A brute-force password attack and the theft of a mobile worker's laptop are risks
most likely found in which domain of a typical IT infrastructure? - ANSWER Remote
Access Domain
Bob is the information security and compliance manager for a financial institution.
Which regulation is most likely to directly apply to Bob's employer? - ANSWER
Gramm-Leach-Bliley Act (GLBA)
Chris is writing a document that provides step-by-step instructions for end users
seeking to update the security software on their computers. Performing these
updates is mandatory. Which type of document is Chris writing? - ANSWER
Procedure
Devaki is capturing traffic on her network. She notices connections using ports 20,
22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted
connections? - ANSWER 22
In which domain of a typical IT infrastructure is the first layer of defense for a layered
security strategy? - ANSWER User Domain
Juan's web server was down for an entire day in April. It experienced no other
downtime during that month. What represents the web server uptime for that month?
- ANSWER 96.67%
Maria is writing a policy that defines her organization's data classification standard.
The policy designates the IT assets that are critical to the organization's mission and
defines the organization's systems, uses, and data priorities. It also identifies assets
within the seven domains of a typical IT infrastructure. Which policy is Maria writing?
- ANSWER Asset classification policy
Rachel is investigating an information security incident that took place at the high
school where she works. She suspects that students may have broken into the
student records system and altered their grades. If that is correct, which one of the
tenets of information security did this attack violate? - ANSWER Integrity
,Remote access security controls help to ensure that the user connecting to an
organization's network is who the user claims to be. A username is commonly used
for _______, whereas a biometric scan could be used for _______. - ANSWER
identification, authentication
Unauthorized access to data centers and downtime of servers are risks to which
domain of an IT infrastructure? - ANSWER System/Application Domain
What is a primary risk to the Workstation Domain, the Local Area Network (LAN)
Domain, and the System/Application Domain? - ANSWER Unauthorized access to
systems
What is a U.S. federal government classification level that applies to information that
would cause serious damage to national security if it were disclosed? - ANSWER
Secret
What measures the average amount of time between failures for a particular
system? - ANSWER Mean time to failure (MTTF)
Which element of the IT security policy framework provides detailed written
definitions for hardware and software and how they are to be used? - ANSWER
Standard
Which element of the security policy framework offers suggestions rather than
mandatory actions? - ANSWER Guideline
Which element of the security policy framework requires approval from upper
management and applies to the entire organization? - ANSWER Policy
Which network device is designed to block network connections that are identified as
potentially malicious? - ANSWER Intrusion prevention system (IPS)
Which risk is most effectively mitigated by an upstream Internet service provider
(ISP)? - ANSWER Distributed denial of service (DDoS)
Which security control is most helpful in protecting against eavesdropping on wide
area network (WAN) transmissions? - ANSWER Encrypting transmissions with
virtual private networks (VPNs)
Which term describes the level of exposure to some event that has an effect on an
asset, usually the likelihood that something bad will happen to an asset? - ANSWER
Risk
,True or False? A data classification standard provides a consistent definition for how
an organization should handle and secure different types of data. - ANSWER True
True or False? A router is a security appliance that is used to filter Internet Protocol
(IP) packets and block unwanted packets. - ANSWER False
True or False? Access control lists (ACLs) are used to permit and deny traffic in an
Internet Protocol (IP) router. - ANSWER True
True or False? An information system is a safeguard or countermeasure an
organization implements to help reduce risk. - ANSWER False
True or False? An IT security policy framework is like an outline that identifies where
security controls should be used. - ANSWER True
True or False? Authorization is the process of granting rights to use an organization's
IT assets, systems, applications, and data to a specific user. - ANSWER True
True or False? Availability is the tenet of information security that deals with uptime
and downtime. - ANSWER True
True or False? Cryptography is the practice of making data unreadable. - ANSWER
True
True or False? Encrypting data within databases and storage devices gives an
added layer of security. - ANSWER True
True or False? For businesses and organizations under recent compliance laws,
data classification standards typically include private, confidential, internal use only,
and public-domain categories. - ANSWER True
True or False? Hypertext Transfer Protocol (HTTP) encrypts data transfers between
secure browsers and secure webpages. - ANSWER False
True or False? Hypertext Transfer Protocol (HTTP) is the communications protocol
between web browsers and websites with data in cleartext. - ANSWER True
True or False? Networks, routers, and equipment require continuous monitoring and
management to keep wide area network (WAN) service available. - ANSWER True
True or False? Service-level agreements (SLAs) are a common part of the Local
Area Network (LAN)-to-Wide Area Network (WAN) Domain of a typical IT
infrastructure. - ANSWER False
, True or False? The Local Area Network (LAN) Domain of a typical IT infrastructure
includes both physical network components and logical configuration of services for
users. - ANSWER True
True or False? The Local Area Network (LAN)-to-Wide Area Network (WAN) Domain
is where the IT infrastructure links to a WAN and the Internet. - ANSWER True
True or False? The protocols in the Transmission Control Protocol/Internet Protocol
(TCP/IP) suite work together to allow any two computers to be connected and thus
create a network. - ANSWER True
True or False? The Sarbanes-Oxley Act (SOX) requires all types of financial
institutions to protect customers' private financial information. - ANSWER False
True or False? The System/Application Domain of a typical IT infrastructure consists
of hardware, operating system software, applications, and data and includes
hardware and its logical design. - ANSWER True
True or False? The User Domain of a typical IT infrastructure defines the people and
processes that access an organization's information systems. - ANSWER True
From a security perspective, what should organizations expect will occur as they
become more dependent on the Internet of Things (IoT)? - ANSWER Security risks
will increase.
Gwen's company is planning to accept credit cards over the Internet. What governs
this type of activity and includes provisions that Gwen should implement before
accepting credit card transactions? - ANSWER Payment Card Industry Data
Security Standard (PCI DSS)
In Mobile IP, what term describes a device that would like to communicate with a
mobile node (MN)?Group of answer choices - ANSWER Correspondent node (CN)
Kaira's company recently switched to a new calendaring system provided by a
vendor. Kaira and other users connect to the system, hosted at the vendor's site,
using a web browser. Which service delivery model is Kaira's company using? -
ANSWER Software as a Service (SaaS)
Ron is the IT director at a medium-sized company. He frequently gets requests from
employees who want to select customized mobile devices. He decides to allow them
to purchase their own devices. Which type of policy should Ron implement to include
the requirements and security controls for this arrangement? - ANSWER Bring Your
Own Device (BYOD)
most likely found in which domain of a typical IT infrastructure? - ANSWER Remote
Access Domain
Bob is the information security and compliance manager for a financial institution.
Which regulation is most likely to directly apply to Bob's employer? - ANSWER
Gramm-Leach-Bliley Act (GLBA)
Chris is writing a document that provides step-by-step instructions for end users
seeking to update the security software on their computers. Performing these
updates is mandatory. Which type of document is Chris writing? - ANSWER
Procedure
Devaki is capturing traffic on her network. She notices connections using ports 20,
22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted
connections? - ANSWER 22
In which domain of a typical IT infrastructure is the first layer of defense for a layered
security strategy? - ANSWER User Domain
Juan's web server was down for an entire day in April. It experienced no other
downtime during that month. What represents the web server uptime for that month?
- ANSWER 96.67%
Maria is writing a policy that defines her organization's data classification standard.
The policy designates the IT assets that are critical to the organization's mission and
defines the organization's systems, uses, and data priorities. It also identifies assets
within the seven domains of a typical IT infrastructure. Which policy is Maria writing?
- ANSWER Asset classification policy
Rachel is investigating an information security incident that took place at the high
school where she works. She suspects that students may have broken into the
student records system and altered their grades. If that is correct, which one of the
tenets of information security did this attack violate? - ANSWER Integrity
,Remote access security controls help to ensure that the user connecting to an
organization's network is who the user claims to be. A username is commonly used
for _______, whereas a biometric scan could be used for _______. - ANSWER
identification, authentication
Unauthorized access to data centers and downtime of servers are risks to which
domain of an IT infrastructure? - ANSWER System/Application Domain
What is a primary risk to the Workstation Domain, the Local Area Network (LAN)
Domain, and the System/Application Domain? - ANSWER Unauthorized access to
systems
What is a U.S. federal government classification level that applies to information that
would cause serious damage to national security if it were disclosed? - ANSWER
Secret
What measures the average amount of time between failures for a particular
system? - ANSWER Mean time to failure (MTTF)
Which element of the IT security policy framework provides detailed written
definitions for hardware and software and how they are to be used? - ANSWER
Standard
Which element of the security policy framework offers suggestions rather than
mandatory actions? - ANSWER Guideline
Which element of the security policy framework requires approval from upper
management and applies to the entire organization? - ANSWER Policy
Which network device is designed to block network connections that are identified as
potentially malicious? - ANSWER Intrusion prevention system (IPS)
Which risk is most effectively mitigated by an upstream Internet service provider
(ISP)? - ANSWER Distributed denial of service (DDoS)
Which security control is most helpful in protecting against eavesdropping on wide
area network (WAN) transmissions? - ANSWER Encrypting transmissions with
virtual private networks (VPNs)
Which term describes the level of exposure to some event that has an effect on an
asset, usually the likelihood that something bad will happen to an asset? - ANSWER
Risk
,True or False? A data classification standard provides a consistent definition for how
an organization should handle and secure different types of data. - ANSWER True
True or False? A router is a security appliance that is used to filter Internet Protocol
(IP) packets and block unwanted packets. - ANSWER False
True or False? Access control lists (ACLs) are used to permit and deny traffic in an
Internet Protocol (IP) router. - ANSWER True
True or False? An information system is a safeguard or countermeasure an
organization implements to help reduce risk. - ANSWER False
True or False? An IT security policy framework is like an outline that identifies where
security controls should be used. - ANSWER True
True or False? Authorization is the process of granting rights to use an organization's
IT assets, systems, applications, and data to a specific user. - ANSWER True
True or False? Availability is the tenet of information security that deals with uptime
and downtime. - ANSWER True
True or False? Cryptography is the practice of making data unreadable. - ANSWER
True
True or False? Encrypting data within databases and storage devices gives an
added layer of security. - ANSWER True
True or False? For businesses and organizations under recent compliance laws,
data classification standards typically include private, confidential, internal use only,
and public-domain categories. - ANSWER True
True or False? Hypertext Transfer Protocol (HTTP) encrypts data transfers between
secure browsers and secure webpages. - ANSWER False
True or False? Hypertext Transfer Protocol (HTTP) is the communications protocol
between web browsers and websites with data in cleartext. - ANSWER True
True or False? Networks, routers, and equipment require continuous monitoring and
management to keep wide area network (WAN) service available. - ANSWER True
True or False? Service-level agreements (SLAs) are a common part of the Local
Area Network (LAN)-to-Wide Area Network (WAN) Domain of a typical IT
infrastructure. - ANSWER False
, True or False? The Local Area Network (LAN) Domain of a typical IT infrastructure
includes both physical network components and logical configuration of services for
users. - ANSWER True
True or False? The Local Area Network (LAN)-to-Wide Area Network (WAN) Domain
is where the IT infrastructure links to a WAN and the Internet. - ANSWER True
True or False? The protocols in the Transmission Control Protocol/Internet Protocol
(TCP/IP) suite work together to allow any two computers to be connected and thus
create a network. - ANSWER True
True or False? The Sarbanes-Oxley Act (SOX) requires all types of financial
institutions to protect customers' private financial information. - ANSWER False
True or False? The System/Application Domain of a typical IT infrastructure consists
of hardware, operating system software, applications, and data and includes
hardware and its logical design. - ANSWER True
True or False? The User Domain of a typical IT infrastructure defines the people and
processes that access an organization's information systems. - ANSWER True
From a security perspective, what should organizations expect will occur as they
become more dependent on the Internet of Things (IoT)? - ANSWER Security risks
will increase.
Gwen's company is planning to accept credit cards over the Internet. What governs
this type of activity and includes provisions that Gwen should implement before
accepting credit card transactions? - ANSWER Payment Card Industry Data
Security Standard (PCI DSS)
In Mobile IP, what term describes a device that would like to communicate with a
mobile node (MN)?Group of answer choices - ANSWER Correspondent node (CN)
Kaira's company recently switched to a new calendaring system provided by a
vendor. Kaira and other users connect to the system, hosted at the vendor's site,
using a web browser. Which service delivery model is Kaira's company using? -
ANSWER Software as a Service (SaaS)
Ron is the IT director at a medium-sized company. He frequently gets requests from
employees who want to select customized mobile devices. He decides to allow them
to purchase their own devices. Which type of policy should Ron implement to include
the requirements and security controls for this arrangement? - ANSWER Bring Your
Own Device (BYOD)
