immediately to minimize the number of records that hackers can access. In addition, disconnecting the server will help to secure the evidence for further investigation and root cause analysis. Which of the following is NOT an example of malicious code? a. Logic bomb b. Trapdoor c. Salami d. Trojan horse - Correct Answer c. Salami note- A salami is an attack technique that involves theft of small amounts of assets (primarily money) from several sources. For example, stealing a few cents from each customer account on many bank accounts might be unnoticed by customers. additional notes- A Trojan horse is a program placed in a system by a hacker or installed unknowingly by the user that conducts malicious actions while hiding or pretending to do something useful. A logic bomb goes off when a program being used normally arrives at a prespecified event (e.g., a financial calculation exceeds a specific dollar amount). A time bomb goes off at a prespecified time. A trapdoor allows a hacker to access a system through unusual ways, e.g., without entering a password. Hackers insert trapdoors to allow them entry into the system in the future. Sometimes system developers may leave debug trapdoors in software which hackers may exploit at a later date. Which of the following is the MOST effective technique to ensure new security policies are understood and followed? a. E-mail communication from senior executives of each department b. Announcement from the CEO at the company's town hall c. Employee training sessions d. Communicate through the company's intranet - Correct Answer c. Employee training sessions Security awareness training ensures that new policies are communicated promptly and that employees are periodically reminded of existing policies through means such as monthly bulletins, an intranet website, and presentations to new employees. Which of the following is the MOST relevant benchmark to evaluate the effectiveness of a computer security incident response team (CSIRT)? a. Financial impact per each incident b. Number of help desk calls attended c. Vulnerabilities reported and patched d. Number of incidents handled - Correct Answer a. Financial impact per each incident The CSIRT may not wholly prevent the incident; they should limit the cost of each incident through incident response procedures. Additional Information: - The CSIRT is not directly responsible for patching vulnerabilities. - A false rejection rate is a percentage of instances whereby authorized personnel have been incorrectly rejected an entry. A false rejection rate would reflect the extent of inconvenience caused to authorized people trying to access the facility. It is not a measure of effectiveness for the physical access security control as it does not show how many unauthorized people gained access to the facility. Which of the following is an objective of incident response management? a. Using the incident data in enhancing the risk assessment process b. Containing and repairing damage from incidents c. Preventing future damages d. All of the answer choices are correct. - Correct Answer d. All of the answer choices are correct. Which of the following is true about installing a wireless local area network (LAN)? a. It provides greater security. b. It is low cost and takes less time to install. c. It requires high cost and takes more time to install. d. It creates obstacles in installing LAN cables. - Correct Answer b. It is low cost and takes less time to install. note -Wireless LANs have many advantages: flexibility, ease of installation, low cost, and less time to install. Each wireless LAN unit contains a radio transceiver, processor, and memory. Interference is possible even with wireless LANs. How is authorization different from authentication? a. Authorization is verifying the identity of a user. b. Authorization and authentication are the same. c. Authorization comes before authentication. d. Authorization comes after authentication. - Correct Answer d. Authorization comes after authentication. Note -users are granted access to a program (authorization) after they are fully authenticated. Controls such as locked doors, intrusion alarm systems, and security guards address which of the following risks? a. Power failure b. Equipment failure c. Overheating d. Fraud or theft - Correct Answer d. Fraud or theft Which of the following MOST effectively discourages computer fraud? a. Willingness to prosecute b. Ostracizing whistleblowing c. Overlooking inefficiencies in the judicial system d. Accepting the lack of integrity in the system - Correct Answer a. Willingness to prosecute Staff will generally be deterred from committing fraud if they understand the consequences of committing fraud. Which of the following statements about an intrusion prevention system (IPS) is TRUE? a. An IPS can determine which traffic to block from entering the internal network. b. An IPS can determine which traffic to allow into the internal network. c. IPS is both a preventive and detective tool. d. All of the answer choices are correct. - Correct Answer d. All of the answer choices are correct. Note -An IPS is placed in line with the traffic to ensure that all traffic navigates through the IPS. The IPS is programmed to decide which traffic to block and what traffic to allow into the network. This makes an IPS an effective tool in preventing malicious traffic from entering the network. -IPSs are configured to both detect and prevent potential attacks on the IT environment and assets before the traffic reaches the target systems. The business owner of a new application has requested that the different types of reports be viewed on a "need to know" basis. Which of the following access control methods would be the MOST effective to achieve this request? a. Single sign-on b. Role-based (RBAC) c. Rule-based d. Discretionary - Correct Answer b. Role-based (RBAC) (RBAC) restricts access according to job roles and responsibilities. RBAC would be the best method to view reports on a need-to-know basis for authorized users. Network security and integrity depend on which of the following controls? a. Data validation b. Logical access c. System backup d. Data editing - Correct Answer b. Logical access note- Logical access controls prevent unauthorized users from connecting to network nodes or gaining access to applications through computer terminals. A pharmaceutical company is implementing a baseline of security controls in the organization and has identified some controls that are not applicable to the company's environment. What should be management's next step? a. Develop a new baseline according to the company's environment. b. Request assistance from the internal IS audit team to create a suitable baseline of security controls. c. Customize the baseline as per the company's needs. d. Implement all controls as per the baseline to achieve the best results. - Correct Answer c. Customize the baseline as per the company's needs. Which of the following types of penetration testing is the MOST expensive? a. Internal testing b. Blind testing c. Targeted testing d. External testing - Correct Answer b. Blind testing note -the tester has very limited or no knowledge at all about the target system. Testing is usually expensive as the tester has to perform research on the target system based on publicly available information. Nonrepudiation is achieved by using: a. digital signature. b. a message digest. c. SHA hashing. d. secret-key encryption. - Correct Answer a. digital signature. Note -A digital signature can be used to authenticate the sender (origin) of a message. For instance, imagine Jack has a document that needs to be digitally signed and sent to a third party. Jack has a private key that is only known to him. When Jack signs his document, a unique hash of the document is created and encrypted using Jack's private key. That encrypted hash is called a digital signature. Which of the following is a component in providing Integrated Services Digital Network (ISDN) services? a. A modem b. A separate control channel c. A firewall d. An Internet service provider (ISP) - Correct Answer b. A separate control channel note -A significant issue with IDS is detecting events that do not pose any risk, i.e., that are not security incidents. Therefore, the security team needs to monitor IDS traffic carefully before triggering an alert for a potential incident. Which of the following is the PRIMARY objective of the incident response plan? a. Minimize the incident impact on the organization. b. Help to inform customers at the earliest possible time in case of an incident. c. Ensure minimum costs are incurred during the incident. d. Inform relevant stakeholders regarding the incident on a timely basis. - Correct Answer a. Minimize the incident impact on the organization. Data diddling can be detected by which of the following? a. Access controls b. Program change controls c. Integrity checking d. Exception reports - Correct Answer d. Exception reports The most important element of intranet security is: a. authentication. b. filtering. c. encryption. d. monitoring. - Correct Answer d. monitoring. note- Vigilant monitoring of all network connections is required on a regular basis. Each time a new feature is added to a network, the security implications should be reviewed. Which of the following is a disadvantage of virtualization? a. Snapshots b. Rootkits c. Misconfiguration of the hypervisor d. All of the answer choices are disadvantages of virtualization. - Correct Answer d. All of the answer choices are disadvantages of virtualization. Which of the following is an advantage of a virtual local area network (LAN)? a. Users would have access to data residing on multiple systems. b. Network maintenance costs are lower. c. Equipment can be moved faster. d. All of the answer choices are correct. - Correct Answer d. All of the answer choices are correct. note- Network maintenance costs are lower, and equipment moves are done faster. Which of the following controls is best suited for a user to establish a secure intranet connection over the internet? a. Use virtual private network (VPN) software b. Install encrypted routers c. Install encrypted firewalls d. Implement password controls to the private web server - Correct Answer a. Use virtual private network (VPN) software The principle of least privilege refers to the security objective of granting users only those accesses they need to perform their job duties. Which of the following is a result of employees maintaining access rights for previously held positions? a. Users have little access to systems b. Users have significant access to systems c. Reauthorization when employees change positions d. Authorization creep - Correct Answer d. Authorization creep note- continue to have access from previously held positions Which of the following statements about virtualized deployment is FALSE? a. The hypervisor runs directly on the host OS. b. Containers include the application and its dependencies but share the kernel with other containers. c. The hosted virtualization usually has an additional layer of software running in the guest OS. d. All of the answer choices are true statements about virtualized deployment. - Correct Answer a. The hypervisor runs directly on the host OS. note- The hypervisor runs directly on the underlying hardware, without a host operating system (OS). This method is called bare metal. Prevention of which of the following attacks is outside the scope of electronic mail security programs? a. Playback attacks b. Key management attacks c. Traffic analysis d. Cryptanalytic attacks - Correct Answer c. Traffic analysis To prevent traffic analysis, bogus traffic is injected into the real traffic, thus flooding the network channels. This increases the load on the network. However, the email security program cannot prevent or detect bogus traffic. Additional Notes -in a playback attack, an entire message is captured and played back later. To prevent playback attacks, the plaintext of each message should include some indication of the sender and recipient and a unique identifier (e.g., the date). The intruder could change the originator name in the email message. -In cryptanalytic attacks, the intruder tries to break into the algorithm to find out the private key. For example, breaking the data encryption standard algorithm would allow an intruder to read any given email message because the message itself is encrypted with a data encryption standard. -In key management attacks, the intruder tries to get a copy of the private key file and its associated passphrase. It is important to run the email program on a trusted machine, with keys exchanged in person. The greatest threat to any computer system is: a. hackers and crackers. b. untrained or negligent users. c. employees. d. vendors and contractors. - Correct Answer c. employees. Employees of all categories are the greatest threat to any computer system because they are trusted the most.They have access to the computer system, they know the physical layout of the area, and they could misuse the power and authority. Most trusted employees have an opportunity to perpetrate fraud if the controls in the system are weak. Which of the following is an example of a security standard? a. ISO 27001 b. NIST Cybersecurity Framework c. HIPAA d. All of the answer choices are correct. - Correct Answer c. HIPAA The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. regulation that includes data privacy and security provisions to protect sensitive healthcare data. The others are frameworks Which of the following standards is specifically related to the public key infrastructure? a. ISAO 27001 b. HIPAA c. X.509 d. PCI DSS - Correct Answer c. X.509 X.509, a standard defining the format of public key certificates. The X.509 certificates are used in many internet protocols, including TLS/SSL (Transport Layer The answer choice "provide direction regarding which security mechanisms should be implemented" is incorrect; this refers to guidelines. Guidelines do not recommend a specific product or control; instead, they provide direction regarding which security mechanisms should be implemented. What is a cryptographic system? A. A collection of software and hardware that can encrypt or decrypt information B. A type of anti-malware C. Hardware used in data encryption D. A prerequisite to data classification - Correct Answer A. A collection of software and hardware that can encrypt or decrypt information NOTE This process generally involves finding weaknesses in implementation, enabling an attacker to find the secret key or an equivalent algorithm for encryption and decryption that does not require knowing the secret key used. A fintech (financial technology) organization is planning to deploy a cloud-based application for processing employee payroll. Which of the following should be the MOST significant concern for an IS auditor? A. The cloud provider's data center is located in a different country. B. The contract does not require the cloud provider to provide its annual penetration testing results. C. Performance requirements are not specified in the service-level agreement (SLA). D. There is no right-to-audit clause in the contract. - Correct Answer A. The cloud provider's data center is located in a different country. NOTE- Data privacy regulations are different across different countries, and there may be regulatory and compliance issues due to different regulatory requirements. In a local area network (LAN) environment, which of the following transmission media is the most used today? A. Coaxial cable B. Twisted-pair (shielded) cable C. Twisted-pair (unshielded) cable D. Fiber-optic cable - Correct Answer D. Fiber-optic cable NOTE- Optical fiber is more reliable, smaller, lightning fast, and lighter than the other media listed. It is not susceptible to electrical interference. Which of the following is an effective means of preventing and detecting computer viruses? A. Install an antivirus program on network servers B. Install an antivirus program on each personal computer C. Train all employees about potential risks D. Only company-certified portable storage devices should be used. - Correct Answer B. Install an antivirus program on each personal computer NOTE- Virus scanning programs are effective against viruses that have been reported, usually have additional features to protect the computer, and provide the best protection against viruses. Virus protection software does not provide 100% protection (for example, against new viruses or viruses written to attack a specific organization), so it is essential to also provide awareness training for employees. Why answers are incorrect: The answer choice "install an antivirus program on network servers" is incorrect. While installing an antivirus program on network servers is a good practice, employees' personal computers frequently connect directly to the network and can become infected with a virus. The server's antivirus program would not prevent this common method of infection. The answer choice "train all employees about potential risks" is incorrect. Trained employees alone cannot prevent or detect computer viruses. The answer choice "only company-certified portable storage devices should be used" is incorrect. Viruses are primarily downloaded through the internet nowadays and not only through portable storage media. The logs vulnerable to eavesdropping on a web server are: a. agent logs. b. access logs. c. error logs. d. system logs. - Correct Answer d. system logs. System logs are vulnerable to traffic analysis, a form of eavesdropping. These log files contain information about each request made to the server. Attackers analyze these logs to find out the transactions performed, access codes used, and other information. Incident response actions should be prioritized based on which of the following? A. Number of applications impacted B. Criticality of the impacted business process C. Number of staff impacted D. None of the answer choices are correct. - Correct Answer B. Criticality of the impacted business process note- Incident response teams have limited resources, and business processes deemed more critical to the business should be prioritized when responding to an incident. Which of the following is an example of a passive attack? A. Denying services to legitimate users B. Attempting to log into someone else's account C. Deploying a wiretap to generate false messages D. Observing a user while they type a password - Correct Answer D. Observing a user while they type a password Note- A passive attack is an attack in which the threat merely watches information move across the system. However, no attempt is made to introduce information in order to take advantage of and exploit a vulnerability. Observing a user while they type a password is an example of a passive attack. Local area network (LAN) security is threatened by: a. hub security. b. terminal servers. c. denial-of-service (DoS) attacks. d. authentication mechanisms. - Correct Answer c. denial-of-service (DoS) attacks. note- A denial-of-service attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e., employees, members, or account holders) of the service or resource they expected. What is the BEST control to prevent audit log deletion by unauthorized personnel in an organization? a. Track actions performed on log files in a separate log. b. Disable write access to audit logs. c. Only appropriate personnel should have privileges to view or delete audit logs. d. Perform periodic backups of audit logs. - Correct Answer c. Only appropriate personnel should have privileges to view or delete audit logs. Which of the following ISO/OSI layers provides access control services? a. Session b. Data link c. Transport d. Presentation - Correct Answer c. Transport NOTE- a. Key exchange is difficult. b. The complexity of the calculations involved and the time needed to complete them c. It is no longer supported by the creators of the algorithm. d. All of the answer choices are correct. - Correct Answer b. The complexity of the calculations involved and the time needed to complete them -As malicious actors get better at tools and techniques used to break the encryption, longer keys should be used to strengthen the algorithm. When the key length is increased, the computation becomes more complex and takes longer to complete. The protection of ----------------- from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. - Correct Answer information and information systems Recommendations pertaining to the least privilege principle require that administrators should use: a. an administrative account. b. a regular account. c. an ad hoc account. d. a root account. - Correct Answer b. a regular account. Administrators should use a regular account as much as possible instead of logging in as administrator or root to perform routine activities such as reading mail. This access is based on the least privilege principle, which refers to the security objective of granting users only the access they need to perform their assigned duties. It is essential to ensure that the least privilege implementation does not interfere with having personnel substitute for each other without undue delay. Without careful planning, access control can interfere with contingency plans. ___ is similar to a Trojan horse because it is a program that contains hidden code, which usually performs some unwanted function as a side effect. - Correct Answer A computer virus The main difference between a virus and a Trojan horse is that the - Correct Answer hidden code in a computer virus can only replicate by attaching a copy of itself to other programs and may also include an additional "payload" that triggers when specific conditions are met. (1) A communication system designed for intra-building data communications. (2) A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables a device to interact with any other on the network. A user-owned, user-operated, high volume data transmission facility connecting a number of communicating devices (e.g., computers, terminals, word processors, printers, mass storage units) within a single building or several buildings within a physical area. (3) A computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a Wide Area Network (WAN). - Correct Answer (LAN)- Local Area Network This term is called: -The right of an individual to self-determine the degree to which the individual is willing to share with others information about himself that may be compromised by unauthorized exchange of such information among other individuals or organizations. -b. The right of individuals and organizations to control the collection, storage, and dissemination of their information or information about themselves. - Correct Answer Privacy Are these examples active or passive attacks? -Attempting to log into someone else's account -Deploying a wiretap to generate false messages -Denying services to legitimate users -Observing a user while they type a password - Correct Answer -Attempting to log into someone else's account (Active Attack) -Deploying a wiretap to generate false messages (Active Attack) -Denying services to legitimate users (Active Attack) -Observing a user while they type a password (Passive Attack) ---- is conducted to protect systems and data from intruders who access the systems without authority or with more than their assigned authority. - Correct Answer Keystroke Monitoring What can help administrators assess and repair any damage intruders may cause; it does little to limit the intruders from gaining initial access to the system. It is more of a detective control and not a preventive control. - Correct Answer Keystroke Monitoring ----------- allows control over information because the ability to make changes resides with very few individuals instead of many in a decentralized environment. The limited access makes it less likely an intruder would be able to gain access at all. - Correct Answer Centralized Security Administration ------- grants access based on the identity of the host originating the request, not the user making the request. - Correct Answer Host based authentication ------- refer to a register of users who have been given permission to use a particular system resource and the types of access they are permitted to have. - Correct Answer Access Control Lists Prevention of which of the following attacks is outside the scope of electronic mail security programs? A. Playback attacks B. Cryptanalytic attacks C. Traffic analysis D. Key management attacks - Correct Answer C. Traffic analysis To prevent traffic analysis, bogus traffic is injected into the real traffic, thus flooding the network channels. This increases the load on the network. However, the email security program cannot prevent or detect bogus traffic. Which attack does the following: an entire message is captured and played back later. To prevent playback attacks, the plaintext of each message should include some indication of the sender and recipient and a unique identifier (e.g., the date). The intruder could change the originator name in the email message. - Correct Answer Playback Attack Which attack does the following: the intruder tries to break into the algorithm to find out the private key. For example, breaking the data encryption standard algorithm would allow an intruder to read any given email message because the message itself is encrypted with a data encryption standard. - Correct Answer Cryptanalytic Attack Which attack does the following: the intruder tries to get a copy of the private key file and its associated passphrase. It is important to run the email program on a trusted machine, with keys exchanged in person. - Correct Answer Key Management Attack Which of the following are TRUE (LAN) Local Area Network environments? a. Routers are used to connect network segments that use the same protocol. b. The risks associated with the use of local area networks (LANs) include granting users excessive access rather than on a need‐to‐know basis. c. The gateway, not the network operating system, is responsible for returning acknowledgments. d. The gateway is responsible for returning acknowledgments. e. all true - Correct Answer e. all are true Which of the following logical access controls is independent of physical access controls? a. Encryption controls b. Application system access controls c. Operating system access controls d. Utility programs - Correct Answer a. Encryption controls Most systems can be compromised if someone can physically access the CPU (central processing unit) machine or significant components, for example, by restarting the system with different software. Logical access controls are therefore dependent on D. All of the answer choices are correct. - Correct Answer D. All of the answer choices are correct. A registration authority (RA) is an organization that is responsible for receiving and validating requests for digital certificates and public/private key pairs. The RA is authorized by the certificate authority (CA). It is also responsible for performing other certificate lifecycle management functions (certificate revocation). All the certificates that are requested, received, and revoked by both the certificate authority and registration authority are stored in an encrypted certificate database. is a protection against fraudulent transactions. - Correct Answer Authentication Which of the following is an example of single point of failure when accessing an application? A. Multifactor authentication B. Single sign-on C. Multiple passwords D. Redundancy - Correct Answer B. Single sign-on This is an example of single point of failure because if the sign-on system is compromised, the entire system is exposed to unauthorized parties. What is an example of single point of failure - Correct Answer Single Sign ON What are examples of multiple points of failure - Correct Answer Multifactor authentication and multiple passwords -since the perpetrator will require more than one password or a combination of a password and a second piece of authentication (such as mobile-generated code or an answer to a secret question) before getting access to the network. Which term offers failover to avoid single point of failure - Correct Answer Redundancy Which of the following establishes accountability in a LAN environment? A. Network monitoring tools B. Access logs C. Lock-and-key systems D. Card key systems - Correct Answer B. Access logs Access logs along with user IDs and passwords provide a reasonable amount of accountability in a local area network (LAN) environment since user actions are recorded. What are an example of a detective control used by network management. As such, they do not show any accountability of the user. They watch the network traffic and develop trends. - Correct Answer Network Monitoring Tool What are examples of preventive controls as a part of physical security. Keys can be lost or stolen and therefore accountability is difficult to establish and control. - Correct Answer Lock-and-key systems and card key systems Which of the following use public-key (asymmetric) algorithms for data encryption? A. DES and SHA B. MD5 and ECC C. RSA and DES D. RSA and ECC - Correct Answer D. RSA and ECC R-River S-Shamir A-Adleman (RSA) is one of the oldest public-key and most popular cryptosystems to protect data transmission. E-Elliptic C-Curve C-Cryptography (ECC) is a faster alternative to RSA because it uses shorter keys and requires less computing power. Which of the following use private-key (secret-key) algorithms for data encryption (symmetric) encryption? - Correct Answer DES (Data Encryption Standard) DES is used in secret-key (symmetric) encryption and IDEA (International Data Encryption Algorithm) IDEA (International Data Encryption Algorithm) are examples of private-key (secret-key) algorithms that are based on the concept of a single, shared key. Modern "dry pipe" systems: A. are less sophisticated than water-based sprinkler systems. B. maximize chances of accidental discharge of water. C. are a substitute for water-based sprinkler systems. D. None of the answer choices are correct. - Correct Answer C. are a substitute for water-based sprinkler systems. WHAT sprinkling system, water is not present in the pipes and only flows when the system is activated? - Correct Answer Dry Pipe Sprinkling System What is more sophisticated compared to water-based sprinkler systems. - Correct Answer Dry Pipe What systems reduce the likelihood of accidental water discharge because they discharge water only when needed. - Correct Answer Dry Pipe Which of the following is NOT a type of intrusion detection system (IDS)? A. Statistical-based IDS B. Data-based IDS C. Signature-based IDS D. Neural network-based IDS - Correct Answer Which of the following is used to create webpages on the internet? A. HTTP B. HTML C. TCP/IP D. FTP - Correct Answer B. HTML Which of the following can help in the prevention of spoofed Internet Protocol (IP) addresses? A. Hypertext Transfer Protocol (HTTP) B. Internet Protocol Security (IPsec) C. Transport Layer Security (TLS) D. Secure Sockets Layer (SSL) - Correct Answer B. Internet Protocol Security (IPsec) Which of the following is a major risk for using a wireless network? A. Complexity B. Responsiveness C. User authentication D. Technology - Correct Answer C. User authentication The Correct Answer is "user authentication." User authentication is crucial to ensure that unauthorized users cannot get access to sensitive information. Which of the following controls work more in concert with audit trails? A. Physical access controls B. Environmental controls C. Management controls D. Logical access controls - Correct Answer D. Logical access controls By advising users that they are personally accountable for their actions, which are tracked by an audit trail that logs user activities, managers can help promote proper user behavior. Users are less likely to attempt to circumvent security policy if they know that their actions will be recorded in an audit log. Audit trails work in concert with logical access controls, which restrict use of system resources. Since logical access controls are enforced through software, audit trails are used to maintain an individual's accountability. Which of the following is an example of a boundary control? A. Gateway B. Bridge C. Modem D. Firewall - Correct Answer D. Firewall B. Security awareness training and education programs intend to alter user behavior. C. Security awareness training and education programs enhance awareness of the need to protect system resources. D. All of the answer choices are correct. - Correct Answer D. All of the answer choices are correct. All of the answer choices are correct. User behavior is a critical driver in implementing an effective security program in an organization. Altering users' existing behavior requires an organization to implement an environment where users are aware of and take responsibility for keeping a company's IT assets and data secure. The purpose of security awareness training and education programs is to enhance security by enhancing awareness of the need to protect system resources. Security awareness training is the most effective control in mitigating or reducing the impact of social engineering on organizations. Which of the following password selection procedures would be the most difficult to remember? A. Reverse or rearrange the characters in the user's birthday B. Reverse or rearrange the characters in the user's annual salary C. Reverse or rearrange the characters in the user's spouse's name D. Use randomly generated characters - Correct Answer D. Use randomly generated characters An organization wants to enhance its incident response process. Which of the following is the MOST effective way to achieve this? Review and update the incident response playbook. Provide adequate training to the incident response team. Schedule incident response simulation drills. Hire external incident response specialists to review the program's alignment with best practices. - Correct Answer Schedule incident response simulation drills. A major risk based on trust and difficult to prevent is: A. effectively used authorized access. B. misused authorized access. C. unsuccessful unauthorized access. D. successful unauthorized access. - Correct Answer B. misused authorized access. Misused authorized access means policies are being ignored The best universal means of user authentication is what the user: A. is. b. knows. c. has. d. has and knows. - Correct Answer d. has and knows. The Correct Answer is "has and knows." From a cost, convenience, and universal usage viewpoint, combining authentication techniques, such as mixing what the user has with what the user knows, is the best means of user authentication. An example is a bank's automated teller machine card used with a secret personal identification number (PIN). Which of the following is the PRIMARY source of legal rights and privacy obligations over email? A. Size of employer B. Employee practices C. Employer policies D. None of the answer choices are correct. - Correct Answer C. Employer policies Which of the following is a prerequisite to IT security training? A. Awareness B. Training C. Education D. Certification - Correct Answer A. Awareness Which of the following is a purpose of a security awareness, training, and education program? A. Developing skills and knowledge so users can perform their jobs more securely B. Improving awareness of the need to protect system resources C. Building in-depth knowledge to design, implement, or operate security programs for organizations and systems D. All of the answer choices are correct. - Correct Answer D. All of the answer choices are correct. Which of the following is a detective control in a LAN (local area network) environment? A. Electronic surveillance B. Contingency plan C. File recovery D. Locks and keys - Correct Answer A. Electronic surveillance Which of the following is a disadvantage of virtualization? A. Snapshots B. Rootkits C. Misconfiguration of the hypervisor D. All of the answer choices are disadvantages of virtualization. - Correct Answer D. All of the answer choices are disadvantages of virtualization. Rootkits on the host may install themselves as a hypervisor below the operating system (OS), which would enable the interception of any operations of the guest OS (i.e., logging password entry) as the malware runs below the OS. Antivirus software may not detect this. Misconfiguration of the hypervisor splitting resources (central processing unit (CPU), memory, disk space, and storage) can result in unauthorized access to resources, and one guest operating system (OS) may inject malware into another. Snapshots are backups of virtual machines and provide a quick mechanism to recover from errors or incomplete updates; they contain sensitive data such as passwords and personal data. Snapshots contain the random‐access memory (RAM) contents when the snapshot was taken, and they may include sensitive information that was not stored on the drive. Which of the following controls over telecommuting uses tokens and/or multifactor authentication? A. Firewalls B. Combined authentication methods C. Intrusion detection system D. Encryption - Correct Answer B. Combined authentication methods Which of the following standards is specifically related to the public key infrastructure? A. X.509 B. PCI DSS C. HIPAA D. ISAO 27001 - Correct Answer A. X.509 The Correct Answer is X.509, a standard defining the format of public key certificates. The X.509 certificates are used in many internet protocols, including TLS/SSL (Transport Layer Security/Secure Sockets Layer), which secures HTPP (Hypertext Transfer Protocol) and other transport protocols. Which of the following MOST accurately measures the effectiveness of physical access security control? A. User complaints B. False rejection rate C. False acceptance rate D. False alarm rate - Correct Answer C. False acceptance rate The false acceptance rate measures the probability that a physical access security control will incorrectly accept an access attempt by an unauthorized person User complaints would be a measure of effectiveness for customer service function, not physical entry control. A false alarm rate is too general and determines whether an alarm is valid or a nuisance alarm; since it is not specific enough, it does not measure physical access security control effectiveness. A. Establish ownership- Without the owner defined, it is difficult to conduct criticality analysis or develop access matrix. - Correct Answer A. Establish ownership The best method to provide access to a user is: A. Authorization for access from the data owner and implementation of user authorization tables by the administrator. Note- It is the accountability and responsibility of the data owner for approving the access rights to the user. Once the user is approved, system administrator implement or update user authroization table. - Correct Answer A. Authorization for access from the data owner and implementation of user authorization tables by the administrator. Note- It is the accountability and responsibility of the data owner for approving the access rights to the user. Once the user is approved, system administrator implement or update user authroization table. Responsibility of granting access to data with the help of security officer resides with: A. Data owners B. System developer C. Library Controller D. System Administrator - Correct Answer A. Data owners Responsibility for reviewing user' access rights resides with: A. Data owner B. IS Auditor C. Library Controller D. Security Admin A. Data owner responsibility to grant access , review access. - Correct Answer A. Data Owner With respect to the IT security baseline, the IS auditor should first ensure: a. Documentation b. sufficiency c audit and compliance d. process b. sufficiency- an IS auditor should first ensure the adequacy and sufficiency of the baseline to address security requirement of the organization. Other aspects can be determined once sufficency is evaluated. - Correct Answer b. sufficiency- an IS auditor should first ensure the adequacy and sufficiency of the baseline to address security requirement of the organization. Privacy is the right of the individual to demand the utmost care of their personal information that has been shared with any organziation or individual - Correct Answer Individuals can demand that the use of their information should be appropriate, legal, and for a specific purpose for which information is obtained. - Correct Answer An org. proposes to use its existing client database to promote its new range of products. Which of the following is an area of concern for an IS Auditor? - Correct Answer -Are there any data privacy concern about this process? Which is a concern for an offshore operation? A. High cost of setup B. Privacy law preventing cross border flow C. Timezone differences D. Software development complications - Correct Answer B. Privacy law preventing cross border flow When transmitting PII (personally identifiable information) data to a third party service provider through the internet, an organization must ensure: a. encryption of the PII (Personally identifiable information) b. obtain consent from the client c. privacy principles are adhered d. proper change mgmt - Correct Answer C. privacy principles are adhered to To determine whether an org. has compiled with a privacy requirement, IS auditor should first: a. review the IT architecture b. review standard operating procedure for IT processes c. review legal and regulatory requirements d. review risk register - Correct Answer c. review legal and regulatory reqt. What control aims to protect IS processing facilities through physical mediums (locks, fences, CCTV) - Correct Answer Physical controls Physical controls aim to protect information system processing facilities through physical mediums, such as locks, fences, closed-circuit TV (CCTV), and devices that are installed to physically restrict access to a facility or hardware. - Correct Answer Similarly, environmental controls refer to measures taken to protect systems, buildings, and related supporting infrastructure against threats associated with their physical environment. - Correct Answer What control refers to measures taken to protect systems, buildings, and related supporting infrasturcture against threats associate with their physical? - - Correct Answer Enviornmental What are the 4 types of power failure? - Correct Answer -Blackout, Brownout, Sags, and Spikes What power failures indicates a complete loss of power? - Correct Answer Blackout What power failure indicates severely reduced voltage, may place a strain on electronic equipment or lead to damange - Correct Answer Brownout What is a rapid decrease in volage level - Correct Answer Sag What is a rapid increase in votage level, can be prevented by properly placed protectured. Help protect against high voltage power burst. - Correct Answer Spikes and surges. How does sages *decrease*, spikes and sages (increase) affect IT? - Correct Answer Result in data corruption in the server on the system. The fire suppression system is made up of what concepts: - Correct Answer Water based, Dry Pipe, Halon, FM-200, Argonite, and CO-2 Dry Pipe- does not have water in the pipes until an electronic fire alarm activates the water pump to send water to the system. - Correct Answer Which component is safe for Human Life - Correct Answer Argonatie and FM-200 Argonite; 50% Argon and 50% Nitrogen Gas Safe and non-toxic Halon and CO2 are NOT SAFE Halon- removes oxygen from air starving the fire. Not safe for human. The objective of raising the floor in a computer room is to prevent: A. Damage to the cables of computers and servers B. Power failure C. Damage from an earthquake D. Damage from a tsunami - Correct Answer A. Damage to the cables of computers and servers The floor is raised to accomodate the ventilation system, power, and data calbes underneath the floor. This provides the safety of the cables, which otherwise would pose a large risk if kept on an open floor. A raised floor may not directly address other options. Which of the following is the most important concern for a badge entry access system? A. Security personnel is not monitoring the badge reader for any suspected tampering. B. Logs of access are not reviewed on a daily basis. C. The process for promptly disabling a lost or stolen badge is not followed. D. The backup frequency of logs is infrequent. - Correct Answer C. The process for promptly disabling a lost or stolen badge is not followed. It is very important to immediately deactivate a badge that is lost or stolen. An unauthorized individual can enter the room using a stolen badge. The other options are not as significant as deactivating stolen or lost badges. Which of the following is the most important concern for an access card entry system? A. The use of a shared access card by cleaning staff. B. The access card does not contain a label with the organization's name and address. C. Card issuance and card reconciliation are managed by different departments. D. Logs of access are not reviewed on a daily basis. - Correct Answer A. The use of a shared access card by cleaning staff. Accountability cannot be established in the case of issuance. Access Cards should not contain details of theo rg. to prevent unauthorized use by intruders. Log may bot be required to be reviewed daily. SOD is a good practice. The most effective, safe, and environment-friendly fire safety arrangement in a data centre is the use of: A. Halon gas B. Carbon dioxide C. Dry pipe sprinklers D. Wet pipe sprinklers - Correct Answer C. Dry pipe sprinkers Both wet and dry are safe, however dry prevent the risk of leakage. A dry pipe fire extinguisher contains: A. FM-200 gas. B. Nitrogen. C. Water resides in the pipe with special water-tight sealants. D. Water, but it enters the pipe only when a fire has been detected. - Correct Answer D. Water, but it enters the pipe only when a fire has been detected. A wet pipe sprinkler contains: A. FM-200 gas. B. Nitrogen. C. Water resides in the pipe with special water-tight sealants. D. Water, but it enters the pipe only when a fire has been detected. - Correct Answer C. Water resides in the pipe with special water-tight sealants. Which of the following are the areas of most concern? A. The installation of an FM-200 gas fire extinguisher in a manned data center B. The installation of dry pipe sprinklers in an expensive data center facility C. The installation of wet pipe sprinklers in an expensive data center facility D. The installation of a carbon dioxide gas fire extinguisher in a manned data center - Correct Answer D. The installation of a carbon dioxide gas fire extinguisher in a manned data center The safest form of a fire extinguisher that can be used in the presence of humans is: A. Carbon dioxide B. Halon gas C. FM-200 D. Argonite gas - Correct Answer C. FM-200 Colorless and odorless. (SS0) Single sign on- user authentication service that permits a user to use 1 set of login credentials. (eg name and password) to access multiple applications. - Correct Answer What are advantages of SSO 1. Multiple password are not required. This encourages user to select a stronger password 2. Improves administrators ability to manage users accounts 3. Reduces administrative overhead cost in resetting passwords due to lower number of IT help desk calls about passwords 4. Reduces time taken by users to log into multiple applications. - Correct Answer Disadvantages of SSO 1.SSO acts as a single authentication point for multiple applications which constitute risk of single point of failure. 2. Support all major operating system enviornments is difficult - Correct Answer 1.SSO acts as a single authentication point for multiple applications which constitute risk of single point of failure. 2. Support all major operating system enviornments is difficult Important point to remember for SSO - acts as single authentication point for multiple applications -acts as a single point of failure if both options are there, select SSO "SSO ACTS AS SINGLE AUTHENTICATION POINT FOR MULTIPLE APPLICATIONS" this is more specific to the answer - Correct Answer - acts as single authentication point for multiple applications -acts as a single point of failure if both options are there, select SSO "SSO ACTS AS SINGLE AUTHENTICATION POINT FOR MULTIPLE APPLICATIONS" this is more specific to the answer What is the most important control for SSO? -IMPLEMENTATION OF STRONG PASSWORD POLICY - Correct Answer - IMPLEMENTATION OF STRONG PASSWORD POLICY An organization is introducing SSO. Under SSO, users will be required to enter only 1 user ID and password for access to all application systems. A major risk of using SSO is that it: A. acts as a single authentication point for multiple applications B. acts as a single point of failure (if A. not shown pick B) - Correct Answer A. acts as a single authentication point for multiple applications B. acts as a single point of failure (if A. not shown pick B) An org. is introducing SSO. In SSO unauthorized access: a. major impact b. mior impact c. not possible d. highly poss. - Correct Answer a. major impact -The alignment of security and performance requirements - Correct Answer The most important aspect when reviewing system controls is the consideration of the security and performance parameters. This helps to ensure that the control objectives are alsigned with the business objectives. What is the best way to erase data? -Physical destruction. Demagnetization or degaussing in case media is to be reused. - Correct Answer What is the first step in implementation of logical access controls? -Prepare inventory of IS resources 1. To prepare an inventory of the IS resources 2. Classify IS resources 3. Perform grouping/labeling of the IS resources 4. Creae an access control list - Correct Answer Which of the following is a prime objective for an IS auditor reviewing logical access? A. To ensure the protection of computer hardware B. To ensure that access is granted as per an approved process C. To ensure that protection of computer software D. To ensure the effectiveness of access control software. - Correct Answer B. To ensure that access is granted as per an approved process Which of the following is a major risk of shared user accounts (single ID used by multiple users) ? A. Frequent change of passwords B. Unauthorized access to the systems C. The use of an easily guessable password D. It is difficult to establish user accountability - Correct Answer D. it is difficult to establish user accountability. A major risk of shared user accounts is that user accountability cannot be determined. Logs will caputre shared IDs individual employees or people cannot be traced. What is the best method to protect sensitive data inside the server is to? A. Create awareness on information security aspects B. Make security policies available to all users C. Establish a security committee D. Implement logical access controls - Correct Answer D. Implement logical access controls Logical access controls are the best preventative controls to ensure data integrity and confientiality Need to know access controls can best be ensured by: A. Implementing application-level access control B. Encrypting databases C. Enabling HTTPS control D. Deploying network monitoring control - Correct Answer A. Implementing application level access control Application level access control helps to limit access to an application per the funtionality required by users perform their jobs. They will not be able to access any other functionality of the application. The prime objective of data protection is to : A. Comply with contractual requirements B. Comply with legal requirements C. Ensure confidentaiity and integrity of information D. Improve operational efficiency - Correct Answer C. Ensure confidentaiity and integrity of information Which of the following is considered a major risk in an organization's logical access control procedure? A. The sharing of passwords B. Password files are not protected C. Delay in the deactivation of a resigned employee login access D. Centralized issuance of login ID - Correct Answer B. Password files are not protected Which of the following best ensures compliance with a password policy? A. A simple version of a password policy B. A user friendly password policy C. Implemenation of an automated password mgmt tool D. Security awareness training for users - Correct Answer C. Implemenation of an automated password mgmt tool The availablility of printing options for all users increases: A. The risk of data confidentiality B.. Risk of Data integrity C. Risk of data availability D. Risk of reduced productivity - Correct Answer A. The risk of data confidentiality It is difficult to control the printing of confidential documents. The availability of printing options increases the risk of confidentiality Which of the following is most important when reviewing system controls? A. Security and performance parameters are considered B. The capturing of change in logs C. The availability of a change authorization process D. Access to system parameters is restriced - Correct Answer A. Security and performance parameters are considered The most important aspect when reviewing system controls is the consideration of the security and performance parameters. This helps to ensure that the control objectives are aligned with the business objectives. Which of the following should be reviewed to determine the level of access available for different users? The router is part of networking. Networik security reviews include reviewing router access control lists, port scanning, internal and external connections to the system, and so on Which of the following is considered a major risk of the absence of an authorization process (approval from data owner) ? A. Difficult ot control role-based access B. Multiple users can log on as a specific user C. User accounts can be shared D. Need to know basis access can be assured - Correct Answer A. Difficult ot control role-based access In the absence of an authroization process, it will be impossible to establish and provide role-based access. Anyone can claim access Which of the following is considered the best control for provided access rights to outsourced vendors? A. include penalty clause in the SLA B. Temporary user accounts created for a defined role with account expiration dates C. Temporary accounts created for full access for a limited period D. Employees of the vendors should be asked to sign a non-disclosure - Correct Answer B. Temporary user accounts created for a defined role with account expiration dates The most important benefit of proper naming conventions *Asset grouping as per criticality) for IS Resources is: A. It ensures that resource names are aligned as per function B. It helps with defining structed access rules C. Helps with user mgmt D. Ensures that industry standarization is maintained - Correct Answer B. It helps with defining structed access rules Which of the following is a major concern for an IS auditor reviewing a critical application? A. Access is provisioned on the basis of a user role B. Systems are hardened C. Users can access and modify the database directly D. Multi-factor authentication for user access - Correct Answer C. Users can access and modify the database directly A default deny access control policy: A. Allows approved traffic and rejects all other B. Denies specific traffic and allows other C. Used for allowing access from a trusted network to a protected D. Allows traffic as per the discretion of the network admin - Correct Answer A. Allows approved traffic and rejects all other An organization can either have a default deny access control policy or an allow access control policy. In a default deny access policy, all traffic is denied except predefined approved traffic. In all allow, all traffic is allowed except restricted traffic. Default deny is more prevalient where traffic is from untrusted source to access a protected system. Allow all is more prevalent where traffic is more trusted sources to access an external system such as the internet. A default allow access control policy: A. allows approved traffic and rejects all other B. Denies specific traffic and allows other C. Used for allowing access from untrusted networks to external D. Allows traffic per discretion of the network admin - Correct Answer B. Denies specific traffic and allows other The most effective method to prevent unauthorized access to an unattended end user PC is: A. Password-protected screensaver B. Automatically switching off the monitor when there is no activity C. CCTV survelliance D. Terminate a session at specified intervals - Correct Answer A. Password-protected screensaver The most effective method to prevent unauthorized access to a system admin account is: A. Installation of IDS B. Enable system lockout after 3 failed attempt C. Define password complexity rules D. 2 Factor authentication - Correct Answer D. 2 Factor authentication something you know (p-word, pin, or personal) something you have (token, OTP, smrt card) something you are (biometrics features) The most important concern when conducting a post-implementation review of an org. network is: A. Mobile devices can be access w/out password B. Default passwords of network devices are not changed C. A proxy does not exist for internal communication D. Email links are not encrypted - Correct Answer B. Default passwords of network devices are not changed A major area of concern is that one of the factory default password not being changed for critical network devices. Anyone can change the system configuration using a default The most effective method of removing data from a tape media during disposal is: A. Multiple overwriting B. Erasing the tapes C. Degaussing tapes D. Removing the tape header - Correct Answer C. Degaussing tapes The most effective method to ensure that only authorized user can connect to the system is: A. Complex password requirement B. SSO C. 2 Factor authe. D. IP restrictions - Correct Answer C. Two factor In an SSO environ. the most effective method to prevent unauthorized access is; A. Log monitoring B. Deactivating a dormant account C. Implementing a strong password policy D. User access review - Correct Answer C. Implementing a strong password policy Which is a major risk of SSO? a. Has a single authentication point b. represents only a single point of failure c. causes admin inconvenience d. causes user inconvenience - Correct Answer a. Has a single authentication point What is the greatest risk of using sso? A. Admin inconvenience B. Increase in admin cost C. Increase in authentication time D. Greater impact of psswd leakage - Correct Answer D. Greater impact of psswd leakage An auditor noted a weakness through which an intruder can update the server database containing a biographic template. Auditors should reccomend which of the controls (Cross Error Rate)/(Equal Error Rate) What is the best overall performance indicator for biometrics? - Correct Answer (CROSS ERROR RATE) OR (EQUAL ERROR RATE) (FAR/FRR is equal) What is the best performance indicator? - Correct Answer False acceptance rate (Rate of acceptance of unauthorized people), biometric will allow unauthorized people access What are the 4 types of Biometric attacks? 1. Replay: A residual biometric characteristic (ex. fingerprints left on a biometric device) is used by an attacker to gain unauthorized access. 2. Brute-Force: A brute force attack involves sending the numerous different biometric samples to a biometric device. 3. Cryptographic: A cryptographic attack target the algorithm, or the encrypted data transmitted between biometric device and access control system. 4. Mimic: In a mimic attack, the attacker attempts to fake the biometric characteristics similar to those of the enrolled user *such as imitating a voice) - Correct Answer 1. Replay: A residual biometric characteristic (ex. fingerprints left on a biometric device) is used by an attacker to gain unauthorized access. 2. Brute-Force: A brute force attack involves sending the numerous different biometric samples to a biometric device. 3. Cryptographic: A cryptographic attack target the algorithm, or the encrypted data transmitted between biometric device and access control system. 4. Mimic: In a mimic attack, the attacker attempts to fake the biometric characteristics similar to those of the enrolled user *such as imitating a voice) What are residual biometric characteristics? - Correct Answer Replay (Biometric attack) Replay: A residual biometric characteristic (ex. fingerprints left on a biometric device) is used by an attacker to gain unauthorized access. Which of the following fakes the characteristics? - Correct Answer Mimic Mimic: In a mimic attack, the attacker attempts to fake the biometric characteristics similar to those of the enrolled user *such as imitating a voice) Which of the following attacks on cryptography or encryption? - Correct Answer crypotography Cryptographic: A cryptographic attack target the algorithm, or the encrypted data transmitted between biometric device and access control system. Which of the following sends numerous request to biometric devices? - Correct Answer brute force 2. Brute-Force: A brute force attack involves sending the numerous different biometric samples to a biometric device. An org. is considering implementing a biometric access control for one of its critical systems. Among below mentioned biometric which has the highest reliability and lowest FAR (False Acceptance Rate) a. Fingerprints b. Retina scan c. Face recognition d. Voice recognition - Correct Answer b. Retina scan In any given scenario, Retina scan has the highest reliability and lowest falce acceptance rate (FAR) among the current biometric methods. An org. is considering implementing biometric access control for one of its crticial system. The auditor should be MOST concerned with which of the following? A. (FAR) False Acceptance rate B (FRR) False Rejection Rate C. (EER) Equal Error Rate D. Number of staff enrolled for biometrics Note Most important indicator- FAR Most important overall performance indicator- CER or EER - Correct Answer A. (FAR) False Acceptance rate Most important indicator- FAR Most important overall performance indicator- CER or EER The most overall quantitative performance indicator for biometric system is: A. FAR B. FRR C. EER D. Number of staff enrolled in biometrics Note Most important indicator- FAR Most important overall performance indicator- CER or EER - Correct Answer C. EER = overall Note Most important indicator- FAR Most important overall performance indicator- CER or EER An org. is considering implementing a biometric access control for one of its critical system. Among below mentioned biometrics, the most effective biometric control system is A. highest equal-error rate (EER) B. lowest equal-error rate (EER) C. highest cross-error rate (CER) D. covers all the system in the org. - Correct Answer B. lowest equal-error rate (EER) CER or EER is a rate at which FAR and FRR is equal. The most effective biometric control system is the one with lowest CER (Cross error rate) or (Equal error rate) Which of the following is a measure to ascertain accuracy of a biometric system? A. response time B. registration time C. verification time D. false-acceptance time Note 3 main accuracy meaasures used for biometric solutions are 1. FAR (FALSE ACCEPTANCE RATE) 2. FRR (FALSE REJECTION RATE) 3. CRR/EER (Cross error rate) or Equal Error Rate) - Correct Answer D. false- acceptance time Which of the following observations is the greatest concern to the auditor reviewing biometric control for a critical system? A. Access to a biometric scanner is provided through VPN B. Biometric devices are not installed in restricted areas C. Data transferred between biometric device and access control system is not encrypted D. Risk analysis for biometric controls is conducted before 2 years - Correct Answer C. Data transferred between biometric device and access control system is not encrypted What layer is concerned with electrical and physcial specifications for devices? -This layer provides hardware that transmits and recieves the bit. -This layer defines the cable, connector, cards, and physical aspects of hardware required for physical connection to the network - Correct Answer Physical layer Physical layer is concerned with electrical and physical specification. This layer provides hardware that transmits and recieves the bit (bit stream-recieved) -This layer defines the cable, connector, cards, and physical aspects of hardware required for physical connection to the network Which layer connects to another device on the same network using a MAC address? -Bit stream is connected into data packets and sent to the network layer -Data packets (recieved from network layer) is converted into bit stream and sent to physical layer - Correct Answer Data Link layer Data Link layer connects to another device on the same network using a MAC address. Bit stream is connected into data packets and sent to the network layer -Data packets (recieved from network layer) is converted into bit stream and sent to physical layer -Frames consist of original data and control fields for sychronization, error detection and flow control Which layer has the responisibilities to insert information into packet header for proper addressing and routing. -Understands IP addresses are responsible for routing. -Provides confidentiality, authentication, and data integrity services - Correct Answer Network Layer The Network layer has the responisibilities to insert information into packet header for proper addressing and routing. -Understands IP addresses are responsible for routing. -Provides confidentiality, authentication, and data integrity services Which layer is concerned with reliability of data transfer between 2 systems? -Ensures data reaches its destination -Layer also makes sure that packets on the recieving system are delivered in proper sequence -Uses connection - oriented sequence -Implementes a flow control mechanism that can detect congestion, reduce data transmission rates during congestion and increase transmission rates when the network appears to no longer be congested - Correct Answer Transport payer is concerned with reliability of data transfer between 2 systems. Ensures data reaches its destination -Layer also makes sure that packets on the recieving system are delivered in proper sequence -Uses connection - oriented sequence -Implementes a flow control mechanism that can detect congestion, reduce data transmission rates during congestion and increase transmission rates when the network appears to no longer be congested Which layer is used to control connection that is established between systems? -Establishes, manages and terminates the connections between the application layer -It is like the telephone call in which first est. connection, exchange a message and then terminate the session. - Correct Answer Session is the control connection between systems Establishes, manages and terminates the connections between the application layer -It is like the telephone call in which first est. connection, exchange a message and then terminate the session. which layer converts data into presentable format that is acceptable by all? -Provides service such as encryption, text compression, and re-formatting. - Correct Answer Presentation is a layer that converts data into presentable format that is acceptable by all. -Provides service such as encryption, text compression, and re-formatting. Which layer contains programs that communicates directly to the end user? -Works closely to the user -Provides interface for applicants to communicate - Correct Answer Application layer contains programs that communicate directly to end user. -Works closely to end user -Provides interface for applicants to communicate. which of the following ISO/OSI model layers provides services for how to route packets between notes A. Application B. Physical C. Network D. Data link - Correct Answer C. Network "Route / IP address" = Network which iso/osi layer tracks the order in which packets are delivered to address the out-of- sequence message? A.Physical B. Transport C. Application D. Network - Correct Answer B. Transport "Delivery" Which OSI layer contains programs that communicate directly with the end user? A. Physical layer B. Transport layer C. Application layer D. Network layer - Correct Answer C. Application layer "end user" Which of the following OSI layer controls the connection est. between the systems? A. Session B. Transport C. Application D. Network - Correct Answer A. Session "connection, manages" which of the following is primarily concerned with the reliability of data transfer between the systems? A. Session layer B. Transport layer C. Applicaton layer D. Network layer - Correct Answer B. Transport layer "reliable delivery, connection-oriented, delivery, congestion" which of the OSI model is concerned with electrical and physical specifications for the device? A. Physical what is the most secure firewall? - Correct Answer Application-Level Firewall What is the most robust configuration firewall rule? - Correct Answer Deny all traffic and allow specific traffic A packet filtering firewall operates on which layer of the following OSI model? A. Network B. Application C. Transport D. Session - Correct Answer A. Network Which type of firewall provides the most secure enviornment? A. Statefull inspection B. Packet filter C. Application gateway D. Circuit Gateway - Correct Answer C. Application gateway The firewall that allows traffic from outside only if it is in response to traffic from internal is A. Applicaton from level gateway firewall B. Statefull inspection firewall C. Packet filtering router D. Circuite level gateway - Correct Answer B. Statefull inspection firewall An org. with the objective to prevent downward spiral of file through FTP (File transfer protocol) should configure which of the firewall type? A. Stateful inspection B. Application gateway C. Packet filter D. Circuite gateway - Correct Answer B. Application gateway An org. wants to connect a critical server to the internet. Which of the following would provide the best protection against hacking? A. Statefull B. Remote access server C. Application level gateway D. Port scanning - Correct Answer C. Application level gateway (highest level of OSI) The most robust configuration in firewall rule base is: A. Allow all traffic and deny the specified traffic B. Deny all traffic and allow specific traffic C. Dynamically decide based on the traffic D. Control traffic on the basis of discretion of network admin - Correct Answer B. Deny all traffic and allow specific traffic What is a screened host firewall -one packet filtering router 1 bastion host - Correct Answer what is dual homed firewall 01 packet filtering router -1 bastion host with 2 NIC (Network Interface Card) -More restrictive form of screened host firewalls - Correct Answer What is screened subnet firewall (demilitarized zone) -2 packets filtering router -1 bastion host -most secure - Correct Answer Which of the following is the most secure firewall implementaiton? A. Screen subnet firewall - Correct Answer A. Screen subnet firewall An auditor should be most concerned when reviewing a firewall? A. Properly defined security policy B. Use lastest firewall structure with most secure algorithm C. Effectiveness of the firewall is enforcing policy D. Technical knowledge of users - Correct Answer C. Effectiveness of the firewall is enforcing policy An org. wants to protect network from internet attack. Which firwall would best ensure protection? A. Screened subnet B. Screened host C. Packet filtering D. Circuit level - Correct Answer A. Screened subnet while implementing a firewall, most likely error to occur is: A. wrong configuration of access list B. compromise of password due to shoulder surfing C. inadequate user training of firewalls D. inadequate anti-virus updation - Correct Answer A. wrong configuration of access list What is the first step of installing a firewall? A. Develop security policy B. Review settings C. Prepare access control list D. Configure firewall - Correct Answer A. Develop security policy Which of the following is the most ciritical function of the firewall? A. Act on special router that connect different network B. Device for preventing authorized users from accessing LAN C. Device used for authorized users to trust network resc. D. Proxy server to increase speed of access to authroized access - Correct Answer C. Device used for authorized users to trust network resc. Which of the following is the GREATEST concern to an IS auditor reviewing the firewall security architecture? A. SSL (Secure Socket Layer) has been implemented B. Firewall policies are updated on the basis of changing reqt. C. Inbound traffic is blocked unless traffic type and connection have been specifically permitted D. Firewall is placed on top of commercial operating system with all installation options - Correct Answer D. Firewall is placed on top of commercial operating system with all installation options A-C are good practices Which is the GREATEST concern would be addressed by firewall? A. Unauthroized access by external network B. Unauthorized access by internal network C. Delay in connectivity D. Delay in processing - Correct Answer A. Unauthroized access by external network What is the most prevalent risk of VPN (Virtual private network?) -Entry of malicious code into the network One of the prevalent risk of VPN is that the firewall cannot adequately examine the encrypted VPN traffic. If a remote computer is compromised, intruder may send malicious code through VPN to enter inside the organization's private network. - Correct Answer -Entry of malicious code into the network One of the prevalent risk of VPN is that the firewall cannot adequately examine the encrypted VPN traffic. If a remote computer is compromised, intruder may send malicious code through VPN to enter inside the organization's private network. What is the most secure and cost effective method for (Remote access)- VPN Virtual Private network - Correct Answer VPN With reference to VPN, which of the following set up is area of most concern? A. Computer located at org. remote office is getting connected through VPN B. computer located at empmloyees home is getting connected through VPN D. Router - Correct Answer B. Bridge Bridges act as store and forward devices in moving frames toward their destination. This is achieved by analyzing the MAC header of a data packet. By examining the MAC address, the bridge can make decisions to direct the packet to its destination. HUB operates which of the following OSI layers? A. Data link layer (2) B. Physical layer (1) C. Network layer (3) D. Transport layer (4) - Correct Answer B. Physical layer Layer -2 Switch operates at which OSI layer A. Data link layer (2nd) B. Physical layer (1st) C. Network layer (3RD) D. Transport layer (4th) - Correct Answer A. Data link layer Bridge operates at which OSI Layer? A. Data link layer (2nd layer) B. Physical layer (1ST layer) C. Network layer (3rd Layer) D. Transport layer (4th Layer) - Correct Answer A. Data link layer (2ND LAYER) Router operates at which OSI layer? A. Data link layer (2nd layer) B. Physical layer (1ST layer) C. Network layer (3rd Layer) D. Transport layer (4th La - Correct Answer C. Network layer (3rd Layer) Which of the following is the most intelligent device? A. Hub B. Layer-2 Switch C. Bridge D. Router - Correct Answer D. Router It is noted that the higher the layer at which the device operates, more intelligent the device will be. A. Hub (1) B. Layer 2 Switch (2) C. Bridge (2) D. Router (3) -highest By examining the IP address, which of the following device can make intelligent decisions to direct the packet to its destination? A. Hub B. Layer 2 Switch C. Bridge D. Router - Correct Answer D. Router Preferred choice for high volume and long distance calls. A. Fiber optics B. (STP)- Shielded twisted pair C. (UTP)- Unshielded Twisted Pair - Correct Answer A. Fiber optics Which has Highest Attentuation? A. (UTP)-Unshield Twist Pair B. (STP)-Shield Twist Pair C. Fiber Optics - Correct Answer A. (UTP)-Unshield Twist Pair Which has the lowerst attenuation A. Fiber Optics B. UTP C. STP - Correct Answer A. Fiber Optics Which is more secure A. Fiber Optics B. UTP C. STP - Correct Answer A. Fiber Optics Not affected by Cross Talk and EMI? A. Fiber Optics B. UTP C. STP - Correct Answer A. Fiber Optics Which is caused by an electrical storn or noisy electrical equipment (motors, lighting, radio etc.) A. EMI B. Cross Talk C. Attentuation - Correct Answer A. EMI Which is a electromagnetic interference from one unshielded twisted pair to another twisted pair? A. Attentuation B. Cross Talk C. EMI - Correct Answer B. Cross Talk An org. is considering type of transmission media which provide best security against unauthorized access. Which of the following provides best security? A. Unshielded twisted pair B. Shielded twisted pair C. Fiber-Optic cables D. Coaxial cables - Correct Answer C. Fiber-Optic cables Which of the following transmission error can occur in wired as well as wireless communication? A. Cross-Talk B. Attenuation C. Sags, Spies, and Surges D. Multipath interference - Correct Answer B. Attenuation Attenuation is the weakening of signals during transmission. Exists in both wired and wireless. Length of wire impacts the severity of attenuation Which of the following transmission error can be caused by the length of cable if UTP is more than 100 meters long? A. EMI B. Cross-Talk C. Sags, spikes, and surges D. Attenuation - Correct Answer D. Attenuation Attenuation is the weakening of signals during transmission. Exists in both wired and wireless. Length of wire impacts the severity of attenuation To minimize the risk of data corruption, which of the following options can be effective? A. Separate conduits for electrical and data cables B. Encryption C. Check-digits D. Hashing - Correct Answer A. Separate conduits for electrical and data cables Using separate conduits for data cables and electrical cables, minimizes the risk of data corruption to an induced magnetic field created by electrical current. Which transmission method would provide the best security? A. Dedicated lines B. Wireless Network C. Dial-Up D. Broadband network - Correct Answer A. Dedicated lines cost-effective solution for long-distance costs. However, it should provide a reliable and quality service what is the most appropriate access control for the voip system? - Correct Answer - role based access control (RBAC) a voip can be best protected by using a RBAC. RBAC can be provisioned as per the role or function of the employees and only need-to-know access should be made available. what is the objective of the session border controller? - Correct Answer -deployed to protect the voip networks. -protect from malicious attacks -prevent toll fraud -provide quality of service -encryption of signals what is toll fraud/premium fraud - Correct Answer Tol fraud or premium frad refers to a situation where intruder hacks the voip system and take over part of a voip phone which of the following is the best method to ensure the security and reliability of voip and data traffic? A. segregation of voip infrastructure using VLAN B. Use of Two Factor Authentication C. Traffic Encryption D. Availability Backup Power - Correct Answer A. segregation of voip infrastructure using VLAN Which of the following poses a major risk when using VOIP system as a sole means of voice communication? A. Failure of the hardware device B. Premium rate fraud C. DDoS attack D. Toll Fraud - Correct Answer C. DDoS attack Which of the following is a major concern as regards the cabling arrangements for a voip system? A. the same cable type is used for LAN as well as telephone B. Networking wires are not arranged and labeled C. VoIP infrastructure is not connected to an uninterrupted power supply D. Power and telephone equipment are separated - Correct Answer C. VoIP infrastructure is not connected to an uninterrupted power supply voip uses standard network cabling for voice communication. If network switches do not get power, a telephone will not either. So it is important to have an arrangement for uninterrupted power supply VOIP system traffic can be eavesdropped if: A. only single-factor authentication is implemented B. VLAN is used for data transmission C. default password are used for the analog phone D. address resolution protocol is corrupted - Correct Answer D. address resolution protocol is corrupted Address resolution protocol is a communication protocol used to map IP and MAC addressed. It sends traffic to a port. Attackers may corrupt ARP by a technique known as ARP poisioning. A corrupted ARP then sends traffic to all ports instead of a designated port and the attacker can eavesdrop on traffic. Which of the following should be considered for use in a voip system? A. cryptographic function for the voip service B. availability of the VOIP service C. reliability and quality of the VOIP service D. Privacy of the VOIP service - Correct Answer C. reliability and quality of the VOIP service which of the following access control methods is most appropriate for VoIP system? A. department based access B. Hiearchy based access C. Role based access D. Privilege access - Correct Answer C. Role based access The most important control in addressing the DoS attack on a VoIP system is: A. router B. IDS C. access control server D. session border control - Correct Answer d. session border controllers session border controllers 1. protect session from malicious attacks such as DoS, DDoS 2. Prevent toll fraud or premium rate fraud 3. Protect IP packets against malfunctioning encrypt signals which of the following is a major concern as regards the VoIP system? A. same cable type used for LAN as well as telephone B. Common administrator for both telephone and network C. LAN switch is not connected to a UPS D. only single-factor authetication is required to access the VoIP - Correct Answer C. LAN switch is not connected to a UPS -A VoIP standard netowrking cable for voice communication. If network switches do not get power, a telephone will not get power either, so it is very important to have an arrangement for an uninterrupted power supply What are common attacks for Wireless networks? 1. War Driving 2. War Walking 3. War Chalking - Correct Answer 1. War Driving- technique gain unauthorized access to wireless networks by using hacking tools. 2. War Walking- same as war driving just walking instead. 3. War Chalking- markings are made on building so can use unauthorized access. which of the following should be disable to increase security of wireless network against unauthorized access? A. MAC (Media Access Control) address filtering B. Encryption C. WPA-2 (Wi-Fi Protected Access Protocol) D. SSID (service set identifier) broadcasting - Correct Answer D. SSID (service set identifier) broadcasting The SSID makes your network visible to all. To prevent unauthorized access, the SSID would need to be disabled to prevent unauthroized access Which of the following techniques is more relevant to test wireless (Wi-Fi) security of an organization? A. WPA-2 B. War dialing C. War driving D. Social engineering - Correct Answer C. War driving identify weak signal. Which of the following should be a concern to an IS auditor reviewing a wireless network? A. System hardening of all wireless clients B. SSID (service set identifier) broadcasting) has been enabled C. WPA-2 (Wi-Fi Protected Access Protocol) encryption is enabled D. DHCP (Dynamic Host Configuration Protocol) is disabled at all wireless access points - Correct Answer B. SSID (service set identifier) broadcasting) has been enabled 4. Label res. 5. Create access control list Proper classification and labelling for system resources are important for access control because they: A. help avoid ambiguous resc. name B. reduce the number of rules required to adequately protect res. C. serve as stringent access control D. ensure that internationally recognized names are used to protect resc. - Correct Answer B. reduce the number of rules required to adequately protect res. In co-ordination with database admin, granting access to data is the responsibility of: A. data owners B. system engineer C. security officer D. librarians - Correct Answer A. data owners An IS auditor is reviewing data classification policy of an org. From a control perspective, the PRIMARY objective of classifying Info. Assets is to: A. ensure that all assets are insured against losses B. assist in risk assessment C. est. appropriate access control guidelines D. ensure all info assets have access controls - Correct Answer C. est. appropriate access control guidelines i. ensure integrity and confidentiality of data ii. est. appropirate access control guidelines iii. reduce costs of protecting assets From control perspective, access to application data should be given by, A. database admin B. data custodian C. data owner D. security admin - Correct Answer C. data owner An IS auditor is reviewing access control policy of an org. Which of the following is responsible for authorizing access rights to production data and systems? A. process owner B. data owner C. data custodian D. security admin - Correct Answer B. data owner An IS auditor is reviewing access control policy of an org. Which of the following is the BEST basis for determining the appropriate levels of information resource protection? A. Classification of Inform. Assets B. Data Owner C. Threat Assessment D. Cost of Info. Assets - Correct Answer A. Classification of Inform. Assets An IS auditor is reviewing access control policy of an org. Which of the following is the BEST basis for determining the appropriate levels of information resource protection? A. classification of info. assets B. data owner C. threat assessment D. cost of info. assets - Correct Answer A. classification of info. assets In public key encryption (assymetric encryption) to secure message confidentiality (encrypt by reciever's public key) A. encrypt is done by private key and decrypt is done by public B. encrypt is done by public and decrypt is done by private C. both the key is used to encrypt and decrypt the data are public D. both the key is used to encrypt and decrypt the data are private - Correct Answer B. encrypt is done by public and decrypt is done by private If using public key to encrypt must use private to decrypt In a public key encryption (assymetric encryption) to authenticate (encrypt has by senders private key) the sender of the message: A. hash the message to be encrypted by sender's private key and decrypt is done by sender's public key B. hash of the message to be encrypted by sender's public key and decryption is done by sender's private key C. hash of the message to be encrypted by reciever's private key and decryption is done by reciever public key D. has of the message to be encrypted by reciever public key and decryption is done by recievers private key - Correct Answer A. hash the message to be encrypted by sender's private key and decrypt is done by sender's public key In a public key encryption (assymetric), to ensure integrity (encrypt hash by sender's private key) A. hash message to be encrypt by sender private key and decryption done by senders public key B. hash message to be encrypted by sender public key and decrypt is done by sender private key C. hash message to be encrypted by reciever private key and decrypt is done by reciever public key D. hash message to be encrypted by sender private key and decrypt done by reciever public key - Correct Answer A. hash message to be encrypt by sender private key and decryption done by senders public key which of the following ensures confidentiality (encrypts recievers public key) and also authenticity (encrypts hash of senders private key) of sender message? A. encrypt hask of message with sender private ey and after encrypt message with reciever public key B. encryp hash of message with sender private key and after encrypt message with reciever private key C. encrypt hash of the message with recievers public key and after encrypts message with sender private key D. encrypts hash of the message with recievers public key and after encrypts message with senders public key - Correct Answer A. encrypt hask of message with sender private ey and after encrypt message with reciever public key Message authenticity (hash sender private key) and confidentiality (reciever public key) is best achieved by encrypting hash of the message using the A. sender private key and encrypt message using reciever public key B. sender public key and encrypt message using reciever private key C. reciever private key and encrupt mesage using sender public key D. reciever public key and encrypt using sender private key - Correct Answer A. sender private key and encrypt message using reciever public key Greatest assurance about E-mail authenticity (hash by sender private key) can be ensure using: a. prehash code using sender public key b. prehash code using sender private key c. prehash code using reciever public key d. prehash code using reciever private key - Correct Answer b. prehash code using sender private key A message and message hash in encrypted by the senders privat key will ensure: A. authenticity and integrity B. authenticity and confidentiality C. Integrity and Privacy D. confidentiality and non-repudiation - Correct Answer A. authenticity and integrity A stock broking firm sends invoices to clients through email and wants reasonable assurance tha no one has modified the newsletter. This objective can be achieved by: A. encrypting the hash of invoice using the firms private key B. encrupting hash of invoice using firms public key C. encrupting invoice using firms private key D. encrupting invoice using firms public key - Correct Answer A. encrypting the hash of invoice using the firms private key Which of the following options increases the cost of cryptography? b. transactions are made by computer or mobile c. certificate authority has multiple data processing to manage certificates d. org. owner of the certificat authority - Correct Answer d. org. owner of the certificat authority (considered a conflict of interest, greater threat than A.) is the practice of using remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer. - Correct Answer Cloud Computing What is an IS auditors role in information security? A. Evaluate effectiveness of various security programs - Correct Answer A. Evaluate effectiveness of various security programs which technique is used to obtain the passwords without technical tools or programs? -SOCIAL ENGINEERING - Correct Answer -SOCIAL ENGINEERING What is the most effective way to minimize the impact of social engineering attacks? -SECURITY AWARENESS TRAINING - Correct Answer -SECURITY AWARENESS TRAINING Risk of phishing attack can be best addressed by -user education - Correct Answer -user education educating users will help address the risk of visiting untrusted webist or email links which of the following techniques is used to obtain passwords without tools or programs a. social engineering attack b. password sniffing c. back door d. man in the middle - Correct Answer a. social engineering attack an intruder attempts to obtain sensitive info from user through social and psychological skills- manipulation the most effective ways to minimize impact of social engineering attack is a. install of firewall b. physical security c. security awareness training d. penetration testing - Correct Answer c. security awareness training most effective way to evaluate effectiveness of security awareness training is a. review security training calendar b. review job description c. ask security team d. interact with number of employees - Correct Answer d. interact with number of employees interaction and interviews will help and IS auditor evaluate the state of awareness of infor security requirements. which is the most important aspect of security awareness training? a. organize traning frequent interval b. organize training on employee onboarding c. provide security policy all employees d. provide training related password complexity - Correct Answer a. organize traning frequent interval Effectiveness of awareness programs is indicated by a. users signed in and acknowledged policy b. number os users attending program c. inclusion security responsibility d. an improvement in reporting - Correct Answer d. an improvement in reporting the most important criteria in determining the adequacy of an org. security program is a. fact that policy is available to all b. approriate level of funding initiatives c. awareness of sr. mgmt regarting protection of assets d. availability of job descriptions relation to info. security accountability - Correct Answer d. availability of job descriptions relation to info. security accountability inclusion of info security roles and responsibilites is important in demonstrating maturity of program. Ensures staff are aware of accountability. the risk of phishing attacks can be addressed by a. educating users b. 2 factor authentication c. penetration testing d. IDS - Correct Answer a. educating users Educating users help address risk of visiting untrust links or websites 1 factor resulting in success of social engineering is; a. system error b. confidentiality c. technical expertise d. judgement error - Correct Answer d. judgement error Due to lack of judgement on the person, user provides critical info. What method or attack is are compromised computers, known as zombie computers. a. botnets b. buffer overflow/overrun c. phishing d. spear phishing - Correct Answer a.Botnets What method or attack is primarily used to run malicious software for DDoS attacks, adware, or spam? a. botnets b. buffer overflow/overrun c. phishing d. spear phishing - Correct Answer a.Botnets What method or attack is a common software coding mistake? a. botnets b. buffer overflow/overrun c. phishing d. spear phishing - Correct Answer b. buffer overflow/overrun what method or attack causes the data to overflow into adjacent storage. Occurs when there is more data in a buffer than it can handle. Due to this, an attacker gets an opportunity to manipulate the coding errors for malicious actions. a. botnets b. buffer overflow/overrun c. phishing d. spear phishing - Correct Answer b. buffer overflow/overrun what are the 2 major causes of buffer overflow? a. poor programming/coding practices b. security policy/botnets c. botnets/phishing d. phishing/spear phishing - Correct Answer a. poor programming/coding practices What attack intends to shut down a network or machine by flooding the same with traffic. In DoS attack, a single computer is used to flood a server with TCP or UDP packets. - Correct Answer A (dos)-Denial of service) What attack is known to attack multiple systems to flood the target system. The targeted networK is bombarded with packets from multiple locations - Correct Answer Distributed Denial-of-Service (DDoS) What technique for retrieving sensitive information from trash or garbage bin. a. dumpster diving