In the 1970s, why did the focus on security shift from securing physical computer systems to securing information?
- Databases became the primary target of hackers
- Hardware and software became cheaper and more standardized
- Personal data was starting to be collected and stored on individuals
- Systems became interconnected via the web and physical security was no longer as important
A bank’s servers are hosted by an external hosting company. The hosting company lost power due to an outage beyond their control and they did not have the appropriate backup systems in place. The bank’s servers went down and the data was inaccessible. Which of the following foundations of information security was not protected by the hosting company?
- Data integrity
- Physical security
- System availability
- Data confidentiality
Which of the following types of assessment determines whether a tornado would be more destructive to a computer facility than an earthquake?
- Risk assessment
- Threat assessment
- Vulnerability assessment
- Environmental assessment
What are the four components of the risk management process?
- Assess risks, control risks, identify controls, and identify hazards
- Information systems view, mission view, organization view, and trustworthiness
- Risk assessment, risk framing, risk monitoring, and risk response
- Risk auditing, risk evaluation, risk identification, and risk reporting
In which stage of the incident response process would an attacker be redirected to a sandbox so that the attacker could be monitored?
- Post-incident activity
- Detection and analysis
- Containment, eradication, and recovery
In addition to being a physical type of security control, illuminating a building by installing outside lights as a protective measure is also an example of which of the following kinds of security control?
You want to prevent malicious email within a company by providing layered security, or defense-in-depth. Which of the following would be a good strategy for doing this?
- Have information technology professionals read all email before the email is viewed by the employees
- Provide security awareness training, install antivirus and antimalware email filters, and patch all company laptops
- Provide security awareness training, password-lock all laptops when not in use, and provide privacy screens for monitors
- Have the exchange mail server scan all incoming mail that passes the antivirus software and then have each department head review it before the mail is sent to employees
A phishing email sent to all management level employees appears to have originated from the HR department. The email is asking for confidential information that could provide an attacker with usernames and passwords that will provide system access. What is the best way for ensuring that managers recognize the email as an attack and act appropriately?
- Encrypt all email that is authentic when addressing management
- Send out an email to notify management that the email is a phishing email
- Post a banner when the email application is opened that warns about phishing attacks
- Provide security awareness training to educate management and to modify their behavior
COBIT 5 is a proprietary framework written by ISACA. What does it specify?
- How to mitigate risks identified in the risk management process
- Standards and best practices for information technology functions
- Processes for governance and management of information technology
- The guidelines for information technology as required in NIST SP 800-39
Which of the following are the possibility of a hurricane, tornado, loss of power, or data corruption examples of?
- Threat agents
Most applications will advise users to use words such as “dog” and “cat” in passwords, or will not allow these types of passwords at all. Why is that?
- This mitigates man-in-the-middle attacks that intercept the passwords in transit
- This mitigates dictionary attacks that try all the words in a dictionary to try match or hack the password
- This mitigates zero-day attacks that take new forms that are unknown to information security professionals
- This mitigates denial of service attacks that will shut the system down if simple words are used as the password
You have received four emails from one of your acquaintances, Greg. Which of the following email addresses should make you suspicious that it is a spoofed email from Greg?
What kind of attack happens when a person follows another person through a locked door?
- Shoulder surfing
Why are attachments a common way to deliver malicious code?
- Email addresses can be easily spoofed
- Email can never be scanned for viruses
- There is no way to verify the authenticity of an email
- Attachments are automatically opened once the email is received
Which type of attack could hijack a session or send a user to a malicious site to steal sensitive information?
- SQL injection
- Brute force attack
- Denial of service (DoS)
- Cross-site scripting (XSS)
You come across a type of malicious code that encrypts a victim’s files and only restores the files when certain conditions are met. What kind of attack have you found?
- A polymorphic virus
During which of the following scenarios could a server potentially be under a denial of service (DoS) attack?
- When the server shuts down due to a power failure
- When data is lost because a log file has filled up a mount point on the server
- When the server is flooded with requests that deny users access to the server
- When the root password is breached, and the files are corrupted and deleted by an attacker
One of the earliest types of ciphers was the Caesar cipher. What was its purpose, and what method of encryption did it use?
- It was used to send secret messages to Caesar’s allies, and was based on hiding messages in plain sight
- It was used to send military messages, and was based on substitution using a predetermined shift number
- It was used to conceal the location of government officials, and was based on scrambled messages on a map
- It was used to hide the location of gold reserves, and was based on the transposition or rearrangement of letters
The goal of cryptography is to protect which of the following?
- The availability of information and the confidentiality of systems
- The availability of information and the authentication of data and systems
- The most highly compartmentalized, secure data in an information system
- The confidentiality and integrity of information and provide a means for authentication
Which of the following is a difference between symmetric and asymmetric key algorithms?
- Symmetric key algorithms are slower than asymmetric key algorithms
- Symmetric key algorithms were replaced by asymmetric key algorithms to provide for better security
- Symmetric key algorithms are typically used for smaller amounts of data than are asymmetric key algorithms
- Symmetric key algorithms provide for confidentiality and authenticity, while asymmetric key algorithms provide for confidentiality and non-repudiation
The Rivest cipher (RC2) was developed in the 1980s and replaced DES. How was RC2 a stronger cipher?
- RC2 had a larger key size, which provided stronger encryption
- DES had a variable key size, causing it to be weaker than RC2
- DES was cracked and RC2 was not, proving that RC2 was the stronger cipher
- RC2 had a smaller key size, which allowed it to encrypt more quickly than DES
A hashing algorithm produces a message digest. The attributes of a message digest are
- simple to compute, cannot be reversed, small changes to the input produces large changes to the output
- difficult to compute, cannot be reversed, small changes to the input produces large changes to the output
- simple to compute and reversible
- difficult to compute and reversible
Why is access control needed in information systems?
- To prevent authorized users from launching system attacks and stealing classified data
- To guide black-hat hackers to honeypots to gather information about their intent and tactics
- To allow white-hat hackers to perform penetration tests on systems to ensure system security
- To prevent unauthorized use of data or to prevent data from being used in an unauthorized manner
Which of the following is an example of the concept of least privilege?
- Granting a user the privileges necessary only to accomplish assigned duties
- Granting a user the minimum amount of privileges and then increasing privileges as needed
- Granting a user maximum privileges and then removing privileges not in use by monitoring those privileges over time
- Granting a user the minimum amount of privileges and then removing those privileges the user is not actively working
Why is discretionary access control (DAC) called discretionary and mandatory access control (MAC) called non-discretionary?
- DAC provides for security discretion, while MAC does not
- DAC uses discretionary file labels, while MAC uses mandatory file labels
- DAC access is based on the discretion of the owner, while in MAC it is based on security labels
- DAC is based on the discretion of the user, and MAC is based on predetermined rules that cannot be changed
What is the difference between role-based access control (RBAC) and rule-based (RB-RBAC) access control?
- RBAC is discretionary access while RB-RBAC is non-discretionary access
- RBAC is based on assigned tasks of an employee, while RB-RBAC is based on specified parameters
- RBAC is based on the employees security level, while RB-RBAC is based on the IP address of the user
- RBAC is restricts access based on least privilege, and RB-RBAC provides access based on core work hours
Which of the following is an example of token-based authentication?
- Scanning an index finger for entry onto a machine room floor
- Providing a facial recognition scan for access to an application on a cell phone
- After entering identification information, an application sends a text with a verification code
- Entering a username and password to log into an application after obtaining access to the computer system
Why is “something you know” the most vulnerable type of authentication?
- Because it can be copied and reused
- Because it is in the form of a token that can be lost
- Because it is vulnerable to social engineering and brute-force attacks
- Because it can result in either type I or type II errors that will cause authentication to fail
How is multifactor authentication more secure than single-factor authentication?
- The password is kept secret and encrypted, which requires hackers to have a decryption key
- Hackers must find where to enter the password not once, but twice to gain access to the system
- It encrypts the password twice using two different algorithms, instead of once like in single-factor
- If a password is discovered, the hacker cannot access the system unless another piece of information is obtained
If employees at a company are seen writing passwords down and explain that it is because they have too many passwords to remember, what is a reasonable solution for an information security professional?
- Implement single sign-on (SSO) technology
- Force an immediate password change on all systems
- Allow employees to use one password for all applications
- Report the employees to upper management for acceptable use policy infringement
In Kerberos, once a session is set up through the key distribution center (KDC), how do the procedures differ for the second session?
- The next session is not possible, since only one session is allowed
- Subsequent sessions after the first session are faster and do not involve the KDC
- Subsequent sessions after the first session authenticate using the same process involving the KDC
- The next session after the first session is more complex, because a different authentication process must be used
Lightweight Directory Access Protocol (LDAP) uses short abbreviations for data, such as ou and dn, and arranges data in a hierarchical manner. Which of the following does this allow LDAP to do?
- Authenticate using a third-party server
- Provide for authentication, authorization, and accounting
- A downward categorization of pUse two parts, the authentication server and the ticket-granting server
- Portray relationships between people, departments, and organizationsasswords and usernames
Which of the following is a difference between Terminal Access Controller Access Control System (TACACS+) and Remote Authentication Dial-In User Service (RADIUS)?
- RADIUS encrypts passwords, while TACACS+ encrypts all communication
- RADIUS is a proprietary protocol, while TACACS+ is an open standard protocol
- RADIUS is used for device administration, while TACACS+ is used for network access
- RADIUS separates authentication, authorization, and accountability, while TACACS+ combines all three
How is a man-in-the-middle (MITM) attack prevented in public key infrastructure (PKI)?
- By using a public key to encrypt a message and a private key to decrypt the message
- By the sender and receiver having trust that they are the appropriate sender and receiver
- By using a digital certificate issued by a trusted third party known as a certificate authority (CA)
- By verifying the email address of the sender for verification that ensures the message was from the expected sender
How can segmentation provide for network security?
- It protects the network from attack by creating an area between two firewalls
- It prevents attacks from spreading by confining them to a part of the network
- It ensures a user only accesses a single block of internet protocol (IP) addresses
- It provides for network redundancy in the case of failure by creating identical network segments
Which of the following best explains packet filtering?
- Packets are filtered using the criteria of accept, deny, or reject
- Groups of data are combined into a packet and filtered based on the state of the data
- Traffic is filtered according to how the packet that contains the data was formed
- Traffic is formed as packets with information about where and how it should be delivered in the header
Wireless networks transmit information using radio waves that are easy to intercept. Because of this, wireless networks today should be encrypted using which of the following current encryption standards for 802.11 networks?
- Asymmetrical encryption
- Wired Equivalent Privacy (WEP) using a key and the RC4 encryption algorithm
- Wi-Fi Protected Access 2 (WPA2), using Advanced Encryption Standard (AES)
- Wi-Fi Protected Access (WPA), using RC4 and Temporal Key Integrity Protocol (TKIP)
What is the advantage of using a network sniffer in conjunction with a honeypot?
- The sniffer can view what the attacker views
- The sniffer can stop the attack on the honeypot
- The sniffer provides the attackers username and password
- The sniffer can identify the internet protocol (IP) address of the attacker
What is one main difference between Transport Layer Security (TLS) and Secure Sockets Layer (SSL)?
- TLS is more cost-effective, while SSL is more secure
- TLS is an open community protocol, while SSL is proprietary
- TLS is technically sound, while SSL is more complex and difficult to configure
- TLS is expensive and requires specialized knowledge, while SSL can be used by anyone
What are some methods that can be used to harden a personal device such as an iPhone?
- Only use the device when necessary, remove all applications, and remove all personal data
- Turn Bluetooth on only when in use, do not jailbreak the device, and keep the device patched to the most current version
- Never connect the device to Wi-Fi or to another Bluetooth device, keep the device in airplane mode when not in use, and turn off location settings
- Avoid using the camera such as when using FaceTime, do not upload information into social networking sites, and lock the phone in a drawer when not in use
What does antivirus software do with infected files?
- Destroy them
- Send them to cloud storage
- Quarantine them and allow the user to repair, delete, or keep the file
- Place them in the trash folder and remove them when the folder is emptied
What are iptables and firewalls used for in a system?
- To open and close ports
- To apply patching updates
- To control traffic moving in and out of the network
- To direct information traffic to the correct destination
Scanners assess known vulnerabilities on a system by following a series of steps. What is the process that a scanner follows to find system vulnerabilities?
- Look for a backdoor to a system, and once they gain system access, look for username and password files
- Probe a system like a pen test to find vulnerabilities, and then compare those vulnerabilities to a list of known vulnerabilities
- Identify the operating system and services running on open ports, then check for vulnerabilities that are applicable to the specific service versions
- Gain system access and run commands from a database of system vulnerabilities to determine if vulnerabilities exist on the system, then produce a vulnerability report
How can detection be avoided by an intrusion detection system (IDS)?
- By modifying the header of a packet
- By using packet fragmentation or end-to-end encryption
- By using an application such as Snort to break the IDS code
- By using signature-based packets that will not be noticed by IDS
What type of intrusion detection system (IDS) would best detect zero-day attacks?
- Rule-based IDS
- Host-based IDS
- Anomaly-based IDS
- Signature-based IDS
What are some strengths of host-based intrusion detection systems (HIDS)?
- They can be used to replace iptables on a system
- They are inexpensive and require little maintenance
- They can verify the success of an attack and require no additional hardware
- They are simple to use and can work on systems where the configuration consistently changes
What characteristics of web application vulnerability scanners (WAVS) allow us to describe them as dynamic application security testing tools (DAST)?
- They test the application while it is being used
- They are always current as they are consistently being updated
- They are always active, scanning the application whether the application is off or on
- The scanner runs against every application on the system and not just the web application
Of the following, how might a camera be used that would cause a need for electronic data protection?
- Automatic traffic enforcement
- Thwarting or monitoring illegal activity
- Facial recognition and the movement of individuals
- Filming wild animals to learn about their hunting habits
What is the right to be forgotten that is provided by the General Data Protection Regulation (GDPR)?
- Individuals do not have to respond to requests for information and can block callers
- An individual has the right in certain situations to have their personal data erased without delay
- Individuals have the right to have their privacy data redacted from files so they can never be reviewed again
- When the appropriate type of request is made, an individual can view information stored on a system and delete specific privacy information themselves