CS406: Information Security Exam Quiz Answers
Question 1: How are threats and vulnerabilities different?
- Threats are the product of long-term vulnerabilities in a system
- Vulnerabilities are the cause of threats to information systems
- Threats are the possibility of an exploit, while vulnerabilities are system weaknesses
Question 2: When reviewing the risk management process at a newly formed organization, the information security professional notices that all the steps have not been considered as part of the process. The process includes framing and responding but should also include
- auditing and reporting risks
- controlling and identifying risks
- identifying and reporting risks
- assessing and monitoring risks
Question 3: What occurs in the preparation stage of the incident response process?
- Tools and resources are gathered and the incident response team is formed and trained
- A lessons-learned meeting is held to prepare the team based on the history of incidents within the organization
- Data is collected on the number of incidents, the time spent handling each incident, and an assessment of each incident
- A log is kept of evidence information, such as hostname, the person handling the evidence, the time and date of the incident, and the location of the evidence
Question 4: In addition to being a physical type of security control, illuminating a building by installing outside lights as a protective measure is also an example of which of the following kinds of security control?
- Compensating
- Detective
- Deterrent
- Preventive
Question 5: You want to prevent malicious email within a company by providing layered security, or defense-in-depth. Which of the following would be a good strategy for doing this?
- Have information technology professionals read all email before the email is viewed by the employees
- Provide security awareness training, install antivirus and antimalware email filters, and patch all company laptops
- Provide security awareness training, password-lock all laptops when not in use, and provide privacy screens for monitors
- Have the exchange mail server scan all incoming mail that passes the antivirus software and then have each department head review it before the mail is sent to employees
Question 6: A phishing email sent to all management level employees appears to have originated from the HR department. The email is asking for confidential information that could provide an attacker with usernames and passwords that will provide system access. What is the best way for ensuring that managers recognize the email as an attack and act appropriately?
- Encrypt all email that is authentic when addressing management
- Send out an email to notify management that the email is a phishing email
- Post a banner when the email application is opened that warns about phishing attacks
- Provide security awareness training to educate management and to modify their behavior
Question 7: COBIT 5 is a proprietary framework written by ISACA. What does it specify?
- How to mitigate risks identified in the risk management process
- Standards and best practices for information technology functions
- Processes for governance and management of information technology
- The guidelines for information technology as required in NIST SP 800-39
Question 8: Which of the following are hacktivists, insiders, and script kiddies examples of?
- Attacks
- Threats
- Threat agents
- Vulnerabilities
Question 9: What is the purpose of a dictionary attack, and what is the method of attack?
- To corrupt system data by inserting lists of common words and phrases
- To corrupt system data by inserting every possible combination of numbers
- To gain access to a system by using lists of common words and phrases
- To gain access to a system by using every possible combination of numbers
Question 10: You have received four emails from one of your acquaintances, Greg. Which of the following email addresses should make you suspicious that it is a spoofed email from Greg?
- greg@mit.edu
- greg@yahoo.com
- greg@irs.gmail.com
- greg@bankofamerica.com
Question 11: What kind of attack uses impersonation to gain information?
- Phishing
- Pretexting
- Tailgating
- Whaling
Question 12: Which type of attack could hijack a session or send a user to a malicious site to steal sensitive information?
- SQL injection
- Brute force attack
- Denial of service (DoS)
- Cross-site scripting (XSS)
Question 13: You come across a type of malicious code that encrypts a victim’s files and only restores the files when certain conditions are met. What kind of attack have you found?
- Adware
- Spyware
- Ransomware
- A polymorphic virus
Question 14: How does a denial of service (DoS) or a distributed denial of service (DDoS) attack a system?
- By remotely powering down a system
- By installing ransomware on a system
- By overloading a system with requests
- By using spyware to find system vulnerabilities
Question 15: One of the earliest types of ciphers was the Caesar cipher. What was its purpose, and what method of encryption did it use?
- It was used to send secret messages to Caesar’s allies, and was based on hiding messages in plain sight
- It was used to send military messages, and was based on substitution using a predetermined shift number
- It was used to conceal the location of government officials, and was based on scrambled messages on a map
- It was used to hide the location of gold reserves, and was based on the transposition or rearrangement of letters
Question 16: The goal of cryptography is to protect which of the following?
- The availability of information and the confidentiality of systems
- The availability of information and the authentication of data and systems
- The most highly compartmentalized, secure data in an information system
- The confidentiality and integrity of information and provide a means for authentication
Question 17: Which keys are shared in asymmetric key encryption and which keys, if any, are shared in symmetric key encryption?
- Asymmetric shares the public key; symmetric does not share a key
- Asymmetric shares the public key; symmetric shares the secret key
- Asymmetric shares the secret key; symmetric shares the public key
- Asymmetric shares the public and the private key; symmetric shares the secret key
Question 18: Which of the following are blowfish and two fish examples of?
- Block ciphers
- Hashing algorithms
- Encryption standards
- Asymmetric key algorithms
Question 19: What is the difference between a hash and a message authentication code (MAC) used in a hashed message authentication code (HMAC)?
- A hash has one input and a MAC has two inputs that includes a secret key
- A hash is a one-way encryption and a MAC includes a secret key
- A hash is an encrypted message and a MAC is an encrypted key
- A hash provides for encryption and decryption and a MAC is a one-way encryption
Question 20: Why is access control needed in information systems?
- To prevent authorized users from launching system attacks and stealing classified data
- To guide black-hat hackers to honeypots to gather information about their intent and tactics
- To allow white-hat hackers to perform penetration tests on systems to ensure system security
- To prevent unauthorized use of data or to prevent data from being used in an unauthorized manner
Question 21: What is the difference between permissions and rights?
- Rights can be changed, but permissions cannot
- Rights are what users have before permissions are assigned to them
- Rights are what a user can do, while permissions apply to a file or folder
- Permissions are assigned to files so that users with rights can read, write, or execute them
Question 22: Why is discretionary access control (DAC) called discretionary and mandatory access control (MAC) called non-discretionary?
- DAC provides for security discretion, while MAC does not
- DAC uses discretionary file labels, while MAC uses mandatory file labels
- DAC access is based on the discretion of the owner, while in MAC it is based on security labels
- DAC is based on the discretion of the user, and MAC is based on predetermined rules that cannot be changed
Question 23: What is the difference between role-based access control (RBAC) and rule-based (RB-RBAC) access control?
- RBAC is discretionary access while RB-RBAC is non-discretionary access
- RBAC is based on assigned tasks of an employee, while RB-RBAC is based on specified parameters
- RBAC is based on the employee’s security level, while RB-RBAC is based on the IP address of the user
- RBAC is restricts access based on least privilege, and RB-RBAC provides access based on core work hours
Question 24: Passwords are the most common form of authentication. What are some rules that should always be used to enforce password security?
- Passwords should include common words and the length be limited to be easier for users to remember
- Passwords should be stored in a file on the computer system in case the user forgets and password aging should be employed
- Passwords should be kept secret, be encrypted and hashed, and the number of attempts to enter a password should be limited
- Password length should be 16 characters or more and contain special characters that are created by the system administrator for the user
Question 25: During authentication, when could a user receive a type II error?
- When authenticating with something you are
- When authenticating with something you have
- When authenticating with something you know
- When authenticating with a combination of human factors
Question 26: How is multifactor authentication more secure than single-factor authentication?
- The password is kept secret and encrypted, which requires hackers to have a decryption key
- Hackers must find where to enter the password not once, but twice to gain access to the system
- It encrypts the password twice using two different algorithms, instead of once like in single-factor
- If a password is discovered, the hacker cannot access the system unless another piece of information is obtained
Question 27: If employees at a company are seen writing passwords down and explain that it is because they have too many passwords to remember, what is a reasonable solution for an information security professional?
- Implement single sign-on (SSO) technology
- Force an immediate password change on all systems
- Allow employees to use one password for all applications
- Report the employees to upper management for acceptable use policy infringement
Question 28: What is the purpose of the key distribution center (KDC) in Kerberos?
- To provide for authentication using asymmetric encryption
- To provide for authentication without sending the password over an insecure network
- To manage tickets that provide for private and public keys for encryption and decryption
- To manage passwords using encryption for secure transmission over insecure networks
Question 29: Which of the following best describes Lightweight Directory Access Protocol (LDAP)?
- A method of multi-factor authentication
- A token used to authenticate a user to a server
- A method of authentication used by directory services
- A directory database that is less secure as indicated by the term lightweight
Question 30: What type of encryption is used by public key infrastructure and by digital certificates?
- A version of encryption created by Diffee-Hellman specifically for PKI and digital certificates
- Symmetric encryption, which has two keys, one of which is used to create digital certificates
- A PKI encryption algorithm that produces two keys, and both keys are used to provide for digital certificates
- Asymmetric encryption, which has a public and private key, and digital certificates use the same private key
Question 31: How does network zoning protect for confidentiality?
- By using firewalls to protect zones from data being viewed by users of adjacent zones
- By separating network zones so that if one is breached there is no access to other zones
- By using multiple encryption methods so that if one zone is breached the data cannot be unencrypted in the other zones
- By using routers to route incoming traffic by internet protocol (IP) addresses away from the network to protect from intrusion
Question 32: Which of the following statements about the placement of a firewall is correct?
- For stateful inspection firewalls, the firewall should be on the perimeter; for stateless inspection, the firewall should be internal
- For a wide area network (WAN), the firewall should be internal; for a local area network (LAN), the firewall should be on the perimeter
- A stateless inspection firewall is slower to make a connection and is therefore on the perimeter; a stateful inspection firewall is faster and should be placed in a central location
- Stateless inspection firewalls offer better performance and should be on the perimeter; stateful inspection firewalls are faster to make connections and are used to connect two networks
Question 33: Many companies allow employees to bring your own device (BYOD) and use it to complete business tasks for the company. This cuts down on device cost for the employer, but it can also incur other costs. Why does the fact that mobile devices are compact and popular create a greater security risk?
- Employees may mix their personal information with the employer’s data on the device
- Employees may overuse bandwidth and prevent the employer from performing their primary function
- Employees might allow access to confidential employer data, or lose that data via theft or device loss
- Children and relatives of employees may use the device to play games or conduct other activities against the employer’s acceptable use policy (AUP)
Question 34: In what state would a system be considered completely secure and hardened from all threats and vulnerabilities?
- When the hard drive is encrypted
- When turned off and locked in a safe
- When kept in a secure area while in use
- When a password is used that can never be cracked
Question 35: Once antivirus software has been installed, what should occur to ensure that the antivirus software is working to protect the system?
- Manually run the software and delete all infected files
- Scan the system periodically and leave the antivirus software running
- Write a script to run the antivirus software and review the antivirus log files periodically
- Disconnect the system from the network and place the system in a secure location while running the software
Question 36: Which of the following best describes an operating system (OS) firewall?
- A set of iptables that lists ports that can accept or reject traffic
- A device that protects the system by filtering traffic into and out of the system
- A list of commands that are set to accept or deny and are not in any particular order
- An ordered list of information for comparison to determine if traffic is encrypted properly
Question 37: Scanners assess known vulnerabilities on a system by following a series of steps. What is the process that a scanner follows to find system vulnerabilities?
- Look for a backdoor to a system, and once they gain system access, look for username and password files
- Probe a system like a pen test to find vulnerabilities, and then compare those vulnerabilities to a list of known vulnerabilities
- Identify the operating system and services running on open ports, then check for vulnerabilities that are applicable to the specific service versions
- Gain system access and run commands from a database of system vulnerabilities to determine if vulnerabilities exist on the system, then produce a vulnerability report
Question 38: What is the correct placement of intrusion protection systems (IPS) and intrusion detection systems (IDS)?
- An IPS is placed within a firewall, while an IDS is placed at system endpoints
- An IPS is placed on servers, while an IDS is placed on the network on a router to protect system traffic
- An IPS is placed in-line with the traffic, while an IDS can be placed anywhere on the network segment or can have traffic forwarded to it to be analyzed
- An IPS is placed at system end points to analyze packets as they enter the system, while an IDS is placed on hosts to monitor the actions of system users and to protect files
Question 39: Network-based intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS) are both intrusion detection systems with the purpose of protecting against attackers. What differentiates NIDS from HIDS?
- NIDS is more expensive than HIDS, since it requires more hardware
- NIDS provides logs that are simpler to analyze than HIDS, so both are used together
- NIDS monitors network traffic, while HIDS monitors system activity on individual hosts on the network
- NIDS is more efficient and produces results quicker than HIDS, while HIDS provides more detailed results
Question 40: What is the purpose of a security incident and event management (SIEM) system?
- To repair a system after an incident occurs
- To close vulnerabilities to protect against incidents as they occur
- To accumulate information from network sensors and alert analysts of occurring incidents
- To scan and aggregate capabilities for many systems at one time so that skilled technicians are not required for monitoring
Question 41: Which of the following devices may cause a need for electronic data privacy protection?
- A radio-controlled fire truck presented as a child’s toy on his/her birthday
- A digital watch used to keep time and reveals to the owner that they are late for work
- A television remote control that controls more than one television and is used on a daily basis
- A health tracker that monitors sleep and can detect an illness that can be used by insurance companies
Question 42: The company’s network has recently had an increase in logged attacks. Management determines that they are not appropriately providing the network with the appropriate defense-in-depth steps as needed. Many company employees are teleworking and are remotely connecting to the network. Which of the following methods could the company use to provide a defense-in-depth strategy for the network?
- Patching and physical access control
- Firewalls and virtual private networks (VPNs)
- Firewalls and operating system (OS) antivirus software
- Security awareness training and revised access policies
Question 43: An organization with a high number of security incidents related to unintentional mistakes by personnel has recently seen a decline in security incidents. Management previously required information security professionals to take action to reduce the number of incidents related to personnel. Which of the following would most likely cause this result?
- Password changes due to forced resets
- Newly required two-factor authentication methods
- Behavioral changes due to security awareness training
- Enforced entry restrictions due to the hiring of front desk security personnel
Question 44: Which of the following best describes a spoofing attack?
- Communication that comes from known sources that is nefarious in nature
- Communication that is from unknown sources and should always be examined
- Communication from a known source that appears to be from an unknown source
- Communication from an unknown source that appears to be from a known source
Question 45: Many organizations require document shredding to prevent which of the following?
- Whaling attacks
- Phishing attacks
- Pretexting attacks
- Dumpster diving attacks
Question 46: What is the mechanism for cross-site scripting (XSS) attacks?
- Rootkits
- Spoofing
- Malicious code injection
- Password cracking software
Question 47: If you discover a program that has been installed by a hacker on a system that performs the expected function but also runs malicious code in the background, what kind of threat agent is it?
- A rootkit
- Spyware
- A logic bombs
- A Trojan horse
Question 48: Bob receives an email from Sally that has her digital signature, which is proof that the email was from Sally. The fact that Sally cannot deny that she sent the email is a goal of cryptography. Which of the following concepts does this example demonstrate?
- Validity
- Secrecy
- Non-repudiation
- Account availability
Question 49: Which of the following is a difference between symmetric and asymmetric key algorithms?
- Symmetric key algorithms are slower than asymmetric key algorithms
- Symmetric key algorithms were replaced by asymmetric key algorithms to provide for better security
- Symmetric key algorithms are typically used for smaller amounts of data than are asymmetric key algorithms
- Symmetric key algorithms provide for confidentiality and authenticity, while asymmetric key algorithms provide for confidentiality and non-repudiation
Question 50: The Rivest cipher (RC2) was developed in the 1980s and replaced DES. How was RC2 a stronger cipher?
- RC2 had a larger key size, which provided stronger encryption
- DES had a variable key size, causing it to be weaker than RC2
- DES was cracked and RC2 was not, proving that RC2 was the stronger cipher
- RC2 had a smaller key size, which allowed it to encrypt more quickly than DES
Question 51: Bob has the appropriate credentials and clearance to access a system. He is still not allowed access to the system because it does not directly relate to his job or position. What is this type of restriction?
- Confidential
- Need to know
- System rights
- Secret clearance
Question 52: In which of these scenarios should an organization choose rule-based access control (RB-RBAC) over role-based access control (RBAC)?
- When it wants to control access based on the job description of the users
- When it wants to control access from a discretionary perspective based on file ownership
- When it wants the controls to affect all users and does not want to use a control based on identity
- When it wants to control access to system files based on the need to know and the classification of the data
Question 53: Which of the following is an example of token-based authentication?
- Scanning an index finger for entry onto a machine room floor
- Providing a facial recognition scan for access to an application on a cell phone
- After entering identification information, an application sends a text with a verification code
- Entering a username and password to log into an application after obtaining access to the computer system
Question 54: What is an advantage of sign-on (SSO) technology?
- Its passwords are simpler and easier to remember
- It increases the speed of a system by reducing authentication processing times
- It allows a user to log in forever, thereby cutting down on the time needed for user authentication
- It reduces the number of requests for password changes and reduces time users spend authenticating
Question 55: Which of the following is a difference between Terminal Access Controller Access Control System (TACACS+) and Remote Authentication Dial-In User Service (RADIUS)?
- RADIUS encrypts passwords, while TACACS+ encrypts all communication
- RADIUS is a proprietary protocol, while TACACS+ is an open standard protocol
- RADIUS is used for device administration, while TACACS+ is used for network access
- RADIUS separates authentication, authorization, and accountability, while TACACS+ combines all three
Question 56: How is a man-in-the-middle (MITM) attack prevented in public key infrastructure (PKI)?
- By using a public key to encrypt a message and a private key to decrypt the message
- By the sender and receiver having trust that they are the appropriate sender and receiver
- By using a digital certificate issued by a trusted third party known as a certificate authority (CA)
- By verifying the email address of the sender for verification that ensures the message was from the expected sender
Question 57: Firewalls block and filter traffic according to firewall rules. How do firewall rules function?
- They are determined by the user sending or receiving the traffic
- They are matched from bottom to top and are rejected only if there is a match
- They are matched in sequence from first to last with an action of either accept, reject, or drop
- They are dropped or accepted depending on whether the traffic is incoming or outgoing traffic
Question 58: Connections between systems or organizations originally was done using leased lines through expensive T1 connections. Tunneling is now used to transmit data over public networks. What technology secures data in a tunnel?
- Hashing and salting
- Wrappers and hardening
- Obfuscation and encoding
- Encapsulation and encryption
Question 59: What are some methods that can be used to harden a personal device such as an iPhone?
- Only use the device, when necessary, remove all applications, and remove all personal data
- Turn Bluetooth on only when in use, do not jailbreak the device, and keep the device patched to the most current version
- Never connect the device to Wi-Fi or to another Bluetooth device, keep the device in airplane mode when not in use, and turn off location settings
- Avoid using the camera such as when using FaceTime, do not upload information into social networking sites, and lock the phone in a drawer when not in use
Question 60: When setting up iptables what is the most critical task?
- The syntax as incorrect syntax will be ignored
- The order of the rules as the first rule matching the traffic is used
- The drop and accept commands as the drop command is obeyed first
- The port numbers as the system will lose its connection to the administrator is improperly configured
Question 61: What is the difference between intrusion protection systems (IPS) and intrusion detection systems (IDS)?
- An IPS provides for detection, while an IDS prevents attacks
- An IPS corrects the damage done by an attacker, while an IDS detects an attack
- An IPS proactively reacts to prevent attacks, while an IDS provides for detection or after-the-fact technology
- An IPS resembles a firewall and blocks attacks, while an IDS resembles a honeypot and monitors an attacker
Question 62: What are some strengths of host-based intrusion detection systems (HIDS)?
- They can be used to replace iptables on a system
- They are inexpensive and require little maintenance
- They can verify the success of an attack and require no additional hardware
- They are simple to use and can work on systems where the configuration consistently changes
Question 63: What characteristics of web application vulnerability scanners (WAVS) allow us to describe them as dynamic application security testing tools (DAST)?
- They test the application while it is being used
- They are always current as they are consistently being updated
- They are always active, scanning the application whether the application is off or on
- The scanner runs against every application on the system and not just the web application
Question 64: Of the following, how might a camera be used that would cause a need for electronic data protection?
- Automatic traffic enforcement
- Thwarting or monitoring illegal activity
- Facial recognition and the movement of individuals
- Filming wild animals to learn about their hunting habits
Question 65: What is one main difference between the US Privacy Act of 1974 and the General Data Protection Regulation (GDPR)?
- They are similar, but the US Privacy Act of 1974 has been invalidated and is no longer in effect
- The US Privacy Act of 1974 differs from the GDPR in that it is not a law and all states do not have to adhere to its conditions
- The US Privacy Act of 1974 only provides protection to US citizens, but the GDPR protects privacy data for everyone when the data is collected in the European Union (EU)
- The US Privacy Act of 1974 protects the privacy data of US citizens outside the US, while the GDPR protects privacy data for members of the European Union (EU) while outside the EU
Question 66: When developing the risk management process, sources and methods used to acquire threat information in the risk framing step is the input to the next step in the risk management process. Consequently, subsequent steps provide input to the next step in the process. What is the progression or steps that follow the risk framing step?
- Risk assessment, risk monitoring, and risk reporting
- Risk assessment, risk response, and risk monitoring
- Risk valuation, risk monitoring, and risk reporting
- Risk identification, risk monitoring, and risk response
Question 67: Which of the following is an example of a type of control that is physical and a deterrent?
- A lock
- A fence
- A mantrap
- A motion detector
Question 68: You are talking with one of your acquaintances, and they ask you questions based on personal knowledge that could be used to obtain a password reset on your accounts. What would a good company security awareness training have to say about these kinds of social engineering attempts?
- Due to behavioral characteristics humans are the weakest link in security
- Since no one can be trusted, you should change your passwords every 60 days
- Since human nature is to be trusting, providing the information will usually not be an issue
- When something like this happens, you should call the police and inform them of an attack
Question 69: What is the purpose of the PCI DSS security framework?
- It is a standard for keeping credit card data safe and reducing fraud
- It is a standard for protecting businesses from liability from credit card fraud
- It is a standard that protects individuals from being overcharged by vendors
- It is a standard that protects vendors from the loss of money due to credit card fraud
Question 70: Which of the following are the possibility of a hurricane, tornado, loss of power, or data corruption examples of?
- Attacks
- Threats
- Threat agents
- Vulnerabilities
Question 71: What does a brute force attack do?
- Hijacks a session
- Uses a fake MAC address to spoof a device
- Attempts all possible password combinations
- Uses malformed information packets to shut down a system
Question 72: Which of the following kinds of systems are vulnerable to cross-site scripting (XSS) and SQL injection attacks?
- Networks
- Databases
- Web applications
- Operating systems
Question 73: During which of the following scenarios could a server potentially be under a denial of service (DoS) attack?
- When the server shuts down due to a power failure
- When data is lost because a log file has filled up a mount point on the server
- When the server is flooded with requests that deny users access to the server
- When the root password is breached, and the files are corrupted and deleted by an attacker
Question 74: What type of encryption is the Diffee-Hellman algorithm, and what is it based on?
- Asymmetric; based on a 16-digit number
- Asymmetric; based on prime numbers
- Symmetric; based on one-way encryption
- Symmetric; based on square numbers
Question 75: What should happen before a user is given access to system data?
- The user must identify and be declared trustworthy to access sensitive data
- The user must identify, prove their identity, and be authorized to access the data
- The user must enter a username and password and then request priority access to the data as needed
- The user’s system access should be checked to determine if the user should be provided access to the data
Question 76: Which of the following is an example of the concept of least privilege?
- Granting a user the privileges necessary only to accomplish assigned duties
- Granting a user the minimum amount of privileges and then increasing privileges as needed
- Granting a user maximum privilege and then removing privileges not in use by monitoring those privileges over time
- Granting a user the minimum amount of privileges and then removing those privileges the user is not actively working
Question 77: Bob is hired by a government agency to configure access control. Due to the type of agency where Bob is working, the data is primarily classified. What type of access control model should Bob use?
- Mandatory access control (MAC)
- Role-based access control (RBAC)
- Discretionary access control (DAC)
- Rule-based access control (RB-RBAC)
Question 78: What is the major concern of authenticating using “something you have”?
- It can be lost and used to authenticate someone other than the intended user
- It can be duplicated and used by a user other than the intended user
- It could have undetected errors and will not authenticate the intended user
- It is not secure because anyone can create the same device for authentication
Question 79: What type of authentication is used when entering a username or a password?
- Mutual authentication
- Single-factor authentication
- Two-factor authentication
- Multi-factor authentication
Question 80: Lightweight Directory Access Protocol (LDAP) uses short abbreviations for data, such as ou and dn, and arranges data in a hierarchical manner. Which of the following does this allow LDAP to do?
- Authenticate using a third-party server
- Provide for authentication, authorization, and accounting
- A downward categorization of two parts, the authentication server and the ticket-granting server
- Portray relationships between people, departments, and organizations passwords and usernames
Question 81: What is the advantage of a honeypot over a firewall?
- Firewalls protect a network’s perimeter, while a honeypot can identify internal threats
- Firewall settings cannot be changed once they are set, but honeypots can be changed at will
- More than one firewall must be on a system to secure it, while one honeypot is all that is needed
- Firewalls protect only incoming data, while a honeypot can protect both incoming and outgoing data
Question 82: What is the method used by a Security Incident and Event Management (SIEM) to provide data to a security professional?
- A SIEM collects logs from all systems on a network and attempts to correlate related security events
- A SIEM collects vulnerabilities from all systems on a network and categories them according to the level of risk
- A SIEM reviews security incidents and protects the system using event management techniques that avoids detection by attackers
- A SIEM manages security incidents on a network by alerting the administrator and patching systems to prevent an attack from being successful
Question 83: Smartphones have replaced many other devices, such as cameras, appointment books, and alarm clocks. Which of the following is an example of how smartphones have increased the need for electronic data privacy protection?
- They have caller ID, which identifies the caller’s phone number
- They use GPS or wireless network data to identify a user’s location
- Their lockscreen mechanisms are easy to break, and sensitive data can be accessed easily
- They store data unencrypted and transmit data in ways that can be intercepted by nearby attackers
Question 84: What is the right to be forgotten that is provided by the General Data Protection Regulation (GDPR)?
- Individuals do not have to respond to requests for information and can block callers
- An individual has the right in certain situations to have their personal data erased without delay
- Individuals have the right to have their privacy data redacted from files so they can never be reviewed again
- When the appropriate type of request is made, an individual can view information stored on a system and delete specific privacy information themselves
Question 85: The first denial of service (DoS) attack on an information system was caused by the Morris Worm. Due to these types of attacks, what did information system professionals start doing to protect the availability of systems?
- Brought in outside auditors to determine system vulnerabilities
- Used scanners to scan for vulnerabilities in the network and operating systems
- Changed system passwords and required all users to change their passwords as well
- Harden systems by patching regularly and installing antimalware and antivirus software
Question 86: John logs into a system and finds that he can view the personal data of other users in the system. Which tenet of information security has been broken in this system?
- Availability
- Confidentiality
- Integrity
- Privacy
Question 87: Which of the following types of assessment determines whether a tornado would be more destructive to a computer facility than an earthquake?
- Risk assessment
- Threat assessment
- Vulnerability assessment
- Environmental assessment
Question 88: Administrative controls are used as security measures for employees. When designing a defense-in-depth method using administrative controls, which of the following are the most appropriate controls?
- Computer patching and email scanning
- Telephone monitoring and building access
- Security awareness training and written policies
- Written procedures and non-disclosure agreements (NDAs)
Question 89: How do threats and threat agents differ?
- A threat protects against an exploit of a vulnerability, while a threat agent facilitates an attack
- A threat takes advantage of a vulnerability, while a threat agent protects against an exploit of a vulnerability
- A threat is the potential danger that a vulnerability may be exploited, while a threat agent facilitates an attack
- A threat exploits a vulnerability, while a threat agent facilitates an attack and takes advantage of a vulnerability
Question 90: There is no way to tell if a phone number is being spoofed. What is the best way to combat a phone number spoofing attack when the number displayed on the caller ID is unknown?
- Do not answer the call
- Call the number back after they call you
- Answer the call and respond briefly to questions
- Call the police when you know the number is spoofed
Question 91: What kind of attack happens when a person follows another person through a locked door?
- Whaling
- Phishing
- Tailgating
- Shoulder surfing
Question 92: Why are backdoors created by software developers considered dangerous?
- They allow attackers to ransom the application once it is in use
- They can cause a buffer overflow attack on the system that hosts the application
- They allow for a secret, unauthorized way to access an application after the software has been designed
- They automatically launch an escalation of privilege attack once the application is in use and the timing of the attack is unknown
Question 93: Which of the following is an advantage of asymmetric key algorithms over symmetric key algorithms?
- Faster encryption
- Easier key distribution
- Allow for session keys
- Less expensive to develop
Question 94: What is the primary advantage of using mandatory access control (MAC) over discretionary access control (DAC)?
- MAC is less costly than DAC
- MAC is more secure than DAC
- MAC is easier to scale than DAC
- MAC is simpler to implement than DAC
Question 95: In Kerberos, once a session is set up through the key distribution center (KDC), how do the procedures differ for the second session?
- The next session is not possible, since only one session is allowed
- Subsequent sessions after the first session are faster and do not involve the KDC
- Subsequent sessions after the first session authenticate using the same process involving the KDC
- The next session after the first session is more complex, because a different authentication process must be used
Question 96: If Remote Authentication Dial-In User Service (RADIUS) uses encryption, unlike Diameter, how can Diameter be said to be more secure than RADIUS?
- Diameter uses public key infrastructure (PKI) to protect data
- Diameter uses a new, secret method of scrambling data that is better than encryption
- Diameter is protected by internet protocol security (IPsec) or transport layer security (TLS)
- Diameter has a built-in scrambling technique that is not considered encryption as well as firewalls
Question 97: Network redundancy provides for network reliability. What does it mean to have network redundancy?
- Two full networks run in tandem; if one fails, traffic is sent to the other
- When the network fails, there is an alternate network path to route data
- The network is straightforward and allows for one reliable main network path
- When the network fails, data is stored as a backup until the network can be restored
Question 98: Which of the following best explains packet filtering?
- Packets are filtered using the criteria of accept, deny, or reject
- Groups of data are combined into a packet and filtered based on the state of the data
- Traffic is filtered according to how the packet that contains the data was formed
- Traffic is formed as packets with information about where and how it should be delivered in the header
Question 99: What do websites use Hypertext Transfer Protocol Secure (HTTPS) for?
- To ensure data is not inadvertently modified
- To ensure transmitted information is encrypted
- To provide the fastest method of data transport
- To protect data from a man-in-the-middle attack
Question 100: What are some methods that system administrators might use to harden a server?
- Use iptables to reject all traffic
- Turn off all applications and remove all user accounts
- Turn off telnet, disable unnecessary services, and patch regularly
- Close all ports and reject all virtual private network (VPN) connections
Question 101: Why is antimalware needed in addition to antivirus software?
- To create honeypots that quarantine malware
- To detect polymorphic code that is unique to every attack
- To allow for a more comprehensive database for signature comparison
- To allow for the use of antivirus software, since antivirus is part of antimalware
Question 102: Security Content Automation Protocol (OpenSCAP) is the open-source tool that is recommended by the National Institute of Standards and Technology (NIST) Special Publication 800-126. What is the purpose of this tool?
- To define all possible vulnerabilities for an operating system (OS)
- To close all vulnerabilities that can occur on an operating system (OS)
- To provide a database of system vulnerabilities that can be updated and edited
- To find vulnerabilities and configuration errors on either a Windows or a Linux system
Question 103: What are the advantages and disadvantages of signature-based IDS?
- New attacks can be detected, but signatures are difficult to accumulate
- A system can quickly compare signatures, but the signatures can arbitrarily change
- Signatures are difficult to fake and can be provided digitally, but the database of signatures is difficult to maintain
- There are low false positives, but it is difficult to compare large volumes of packets to the entire signature database
Question 104: What type of intrusion detection should be used to detect for back door attacks?
- Host-based intrusion detection systems
- Network-based intrusion detection systems
- Anomaly-based intrusion detection systems
- Signature-based intrusion detection systems
Question 105: How has the European General Data Protection Regulation (GDPR) affected privacy regulations around the world?
- Since it has been approved and enforced by the United Nations (UN), UN members are now required to enact similar laws in their countries
- It has increased EU countries’ tax revenue to such a degree that other countries are considering similar data privacy laws
- It addresses the protection of personal data of EU members even when data is maintained outside the EU, so it is slowly being adopted by other countries
- It provides online privacy protection for EU members while inside the EU, and other countries’ citizens have overwhelmingly asked that their home governments adopt similar laws
Introduction to Information Security
Information Security is a broad field focused on protecting information from unauthorized access, disclosure, modification, or destruction. It encompasses various strategies, practices, and technologies designed to ensure the confidentiality, integrity, and availability of information. Here are some key aspects of Information Security:
- Confidentiality: Ensuring that information is only accessible to those who are authorized to see it. This often involves encryption, access controls, and secure authentication mechanisms.
- Integrity: Ensuring that information is accurate and has not been tampered with. Integrity is maintained through hashing, digital signatures, and checksums.
- Availability: Ensuring that information and systems are available to authorized users when needed. This involves implementing redundant systems, backups, and disaster recovery plans.
- Authentication: Verifying the identity of users or systems before granting access. Common methods include passwords, multi-factor authentication (MFA), and biometrics.
- Authorization: Determining what actions an authenticated user or system is permitted to perform. This involves setting up permissions and access controls.
- Risk Management: Identifying, assessing, and mitigating risks to information security. This includes conducting risk assessments and implementing controls to minimize potential threats.
- Incident Response: Developing and executing plans to respond to security breaches or other incidents. This includes detecting, analyzing, and recovering from incidents.
- Compliance: Adhering to relevant laws, regulations, and standards related to information security, such as GDPR, HIPAA, or ISO/IEC 27001.
- Security Awareness Training: Educating employees and stakeholders about security best practices and how to recognize and respond to potential threats.
- Physical Security: Protecting physical access to information systems and infrastructure, such as data centers and server rooms.
The field of Information Security is dynamic and continually evolving to address new threats and technologies. Staying current with best practices and emerging trends is crucial for effective information protection.