CIS502 Theories of Security Management

docx

School

Strayer University *

*We aren’t endorsed by this school

Course

502

Subject

Computer Science

Date

Jan 9, 2024

Type

docx

Pages

106

Uploaded by stephculbreth

Report
CIS502 Theories of Security Management Week 1-10 Chapter 1-12 Questions Compilation, Practice Test A & B Week 1 1. Which of the following describes the correct relationship between confidentiality and privacy? 1. Confidentiality is about keeping information secret so that we retain advantage or do not come to harm; privacy is about choosing who can enter into one’s life or property 1. Explanation: Confidentiality is about keeping information secret so that we retain advantage or do not come to harm. Keeping information secret means agreeing to limit or control how (or if) that information can be passed on to others. Privacy is the freedom from intrusion into your own affairs, person, property, or ideas. The other options either confuse confidentiality with privacy or do not define or use the concepts correctly. 2. How can you turn data into knowledge? 1. You use lots of data to observe general ideas and the test those ideas with more data you observe until you can finally make broad, general conclusions. These conclusions are what are called knowledge. 1. Explanation: You use lots of data to observe general ideas and then test those ideas with more data you observe until you can finally make broad, general conclusions. These conclusions are called knowledge. The hierarchy of data to knowledge represents the results of taking the lower- level input (i.e., data) and processing it with business logic that uses other information you’ve already learned or processed so that you now have something more informative, useful, or valuable. 3. Which of the following are the individual facts, observations, or elements of measurement? 1. Data 1. Explanation: Data are the individual facts, observations, or elements of measurement, such as a person’s name or their residential address. Information results when we process data in various ways; information is data plus conclusions or inferences. Knowledge is a set of broader, more general conclusions or principles that we’ve derived from lots of information. Wisdom is the insightful application of knowledge. 4. Jayne discovers that someone in the company’s HR department has been modifying employee performance appraisals. If done without proper authorization, this would be what kind of violation? 1. Integrity 1. The correctness or wholeness of the data may have been violated, inflation some employees’ ratings while deflating others. This violate the presumed integrity of the appraisal data. Presumably, HR staff have legitimate reasons to access the data, and even enter or change it, so it is
not a confidentiality violation; since the systems are designed to store such data and make it available for authorized use, privacy has not been violated. Appraisals have not been removed, so there are no availability issues. 5. At a job interview, Fred is asked by the interviewer about activities, pictures, and statements he’s made by posting things on his Facebook and LinkedIn pages. This question by the interviewer: 1. Is a legitimate one, since these pages are published by Fred, and therefore are speech he has made in public places. 1. The question by the interviewer is a legitimate one, since these pages are published by Fred, and therefore are speech he has made in public places. What we say and do in public places, is by definition visible to anyone who wants to watch or listen. Publishing a letter or a book, or writing on a publicly visible social media page is also considered public speech. We have no reasonable expectation of privacy on social media - we have no basis on which to assume that by posting something on our private pages, others whom we’ve invited to those pages will not forward that information on to someone else. 6. A thunderstorm knocks out the commercial electric power to your company’s datacenter, shutting down everything. This impacts which aspect of information security? 1. Availability 1. If the equipment cannot run because there is no power, then no data stored in it can be displaced, printed, or shared with users - data is not available. The given scenario impacts the availability aspect of information security. 7. What is business logic? 1. The set of rules that dictate or describe the processes that a business uses to perform the tasks that lead to achieving the required results? 1. Business logic is the set of rules that dictate or describe the processes that a business uses to perform the tasks that lead to achieving the required results, goals, or objectives. The rules and constraints by themselves are not the business logic. Processes (software or people procedures) are not business logic, but they should accurately and effectively implement that logic. 8. How does business logic relate to information security? 1. Business logic represents decisions the company has made and may give it a competitive advantage over others in the marketplace; it needs to be protected from unauthorized change. Processes that implement the business logic need to be available to be run or used when needed. Thus, confidentiality, integrity, and availability. 1. The sequence of steps in a process (such as a recipe for baking a cake) reflects the logic and knowledge of what needs to be done, in what order, and within what limits, as well as the constraints to achieve the desired conditions or results. That’s what business logic is. Most businesses know how to do something that they do better, faster, or cheaper than their competitors, and thus their business logic gives them an advantage in the marketplace. 9. Your company uses computer-controlled machine tools on the factory floor as part of its assembly line. This morning, you’ve discovered that somebody erased a key set of machine control parameter files, and the backups you have will need to be updated and
verified before you can use them. This may take most of the day to accomplish. What information security attribute is involved here? 1. Integrity 1. Although it is clear that the necessary parameter files are not available, this seems to have been caused because somebody could violate the integrity requirements of those files - deleting them does not seem to have been an authorized change. 10. The protection of intellectual property (IP) is an example of what kinds of information security need? 1. Confidentiality 1. The protection of intellectual property (IP) is an example of confidentiality. Disclosure of intellectual property in unauthorized ways can end up giving away any competitive advantage that IP might have had for the business. 11. When you compare safety to security for information systems, which of the following statements are correct? (Choose all that apply) 1. When information security measures fail to keep critical data available and correct, the resulting system malfunctions could lead to loss of revenue, property damage, injury, or death. 1. Keeping a system safe also means “safe from harm,” and thus means much the same as keeping it secure. 1. “Safety” for information systems cn mean keeping the system from suffering damage, keeping the system from failing in ways that cause damage, or both. Thus, Options A and C are correct, though hey are different aspects of safety. 12. John works as the chief information security officer for a medium-sized chemical processing firm. Which of the following groups of people would not be stakeholders in the ongoing operation of this business? 1. State and local tax authorities 1. All other groups have valid personal interest in the success and safe operation of the company; a major chemical spill or fire producing toxic smoke, for example, could directly injure them or damage their property. Although state and local tax authorities might also suffer a loss of revenues in such circumstances, they are not involved with the company or its operation in any way. 13. Suppose that you work for a business or have a business as your client. As an SSCP, which of the following groups do you have responsibilities to? (Choose all that apply.) 1. Coworkers, managers, and owners of the business that employs your (or is your client) 1. Competitors of the business that employs you or is your client. 1. Customers, suppliers, or other companies that work with this business. 1. People and groups that have nothing to do with this business. 1. Options A and C represent direct or indirect stakeholders in the business that employs the SSCP. Options B and D represent other members of society, and you owe them professional service as an SSCP as well. The service you owe others in the marketplace would not include divulging your employer’s private data, of course! 14. We often hear people talk about the need for information systems to be safe and reliable. Is this the same as saying that they need to be secure? 1. Yes, because the objective of information security is to increase our confidence that we can make sound and prudent decisions based on what those information systems are telling us, and in doing so causes no harm.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
15. As an SSCP, you work at the headquarters of a retail sales company that has many stores around the country. Its training department has prepared different training materials and operations manuals for in-store sales, warehouse staff and other team members to use in their jobs. Most of these describe procedures that people do as they work with one another or with customers. From an information security standpoint, which of the following statements are correct? 1. If the company has decided that the content of these training materials is proprietary or company confidential, then their confidentiality must be protected. They must also be protected from tampering or unauthorized changes and be available to staff in the stores to sue when they need them, if the company is to do business successfully. Therefore, information security applies. 16. Due diligence means which of the following? 1. Monitoring and assessing that the actions you’ve taken to fulfill your responsibilities are working correctly and completely. 1. Due diligence is continually monitoring and assessing whether the necessary and prudent steps are achieving required results and that they are still necessary, prudent, and sufficient. It is the verification that all is being done well and properly. 17. What do we use protocols for? (Choose all that apply) 1. To conduct ceremonies, parades, or how we salute superiors, sovereigns, or rulers 1. To have conversation with someone and keep a disagreement from turning into a hostile, angry argument 1. To connect elements of computer systems together so that they can share the taks and control each other 1. These options show the human social communications need fr signaling one another about the communication we’re trying to achieve. 18. As the IT security director, Paul does not have anybody looking at systems monitoring or event logging data. Which set of responsibilities is Paul in violation of? 1. Due diligence 1. Paul is violating the responsibilities of due diligence. The fact that systems monitoring and event data is collected at all indicates that Paul or his staff determined it was a necessary part of keeping the organization’s information systems secure - they took (due) care of those responsibilities. But by not reviewing the data to verify proper systems behavior and use, or to look for potential intrusions or compromises, Paul has not been diligent. Integrity and availability do not relate to the given scenario. 19. Why is the preamble to (ISC) 2 Code of Ethics important to us as SSCPs? 1. It is vital to understand the code because it sets purpose and intention; it’s our mission statement as professionals. 20. Do the terms cybersecurity, information assurance, and information security mean the same thing? (Choose all that apply) 1. Yes, but each finds preference in different markets and communities of practice. 1. No, because different groups of people in the field choose to interpret these terms differently, and there is no single authoritative view. 1. In many respects, the debate about what to call what we’re studying is somewhat meaningless. Option B shows that in different communities the different terms are held in greater or lesser favor. It is how people use terms that establish their meaning and not what a “language authority” declares the terms to mean. Option A describes this common use of
different terms as if they are different ideas - defense and intelligence communities, for example, prefer “cybersecurity,” whereas financial and insurance risk managers prefer “information assurance.” And yet defense will use “information assurance” to refer to what senior commanders need when making decisions, and everybody talks about “information security” as if all it involves is the hard, technical stuff - but didn’t cybersecurity cover that? 21. An accounting employee at Doolittle Industries was recently arrested for participation in an embezzlement scheme. The employee transferred money to a personal account and then shifted funds around between other accounts every day to disguise the fraud for months. Which one of the following controls might have best allowed the earlier detection of this fraud? 1. Mandatory vacation 22. Which of the following is not one of the four canons of the (ISC)2 2 code of ethics? 1. Avoid conflicts of interest that may jeopardize impartiality. 23. Which of the following is not one of the canons of the (ISC) 2 Code of Ethics? 1. Maintain competent records of all investigations and assessments. 24. You discover that a user on your network has been using the Wireshark tool, as shown here. Further investigation revealed that he was using it for illicit purposes. What pillar of information security has most likely been violated? 1. Confidentiality 25. Gina recently took the SSCP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC) 2 Code of Ethics is most directly violated in this situation? 1. Advance and protect the profession. 26. Beth is the security administrator for a public school district. She is implementing a new student information system and is testing the code to ensure that students are not able to alter their own grades. What principle of information security is Beth enforcing? 1. Integrity 27. Frank discovers a keylogger hidden on the laptop of this company’s chief executive officer. What information security principle is the keylogger most likely designed to disrupt? 1. Confidentiality 28. Which of the following security programs is designed to establish a minimum standard common denominator of security understanding? 1. Awareness 29. Juniper Content is a web content development company with 40 employees located in two offices: one in New York and a smaller office in San Francisco Bay Area. You are newly appointed IT manager for Juniper Content, and you are working to augment existing security controls to improve the organization’s security. There are historical records stored on the server that are extremely important to the business and should never be modified. You would like to add integrity control that allows you to verify on a periodic basis that the filers were not modified. What control can you add? 1. Hashing 1. You can add hashing that allows you to computationally verify that a files has not been modified between hash evaluations. Hashing the entire contents of a file produces a long-form error detection and correction code by reapplying the hash function and comparing that resultant hase value to the one store with the file; a mismatch indicates the file may have been corrupted or changed.
30. The (ISC)2 Code of Ethics applies to all SSCP holders. Which of the following is not one of the four mandatory canons of the code? 1. Disclose breaches of privacy, trust, and ethics.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Week 2 1. Why do SSCPs need to appreciate the culture of the organization they are working with in order to be effective as information risk managers? (Choose all that apply.) a. Old-boy networks and informal information and decision paths may make anything written down in business processes, manuals, and so forth somewhat suspect. b. Organizationl culture determines how willingly managers and workers at all levels will accept greater responsibilities and accountability; which can severely limit the SSCP’s ability to get a risk management plan enacted. i. Key elements of organizational culture that can impede or facilitate implementation of a risk management approach. 2. Which of the following is the probability of an even occurring that disrupts your information and the business processes and systems that use it? a. Risk 3. Terri has recently been assigned to the information security team as a risk assessment analyst. As she goes through the files (on paper and in the company’s cloud-based information systems) that the company already has, she realizes that they are inconsisten in format and hard to use to perform analysis, and that there are no controls over who in the company can access these files. Does any of this present an information security concern? (Choose all that apply.) a. Yes, because the lack of controls on access and use suggests that data integrity is lacking or cannot be assessed. b. Yes, because the data in these fuels could represent significant vulnerabilities of company systems, and its inadvertent or deliberate disclosure could be very damaging to the company. c. Yes, because conflicting formatsand content might make much of the data unusable for analysis and decision making without a lot of effort, impacting whether that data can support decision making in a timely manner. 4. Jill has recently joined a software development startup company as an information risk analyst, and she notices that the company does not make use of any risk management frameworks. Wish is the best advice you could give Jill? a. As an SSCP, Jill knows that risk management frameworks can offer valuable lessons to learn from as organizations start to plan and conduct risk management (and information risk management) activities. Jill should talk with her supervisor, and perhaps propose that she draft a concept for how to select, tailor and use one of the widely accepted RMFs. 5. Which is the most correct statement as to what it means to have a proactive approach with your information security risk management plans, programs, and systems? a. Being proactive means that you use the best knowledge you have today, including lessons learned from other organizations’ experience with information risk, and you plan ahead to deal with them, rather than wait for them to occur and then investigate how to respond to them. 6. Which of the following looks at your business procedures and how different risks can impact, disrupt, or block your ability to run those procedures successfully? a. Process-based 7. What kind of information is part of an information risk assessment process?
a. Loss revenues during the downtime caused by the risk incident, including the time it takes to get things back to norml. 8. As chief risk officer, you are asked if ignoring risk is the same thing as accepting it. Which of the following might be part(s) of your reply? a. Yes, because in both cases you have decided to do nothing different and just keep on with business as usual 9. What are the basic choices for limiting or containing the damage from risks? a. Deter, detect, prevent, and avoid 10. There are three ways in which risk assessments can be done. Choose the answer that orders them from best to least in terms of their contribution to risk management decision making. a. There is no order, that all can and should be use, as each reveals something more about the risks you have to manage. i. (CVE-based, quantitative, qualitative) 11. How does information risk relate to information systems risk or information technology risk? a. They express the logical flow of making decisions about risk: first, what information do you need; second, how you get it, use it, and share it with others in the decision process; and third, what technologies help make all of that happen. The probability of an even causing disruption to any st3ep of that decision process is a risk. 12. Which of the following shows the major steps of the information risk management process in the correct order? a. Set priorities; assess risks; implementing risk treatment plans; continuous monitoring 13. Tom is the chief information security office for a medium-sized business. It’s been brought to his attention that the company has been storing its backup systems images and database backups in an office facility that has no alarm system and no way of knowing whether there were any unauthorized persons entering that facility. Which of the following might apply to this situation? (Choose the best response) a. This could be a case of failing to perform both due care and due diligence. 14. What does it mean to have an integrated information risk management system? a. You provide the communications capabilities to bring status, state, and health information from all countermeasures and controls, and all systems elements, to information security managers, who can then direct timely changes in these controls in real time as required to respond to an incident. 15. Which of the following is referred to as the maximum tolerable period of disruption? a. MAO 16. Patsy is reviewing the quantitative risk assessment spreadsheet, and she sees multiple entries where the annual rate of occurrence (ARO) is far greater than the single loss expectancy (SLE). This suggests that: a. The particular risk is assessed to happen many times per year; thus, its ARO is much greater than 1 17. When we call an attack a “zero-day exploit,” we mean that: a. The attack exploited a previously unreported vulnerability before the affected systems or software vendor recognized and acknowledged it, reported or disclosed it, or provided a warning to its customers. 18. The acronym BIA refers to which of the following: a. A document identifying all of the impacts to the business due to the risks it has chosen to assessl forms the basis for risk mitigation planning and implementation
19. Which of the following starts with the premise that all systems have an external boundary that separates what the system owner, builder, and user own, control, or use, from what’s not part of the system? a. Threat modeling 20. Kim manages risk for an online publishing company on the island of St. Kitts, which currently uses an on-premsises datacenter as its content development facilityl it e-ships content to customers who are then responsible for hosting it wherever they want. Kim’s division cide president is concerned about risks, and so Kim has done some estimating. The datacenter has enough backup power supply capacity to do a graceful shutdown, but normal round-the-clock, seven-day-per-week development operations must have commercial pwer available. Recent experience shows that at least once per month, a brownout or blackout lasting at least eight hours occurs. Each description costs the company an additional two hours to restore operations. Which statements about risk assessment are not correct? (Choose all that apply.) a. If the ALE exceeds the safeguard value, Kim should advise that the company implement that safeguard. b. If the SLE exceeds the safeguard value, Kim should advise that the company implement that safeguard. 21. Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but doe not receive normal operational issue messages? a. The severity level 22. Which of the following types of controls do describe a mantrap? Each correct answer represent a complete solution. Choose all that apply. a. Preventative b. Deterrent c. Physical 23. Maddox is conducting an information audit for his organization. Which of the following elements that he discovery is least likely to be classified as PII when used in isolation? a. IP Addresses 24. You are conducting a qualitative risk assessment for your organization. The two important risk elements that should weigh most heavily in your analysis of risk are probability and ___. a. Impact 25. Microsoft’s STRIDE threat assessment framework uses six categories for threats; Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue? a. Repudiation and tampering 26. Jim would like to identify compromise systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known command- and-control servers. Which one of the following techniques would be most likely to provide this information if Jim has access to a list of known servers? a. Netflow records 27. Susan needs to predict high-risk areas for her organization and wants to use metrics to assess risk trends as they occur. What should she do to handle this? a. Identify and track key risk indicators 28. Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it would take to restore a particular IT service after an outage. What variable is Greg calculating? a. RTO
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
29. What type of risk assessment uses tools such as the one shown here? a. Qualitative 30. Chris is worried that the laptops that his organization has recently acquired were modified by a third party to include keyloggers before they were delivered. Where should he focus his efforts to prevent this? a. His supply chain 31. Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort's primary data center is in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million. Henry consulted with tornado experts, data center specialists and structural engineers. Together they determined that a typical tornado would cause approximately $5 million of damages to the facility. The meteorologists determined that Atwood's facility lies in an area where they are likely to experience a tornado once every 200 years. Based on the information in this scenario, what is the exposure factor for the effect of a tornado on Atwood Landing's data center a. 50% 32. Tom is considering locating a business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region and determines that the area e is considering lies within a 100-year flood plain. What is ARO of a flood in this area? a. 0.01 33. Which of the following is a detailed, step-by-step document that describes the exact actions that individuals must complete? a. Procedure 34. Which of the following is an example of physical infrastructure hardening? a. Fire suppression system 35. Which of the following statements is true about heuristic-based anti-malware software? a. It has a higher likelihood of detecting zero-day exploits than signature detection
36. Ryan is a security risk analyst for an insurance company. He is currently examining a scenario in which a malicious hacker migh use an SQL injection attach to deface a web server because of a missing patch in the company’s wen application. In this scenario, what is the threat? a. Malicious hacker 37. Jasper Diamonds is a jewelry manufacturer that markets and sells customer jewelry through their website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wants to follow commonly accepted approaches. Who should the organization appoint to manage the policies and procedures surrounding change management? a. Change manager 38. Information about an individual like their name, ssn, data and place of birth, or their mother’s maiden name is an example of what type of protected information? a. PII 39. The company that Jennifer works for has implemented a central login infrastructure, as shown in the following figure. What technology should an organization use for each of the devices shown in the figure to ensure that logs can be time-sequenced across the entire infrastructure? a. NTP 40. The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. During normal operations, Jennifer’s team uses the SIEM appliance to monito for exceptions received via syslog. What system shown does not natively have support for syslog events? a. Windows desktop systems
41. The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. Jennifer needs to ensure that all Winbdows systems provide identical information to the SIEM. How can she best ensure that all Windows desktops have the same log settings? a. Use group policy. 42. What principle of information security states that an organization should implement overlapping security controls whenever possible? a. Defense in depth 43. Alex’s job requires him to see protected health information to ensure the proper treament of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control? a. Need to know. 44. Colleen is conducting a business impact assessment for her organization. What metric provides the maximum time that a business process or task cannot be performed without causing intolerable disruption or damage to the business? a. MAO 45. What type of alternate processing facility includes all of the hardware and data necessary to restore operations in a matter of minutes or seconds? a. Hot site 46. Which NIST special publication covers the assessment of security and privacy controls? a. 800-53A 47. When developing a business impact analysis, the team should first create a list of assets. What should happen next? a. Develop a value for each asset, Week 3 1. Which of the following activities is not part of the information risk mitigation? 1. Implementing new systems features or capabilities to enhance product quality. 1. Improving product quality is a laudable goal but it is not related to information risk mitigation. 2. An architecture assessment includes all of the following activities except for which one? 1. Review of software testing procedures and results. 1. The architecture assessment is both an inventory of all systems elements and a map or process flow diagram that shows how these elements are connected to form or support business processes and thereby achieve the needs of required business logic. This requires a thorough review and analysis of existing physical asset/equipment inventories, network and communications diagrams, contracts with service providers, error reports, and change requests. 3. Fixing patch to eliminate a vulnerability is an example of which of the following? 1. Remediating or mitigating a risk 4. How do physical, logical, and administrative controls interact with one another? 1. Administrative controls should direct and inform people; logical controls implement those directions in the IT architecture; physical controls
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
reinforce by preventing or deterring disruptions to the hardware, systems, and support infrastructures themselves. 5. How might you keep a gap from becoming a blind spot in your information security defenses? (Choose all that apply.) 1. Ensure that systems elements around the gap provide sufficient detection and reporting capabilities so that an event of interest occurring in the gap cannot spread without being detected 6. Which of the following most correctly addresses whether penetration testing is suitable for use during systems security verification or is best suited to ongoing monitoring and assessment? (Choose all that apply.) 1. Penetration testing is most revealing when performed against a baseline already in use for some time, because the risks of people becoming complacent and mitigation controls becoming out of date increase with time. 1. Penetration testing is not useful during verification testing or systems assessment, because by its nature penetration testing is a somewhat covert attempt to simulate a hostile, attack, whereas verification testing is a formalized, planned, and monitored activity. 1. Penetration testing is normally used during post deployment systems assessment and starts with current knowledge of how threat actors attempt to reconnoiter, surveil, select, and penetrate a target; verification starts with a functional security requirements baseline and confirms (via audit, test, or inspection) that each requirement in that baseline still functions properly. Both techniques complement each other during ongoing operation assessment. 7. How do we perform ongoing monitoring of our IT systems to ensure that all risk mitigation controls and countermeasures are still protecting us? (Choose all that apply.) 1. Periodically, gather up all of the event logs and monitoring log files, collate them, and see if potential events of interest are apparent. 1. Routinely poll or asks users if abnormal systems behaviors have been noted. 1. Review systems performance parameters, such as throughputs, systems loading levels, resource utilization, etc., to se if they meet with expectations. 8. Which statement(s) about information architectures and IT architectures are most correct? 1. Business needs should drive administrative security policies based on the information architecture; the IT architecture then needs to have its administrative, logical, and physical controls driven to support the information architecture’s security needs. 9. How should IT services such as PaaS, IaaS, and SaaS be evaluated as part of a security assessment? 1. The BIA and the architecture baselines should make clear what risks are transferred to the cloud services provider either in whole or in part, or where their services are assumed to be parts of the mitigation strategy. The security assessment should clearly identify this to as great a detail as it can, particularly for the risks identified in the BIA as of greatest concern. 10. Why are shadow IT systems or elements a concern to information security specialists? (Choose all that apply.)
1. Most are written by well-intended users and may be widely used by people in the organization, but quite often they are not subjected to even the most basic software quality assurance measures and are outside of configuration management and control. Hence, they pose potential risks to the IT architecture. 1. The more complex and dynamic these shadow systems become, the less confidence management should have in the reliability, integrity, and confidentiality of the results the produce. 11. Which statement correctly describes the usefulness of CVE data as part of your risk mitigation planning? 1. It’s a great source of information for known systems elements and known vulnerabilities associated with them, but it does nothing for vulnerabilities that haven’t been reported yet or for company-developed IT elements. 12. What important role does systems monitoring perform in support of incident management? 1. The role is essential; by bringing together alert and alarm indicators from systems and their associated security controls and coin countermeasures, monitoring is the watchdog capability that activates incident response capabilities and plans. 13. How should the SSCP assess the human elements in a system as part of vulnerability assessments? (Choose all that apply.) 1. Every step in every process, whether performed by people or machines, is a potential vulnerability and should be assessed in accordance with the BIA’s established priorities. 1. If the vulnerability assessment indicates that no amount of user training or administrative controls can reduce the risk of an incorrect human action to accessible levels, then further physical or logical controls, or a process redesign, may be needed. 14. What does it mean to accept a risk? 1. You simply decide to do nothing about the risk 15. Which of the following might be legitimate ways to transfer a risk? (choose all that apply.) 1. Recognize that government agencies have the responsibility to contain, control, or prevent this risk, which your taxes pay them to do. 1. Pay insurance premiums for a policy that provides for payment of claims and liabilities in the even the risk does occur. 1. Shift the affected business processes to a service provider, along with contractually making sure they are responsible for controlling that risk or have countermeasures in place to address it. 16. What are some of the reasons you might recommend that risks be avoided? (Choose all that apply.) 1. It might cost more to mitigate or control a risk than the business stands to gain by operating with the risk in place. 1. Replacing a vulnerable set of processes with ones that are less vulnerable can be more effective and less costly than attempting to redesign or repair the vulnerable steps or elements. 17. What roles do testing and verification play in information security? (Choose all that apply.) 1. Provide continued confidence in the security of the information systems under test and verification 1. Highlight the need for further risk mitigation, controls, and countermeasures.
1. Confirm that countermeasures and controls are still achieving the required degree of protection. 18. What is the role of threat modeling in performing a vulnerability assessment? 1. Threat modeling focuses attention on boundaries between systems elements and the outside world, and this may help you discover poorly secured VPN or maintenance features or tunnels installed by malware. 19. How are dashboards used as part of systems monitoring or incident response? 1. By combining highly summarized key performance parameters with ongoing and recent event data, systems managers can see at aglance whether systems are behaving within expected limits, detect whether subsystems have failed (or are under attack), and drill down to get further data to inform incident response decision making. 20. What is the role of incident response and management in risk mitigation and risk management? 1. Incident response and management are vital to risk mitigation; they provide the timely, detection, notification, and intervention capabilities that contain the impact of a risk event and manage efforts to recover from it and restore operations to normal. 21. Carl recently assisted in the implementation of a new set of security controls designed to comply with legal requirements. He is concerned about the long-term maintenance of those controls. Which on of the following is a good was for carl to ease his concerns? 1. Periodic Audits 22. Susan needs to scan a system for vulnerabilities, and she wants to use an open source tool to test the system remotely. Which of the following tools ill meet her requirements and allow vulnerability scanning? 1. OpenVAS 23. The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept? 1. SDN, a converged protocol that allows network virtualization. 24. Tom is responding to a recent security incident and is seeking information on the approval process for a recent modification to a system’s security settings. Where would he most likely find this information? 1. Change log 25. Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower? 1. Impact 26. Yolanda is writing a document that will provide an organization’s information security risks, its chosen mitigation approaches, and its decisions about residual risk. What type of document is she preparing? 1. Baseline 27. GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy? 1. Encrypting the files 28. Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, th committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing? 1. Risk acceptance 29. Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next? 1. Validation 30. What type of vulnerability scan accesses configuration information from the systems it is run against as well as information that can be accessed via services available via the network? 1. Authenticated scans 31. Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using? 1. A vulnerability scanner 32. Which of the following control categories does not accurately describe a fence around a facility? 1. Detective 33. After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending? 1. Risk transference 34. What business process typically requires sign-off from a manager before modifications are made to a system? 1. Change management 35. Which of the following is an example of risk transference? 1. Purchasing insurance 36. Chris is responsible for his organization’s security standards and has guided the selection and implementation of a security baseline for Windows PCs in his organization. How can Chris most effectively make sure that the workstations he is responsible for are being checked for compliance and that settings are being applied as necessary? 1. Create startup scripts to apply policy at system start 37. Tom enables an application firewall provided by his cloud infrastructure s a service provider that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower? 1. Likelihood 38. Tamara recently decided to purchase cyber-liability insurance to cover her company’s costs in the event of a data breached. What risk management strategy is she pursuing? 1. Risk transference 39. Which of the following is not an example of technical control? 1. Policy document 40. Alex is preparing to solicit bids for a penetration test of his company’s network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process? 1. Crystal box 41. Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk strategy did Rolando’s organization pursue?
1. Risk acceptance 42. Kyle is being granted access to a military computer system that uses System High mode. What is not true about Kyle’s security clearance requirements? 1. Kyle must have a valid need to know for all information processed by the system 43. The Acme Widgets Company is putting new controls in place for its accounting department. Management is concerned that a rogue accountant may be able to create a new false vendor and then issue checks to that vendor as payment for services that were never rendered. What security control can best help prevent this situation? 1. Separation of duties 44. Jasper Diamonds is a jewelry manufacturer that markets and sells customer jewelry through its best website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wants to follow commonly accepted approaches. Jasper would like to establish a governing body for the organization’s change management efforts. What individual or group within an organization is typically responsible for reviewing the impact of proposed changes? 1. Change manager 45. Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create? 1. A realm trust 46. Dogs, guards, and fences are all common examples of what type of control? 1. Physical 47. What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices? 1. Syslog 48. Jim is designing his organization’s log management systems and know that he needs to carefully plan to handle the organization’s log data. Which of the following is not a factor that Jim should be concerned with? 1. A lack of sufficient log sources 49. Jasper Diamonds is a jewelry manufacturer that markets and sells customer jewelry through its best website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wants to follow commonly accepted approaches. During what phase of the chane management process does the organization conduct peer review of the change for accuracy and completeness? 1. Analysis/Impact Assessment 50. Mike recently implemented an intrusion prevention system to block common network attacks. What type of risk management strategy is Mike pursuing? 1. Risk mitigation 51. What term is used to describe a set of common security configurations, often provided by a third party? 1. Baseline 52. Which one of the following is an administrative control that can protect the confidentiality of information? 1. Non-disclosure agreement 53. Chris is responsible for workstations throughout his company and knows that some of the company’s workstations are used to handle propriety information. Which option best
describes what should happen at the end of their lifecycle for workstations he is responsible for? 1. Sanitation 54. Which group is best suited to evaluate and report on the effectiveness of administrative controls an organization has put in place to a third party? 1. External auditors 55. What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes? 1. Regression testing 56. Ben is responsible for the security of payment card information stored in a database. Policy directs that he remove the information from the database, but he cannot do this for operational reasons. He obtained an exception to policy and is seeking an appropriate compensating control to mitigate the risk. What would be his best option? 1. Encrypting the database contents 57. Which of the following are the goals of a formal change management program? 58. Alex wants to use an automated tool to fill web application forms to test for format string vulnerabilities. What type of tool should he use? 1. A fuzzer Week 4 Chapter 5 Week 5 Chapter 6 1. Which set of steps correctly shows the process of identity management? 1. Provisioning, Review, Revocation (2,3,4) 2. Which statements about AAA in access control are correct? (Choose all that apply.) 1. Analysis, auditing, and accounting are services provided by an access control system’s server. 1. Authorization checks to see if an identity has the right(s) to access a resource, while authentication validates that the identity is what it claims to be. Accounting tracks everything that is requested, approved, or denied. 3. Which form of access control grants specific privileges to subjects regarding specific objects or classes of objects based on the duties or tasks a person (or process) is required to fulfill? 1. Role-based 4. Which statement about a reference monitor in identity management and access control system is correct? 1. It performs all the function necessary to carry out the access control for an information system. 5. What is the role of third parties in identity management and access control? (Choose all that apply.)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1. Credential service can be provided by third parties or by internal services as part of your systems. 1. Identify proofing can be provided by external third parties. 1. Identify as a service, usually via a cloud or web-based service, is provided by numerous third parties. 6. Which statement about subjects or objects is not true? 1. Subjects are what users or processes required access to in order to accomplish their assigned duties. 7. John has talked with his IT director about getting an upgrade to their network access control tools that will allow them to implement remediation and quarantine measures. His director thinks this is unnecessary because their enterprise antimalware system provides for quarantine. Is John's director correct? Which of the following should John share with his director? 1. No, because malware quarantine moves infected files into safe storage where they cannot be executed or copied by users; network access control quarantine prevents devices that are not up-to-date with software updates or other features from connecting to he Internet without performing required updates. 8. Your IT director has asked you for a recommendation about which access control standard your team should be looking to implement. He has suggested either Diameter or XTACACS can be implemented. Which of the following gives you the best information to use in replying to your boss? 1. The standard is IEEE 802.1X; Diameter and XTACACS are implementations of the standard. 9. Do we need IPSec? 1. IPSec provides key protocols and services that use encryption to provide confidentiality, authentication, integrity, and nonrepudiation at the packet level; without it, many of the Layer 2,3, and 4 protocols are still unprotected from attack. 10. Which statement about single-factor vs. multifactor authentication is most correct? 1. Multifactor requires greater implementation, maintenance, and management, but it can be extremely hard to spoof as a result. 11. Multifactor authentication means that our systems validate claims to subject identity based on all of the following except some aspect of: 1. What the subject does. 12. In access control authentication systems, which is riskier, false positive or false negatives errors? 1. False positive errors, because they lead to a threat actor being granted access 13. Your IT department head wants to implement SSO, but some of the other division heads think it adds too much risk. She asks for your advice. Which statement best helps her address other managers' concerns? 1. Yes and no; single sign-on by itself would be risky, but thorough and rigorous access control at the system, application, and data level, tied to job functions or other attributes, should provide one-stop login but good protection. 14. What's the most secure way to authenticate device identity prior to authorizing it to connect to the network? 1. Multifactor authentication that considers device identification, physical location, and other attributes 15. Which statement about federated access systems is most correct? 1. By making identity more portable, federated access allows multiple organizations to collaborate, but it does require greater attention to access control for each organization and its systems.
16. Which of the following is allowed under mandatory access control policies? 1. None of these are allowed under mandatory access control policies 17. What kinds of privileges should not be part of what your mandatory access control policies can grant or deny to a requesting subject? (Choose all that apply.) 1. Any privilege relating to reading from, writing to, modifying, or deleting the object in question, if it was created or is owned by the requesting subject 1. Modifying access control system constraints, rules, or policies 18. A key employee seems to have gone missing while on an overseas holiday trip. What would you recommend that management do immediately, with respect to identity management and access control, for your federated access systems? Choose the most appropriate statement. 1. Suspend all access privileges for devices normally used by the employee, such as their laptop, phablet, or phone (employee-owned, company-provided, or both). If possible, quickly establish a captive portal or quarantine subnet to route access attempts from these devices to. 19. Which statement about extranets and trust architectures is most correct? 1. Trust architectures are the integrated set of capabilities, connections, systems, and devices that provide different organizations safe, contained, and secure ways to collaborate together by sharing networks, platforms, and data as require; thus, extranets are an example of a trust architecture. 20. What role should zero trust architectures play in your organization’s information security strategy, plans, and programs? 1. By guiding you to micro-segment your networks and systems into smaller, finer gran zones of trust, you focus your attention on ensuring that any attempts to cross a connection between such zones has to meet proper authetnciation standards. 21. Which statement about trust relationships and access control is most correct? 1. Trust relationships describe the way different organizations are willing to trust each other’s domain of users when developing federated access arrangements. 22. Which of the following statements is true about discretionary access control policies? 1. Subjects can change rules pertaining to access control but only if this uniformly permitted across the system for all subjects. 23. Which form of access control is probably best for zero trust architectures to use? 1. Attribute-based 24. Fred's company wants to ensure the integrity of email messages sent via its central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest? 1. Digitally sign and encrypt all messages to ensure integrity 25. Lauren starts at her new job and finds that she has access to a variety of systems that she does not need to accomplish her job. This is a violation of which of the following? 1. Least privilege 26. Kaiden is creating an extranet for his organization and is concerned about unauthorized eavesdropping on network communications. Which one of the following technologies can he use to mitigate this risk? 1. VPN 27. Gary is preparing to create an account for a new user and assign privileges to the HR database. What two elements of information must Gary verify before granting this access? 1. Clearance and need to know 28. Ben owns a coffeehouse and wants to provide wireless Internet Service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router
and a cable modem connected via a commercial cable data contract. After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible? 1. Open networks are unencrypted, making traffic easily sniff able 29. How does single sign-on increase security? 1. It helps decrease the likelihood that users will write down their passwords 30. Which one of the following is the first step in developing an organization’s vital records program? 1. Identifying vital records 31. Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained the new privileges associated with that position, but no privileges were ever taken away. What concept describes the sets of privileges she has accumulated? 1. Aggregation 32. Gwen comes across an application that is running under a service account on a web server. What principle of information security does this violate? 1. Least privilege 33. Which of the following is not typically used to verify that a provisioning process was followed in a way that ensures that the organizaton’s security policy is being followed? 1. Signature-based detection 34. Ben’s organization is adopting diometric authentication for its high-security building’s access control system. At point B, what problem is likely to occur? Use the following chart to answer the question about the organization’s adoption of the technology. 1. False acceptance will be very high 35. What typeof access control scheme is shown in the following table? 1. MAC 36. If Susan’s organization requires her to log in with her fingerprints, PINs, passwords, and retina scans, how many distinct authentication factor types has she used? 1. Two 37. Susan’s organization is updating its password policy and wants to use the strongest possible passwords. What password requirement will have the highest impact in preventing brute-force attacks? 1. Increase the minimum password length from 8 characters to 16 characters. 38. Which one of the following protocols is commonly used to provide backend authentication services for a VPN? 1. RADIUS 39. Which of the following is not a single sign-on implementation? 1. SMTP 40. Alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. Alex has access to B, C, and D. What concern should he raise to the university’s identity management team? 1. Privilege creep may be taking place. 41. Questions like “what is your pet’s name?” are examples of what type of identity proofing? 1. Knowledge-based authentication 42. Greg is the network administrator for a large stadium that host many events throughout the course of the year. Theyequip ushers with handheld scanners to verify tickets. Ushers turn over frequently and are often hired at the last minute. Scanners are handed out to ushers before each event, but different ushers may use different scanners.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Scanners are secured in a locked safe when not in use.What network access control approve would be most effective for this scenario? 1. Device authentication 43. Norma is helping her organization to create a specialized network designed for vendors that need to connect to the organizations network to process invoices and upload inventory. The network should be segmented from the rest of the corporate network but have a much higher degree of access than the general public. What type of network is Norma building? 1. Extranet 44. When an application or system allows a logged-in user to perform specific actions, it is an example of what? 1. Authorization 45. Which of the following is best described as an access control model that focuses on subjects and identifies the objects that each subject can access? 1. A capability table 46. What type of access control allows the owner of a file to grant other users access to is using an access control list? 1. Discretionary 47. Jacob is planning his organization’s biometric authentication system and is considering retina scans. What concern may be raised about retina scanes by others in his organization? 1. Retina scans can reveal information about medical conditions 48. Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts? 1. No access 49. Which pair of the following factors is key for user acceptance of biometric identification systems? 1. The throughput rate and the time required to enroll 50. Which of the following is an organized disassembling of the rights and privileges of the user account as well as archiving any folders, data, or other user-specific information as required by the policy? 1. Account deprovisioning 51. What RADIUS alternative is commonly used for Cisco network gear and supports two- factor authentication? 1. TACACS+ 52. Jim has worked in human relations, payroll, and customer service roles in his company over the past few years. What type of process should his company perform to ensure that he has appropriate rights? 1. Review 53. Which of the following tools is most often used for identification purposes and is not suitable for use as an authentication? 1. Username 54. Chris is deploying a gigabit Ethernet network using Category 6 cable between two buildings. What is the maximum distance he can run the cable according to the Category 6 standard? 1. 100 meters 55. Alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. If Alex hires a new employee and the employee’s account is
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning ha occurred? 1. Workflow-flow based account provisioning 56. What major issue often results from decentralized access control? 1. Control is not consistent 57. James has opted to implement a NAC solution that uses a post-admission philosophy for its control of network connectivity. What ype of issues can’t a strictly post-admission policy handle? 1. Preventing an unpatched laptop from being exploited immediately after connecting to the network 58. Which of the following is an example of nondiscretionary access control system? 1. MAC 59. What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains? 1. Transitive trust 60. Lauren is responsible for building a banking website. She needs proof of the identity of the users who register for the site. How should she validate user identities? 1. Use information that both the bank and the user have such as questions pulled from their credit report Week 6 Chapter 7 1. Callback to a landline phone number is an example of what type of factor? a. Somewhere you are 2. What is the length of the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm? a. 256 bits 3. During a system audit, Casey notices that the private key for her organization's web server has been stored in a public Amazon S3 storage bucket for more than a year. What should she do? a. Request a new certificate using a new key 4. Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew sends Richard a message, what key should he use to encrypt the message? a. Richard’s private key 5. Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it? a. Watermarks
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
6. What is required to make a one-time pad encryption system truly unbreakable? a. Generate the one-time pad key in a truly random fashion, ensure that no portion of it is ever reused, and ensure that only one sender and one recipient have copies of it. Destroy sections of the pad as they are used. Protect the one-time pads at both sender and recipient from loss, theft, or compromise. Provide secure, immediate means to signal both parties of any loss or compromise or change in identity of sender or recipient. 7. What level of RAID is also known as disk mirroring? a. RAID 1 8. Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. If Alice wants to send Bob an encrypted message, what key does she use to encrypt the message? a. Bob’s public key 9. The healthcare company that Lauren works for handles HIPAA data as well as internal business data, protected health information, and day-to-day business communications. Its internal policy uses the following requirements for securing HIPAA data at rest and in transit. What encryption technology would be appropriate for HIPAA documents in transit? a. TLS 10. Greg is designing a defense-in-depth approach to securing his organization's information and would like to select cryptographic tools that are appropriate for different use cases and provide strong encryption. Which one of the following pairings is the best use of encryption tools? a. TLS for data in motion and AES for data at rest 11. What security measure can provide an additional security control in the event that backup tapes are stolen or lost? a. Use AES-256 encryption. 12. Which statement about hashing is most correct? a. Hashing is one-way cryptography in that you transform a meaningful plaintext into a meaningless but unique hash value, but you cannot go from hash value back to the original meaning or plaintext. 13. What encryption algorithm is used by both BitLocker and Microsoft’s Encrypting File System? a. AES 14. Cryptography protects the meaning or content of files and message by means of all of the following except which one? a. Obscuring the mean by misdirection, concealment, or deception 15. What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm? a. 2 16. How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys? a. 64 17. Which statements correctly describe the information security risks to most routine uses of email systems? (Choose all that apply.) a. Almost all emails are sent unencrypted, with content, file attachment content, and address and routing information open to anyone who chooses to intercept it. This also means that content can be altered en route, and senders and recipients have no reasonable way to detect this.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
b. No existing email systems have strong nonrepudiation capabilities, allowing senders to claim they never received emails or received ones with different content than what was sent. 18. How can cryptography provide confidentiality and integrity across both time and space? (Choose all that apply.) a. By Protecting data in transit (via Internet or other means), it protects data when en route between two or more physically separated points (in space). b. Encrypting a file for storage ensures that it cannot be read or tampered with by unauthorized users or processes (which do not have the key); later, authorized users with the key can read the file. 19. The following diagram shows a typical workstation and server and their connections to each other and the Internet. What would be the best way to secure data at points B,D, and F? a. TLS 20. In what model of cloud computing do two or more organizations collaborate to build shared cloud computing environment that is for their own use? a. Community cloud 21. Margot is considering the use of a self-sign certificate to reduce the costs associated with maintaining a public-facing web server. What is the primary risk associated with the use of self-signed certificates? a. Self-signed certificates are not trusted by default 22. What methods are often used to protect data in transit? a. TLS, VPN, IPSec 23. Information maintained about an individual that can be used to distinguish or trace their identity is known as what type of information? a. Personally identifiable information (PII) 24. Gary is analyzing a security incident and during his investigation, he encounters a user who denies having performed an action that Gary believes he did perform. Which of the following has taken place? a. Repudiation 25. What are information risks that cryptology cannot address? a. Even cryptographic support for nonrepudiation cannot prove that a recipient (authorized or not) actually read and understood or made use of the contents of a protected file or message; it can only prove that they accessed it. b. Display of data to humans, or output of data as device commands in control systems, needs to be in an unencrypted form to be usable.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
c. Users with legitimate access to a variety of information at one level of classification, when decrypted for use, may be able to infer the existence or value of information at higher levels of classification. 26. Which statement about the use of cryptology by private business is true? a. In many jurisdictions, law and regulation place significant responsibilities for information protection and due diligence on business; these can only be met in practical ways by using cryptographic systems. 27. What is the most common source of exploitable vulnerabilities that business or commercial use of cryptography might present to attackers? a. Operational errors is use, such as incorrectly choosing control parameters or mismanaging keys or certificates 28. Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the U.S. Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement? a. It validates who approved the data. 29. Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message? a. Bob’s private key 30. Alice sends a message to Bob and wants to ensure that Mal, a third party, does not read the contents of the message while in transit. What goal of cryptography is Alice attempting to achieve? a. Confidentiality 31. Should a hash function be reversible? a. No, because this would allow the plaintext to be decrypted from the hash, rendering message digest and digital signatures unworkable 32. What are the most common attacks that business or commercial use of cryptography bight be exposed to? a. Social Engineering 33. What are information risk that cryptography cannot address? (Choose all that apply.) a. Users with legitimate access to a variety of information at one level of classification, when decrypted for use, may be able to infer the existence or value of information at higher levels of classification. b. Display of data to humans, or output of data as device commands in control systems, needs to be in an unencrypted form to be usable c. Even cryptographic support for nonrepudiation cannot prove that a recipient (authorized or not) actually read and understood or made use of contents of a protected file or message; it can only prove that they accessed it. 34. How would you compare the relative security of character, block, or stream ciphers against cryptanalytic attacks? a. Block ciphers support the best levels of security but with performance penalties that make stream ciphers suitable for some applications. 35. How would you use cryptographic techniques to protect the integrity of data in a file if you do not require its content to remain confidential? (Choose all that apply.)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Use an encrypting hash to produce a message digest; even a single bit change in the file will cause a subsequent message digest to be different, indicating a loss of integrity. b. Digitally sign the file, as is done with software patch files, device driver executables, and so forth 36. Nonrepudiation relies on cryptography to validate whic of the following? a. The sign messages, documents, and even software executables so that recipients can be assured of their authenticity. 37. Which statement correctly describe the information security risks to most routine uses of email systems? (Choose all that apply.) a. No existing email system have strong nonrepudiation capabilities, allowing senders to claim they never received emails or received ones with different content than what was sent. b. Almost all emails are sent unencrypted, with content, file attachment content, and address and routing information open to anyone who chooses to intercept it. This also means that content can be altered en route, and senders and recipients have no reasonable way to detect this. 38. Properly used cryptographic techniques improve all aspects of CIANA except which of the following? a. Credibility 39. How do webs of trust and hierarchies of trust differ? (Choose all that apply.) a. Webs of trust are based on peer-to-peer architectures and as such are not very scalable to large numbers of users. Hierarchies of trust rely on certificate authorities as publishers of intermediate certificates, which supports much larger numbers of users. b. Webs of trust, as peer-to-peer architectures, are not part of the IT logistics supply chain; hierarchies of trust work best when CAs become part of the architecture of hardware, operating systems, browsers, and other applications 40. Which of the following is the correct statement about symmetric encryption? a. Uses the same key to encrypt the plaintext into the ciphertext, and then decrypt to ciphertext back into the plaintext 41. Which statement best describes how digital signatures work? a. The sender hashes the message or file to produce a message digest and applies the chosen decryption algorithm and their private key to it. This is the signature. The recipient uses the sender’s public key and applies the corresponding encryption algorithm to the signature, which will produce a matching message digest only if the message or file is authentically from the sender. 42. How can cryptography provide confidentiality and integrity across both time and space? (Choose all that apply.) a. Encrypting a file for storage ensures that it cannot be read or tampered with by unauthorized users or processes (which do not have the key); later, authorized users with the key can read the file b. By protecting data in transit (via Internet or other means), it protects data when in route between two or more physically separated points (in space). 43. What is the role of a hierarchy of trust in using digital signatures? Select the best answer. a. The client’s operating system, browsers, and applications either embed certificate authorities as trust anchors or use peer-to-peer trust anchors; the client’s user must then trust these systems vendors and the installation of their products, and the client’s user own use of them, to completely trust that received digitally signed files or messages are legitimate.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
44. Why does cryptographic security tend to increase as they key size gets larger? a. No matter what kind of cryptanalytic attack, the larger the key, the larger the possible space of key values that an attacker must test; ach additional binary bit doubles this search or testing time. Ultimately, this requires more computing power and storage than even the most well-funded governments can afford. 45. What conditions might cause you to stop using a key? (Choose all that apply.) a. Suspicion that a suer of that key is not who or what they claim to be b. Notification that a key has been lost or compromised. 46. What encryption algorithm would provide strong protection for data stored on a USB thumb drive? a. AES 47. Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme? a. Blowfish 48. Sally’s organization needs to be able to prove that certain staff members sent emails, and she wants to adopt a technology that will provide that capability without changing their existing email system. What is the technical term for the capability Sally needs to implement as the owner of the email system, and what tool could she use to do it? a. Nonrepudiation; digital signatures 49. Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor? a. SHA 256 50. Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When the certificate authority (CA) created Renee’s digital certificate, what key was contained within the body of the certificate? a. Renee’s public key 51. Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she using to protect against it? a. Sniffing, encryption 52. Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce? a. Non repudiation 53. Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What civilian data classifications best fit this data? a. Public, sensitive, proprietary
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
54. Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to restrict his organization for the use of rainbow tables. Which of the following techniques is specifically designed to frustrate the use of rainbow tables? a. Salting 55. Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. The certificate authority (CA) has created Renee’s digital certificate, which was received by Mike. Now, Mike would like to send Renee a private message after verifying the authenticity of the certificate. To provide confidentiality, what key should he us to encrypt the message? a. Renee’s public key 56. What is the best way to ensure email confidentiality in motion? a. Encrypt the email content. 57. What should be true for salts used in password hashes? a. Unique salts should be stored for each user. 58. What type of attack would the following precautions helf prevent? (Requesting proof of identity, Requiring callback authorizations on voice-only requests, Not changing passwords via voice communications). a. Social engineering 59. Max is the security administrator for an organization that uses a remote access VPN. The VPN depends upon RADIUS authentication, and Max would like to assess the security of that service. Which one of the following hash functions is the strongest cryptographic hash protocol supported by RADIUS? a. MD5 60. Susan is working to improve the strength of her organization’s passwords by changing the password policy. The password system that she is using allows uppercase and lowercase letters as well as numbers but no other characters. How much additional complexity does adding a single character to the minimum length of passwords for her organization to create? a. 62 times more complex 61. What is the most common source of exploitable vulnerabilities that business or commercial use of cryptography might present to attackers? a. Operational errors in use, such as incorrectly choosing control parameters or mismanaging keys or certificates 62. Which of the following is not a valid key length for the Advanced Encryption Standard? a. 384 bits 63. Which of the following is not considered PII under U.S. federal government regulations? a. Zip code 64. Ben is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third party that the message did indeed come from the purported originator. What goal is Ben trying to achieve? a. Nonrepudiation 65. Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature? a. Matthew’s private key
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
66. Which of the following cryptographic systems had been created by Phil Zimmerman and is most closely associated with the Web of Trust? a. PGP 67. What protocol is preferred over Telnet for remote server administration via the command line? a. SSH 68. Susan would like to configure IPSec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability? a. ESP 69. The following diagram shows a typical workstation and server and their connections to each other and the Internet. What is the best way to secure files that are sent from workstation A via the Internet service (C ) to remote server E? a. Encrypt the data files and send them 70. Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. What types of encryption should you use on the file servers for the proprietary data, and how might you secure the data when it is in motion? a. AES at rest and TLS in motion 71. Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve? a. Integrity
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
72. How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key? a. 256 73. Which component of IPsec provides authentication, integrity, and nonrepudiation? a. Authentication Header 74. Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet? a. PGP 75. Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority (CA). When the certificate authority created Renee’s digital certificate, what ke did it use to digitally sign the completed certificate? a. CA’s private key 76. Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility? a. Ensure that the tapes are handled the same way the original media would be handled based on their classification. 77. Ben is concerned about password cracking attacks against his system. He would like to implement controls that prevent an attacker who has obtained those hashes from easily cracking them. What two controls would best meet this objective? a. Longer passwords and salting 78. Fred needs to transfer files between two servers on an untrusted network. Since he knows the network isn’t trusted, he needs to select an encrypted protocol that can ensure that his data remains secure. What protocol should he choose? a. SFTP Week 7 Chapter 8 1. Is secure browsing the same as private browsing? Why or why not? (Choose all that apply.) a. They are different in that private browsing may not effectively mask your identity or the identity of your system but secure browsing can. b. The only truly secure and private browsing is what you do on a sterile, sandbox system, with no PII or company data made available from the sterile sandbox system into your protected systems. 2. How does bring our own infrastructure (BYOI) affect information security planning? (Choose all that apply.) a. BYOI potentially opens the organization’s infrastructure up to previously unknown connections with other people, organizations, and so forth; the potential for new and surprising risks is very great. b. BOI often uses consumer-grade services, particularly for cloud services, which are not compatible with typical enterprise systems.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3. When choosing your countermeasures and tactics to protect hardware and systems software, you should start with which of the following? a. Your organization’s IT vulnerabilities assessment 4. Do firewalls play a role in countering or preventing a malware infestation from striking a system? a. Yes, because firewalls can restrict or filter connections by outside devices to the network, and block connections to ports or the use of protocols or services that may be attempts to infiltrate your systems and possibly bring malware with them. 5. Which of the following statements about malware are not true? (Choose all that apply.) a. None of these statements are true i. Doing all of your browsing in fully secure (HTTPS) sessions will prevent any malware from entering your system ii. If you operate your system within a hierarchy of trust, and you do not go beyond its boundaries, you do not need to do anything else to protect against malware. iii. Most SOHO environments have very little to lose to a malware infection, so they are justified in not spending a lot of effort or money on defensive systems. iv. Malware may corrupt your data and software, but it cannot damage your hardware. 6. What information do you need to manage your IT infrastructure security activities? (Choose all that apply.) a. Traffic, systems utilization, and systems health and status information, updated in near real time b. Status of open vulnerabilities, planned resolution efforts, and affected systems c. Incident characterization and warning data, in real time 7. Malware is best classified and understood by which of the following? a. The capabilities it grants the exploiter, and the impacts it has on the target system 8. Does the SSCP have a role in IT supply chain security issues? a. Yes, because the SSCP can and should advise on all potential security considerations affecting purchase, installation, use, maintenance, and disposal of IT equipment and systems. 9. What kind of malware attacks can corrupt or infect device-level firmware? (Choose all that apply.) a. Remote or onsite device management (or mismanagement) attacks that allow a hacker to initiate a firmware update using a hacked firmware file b. Phishing or misdirection attacks that fool operators or users into initiating an upload of a hacked firmware file 10. What do you have to do differently to protect virtual machines, as compared to protecting your physical hardware systems? a. Because it’s too easy to create (and destroy) VMs, you may need policy and procedural controls over who can do this and what protections need to be in place. 11. Of the many things you could do to improve endpoint security, which would you recommend as most effective? a. Ensure that identity management and access control systems will not allow unauthorized users or processes access to system resources, regardless of what device they are from. 12. What are the limitations of mobile device management (MDM) when it comes to security needs? (Choose all that apply.)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. MDM systems, by themselves, cannot make up for shortcomings in organizational policies or plans for risk management. b. Most MDM systems can handle only market-leading mobile phones and laptops and cannot support wearable computing, smart watches, and so forth 13. What is a zero-day exploit? a. An exploit conducted against a newly discovered vulnerability before it becomes known to the cybersecurity community or the system’s vendor or owners 14. Malware can be introduced into your protected systems by all of these methods except which of the following? a. Opening an email attachment from a known sender 15. How is malware detected when it is has infected a target system? (Choose all that apply.) a. Users notice abnormal behavior of their systems, ranging from sluggish response, to strange crashes, to unusual warning messages or pop-ups. b. Malware scanner programs look for signatures in program files that match known malware, or look for patterns of behavior that are suspicious 16. The most important security vulnerability to you IT infrastructure’s hardware elements would be which of the following? a. Theft, or being misplaced or lost 17. Can encryption solve all of your endpoint security problems? a. No; many endpoints may still allow users to create covert paths that move information across security boundaries or aggregate information in ways they should not 18. Which of the following statements about email and malware are correct? (Choose all that apply.) a. Email scanning for malware may be 100% effective at stopping malware from entering you systems directly, but it will not help with phishing, whaling, or other such attack vectors. b. For most enterprise systems, a separate server that scans all incoming email and attachments, before email is sent to its addresses, should be used. 19. Trusted platform modules provide which of the following benefits to an organization’s IT infrastructure? a. As a trust root, a TPM canmake hierarchies of trust more reliable 20. Which statement about host-based firewalls is correct? a. Host-based firewalls can filter, restrict, or block connection attempts by programs running on the host computer to external networks. 21. During a recent vulnerability scan, Ed discovered that a web server running on his network has access to a database server that should be restricted. Both servers are running on his organization’s VMware virtualization platform. Where should Ed look first to configure a security control to restrict this access? a. VMware 22. When should an organization conduct a review of the privileged access that a user has to sensitive systems? a. All of these i. On a periodic basis ii. When a user leaves the organization iii. When a user changes roles 23. The company that Fred works for is reviewing the security of its company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
they are lost. Fred intends to attend a major hacker conference this year. What should he do when connecting to his cellular provider’s 4G network while at the conference? a. Connect to his company’s encrypted VPN service 24. What component is identified by B in the image? a. Hypervisor 25. Which one of the following protocols might be used within a virtualization platform for monitoring and managing the network? a. Simple Network Management Protocol (SNMP) 26. What major issue would Charles face if he relied on hashing malware packages to identify malware packages? a. Hashing cannot identify unknown malware 27. Isaac wants to prevent hosts from connecting to known malware distribution domains. What type of solution can he use to do this without deploying endpoint protection software or an IPS? a. DNS blackholding 28. Ian is reviewing the security architecture shown here. This architecture is designed to connect his local data center with an IaS service provider that his company is using to provide overflow services. What component can be used at the points marked by question marks to provide a secure encrypted network connection? a. VPN 29. In virtualization platforms, what name is given to the module that is responsible for controlling access to physical resources by virtual resources? a. Hypervisor 30. Which of the following statements about malware are correct? (Each correct answer represents a complete solution. Choose all that apply.)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Any type of software designed and used for a variety of malicious purposes b. Viruses, Trojan horses, worms, and rootkits are the key types of malware c. Misguides users into taking actions through fear or misdirection 31. Which one of the following is not a technique used by virus authors to hide the existence of their virus from anti-malware software? a. Multipartitism 32. Tim needs to lock down a Windosworkstation that has recently been scanned using nmap with the results shown here. He knows that the workstation needs to access websites and that the system is part of a Windows domain. What ports should he allow through the system’s firewall for externally initiated connections? a. No ports should be open 33. Cameron is configuring his organization’s Internet router and would like to enable anti- spoofing technology. Which one of the following source IP addresses on an inbound packet should trigger anti-spoofing controls? a. 192.168.163.109
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
34. Lucca wants to prevent workstations on his network from attacking each other. If Lucca’s corporate network looks like the network shown here, what technology should he select to prevent laptop A from being able to attack workstation B? a. HIPS 35. Mike runs a vulnerability scan against his company’s virtualization environment and finds the vulnerability shwn here in several of the virtual hosts. What action should Mike take? a. No action is necessary because this is an information report. 36. As Lauren prepares her organization’s security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via awareness? a. Impersonation 37. The company that Fred works for is reviewing the security of its company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. What security considerations should Fred’s company require for sending sensitive data over the cellular network? a. They should use the same requirements as data over any public nework 38. Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with? a. Worm 39. Jarett needs to protect an application server against resource exhaustion attacks. Which of the following techniques is best suited to surviving a large-scale DDoS attack? a. Employ a CDN 40. Frank discovers a missing Windows security patch during a vulnerability scan of a server in his organization’s data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch? a. To the virtualized system 41. Surveys, interviews, and audits are all examples of ways to measure what important part of an organization’s security posture? a. Awareness 42. Warren is designing a physical intrusion detection system for his data center and wants to include technology that issues an alrt if he communications lines for the alarm system are unexpectedly cut. What technology would meet his requirement? a. Heartbeat sensor 43. Which of the following statements is true about the bare-metal virtualization? a. The physical hardware sits beneath the hypervisor, which moderates access by guest operating systems 44. Don completed a vulnerability scan of his organization’s virtualization platform from an external host and discovered the vulnerability shown here. How should Don react? a. This is a critical issues that requires immediate adjustment of firewall rules. 45. Susan is reviewing files on a Windows workstation and believes that cmd.exe has been replaced with a malware package. Which of the following is the best way to validate her theory? a. Submit cmd.exe to Virus Total 46. Mike has been tasked with preventing an outbreak of malware like Mirai. What type of systems should be protected in is organization? a. Internet of Things (IoT) devices 47. Senior management in Adam’s company recently read a number of article about massive ransomware attacks that successfully targeted organizations like the one that Adam is part of. Adam’s organization already uses layered security solutions including a border IPS, firewalls between network zones, local host firewalls, antivirus software, and a configuration management system that applies recommended operating system best practice settings to their workstations. What should Adam recommend to minimize the impact of a similar ransomware outbreak at his organization? a. Backups 48. Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device? a. Use device fingerprinting via a web-based registration system 49. What term is used to describe a starting point for a minimum security standard?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Baseline 50. Derek sets up a series of virtual machines that are automatically created in a completely isolated environment. Once created, the systems are used to run potentially malicious software and files. The actions taken by those files and programs are recorded and then reported. What technique is Derek using? a. Sandboxing 51. Greg is battling a malware outbreak in his organization. He used specialized malware analysis tools to capture samples of the malware from three different systems and noticed that the code is changing slightly from infection to infection. Greg believes that this is the reason that antivirus software is having a tough time defeating the outbreak. What type of malware should Greg suspect is responsible for this security incident? a. Polymorphic virus 52. Joe wants to test a program he suspects may contain malware. What technology can he use to isolate the program while it runs? a. Sandboxing 53. The company that Fred works for is reviewing the security of its company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. What are the most likely circumstances that would cause a remote wipe a mobile phone to fail? a. The phone cannot connect to a network 54. The organization that Ben works for has a traditional on-site Active Directory environment that uses a manually provisioning process for watch addition to their 350- employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while support their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. If availability of authentication services is the organization’s biggest priority, what type of identity platform should Ben recommend? a. Hybrid 55. Which mobile device strategy is most likely to result in the introduction of vulnerable devices to a network? a. BYOD 56. What component is identified by A in the image? a. Guest operating system
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Week 8 Chapter 9 1. Your boss tells you that securing the endpoints should consider all of the measures you would use to secure the information infrastructures themselves. Is she correct? Which statement best confirms or refutes her statement? 1. True. After all, each endpoint is (by definition) embedded in or part of one or more threat surfaces; from there, the same threat modeling and assessment processes will lead us through the same risk management and mitigation processes, with choices tailored as needed. 2. In which phase or phases of a typical data exfiltration attack would a hacker be making use of phishing? (Choose all that apply.) 1. Initial access 1. Reconnaissance and characterization 3. Sandi has suggested to her boss that their small company should be using a cloud -based shared storage service, such as OneDrive, Dropbox, or Google Drive. Her boss believes these are inherently insecure. Which of the following statements would not help Sandi make her case? 1. Sandi can take advantage of a free trial offer and see if her information security staff can hack into other users’ storage or into system logs and account information on the provider. If her “e:white hats’e; can’t break in and peek, the system is safe enough for her. 4. “Maintaining or improving information security while migrating to the clouds is more of a contractual than technical problem to sole.” Which statement best shows why this is either true or false? 1. It is false. The contractual agreements do change quite frequently as the underlying technologies, threats, and business case for both the cloud host and the customer change with time. However, even these changes cause less work, less frequently, for the administrative elements and more for the technical elements of the typical customer organization. 5. Your coworkers don’t agree with you when you say that data quality is fundamental part of information security. Which of the following lines of argument are true in the context of your discussion with them? (Choose all that apply.) 1. We have users wo complain that when they try to test and evaluate backup data sets, the backup data makes. If a real disruption or disaster strikes, and our backups don’t make any business sense, we could be out of business pretty quickly. 1. If our business logic doesnt establish the data quality rules and constraints, we have no idea if an input or a whole set of inputs makes valid business ssense or is a spoof attack trying to subvert our systems. 6. How does securing a virtual machine differ from securing a physical computer system? (Choose all that apply.) 1. The basic tasks of defining the needs, configuring system capabilities in support of those needs, and then operationally deploying the VM are conceptually the same as when deploying the same OS and apps on a desktop or laptop. You use many of the same tools, OS features and utilities.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7. What steps can you take to limit or prevent attacks on your systems that attempt to spoof, corrupt, or tamper with data? (Choose all that apply.) 1. Implement data quality processes that ensure all data is it for all purposes, in accordance with approved business logic. 1. Implement information classification, and use access control and identity management to enforce it 1. Develop and use an organizaonal data model and data dictionary that contain all data-focused business logical use them to build and validate business processes and the apps that support them 8. Which statements best explain why applications programs have exploitable vulnerabilities in them? (Choose all that are correct.) 1. In-house developers often do not rigorously use design frameworks and coding standards that promote or enforce secure programming. 9. What are some effective, practical strategies to detect data exfiltration attacks? (Choose all that apply.) 1. Alert when failed attempts to access a resource (whether it is protected by encryption or not) exceed a specified limit 1. Analyze access control and resource usage log data to alert when abnormal patterns of behavior are noted 10. Which statements about the role(s) of archiving, backup, and restore in meeting information security needs are most correct? (Choose all that apply.) 1. As part of an incident response or disaster recovery plan, prompt restore to a known good data configuration may prevent other data from being compromise or breached, thus contributing to confidentiality 1. These each contribute to availability and nonrepudiation 1. These each contribute to availability in similar ways 11. Why is endpoint security so important to an organization? 1. Endpoints are where information turns into action, and that action produces value; on the way into the system, it iswhere action produces valuable information. This is where business actually gets done and work accomplished. Without the enoints, the system is meaningless. 12. Which statements about continuity and resilience are correct? (Choose all that apply.) 1. Resilience measures a system’s ability to tolerate events or conditions not anticipated by the designers 1. Continuity measures a system’s ability to deal with out-of-limits conditions, component or subsystems failures, or abnormal operating commands from users or other system of elements, by means of designed-in redundancy, load shedding, or other strategies 13. What is the role of threat modeling when an organization is planning to migrate its business processes into a cloud-hosted environment? Choose the most correct statement. 1. Migrating to the cloud may not change the logical relationship between information assets and subjects requesting to use them, or the way privileges are set based on roles, needs, and trust, but the connection path to them may change; this probably changes the threat surface. 14. Jayne’s company is considering the use of IoT devices as part of its buildings, grounds, and facilities maintenance tasks. Which statements give Jayne sound advice to consider for this project? 1. It may be better to consider Industrial process control modules, rather than IoT devices, to interact with machinery, such as pumps and landscaping equipment.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
15. Many issues are involved when planning for a third party to perform servies involving data storage, backup and restore, and destruction or processing servies for your company. Which of the following statements is not correct with regard to such planning or to your actual conduct of operations with that third party? (Choose all that apply.) 1. Since third parties are by definition on a contract with you, as your subcontractor, you are not liable or responsible for mistakes they make in performing their duties. 1. Your contracts with these third parties should use a shared responsibility model to clearly delineate which party has which responsibilities; this will, in most cases, hold you harmless when the third party goes outside of the contract 16. Why is whitelisting a better approach to applications security than blacklisting? Choose the most correct statement. 1. Administering a whitelisting system can require a lot of effort, but when an unknown program is trying to execute (or be installed), you know it is not yet trusted and can prevent harm 17. Which statement about privacy and data protection is most correct? 1. Sometimes, it seems cheaper to run the risk of fines or loss of business from a data breach involving privacy-related data than to implement proper data protection to prevent such a loss. Althout this migh make financial sense, it is not legal or ethical to do so 18. The “garbage-in, garbage-out” (GIGO) problem means: 1. Most information processes involve a set of related data items that represent or model a realperson, activity, or part of the world. When that set of data is mutually inconsistent, or inconsistent with other data on hand about that real entity, each field may be within range but the overall meaning of the data set is corrupt. This “e;garbage,”e; when processed (as input) by apps, produces equally meaningless but valid-looking outputs 19. Fred is on the IT team migrating his company’s business systems into a public cloud provider, which will host the company’s processes and data on its datacenters in three different countries to provide load balancing, failover/restart, and backup and restore capabilities. Which statement or statements best addresses key legal and regulatory concerns about this plan? (Choose all that apply.) 1. The countries where the cloud host’s datacenters are located, plus all of the countries in which Fred’s company has a business presence, office, or other facility, have jurisdiction over company data 1. In addition to staying compliant with all of those different countries’ lays and regulations, Fred’s company must also ensure that it does not violate cultural, religious, or political taboos in any of those countries 20. Which of the following might be serious example(s) of “shadow IT” contributing to an information security problem? Choose all that apply.) 1. Several users build scripts, flows, and other processing logic to implement a customer service help desk/trouble ticket system using its own database on a shared use/collaboration platform that the company uses. 1. Users post documents, spreadsheets, and many other types of information on a company-provided shared storage system, making the information more freely available throughout the company 21. Don’s company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use? 1. IaaS
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
22. The company that Lauren works for is making significant investments in infrastructure as a service hosting to replace its traditional data center. Members of her organization’s management have expressed concerns about data remanence when Lauren’s team moves from one virtual host to another in their cloud service provider’s environment. What should she instruct her team to do to avoid this concern? 1. Use full disk encryption 23. Cloud computing uses shared responsibility model for security, where the vendor and customer each bears some responsibility for security. The division of responsibility depends upon the type of service used. Choose the cloud service offerings listed here and drag them from the case where the customer bears the least responsibility to where the customer bears the most responsibility. 1. SaaS 1. PaaS 1. IaaS 24. Which one of the following goals of physical security environments occurs first in the functional order of controls? 1. Deterrence 25. Which of the following would be considered as an example of the IaaS (infrastructure as a service) cloud computing? 1. Servers provisioned by customers on a vendor-managed virtualization platform 26. Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower? 1. Likelihood 27. Which of the following are the contractual agreements between a service provider and a service consumer that specify service quality, quantities, timeliness and responsiveness, and appropriate usage constraints? 1. SLA 1. TOS 1. TOR 28. Chris wants to prevent users from running a popular game on Windows workstations he is responsible for. How can Chris accomplish this for Windows 10 Pro workstations? 1. Using application whitelisting to prevent all unallowed programs from running. 29. Drag the testing methodology to its level of knowledge: Testing Methodology Level of knowledge Black box No prior knowledge of the system Gray box Partial or incomplete knowledge White box Full knowledge of the system 30. What type of Windows audit record describes events like an OS shutdown, or a service being stopped? 1. A system log. 30. Ian’s company has an internal policy requiring that it perform regular port scans of all of its servers. Ian has been part of a recent effort to move his organization’s servers to an infrastructure as a service provider. What change will Ian most likely need to make to his scanning efforts? 1. Follow the service provider’s scan policies.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
30. In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other’s identity? 1. Public cloud 30. Rick is an application developer who works primarily in Python. He recently decided to evaluate a new service where he provides his Python code to a vendor who then executes it on their server environment. Why type of cloud computing environment is this service? 1. PaaS 30. Lauren’s multinational company is planning a new cloud deployment and wants to ensure compliance with the EU GDPR. Which principle states that the individual should have the right to receive personal information concerning himself or herself and share it with another data controller? 1. Data integrity 30. The company that Dan works for has recently migrated to a Service as a Service provider for its enterprise resource planning (ERP) software. In its traditional on-site ERP environment, Dan conducted regular port scans to help with security validation for the systems. What will Dan most likely have to do in this new environment? 1. Rely on vendor testing and audits 30. Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario? 1. Maintaining the hypervisor 30. Full disk encryption like Microsoft’s BitLocker is used to protect data in what state? 1. Data at rest 30. Which of the following is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture? Week 9 Chapter 10 1. Which of the following kinds of events might not be part of an advance persistent threat of attack? a. Routine ping or other ICMP packets coming to your systems. 2. You’re part of the CSIRT for your organization; during an incident, you take a call from a rather upset production manager who demands you put their systems back online right away. You explain that the team hasn’t finished containment activities yet. He insists that their systems were working fine until you pulled the connections to everything and that production activities could continue while you’re doing that. Which statement or statements would best support you in your reply? (Choose all that apply.) a. We cannot run the risk that whatever caused the attack isn’t dormant in your systems and that it wouldn’t spread to our other systems or back out onto the Internet if we did that.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
b. Yours are not the only systems affected by this attack; we’ve had to shut down most of our IT operations to make sure that our critical data and systems are protected. 3. You’re the only IT person at a small tool and die machine shop, which uses a LAN and cloud-hosted platforms to run the business on. Your boss is not worried about the business being the target of a cyberattack and doesn’t want you to spend time preparing the company to respond to such an incident. What would you advise your boss to consider? (Choose all that apply.) a. We do share extranet connections with key customers and suppliers, and an attack on our systems could lead to an attack on theirs; whether we’d be liable for the damages or not, it could cost us our relationships with those companies. b. Since we’ve not really done even a basic vulnerabilities assessment, we don’t know what risks we could be facing. Let’s do that much at least and let that tell us what the next step should be. Soon. 4. As an SSCP, you’re a CERT team member at your company. At a team meeting, some of the team members seem confused as to whether they have a role in disaster recovery or business continuity. How would you answer their question? (Choose all that apply.) a. Since even a disaster starts with an incident, and we’re the first responders, we quickly have to figure out how disruptive the incident could be; the more disruptive, the greater the impact on our ability to keep doing business. We don’t execute those other plans, but we do have to call our bosses and let them know what we think. They decide whether to activat3e those other plans. b. Since all incidents have the potential for disrupting business operations, the BCP should cover everything and provide us the framework and scope to respond within. It also covers the DRP. 5. Which of the following sets of information would not be useful to a CSIRT during an incident response? (Choose all that apply.) a. Contracts with service providers, systems vendors, or suppliers b. IT hardware maintenance manuals 6. Which of the following information about networks and infrastructure should be readily available for information systems security incident responders to consult during an incident response? (Choose all that apply.) a. Networks and systems designs showing data, control, and management planes b. OSI reference model design descriptions of networks, systems, and platforms 7. Which of the following are not legal or regulatory issues that a CSIRT would have to be concerned with? a. Incidents caused by employee negligence or accident. 8. You’ve suggested to the IT team that all systems and servers, and all network devices, have their clocks synchronized and that synchronization checked frequently. One of their team members says this I not necessary. Which of these statements would be best to support your reply? a. In the event we’re investigating and anomaly or an incident, having all systems event logs using the same time standard will make them a lot easier to correlate and analyze. 9. Several months ago, your company suffered from a serious information systems security incident, which crippled its production operations for days. As a result, the CSIRT and other managers have seen the need to make a number of changes to a number of
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
information security procedures, including those for incident response and continuity of operations. As CSIRT team chief, they’ve asked you what else they should consider, and why. Which of the following might you recommend? (Choose all that apply.) a. Exercise the new procedures to verify that they work and deliver the improvements we need. b. Train the key team members, managers, and leadership on the new procedures. 10. Which statements about the role of end users in detecting information security incidents are correct? a. Most end users and their first-level supervisors have the best, most current insight as to the normal business rhythm and flow, and therefore normal loads on the systems and their throughput. They will most likely see anything abnormal quickly as a result. 11. The CSIRT team members are discussing incident detection. They seem convinced that it’s almost impossible to detect an information security incident until it’s already started to disrupt business operations. They’re trying to find actions they can take now to help deal with this. They ask your opinion. Which of the following statements would you not use as your reply? (Choose all that apply.) a. We miss the most important incident precursors because we’ve set our IDS alarm thresholds too low. b. Actually, this is because we’ve designed our networks wrong. We can fix this, but it will take time, money, and effort. 12. Which statement about precursors or indicators is correct? a. Precursors are the observable signals from an event, which may suggest that an information systems security event may happen later. 13. Why is escalation part of the detection and analysis phase of an incident response? a. Management and leadership need to know that an information security incident may have occurred and that investigation continues. Depending on the nature of the incident as understood thus far, management may need to take additional action. 14. You’ve suggested that your CSIRT should create its own timeline of an incident, as part of their efforts to understand and assess it. Other team members say that this is what correlating event logs should take care of. Which statements would you base your replay on? (Choose all that apply.) a. Our timeline is how we capture our assessment of the cause and effect relationships between events; the systems logs show us only events that happened. b. Event logs only show when the hardware, operating systems, or applications saw an event and logged it; they don’t cover actions taken by us or by other staff members. c. We have to explain to management, in simple terms, what happened and when; they don’t want to see hundreds of events in a log, which are nothing more than the evidence that led us to conclusions about what happened. 15. All of the following are the key tasks to consider as part of the containment of an information security incident except for which one? a. Prompting updates to procedures and content for internal and external communication and coordination during and after an incident response 16. Which statement about containment or eradication is correct?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Containment primarily addresses shutting down connectivity between networks, subnets, systems, and servers. Eradication addresses locating the causal agents (malware, bogus user IDs, etc.) and removing them from each system. 17. What is the key step or process in the recovery phase of responding to an information security incident? a. Restoring databases and network storage systems to backup copies made prior to the incident. 18. Which set of plans and procedures should define how the organization makes backups of systems, applications, device settings, databases, and other data, for use during the recovery phase of an information systems security incident response? a. Business continuity plans and procedures 19. You’re the only SSCP in your small company’s four-person IT team, and you’ve just been part of an emergency response team that’s spent six nonstop days of overtime dealing with a major malware incident. The chief operating officer (COO) wants to skip the post- recovery phase, both to save costs and to get you and the other team members back onto your regularly assigned job tasks. Which statements would you base a reply to the COO on? Choose the statements that best support your reply? a. Right now, the data we gathered as we investigated the incident is just in working files, notes, and such, and if we need to retain any of it, for any reason, we’ve got some housekeeping to do before we’re done. b. The labor days we’d spend doing proper post-recovery procedures review, update, and process improvement will have us much better prepared for the next time something like this happens. 20. What role, if any, does an incident response team play in supporting any subsequent forensics investigation? (Choose all that apply.) a. Since any information security incident might lead to a follow-on forensics investigation, the team needs to make sure that any of the data they collect, or systems they restore or rebuild, are first preserved and cataloged to meet chain- of-custody requirements as evidence. Thus, the responders also need to be trained and certified as investigators. b. As the first responders, the team should take steps to control the scene of the incident, and keep good logs or records of the state of systems and information throughout their response activities. These records need to be retained in case there is a later investigation. c. Management needs to make sure that the procedures used by the response team will preserve the incident scene and information gathered during the incident response in ways that will meet rules of evidence; if that cannot be done without interfering with prompt incident response and recovery, management has to take responsibility for that risk. 21. Cameron is responsible for backing up his company’s primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p.m and incremental backups on other days of the week at the same time. How many files will be copied in Wednesday’s backup?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. 2 22. Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement that amended their written contract. What rule of evidence should Denise raise in her defense? a. Parol evidence rule 23. Karen’s organization has been performing system backups for years but has not used the backups frequently. During a recent system outage, when administrators tried to restore from backups, they found that the backups had errors and could not be restored. Which of the following options should Karen avoid when selecting ways to ensure that her organization’s backups will work next time? a. MTD verification 24. Darcy is designing a fault-tolerant system and wants to implement RAID 5 for her system. What s the minimum number of physical hard disks she can use to build her system? a. Three 25. Which of the following is not a basic preventative measure that you can take to protect your systems and applications against attack? a. Conduct forensic imaging of all systems. 26. Cynthia is building a series of scripts to detect malware beaconing behavior on her network. Which of the following is not a typical means of identifying malware beaconing? a. Beacon protocol 27. NIST Special Publication 800-92, the Guide to Computer Security Log Management, describes four types of common challenges to log management: Many log sources, Inconsistent log content, inconsistent timestamps, inconsistent log formats. Which of the following solutions is best suited to solving these issues? a. Implement a SIEM 28. Eric has access to a full suite of network monitoring tools and wants to use appropriate tools to monitor network bandwidth consumption. Which of the following is not a common method of monitoring network bandwidth usage? a. Portmon
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
29. In his role as a forensic examiner, Lucas has been asked to produce forensic evidence related to a civil case. What is this process called? a. eDiscovery 30. Which one of the following stakeholders is not typically included on a business continuity planning team? a. CEO 31. Who should receive initial business continuity plan training in an organization? a. Everyone in the organization. 32. What is the key step or process in the recovery phase of responding to an information security incident? a. Restoring databases and network storage systems to backup copies made prior to the incident 33. While performing post-rebuild validation efforts, Scott scans a server from a remote network and sees no vulnerabilities. Joanna, the administrator of the machine, runs a scan and discovered two critical vulnerabilities and five moderate issues. What is most likely causing the difference in their reports? a. Firewall between the remote network and the server 34. During which phase of the incident response process would an organization determine whether it is required to notify law enforcement officials or other regulators of the incident? a. Remediation 35. Which one of the following investigation types has the loosest standards for collecting and preserving information? a. Operational investigation 36. If Danielle wants to purge a drive, which of the following options will accomplish her goal? a. Cryptographic erase 37. Alex’s organization uses the NIST incident classification scheme. Alex discovers that a laptop belonging to a senior executive had keylogging software installed on it. How should Alex classify this occurrence? a. Incident 38. Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups throughout the weekdays at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. How many backups in total must Tara apply to the system to make the data it contains as current as possible? a. 2 39. Which of the following kinds of events might not be part of an advanced persistent threat attack? a. Routine ping or other ICMP packets coming to your systems 40. Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups throughout the weekdays at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. In this backup approach, some data may be irretrievably lost. How long is the time period in which any changes made will be lost? a. 3 hours 41. As part of his incident response process, Charles securely wipes the drive of a compromised machine and reinstalls the operating system (OS) from original media. Once he is done, he patches the machine fully and applies his organization’s security templates before reconnecting the system to the network. Almost immediately after the system is returned to service, he discovers that it has reconnected to the same botnet it was part of before. Where should Charles look for the malware that is causing this behavior? a. The installation media 42. Mika wants to analyze the contents of a drive without causing any changes to the drive. What method is best suited to ensuring this? a. Use a write blocker. 43. What type of log file is shown in this figure? a. Firewall 44. Craig is selecting the site for a new data center and must choose a location somewhere within the United States. He obtained the earthquake risk map shown here from the United States Geological Survey. Which of the following would be the safest location to build his facility if he were primarily concerned with earthquake risk?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Florida 45. Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups throughout the weekdays at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. If Tara followed the same schedule but switched the differential backups to incremental backups, how many backups in total would she need to apply to the system to make the data it contains as current as possible? a. 4 46. Why is escalation part of the detection and analysis phase of an incident response? a. Management and leadership need to know that an information security incident may have occurred and that investigation continues. Depending on the nature of the incident as understood thus far, management may need to take additional action. 47. Jasper Diamonds is a jewelry manufacturer that markets and sells customer jewelry through its website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry-standard practices. She is developing a new change management process for the organization and wants to follow commonly accepted approaches. Which of the following elements is not a crucial component of a change request? a. Incident response plan
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
48. Alan is responding to a security incident and receives a hard drive image from a cooperating organization that contains evidence. What additional information should he request to verify the integrity of the evidence? a. Hash 49. Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups throughout the weekdays at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. If Tara made the change from the differential to incremental backups and we assume that the same amount of information changes each day, which one of the following files would be the largest? a. All three will be the same size 50. Chris would like to use John the Ripper to test the security of passwords on a compromised Linux system. What files does he need to conduct this analysis? a. /etc/passwd and /etc/shadow 51. What important function do senior managers normally fill on a business continuity planning team? a. Arbitrating disputes about criticality 52. Lauren’s healthcare provider maintains such data as details about her health, treatments, and medical billing. What type of data is this? a. Protected health information 53. Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action. What stage of the incident response process is Alejandro currently conducting? a. Detection 54. Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action. As the incident response progresses, during which stage should the team conduct a root-cause analysis? a. Remediation
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
55. What type of forensic investigation-related form is shown here? a. Chain of custody 56. The senior management of Kathleen’s company is concerned about rogue devices on the network. If Kathleen wants to identify rogue devices on her wired network, which of the following solutions will quickly provide the most accurate information? a. Router and switch-based MAC address reporting 57. Which one of the following components should be included in an organization’s emergency response guidelines? a. Secondary response procedures for first responders 58. Which of the following is not normally included in business continuity plan documentation? a. Statement of accounts 59. NIST defines five major types of threat information types in NIST SP 800-150 the “Guide to Cyber Threat Information Sharing.” They are: Indicators, which are technical artifacts or observables that suggest an attack is imminent, currently underway, or compromise may have already occurred – tactics, techniques, and procedures that describe the behavior of an actor – security alerts like advisories and bulletins – threat intelligence reports that describe actors, systems, and information being targeted and methods being used – tool configurations that support collection, exchange, analysis, and use of threat information. Which one of the following groups would be least likely to be included in an organization’s cybersecurity incident communications plans? a. Utilities
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
60. When working to restore systems to their original configuration after a long-term APT compromise Charles has three options: Option 1 : He can restore from a backup and then update patches on the system. Option 2 : He can rebuild and patch the system using the original installation media and application software and his organization’s build documentation. Option 3: He can remove the compromised accounts and rootkit tools and then fix the issues that allowed the attackers to access the systems. Which option should Charles choose in this scenario? a. Option 2 61. Which one of the following is not normally considered a business continuity task? a. Electronic vaulting 62. Which of the following is not an important part of the incident response communication process? a. Disclosure based on public feedback 63. Which of the following is not normally included in business continuity plan documentation? a. Statement of accounts 64. Tara recently detected a security incident in progress on her network. What action should be her highest priority at this point? a. Containment 65. You are the CISO for a major hospital system and are preparing to sign a contract with a software as a service (SaaS) email vendor and want to ensure that its business continuity planning measures are reasonable. What type of audit might you request to meet this goal? a. SOC 2 66. After completing an incident response process and providing a final report to management, what step should Casey use to identify improvements to her incident response plan? a. Conduct a lessons-learned session. 67. Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups throughout the weekdays at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. What backup should Tara apply to the server first? a. Sunday’s full backup 68. As part of his team’s forensic investigation process, Matt signs drives and other evidence out of storage before working with them. What type of documentation is Matt maintaining? a. Chain of custody
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
69. The Domer Industries risk assessment team recently conducted a qualitative risk assessment and developed a matrix similar to the ones shown here. Which quadrant contains the risks that require the most immediate attention? a. I 70. Because of external factors, Eric has only a limited time period to collect an image from a workstation. If he collects only specific files of interest, what type of acquisition has he performed? a. Logical 71. Lauren is the IT manager for a small company and occasionally serves as the organization’s information security officer. Which of the following roles should she include as the leader of her organization’s CSIRT? a. She should select herself 72. As the CISO of her organization, Jennifer identifies a user accessing a file that they are not authorized to view. Upon investigation, it was found that the malicious user was intentionally accessing the file. At this point in the incident response process, what term describes what has occurred in Jennifer’s organization? a. Security incident 73. Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action. If Alejandro’s initial investigation determines that a security incident is likely taking place, what should be his next step? a. Activate the incident response team.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Week 10 Chapter 11 1. You’re the lone SSCP in the IT group of a small start-up business, which has perhaps 25 or so full- time employees performing various duties. Much of the work the company does on dynamic collaboration with many outside agencies, companies, and academic organizations, as well as with potential customers. The managing director wants to talk with you about ways to help protect the rapidly evolving intellectual property, market development ideas, and other information that she believes give the company its competitive advantage. She’s especially worried that with the high rate of open conversation in the collaborations, this advantage is at risk. Which of the following would you recommend be the first that the company invest in and make use of? a. Better, more focused education and open dialogue with company staff about the risks of too much open collaboration 2. You’ve just started a new job as an information security analyst at a medium-sized company, one with about 500 employees across its seven locations. In a conversation with your team chief, you learn that the company’s approach to risk management and information security includes an annual review and update of its risk register. Which of the following might be worth asking your team chief about? (Choose all that apply.) a. How does that relate to our ongoing monitoring of our IT infrastructure and key applications platforms and systems? b. What do we do when an incident response makes us aware of previously unknown vulnerabilities? 3. Which statement about recovery times and outages is most correct? a. RTO should be less than or equal to MAO. 4. The company you work for does medical insurance billing, payments processing, and reconciliation, using both Web-based transaction systems as well as batch file processing of hundreds of transactions in one file. As the SSCP on the IT team, you’ve been asked to consider changes to their backup and restore strategies to help reduce costs. Which quantitative risk assessment parameter might this affect most? a. Recovery point objective 5. What should be your highest priority as you consider improving the information security of your organization’s telephone and voice communication systems? a. Ensuring that users, managers, and leaders understand the risks of sharing sensitive information with the wrong parties and that effective administrative controls support everyone in protecting information accordingly. 6. Which statement best describes how does the separation of duties relates to education and training of end-users, managers, and leaders in an organization? a. Separation of duties should segment the organization into teams focused on their job responsibilities, with clear interfaces to other teams. Effective awareness training and
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
education can help each team, and each team member, see how successfully fulfilling their duties depends on keeping information safe, secure, and reliable. 7. Which statement about phishing attacks is correct? a. Phishing attacks of all kinds are still in use because they can be effective social engineering tools when trying to o reconnaissance or gain illicit entry into an organization or its systems. 8. One of your co-workers stated that he thought business continuity planning was a heartless, bottom line-driven exercise that cared only about the money and not about anything else. You disagree. Which of the following points would you not raise in discussing this with your colleague? (Choose all that apply.) a. Insurance coverage should provide for meeting the needs of workers or others who are disrupted by the incident and our responses to it. b. The workers and managers are part of what makes the company productive and profitable in normal times, and even more so during the recovery from a significant disruption. 9. In general, what differentiates phishing from whaling attacks? a. Phishing attacks tend to be used to gain access to systems via malware payloads or by getting recipients to disclose information, whereas whaling attacks try to get responsible managers to authorize payments to the attacker’s accounts. 10. Your boss has asked you to start planning for discovery recovery. Where would you start to understand what your organization needs to do to be prepared? (Choose all that apply.) a. Business continuity plan b. Business impacts analysis 11. Which statement best explains the relationship between incident response or disaster recovery, and configuration management of your IT architecture baseline? (Choose all that apply.) a. As you’re restoring operations, you may need to redo changes or updates done since the time the backup copies were made; your configuration management system should tell you this. b. Without a documented and managed baseline, you may not know sufficient detail to build, buy, or lease replacement systems, software, and platforms needed for the business. 12. How can ideas from the identity management lifecycle be applied to helping an organization’s workforce, at all levels, defend against sophisticated social engineering attack attempts? (Choose all that apply.) a. Most end users and their first-level supervisors have the best, most current insight as to the normal business rhythm, flow, inputs, and outcomes. This experience should be part of authenticating an unusual access request (via email, phone, in person, or by any means). b. Most end users may have significant experience with the routine operation of the business systems and applications that they use; this can be applied, much like identity proofing, to determine whether a suspected social engineering attempt is taking place. c. Contact requests by email, by phone, in person, or by other means are akin to access attempts, and they can and should be accounted for.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
13. Social engineering attacks present a threat to organizations and individuals for all the following reasons except which of the following? a. Most targeted individuals and organizations have effective tools and procedures to filter out phishing and related scams, so they are not better protected from such attacks. 14. Which of the following types of actions or responses would you not expect to see in an information security incident response plan? a. Relocation of business operations to alternate sites 15. Which statement about planning and plans is correct? a. Planning should continuously bring plans and procedures in tune with ongoing operational reality. 16. Your boss believes that your company must follow NIST guidelines for disaster recovery planning and wants you to develop the company’s plans based on those guidelines. Which statement might you use to respond to your boss? a. NIST publications are mandatory only for government agencies or companies on government contracts, and since we are neither of those, we don’t have to follow them. But they have some great ideas we should see about putting to use, tailored to our risk management plans. 17. Which of the following statements about information security risks is most correct regarding the use of collaborative workspace tools and platforms? a. First, the organizations collaborating with them should agree on how sensitive data used by or created by the team members must be restricted, protected, or kept safe and secure. Then, the people using the tool need to be fully aware of those restrictions. Without this, the technical risk controls, such as access control systems, can do very little to keep information safe a secure. 18. You’ve recently determined that some recent system glitches might be being caused by the software or hardware that a few employees have installed and are using with their company- provided endpoints; in some cases, employee-owned devices are being used instead of company-provided ones. What are some of the steps you should take right away to address this? (Choose all that apply.) a. Review your IT team’s approach to configuration management and control. b. Check to see if your company’s acceptable use policy addresses this. 19. Which value sets the maximum time lag or latency time for data to be considered useful for business operations? a. RPO 20. Which plan would you expect to be driven by assessments such as SLE (single loss expectancy), ARO (annual rate of occurrence), or ALE (annual loss expectancy)? a. Risk management plan 21. During which of the following disaster recovery test does the team sit together and discuss the response to a scenario but not actually activate any disaster recovery controls? a. Structured walk-through 22. Click to select the disaster recovery test and drag them in order of their potential impact on the business, starting with the least impactful and progressing through the most impactful. a. Checklist Review (least impactful) b. Parallel Test
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
c. Tabletop exercise d. Full interruption test (most impactful) 23. James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. Which variable is James determining? a. RPO 24. Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose? a. Parallel test 25. Gordon is developing a business continuity plan for a manufacturing company’s IT operations. The company is located in North Dakota and currently evaluating the risk of earthquakes. They choose to pursue a risk transference strategy. Which of the following actions is consistent with that strategy? a. Purchasing earthquake insurance 26. Which one of the following actions might be taken as part of a business continuity plan? a. Implementing a RAID 27. Ben needs to verify that the most recent patch for his organization’s critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this? a. Regression testing 28. Norm would like to conduct a disaster recovery test for his organization and wants to choose the most thorough type of test, recognizing that it may be quite disruptive. What type of test should Norm choose? a. Full interruption test 29. Linda is selecting a disaster recovery facility for her organization, and she wants to retain independence from other organizations as much as possible. She would like to choose a facility that balances the cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose? a. warm site 30. Which one of the following disaster recovery test types involves the actual activation of disaster recovery facility? a. Parallel test 31. Which one of the following metrics specifies the amount of time that business continuity planners find acceptable for the restoration of service after a disaster? a. RTO 32. Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified? a. SLE 33. What is the goal of the BCP process? a. RTO < MTD 34. Gordon is conducting a risk assessment for is organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified? a. ALE
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
35. Referring to the figure shown here, what is the name of the security control indicated by the arrow? a. Turnstile 36. Elaine is developing a business continuity plan for her organization. What value should she seek to minimize? a. RTO 37. What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles? a. Annually
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Practice Test A 1. Which of the following is not one of the canons of the (ISC)2 Code of Ethics? a. Maintain competent records of all investigations and assessments. i. Four canons of the (ISC)2 Code of Ethics: 1. Protect society, the common good, necessary public trust and confidence, and infrastructure. 2. Act honorably, honestly, justly, responsible, and legally. 3. Provide diligent and competent service principals. 4. Advance and protect the profession. 2. Gina recently took the SSCP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC) 2 Code of Ethics is most directly violated in this situation? a. Advance and protect the profession. 3. Which of the following statements is true about heuristic-based anti-malware software? a. It has a higher likelihood of detecting zero-day exploits than signature detection. 4. Which of the following tools is best suited for exploiting known vulnerabilities? a. Metasploit i. Metasploit is a tool used to exploit known vulnerabilities. It is one of the most populate exploitation tool suites used by black hat and white hat hackers alike. 5. Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but doe not receive normal operational issue messages? a. The severity level 6. Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it would take to restore a particular IT service after an outage. What variable is Greg calculating? a. RTO (recovery time objective) 7. Colleen is conducting a business impact assessment for her organization. What metric provides the maximum time that a business process or task cannot be performed without causing intolerable disruption or damage to the business? a. MAO (Maximum acceptable outage) 8. Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm? a. MTD (Maximum tolerable downtime) 9. Information about an individual like their name, ssn, data and place of birth, or their mother’s maiden name is an example of what type of protected information? a. PII (Personally identifiable information) 10. GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy? a. Encrypting the files
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
11. The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept? a. SDN, a converged protocol that allows network virtualization. i. Software-defined networking (SDN) 12. The company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they try to do. Which type of control best describes this? a. Directive i. Directive controls are actions taken to cause or encourage a desirable event to occur. 13. Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create? a. A realm trust. 14. Alex is preparing to solicit bids for a penetration test of his company’s network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process? a. Crystal box i. Crystal-box penetration testing, which is also sometimes called white-box penetration testing, provides the tester with information about networks, systems, and configurations, allowing highly effective testing. It doesn’t simulate an actual attack like black- and gray-box testing can and thus does not have the same realism, and I can lead to attacks succeeding that would fail in a zero- or limited-knowledge attack. 15. Dogs, guards, and fences are all common examples of what type of control? a. Physical i. Physical controls are combinations of hardware, software, electrical, and electronics mechanisms that, taken together, prevent, delay, or deter somebody or something from physically crossing the threat surface around a set of system components you need to protect. 16. Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower? a. Impact 17. Susan has discovered that the smart card-based locks used to keep the facility secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place? a. Compensation 18. What business process typically requires sign-off from a manager before modifications are made to a system? a. Change management
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
19. In this figure of the TCP three-ay handshake, wat should system A send to system B in step 3? a. ACK i. The TCP three-way handshake is SYN, SYN/ACK, ACK. The three-way handshake is used to begin a TCP session. The first step of the handshake is where system A sends system B a packet with an SYN, or synchronize, flag turned on, or "set." System B responds with a packet that has both the acknowledgment ACK and SYN flags set. Finally, system A responds with a packet that has the ACK flag set. At this point, the TCP session has been established. 20. Which of the following network topologies connects multiple nodes together, one after the other, in series? a. Bus 21. Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use her network at the full 1000 Mbps she wants to provide to her users? a. Cat 5e and Cat 6 22. What type of motion detector senses changes in the electromagnetic fields in monitored areas? a. Capacitance 23. Which of the following allows a local area network to use one set of IP addresses for internal traffic and another set of IP addresses for external traffic? a. NAT (Network address translation) 24. What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service? a. An application-level gateway firewall 25. What is the process that occurs when the header and footer are added to the data? a. Encapsulation i. It is about adding a bit of additional information to the data packet and preparing the information for being delivered in the network. 26. Which one of the following types of firewalls does not have the ability to track connection status between different packets? a. Packet filter
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
27. Chris is troubleshooting an issue with his organization's SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue? a. NTP (Network Time Protocol) 28. During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion? a. Preservation 29. What two logical network topologies can be physically implemented as a star topology? a. A bus and a ring 30. Which of the following is used only to encrypt data in transit over a network and cannot be used to encrypt data at rest? a. TKIP 31. Data is sent as bits at what layer of the OSI model? a. Physical i. This layer consists of hardware devices and electrical devices that transform computer data into signals, move the signals to other nodes, and transform received signals back into computer data. 32. What type of fire extinguisher is useful against liquid-based fires? a. Class B i. Class B fire extinguishers use carbon dioxide, halon, or soda acid as their suppression material and are useful against liquid-based fires. Water may not be used against liquid-based fires because it may cause the burning liquid to splash, and many burning liquids, such as oil, will float on water. 33. What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders? a. Wave pattern 34. What type of inbound packet is characteristic of a ping flood attack? a. ICMP echo request 35. Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multifactor authentication? a. Fingerprint scan i. A fingerprint scan is an example of a "something you are" factor, which would be appropriate for pairing with a "something you know" password to achieve multifactor authentication. 36. Angie is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Angie allow to leave the network headed for the Internet? a. Packets with a source address from Angie’s public IP address block 37. The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. When the breach was discovered and the logs were reviewed, it was discovered that the attacker had purged the logs on the system that they compromised. How can this be prevented in the future? a. Send logs to a bastion host. 38. The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack detect issues like this using his organization’s new centralized logging?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Deploy and use a SIEM (security information and event management). i. Designed to provide automated analysis and monitoring of logs and security events. A SIEM tool that receives access to logs can help detect and alert on events like logs being purged or other breach indicators. An IDS can help detect intrusions, but IDSs are not typically designed to handle central logs. A central logging server can receive and store logs but won’t help with analysis without taking additional actions. Syslog is simply a log format. 39. The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack best ensure accountability for actions taken on systems in his environment? a. Require authentication for all actions taken and capture logs centrally. 40. Fred needs to deploy a network device that can connect his network to other networks while controlling traffic on his network. What type of device should Fred choose? a. Router i. Routers are designed to control traffic on a network while connecting to other similar networks. The most common device we see at Layer 3 is the router; combination bridge-routers, or brouters, are also in use (bridging together two or more Wi-Fi LAN segments, for example). Alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. 41. If Alex hires a new employee and the employee’s account is provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning has occurred? a. Workflow-based account provisioning. 42. Alex has access to B, C, and D. What concern should he raise to the university's identity management team? a. Privilege creep may be taking place.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
43. When Alex changes roles, what should occur? a. He should be provisioned for only the rights that match his role. 44. Jim has worked in human relations, payroll, and customer service roles in his company over the past few years. What type of process should his company perform to ensure that he has appropriate rights? a. Review i. The review is an ongoing process that checks whether the set of access privileges granted to a subject are still required or if any should be modified or removed. 45. Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this? a. Proximity card i. The use of an electromagnetic coil inside the card indicates that this is a proximity card. 46. What type of access control allows the owner of a file to grant other users access to it using an access control list? a. Discretionary 47. Tommy handles access control requests for his organization. A user approaches him and explains that he needs access to the human resources database to complete a headcount analysis report requested by the chief financial officer (CFO). According to which rule has the user demonstrated successfully to Tommy regarding access for the database? a. Need to know. i. According to the "need to know" rule, the user has demonstrated successfully to Tommy regarding access for the human resources database. He explained that he requires this access for completing the headcount analysis report requested by the chief financial officer (CFO).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
48. What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred? a. Detective 49. Which of the following is an organized disassembling of the rights and privileges of the user account as well as archiving any folders, data, or other user-specific information as required by the policy? a. Account deprovisioning 50. Which of the following is normally used as an authorization tool? a. ACL i. Access control lists (ACLs) are used for determining a user's authorization level. Authorization occurs when a system determines whether an authenticated user is permitted to perform an activity, such as by consulting an access control list. 51. What RADIUS alternative is commonly used for Cisco network gear and supports two- factor authentication? a. TACACS+ i. TACACS+ is the most modern version of TACACS, the Terminal Access Controller Access-Control System. It is a Cisco proprietary protocol with added features beyond what RADIUS provides, meaning it is commonly used on Cisco networks. 52. Kolin is searching for a network security solution that will allow him to help reduce zero- day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement? a. NAC system (Network access control). Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. 53. How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes? a. A captive portal 54. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices? a. Set up a separate SSID using WPA2 55. After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible? a. Open networks are unencrypted, making traffic easily sniffable. 56. Which pair of the following factors is key for user acceptance of biometric identification systems? a. The throughput rate and the time required to enroll. 57. When an application or system allows a logged-in user to perform specific actions, it is an example of what? a. Authorization 58. Which one of the following components is used to assign classifications to objects in a mandatory access control system? a. Security label 59. Voice pattern recognition is what type of authentication factor? a. Something you are.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
i. Voice pattern recognition is an example of "something you are" biometric authentication factor because it measures a physical characteristic of the individual authenticating. 60. Which of the following is not a single sign-on implementation? a. SMTP i. The Simple Mail Transfer Protocol (SMTP) is an email transfer protocol. 61. What major issue often results from decentralized access control? a. Control is not consistent. i. Decentralized access control can result in less consistency because the individuals tasked with control may interpret policies and requirements differently and may perform their roles in different ways. Access outages, overly granular control, and training costs may occur, depending on specific implementations, but they are not commonly identified issues with decentralized access control. 62. Susan’s organization is updating its password policy and wants to use the strongest possible passwords. What password requirement will have the highest impact in preventing brute-force attacks? a. Increase the minimum password length from 8 to 16 characters. 63. Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place? a. Identity as a service 64. Marty discovers that his organization allows any user to log into the workstation assigned to any other user, even if they are from completely different departments. This type of access violates which information security principle? a. Least privilege i. According to the scenario, this type of access is most directly a violation of least privilege because it grants users privileges that they do not need for their job functions. Using the least privilege concept gives a privileged account only the minimum rights and capabilities required for the role. 65. Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve? a. Integrity i. Alice is trying to achieve integrity, which ensures that unauthorized changes are not made to data while stored or in transit. It means that the information as a set is reliable and has been created, modified, or used only by people and processes that are trusted. 66. How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys? a. 64 i. Binary key spaces contain a number of keys equal to 2 raised to the power of the number of bits. Two to the sixth power is 64, so a 6-bit key space contains 64 possible keys. 67. How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key? a. 256 i. Binary key spaces contain a number of keys equal to 2 raised to the power of the number of bits. Two to the eighth power is 256, so an 8-bit key space contains 256 possible keys. 68. Ben is concerned about password cracking attacks against his system. He would like to implement controls that prevent an attacker who has obtained those hashes from easily cracking them. What two controls would best meet this objective?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Longer passwords and salting 69. Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to restrict his organization for the use of rainbow tables. Which of the following techniques is specifically designed to frustrate the use of rainbow tables? a. Salting 70. In what model of cloud computing do two or more organizations collaborate to build a shared cloud computing environment that is for their own use? a. Community cloud 71. Callback to a landline phone number is an example of what type of factor? a. Somewhere you are. i. A callback to a landline phone number is an example of a “somewhere you are” factor because of the fixed physical location of a wired phone. A callback to a mobile phone would be a “something you have” factor. 72. What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm? a. 2 i. Triple DES functions by using either two or three encryption keys. When used with only one key, 3DES produces weakly encrypted ciphertext that is the insecure equivalent of DES. 73. Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce? a. Nonrepudiation i. Digital signatures enforce nonrepudiation. They prevent an individual from denying that he or she was the actual originator of the message. 74. Sally's organization needs to be able to prove that certain staff members sent emails, and she wants to adopt a technology that will provide that capability without changing their existing email system. What is the technical term for the capability Sally needs to implement as the owner of the email system, and what tool could she use to do it? a. Nonrepudiation; digital signatures 75. Which of the following tools is used to achieve the goal of nonrepudiation? a. Digital signature i. Applying a digital signature to a message allows the sender to achieve the goal of nonrepudiation. This allows the recipient of a message to prove to a third party that the message came from the purported sender. 76. Alice sends a message to Bob and wants to ensure that Mal, a third party, does not read the contents of the message while in transit. What goal of cryptography is Alice attempting to achieve? a. Confidentiality 77. What type of log is shown here?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Application log 78. SYN floods rely on implementations of what protocol to cause denial-of-service conditions? a. TCP 79. Which of the following are block cipher modes? Each correct answer represents a complete solution. Choose all that apply. a. CBC b. CFB c. OFB i. Block ciphers take the input plaintext as a stream of symbols and break it up into fixed-length blocks; each block is then encrypted and decrypted as if it was a single (larger) symbol. The five basic block cipher modes are Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. 80. When Matthew sends Richard a message, what key should he use to encrypt the message? a. Richard’s public key. 81. When Richard receives the message from Matthew, what key should he use to decrypt the message? a. Richard’s private key 82. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature? a. Matthew’s private key 83. Ben is selecting an encryption algorithm for use in an organization with 10,000 employees. He must facilitate communication between any two employees within the organization. Which one of the following algorithms would allow him to meet this goal with the least time dedicated to key management? a. RSA 84. Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data? a. 1 i. RAID level 5 is also known as disk striping with parity. It uses three or more disks, with one disk containing parity information used to restore
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
data to another disk in the event of failure. When used with three disks, RAID 5 is able to withstand the loss of a single disk. 85. What is the length of the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm? a. 256 bits i. The Advanced Encryption Standard is a multiple-round algorithm that executes very fast in hardware or software implementations. The number of rounds is in part determined by the size of the key: 10 rounds for 128- bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. The longest encryption key supported by the AES is 256-bit key. 86. Which of the following is not a type of attack used against access controls? a. Teardrop 87. What penetration testing technique can best help assess training and awareness issues? a. Social engineering 88. When an attacker calls an organization's help desk and persuades them to reset a password for them because of the help desk employee's trust and willingness to help, what type of attack succeeded? a. Social engineering i. Social engineering exploits humans to allow attacks to succeed. Since help desk employees are specifically tasked with being helpful, they may be targeted by attackers posing as legitimate employees. 89. In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer’s exclusive use? a. Private cloud i. In the private cloud computing model, the cloud computing environment is dedicated to a single organization and does not follow the shared tenancy model. In this model, the customer builds a cloud computing environment in his or her own data center or builds an environment in another data center that is for the customer's exclusive use. 90. Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device? a. Use device fingerprinting via a web-based registration system. 91. Which one of the following technologies is not normally a capability of mobile device management (MDM) solutions? a. Assuming control of a nonregistered BYOD mobile device i. MDM products do not have the capability of assuming control of a device not currently managed by the organization. This would be equivalent to hacking into a device owned by someone else and might constitute a crime. 92. Michelle is in charge of her organization’s mobile device management efforts and handles lost and stolen devices. Which of the following recommendations will provide the most assurance to her organization that data will not be lost if a device is stolen? a. Full device encryption and mandatory passcodes. 93. Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with? a. Worm 94. When should an organization conduct a review of the privileged access that a user has to sensitive systems? a. All of these: i. On a periodic basis ii. When a user leaves the organization iii. When a user changes roles 95. Which of the following malware types uses built-in propagation mechanisms that exploit system vulnerabilities to spread and can replicate itself without any user interaction? a. Worm i. Worms have built-in propagation mechanisms that do not require user interaction, such as scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities. 96. Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusual high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place? a. Denial of service 97. Lauren wants to ensure that her users run only software that her organization has approved. What technology should she deploy? a. Whitelisting i. Whitelisting is a positive security control model—it explicitly names or lists approved activities, connections, files, users, or applications that can be used. 98. Greg would like to implement an application control technology in his organization. He would like to limit users to install only approved software on their systems. What type of application control would be appropriate in this situation? a. Whitelisting 99. Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower? a. Likelihood 1. Don's company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use? a. Iaas 2. In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity? a. Public cloud 3. Which of the following is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture? a. Load balancing 4. Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario? a. Maintaining the hypervisor
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
5. Drag the testing methodology to its level of knowledge: a. Black box: No prior knowledge of the system b. White box: Full knowledge of the system c. Gray box: Partial or incomplete knowledge 6. Cloud computing uses a shared responsibility model for security, where the vendor and customer each bears some responsibility for security. The division of responsibility depends upon the type of service used. Choose the cloud service offerings listed here and drag them from the case where the customer bears the least responsibility to where the customer bears the most responsibility. a. Saas b. PaaS c. IaaS i. In an infrastructure as a service (IaaS) cloud computing model, the customer retains responsibility for managing operating system and application security while the vendor manages security at the hypervisor level and below. In a platform as a service (PaaS) environment, the vendor takes on responsibility for the operating system, but the customer writes and configures any applications. In a software as a service (SaaS) environment, the vendor takes on responsibility for the development and implementation of the application while the customer merely configures security settings within the application. 7. Which one of the following components should be included in an organization’s emergency response guidelines? a. Immediate response procedures 8. During which phase of the incident response process would an organization determine whether it is required to notify law enforcement officials or other regulators of the incident? a. Reporting Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups throughout the weekdays at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. 9. What backup should Tara apply to the server first? a. Sunday’s full backup i. Tara first must achieve a system baseline. She does this by applying the most recent full backup to the new system. This is Sunday’s full backup. Once Tara establishes this baseline, she may then proceed to apply differential backups to bring the system back to a more recent state. 10. How many backups in total must Tara apply to the system to make the data it contains as current as possible? a. 2 i. According to the scenario, Tara must apply 2 backups to the system to make the data it contains as current as possible. To restore the system to as current a state as possible, Tara must first apply
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Sunday’s full backup. She may then apply the most recent differential backup, from Wednesday at noon. Differential backups include all files that have changed since the most recent full backup, so the contents of Wednesday’s backup contain all of the data that would be contained in Monday and Tuesday’s backups, making the Monday and Tuesday backups irrelevant for this scenario. 11. In this backup approach, some data may be irretrievably lost. How long is the time period in which any changes made will be lost? a. 3 hours i. In this scenario, the differential backup was made at noon, and the server failed at 3 p.m. Therefore, any data modified or created between noon and 3 p.m. will not be contained on any backup and will be irretrievably lost. Therefore, the answer will be for 3 hours. 12. If Tara followed the same schedule but switched the differential backups to incremental backups, how many backups in total would she need to apply to the system to make the data it contains as current as possible? a. 4 i. By switching from the differential to incremental backups, Tara's weekday backups will contain only the information changed since the previous day. Therefore, she must apply all the available incremental backups. She would begin by restoring the Sunday full backup and then apply the Monday, Tuesday, and Wednesday incremental backups. Therefore, the correct answer will be 4. 13. If Tara made the change from the differential to incremental backups and we assume that the same amount of information changes each day, which one of the following files would be the largest? a. All three will be the same size. i. Each incremental backup contains only the information changed since the most recent full or incremental backup. If we assume that the same amount of information changes every day, each of the incremental backups would be roughly the same size. 14. Nessus, OpenVAS, and SAINT are all examples of what type of tool? a. Vulnerability scanners 15. What type of log file is shown in this figure? a. Firewall 16. What type of virus is characterized by the use of two or more different propagation mechanisms to improve its likelihood of spreading between systems? a. Multipartite virus 17. Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
that amended their written contract. What rule of evidence should Denise raise in her defense? a. Parol evidence rule i. The parol evidence rule states that when an agreement between two parties is put into written form, it is assumed to be the entire agreement unless amended in writing. The best evidence rule says that a copy of a document is not admissible if the original document is available. 18. What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles? a. Annually 19. Which one of the following disaster recovery test types involves the actual activation of the disaster recovery facility? a. Parallel test 20. James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. Which variable is James determining? a. RPO (recovery point objective) i. It identifies the maximum amount of data, measured in time, that may be lost during a recovery effort. 21. Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified? a. SLE (single loss expectancy) i. Amount of damage that risk is expected to cause each time that it occurs. It is the total direct and indirect costs (or losses) from a single occurrence of a risk event. 22. Gordon is developing a business continuity plan for a manufacturing company's IT operations. The company is located in North Dakota and currently evaluating the risk of earthquakes. They choose to pursue a risk transference strategy. Which of the following actions is consistent with that strategy? a. Purchasing earthquake insurance 23. Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose? a. Parallel test 24. Which one of the following is typically considered a business continuity task? a. Business impact assessment 25. Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified? a. ALE (annualized loss expectancy) i. Amount of damage that the organization expects to occur each year as the result of a given risk. It is the anticipated losses for the year, which is the (annual rate of occurrence) ARO multiplied by the (single loss expectancy) SLE. 26. George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George’s company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George’s testimony?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Hearsay rule i. The hearsay rule says that a witness cannot testify about what someone else told them, except under specific exceptions. The courts have applied the hearsay rule to include the concept that attorneys may not introduce logs into evidence unless they are authenticated by the system administrator. The best evidence rule states that copies of documents may not be submitted into evidence if the originals are available. Practice Test B 1. Ed is tasked with protecting information about his organization’s customers, including their name, Social Security number, birth date, and place of birth, as well as a variety of other information. What is this information known as? a. PII (personally identifiable information) 2. Which one of the following investigation types always uses the beyond-a-reasonable- doubt standard of proof? a. Criminal investigation. 3. Jim starts a new job as a system engineer, and his boss provides him with a document entitled “Forensic Response Guidelines.” Which one of the following statements is not true? a. Jim must comply with the information in this document. 4. Which of the following is not one of the four canons of the (ISC)2 code of ethics? a. Avoid conflicts of interest that may jeopardize impartiality. 5. Microsoft’s STRIDE threat assessment framework uses six categories for threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue? a. Repudiation and tampering 6. Which of the following is a detailed, step-by-step document that describes the exact actions that individuals must complete? a. Procedure
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7. What type of risk assessment uses tools such as the one shown here? a. Qualitative 8. Alex’s job requires him to see protected health information to ensure the proper treatment of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control? a. Need to know 9. You are conducting a qualitative risk assessment for your organization. The two important risk elements that should weigh most heavily in your analysis of risk are probability and ___________. a. Impact 10. Susan is conducting a STRIDE threat assessment by placing threats into one or more of the following categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. As part of her assessment, she has discovered an issue that allows transactions to be modified between a web browser and the application server that it accesses. What STRIDE categorization(s) best fit this issue? a. Tampering and Information Disclosure 11. What type of alternate processing facility includes all of the hardware and data necessary to restore operations in a matter of minutes or seconds? a. Hot site 12. Which of the following types of controls do describe a mantrap? Each correct answer represents a complete solution. Choose all that apply. a. Deterrent b. Preventative c. Physical 13. Which of the following is an example of administrative control? a. Security awareness training 14. Which of the following is an example of risk transference? a. Purchasing insurance
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
15. Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing? a. Risk acceptance 16. Which group is best suited to evaluate and report on the effectiveness of administrative controls an organization has put in place to a third party? a. External auditors 17. Purchasing insurance is a form of what type of risk response? a. Transfer 18. What type of vulnerability scan accesses configuration information from the systems it is run against as well as information that can be accessed via services available via the network? a. Authenticated scans 19. Tamara recently decided to purchase cyber-liability insurance to cover her company's costs in the event of a data breach. What risk management strategy is she pursuing? a. Risk transference 20. Referring to the fire triangle shown here, which one of the following suppression materials attacks a fire by removing the fuel source? a. Soda acid 21. Kyle is being granted access to a military computer system that uses System High mode. What is not true about Kyle’s security clearance requirements? a. Kyle must have a valid need to know for all information processed by the system.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
22. Tammy is selecting a disaster recovery facility for her organization. She would like to choose a facility that balances the time required to recover operations with the cost involved. What type of facility should she choose? a. Warm site 23. What process makes TCP a connection-oriented protocol? a. It uses a handshake. 24. Chris has been assigned to scan a system on all of its possible TCP and UDP ports. How many ports of each type must he scan to complete his assignment? a. 65,536 TCP and 65,536 UDP ports 25. Drag the protocol to its description. a. Here are the protocols with its descriptions: i. TCP: Transports data over a network in a connection-oriented fashion ii. UDP: Transports data over a network in a connectionless fashion iii. DNS: Performs translations between FQDNs and IP addresses iv. ARP: Performs translations between MAC addresses and IP addresses 26. What process adds a header and a footer to data received at each layer of the OSI model? a. Encapsulation 27. TCP and UDP both operate at what layer of the OSI (open system interconnection) model? a. Layer 4 28. What UDP port is used by the Dynamic Host Configuration Protocol? a. 68 i. The Dynamic Host Configuration Protocol (DHCP) assigns IPv4 (and later IPv6) addresses to new devices as they join the network. This set of handshakes allows DHCP to accept or reject new devices based on a variety of rules and conditions that administrators can use to restrict a network. DHCP uses UDP port 67/68. 29. Which layer of the OSI (open system interconnection) model is associated with segments? a. Transport 30. Using the OSI model, what format does the Data Link layer use to format messages received from higher up the stack? a. Frame 31. In Jen’s job as the network administrator for an industrial production facility, she is tasked with ensuring that the network is not susceptible to electromagnetic interference due to the large motors and other devices running on the production floor. What type of network cabling should she choose if this concern is more important than cost and difficulty of installation? a. Fiber-optic 32. Drag the service to its network port. a. Here are the services to its network port: i. DNS: UDP port 53 ii. HTTPS: TCP port 443 iii. SSH: TCP port 22 iv. RDP: TCP port 3389 v. MSSQL: TCP port 1433
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
33. IP addresses like 10.10.10.10 and 172.19.24.21 are both examples of what type of IP address? a. Private IP addresses 34. The IP address 201.19.7.45 is what type of address? a. A public IP address. 35. Which of the following are examples of routing protocols? Each correct answer represents a complete solution. Choose all that apply. a. BGP (Border Gateway Protocol) b. RIP (Routing Information Protocol) c. OSPF (Open Shortest Path First) 36. In the figure shown here, what does system B send to system A at step 2 of the three- way TCP handshake? a. SYN/ACK i. The three-way handshake is SYN, SYN/ACK, ACK. System B should respond with "SYN/ACK" or "Synchronize and Acknowledge" to system A after it receives an SYN. The three-way handshake is used to begin a TCP session. The first step of the handshake is where system A sends system B a packet with an SYN, or synchronize, flag turned on, or "set." System B responds with a packet that has both the acknowledgment ACK and SYN flags set. Finally, system A responds with a packet that has the ACK flag set. At this point, the TCP session has been established. 37. Drag the cable type to its maximum length. a. Here's the cable types with its maximum length: i. Category 5e: 300 feet ii. Coaxial (RG-58): 500 feet iii. Fiber optic: 1+ kilometers
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
38. Alex has been employed by his company for more than a decade and has held a number of positions in the company. During an audit, it is discovered that he has access to shared folders and applications because of his former roles. What issue has Alex’s company encountered? a. Privilege creep. 39. Lauren is responsible for building a banking website. She needs proof of the identity of the users who register for the site. How should she validate user identities? a. Use information that both the bank and the user have such as questions pulled from their credit report. 40. Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained the new privileges associated with that position, but no privileges were ever taken away. What concept describes the sets of privileges she has accumulated? a. Aggregation. 41. Lauren starts at her new job and finds that she has access to a variety of systems that she does not need to accomplish her job. This is a violation of which of the following? a. Least privilege. 42. Which of the following tools is mostly used for identification purposes and is not suitable for use as an authenticator? a. Username 43. What type of access control is being used in the following permission listing? Storage Device X o User1: Can read, write, list o User2: Can read, list o User3: Can read, write, list, delete o User4: Can list a. Resource-based access controls 44. Lauren builds a table that includes assigned privileges, objects, and subjects to manage access control for the systems she is responsible for. Each time a subject attempt to access an object, the systems check the table to ensure that the subject has the appropriate rights to the objects. What type of access control system is Lauren using? a. An access control matrix 45. Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. What information security principle is she most directly enforcing? a. Separation of duties 46. Owen recently designed a security access control structure that prevents a single user from simultaneously holding the role required to create a new vendor and the role required to issue a check. What does this scenario describe? a. Separation of duties 47. Which of the following is not a common threat to access control mechanisms? a. Phishing 48. Chris is deploying a gigabit Ethernet network using Category 6 cable between two buildings. What is the maximum distance he can run the cable according to the Category 6 standard? a. 100 meters
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
49. James has opted to implement a NAC solution that uses a post-admission philosophy for its control of network connectivity. What type of issues can’t a strictly post-admission policy handle? a. Preventing an unpatched laptop from being exploited immediately after connecting to the network. i. A post-admission philosophy allows or denies access based on user activity after connection. Since this doesn’t check the status of a machine before it connects, it can’t prevent the exploit of the system immediately after connection. This doesn’t preclude out-of-band or in-band monitoring, but it does mean that a strictly post-admission policy won’t handle system checks before the systems are admitted to the network. 50. If Susan's organization requires her to log in with her fingerprints, PINs, passwords, and retina scans, how many distinct authentication factor types has she used? a. Two i. Susan has used two distinct types of factors: PINs and passwords are both Type 1 factors (something you know), and fingerprints and retina scans are both Type 3 factors (something you are). 51. Lauren needs to send information about services she is provisioning to a third-party organization. What standards-based markup language should she choose to build the interface? a. SPML 52. A cloud-based service that provides account provisioning, management, authentication, authorization, reporting, and monitoring capabilities is known as what type of service? a. IDaaS 53. Google's identity integration with a variety of organizations and applications across domains is an example of which of the following? a. Federation 54. Grace is considering the use of new identification cards in her organization that will be used for physical access control. She comes across the sample card shown here and is unsure of the technology it uses. What type of card is this?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Magnetic stripe card. 55. What type of access control scheme is shown in the following table? a. MAC 56. Jacob is planning his organization’s biometric authentication system and is considering retina scans. What concern may be raised about retina scans by others in his organization? a. Retina scans can reveal information about medical conditions. The organization that Ben works for has a traditional on-site Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following question about the identity recommendations Ben should make.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
57. What technology is likely to be involved when Ben’s organization needs to provide authentication and authorization assertions to their cloud e-commerce application? a. SAML 58. If Ben needs to share identity information with the business partner shown, what should he investigate? a. Federation 59. Gwen comes across an application that is running under a service account on a web server. The service account has full administrative rights to the server. What principle of information security does this violate? a. Least privilege 60. Ben has written the password hashing system for the web application he is building. His hashing code function for passwords results in the following process for a series of passwords: What flaw has been introduced with his hashing implementation? a. Salt reuse 61. During a penetration test, Chris recovers a file containing hashed passwords for the system he is attempting to access. What type of attack is likely to succeed against the hashed passwords? a. Rainbow table attack 62. What should be true for salts used in password hashes? a. Unique salts should be stored for each user.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
63. During a system audit, Casey notices that the private key for her organization’s web server has been stored in a public Amazon S3 storage bucket for more than a year. What should she do? a. Request a new certificate using a new key. 64. Matthew, Richard, and Christopher would like to exchange messages with each other using symmetric cryptography. They want to ensure that each individual can privately send a message to another individual without the third person being able to read the message. How many keys do they need? a. 3 i. They need a key for every possible pair of users in the cryptosystem. The first key would allow communication between Matthew and Richard. The second key would allow communication between Richard and Christopher. The third key would allow communication between Christopher and Matthew. 65. After scanning all the systems on his wireless network, Mike notices that one system is identified as an iOS device running a massively out-of-date version of Apple’s mobile operating system. When he investigates further, he discovers that the device is an original iPad and that it cannot be updated to a current secure version of the operating system. What should Mike recommend? a. Retire or replace the device. 66. What level of RAID is also known as disk mirroring? a. RAID 1 i. RAID level 1 is also known as disk mirroring. RAID 0 is called disk striping. RAID 5 is called disk striping with parity. RAID 10 is known as a stripe of mirrors. 67. Gary is analyzing a security incident and during his investigation, he encounters a user who denies having performed an action that Gary believes he did perform. Which of the following has taken place? a. Repudiation 68. What is the best way to ensure email confidentiality in motion? a. Encrypt the email content. Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. 69. When the certificate authority (CA) created Renee’s digital certificate, what key was contained within the body of the certificate? a. Renee’s public key 70. When the certificate authority created Renee's digital certificate, what key did it use to digitally sign the completed certificate? a. CA’s private key 71. When Mike receives Renee's digital certificate, what key does he use to verify the authenticity of the certificate? a. CA’s public key
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
72. Now, Mike would like to send Renee a private message after verifying the authenticity of the certificate. To provide confidentiality, what key should he use to encrypt the message? a. Renee’s public key 73. Fred's company wants to ensure the integrity of email messages sent via its central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest? a. Digitally sign but don’t encrypt all messages. 74. Which of the following is not a valid key length for the Advanced Encryption Standard? a. 384 bits 75. What is the maximum penalty that may be imposed by an (ISC)2 peer review board when considering a potential ethics violation? a. Revocation of certification 76. Norm is configuring an RSA cryptosystem for use within his organization and is selecting the key lengths that he will support. Which one of the following key lengths is not both supported by the RSA algorithm and generally considered secure? a. 512 bits 77. Which component of IPsec provides authentication, integrity, and nonrepudiation? a. Authentication Header 78. Fred needs to transfer files between two servers on an untrusted network. Since he knows the network isn’t trusted, he needs to select an encrypted protocol that can ensure that his data remains secure. What protocol should he choose? a. SFTP 79. What type of attack would the following precautions help prevent? Requesting proof of identity Requiring callback authorizations on voice-only requests Not changing passwords via voice communications a. Social engineering i. Social engineering encompasses almost any effort to learn about the people in the organization and find exploitable weaknesses via those people. Each of the precautions (requesting proof of identity, requiring callback authorizations on voice-only requests, and not changing passwords via voice communications) helps to prevent social engineering by helping prevent exploitation of trust. Avoiding voice-only communications is particularly important since establishing identity over the phone is difficult. 80. Susan is working to improve the strength of her organization’s passwords by changing the password policy. The password system that she is using allows uppercase and lowercase letters as well as numbers but no other characters. How much additional complexity does adding a single character to the minimum length of passwords for her organization create? a. 62 times more complex 81. What term is used to describe a starting point for a minimum security standard? a. Baseline
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
The organization that Ben works for has a traditional on-site Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following question about the identity recommendations Ben should make. 82. If availability of authentication services is the organization’s biggest priority, what type of identity platform should Ben recommend? a. Hybrid 83. Which one of the following is not a technique used by virus authors to hide the existence of their virus from anti-malware software? a. Multipartitism 84. The company that Fred works for is reviewing the security of its company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. What security considerations should Fred’s company require for sending sensitive data over the cellular network? a. They should use the same requirements as data over any public network. 85. Which of the following statements about malware are correct? Each correct answer represents a complete solution. Choose all that apply. a. Any type of software designed and used for a variety of malicious purposes. b. Misguides users into taking actions through fear or misdirection. c. Viruses, Trojan horses, worms, and rootkits are the key types of malware.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
86. Warren is designing a physical intrusion detection system for his data center and wants to include technology that issues an alert if the communications lines for the alarm system are unexpectedly cut. What technology would meet this requirement? a. Heartbeat sensor 87. In virtualization platforms, what name is given to the module that is responsible for controlling access to physical resources by virtual resources? a. Hypervisor 88. STRIDE, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege, is useful in what part of application threat modeling? a. Threat categorization. 89. Greg is battling a malware outbreak in his organization. He used specialized malware analysis tools to capture samples of the malware from three different systems and noticed that the code is changing slightly from infection to infection. Greg believes that this is the reason that antivirus software is having a tough time defeating the outbreak. What type of malware should Greg suspect is responsible for this security incident? a. Polymorphic virus 90. Joe wants to test a program he suspects may contain malware. What technology can he use to isolate the program while it runs? a. Sandboxing 91. Mike has been tasked with preventing an outbreak of malware like Mirai. What type of systems should be protected in his organization? a. Internet of Things (IoT) devices The company that Fred works for is reviewing the security of its company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. 92. What are the most likely circumstances that would cause a remote wipe of a mobile phone to fail? a. The phone cannot contact a network. 93. The company that Fred works for is reviewing the security of its company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. Fred intends to attend a major hacker conference this year. What should he do when connecting to his cellular provider’s 4G network while at the conference? a. Connect to his company encrypted VPN service. 94. Surveys, interviews, and audits are all examples of ways to measure what important part of an organization’s security posture? a. Awareness 95. Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use? a. Blacklist 96. What type of Windows audit record describes events like an OS shutdown or a service being stopped?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. A system log 97. During a log review, Karen discovers that the system she needs to gather logs from has the log setting shown here. What problem is Karen likely to encounter? a. The logs will contain only the most recent 20 MB of log data. 98. Which one of the following goals of physical security environments occurs first in the functional order of controls? a. Deterrence 99. Full disk encryption like Microsoft’s BitLocker is used to protect data in what state? a. Data at rest. 100. Which of the following are the contractual agreements between a service provider and a service consumer that specify service quality, quantities, timeliness and responsiveness, and appropriate usage constraints? Each correct answer represents a complete solution. Choose all that apply. a. SLA (service level agreement) b. TOR (terms of reference) c. TOS (terms of service) 101. Jim has been contracted to perform a penetration test of a bank’s primary branch. To make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform? a. A black-box penetration test. 102. Rick is an application developer who works primarily in Python. He recently decided to evaluate a new service where he provides his Python code to a vendor who then executes it on their server environment. What type of cloud computing environment is this service? a. PaaS
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
103. Fran's company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering? a. SaaS 104. What type of penetration testing provides detail on the scope of a penetration test —including items like what systems would be targeted—but does not provide full visibility into the configuration or other details of the systems or networks the penetration tester must test? a. Gray box 105. Which of the following would be considered as an example of the IaaS (infrastructure as a service) cloud computing? a. Servers provisioned by customers on a vendor-managed virtualization platform 106. During which phase of the incident response process would administrators design new security controls intended to prevent a recurrence of the incident? a. Remediation 107. Which one of the following components should be included in an organization’s emergency response guidelines? a. Secondary response procedures for first responders. 108. You are the CISO for a major hospital system and are preparing to sign a contract with a software as a service (SaaS) email vendor and want to ensure that its business continuity planning measures are reasonable. What type of audit might you request to meet this goal? a. SOC 2 109. NIST Special Publication 800-92, the Guide to Computer Security Log Management, describes four types of common challenges to log management: Many log sources Inconsistent log content Inconsistent timestamps Inconsistent log formats Which of the following solutions is best suited to solving these issues? a. Implement a SIEM. 110. Which one of the following backup types does not alter the status of the archive bit on a file? a. Differential backup 111. Cameron is responsible for backing up his company’s primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p.m. and incremental backups on other days of the week at that same time. How many files will be copied in Wednesday’s backup?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. 2 112. Lauren’s healthcare provider maintains such data as details about her health, treatments, and medical billing. What type of data is this? a. Protected health information 113. Which one of the following investigation types has the loosest standards for collecting and preserving information? a. Operational investigation. 114. What type of forensic investigation typically has the highest evidentiary standards? a. Criminal. 115. Which of the following is not a basic preventative measure that you can take to protect your systems and applications against attack? a. Conduct forensic imaging of all systems. 116. Linda is selecting a disaster recovery facility for her organization, and she wants to retain independence from other organizations as much as possible. She would like to choose a facility that balances cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose? a. Warm site 117. Click to select the disaster recovery test and drag them in order of their potential impact on the business, starting with the least impactful and progressing through the most impactful. a. Here are the correct order of disaster recovery test, starting with the least impactful and progressing through the most impactful: i. Checklist review ii. Parallel test iii. Tabletop exercise iv. Full interruption test 118. During which of the following disaster recovery tests does the team sit together and discuss the response to a scenario but not actually activate any disaster recovery controls? a. Structured walk-through 119. Norm would like to conduct a disaster recovery test for his organization and wants to choose the most thorough type of test, recognizing that it may be quite disruptive. What type of test should Norm choose?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
a. Full interruption. 120. What is the goal of the BCP process? a. RTO<MTD 121. Ben needs to verify that the most recent patch for his organization's critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this? a. Regression testing 122. Which one of the following metrics specifies the amount of time that business continuity planners find acceptable for the restoration of service after a disaster? a. RTO 123. Referring to the figure shown here, what is the name of the security control indicated by the arrow? a. Turnstile 124. Elaine is developing a business continuity plan for her organization. What value should she seek to minimize? a. RTO 125. What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data? a. Warm site
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Final Exam 1. Alex is accessing a standalone file server using a username and password provided to him by the server administrator. Which one of the following entities is guaranteed to have information necessary to complete the authorization? a. File server 2. How do physical, logical, and administrative controls interact with one another? a. Administrative controls should direct and inform people; logical controls implement those directions in the IT architecture; physical controls reinforce by preventing or deterring disruptions to hardware, systems, and support infrastructure. 3. Which one of the following components should be included in an organization’s emergency response guidelines? a. Immediate response procedures 4. In her role as an information security professional, Susan has been asked to identify areas where her organization’s wireless network may be accessible even though it isn’t intended to be. What should Susan do to determine where her organization’s wireless network is accessible? a. A site survey 5. Karen’s organization has been performing system backups for years but has not used the backups frequently. During a recent system outage, when administrators tried to restore from backups, they found that the backups had errors and could not be restored. Which of the following options should Karen avoid when selecting ways to ensure that her organization’s backups will work next time? a. MTD verification 6. Which statement about recovery times and outages is most correct? a. RTO should be less than or equal to MAO. 7. What should be true for salts used in password hashes? a. Unique salts should be stored for each user. 8. What is business logic? a. The set of rules that dictate or describe the processes that a business uses to perform the tasks that lead to achieving the required results 9. Which statement best describes how does the separation of duties relates to education and training of end-users, managers, and leaders in an organization? a. Separation of duties should segment the organization into teams focused on their job responsibilities, with clear interfaces to other teams. Effective awareness training and education can help each team, and each team member, see how successfully fulfilling their duties depends on keeping information safe, secure, and reliable. 10. Lauren needs to send information about services she is provisioning to a third-party organization. What standards-based markup language should she choose to build the interface? b. SPML
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
11. Darlene was recently offered a consulting opportunity as a side job. She is concerned that the opportunity might constitute a conflict of interest. Which one of the following sources is most likely to provide her with appropriate guidance? a. Organizational code of ethics 12. Your IT director has asked you for a recommendation about which access control standard your team should be looking to implement. He has suggested either Diameter or XTACACS can be implemented. Which of the following gives you the best information to use in replying to your boss? a. The standard is IEEE 802.1X; Diameter and XTACACS are implementations of the standard. 13. Which of the following shows the major steps of the information risk management process in the correct order? a. Set priorities; assess risks; implementing risk treatment plans; continuous monitoring 14. Your company uses computer-controlled machine tools on the factory floor as part of its assembly line. This morning, you’ve discovered that somebody erased a key set of machine control parameter files, and the backups you have will need to be updated and verified before you can use them. This may take most of the day to accomplish. What information security attribute is involved here? a. Integrity 15. Ian’s company has an internal policy requiring that it perform regular port scans of all of its servers. Ian has been part of a recent effort to move his organization’s servers to an infrastructure as a service provider. What change will Ian most likely need to make to his scanning efforts? a. Follow the service provider’s scan policies 16. As Lauren prepares her organization’s security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via awareness? a. Impersonation 17. What type of virus is characterized by the use of two or more different propagation mechanisms to improve its likelihood of spreading between systems? a. Multipartite virus 18. A thunderstorm knocks out the commercial electric power to your company’s datacenter, shutting down everything. This impacts which aspect of information security? a. Availability 19. Fred is on the IT team migrating his company’s business systems into a public cloud provider, which will host the company’s processes and data on its datacenters in three different countries to provide load balancing, failover/restart, and backup and restore capabilities. Which statement or statements best addresses key legal and regulatory concerns about this plan? (Choose all that apply.) a. The countries where the cloud host’s datacenters are located, plus all of the countries in which Fred’s company has a business presence, office, or other facility, have jurisdiction over company data b. In addition to staying compliant with all of those different countries’ lays and regulations, Fred’s company must also ensure that it does not violate cultural, religious, or political taboos in any of those countries
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
20. Which one of the following is the first step in developing an organization’s vital records program? a. Identifying vital records 21. Darcy is designing a fault-tolerant system and wants to implement RAID 5 for her system. What s the minimum number of physical hard disks she can use to build her system? a. Three 22. Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. What information security principle is she most directly enforcing? a. Separation of duties 23. Ed is tasked with protecting information about his organization’s customers, including their name, Social Security number, birth date, and place of birth, as well as a variety of other information. What is this information known as? a. PII (personally identifiable information) 24. Susan is conducting a STRIDE threat assessment by placing threats into one or more of the following categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. As part of her assessment, she has discovered an issue that allows transactions to be modified between a web browser and the application server that it accesses. What STRIDE categorization(s) best fit this issue? a. Tampering and Information Disclosure 25. How does business logic relate to information security? a. Business logic represents decisions the company has made and may give it a competitive advantage over others in the marketplace; it needs to be protected from unauthorized change. Processes that implement the business logic need to be available to be run or used when needed. Thus, confidentiality, integrity, and availability. 26. The organization that Ben works for has a traditional on-site Active Directory environment that uses a manually provisioning process for watch addition to their 350- employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while support their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. If availability of authentication services is the organization’s biggest priority, what type of identity platform should Ben recommend? a. Hybrid
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
27. The following diagram shows a typical workstation and server and their connections to each other and the Internet. What would be the best way to secure data at points B,D, and F? a. TLS 28. What security measure can provide an additional security control in the event that backup tapes are stolen or lost? a. Use AES-256 encryption. 29. What methods are often used to protect data in transit? a. TLS, VPN, IPSec 30. The Acme Widgets Company is putting new controls in place for its accounting department. Management is concerned that a rogue accountant may be able to create a new false vendor and then issue checks to that vendor as payment for services that were never rendered. What security control can best help prevent this situation? a. Separation of duties 31. An accounting employee at Doolittle Industries was recently arrested for participation in an embezzlement scheme. The employee transferred money to a personal account and then shifted funds around between other accounts every day to disguise the fraud for months. Which one of the following controls might have best allowed the earlier detection of this fraud? a. Mandatory vacation 32. John has talked with his IT director about getting an upgrade to their network access control tools that will allow them to implement remediation and quarantine measures. His director thinks this is unnecessary because their enterprise antimalware system provides for quarantine. Is John's director correct? Which of the following should John share with his director? a. No, because malware quarantine moves infected files into safe storage where they cannot be executed or copied by users; network access control quarantine prevents devices that are not up-to-date with software updates or other features from connecting to he Internet without performing required updates. 33. Which of the following brings advanced encryption standard to Wi-Fi and is the best form of Wi- Fi Security? a. WPA2 34. What type of penetration testing provides detail on the scope of a penetration test— including items like what systems would be targeted—but does not provide full visibility
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
into the configuration or other details of the systems or networks the penetration tester must test? a. Gray box 35. What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data? a. Warm site 36. What type of networking device is most commonly used to assign endpoint system to VLANs? a. Switch 37. Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it would take to restore a particular IT service after an outage. What variable is Greg calculating? a. RTO 38. NIST defines five major types of threat information types in NIST SP 800-150 the “Guide to Cyber Threat Information Sharing.” They are: Indicators, which are technical artifacts or observables that suggest an attack is imminent, currently underway, or compromise may have already occurred – tactics, techniques, and procedures that describe the behavior of an actor – security alerts like advisories and bulletins – threat intelligence reports that describe actors, systems, and information being targeted and methods being used – tool configurations that support collection, exchange, analysis, and use of threat information. Which one of the following groups would be least likely to be included in an organization’s cybersecurity incident communications plans? a. Utilities 39. Which mobile device strategy is most likely to result in the introduction of vulnerable devices to a network? a. BYOD 40. The company that Lauren works for is making significant investments in infrastructure as a service hosting to replace its traditional data center. Members of her organization’s management have expressed concerns about data remanence when Lauren’s team moves from one virtual host to another in their cloud service provider’s environment. What should she instruct her team to do to avoid this concern? a. Use full disk encryption 41. What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes? a. Regression testing 42. During a forensic investigation, Charles discovers that he needs to capture a virtual machine that is part of the critical operations of his company’s website. If he cannot suspend or shut down the machine for business reasons, what imaging process should he follow? a. Copy the virtual disk files and then use a memory capture tool. 43. How does bring our own infrastructure (BYOI) affect information security planning? (Choose all that apply.) a. BYOI potentially opens the organization’s infrastructure up to previously unknown connections with other people, organizations, and so forth; the potential for new and surprising risks is very great. b. BOI often uses consumer-grade services, particularly for cloud services, which are not compatible with typical enterprise systems.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
44. Do the terms cybersecurity, information assurance, and information security mean the same thing? (Choose all that apply) a. Yes, but each finds preference in different markets and communities of practice. b. No, because different groups of people in the field choose to interpret these terms differently, and there is no single authoritative view. 45. Which of the following statements about malware are not true? (Choose all that apply.) a. None of these statements are true i. Doing all of your browsing in fully secure (HTTPS) sessions will prevent any malware from entering your system. ii. If you operate your system within a hierarchy of trust, and you do not go beyond its boundaries, you do not need to do anything else to protect against malware. iii. Most SOHO environments have very little to lose to a malware infection, so they are justified in not spending a lot of effort or money on defensive systems. iv. Malware may corrupt your data and software, but it cannot damage your hardware. 46. What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles? a. Annually 47. Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature? a. Matthew’s private key 48. Kara used Nmap to perform a scan of a system under her control and received the results shown here. If Kara’s primary concern is preventing administrative connections to the server, which port should she block? a. 22 49. What do we use protocols for? (Choose all that apply) a. To conduct ceremonies, parades, or how we salute superiors, sovereigns, or rulers. b. To have conversation with someone and keep a disagreement from turning into a hostile, angry argument. c. To connect elements of computer systems together so that they can share the tasks and control each other. i. These options show the human social communications need fr signaling one another about the communication we’re trying to achieve. 50. Had to complete task.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
51. What encryption algorithm is used by both BitLocker and Microsoft’s Encrypting File System? a. AES 52. Chris is designing layered network security for his organization. What ype of firewall design is shown in the diagram? a. A Two-tier firewall 53. Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm? a. MTD (Maximum tolerable downtime) 54. What is the best way to provide accountability for the use of identities? a. Logging 55. Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme? a. Blowfish 56. Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices? b. Set up a separate SSID using WPA2
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
57. Using the OSI model, what format does the Data Link layer use to format messages received from higher up the stack? a. Frame 58. Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower? a. Impact 59. Gordon is developing a business continuity plan for a manufacturing company’s IT operations. The company is located in North Dakota and currently evaluating the risk of earthquakes. They choose to pursue a risk transference strategy. Which of the following actions is consistent with that strategy? a. Purchasing earthquake insurance 60. Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified? a. ALE (annualized loss expectancy) 61. Which of the following starts with the premise that all systems have an external boundary that separates what the system owner, builder, and user own, control, or use, from what’s not part of the system? a. Threat modeling 62. Which one of the following investigation types always uses the beyond-a-reasonable- doubt standard of proof? a. Criminal investigation 63. Alex wants to use an automated tool to fill web application forms to test for format string vulnerabilities. What type of tool should he use? a. A fuzzer 64. In this image, what issue may occur because of the log handling settings? a. Log data may not include needed information.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
65. What type of fire extinguisher is useful against liquid-based fires? a. Class B 66. Which one of the following is typically considered a business continuity task? a. Business impact assessment 67. As part of her system hardening process for a Windows 10 workstation, Lauren runs the Microsoft Baseline System Analyzer. She sees the following result after MBDS runs. What can she determine from this can? a. The system has default administrative shares enabled. 68. Which statement about planning and plans is correct? a. Planning should continuously bring plans and procedures in tune with ongoing operational reality. 69. Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create? a. A realm trust. 70. “Maintaining or improving information security while migrating to the clouds is more of a contractual than technical problem to sole.” Which statement best shows why this is either true or false? a. It is false. The contractual agreements do change quite frequently as the underlying technologies, threats, and business case for both the cloud host and the customer change with time. However, even these changes cause less work, less frequently, for the administrative elements and more for the technical elements of the typical customer organization. 71. What principle of information security states that an organization should implement overlapping security controls whenever possible? a. Defense in depth 72. Lauren is responsible for building a banking website. She needs proof of the identity of the users who register for the site. How should she validate user identities? a. Use information that both the bank and the user have such as questions pulled from their credit report 73. Which statement about the use of cryptology by private business is true? a. In many jurisdictions, law and regulation place significant responsibilities for information protection and due diligence on business; these can only be met in practical ways by using cryptographic systems. 74. After scanning all the systems on his wireless network, Mike notices that one system is identified as an iOS device running a massively out-of-date version of Apple’s mobile operating system. When he investigates further, he discovers that the device is an
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
original iPad and that it cannot be updated to a current secure version of the operating system. What should Mike recommend? a. Retire or replace the device. 75. What is the role of threat modeling when an organization is planning to migrate its business processes into a cloud-hosted environment? Choose the most correct statement. a. Migrating to the cloud may not change the logical relationship between information assets and subjects requesting to use them, or the way privileges are set based on roles, needs, and trust, but the connection path to them may change; this probably changes the threat surface. 76. Ian is reviewing the security architecture shown here. This architecture is designed to connect his local data center with an IaS service provider that his company is using to provide overflow services. What component can be used at the points marked by question marks to provide a secure encrypted network connection? a. VPN 77. Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort's primary data center is in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million. Henry consulted with tornado experts, data center specialists and structural engineers. Together they determined that a typical tornado would cause approximately $5 million of damages to the facility. The meteorologists determined that Atwood's facility lies in an area where they are likely to experience a tornado once every 200 years. Based upon the information in this scenario, what is the annualized loss expectancy for a tornado at Atwood Landing’s data center? a. $25,000 78. Jeff discovers a series of JPEG photos on a drive that he is analyzing for evidentiary purposes. He uses exiftool to collect metadata from those files. Which information is not likely to be included in the metadata? a. Number of copies made
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
79. The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. During normal operations, Jennifer’s team uses the SIEM appliance to monito for exceptions received via syslog. What system shown does not natively have support for syslog events? a. Windows desktop systems 80. Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use? a. Blacklist 81. You’ve just started a new job as an information security analyst at a medium-sized company, one with about 500 employees across its seven locations. In a conversation with your team chief, you learn that the company’s approach to risk management and information security includes an annual review and update of its risk register. Which of the following might be worth asking your team chief about? (Choose all that apply.) a. How does that relate to our ongoing monitoring of our IT infrastructure and key applications platforms and systems? b. What do we do when an incident response makes us aware of previously unknown vulnerabilities? 82. In his role as a forensic examiner, Lucas has been asked to produce forensic evidence related to a civil case. What is this process called? a. eDiscovery 83. Who should receive initial business continuity plan training in an organization? a. Everyone in the organization. 84. Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using? a. A vulnerability scanner 85. Alex is preparing to solicit bids for a penetration test of his company’s network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process? a. Crystal box 86. Had to complete a task. 87. You’ve recently determined that some recent system glitches might be being caused by the software or hardware that a few employees have installed and are using with their company- provided endpoints; in some cases, employee-owned devices are being used instead of company-provided ones. What are some of the steps you should take right away to address this? (Choose all that apply.) a. Review your IT team’s approach to configuration management and control. b. Check to see if your company’s acceptable use policy addresses this. 88. Had to complete a task.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
89. While reviewing output from netstat, John sees the following output. What should his next action be? a. To initiate the organization’s incident response plan 90. Which of the following is not one of the canons of the (ISC) 2 Code of Ethics? a. Maintain competent records of all investigations and assessments. 91. Alex has been employed by his company for more than a decade and has held a number of positions in the company. During an audit, it is discovered that he has access to shared folders and applications because of his former roles. What issue has Alex’s company encountered? a. Privilege creep. 92. Had to complete task. 93. Jim has been contracted to perform a penetration test of a bank’s primary branch. To make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform? a. A black-box penetration test. 94. Susan has discovered that the smart card-based locks used to keep the facility secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place? a. Compensation 95. Which group is best suited to evaluate and report on the effectiveness of administrative controls an organization has put in place to a third party? a. External auditors 96. Gina recently took the SSCP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC) 2 Code of Ethics is most directly violated in this situation? a. Advance and protect the profession. 97. In which phase or phases of a typical data exfiltration attack would a hacker be making use of phishing? (Choose all that apply.) a. Initial access b. Reconnaissance and characterization 98. Malware can be introduced into your protected systems by all of these methods except which of the following? a. Opening an email attachment from a known sender 99. George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George’s company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George’s testimony? a. Hearsay rule
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
100. Which form of access control grants specific privileges to subjects regarding specific objects or classes of objects based on the duties or tasks a person (or process) is required to fulfill? a. Role-based Final Exam Second Attempt Extra Questions 1. Tiffany needs to assess the patch level of a Windows 2012 server and wants to use a freely available tool to check the system for security issues. Which of the following tools will provide the most detail about specific patches installed or missing from her machine? a. The Microsoft Baseline Security Analyzer (MBSA) i. tool provided by Microsoft that can identify installed or missing patches as well as common security misconfigurations. Since it is run with administrative rights, it will provide a better view than normal nmap and Nessus scans and provides more detailed information about specific patches that are installed. 2. Which relationship between nodes provides the greatest degree of control over service delivery? a. Client-server 3. While investigating a malware infection, Lauren discovers that the hosts file for the system she is reviewing contains multiple entries as shown here: What would the malware make this change? a. To prevent antivirus updates 4. MAC models use three types of environments. Which of the following is not a mandatory access control design? a. bracketed 5. During a review of her organization’s network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend? a. Segment the network based on functional requirements. 6. Geoff is responsible for hardening systems on his network and discovers that a number of network appliances have exposed services including telnet, FTP, and web servers. What is his best option to secure these systems? a. Place a network firewall between the devices and the rest of the network.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7. Which statements about continuity and resilience are correct? (Choose all that apply) a. Resilience measures a system’s ability to tolerate events or conditions not anticipated by the designers. b. Continuity measures a system’s ability to deal with out-of-limits conditions, component or subsystems failures, or abnormal operating commands from users or other system elements, by means of designed-in redundancy, load shedding, or other strategies. 8. Ryan would like to implement an access control technology that allows users to authenticate once and access any resources in a network without authenticating again. Which of the following meets this requirement? a. SSO (single sign on) 9. Adam is accessing a standalone file server using username and password provided to him by the server administrator. Which one of the following entities is guaranteed to have information necessary to complete the authorization? a. File Server
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

ACM1 Task 1.docx
Machine Learning and Feature Selection (Nov 27) Class(1).py
BA 222 Introduction to Pandas (Oct 11) Class.py
hw3-client.py
Variability.docx
Week 8 Assignment - IPsec, SLL_TLS Standards, and VPN Security.docx
Roles of Core Technologies in an Effective IT System-3.pdf
Module 8 Problems Krishna.docx
CIS502_Performance_Lab_Report_2_Week 6.docx
Assignment 1 Sample Solutions.pdf
Assignment 3 (4).pdf
ELG2136final2020.pdf
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS