Which network tool recognizes common networking-related security problems and reports the problems without actually exploiting them?
Which of the following type of program is also commonly referred to as a Trojan horse?
Which type of virus targets computer hardware and software startup functions?
Which attack exploits a vulnerability in Domain Name System (DNS) server software?
Which of the following is the strongest form of wireless security and is easy to implement?
Which type of virus uses a number of techniques to conceal itself from users and from detection software, and can hide the fact that an infected file is bigger than it used to be?
Identify the OSI reference model layer that handles end-to-end communication maintenance.
Which defense-in-depth layer involves the use of chokepoints?
A(n) is a network of compromised computers that attackers use to launch attacks and spread malware.
Which firewall topology supports the implementation of a DMZ?
Identify the OSI reference model layer that deals with physical addressing and LAN delivery. Flow control and error checking take place at this layer.
Which of the following helps reduce network eavesdropping?
What does a “screened subnet” refer to?
Which of the following is a TCP/IP protocol that provides a computer with an IP address, subnet mask, and other essential communication information?
Which of the following would you not expect to find on a large network?
How do worms propagate to other systems?
Which of the following is not a form of Wi-Fi encryption?
A(n) is a network of compromised computers that attackers use to launch attacks and spread malware.
List the three major VPN technologies in use today, and define one of them.
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?
Which one of the following is NOT a market driver for the Internet of Things (IoT)?
“With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN’s current network?”
“Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?”
Which one of the following is typically used during the identification phase of a remote access connection?
What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access?
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?
What is the difference between information security and information systems security?
List three UC application types supported by session initiation protocol (SIP).
Which of the following is not a common threat to the tenets of C-I-A?
Which domain of a typical IT infrastructure is primarily affected by weak endpoint security on *a. VPN client?
You have determined that the cost of an encrypted network connection between your internal database server and internal application server outweighs the likelihood of an attacker accessing the network connection. Which risk management technique are you most likely to use?
Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?
What is accomplished during the response-planning step in a risk management process?
Which of the following uses relative ranking to determine risk responses?
Which tool helps you ensure your organization is satisfying its security policies?
Which of the following terms refers to the likelihood of exposure to danger?
Write out what the acronyms BCP and DRP stand for, and explain the difference between them.
Explain what happens during a replay attack.
Regarding access control policy management, which of the following is not considered a central element of access?
What is a degausser used for?
Which of the following access control models is based on a mathematical theory published in 1989 to ensure fair competition?
Which of the following is a type of authentication?
Of the following types of biometrics, which one has the longest response time and is therefore not popular in everyday use?
Which of the following types of authentication is the oldest and most common method but also the weakest?
Which of the following is not a primary type of authentication?
Which type of biometrics measures dwell time and flight time, and lends itself well to two-factor authentication?
Which access control model was designed for use in business and prohibits authorized users from making improper changes?
List the four parts of access control, and define two of them.
Which of the following is the likelihood that something bad will happen to an asset?
What is a characteristic of analog communications?
What is the result of the risk identification step in a risk management process?
What is typically the first step in a risk management process?
Which of the following is an action that could damage an asset?
Which technology of the following supports the convergence of voice, video, and data communication streams across a split channel?
Which of the following uses mathematical formulas and numbers to rank risk severity?
Which of the following is an example of a store-and-forward communication?
The key to protecting assets from the risk of attack is to eliminate or address as many as possible.
A scammer posing as an IT support technician sends an e-mail to several employees at a credit union. The e-mail prompts for a logon ID and password to the company server. What type of attack is being described?
What is a primary benefit of frame relay?
You are configuring several smartphones for access to the company’s internal network via the Internet. Which IT domain is most affected?
What is a characteristic of VoIP?
Regarding a disaster recovery plan, which of the following takes the least amount of switchover time?
An AUP is part of a layered approach to security and it supports confidentiality. What else supports confidentiality?
A(n) provides a consistent definition for how an organization should handle and secure different types of data.
In which domain of a typical IT infrastructure do service level agreements (SLAs) figure prominently?
Which of the following should be the first priority in any business continuity plan?
Which of the following is the most important part of successfully transitioning from a brick-and-mortar business to an e-commerce business?
Which of the following is not a type of disaster recovery plan test?
Which law requires all types of financial institutions to protect customers’ private financial information?
Which of the following is usually associated with a phishing Web site?
Which networking technology was the first mainstream method for connecting to the Internet?
Instructions for responding to the following would be included in an organization’s BCP but not a DRP.
What is phreaking most often associated with?
What is the risk equation?
Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect?
In which type of attack does a person, program, or computer disguise itself as another person, program, or computer to gain access to a resource?
What tenet of information systems security is concerned with the recovery time objective (RTO)?
Write out the risk equation.
List three techniques or policies that can be used to reduce the impact of social engineering attacks at an organization.
Explain why software manufacturers require the End User License Agreement (EULA).
Which of the following provides best practices for IT management and was created for ISA, ISACA, and ITGI?
Identify a drawback of log monitoring.
During a security audit, for what reason does an auditor review risk analysis output?
Which of the following is a process for verifying policy compliance?
Which of the following is not a general category of data permission level?
During a security audit, for what reason does an auditor review host logs?
When defining an audit plan for IT security, what is the first step that must be done?
What is a characteristic of a hardened computer or device?
Provide an example of both a real-time monitoring tool and a non-real-time monitoring tool.
List the four most common permission levels, and define two.
Which of the following is generally not a type of emerging threat?
You have 50 computers that are valued at $1,000 each. You lose three computers each year to theft. You can purchase computer locks for each computer that cost $10 each, reducing the number of computers lost to theft each year to one. What is the ARO if you purchase and install the locks?
Identify a security objective that binds a message or data to a specific entity and adds value to relationships between businesses.
Which of the following is a mechanism for accomplishing confidentiality, integrity, authentication, and nonrepudiation?
Which of the following helps keep critical business processes running during a disaster?
In which type of cipher attack does the cryptanalyst have access only to a segment of encrypted data, and has no choice as to what that data may be. An example is the cryptogram in some daily newspapers.
Which of the following is a specific type of countermeasure?
What is a common reason for not completely eliminating a risk?
List the four security goals of cryptography.
List the four basic forms of cryptographic attack.