Quix10 - D7 - 50Q

Description

Good Luck!
Requiemdust Sheena
Quiz by Requiemdust Sheena, updated more than 1 year ago
Requiemdust Sheena
Created by Requiemdust Sheena over 4 years ago
242
0

Resource summary

Question 1

Question
Joe wants to test a program he suspects may contain malware. What technology can he use to isolate the program while it runs?
Answer
  • A. ASLR
  • B. Sandboxing
  • C. Clipping
  • D. Process isolation

Question 2

Question
Which one of the following is an example of a manmade disaster?
Answer
  • A. Hurricane
  • B. Flood
  • C. Mudslide
  • D. Transformer failure

Question 3

Question
Which of the following is not true about the (ISC)2 code of ethics?
Answer
  • A. Adherence to the code is a condition of certification.
  • B. Failure to comply with the code may result in revocation of certification.
  • C. The code applies to all members of the information security profession.
  • D. Members who observe a breach of the code are required to report the possible violation.

Question 4

Question
Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing?
Answer
  • A. Need to know
  • B. Least privilege
  • C. Two-person control
  • D. Transitive trust

Question 5

Question
Which one of the following is not a basic preventative measure that you can take to protect your systems and applications against attack?
Answer
  • A. Implement intrusion detection and prevention systems.
  • B. Maintain current patch levels on all operating systems and applications.
  • C. Remove unnecessary accounts and services.
  • D. Conduct forensic imaging of all systems.

Question 6

Question
Tim is a forensic analyst who is attempting to retrieve information from a hard drive. It appears that the user attempted to erase the data, and Tim is trying to reconstruct it. What type of forensic analysis is Tim performing?
Answer
  • A. Software analysis
  • B. Media analysis
  • C. Embedded device analysis
  • D. Network analysis

Question 7

Question
Which one of the following is an example of a computer security incident?
Answer
  • A. Completion of a backup schedule
  • B. System access recorded in a log
  • C. Unauthorized vulnerability scan of a file server
  • D. Update of antivirus signatures

Question 8

Question
Which one of the following technologies would provide the most automation of an inventory control process in a cost-effective manner?
Answer
  • A. IPS
  • B. WiFi
  • C. RFID
  • D. Ethernet

Question 9

Question
Connor’s company recently experienced a denial of service attack that Connor believes came from an inside source. If true, what type of event has the company experienced?
Answer
  • A. Espionage
  • B. Confidentiality breach
  • C. Sabotage
  • D. Integrity breach

Question 10

Question
What type of attack is shown in the following figure?
Answer
  • A. SYN flood
  • B. Ping flood
  • C. Smurf
  • D. Fraggle

Question 11

Question
Florian is building a disaster recovery plan for his organization and would like to determine the amount of time that a particular IT service may be down without causing serious damage to business operations. What variable is Florian calculating?
Answer
  • A. RTO
  • B. MTD
  • C. RPO
  • D. SLA

Question 12

Question
Which one of the following statements best describes a zero-day vulnerability?
Answer
  • A. An attacker who is new to the world of hacking
  • B. A database attack that places the date 00/00/0000 in data tables in an attempt to exploit flaws in business logic
  • C. An attack previously unknown to the security community
  • D. An attack that sets the operating system date and time to 00/00/0000 and 00:00:00

Question 13

Question
Which one of the following is not a canon of the (ISC)2 code of ethics?
Answer
  • A. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • B. Promptly report security vulnerabilities to relevant authorities.
  • C. Act honorably, honestly, justly, responsibly, and legally.
  • D. Provide diligent and competent service to principals.

Question 14

Question
During an incident investigation, investigators meet with a system administrator who may have information about the incident but is not a suspect. What type of conversation is taking place during this meeting?
Answer
  • A. Interview
  • B. Interrogation
  • C. Both an interview and an interrogation
  • D. Neither an interview nor an interrogation

Question 15

Question
What technique has been used to protect the intellectual property in the following image?
Answer
  • A. Steganography
  • B. Clipping
  • C. Sampling
  • D. Watermarking

Question 16

Question
You are working to evaluate the risk of flood to an area and consult the flood maps from the Federal Emergency Management Agency (FEMA). According to those maps, the area lies within a 200-year flood plain. What is the annualized rate of occurrence (ARO) of a flood in that region?
Answer
  • A. 200
  • B. 0.01
  • C. 0.02
  • D. 0.005

Question 17

Question
Which one of the following individuals poses the greatest risk to security in most well-defended organizations?
Answer
  • A. Political activist
  • B. Malicious insider
  • C. Script kiddie
  • D. Thrill attacker

Question 18

Question
Veronica is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an offsite location each night. What type of database recovery technique is the consultant describing?
Answer
  • A. Remote journaling
  • B. Remote mirroring
  • C. Electronic vaulting
  • D. Transaction logging

Question 19

Question
When designing an access control scheme, Hilda set up roles so that the same person does not have the ability to provision a new user account and assign superuser privileges to an account. What information security principle is Hilda following?
Answer
  • A. Least privilege
  • B. Separation of duties
  • C. Job rotation
  • D. Security through obscurity

Question 20

Question
Reggie recently received a letter from his company’s internal auditors scheduling the kickoff meeting for an assessment of his group. Which of the following should Reggie not expect to learn during that meeting?
Answer
  • A. Scope of the audit
  • B. Purpose of the audit
  • C. Expected timeframe
  • D. Expected findings

Question 21

Question
Which one of the following events marks the completion of a disaster recovery process?
Answer
  • A. Securing property and life safety
  • B. Restoring operations in an alternate facility
  • C. Restoring operations in the primary facility
  • D. Standing down first responders

Question 22

Question
Melanie suspects that someone is using malicious software to steal computing cycles from her company. Which one of the following security tools would be in the best position to detect this type of incident?
Answer
  • A. NIDS
  • B. Firewall
  • C. HIDS
  • D. DLP

Question 23

Question
Brandon observes that an authorized user of a system on his network recently misused his account to exploit a system vulnerability against a shared server that allowed him to gain root access to that server. What type of attack took place?
Answer
  • A. Denial of service
  • B. Privilege escalation
  • C. Reconnaissance
  • D. Brute force

Question 24

Question
Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained new privileges associated with that position, but no privileges were ever taken away. What concept describes the sets of privileges she has accumulated?
Answer
  • A. Entitlement
  • B. Aggregation
  • C. Transitivity
  • D. Isolation

Question 25

Question
During what phase of the incident response process do administrators take action to limit the effect or scope of an incident?
Answer
  • A. Detection
  • B. Response
  • C. Mitigation
  • D. Recovery

Question 26

Question
Ann is a security professional for a midsized business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization’s intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic. At this point in the incident response process, what term best describes what has occurred in Ann’s organization?
Answer
  • A. Security occurrence
  • B. Security incident
  • C. Security event
  • D. Security intrusion

Question 27

Question
handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization’s intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic. Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typically uses this port?
Answer
  • A. DNS
  • B. SSH/SCP
  • C. SSL/TLS
  • D. HTTP

Question 28

Question
Ann is a security professional for a midsized business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization’s intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic. As Ann analyzes the traffic further, she realizes that the traffic is coming from many different sources and has overwhelmed the network, preventing legitimate uses. The inbound packets are responses to queries that she does not see in outbound traffic. The responses are abnormally large for their type. What type of attack should Ann suspect?
Answer
  • A. Reconnaissance
  • B. Malicious code
  • C. System penetration
  • D. Denial of service

Question 29

Question
Ann is a security professional for a midsized business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization’s intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic. Now that Ann understands that an attack has taken place that violates her organization’s security policy, what term best describes what has occurred in Ann’s organization?
Answer
  • A. Security occurrence
  • B. Security incident
  • C. Security event
  • D. Security intrusion

Question 30

Question
Gordon suspects that a hacker has penetrated a system belonging to his company. The system does not contain any regulated information, and Gordon wishes to conduct an investigation on behalf of his company. He has permission from his supervisor to conduct the investigation. Which of the following statements is true?
Answer
  • A. Gordon is legally required to contact law enforcement before beginning the investigation.
  • B. Gordon may not conduct his own investigation.
  • C. Gordon’s investigation may include examining the contents of hard disks, network traffic, and any other systems or information belonging to the company.
  • D. Gordon may ethically perform “hack back” activities after identifying the perpetrator.

Question 31

Question
Frank is seeking to introduce a hacker’s laptop in court as evidence against the hacker. The laptop does contain logs that indicate the hacker committed the crime, but the court ruled that the search of the apartment that resulted in police finding the laptop was unconstitutional. What admissibility criteria prevents Frank from introducing the laptop as evidence?
Answer
  • A. Materiality
  • B. Relevance
  • C. Hearsay
  • D. Competence

Question 32

Question
Which one of the following tools provides an organization with the greatest level of protection against a software vendor going out of business?
Answer
  • A. Service level agreement
  • B. Escrow agreement
  • C. Mutual assistance agreement
  • D. PCI DSS compliance agreement

Question 33

Question
Fran is considering new human resources policies for her bank that will deter fraud. She plans to implement a mandatory vacation policy. What is typically considered the shortest effective length of a mandatory vacation?
Answer
  • A. Two days
  • B. Four days
  • C. One week
  • D. One month

Question 34

Question
Which of the following events would constitute a security incident? 1. An attempted network intrusion 2. A successful database intrusion 3. A malware infection 4. A violation of a confidentiality policy 5. An unsuccessful attempt to remove information from a secured area
Answer
  • A. 2, 3, and 4
  • B. 1, 2, and 3
  • C. 4 and 5
  • D. All of the above

Question 35

Question
Which one of the following traffic types should not be blocked by an organization’s egress filtering policy?
Answer
  • A. Traffic destined to a private IP address
  • B. Traffic with a broadcast destination
  • C. Traffic with a source address from an external network
  • D. Traffic with a destination address on an external network

Question 36

Question
Allie is responsible for reviewing authentication logs on her organization’s network. She does not have the time to review all logs, so she decides to choose only records where there have been four or more invalid authentication attempts. What technique is Allie using to reduce the size of the pool?
Answer
  • A. Sampling
  • B. Random selection
  • C. Clipping
  • D. Statistical analysis

Question 37

Question
You are performing an investigation into a potential bot infection on your network and wish to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet. You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information?
Answer
  • A. Packet captures
  • B. Netflow data
  • C. Intrusion detection system logs
  • D. Centralized authentication records

Question 38

Question
Which one of the following tools helps system administrators by providing a standard, secure template of configuration settings for operating systems and applications?
Answer
  • A. Security guidelines
  • B. Security policy
  • C. Baseline configuration
  • D. Running configuration

Question 39

Question
What type of disaster recovery test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and running?
Answer
  • A. Full interruption test
  • B. Parallel test
  • C. Checklist review
  • D. Tabletop exercise

Question 40

Question
During which phase of the incident response process would an analyst receive an intrusion detection system alert and verify its accuracy?
Answer
  • A. Response
  • B. Mitigation
  • C. Detection
  • D. Reporting

Question 41

Question
In what virtualization model do full guest operating systems run on top of a virtualization platform?
Answer
  • A. Virtual machines
  • B. Software-defined networking
  • C. Virtual SAN
  • D. Application virtualization

Question 42

Question
What level of RAID is also known as disk mirroring?
Answer
  • A. RAID-0
  • B. RAID-1
  • C. RAID-5
  • D. RAID-10

Question 43

Question
Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on port 22. What type of scanning is the outsider likely engaging in?
Answer
  • A. FTP scanning
  • B. Telnet scanning
  • C. SSH scanning
  • D. HTTP scanning

Question 44

Question
The historic ping of death attack is most similar to which of the following modern attack types?
Answer
  • A. SQL injection
  • B. Cross-site scripting
  • C. Buffer overflow
  • D. Brute-force password cracking

Question 45

Question
Roger recently accepted a new position as a security professional at a company that runs its entire IT infrastructure within an IaaS environment. Which one of the following would most likely be the responsibility of Roger’s firm?
Answer
  • A. Configuring the network firewall
  • B. Applying hypervisor updates
  • C. Patching operating systems
  • D. Wiping drives prior to disposal

Question 46

Question
What technique can application developers use to test applications in an isolated virtualized environment before allowing them on a production network?
Answer
  • A. Penetration testing
  • B. Sandboxing
  • C. White box testing
  • D. Black box testing

Question 47

Question
Gina is the firewall administrator for a small business and recently installed a new firewall. After seeing signs of unusually heavy network traffic, she checked the intrusion detection system, which reported that a SYN flood attack was under way. What firewall configuration change can Gina make to most effectively prevent this attack?
Answer
  • A. Block SYN from known IPs.
  • B. Block SYN from unknown IPs.
  • C. Enable SYN-ACK spoofing at the firewall.
  • D. Disable TCP.

Question 48

Question
Renee is a software developer who writes code in Node.js for her organization. The company is considering moving from a self-hosted Node.js environment to one where Renee will run her code on application servers managed by a cloud vendor. What type of cloud solution is Renee’s company considering?
Answer
  • A. IaaS
  • B. CaaS
  • C. PaaS
  • D. SaaS

Question 49

Question
What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains?
Answer
  • A. Transitive trust
  • B. Inheritable trust
  • C. Nontransitive trust
  • D. Noninheritable trust

Question 50

Question
Timber Industries recently got into a dispute with a customer. During a meeting with his account representative, the customer stood up and declared, “There is no other solution. We will have to take this matter to court.” He then left the room. When does Timber Industries have an obligation to begin preserving evidence?
Answer
  • A. Immediately
  • B. Upon receipt of a notice of litigation from opposing attorneys
  • C. Upon receipt of a subpoena
  • D. Upon receipt of a court order
Show full summary Hide full summary

Similar

CHEMISTRY C1 4
x_clairey_x
OCR Physics P2 revision cards
Alex Howard
GCSE REVISION TIMETABLE
TheJileyProducti
Research Methods
Joanna Griffith
Unit 1 Cells, exchange and transport (F211) - cells
Jenni
Jane Eyre
sennahlee
PE - GCSE Glossary
rjapmann
GCSE History – The early years and the Weimar Republic 1918-1923
Ben C
PSBD TEST # 3_1_1
yog thapa
Comparative Study
Vitor_Cruz
Pscod new model test#1
Sukesh Angla