Internal intrusions are loosely divided into which categories? (Choose TWO.)
AAttempts by insiders to perform appropriate acts, on information assets to which they have been given rights or permissions.
BAttempts by insiders to access resources, without proper access rights
CAttempts by insiders to access external resources, without proper access rights.
DAttempts by insiders to perform inappropriate acts, on external information assets to which they have been given rights or permissions.
EAttempts by insiders to perform inappropriate acts, on information assets to which they have been given rights or permissions.
_________ occurs when an individual or process acquires a higher level of privilege. Or access, than originally intended.
ASecurity Triad
BPrivilege aggregation
CNeed-to-know
DPrivilege escalation
ELeast privilege
Which encryption algorithm has the highest bit strength?
AAES
BBlowfish
CDES
DCAST
ETriple DES
How is bogus information disseminated?
AAdversaries sort through trash to find information.
BAdversaries use anomalous traffic patterns as indicators of unusual activity. They will employ other methods, such as social engineering, to discover the cause of the noise.
CAdversaries use movement patterns as indicators of activity.
DAdversaries take advantage of a person's trust and goodwill.
ESeemingly, unimportant pieces of data may yield enough information to an adversary, for him to disseminate incorrect information and sound authoritative.
Question 6
Security Principles
0
Question 7
Security Principles
Question 8
Security Principles
Question 9
Security Principles
Question 10
Security Principles
Question 11
Security Principles
Question 12
Security Principles
Question 13
Security Principles
Question 14
Security Principles
Question 15
Security Principles
Question 16
Security Principles
Question 17
Security Principles
Question 18
Security Principles
Question 19
Security Principles
Question 20
Security Principles
Question 21
Security Principles
Question 22
Security Principles
Question 23
Security Principles
Question 24
Security Principles
Question 25
Security Principles
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which type of Business Continuity Plan (BCP) test involves shutting down z on-line, and moving all operations to the alternate site?
AParallel
BFull interruption
CChecklist
DStructured walkthrough
ESimulation
What must system administrators do when they cannot access a complete i testing?
AExtrapolate results from a limited subset.
BEliminate the testing phase of change control.
CRequest additional hardware and software.
DRefuse to implement change requests.
EDeploy directly to the production environment.
To protect its information assets, ABC Company purchases a safeguard that costs $60,000. The annual cost to maintain the safeguard is estimated to be $40,000. The aggregate Annualized Loss Expectancy for the risks the safeguard is expected to mitigate is $50,000.
At this rate of return, how long will it take ABC Company to recoup the cost of the safeguard?
AABC Company will never recoup the cost of this safeguard.
BLess than 7 years
CLess than 3 years
DLess than 1 year
ELess than 5 years
Which of the following is NOT an auditing function that should be performed regularly?
AReviewing IDS alerts
BReviewing performance logs
CReviewing IDS logs
DReviewing audit logs
EReviewing system logs
Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization?
AHire an investigation agency to run background checks.
BVerify all dates of previous employment.
Cquestion candidates, using polygraphs, n
DContact personal and professional references.
ERun criminal-background checks.
Which of these metrics measure how a biometric device performs, when attempting to authenticate subjects? (Choose THREE.)
AFalse Rejection Rate
BUser Acceptance Rate
CCrossover Error Rate
DFalse Acceptance Rate
EEnrollment Failure Rate
A new U.S. Federal Information Processing Standard specifies a cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive, but unclassified, information. What is the name of this Standard?
ATriple DES
BBlowfish
CAES
DCAST
ERSA
Which of the following is likely in a small-business environment?
AMost small businesses employ a full-time information-technology staff.
BResources are available as needed.
CSmall businesses have security personnel on staff.
DMost employees have experience with information security.
ESecurity budgets are very small.
When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)
ADiscover the information daily activities yield.
BMeet with adversaries.
CPerform business impact analysis surveys.
DScrutinize their organizations' daily activities.
EAnalyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities.
Why should each system user and administrator have individual accounts? (Choose TWO.)
AUsing generic user names and passwords increases system security and reliability.
BUsing separate accounts for each user reduces resource consumption, particularly disk space.
CBy using individual login names and passwords, user actions can be traced.
DIf users do not have individual login names, processes can automatically run with root/administrator access.
EA generic user name and password for users and security administrators provides anonymity, which prevents useful logging and auditing.
Organizations____________ risk, when they convince another entity to assume the risk for them.
AElevate
BAssume
CDeny
DTransfer
EMitigate
Which of the following best describes an external intrusion attempt on a local-area network (LAN)?
AInternal users try to gain unauthorized access to information assets outside the organizational perimeter.
BExternal-intrusion attempts from sources outside the LAN are not granted permissions or rights to an organization's information assets
CExternal users attempt to access public resources.
DExternal intruders attempt exploitation of vulnerabilities, to remove their own access.
EInternal users perform inappropriate acts on assets to which they have been given rights or permissions.
_________ intrusion detection involves comparing traffic to known characteristics of malicious traffic, known as attack signatures.
APattern matching
BStatistical anomaly
CBehavioral analysis
DHost
ENetwork
If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do?
ANothing
BDo not log and drop the traffic.
CLog and drop the traffic.
DLog and pass the traffic.
EDo not log and pass the traffic.
Which of the following statements about encryption's benefits is false? Encryption can: (Choose TWO.)
Asignificantly reduce the chance information will be modified by unauthorized entities.
Bonly be used to protect data in transit. Encryption provides no protection to stored data.
Callow private information to be sent over public networks, in relative safety.
Dsignificantly reduce the chance information will be viewed by unauthorized entities.
Eprevent information from being destroyed by malicious entities, while in transit.
Digital signatures are typically provided by a _______, where a third party verifies a key’s authenticity.
ANetwork firewall
BSecurity administrator
CDomain controller
DCertificate Authority
EHash function
Which types of security solutions should a home user deploy? (Choose TWO.)
AManaged Security Gateway
BAccess control lists on a router
CPersonal firewall
DNetwork intrusion-detection system
EAnti-virus software
Which type of access management uses information about job duties and positions, to indicate subjects' clearance levels?
ADiscretionary
BRole-based
CNondiscretionary
DHybrid
EMandatory
Which of the following is a cost-effective solution for securely transmitting data between remote offices?
AStandard e-mail
BFax machine
CVirtual private network
DBonded courier
ETelephone
_________ educate(s) security administrators and end users about organizations' security policies.
