Download CIST 1601 Final Exam Study Guide: Information Security Fundamentals and more Exams Information Security and Markup Languages in PDF only on Docsity!
CIST 1601 Final Exam Spring
Information Security Fundamentals -
CIST 1601 Final Exam Study Guide Exam
Revision Test.
Which is a form of cryptography provides confidentiality with a weak form of authentication or integrity? Symmetric key encryption Asymmetric Key encryption Hash algorithm Key distribution - Answer:::✔✔Symmetric-key encryption What is the main difference between a worm and a virus? A worm tries to the steal information, while I virus tries to destroy data. A worm is restricted to one system, while a virus can spread from system to system. A worm can replace itself, while a virus requires a host for distribution. A worm requires an execution mechanism to start while a virus can start itself - Answer:::✔✔A worm can replicate itself, while a virus requires a host for distribution.
What type of malware monitors your actions? Virus Worm Spyware Trojan horse - Answer:::✔✔Spyware A collection of zombie computers have been set up to collect personal information. What type of malware to the zombie computers represent? Trojan Horse Logic Bomb Botnet Spyware - Answer:::✔✔Botnet Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? Worm ActiveX Control Outook Express Trojan horse - Answer:::✔✔Trojan Horse
What is the primary distinguishing characteristic between a worm and a logic bomb? Incidental damage to resources Masquerades as a useful program Self replication Spreads via email - Answer:::✔✔Self-replication What is another name for a logic bomb? Asynchronous attack Trojan horse Pseudo-flaw DNS poisoning - Answer:::✔✔Asynchronous Attack Which of the following statements about the use of antivirus software is correct?
- Antivirus software should be configured to download updated virus definition files as soon as they become available.
- Once installed, antivirus software needs to be updated on a monthly basis.
- If servers on the network have antivirus software installed, workstations do not need antivirus software installed.
- If you install antivirus software, you no longer need a firewall on your network. - Answer:::✔✔Anti-virus software should be configured to download updated virus definition files as soon as they become available. Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy?
- You can't use domain-based group policies to enforce security settings on mobile devices.
- Mobile devices are immune to malware threats.
- Anti-malware software isn't available for most mobile device operating systems.
- It is difficult for users to connect personal mobile devices to your organizations corporate network. - Answer:::✔✔You can't use domain- based group policies to enforce security settings on mobile devices. Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestowed to its client? Service level agreement
You want to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? Change management Resource allocation Service Level Agreement (SLA) Acceptable use - Answer:::✔✔Change management What is the most effective way to improve or enforce security in any environment? Providing user awareness training Disabling Internet access Requiring two-factor authentication Enforcing account lockout - Answer:::✔✔providing User awareness training Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment ● Every aspect
● Personnel and policies ● IT hardware and software - Answer:::✔✔Every aspect You have recently discovered that a network attack is compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you legally be required to do? Implement training for employees who handle personal information Perform additional investigations to identify the attacker Contact your customers let them know about the security breach Delete personally identifiable information from your computers - Answer:::✔✔Contact your customers to let them know of the security breach What is the primary countermeasure to social engineering? Traffic filters A written security policy Heavy management oversight Employee awareness training - Answer:::✔✔Employee awareness training
Masquerading Vishing Taligating - Answer:::✔✔Vishing You are about to enter your office building through a back entrance. A man dressed as a plumber asked you to let him and so he can fix the restroom. What should you do?
- Let him in.
- Direct him to the front entrance and instruct him to check in with the receptionist.
- Tell him no and quickly close the door.
- Let them in and help them find the restroom, then let them work. - Answer:::✔✔Direct him to the front entrance and instruct him to check in with the receptionist. Which of the following is not an example of a physical barrier access control mechanism? One-time passwords Fences Mantrap Biometric locks - Answer:::✔✔One time passwords
Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smartcards to gain entry? Use weight scales Install security cameras Use key locks rather than electronic locks Deploy a mantrap - Answer:::✔✔Deploy a mantrap What is the primary benefit of CCTV? Increase security protection throughout an environment Reduce the need for locks and sensors on doors Expand the area visible by security guards Provide a corrective control - Answer:::✔✔Expands the area visible by security guards Which of the following is not a benefit of physical security? Sensitive data is protected from unauthorized access Untrained employees cannot miss-use equipment Employee passwords are stronger Terrorists cannot walk in off the street and change the network configuration - Answer:::✔✔Employee passwords are stronger.
What common design feature among instant messaging clients make them less secure than other means of communicating over the Internet? Freely available for use Real-time communication Peer-to-peer networking Transfer of text and files - Answer:::✔✔Peer-to-peer networking What type of attack is most likely to succeed with communications between instant messaging clients? Sniffing DNS poisoning Brute force password attack Denial of service - Answer:::✔✔Sniffing Which of the following attacks, is successful, causes a switch to function like a hub? Replay ARP poisoning MAC flooding
MAC spoofing - Answer:::✔✔MAC flooding Which of the following switch attacks associates the attackers MAC address with the IP address of the victims devices? Cross-site scripting DNS poisoning MAC spoofing ARP spoofing/poisoning - Answer:::✔✔ARP spoofing/poisoning Which is a typical goal of MAC spoofing? Rerouting local traffic to a specified destination Causing a switch to enter fail open mode Causing incoming packets to broadcast to all ports Bypassing 802.1x port-based security - Answer:::✔✔Bypassing 802.1x port based security Which of the following is an appropriate definition of a VLAN?
- A logical grouping of devices based on service need, protocol, or other criteria.
- A device used to filter WAN traffic
RADIUS is primarily used for what purpose?
- managing RAID fault-tolerant drive configurations
- Controlling entry gate access using proximity sensors
- Authenticating remote clients before access to the network is granted
- Managing access to a network over a VPN - Answer:::✔✔Authenticating remote clients before access to the network is granted Which of the following cloud computing solutions delivers software applications to a client either over the Internet or a local area network? SaaS DaaS IaaS Paas - Answer:::✔✔SaaS Which of the following is not true regarding cloud computing?
- The term cloud is used as a metaphor for the Internet
- Typical cloud computing providers deliver common business applications online that are accessed from another Web server or software like a web browser
- Cloud computing requires end users to have knowledge of the physical location and configuration of the system that delivers the services
- Cloud computing is software, data access, computation, and storage services - Answer:::✔✔Cloud computing requires end users to have knowledge of the physical location and configuration of the system that delivers the services. Which of the following ports does FTP use to establish sessions and manage traffic? 80, 443 20, 135 - 139 25,110 - Answer:::✔✔20, You want to store your computer generated audit logs in case they are needed in the future for examination. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?
- Store the logs in an offsite facility
- Create a hash of each log
- Make two copies of each log and store each copy in a different location
- Encrypt the logs - Answer:::✔✔Create a hash of each log
Delete all files from all the hard disks in the computer Damage the hard disks so badly that all data remaining is gone - Answer:::✔✔Damage the hard disc so badly that all data remaining is gone. How many keys are used with asymmetric (public key) cryptography? One Two Three Four - Answer:::✔✔Two A receiver wants to verify the integrity of the message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver used to access the hashing value and verify the integrity of the transmission? A receiver's public key Sender's private key Sender's public key Receiver's private key - Answer:::✔✔Sender's public key
Which aspect of a birth certificate makes it a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet? It is a trusted third - party It is a digital mechanism, rather than a physical one. It uses electronic signatures. It provides ease-of-use - Answer:::✔✔It is a trusted third party Which standard is most widely used for certificates? SSL v.3. HTTP 1. 802.1x X.509 - Answer:::✔✔X. If you perform regular backups, what must be done to ensure that you are protected against data loss? Write protect all backup media Restrict restoration privileges to system administrators Store the backup media in an on-site fireproof vault
