ITSY-1300 Final Review
Study online at https://quizlet.com/_5qyxg1
1. Ethical hackers must obtain _________________ prior to written authorization from
performing a scanning and vulnerability assessment the client
on a live production network.
2. Holly would like to run an annual major disaster recov- Parallel test
ery test that is as thorough and realistic as possible.
She also wants to ensure that there is no disruption
of activity at the primary site. What option is best in
this scenario?
3. During which phase of a hacker's five-step approach Reconnaissance
does the hacker scan a network to identify IP hosts,
open ports, and services enabled on servers and
workstations?
4. In which type of attack does the attacker attempt to Session hijacking
take over an existing connection between two sys-
tems?
5. Which element of the security policy framework re- Policy
quires approval from upper management and applies
to the entire organization?
6. Which of the following interfaces enables you to scan Nessus
several IP addresses at once or type in an IP address
to create a simple scan of any machine?
7. Which of the following is a protocol analyzer tool Wireshark
(sometimes called a "packet sniffer") that is used to
capture IP traffic from a variety of sources?
8. Mean time to repair
(MTTR)
, ITSY-1300 Final Review
Study online at https://quizlet.com/_5qyxg1
Which one of the following measures the average
amount of time that it takes to repair a system, appli-
cation, or component?
9. During the vulnerability assessment, any known vul- Nessus
nerabilities or bugs will be flagged and identified by:
10. Which organization pursues standards for Internet of Internet Engineering Task
Things (IoT) devices and is widely recognized as the Force
authority for creating standards on the Internet?
11. Which of the following is used to transfer files using FileZilla
the File Transfer Protocol (FTP) to and from the vWork-
station?
12. Tony is working with a law enforcement agency to Passive wiretap
place a wiretap pursuant to a legitimate court corder.
The wiretap will monitor communications without
making any modifications. What type of wiretap is
Tony placing?
13. Which compliance obligation includes security re- Federal Information Secu-
quirements that apply specifically to federal govern- rity Management Act (FIS-
ment agencies in the United States? MA)
14. Which one of the following is the best example of an Access control lists
authorization control?
15. Which security control is most helpful in protecting Applying strong encryp-
against eavesdropping on wireless LAN (WLAN) data tion
transmissions that would jeopardize confidentiality?
16. Which type of denial of service attack exploits the Logic attack
existence of software flaws to disrupt a service?
, ITSY-1300 Final Review
Study online at https://quizlet.com/_5qyxg1
17. Which of the following allows analysts to view and NetWitness Investigator
analyze network packet traces?
18. Maria's company recently experienced a major system Opportunity cost
outage due to the failure of a critical component. Dur-
ing that time period, the company did not register any
sales through its online site. Which type of loss did the
company experience as a result of lost sales?
19. Which of the following is used to perform a scan of the Zenmap
network and create a network topology chart?
20. Dawn is selecting an alternative processing facility for Warm site
her organization's primary data center. she would like
to have a facility that balances cost and switchover
time. What would be the best option in this situation?
21. What is NOT a commonly used endpoint security tech- Network firewall
nique?
22. Which password attack is typically used specifical- Birthday attacks
ly against password files that contain cryptographic
hashes?
23. During what phase of a remote access connection Authentication
does the end user prove his or her claim of identity?
24. Which network device is capable of blocking network Intrusion prevention sys-
connections that are identified as potentially mali- tem (IPS)
cious?
25. The CVE listing is a database of: known software vulnera-
bilities and exposures as
Study online at https://quizlet.com/_5qyxg1
1. Ethical hackers must obtain _________________ prior to written authorization from
performing a scanning and vulnerability assessment the client
on a live production network.
2. Holly would like to run an annual major disaster recov- Parallel test
ery test that is as thorough and realistic as possible.
She also wants to ensure that there is no disruption
of activity at the primary site. What option is best in
this scenario?
3. During which phase of a hacker's five-step approach Reconnaissance
does the hacker scan a network to identify IP hosts,
open ports, and services enabled on servers and
workstations?
4. In which type of attack does the attacker attempt to Session hijacking
take over an existing connection between two sys-
tems?
5. Which element of the security policy framework re- Policy
quires approval from upper management and applies
to the entire organization?
6. Which of the following interfaces enables you to scan Nessus
several IP addresses at once or type in an IP address
to create a simple scan of any machine?
7. Which of the following is a protocol analyzer tool Wireshark
(sometimes called a "packet sniffer") that is used to
capture IP traffic from a variety of sources?
8. Mean time to repair
(MTTR)
, ITSY-1300 Final Review
Study online at https://quizlet.com/_5qyxg1
Which one of the following measures the average
amount of time that it takes to repair a system, appli-
cation, or component?
9. During the vulnerability assessment, any known vul- Nessus
nerabilities or bugs will be flagged and identified by:
10. Which organization pursues standards for Internet of Internet Engineering Task
Things (IoT) devices and is widely recognized as the Force
authority for creating standards on the Internet?
11. Which of the following is used to transfer files using FileZilla
the File Transfer Protocol (FTP) to and from the vWork-
station?
12. Tony is working with a law enforcement agency to Passive wiretap
place a wiretap pursuant to a legitimate court corder.
The wiretap will monitor communications without
making any modifications. What type of wiretap is
Tony placing?
13. Which compliance obligation includes security re- Federal Information Secu-
quirements that apply specifically to federal govern- rity Management Act (FIS-
ment agencies in the United States? MA)
14. Which one of the following is the best example of an Access control lists
authorization control?
15. Which security control is most helpful in protecting Applying strong encryp-
against eavesdropping on wireless LAN (WLAN) data tion
transmissions that would jeopardize confidentiality?
16. Which type of denial of service attack exploits the Logic attack
existence of software flaws to disrupt a service?
, ITSY-1300 Final Review
Study online at https://quizlet.com/_5qyxg1
17. Which of the following allows analysts to view and NetWitness Investigator
analyze network packet traces?
18. Maria's company recently experienced a major system Opportunity cost
outage due to the failure of a critical component. Dur-
ing that time period, the company did not register any
sales through its online site. Which type of loss did the
company experience as a result of lost sales?
19. Which of the following is used to perform a scan of the Zenmap
network and create a network topology chart?
20. Dawn is selecting an alternative processing facility for Warm site
her organization's primary data center. she would like
to have a facility that balances cost and switchover
time. What would be the best option in this situation?
21. What is NOT a commonly used endpoint security tech- Network firewall
nique?
22. Which password attack is typically used specifical- Birthday attacks
ly against password files that contain cryptographic
hashes?
23. During what phase of a remote access connection Authentication
does the end user prove his or her claim of identity?
24. Which network device is capable of blocking network Intrusion prevention sys-
connections that are identified as potentially mali- tem (IPS)
cious?
25. The CVE listing is a database of: known software vulnera-
bilities and exposures as
