IAS FINAL EXAM (Comprehensive)
QUESTIONS & ANSWERS 2024/2025
What measures the average amount of time between failures for a particular system?
A. Uptime
B. Recovery time objective (RTO)
C. Mean time to failure (MTTF)
D. Mean time to repair (MTTR) - ANSWERSC. Mean time to failure (MTTF)
Remote access security controls help to ensure that the user connecting to an organization's network is
who the user claims to be. A username is commonly used for _______, whereas a biometric scan could
be used for _______.
A. identification, authentication
B. authorization, accountability
C. identification, authorization
D. authentication, authorization - ANSWERSA. identification, authentication
A brute-force password attack and the theft of a mobile worker's laptop are risks most likely found in
which domain of a typical IT infrastructure?
A. Local Area Network (LAN) Domain
B. Workstation Domain
C. Remote Access Domain
D. User Domain - ANSWERSC. Remote Access Domain
In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy?
A. Workstation Domain
B. Local Area Network (LAN) Domain
C. User Domain
,D. System/Application Domain - ANSWERSC. User Domain
Rachel is investigating an information security incident that took place at the high school where she
works. She suspects that students may have broken into the student records system and altered their
grades. If that is correct, which one of the tenets of information security did this attack violate?
A. Integrity
B. Nonrepudiation
C. Confidentiality
D. Availability - ANSWERSA. Integrity
Which network device is designed to block network connections that are identified as potentially
malicious?
A. Intrusion detection system (IDS)
B. Intrusion prevention system (IPS)
C. Router
D. Web server - ANSWERSB. Intrusion prevention system (IPS)
Which security control is most helpful in protecting against eavesdropping on wide area network (WAN)
transmissions?
A. Deploying an intrusion detection system/intrusion prevention system (IDS/IPS)
B. Applying filters on exterior Internet Protocol (IP) stateful firewalls
C. Encrypting transmissions with virtual private networks (VPNs)
D. Blocking Transmission Control Protocol (TCP) synchronize (SYN) open connections - ANSWERSC.
Encrypting transmissions with virtual private networks (VPNs)
What is a U.S. federal government classification level that applies to information that would cause
serious damage to national security if it were disclosed?
A. Top secret
B. Confidential
C. Secret
D. Private - ANSWERSC. Secret
,What is a primary risk to the Workstation Domain, the Local Area Network (LAN) Domain, and the
System/Application Domain?
A. Unauthorized network probing and port scanning
B. Unauthorized access to systems
C. Downtime of IT systems for an extended period after a disaster
D. Mobile worker token or other authentication stolen - ANSWERSB. Unauthorized access to systems
Which term describes the level of exposure to some event that has an effect on an asset, usually the
likelihood that something bad will happen to an asset?
A. Threat
B. Countermeasure
C. Risk
D. Vulnerability - ANSWERSC. Risk
Which compliance obligation includes security requirements that apply specifically to the European
Union?
A. Gramm-Leach-Bliley Act (GLBA)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Federal Information Security Management Act (FISMA) - ANSWERSC. General Data Protection
Regulation (GDPR)
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
A. Correspondent node (CN)
B. Foreign agent (FA)
C. Home agent (HA)
D. Care of address (COA) - ANSWERSA. Correspondent node (CN)
, Which of the following enables businesses to transform themselves into an Internet of Things (IoT)
service offering?
A. Store-and-forward communications
B. Remote sensoring
C. Real-time tracking and monitoring
D. Anything as a Service (AaaS) delivery model - ANSWERSD. Anything as a Service (AaaS) delivery model
Which of the following is an example of a business-to-consumer (B2C) application of the Internet of
Things (IoT)?
A. Video conferencing
B. Traffic monitoring
C. Health monitoring
D. Infrastructure monitoring - ANSWERSC. Health monitoring
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other
users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery
model is Kaira's company using?
A. Communications as a Service (CaaS)
B. Software as a Service (SaaS)
C. Infrastructure as a Service (IaaS)
D. Platform as a Service (PaaS) - ANSWERSB. Software as a Service (SaaS)
From a security perspective, what should organizations expect will occur as they become more
dependent on the Internet of Things (IoT)?
A. Security risks will be eliminated.
B. Security risks will decrease.
C. Security risks will stay the same.
D. Security risks will increase. - ANSWERSD. Security risks will increase.
What is key to implementing a consistent Internet of Things (IoT) device, connectivity, and
communications environment?
QUESTIONS & ANSWERS 2024/2025
What measures the average amount of time between failures for a particular system?
A. Uptime
B. Recovery time objective (RTO)
C. Mean time to failure (MTTF)
D. Mean time to repair (MTTR) - ANSWERSC. Mean time to failure (MTTF)
Remote access security controls help to ensure that the user connecting to an organization's network is
who the user claims to be. A username is commonly used for _______, whereas a biometric scan could
be used for _______.
A. identification, authentication
B. authorization, accountability
C. identification, authorization
D. authentication, authorization - ANSWERSA. identification, authentication
A brute-force password attack and the theft of a mobile worker's laptop are risks most likely found in
which domain of a typical IT infrastructure?
A. Local Area Network (LAN) Domain
B. Workstation Domain
C. Remote Access Domain
D. User Domain - ANSWERSC. Remote Access Domain
In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy?
A. Workstation Domain
B. Local Area Network (LAN) Domain
C. User Domain
,D. System/Application Domain - ANSWERSC. User Domain
Rachel is investigating an information security incident that took place at the high school where she
works. She suspects that students may have broken into the student records system and altered their
grades. If that is correct, which one of the tenets of information security did this attack violate?
A. Integrity
B. Nonrepudiation
C. Confidentiality
D. Availability - ANSWERSA. Integrity
Which network device is designed to block network connections that are identified as potentially
malicious?
A. Intrusion detection system (IDS)
B. Intrusion prevention system (IPS)
C. Router
D. Web server - ANSWERSB. Intrusion prevention system (IPS)
Which security control is most helpful in protecting against eavesdropping on wide area network (WAN)
transmissions?
A. Deploying an intrusion detection system/intrusion prevention system (IDS/IPS)
B. Applying filters on exterior Internet Protocol (IP) stateful firewalls
C. Encrypting transmissions with virtual private networks (VPNs)
D. Blocking Transmission Control Protocol (TCP) synchronize (SYN) open connections - ANSWERSC.
Encrypting transmissions with virtual private networks (VPNs)
What is a U.S. federal government classification level that applies to information that would cause
serious damage to national security if it were disclosed?
A. Top secret
B. Confidential
C. Secret
D. Private - ANSWERSC. Secret
,What is a primary risk to the Workstation Domain, the Local Area Network (LAN) Domain, and the
System/Application Domain?
A. Unauthorized network probing and port scanning
B. Unauthorized access to systems
C. Downtime of IT systems for an extended period after a disaster
D. Mobile worker token or other authentication stolen - ANSWERSB. Unauthorized access to systems
Which term describes the level of exposure to some event that has an effect on an asset, usually the
likelihood that something bad will happen to an asset?
A. Threat
B. Countermeasure
C. Risk
D. Vulnerability - ANSWERSC. Risk
Which compliance obligation includes security requirements that apply specifically to the European
Union?
A. Gramm-Leach-Bliley Act (GLBA)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Federal Information Security Management Act (FISMA) - ANSWERSC. General Data Protection
Regulation (GDPR)
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
A. Correspondent node (CN)
B. Foreign agent (FA)
C. Home agent (HA)
D. Care of address (COA) - ANSWERSA. Correspondent node (CN)
, Which of the following enables businesses to transform themselves into an Internet of Things (IoT)
service offering?
A. Store-and-forward communications
B. Remote sensoring
C. Real-time tracking and monitoring
D. Anything as a Service (AaaS) delivery model - ANSWERSD. Anything as a Service (AaaS) delivery model
Which of the following is an example of a business-to-consumer (B2C) application of the Internet of
Things (IoT)?
A. Video conferencing
B. Traffic monitoring
C. Health monitoring
D. Infrastructure monitoring - ANSWERSC. Health monitoring
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other
users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery
model is Kaira's company using?
A. Communications as a Service (CaaS)
B. Software as a Service (SaaS)
C. Infrastructure as a Service (IaaS)
D. Platform as a Service (PaaS) - ANSWERSB. Software as a Service (SaaS)
From a security perspective, what should organizations expect will occur as they become more
dependent on the Internet of Things (IoT)?
A. Security risks will be eliminated.
B. Security risks will decrease.
C. Security risks will stay the same.
D. Security risks will increase. - ANSWERSD. Security risks will increase.
What is key to implementing a consistent Internet of Things (IoT) device, connectivity, and
communications environment?
