PruebaExamen1

The number and types of layers needed for defense in depth are a function of: Asset value, criticality, reliability of each control and degree of exposure. Threat agents, governance, compliance and mobile device policy. Isolation, segmentation, internal controls and external controls. Network configuration, navigation controls, user interface and VPN traffic.

To which of the following layers of the TCP/IP Conceptual Layers would one map Ethernet?. LAN or WAN interface. Transport. Network Interface. Application.

Outsourcing poses the greatest risk to an organization when it involves: Business support services. Cybersecurity capabilities. Core business functions. Technology infrastructure.

Information system design incorporates information security requirements: After system security testing is complete. Prior to finalizing the Information Management Plan. After user acceptance testing. Prior to design of system infrastructure, platforms and appplications within the organization's enterprise IT.

Packet filtering rules are relatively stable and simple because they are performed at: The presentation layer. The network layer. The physical layer. The application layer Incorrecta.

A short recovery time objective (RTO) may not be possible when: Large amounts of data must be restored. The cost of the loss is equal to the cost of recovery. Backup programs have compressed or automated the lost data. Data has been replicated to a mirrored site.

What is a primary benefit of a Stateful Inspection Firewall?. Less control of traffic than other firewalls. Complex to administer. Greater control over IP traffic flow. Easy to manage.

To which of the following layers of the Open Systems Interconnect (OSI) model would one map TCP?. Transport. Session. Data Link. Network.

A firewall that tracks open connection-oriented protocol sessions is said to be: State-sponsored. Stateless. Stated. Stateful.

By using a(n) ______ attack, a hacker can impersonate the interface of a legitimate appplication on a mobile device. Display malware. SQL Code. Browser denial. UI impersonation.

According to the NIST framework, which of the following are considered key functions necessary for the protection of digital assets? Encrypt, Protect, Investigate, Recover, Identify. Protect, Recover, Identify. Encrypt, Protect, Investigate. Encrypt, Protect, Identify. Protect, Investigate, Recover. Investigate, Recover, Identify.

Which of the following layers of the Open Systems Interconnect (OSI) model provides user interface?. Presentation. Session. Transport. Application.

A service-level agreement (SLA). Defines minimum performance targets and how they will be measured. Is a legal document that has not implications for security. Ensures zero down time. Transfers reputational risk from the customer to the provider.

APT is an acronym for which of the following. Advanced Persistent Threat. Avoidable Problem Technology. Advanced Personnel Training Incorrecta. Animated Probe Threat.

What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries. Cross-site request forgery. SQL injection. Session hijacking. Dictionary attacks.

Under the US-CERT model for incident categorization, a CAT-6 incident refers to which of the following?. Scans/Probes/Attempted Access. Malicious code. Investigation. Improper usage.

____________________ is defined as “a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management or service provider interaction.”. Software as a Service (SaaS). Cloud computing. Big data. Platform as a Service (PaaS).

The result or outcome of a threat agent's malicious activity is known as the. Threat outcome. Threat conclusion. Threat summary Incorrecta. Threat event.

_________________ are solutions to software programming and coding errors. Standards. Identity Management. Procedure. Patches.

The __________________ layer of the OSI model ensures that data are transferred reliably in the correct sequence, and the ________________ layer coordinates and manages user connections. Presentation, data link Incorrecta. Data link, network. Transport, session. Physical, application.

Who is responsible for secure storage of data?. Developer. End user. Data custodian Correcta. Senior management.

Select the one that NOT apply. The Internet perimeter should: Monitor and detect network ports for rogue activity. Format, encrypt and compress data. Control user traffic bound toward the Internet. Detect and block traffic from infected internal end points. Eliminate threats such as email spam, viruses and worms.

Large collections of structured and unstructured data and the usage of large infraestructure applications, web services and devices are referred to as: Distributed file systems. Analytics infrastructure. Big data. Structured databases.

Select the steps of the penetration testing phase into the correct order. Planning, Discovery, Attack, Reporting. Planning, Attack, Discovery, Reporting. Reporting, Planning, Discovery, Attack. Attack, Discovery, Reporting, Planning.

A passive network hub operates at which layer of the TCP/IP Conceptual Layers ?. Application. Network Interface. Transport. LAN or WAN interface.

A bridge operates at which layer of the Open Systems Interconnect (OSI)?. Data Link. Network. Transport. Application.

In practical applications: Asymmetric key encryption is used in cases where speed is important. Symmetric key encryption is used to securely distribute asymmetric keys. Asymmetric key encryption is used to securely obtain symmetric keys. Symmetric key encryption is used only for short messages, such as digital signatures.

What is one advantage of a firewall implemented in software over a firewall appliance?. Flexibility. Performance. Power consumption. Resiliency.

When Metasploit is used for penetration testing, the payload is tipically: An executable file that introduces a virus to the system. Software that allows a user to control a system after it has been exploited. A denial of service (DoS) attack that interrupts or suspends access to system resources. A code injection that interferes with the typical course of execution.

Which of the following attack methodologies involves taking over and using an existing communications stream?. Denial of Service. Injection. Man-in-the-Middle. Buffer Overflow.

According to US-CERT categories, how quickly should a Category 3 incident be reported?. Within one week of discovery/detection. Within one business day of discovery/detection. Within one hour of discovery/detection. Weekly.

Which of the following is NOT a risk analysis orientation?. Controls. Vulnerability. Threat. Asset.

To which of the following layers of the TCP/IP Conceptual Layers would one map ARP?. LAN or WAN interface. Network Interface. Transport. Application.

__________________includes many components such as directory services, authentication and authorization services, and user management capabilities such as provisioning and deprovisioning. Standards. Procedure. Identity Management. Patches.

What typically serves as a demilitarized zone (DMZ's) second line of defense?. Internal information servers. An outside router. An inside router. A bastion host.

A fundamental security control that can be applied to a database is the use of ______. upgrades. statistical analysis. encryption. SQL management.

Under the US-CERT model for incident categorization, a CAT-2 incident refers to which of the following?. Malicious code. Denial of service (DoS). Unauthorized Access. Improper usage.

Which of the following represents three of the top cloud computing threats as identified by the Cloud Security Alliance?. Data breaches, account hijacking and denial of service. Insecure APIs, malicious insiders and service outages. Data loss, insufficient due diligence and account provisioning. Shared technology issues, abuse of cloud services and lack of documentation.

To manage outbound traffic, a demilitarized zone (DMZ) will tipically: Accept traffic from any point of origin except the bastion host. Use the inside router to manage private network access to the DMZ network. Use the outside router to limit the services available for use. Reroute all incoming traffic to protect the system from unwanted intrusions.

A router access control list (ACL) intended to best prevent external attacks should be applied to: The internal interface in an inbound direction. The internal interface in an outbound direction. The external interface in an outbound direction. The external interface in an inbound direction.

Updates in cloud-computing environments can be rolled out quickly because the environment is: Homogeneous. Diversified. Distributed. Secure.

Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of: Business needs. Available resources. Projected costs. Levels of effort.

Which element of an incident response plan involves obtaining and preserving evidence?. Preparation. Identification. Containment. Eradication.

Phishing emails most often appear to come from which of the following?. Political officials. A foreign country. An unknown individual or organization. A well-known organization.

Who is responsible for configuration of password requirement on network systems?. Business analyst. Users. The network administrator. Information security manager.

A user employing stenography would write data to: Unallocated space. Removable media. Encrypted containers. Networked storage.

What is the main difference between a statistical based and neural network bases IDS?. Self-learning functionality. Number theory. Patter analysis. The use of large data sets.

The __________ language is designed specifically for small screens and mobile applications without a keyboard. XMA. HTML5. OAuth. WML.

_________________ is the protection of information from unauthorized access or disclosure. Confidentiality. Integrity. Availability. Cybersecurity.

_________________, also called malicious code, is software designed to gain access to targeted computer systems, steal information or disrupt computer operations. Payload. Rootkit. Attack Vector. Malware.

The key benefits of the DMZ system are: Excellent performance and scalability as Internet usage grows. DMZs are based on logical rather than physical connections. An intruder must penetrate three separate devices. Private network addresses are not disclosed to the Internet. Excellent performance and scalability as Internet usage grows. Internal systems do not have direct access to the Internet. DMZs are based on logical rather than physical connections. Private network addresses are not disclosed to the Internet. Internal systems do not have direct access to the Internet. An intruder must penetrate three separate devices. Private network addresses are not disclosed to the Internet. Excellent performance and scalability as Internet usage grows. DMZs are based on logical rather than physical connections. An intruder must penetrate three separate devices. Private network addresses are not disclosed to the Internet.

The process of transmitting messages in convenient pieces that can be reassembled at the destination is referred to as: Obfuscation. Packet switching. Packet filtering. Packet filtering.

An example of a dynamic port would be the _____. Port 23. Port 22. Port 443. Port 49153.

If a network-based intrusion detection system (IDS) is placed between the Internet and the firewall, it will detect: Only those attempts that enter the firewall. All modifications to execute programs and files. Attack attempts, regardless of whether they enter the firewall. Any attempts to use a privileged command.

What kind of tools identify exploitable weaknesses?. Vulnerability assessment tools. Penetration testing tools. Trend/variance reduction tools. Audit reduction tools.

Maintaining a high degree of confidence regarding the integrity of evidence requires a(n): Power of attorney. Affidavit. Sworn statement. Chain of custody.

Which of the following mobile OS features is used to link to nearby WLANs and therefore runs a risk of service set identifiers (SSIDs) an channels being memorized?. On-device encryption. Automatic network recognition. Direct file transfer by Bluetooh. Accelerated graphic user interface (GUI).

Three common controls used to protect the availability of information are: Redundancy, backups and access controls. Hashes, logging and backups. Encryption, file permissions and access controls. Access controls, logging and digital signatures.

The path or route used to gain access to the target asset is known as a(n) _______________. Malware. Rootkit. Vulnerability. Attack Vector.

During the eradication phase of an incident response _______ is not an objective. Determining the root cause of the incident. Performing a vulnerability analysis. Upgrading the affected application. Improving defenses by improving protection.

One limitation of an Intrusion Detection System (IDS) is that it cannot help with weaknesses related to: Identification and authentication schemes, application-level vulnerabilities or back doors into applications. Zero-day threats that bypass traditional security measures. Signature files. Malicious code that has yet to be identified.

Which of the following is a type of application firewall?. Application-level gateways. Circuit-proxy systems. Network-circuit filtering firewalls. Application-proxy firewalls.

A(n) _____________ is a weakness in the design, implementation, operation or internal controls in a process that could be exploited to violate the system security. Attack Vector. Vulnerability. Malware. Rootkit.

The process of identifying where traffic takes place, the time and duration of communications and the size of information transferred is know as: Attack signature detection. Trend variance detection. Log file analysis. Network traffic analysis.

Which of the following statements about advanced persistent threats (APTs) are true? 1-APTs typically originate from sources such as organized crime groups, activists or governments. 2-APTs use obfuscation techniques that help them remain undiscovered for months or even years. 3-APTs are often long-term, multi-phase projects with a focus on reconnaissance. 4-The APT attack cycle begins with target penetration and collection of sensitive information. 5-Although they are often associated with APTs, intelligence agencies are rarely the perpetrators of APT attacks. 3, 4, 5. 1, 2, 3. 2, 3, 4. 1, 4, 5.

The attack mechanism directed against a system is commonly called a(n): Payload. Vulnerability. Attack Vector. Exploit.

A business continuity plan (BCP) is not complete unless it includes: Network diagrams. Critical processes. Detailed procedures. Dedicated resources.

Which types of risk are typically associated with mobile devices?. Organizational risk, Technical risk, Physical risk. Organizational risk, Technical risk, Transactional risk. Technical risk, Physical risk, Transactional risk. Organizational risk, Compliance risk, Technical risk. Compliance risk, Technical risk, Physical risk.

If a company forbids the use of bring your own device, which risk management strategy is it using?. Risk avoidance. Risk transfer. Risk acceptance. Risk reduction.

Insecure direct object references, cross-site scripting and injection are generally classified as threats and vulnerabilities that relate to: Virtualization. Applications. Network. Hardware.