Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- __A__ 1. Regarding access control, a(n) ____ is a specific resource, such as a file or a hardware device.
- a. object c. operation
- b. subject d. asset
- __B__ 2. Regarding access control, a(n) ____ is a user or a process functioning on behalf of the user who attempts to access an object.
- a. object c. operation
- b. subject d. asset
- __C__ 3. Regarding access control, an example of a(n) ____ is when a user attempts to delete a file.
- a. object c. operation
- b. subject d. asset
- __D__ 4. In the ____ model, the end user cannot implement, modify, or transfer any controls.
- a. Discretionary Access Control (DAC) c. Rule Based Access Control (RBAC)
- b. Role Based Access Control (RBAC) d. Mandatory Access Control (MAC)
- __B__ 5. With the ____ model a subject has total control over any objects that he or she owns, along with the programs that are associated with those objects.
- a. RBAC c. RuBAC
- b. DAC d. MAC
- __D__ 6. The ____ model is considered a more “real world” approach than the other models to structuring access control.
- a. Discretionary Access Control (DAC) c. Mandatory Access Control (MAC)
- b. Rule Based Access Control (RBAC) d. Role Based Access Control (RBAC)
- __C__ 7. The ____ model can dynamically assign roles to subjects based on a set of rules defined by a custodian.
- a. Discretionary Access Control (DAC) c. Rule Based Access Control (RBAC)
- b. Role Based Access Control (RBAC) d. Mandatory Access Control (MAC)
- __A__ 8. Known as ____, this practice requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.
- a. separation of duties c. least privilege
- b. job rotation d. implicit deny
- __D__ 9. The principle of ____ in access control means that each user should be given only the minimal amount of privileges necessary to perform his or her job function.
- a. job rotation c. separation of duties
- b. implicit deny d. least privilege
- __A__ 10. ____ in access control means that if a condition is not explicitly met, then it is to be rejected.
- a. Implicit deny c. least privilege
- b. Separation of duties d. job rotation
- __C__ 11. Generally a ____ is used to configure settings for systems that are not part of Active Directory.
- a. Group Policy c. Local Group Policy
- b. Group Policy Object d. Domain Group Policy
- __B__ 12. ____ accounts are user accounts that remain active after an employee has left an organization.
- a. Ghost c. Phantom
- b. Orphaned d. Floating
- __A__ 13. ____ is the process of setting a user’s account to expire.
- a. Account expiration c. Account restriction
- b. Time of day restriction d. Login expiration
- __B__ 14. A ____ is a secret combination of letters and numbers that only the user knows.
- a. badge c. RFID tag
- b. password d. smartcard
- __C__ 15. A ____ attack begins with the attacker creating hashes of common dictionary words, and compares those hashed dictionary words against those in a stolen password file.
- a. birthday c. dictionary
- b. brute force d. rainbow table
- __D__ 16. ____ make password attacks easier by creating a large pregenerated data set of hashes from nearly every possible password combination.
- a. Brute force attacks c. Birthday attacks
- b. Dictionary attacks d. Rainbow tables
- __B__ 17. To address the security issues in the LM hash, Microsoft introduced the ____ hash.
- a. VLM c. ELM
- b. NTLM d. NETLM
- __D__ 18. A ____ lock, also known as the key-in-knob lock, is the easiest to use because it requires only a key for unlocking the door from the outside.
- a. deadbolt c. tailgate
- b. cipher d. preset
- __C__ 19. Known as a ____ lock, this lock extends a solid metal bar into the door frame for extra security.
- a. tailgate c. deadbolt
- b. preset d. cipher
- __A__ 20. ____ locks are combination locks that use buttons that must be pushed in the proper sequence to open the door.
- a. Cipher c. Preset
- b. Deadbolt d. Tailgate
- __D__ 21. A ____ is a security device that monitors and controls two interlocking doors to a small room (a vestibule) that separates a nonsecured area from a secured area.
- a. CCTV c. cipher lock
- b. tailgate sensor d. mantrap
- __B__ 22. ____ is the presentation of credentials or identification, typically performed when logging on to a system.
- a. Authentication c. Authorization
- b. Identification d. Access
- __A__ 23. ____ is the verification of the credentials to ensure that they are genuine and not fabricated.
- a. Authentication c. Authorization
- b. Identification d. Access
- __C__ 24. ____ is granting permission for admittance.
- a. Authentication c. Authorization
- b. Identification d. Access
- __D__ 25. ____ is the right to use specific resources.
- a. Authentication c. Authorization
- b. Identification d. Access
- __A__ 26. There are several types of OTPs. The most common type is a ____ OTP.
- a. time-synchronized c. token-based
- b. challenge-based d. biometric-based
- __D__ 27. A ____ fingerprint scanner requires the user to place the entire thumb or finger on a small oval window on the scanner.
- a. cognitive c. physical
- b. dynamic d. static
- __C__ 28. A ____ fingerprint scanner has a small slit or opening. Instead of placing the entire finger on the scanner the finger is swiped across the opening.
- a. static c. dynamic
- b. cognitive d. physical
- __B__ 29. ____ time is the time it takes for a key to be pressed and then released.
- a. Hit c. Flight
- b. Dwell d. Type
- __D__ 30. ____, such as using an OTP (what a person has) and a password (what a person knows), enhances security, particularly if different types of authentication methods are used.
- a. Standard biometrics c. Cognitive biometrics
- b. Federated identity management d. Two-factor authentication
- __B__ 31. ____ requires that a user present three different types of authentication credentials.
- a. Two-factor authentication c. Behavioral biometrics
- b. Three-factor authentication d. Cognitive biometrics
- __C__ 32. ____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.
- a. FMI c. Windows CardSpace
- b. Windows Live ID d. OpenID
- __A__ 33. ____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
- a. OpenID c. .NET Passport
- b. Windows CardSpace d. Windows Live ID
- __B__ 34. ____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
- a. RADIUS c. TACACS+
- b. Kerberos d. LDAP
- __A__ 35. ____ is an industry standard protocol specification that forwards username and password information to a centralized server.
- a. TACACS+ c. RADIUS
- b. LDAP d. Kerberos
- __C__ 36. The International Organization for Standardization (ISO) created a standard for directory services known as ____.
- a. X.400i c. X.500
- b. X.459 d. X.589
- __D__ 37. The ____, sometimes called X.500 Lite, is a simpler subset of DAP.
- a. Kerberos c. TACACS+
- b. RADIUS d. LDAP
- __A__ 38. The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the ____.
- a. EAP c. X.500
- b. LDAP d. TACACS+
- __D__ 39. ____ is a very basic authentication protocol that was used to authenticate a user to a remote access server or to an Internet service provider (ISP).
- a. MS-CHAP c. EAP-TLS
- b. EAP-MD5 d. PAP
- __C__ 40. ____ refers to any combination of hardware and software that enables access to remote users to a local internal network.
- a. LDAP c. RAS
- b. EAP d. VPN
- __B__ 41. A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network.
- a. RAS c. EAP
- b. VPN d. LDAP
- __D__ 42. A(n) ____ is the end of the tunnel between VPN devices.
- a. concentrator c. VPN server
- b. demux d. endpoint
- __B__ 43. In information security, a ____ is the likelihood that a threat agent will exploit a vulnerability.
- a. hole c. risk
- b. threat d. weakness
- __A__ 44. ____ generally denotes a potential negative impact to an asset.
- a. Risk c. Weakness
- b. Threat d. Vulnerability
- __B__ 45. The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
- a. risk modeling c. weakness modeling
- b. threat modeling d. vulnerability modeling
- __D__ 46. Known as ____, this in effect takes a snapshot of the security of the organization as it now stands.
- a. risk identification c. threat identification
- b. risk mitigation d. vulnerability appraisal
- __A__ 47. The ____ is the expected monetary loss every time a risk occurs.
- a. Single Loss Expectancy (SLE) c. Asset Value (AV)
- b. Exposure Factor (EF) d. Annualized Loss Expectancy (ALE)
- __D__ 48. The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
- a. Single Loss Expectancy (SLE) c. Asset Value (AV)
- b. Exposure Factor (EF) d. Annualized Loss Expectancy (ALE)
- __B__ 49. In a ____, the risk is spread over all of the members of the pool.
- a. retained risk c. joined risk
- b. risk retention pool d. cooperative risk
- __C__ 50. Identifying vulnerabilities through a(n) ____ determines the current security weaknesses that could expose assets to threats.
- a. asset identification c. vulnerability appraisal
- b. threat identification d. risk mitigation
- __D__ 51. Most communication in TCP/IP involves the exchange of information between a program running on one device (known as a ____) and the same or a corresponding process running on another device.
- a. port c. scanner
- b. socket d. process
- __C__ 52. TCP/IP uses a numeric value as an identifier to applications and services on the systems. These are known as the ____.
- a. process c. port number
- b. socket d. protocol
- __B__ 53. ____ are typically used to determine the state of a port to know what applications are running and could be exploited.
- a. Network scanners c. Port testers
- b. Port scanners d. Network testers
- __A__ 54. A(n) ____ port means that the application or service assigned to that port is listening.
- a. open c. blocked
- b. closed d. listening
- __C__ 55. A(n) ____ port indicates that no process is listening at this port.
- a. listening c. closed
- b. open d. blocked
- __A__ 56. A(n) ____ port means that the host system does not reply to any inquiries to this port number.
- a. blocked c. open
- b. closed d. listening
- __B__ 57. ____ are software tools that can identify all the systems connected to a network.
- a. Port scanners c. ICMP mappers
- b. Network mappers d. ICMP scanners
- __D__ 58. ____ provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices.
- a. SNMP c. HTTP
- b. SMTP d. ICMP
- __A__ 59. The key feature of a protocol analyzer is that it places the computer’s network interface card (NIC) adapter into ____, meaning that NIC does not ignore packets intended for other systems and shows all network traffic.
- a. promiscuous mode c. traffic mode
- b. listening mode d. sniffing mode
- __D__ 60. ____ is a generic term that refers to a range of products that look for vulnerabilities in networks or systems.
- a. Port scanner c. Ping
- b. Network mapper d. Vulnerability scanner
- __B__ 61. ____ is a “common language” for the exchange of information regarding security vulnerabilities.
- a. XML c. SQL
- b. OVAL d. HTML
- __C__ 62. ____ programs use the file of hashed passwords and then attempts to break the hashed passwords offline.
- a. ICMP scanner c. Password cracker
- b. Port scanner d. Network mapper
- __D__ 63. ____ is a method of evaluating the security of a computer system or network by simulating a malicious attack instead of just scanning for vulnerabilities.
- a. Vulnerability scanning c. Port scanning
- b. Network mapping d. Penetration testing
- __B__ 64. ____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.
- a. Privilege assignment c. Privilege auditing
- b. Privilege management d. Privilege configuration
- __C__ 65. The ____ is typically defined as the person responsible for the information, who determines the level of security needed for the data, and delegates security duties as required.
- a. guardian c. owner
- b. manager d. custodian
- __A__ 66. The ____ is the individual to whom day-to-day actions have been assigned by the owner and who periodically reviews security settings and maintains records of access by end users.
- a. custodian c. manager
- b. guardian d. owner
- __D__ 67. The Windows file and folder ____ permission allows files or folders to be opened as read-only and to be copied.
- a. Write c. Modify
- b. Read and Execute d. Read
- __C__ 68. The Windows file and folder ____ permission allows the creation of files and folders, and allows data to be added to or removed from files.
- a. Modify c. Write
- b. Read and Execute d. Read
- __D__ 69. The Microsoft ____ infrastructure is a mechanism to centrally configure and secure a common set of computer and user configurations and security settings to Windows servers, desktops, and users in an AD.
- a. Security Template c. Auditing
- b. Baseline d. Group Policy
- __A__ 70. ____ is part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena.
- a. Discovery c. Interview
- b. Interrogation d. Retention
- __B__ 71. ILM strategies are typically recorded in ____ policies.
- a. user security c. data confidentiality
- b. storage and retention d. group
- __D__ 72. ____ assigns a level of business importance, availability, sensitivity, security and regulation requirements to data.
- a. Usage auditing c. Usage classification
- b. Security auditing d. Data classification
- __B__ 73. ____ means permissions given to a higher level “parent” will also be inherited by a lower level “child.”
- a. Delegation c. Transition
- b. Inheritance d. Classification
- __A__ 74. ____ is the process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
- a. Log management c. Event management
- b. Log auditing d. Event auditing
- __C__ 75. ____ servers are intermediate hosts through which Web sites are accessed.
- a. NIDS c. Proxy
- b. Authentication d. HIPS
- __B__ 76. ____ logs can be used to determine whether new IP addresses are attempting to probe the network and if stronger firewall rules are necessary to block them.
- a. Proxy servers c. Authentication servers
- b. Firewall d. DNS
- __C__ 77. A(n) ____ is an occurrence within a software system that is communicated to users or other programs outside the operating system.
- a. thread c. event
- b. entry d. call
- __A__ 78. ____ are operational actions that are performed by the operating system, such as shutting down the system or starting a service.
- a. System events c. System functions
- b. System calls d. System processes
- __D__ 79. Logs based on ____ are the second common type of security-related operating system logs.
- a. event records c. event logs
- b. system events d. audit records
- __C__ 80. ____ refers to a methodology for making changes and keeping track of those changes, often manually.
- a. Event auditing c. Change management
- b. Event management d. Log management
- __D__ 81. ____ monitoring is designed for detecting statistical anomalies.
- a. Signature-based c. Time-based
- b. Behavior-based d. Anomaly-based
- __A__ 82. ____ monitoring compares activities against a predefined signature.
- a. Signature-based c. Behavior-based
- b. Anomaly-based d. Time-based
- __B__ 83. A ____ baseline is a reference set of data established to create the “norm” of performance for a system or systems.
- a. configuration c. system
- b. performance d. monitoring
- __D__ 84. A ____ monitor is typically a low-level system program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server, or even personal digital assistant (PDA) or cell phone.
- a. performance c. behavior
- b. baseline d. system
- __A__ 85. Changing the original text to a secret message using cryptography is known as ____.
- a. encryption c. ciphertext
- b. decryption d. cleartext
- __D__ 86. Data that is in an unencrypted form is called ____ data.
- a. plaintext c. hidetext
- b. caesartext d. cleartext
- __C__ 87. ____, also called a one-way hash, is a process for creating a unique “signature” for a set of data.
- a. Digital signing c. Hashing
- b. Decrypting d. Encrypting
- __B__ 88. ____ is a relatively recent cryptographic hash function that has received international recognition and adoption by standards organizations.
- a. MD5 c. SHA-1
- b. Whirlpool d. MD2
- __D__ 89. Symmetric encryption is also called ____ key cryptography.
- a. open c. public
- b. close d. private
- __B__ 90. The simplest type of stream cipher is a ____ cipher. It simply substitutes one letter or character for another.
- a. transposition c. permutation
- b. substitution d. homoalphabetic
- __C__ 91. A ____ substitution cipher maps a single plaintext character to multiple ciphertext characters.
- a. polyalphabetic c. homoalphabetic
- b. monoalphabetic d. random
- __A__ 92. A ____ cipher rearranges letters without changing them.
- a. transposition c. substitution
- b. monoalphabetic d. homoalphabetic
- __B__ 93. A ____ cipher manipulates an entire block of plaintext at one time.
- a. substitution c. stream
- b. block d. transposition
- __A__ 94. ____ was approved by the NIST in late 2000 as a replacement for DES.
- a. AES c. Twofish
- b. 3DES d. Blowfish
- __C__ 95. ____ is a block cipher that processes blocks of 64 bits.
- a. SHA-1 c. RC2
- b. RC4 d. MD5
- __D__ 96. The ____ algorithm dates back to the early 1990s and is used in European nations.
- a. Blowfish c. RC4
- b. Twofish d. IDEA
- __A__ 97. ____ encryption uses two keys instead of one. These keys are mathematically related and are known as the public key and the private key.
- a. Asymmetric c. Private
- b. Symmetric d. Open
- __D__ 98. The asymmetric algorithm ____ was published in 1977 and patented by MIT in 1983.
- a. AES c. SHA
- b. Diffie-Hellman d. RSA
- __C__ 99. The strength of the ____ algorithm is that it allows two users to share a secret key securely over a public network.
- a. DES c. Diffie-Hellman
- b. RSA d. AES
- __B__ 100. A similar program known as ____ is a PGP open-source product.
- a. FreePGP c. PGPx
- b. GPG d. PGPnix
- __D__ 101. Microsoft’s ____ is a cryptography system for Windows operating systems that use the Windows NTFS file system.
- a. GPG c. PGP
- b. AES d. EFS
- __B__ 102. Cryptography can also be applied to entire disks. This is known as ____ encryption.
- a. symmetric c. file system
- b. whole disk d. EFS
- __C__ 103. To protect data stored on a hard drive, Microsoft Windows Vista includes ____ drive encryption.
- a. IDEA c. BitLocker
- b. TPM d. AES
- __A__ 104. ____ is a hardware-enabled data encryption feature.
- a. BitLocker c. AES
- b. EFS d. DES
- __B__ 105. ____ is essentially a chip on the motherboard of the computer that provides cryptographic services.
- a. EFS c. BitLocker
- b. TPM d. AES
- __C__ 106. Some organizations set up a subordinate entity, called a ____, to handle some CA tasks such as processing certificate requests and authenticating users.
- a. Remote Authority (RA) c. Registration Authority (RA)
- b. Delegation Authority (DA) d. Handle Authority (HA)
- __D__ 107. ____ digital certificates are issued by a CA or RA directly to individuals.
- a. Server c. Single-sided
- b. Software publisher d. Personal
- __B__ 108. ____ digital certificates are often issued from a Web server to a client, although they can be distributed by any type of server, such as a mail server.
- a. Software publisher c. Personal
- b. Server d. Organizational
- __A__ 109. When Bob sends one digital certificate to Alice along with his message, that is known as a ____ certificate.
- a. single-sided c. dual-sided
- b. software publisher d. server
- __D__ 110. In one type of trust model, ____ trust, a relationship exists between two individuals because one person knows the other person.
- a. indirect c. discrete
- b. third party d. direct
- __A__ 111. A(n) ____ trust refers to a situation in which two individuals trust each other because each trusts a third party.
- a. third party c. indirect
- b. direct d. discrete
- __B__ 112. The ____ trust model assigns a single hierarchy with one master CA called the root.
- a. web of c. direct
- b. hierarchical d. third party
- __C__ 113. The ____ trust model has multiple CAs that sign digital certificates.
- a. direct c. distributed
- b. web of d. hierarchical
- __A__ 114. The ____ trust model is the basis for digital certificates issued by Internet users.
- a. distributed c. direct
- b. hierarchical d. web of
- __C__ 115. With the ____ trust model, there is one CA that acts as a “facilitator” to interconnect all other CAs.
- a. web of c. bridge
- b. distributed d. hierarchical
- __B__ 116. The ____ provides recommended baseline security requirements for the use and operation of CA, RA, and other PKI components.
- a. certificate practice statement c. baseline policy
- b. certificate policy d. CA policy
- __D__ 117. A ____ describes in detail how the CA uses and manages certificates.
- a. CA policy c. baseline policy
- b. certificate policy d. certificate practice statement
- __C__ 118. ____ refers to a situation in which keys are managed by a third party, such as a trusted CA.
- a. Expiration c. Key escrow
- b. Renewal d. Revocation
- __D__ 119. ____ is used to connect to an FTP server, much in the same way that HTTP links to a Web server.
- a. SSH c. SSL
- b. PKCS d. FTP
- __B__ 120. ____ is a protocol that guarantees privacy and data integrity between applications communicating over the Internet.
- a. FTP c. HTTP
- b. TLS d. CRL
- __A__ 121. The TLS ____ Protocol allows authentication between the server and the client and the negotiation of an encryption algorithm and cryptographic keys before any actual data is transmitted.
- a. Handshake c. Transport
- b. Record d. Packing
- __D__ 122. The TLS ____ Protocol is used to encapsulate higher-level protocols.
- a. Packing c. Transport
- b. Handshake d. Record
- __A__ 123. ____ is actually a suite of three utilities—slogin, scp, and ssh—that are secure versions of the unsecure UNIX counterpart utilities rlogin, rcp, and rsh.
- a. SSH c. SSL
- b. TLS d. SFTP
- __B__ 124. ____ is the most widely deployed tunneling protocol.
- a. SSL c. TLS
- b. PPTP d. NAS
- __C__ 125. One variation of PPP that is used by broadband Internet providers with DSL or cable modem connections is ____.
- a. TLS c. PPPoE
- b. LCP d. PPTP
- __C__ 126. One of the most common e-mail transport protocols is ____.
- a. S/MIME c. TLS
- b. SSL d. IPsec
- __A__ 127. A Class ____ fire includes common combustibles.
- a. A c. C
- b. B d. D
- __B__ 128. ____ systems spray the fire area with pressurized water.
- a. Dry chemical c. Chemical agent
- b. Water sprinkler d. Clean agent
- __D__ 129. ____ systems disperse a fine, dry powder over the fire.
- a. Clean agent c. Water sprinkler
- b. Clean chemical d. Dry chemical
- __C__ 130. ____ fire suppression systems do not harm people, documents, or electrical equipment in the room.
- a. Water sprinkler c. Clean agent
- b. Clean sprinkler d. Dry chemical
- __B__ 131. In a(n) ____ server cluster, a standby server exists only to take over for another server in the event of its failure.
- a. network c. redundant
- b. asymmetric d. symmetric
- __C__ 132. In a(n) ____ server cluster, every server in the cluster performs useful work. If one server fails, the remaining servers continue to perform their normal work as well as that of the failed server.
- a. asymmetric c. symmetric
- b. redundant d. network
- __D__ 133. A system of hard drives based on redundancy can be achieved through using a technology known as ____, which uses multiple hard disk drives for increased reliability and performance.
- a. MTBF c. ESD
- b. VPN d. RAID
- __A__ 134. ____ partitions the storage space of each hard drive into smaller sections, which can be as small as 512 bytes or as large as several megabytes.
- a. Striping c. Duplexing
- b. Mirroring d. Segmenting
- __C__ 135. Disk ____ involves connecting multiple drives in the server to the same disk controller card.
- a. segmenting c. mirroring
- b. stripping d. duplexing
- __A__ 136. Instead of having a single disk controller card that is attached to all hard drives, disk ____ has separate cards for each disk.
- a. duplexing c. mirroring
- b. segmenting d. stripping
- __D__ 137. RAID Level 5 distributes ____ data (a type of error checking) across all drives instead of using a separate drive to hold the parity error checking information.
- a. mirroring c. segmenting
- b. stripping d. parity
- __B__ 138. A(n) ____ UPS is always running off its battery while the main power runs the battery charger.
- a. battery c. off-line
- b. on-line d. mirroring
- __A__ 139. A ____ site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity.
- a. hot c. cold
- b. warm d. cool
- __B__ 140. A ____ site provides office space but the customer must provide and install all the equipment needed to continue operations.
- a. cool c. warm
- b. cold d. hot
- __D__ 141. A ____ site has all of the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data.
- a. cold c. cool
- b. hot d. warm
- __C__ 142. Backup software can internally designate which files have already been backed up by setting a(n) ____ in the properties of the file.
- a. archive sector c. archive bit
- b. backup bit d. backup sector
- __A__ 143. The ____ is defined as the maximum length of time that an organization can tolerate between backups.
- a. RPO c. D2D
- b. RTO d. D2D2T
- __C__ 144. The ____ is simply the length of time it will take to recover the data that has been backed up.
- a. D2D2T c. RTO
- b. RPO d. D2D
- __D__ 145. An alternative to using magnetic tape is to back up to magnetic disk, such as a large hard drive or RAID configuration. This is known as ____.
- a. RTO c. D2D2T
- b. RPO d. D2D
- __B__ 146. A solution that combines the best of magnetic tape and magnetic disk is ____. This technology uses the magnetic disk as a temporary storage area.
- a. D2D c. RTO
- b. D2D2T d. RPO
- __C__ 147. ____ is the application of science to questions that are of interest to the legal profession.
- a. Chain of custody c. Forensics
- b. RTO d. RPO
- __D__ 148. At its core, a(n) ____ policy is a document that outlines the protections that should be enacted to ensure that the organization’s assets face minimal risks.
- a. safety c. change management
- b. acceptable use d. security
- __C__ 149. A ____ is a collection of requirements specific to the system or procedure that must be met by everyone.
- a. recommendation c. standard
- b. guideline d. policy
- __A__ 150. A ____ is a collection of suggestions that should be implemented.
- a. guideline c. policy
- b. recommendation d. standard
- __B__ 151. A ____ is a document that outlines specific requirements or rules that must be met.
- a. standard c. guideline
- b. policy d. recommendation
- __C__ 152. ____ determines the items that have a positive economic value and may include data, hardware, personnel, physical assets, and software.
- a. Risk assessment c. Asset identification
- b. Threat identification d. Vulnerability appraisal
- __B__ 153. ____ takes a snapshot of the security of the organization as it now stands.
- a. Risk mitigation c. Risk assessment
- b. Vulnerability appraisal d. Threat identification
- __A__ 154. ____ involves determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization.
- a. Risk assessment c. Vulnerability appraisal
- b. Risk mitigation d. Asset identification
- __D__ 155. A(n) ____ policy establishes guidelines for effectively reducing the threat of computer viruses on the organization’s network and computers.
- a. acceptable encryption c. automated forwarded e-mail
- b. dial-in access d. anti-virus
- __B__ 156. A(n) ____ policy outlines the requirements and provides the authority for an information security team to conduct audits and risk assessments, investigate incidents, to ensure conformance to security policies, or to monitor user activity.
- a. database credentials coding c. automatically forwarded e-mail
- b. audit vulnerability scanning d. analog line
- __D__ 157. A(n) ____ policy defines requirements for storing and retrieving database usernames and passwords.
- a. analog line c. e-mail retention
- b. dial-in access d. database credentials coding
- __A__ 158. A(n) ____ policy helps employees determine what information sent or received by e-mail should be retained and for how long.
- a. e-mail retention c. router security
- b. extranet d. information sensitivity
- __C__ 159. A(n) ____ policy establishes requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization’s network.
- a. extranet c. VPN security
- b. server security d. demilitarized zone security
- __D__ 160. Many organizations have a ____ policy that outlines how the organization uses personal information it collects.
- a. security-related human resource c. disposal and destruction
- b. password management and complexity d. personally identifiable information
- __C__ 161. Most organizations have a ____ policy that addresses the disposal of resources that are considered confidential.
- a. security-related human resource c. disposal and destruction
- b. password management and complexity d. personally identifiable information
- __A__ 162. A ____ policy is designed to produce a standardized framework for classifying information assets.
- a. classification of information c. service level agreement
- b. change management d. disposal and destruction
- __B__ 163. ____ refers to a methodology for making changes and keeping track of those changes, often manually.
- a. Classification of information c. Destruction and disposal
- b. Change management d. Service level agreement
- __C__ 164. ____ are a person’s fundamental beliefs and principles used to define what is good, right, and just.
- a. Norms c. Values
- b. Morals d. Ethics
- __B__ 165. ____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.
- a. Ethics c. Codes
- b. Morals d. Norms
- __A__ 166. ____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.
- a. Ethics c. Values
- b. Codes d. Morals
- __D__ 167. ____ relies on tricking and deceiving someone to provide secure information.
- a. Worm c. Trojan horse
- b. Virus d. Social engineering
- __B__ 168. One of the most common forms of social engineering is ____, or sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
- a. dumpster diving c. computer hoax
- b. phishing d. pharming
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement