J Garner
Test por , creado hace más de 1 año

1 Security X Test sobre Section 2 - Test, creado por J Garner el 05/08/2018.

43
0
0
J Garner
Creado por J Garner hace más de 6 años
Cerrar

Section 2 - Test

Pregunta 1 de 96

1

The combination of the probability of an event and its consequence (ISO/IEC 73). ___ is/are mitigated through
the use of controls or safeguards.

Selecciona una de las siguientes respuestas posibles:

  • Risk

  • Threat

  • Asset

  • Vulnerability

Explicación

Pregunta 2 de 96

1

Anything that is capable of acting against an asset in a manner that can result in harm.

Selecciona una de las siguientes respuestas posibles:

  • Risk

  • Threat

  • Asset

  • Vulnerability

Explicación

Pregunta 3 de 96

1

Something of either tangible or intangible value that is worth protecting, including people, information,
infrastructure, finances and reputation

Selecciona una de las siguientes respuestas posibles:

  • Risk

  • Threat

  • Asset

  • Vulnerability

Explicación

Pregunta 4 de 96

1

A weakness in the design, implementation, operation or internal control of a process that could
expose the system to adverse threats from threat events.

Selecciona una de las siguientes respuestas posibles:

  • Risk

  • Threat

  • Asset

  • Vulnerability

Explicación

Pregunta 5 de 96

1

The risk level or exposure without taking into account the actions that management has taken or
might take

Selecciona una de las siguientes respuestas posibles:

  • Inherent Risk

  • Residual Risk

Explicación

Pregunta 6 de 96

1

Which breadcrumb is correct when framing an approach to risk management?

Selecciona una de las siguientes respuestas posibles:

  • Threat Source initiates > Threat Events exploits > Vulnerability causing > Adverse Impact producing > Organization Risk

  • Threat Source initiates > Vulnerability causing > Threat Events exploits > Adverse Impact producing > Organization Risk

  • Threat Events exploits >Threat Source initiates > Vulnerability causing > Adverse Impact producing > Organization Risk

  • Threat Events exploits > Vulnerability causing > Threat Source initiates > Adverse Impact producing > Organization Risk

Explicación

Pregunta 7 de 96

1

Approach to developing risk scenarios is based on describing risk events that are specific to
cybersecurity-related situations, typically hypothetical situations envisioned by the people performing the job
functions in specific processes.

Selecciona una de las siguientes respuestas posibles:

  • Top-down Approach

  • Bottom-up Approach

Explicación

Pregunta 8 de 96

1

Approach to scenario development is based on understanding business goals and how a risk event
could affect the achievement of those goals. Under this model, the risk practitioner looks for the outcome of events
that may hamper business goals identified by senior management.

Selecciona una de las siguientes respuestas posibles:

  • Top-down Approach

  • Bottom-up Approach

Explicación

Pregunta 9 de 96

1

The ___ approach is suited to general risk management of the company, because it looks at both IT- and non-
IT-related events. A benefit of this approach is that because it is more general, it is easier to achieve management
buy-in even if management usually is not interested in IT. The ___ approach also deals with the goals that
senior managers have already identified as important to them.

Selecciona una de las siguientes respuestas posibles:

  • Top-down Approach

  • Bottom-down Approach

Explicación

Pregunta 10 de 96

1

The ____ approach can be a good way to identify scenarios that are highly dependent on the specific
technical workings of a process or system, which may not be apparent to anyone who is not intimately involved
with that work but could have substantial consequences for the organization.

Selecciona una de las siguientes respuestas posibles:

  • Top-down Approach

  • Bottom-down Approach

Explicación

Pregunta 11 de 96

1

___ is used to calculate the risk that an organization faces based on the number of events that may occur within a given time period.

Selecciona una de las siguientes respuestas posibles:

  • Threat

  • Impact

  • Likelihood

  • Vulnerabilty

Explicación

Pregunta 12 de 96

1

Failure to detect a ___ may be the result of its absence, or it may be a false negative arising from configurations of a tool or improper performance of a manual review.

Selecciona una de las siguientes respuestas posibles:

  • Vulnerability

  • Threat

  • Risk

  • Impact

Explicación

Pregunta 13 de 96

1

Given the combination of unknown ___ and unknown ___, it is difficult of the cybersecurity professional to provide a comprehensive estimate of the likelihood of a successful attack.

Selecciona una de las siguientes respuestas posibles:

  • Threat, Vulnerability

  • Asset, Threat

  • Vulnerability, Asset

  • Threat, Risk

Explicación

Pregunta 14 de 96

1

Vulnerability assessments and penetration test provide the cybersecurity practitioner with valuable information on which to partially estimate the ___ .

Selecciona una de las siguientes respuestas posibles:

  • Vulnerabilities

  • Risks

  • Threats

  • Likelihood

Explicación

Pregunta 15 de 96

1

When using ___ rankings, the most important state is to rigorously define the meaning of each category and use definitions consistently throughout the assessment process.

Selecciona una de las siguientes respuestas posibles:

  • Quantitative

  • Qualitative

Explicación

Pregunta 16 de 96

1

For each identified threat, the ___ of harm expected to result should also be determined.

Selecciona una de las siguientes respuestas posibles:

  • Risk

  • Vulnerability

  • Impact

  • Likelihood

Explicación

Pregunta 17 de 96

1

Select all that apply: A number of methodologies are available to measure risk. Different industries and professions have adopted various tactics based upon the following criteria:

Selecciona una o más de las siguientes respuestas posibles:

  • Risk tolerance

  • Size and scope of the environment in the question

  • Amount of data available

  • Risk appetite

  • Threat events

  • Threat impacts

Explicación

Pregunta 18 de 96

1

It is particularly important to understand an organization's ___ when considering how to measure risk.

Selecciona una de las siguientes respuestas posibles:

  • Risk management plan

  • Risk appetite

  • Risk tolerance

  • Risk assessment

Explicación

Pregunta 19 de 96

1

There are three different approaches to implementing cybersecurity. Which three are they below

Selecciona una o más de las siguientes respuestas posibles:

  • Ad hoc

  • Compliance-based

  • Risk-based

  • Threat-based

  • Impact-based

  • Likelihood-based

Explicación

Pregunta 20 de 96

1

An ___ approach simply implements security with no particular rationale or criteria. ___
implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise,
knowledge or training when designing and implementing safeguards.

Selecciona una de las siguientes respuestas posibles:

  • Ad hoc

  • Compliance-based

  • Risk-based

  • Threat-based

Explicación

Pregunta 21 de 96

1

Also known as standards-based security, this approach relies on regulations or standards to
determine security implementations. Controls are implemented regardless of their applicability or necessity, which
often leads to a “checklist” attitude toward security

Selecciona una de las siguientes respuestas posibles:

  • Ad hoc

  • Compliance-based

  • Risk-based

  • Threat-based

Explicación

Pregunta 22 de 96

1

___ security relies on identifying the unique risk a particular organization faces and designing
and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business
needs. The ___ approach is usually scenario-based.

Selecciona una de las siguientes respuestas posibles:

  • Ad hoc

  • Compliance-based

  • Risk-based

  • Threat-based

Explicación

Pregunta 23 de 96

1

The ___ approach is usually scenario-based.

Selecciona una de las siguientes respuestas posibles:

  • Ad hoc

  • Compliance-based

  • Risk-based

  • Threat-based

Explicación

Pregunta 24 de 96

1

___ have been known to breach security boundaries and perform malicious acts to gain a
competitive advantage.

Selecciona una de las siguientes respuestas posibles:

  • Cybercriminals

  • Corporations

  • Online social hackers

  • Script kiddies

Explicación

Pregunta 25 de 96

1

Motivated by the desire for profit, these individuals are involved in fraudulent financial transactions

Selecciona una de las siguientes respuestas posibles:

  • Cybercriminals

  • Cyberwarriors

  • Corporations

  • Hacktivists

Explicación

Pregunta 26 de 96

1

Characterized by their willingness to use violence to achieve their goals, ___ frequently target critical infrastructures and government groups.

Selecciona una de las siguientes respuestas posibles:

  • Cyberterrorists

  • Cybercriminals

  • Cyberwarriors

  • Nation states

Explicación

Pregunta 27 de 96

1

Often likened to hacktivists, ___ , also referred to as cyberfighters, are nationally
motivated citizens who may act on behalf of a political party or against another political party that threatens them.

Selecciona una de las siguientes respuestas posibles:

  • Cyberwarriors

  • Cyberterrorists

  • Cybercriminals

  • Script kiddies

Explicación

Pregunta 28 de 96

1

Although they typically have fairly low-tech methods and tools, dissatisfied current or former
___ represent a clear cybersecurity risk. All of these attacks are adversarial, but some are not related to
APT cyberattacks.

Selecciona una de las siguientes respuestas posibles:

  • Employees

  • Nation states

  • Online social hackers

  • Script kiddies

Explicación

Pregunta 29 de 96

1

Although they often act independently, politically motivated hackers may target specific individuals
or organizations to achieve various ideological ends.

Selecciona una de las siguientes respuestas posibles:

  • Cyberterrorists

  • Hacktivists

  • Cyberwarriors

  • Cybercriminals

Explicación

Pregunta 30 de 96

1

___ often target government and private entities with a high level of sophistication to
obtain intelligence or carry out other destructive activities.

Selecciona una de las siguientes respuestas posibles:

  • Nation states

  • Online social hackers

  • Hacktivists

  • Employees

Explicación

Pregunta 31 de 96

1

Skilled in social engineering, these attackers are frequently involved in cyberbullying,
identity theft and collection of other confidential information or credentials.

Selecciona una de las siguientes respuestas posibles:

  • Script kiddies

  • Online social hackers

  • Hacktivists

  • Employees

Explicación

Pregunta 32 de 96

1

___ are individuals who are learning to hack; they may work alone or with others and
are primarily involved in code injections and distributed denial-of-service (DDoS) attacks.

Selecciona una de las siguientes respuestas posibles:

  • Online social hackers

  • Employees

  • Script kiddies

  • Cybercriminals

Explicación

Pregunta 33 de 96

1

The actual occurrence of a threat, or an activity by a threat agent (or adversary) against an asset.

Selecciona una de las siguientes respuestas posibles:

  • Exploit

  • Attack Vector

  • Attack

  • Attack Mechanism

Explicación

Pregunta 34 de 96

1

From an attacker’s point of view, the asset is a target, and the path or route used to gain access to the target (asset) is known as an

Selecciona una de las siguientes respuestas posibles:

  • Exploit

  • Attack Vector

  • Attack

  • Attack Mechanism

Explicación

Pregunta 35 de 96

1

There are two types of attack vectors: ingress and egress. Which one is known as data exfiltration?

Selecciona una de las siguientes respuestas posibles:

  • Ingress

  • Egress

Explicación

Pregunta 36 de 96

1

Which attack vector focuses on intrusion and hacking into systems?

Selecciona una de las siguientes respuestas posibles:

  • Ingress

  • Egress

Explicación

Pregunta 37 de 96

1

Employees that steal data from systems and networks is an example of which attack vector?

Selecciona una de las siguientes respuestas posibles:

  • Ingress

  • Egress

Explicación

Pregunta 38 de 96

1

The attacker must defeat any controls in place and/or use an ___ to take advantage of a vulnerability.

Selecciona una de las siguientes respuestas posibles:

  • Exploit

  • Attack Vector

  • Attack

  • Attack Mechanism

Explicación

Pregunta 39 de 96

1

The method used to deliver the exploit.

Selecciona una de las siguientes respuestas posibles:

  • Target

  • Attack Vector

  • Attack

  • Attack Mechanism

Explicación

Pregunta 40 de 96

1

An example of this can be a crafted malicious pdf, crafted by the attacker and delivered by email.

Selecciona una de las siguientes respuestas posibles:

  • Exploit

  • Attack Vector

  • Attack

  • Attack Mechanism

Explicación

Pregunta 41 de 96

1

Which order is correct for the attributes of an attack?

Selecciona una de las siguientes respuestas posibles:

  • Attack Vector, Exploit, Vulnerability, Payload, Target (Asset)

  • Attack Vector, Exploit, Payload, Vulnerability, Target (Asset)

  • Attack Vector, Vulnerability, Payload, Exploit, Target (Asset)

  • Attack Vector, Vulnerability, Exploit, Payload, Target (Asset)

Explicación

Pregunta 42 de 96

1

Usually the result of an error, malfunction or mishap of some sort.

Selecciona una de las siguientes respuestas posibles:

  • Adversarial Threat Event

  • Nonadversarial Threat Event

Explicación

Pregunta 43 de 96

1

Made by a human threat agent

Selecciona una de las siguientes respuestas posibles:

  • Adversarial Threat Event

  • Nonadversarial Threat Event

Explicación

Pregunta 44 de 96

1

The adversary gathers information using a variety of techniques, passive or active.

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 45 de 96

1

The adversary crafts the tools needed to carry out a future attack.

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 46 de 96

1

The adversary inserts or installs whatever is needed to carry out the attack.

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 47 de 96

1

The adversary takes advantage of information and systems in order to compromise
them.

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 48 de 96

1

The adversary coordinates attack tools or performs activities that interfere with
organizational functions.

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 49 de 96

1

The adversary causes an adverse impact.

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 50 de 96

1

The adversary continues to exploit and compromise the system

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 51 de 96

1

The adversary coordinates a campaign against the organization.

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 52 de 96

1

What is the correct order of the Threat Process?

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance, Create attack tools, Exploit and compromise, Deliver malicious capabilities, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign

  • Perform reconnaissance, Create attack tools, Deliver malicious capabilities, Exploit and compromise, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign

  • Perform reconnaissance, Deliver malicious capabilities, Create attack tools, Exploit and compromise, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign

  • Perform reconnaissance, Deliver malicious capabilities, Create attack tools, Exploit and compromise, Conduct an attack, Maintain a presence or set of capabilities, Achieve results, Coordinate a campaign

Explicación

Pregunta 53 de 96

1

Perform reconnaissance: The adversary gathers information using a variety of techniques, passive or active. Passive may include:

Selecciona una de las siguientes respuestas posibles:

  • i. Sniffing network traffic
    ii. Using open source discovery of organizational information (news groups; company postings on IT design
    and IT architecture)
    iii. Google hacking

  • i. Scanning the network perimeter
    ii. Social engineering (fake phone calls, low-level phishing)

Explicación

Pregunta 54 de 96

1

The following are examples of which attack process?
a. Sniffing network traffic
b. Using open source discovery of organizational information (news groups; company postings on IT design and IT architecture)
c. Google hacking
d. Scanning the network perimeter
e. Social engineering (fake phone calls, low-level phishing)

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

Explicación

Pregunta 55 de 96

1

The following are examples of which attack process?
a. Phishing or spear phishing attacks
b. Crafting counterfeit websites or certificates
c. Creating and operating false organizations and placing them in to the supply chain to inject malicious components

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

Explicación

Pregunta 56 de 96

1

The following are examples of which attack process?
a. Introducing malware into organizational information systems
b. Placing subverted individuals into privileged positions within the organization
c. Installing sniffers or scanning devices on targeted networks and systems
d. Inserting tampered hardware or critical components into organizational systems or supply chains

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

Explicación

Pregunta 57 de 96

1

The following are examples of which attack process?
a. Split tunneling or gaining physical access to organizational facilities
b. Exfiltrating data or sensitive information
c. Exploiting multitenancy (i.e., multiple customers on shared resources) in a public cloud environment (e.g.,
attacking open public access points; application program interfaces [APIs])
d. Launching zero-day exploits

Selecciona una de las siguientes respuestas posibles:

  • Perform reconnaissance

  • Create attack tools

  • Deliver malicious capabilities

  • Exploit and compromise

Explicación

Pregunta 58 de 96

1

The following are examples of which attack process?
a. Communication interception or wireless jamming attacks
b. Denial-of-service (DoS) or distributed DDoS attacks
c. Remote interference with or physical attacks on organizational facilities or infrastructures
d. Session-hijacking or man-in-the-middle attacks

Selecciona una de las siguientes respuestas posibles:

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 59 de 96

1

The following are examples of which attack process?
a. Obtaining unauthorized access to systems and/or sensitive information
b. Degrading organizational services or capabilities
c. Creating, corrupting or deleting critical data
d. Modifying the control flow of information system (e.g., industrial control system, supervisory control and
data acquisition (SCADA) systems)

Selecciona una de las siguientes respuestas posibles:

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 60 de 96

1

The following are examples of which attack process?
a. Obfuscating adversary actions or interfering with intrusion detection systems (IDSs)
b. Adapting cyberattacks in response to organizational security measures

Selecciona una de las siguientes respuestas posibles:

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 61 de 96

1

The following are examples of which attack process?
a. Multi-staged attacks
b. Internal and external attacks
c. Widespread and adaptive attacks

Selecciona una de las siguientes respuestas posibles:

  • Conduct an attack

  • Achieve results

  • Maintain a presence or set of capabilities

  • Coordinate a campaign

Explicación

Pregunta 62 de 96

1

Which of the following is NOT a Nonadversarial Threat Event?

Selecciona una de las siguientes respuestas posibles:

  • Mishandling of critical or sensitive information by authorized users

  • Incorrect privilege settings

  • Fire, flood, hurricane, windstorm or earthquake at primary or backup facilities

  • Introduction of vulnerabilities into software products

  • Viruses, Network Worms, Botnets

  • Pervasive disk errors or other problems caused by aging equipment

Explicación

Pregunta 63 de 96

1

Software designed to gain access to targeted computer systems, steal information or disrupt computer operations.

Selecciona una de las siguientes respuestas posibles:

  • DoS Attack

  • Malware

  • Social Engineering

  • Phishing

Explicación

Pregunta 64 de 96

1

A piece of code that can replicate itself and spread from one computer to another. It requires intervention or execution to replicate and/or cause damage.

Selecciona una de las siguientes respuestas posibles:

  • Spyware

  • Adware

  • Virus

  • Network Worm

Explicación

Pregunta 65 de 96

1

A variant of the computer virus, which is essentially a piece of self-replicating code designed to spread itself across computer networks. It does not require intervention or execution to replicate.

Selecciona una de las siguientes respuestas posibles:

  • Virus

  • Network Worm

  • Trojan Horse

  • Botnet

Explicación

Pregunta 66 de 96

1

A piece of malware that gains access to a targeted system by hiding within a genuine application

Selecciona una de las siguientes respuestas posibles:

  • Virus

  • Network Worm

  • Trojan Horse

  • Botnet

Explicación

Pregunta 67 de 96

1

Derived from “robot network,” a large, automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as DoS.

Selecciona una de las siguientes respuestas posibles:

  • Virus

  • Network Worm

  • Trojan Horse

  • Botnet

Explicación

Pregunta 68 de 96

1

A class of malware that gathers information about a person or organization without the knowledge of
that person or organization.

Selecciona una de las siguientes respuestas posibles:

  • Spyware

  • Adware

  • Ransomware

  • Keylogger

  • Rootkit

Explicación

Pregunta 69 de 96

1

Also called “hostage code,” a class of extortive malware that locks or encrypts data or functions and demands a payment to unlock them. Several types are available for every operating system

Selecciona una de las siguientes respuestas posibles:

  • Spyware

  • Adware

  • Ransomware

  • Keylogger

  • Rootkit

Explicación

Pregunta 70 de 96

1

A class of malware that secretly records user keystrokes and, in some cases, screen content.

Selecciona una de las siguientes respuestas posibles:

  • Spyware

  • Adware

  • Ransomware

  • Keylogger

  • Rootkit

Explicación

Pregunta 71 de 96

1

A class of malware that hides the existence of other malware by modifying the underlying operating system.

Selecciona una de las siguientes respuestas posibles:

  • Spyware

  • Adware

  • Ransomware

  • Keylogger

  • Rootkit

Explicación

Pregunta 72 de 96

1

Complex and coordinated attacks directed at a specific entity or
organization. They require a substantial amount of research and time, often taking months or even years to fully execute.

Selecciona una de las siguientes respuestas posibles:

  • Advanced persistent threats (APTs)

  • DoS Attack

  • Brute force attack

  • Cross-site scripting (XSS)

Explicación

Pregunta 73 de 96

1

A means of regaining access to a compromised system by installing software or configuring existing software to enable remote access under attacker-defined conditions.

Selecciona una de las siguientes respuestas posibles:

  • Advanced persistent threats (APTs)

  • Backdoor

  • Brute force attack

  • Man-in-the-middle attack

Explicación

Pregunta 74 de 96

1

An attack made by trying all possible combinations of passwords or encryption keys until the correct one is found.

Selecciona una de las siguientes respuestas posibles:

  • Buffer overflow

  • Advanced persistent threats (APTs)

  • Backdoor

  • Brute force attack

Explicación

Pregunta 75 de 96

1

Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.

Selecciona una de las siguientes respuestas posibles:

  • Cross-site scripting (XSS)

  • Man-in-the-middle attack

  • Buffer overflow

  • Backdoor

Explicación

Pregunta 76 de 96

1

A type of injection in which malicious scripts are injected into otherwise benign and
trusted websites.

Selecciona una de las siguientes respuestas posibles:

  • Structure Query Language (SQL) injection

  • Cross-site scripting (XSS)

  • DoS attack

  • Advanced persistent threats (APTs)

Explicación

Pregunta 77 de 96

1

An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate.

Selecciona una de las siguientes respuestas posibles:

  • Man-in-the-middle attack

  • Cross-site scripting (XSS)

  • Structure Query Language (SQL) injection

  • DoS attack

Explicación

Pregunta 78 de 96

1

Any attempt to exploit social vulnerabilities to gain access to information and/or systems.

Selecciona una de las siguientes respuestas posibles:

  • Spear phishing

  • Social engineering

  • Phishing

  • Spoofing

Explicación

Pregunta 79 de 96

1

A type of email attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering.

Selecciona una de las siguientes respuestas posibles:

  • Phishing

  • Spoofing

  • Spear phishing

  • Social engineering

Explicación

Pregunta 80 de 96

1

An attack where social engineering techniques are used to masquerade as a trusted party to obtain important information such as passwords from the victim.

Selecciona una de las siguientes respuestas posibles:

  • Phishing

  • Social engineering

  • Spear phishing

  • Spoofing

Explicación

Pregunta 81 de 96

1

Faking the sending address of a transmission in order to gain illegal entry into a secure system.

Selecciona una de las siguientes respuestas posibles:

  • Spoofing

  • Phishing

  • Social engineering

  • Spear phishing

Explicación

Pregunta 82 de 96

1

An attack that consists of insertion or ‘injection’ of a SQL query via the input data from the client to the application.

Selecciona una de las siguientes respuestas posibles:

  • Zero-day exploit

  • Structure Query Language (SQL) injection

  • Cross-site scripting (XSS)

  • Buffer overflow

Explicación

Pregunta 83 de 96

1

A vulnerability that is exploited before the software creator/vendor is even aware of its existence.

Selecciona una de las siguientes respuestas posibles:

  • Backdoor

  • Advanced persistent threats (APTs)—

  • DoS attack

  • Zero-day exploit

Explicación

Pregunta 84 de 96

1

There are several attributes of good policies that should be considered: (select all that apply below)

Selecciona una o más de las siguientes respuestas posibles:

  • Security policies should be an articulation of a well-defined information security strategy that captures the intent, expectations and direction of management.

  • Policies must be update/maintained on a frequent basis.

  • Policies must be clear and easily understood by all affected parties.

  • Policies should be short and concise, written in plain language.

Explicación

Pregunta 85 de 96

1

Most organizations should create security policies ___ developing a security strategy.

Selecciona una de las siguientes respuestas posibles:

  • Before

  • After

Explicación

Pregunta 86 de 96

1

Communicate required and prohibited activities and behaviors.

Selecciona una de las siguientes respuestas posibles:

  • Procedures

  • Policies

  • Standards

  • Guidelines

Explicación

Pregunta 87 de 96

1

Interpret policies in specific situations.

Selecciona una de las siguientes respuestas posibles:

  • Guidelines

  • Policies

  • Standards

  • Procedures

Explicación

Pregunta 88 de 96

1

Provide details on how to comply with policies and standards.

Selecciona una de las siguientes respuestas posibles:

  • Procedures

  • Guidelines

  • Standards

  • Policies

Explicación

Pregunta 89 de 96

1

Provide general advice on issues such as “what to do in particular circumstances.” These are not requirements to be met but are strongly recommended.

Selecciona una de las siguientes respuestas posibles:

  • Policies

  • Standards

  • Procedures

  • Guidelines

Explicación

Pregunta 90 de 96

1

Which COBIT 5 information security policy set do the following items belong to:
– Data classification and ownership
– System classification and ownership
– Resource utilization and prioritization
– Asset life cycle management
– Asset protection

Selecciona una de las siguientes respuestas posibles:

  • Risk Management

  • Compliance

  • Communication and Operations

  • Asset Management

Explicación

Pregunta 91 de 96

1

Which COBIT 5 information security policy set do the following items belong to:
– At-work acceptable use and behavior, including privacy, Internet/email, mobile devices, BYOD, etc.
– Offsite acceptable use and behavior, including social media, blogs

Selecciona una de las siguientes respuestas posibles:

  • Communication and Operations

  • Compliance

  • Acquisition/Development/Maintenance

  • Rules of Behavior

Explicación

Pregunta 92 de 96

1

Which COBIT 5 information security policy set do the following items belong to:
– Information security within the life cycle, requirements definition and procurement/acquisition processes
– Secure coding practices
– Integration of information security with change and configuration management

Selecciona una de las siguientes respuestas posibles:

  • Acquisition/Development/Maintenance

  • Risk Management

  • Rules of Behavior

  • Communication and Operations

Explicación

Pregunta 93 de 96

1

Which COBIT 5 information security policy set do the following items belong to:
Contract management

Selecciona una de las siguientes respuestas posibles:

  • Risk Management

  • Vendor Management

  • Asset Management

  • Business Continuity and Disaster Recovery

Explicación

Pregunta 94 de 96

1

Which COBIT 5 information security policy set do the following items belong to:
– IT information security architecture and application design
– Service level agreements

Selecciona una de las siguientes respuestas posibles:

  • Compliance

  • Rules of Behavior

  • Communication and Operations

  • Acquisition/Development/Maintenance

Explicación

Pregunta 95 de 96

1

Which COBIT 5 information security policy set do the following items belong to:
– IT information security ___ assessment process
– Development of metrics
– Assessment repositories

Selecciona una de las siguientes respuestas posibles:

  • Compliance

  • Asset Management

  • Risk Management

  • Business Continuity and Disaster Recovery

Explicación

Pregunta 96 de 96

1

Which COBIT 5 information security policy set do the following items belong to:
– Organizational risk management plan
– Information risk profile

Selecciona una de las siguientes respuestas posibles:

  • Asset Management

  • Communication and Operations

  • Acquisition/Development/Maintenance

  • Risk Management

Explicación