













Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Video Quizzes (Fundamental of Information Security) exam with correct answers
Typology: Exams
1 / 21
This page cannot be seen from the preview
Don't miss anything!














You||\||\ want||\||\ to||\||\ ensure||\||\ that||\||\ data||\||\ is||\||\ secure||\||\ from||\||\ prying||\||\ eyes,||\||\ so||\||\ you||\||\ implement||\||\ encryption||\||\ and||\||\ logical||\||\ access||\||\ control||\||\ measures.||\||\ Which||\||\ of||\||\ the||\||\ three||\||\ CIA||\||\ Triad||\||\ principles||\||\ are||\||\ you||\||\ implementing? Confidentiallity 2 ||\||\ multiple||\||\ choice||\||\ options __________||\||\ is||\||\ used||\||\ to||\||\ prevent||\||\ an||\||\ entity||\||\ from||\||\ denying||\||\ an||\||\ action||\||\ took||\||\ place. Non-Repudiation 3 ||\||\ multiple||\||\ choice||\||\ options Which||\||\ of||\||\ the||\||\ following||\||\ is||\||\ NOT||\||\ an||\||\ example||\||\ of||\||\ something||\||\ you||\||\ know||\||\ when||\||\ discussing||\||\ authentication? Keystroke 2 ||\||\ multiple||\||\ choice||\||\ options
Which||\||\ of||\||\ the||\||\ following||\||\ is||\||\ NOT||\||\ a||\||\ best||\||\ practices||\||\ general||\||\ password||\||\ rule||\||\ discussed||\||\ in||\||\ this||\||\ section||\||\ of||\||\ the||\||\ course? Passwords||\||\ should||\||\ be||\||\ shared 3 ||\||\ multiple||\||\ choice||\||\ options You've||\||\ been||\||\ asked||\||\ by||\||\ your||\||\ IT||\||\ manager||\||\ to||\||\ perform||\||\ an||\||\ audit||\||\ review||\||\ of||\||\ access||\||\ records||\||\ for||\||\ a||\||\ specific||\||\ server||\||\ to||\||\ see||\||\ who||\||\ has||\||\ logged||\||\ into||\||\ the||\||\ server||\||\ in||\||\ the||\||\ last||\||\ hour.||\||\ In||\||\ regards||\||\ to||\||\ the||\||\ AAA,||\||\ which||\||\ of||\||\ the||\||\ AAA||\||\ concepts||\||\ applies||\||\ to||\||\ your||\||\ manager's||\||\ request? Accounting 3 ||\||\ multiple||\||\ choice||\||\ options What||\||\ are||\||\ we||\||\ referring||\||\ to||\||\ when||\||\ we're||\||\ talking||\||\ about||\||\ the||\||\ prudent||\||\ man ||\||\ rule? Due||\||\ Care 3 ||\||\ multiple||\||\ choice||\||\ options The||\||\ basic||\||\ risk||\||\ assessment||\||\ equation||\||\ in||\||\ risk||\||\ management||\||\ is: Risk||\||\ assessment||\||\ score||\||\ =||\||\ Impact||\||\ x||\||\ Probability 2 ||\||\ multiple||\||\ choice||\||\ options
cost-effective||\||\ paid||\||\ anti-virus||\||\ solution.||\||\ You're||\||\ performing||\||\ a||\||\ quantitative||\||\ risk||\||\ assessment||\||\ to||\||\ determine||\||\ what||\||\ anti-virus||\||\ software||\||\ your||\||\ company||\||\ should||\||\ purchase.||\||\ You've||\||\ done||\||\ the||\||\ math||\||\ to||\||\ determine||\||\ that||\||\ your||\||\ company's||\||\ current||\||\ annualized||\||\ loss||\||\ expectancy||\||\ (ALE)||\||\ due||\||\ to||\||\ virus||\||\ infections||\||\ is||\||\ $12,000||\||\ with||\||\ the||\||\ current||\||\ ineffective||\||\ free||\||\ anti-virus||\||\ software.||\||\ You're||\||\ considering||\||\ two||\||\ different||\||\ anti-virus||\||\ software||\||\ options.||\||\ Symantec||\||\ that||\||\ will||\||\ cost||\||\ $15,000||\||\ /||\||\ year||\||\ or||\||\ McAfee,||\||\ that||\||\ will||\||\ cost||\||\ $10,000||\||\ /||\||\ year||\||\ for||\||\ an||\||\ annual||\||\ subscription.||\||\ Based||\||\ on||\||\ your||\||\ ALE,||\||\ which||\||\ should||\||\ you||\||\ purchase? McAfee 1 ||\||\ multiple||\||\ choice||\||\ option The||\||\ __________||\||\ the||\||\ overall||\||\ attack||\||\ surface,||\||\ the||\||\ __________||\||\ the||\||\ overall||\||\ risk. Lower;Lower 2 ||\||\ multiple||\||\ choice||\||\ options A||\||\ ____________||\||\ control||\||\ sends||\||\ alerts||\||\ during||\||\ or||\||\ after||\||\ an||\||\ attack. Detective
3 ||\||\ multiple||\||\ choice||\||\ options Which||\||\ of||\||\ the||\||\ following||\||\ is||\||\ NOT||\||\ an||\||\ example||\||\ of||\||\ a||\||\ logical||\||\ access||\||\ control||\||\ measure? Video||\||\ surveillance 3 ||\||\ multiple||\||\ choice||\||\ options A||\||\ ____________||\||\ is||\||\ a||\||\ physical||\||\ access||\||\ control||\||\ measure||\||\ that||\||\ is||\||\ designed||\||\ to||\||\ prevent||\||\ tailgating||\||\ or||\||\ piggybacking. Mantrap 3 ||\||\ multiple||\||\ choice||\||\ options Which||\||\ access||\||\ control||\||\ model||\||\ is||\||\ considered||\||\ the||\||\ strictest||\||\ of||\||\ the||\||\ models||\||\ discussed||\||\ in||\||\ this||\||\ course? Mandatory||\||\ access||\||\ control||\||\ (MAC) 2 ||\||\ multiple||\||\ choice||\||\ options A||\||\ control||\||\ that||\||\ detects||\||\ problems||\||\ before||\||\ they||\||\ arise||\||\ is||\||\ known||\||\ as? Preventative||\||\ Control 3 ||\||\ multiple||\||\ choice||\||\ options
2 ||\||\ multiple||\||\ choice||\||\ options Which||\||\ framework||\||\ was||\||\ created||\||\ by||\||\ Visa,||\||\ Mastercard,||\||\ Discover,||\||\ JCB||\||\ and||\||\ American||\||\ Express||\||\ and||\||\ is||\||\ used||\||\ as||\||\ the||\||\ global||\||\ security||\||\ standard||\||\ for||\||\ payment||\||\ card||\||\ information? PCI-DSS 3 ||\||\ multiple||\||\ choice||\||\ options You're||\||\ the||\||\ network||\||\ administrator||\||\ for||\||\ Alnet||\||\ Corp.||\||\ You||\||\ come||\||\ into||\||\ work||\||\ Tuesday||\||\ morning||\||\ to||\||\ find||\||\ that ||\||\ the||\||\ network||\||\ has||\||\ slowed||\||\ to||\||\ a||\||\ crawl||\||\ and||\||\ several||\||\ users||\||\ are||\||\ complaining||\||\ that||\||\ their||\||\ systems||\||\ are||\||\ running||\||\ very||\||\ slow.||\||\ What||\||\ type||\||\ of||\||\ malware||\||\ are||\||\ they||\||\ most||\||\ likely||\||\ to||\||\ be||\||\ infected||\||\ with? Worm 3 ||\||\ multiple||\||\ choice||\||\ options This||\||\ type||\||\ of||\||\ malware||\||\ will||\||\ execute||\||\ in||\||\ response||\||\ to||\||\ a||\||\ specific||\||\ event,||\||\ such||\||\ as||\||\ when||\||\ a||\||\ specific||\||\ date||\||\ is||\||\ reached. Logic||\||\ Bomb 3 ||\||\ multiple||\||\ choice||\||\ options
____________||\||\ create||\||\ modified,||\||\ self-encrypting||\||\ versions||\||\ of||\||\ themselves||\||\ to||\||\ avoid||\||\ virus||\||\ definition||\||\ detection. Polymorphic||\||\ Viruses 3 ||\||\ multiple||\||\ choice||\||\ options ____________||\||\ modify||\||\ core||\||\ system||\||\ files,||\||\ are||\||\ designed||\||\ to||\||\ gain||\||\ root||\||\ access,||\||\ and||\||\ can||\||\ be||\||\ invisible||\||\ to||\||\ the||\||\ operating||\||\ system||\||\ so||\||\ they||\||\ can||\||\ persist||\||\ without||\||\ detection. Rootkits 3 ||\||\ multiple||\||\ choice||\||\ options ____________||\||\ are||\||\ cyber||\||\ attacks||\||\ against||\||\ software||\||\ flaws||\||\ that||\||\ are||\||\ unknown||\||\ and||\||\ have||\||\ no||\||\ patch||\||\ or||\||\ fix. Zero||\||\ Day||\||\ attacks 3 ||\||\ multiple||\||\ choice||\||\ options ____________||\||\ attacks||\||\ redirect||\||\ users||\||\ from||\||\ legitimate||\||\ websites||\||\ to||\||\ fraudulent||\||\ fake||\||\ websites. Pharming 3 ||\||\ multiple||\||\ choice||\||\ options
having||\||\ people||\||\ physically||\||\ change||\||\ cubicles||\||\ and||\||\ offices,||\||\ and||\||\ he||\||\ says||\||\ yes,||\||\ he||\||\ can||\||\ create||\||\ departmental||\||\ VLANs.||\||\ What||\||\ type||\||\ of||\||\ device||\||\ is||\||\ used||\||\ to||\||\ create||\||\ VLANs? Switches 3 ||\||\ multiple||\||\ choice||\||\ options Port||\||\ Address||\||\ Translation||\||\ (PAT)||\||\ allowing||\||\ us||\||\ to||\||\ map||\||\ multiple||\||\ ____________||\||\ IP||\||\ addresses||\||\ to||\||\ a||\||\ single||\||\ ____________||\||\ IP,||\||\ making||\||\ it||\||\ harder||\||\ for||\||\ hackers||\||\ to||\||\ penetrate||\||\ our||\||\ internal||\||\ private||\||\ network. Private;Public 3 ||\||\ multiple||\||\ choice||\||\ options You're||\||\ a||\||\ systems||\||\ administrator||\||\ for||\||\ Alnet||\||\ Corp.||\||\ You've||\||\ been||\||\ asked||\||\ to||\||\ set||\||\ up||\||\ a||\||\ web||\||\ server||\||\ portal||\||\ for||\||\ our||\||\ business||\||\ partners,||\||\ vendors,||\||\ and||\||\ suppliers.||\||\ Which||\||\ network||\||\ zone||\||\ would||\||\ you||\||\ place||\||\ this||\||\ new||\||\ web||\||\ server||\||\ portal||\||\ in? Extranet 2 ||\||\ multiple||\||\ choice||\||\ options
A||\||\ __________||\||\ is||\||\ a||\||\ network||\||\ security||\||\ feature||\||\ used||\||\ to||\||\ create||\||\ allow/deny||\||\ network||\||\ rules||\||\ to||\||\ filter||\||\ network||\||\ traffic. Access||\||\ Control||\||\ List 3 ||\||\ multiple||\||\ choice||\||\ options An||\||\ Intrusion||\||\ Detection||\||\ System||\||\ (IDS)||\||\ is||\||\ active ||\||\ whereas||\||\ an||\||\ Intrusion||\||\ Prevention||\||\ System||\||\ (IPS)||\||\ is||\||\ passive. False 1 ||\||\ multiple||\||\ choice||\||\ option A||\||\ ____________||\||\ accepts||\||\ a||\||\ client||\||\ computer's||\||\ request,||\||\ retrieves||\||\ the||\||\ content||\||\ from||\||\ the||\||\ Internet, ||\||\ caches||\||\ it,||\||\ and||\||\ then||\||\ returns||\||\ the||\||\ data||\||\ to||\||\ the||\||\ client. Proxy||\||\ Server 3 ||\||\ multiple||\||\ choice||\||\ options ____________||\||\ firewalls||\||\ operate||\||\ at||\||\ the||\||\ Transport||\||\ Layer||\||\ of||\||\ the||\||\ OSI||\||\ Model||\||\ (Layer||\||\ 4)||\||\ and||\||\ monitor||\||\ TCP/IP||\||\ sessions||\||\ for||\||\ valid||\||\ TCP||\||\ sessions. Circuit-Level 2 ||\||\ multiple||\||\ choice||\||\ options
server||\||\ with||\||\ their||\||\ Active||\||\ Directory||\||\ user||\||\ accounts. ||\||\ Which||\||\ WPA||\||\ mode||\||\ should||\||\ you||\||\ use? Enterprise||\||\ Mode 3 ||\||\ multiple||\||\ choice||\||\ options You're||\||\ performing||\||\ a||\||\ wireless||\||\ security||\||\ assessment||\||\ for||\||\ your||\||\ local||\||\ regional||\||\ airport,||\||\ which||\||\ is||\||\ small||\||\ and||\||\ only||\||\ has||\||\ a||\||\ single||\||\ terminal.||\||\ You||\||\ scan||\||\ the||\||\ terminal||\||\ for||\||\ wireless||\||\ networks,||\||\ and||\||\ you||\||\ find||\||\ more||\||\ than||\||\ one||\||\ wireless||\||\ access||\||\ point||\||\ advertising||\||\ the||\||\ same||\||\ SSID.||\||\ You||\||\ discuss||\||\ your||\||\ findings||\||\ with||\||\ the||\||\ IT||\||\ manager||\||\ for||\||\ the||\||\ airport,||\||\ and||\||\ he||\||\ confirms||\||\ that||\||\ the||\||\ airport||\||\ only||\||\ has||\||\ one||\||\ wireless||\||\ access||\||\ point.||\||\ What||\||\ do||\||\ your||\||\ findings||\||\ most||\||\ likely||\||\ confirm? Someone||\||\ has||\||\ installed||\||\ an||\||\ evil||\||\ twin||\||\ wireless||\||\ access||\||\ point||\||\ on||\||\ the||\||\ network. 3 ||\||\ multiple||\||\ choice||\||\ options You've||\||\ been||\||\ hired||\||\ to||\||\ perform||\||\ a||\||\ vulnerability||\||\ assessment||\||\ for||\||\ a||\||\ local||\||\ business.||\||\ You've||\||\ determined||\||\ the||\||\ scope||\||\ of||\||\ your||\||\ vulnerability||\||\ assessment||\||\ with||\||\ the||\||\ business||\||\ owner,||\||\ obtaining||\||\ written||\||\ approval||\||\ to||\||\ perform||\||\ the||\||\ scan.||\||\ Now||\||\ that||\||\
your||\||\ planning||\||\ phase||\||\ is||\||\ complete,||\||\ what's||\||\ the||\||\ next||\||\ step||\||\ in||\||\ your||\||\ vulnerability||\||\ assessment||\||\ process? Perform||\||\ the||\||\ vulnerability||\||\ scan 2 ||\||\ multiple||\||\ choice||\||\ options When||\||\ performing||\||\ a||\||\ penetration||\||\ test,||\||\ clearly||\||\ defined||\||\ rules||\||\ of||\||\ engagement||\||\ are||\||\ optional. False 1 ||\||\ multiple||\||\ choice||\||\ option You||\||\ operate||\||\ a||\||\ small||\||\ IT||\||\ security||\||\ consulting||\||\ firm.||\||\ A ||\||\ prospective||\||\ client||\||\ has||\||\ called||\||\ you||\||\ asking||\||\ for||\||\ you||\||\ to||\||\ review||\||\ their||\||\ policies||\||\ and||\||\ procedures||\||\ and||\||\ check||\||\ the||\||\ overall||\||\ security||\||\ of||\||\ their||\||\ network.||\||\ What||\||\ type||\||\ of||\||\ assessment||\||\ would||\||\ you||\||\ recommend||\||\ be||\||\ performed? Security||\||\ Assessment 3 ||\||\ multiple||\||\ choice||\||\ options You||\||\ operate||\||\ a||\||\ small||\||\ IT||\||\ security||\||\ consulting||\||\ firm.||\||\ A ||\||\ prospective||\||\ client||\||\ has||\||\ called||\||\ asking||\||\ for||\||\ you||\||\ to||\||\ perform||\||\ a||\||\ penetration||\||\ test||\||\ on||\||\ their||\||\ network||\||\ without||\||\ any||\||\ insider||\||\ knowledge||\||\ of||\||\ their||\||\ IT||\||\
You've||\||\ been||\||\ placed||\||\ in||\||\ charge||\||\ of||\||\ updating||\||\ the||\||\ end-user||\||\ systems||\||\ whenever||\||\ new||\||\ operating||\||\ system||\||\ security||\||\ patches||\||\ have||\||\ been||\||\ released.||\||\ Your||\||\ manager||\||\ has||\||\ asked||\||\ you||\||\ to||\||\ make||\||\ sure||\||\ you||\||\ test||\||\ all||\||\ security||\||\ patches||\||\ in||\||\ a||\||\ test||\||\ environment||\||\ before||\||\ they're||\||\ pushed||\||\ out||\||\ into||\||\ the||\||\ production||\||\ environment.||\||\ What||\||\ is||\||\ your||\||\ manager||\||\ asking||\||\ you||\||\ to||\||\ perform||\||\ ____________. Patch||\||\ Management 3 ||\||\ multiple||\||\ choice||\||\ options When||\||\ encrypting||\||\ or||\||\ decrypting||\||\ a||\||\ plain||\||\ text||\||\ message,||\||\ the||\||\ two||\||\ primary||\||\ components||\||\ that||\||\ we||\||\ need||\||\ are||\||\ a||\||\ ____________||\||\ and||\||\ ____________. Algorithm||\||\ and||\||\ Key 3 ||\||\ multiple||\||\ choice||\||\ options With||\||\ symmetric||\||\ encryption,||\||\ both||\||\ the||\||\ send||\||\ and||\||\ the||\||\ receiver||\||\ have||\||\ the||\||\ same||\||\ key. True 1 ||\||\ multiple||\||\ choice||\||\ option
With||\||\ asymmetric||\||\ encryption,||\||\ it's||\||\ important||\||\ that||\||\ you||\||\ share||\||\ your||\||\ private||\||\ key||\||\ with||\||\ anybody||\||\ you||\||\ want||\||\ to||\||\ encrypt||\||\ and||\||\ decrypt||\||\ data||\||\ with. False 1 ||\||\ multiple||\||\ choice||\||\ option Hashing||\||\ algorithms||\||\ provide||\||\ ____________. Data||\||\ Integrity 2 ||\||\ multiple||\||\ choice||\||\ options A||\||\ disaster||\||\ is||\||\ not||\||\ an||\||\ incident. False 1 ||\||\ multiple||\||\ choice||\||\ option The||\||\ step||\||\ in||\||\ incident||\||\ response||\||\ in||\||\ which||\||\ the||\||\ damage||\||\ is||\||\ contained,||\||\ so||\||\ it||\||\ doesn't||\||\ spread||\||\ to||\||\ others||\||\ is||\||\ the||\||\ ____________||\||\ step. Mitigation 3 ||\||\ multiple||\||\ choice||\||\ options You're||\||\ performing||\||\ a||\||\ business||\||\ impact||\||\ analysis||\||\ as||\||\ a||\||\ part||\||\ of||\||\ your||\||\ BCP||\||\ and||\||\ DRP||\||\ development||\||\ process.||\||\ You've||\||\ been||\||\ told||\||\ by||\||\ your||\||\ IT||\||\ administrator||\||\ that||\||\ it||\||\ currently||\||\ takes||\||\ 48 ||\||\ hours||\||\ to||\||\
________||\||\ testing||\||\ simulates||\||\ attacks||\||\ and||\||\ is||\||\ utilized ||\||\ during||\||\ the||\||\ testing||\||\ phase. Dynamic 1 ||\||\ multiple||\||\ choice||\||\ option What||\||\ is||\||\ Zero||\||\ Trust? A||\||\ security||\||\ model||\||\ that||\||\ trusts||\||\ nothing||\||\ by||\||\ default. 3 ||\||\ multiple||\||\ choice||\||\ options What||\||\ is||\||\ a||\||\ basic||\||\ assumption||\||\ of||\||\ Zero||\||\ Trust? The||\||\ network||\||\ is||\||\ assumed||\||\ to||\||\ be||\||\ hostile. 3 ||\||\ multiple||\||\ choice||\||\ options How||\||\ has||\||\ COVID-19||\||\ impacted||\||\ digital||\||\ transformation? It||\||\ has||\||\ accelerated||\||\ digital||\||\ transformation||\||\ by||\||\ six||\||\ years. 3 ||\||\ multiple||\||\ choice||\||\ options What||\||\ is||\||\ the||\||\ top||\||\ benefit||\||\ that||\||\ companies||\||\ have||\||\ reported||\||\ after||\||\ implementing||\||\ a||\||\ zero||\||\ trust||\||\ security||\||\ initiative? Improved||\||\ Risk||\||\ Management 3 ||\||\ multiple||\||\ choice||\||\ options
The||\||\ ________________||\||\ enables,||\||\ monitors,||\||\ and||\||\ terminates||\||\ connections||\||\ between||\||\ a||\||\ subject||\||\ and Policy||\||\ Enforcement||\||\ Point 3 ||\||\ multiple||\||\ choice||\||\ options It's||\||\ a||\||\ good||\||\ idea||\||\ to||\||\ have||\||\ an||\||\ Acceptable||\||\ Use||\||\ Policy||\||\ and||\||\ Code||\||\ of||\||\ Ethics||\||\ that||\||\ your||\||\ employees||\||\ are||\||\ to||\||\ read,||\||\ sign,||\||\ and||\||\ agree||\||\ to||\||\ adhere||\||\ to. True 1 ||\||\ multiple||\||\ choice||\||\ option Education||\||\ and||\||\ training||\||\ shouldn't||\||\ be||\||\ targeted||\||\ to||\||\ different||\||\ groups||\||\ within||\||\ an||\||\ organization. False 1 ||\||\ multiple||\||\ choice||\||\ option With||\||\ ____________,||\||\ knowledge||\||\ is||\||\ shared||\||\ with||\||\ multiple||\||\ people,||\||\ and||\||\ no||\||\ one||\||\ person||\||\ can||\||\ retain||\||\ explicit||\||\ control||\||\ of||\||\ any||\||\ process||\||\ or||\||\ data. Job||\||\ Rotation 3 ||\||\ multiple||\||\ choice||\||\ options