Chapter 8 Flashcards
(19 cards)
If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?
SOX
ECPA
CFAA
GLBA
CFAA
Unauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)
Lock cabinets.
Conduct security awareness training regularly.
Prohibit exiting the building during working hours.
Establish policies and procedures for guests visiting the building.
Conduct security awareness training regularly.
Establish policies and procedures for guests visiting the building.
An auditor is asked to assess the LAN of a company for potential threats. What are three potential threats the auditor may point out? (Choose three.)
unlocked access to network equipment
a misconfigured firewall
the acceptable use policy
unauthorized port scanning and network probing
complex passwords
locked systems
unlocked access to network equipment
a misconfigured firewall
unauthorized port scanning and network probing
A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.)
Provide security awareness training.
Disable CD and USB access.
Implement disciplinary action.
Monitor all activity by the users.
Change to thin clients.
Use content filtering.
Provide security awareness training.
Disable CD and USB access.
Use content filtering
As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?
PCI
FIRPA
SOX
GLBA
GLBA
What can be used to rate threats by an impact score to emphasize important vulnerabilities?
ACSC
ISC
NVD
CERT
NVD
A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection?
SOX
ECPA
GLBA
PCI DSS
PCI DSS
Why is Kali Linux a popular choice in testing the network security of an organization?
It can be used to test weaknesses by using only malicious software.
It can be used to intercept and log network traffic.
It is an open source Linux security distribution and contains over 300 tools.
It is a network scanning tool that prioritizes security risks.
It is an open source Linux security distribution and contains over 300 tools.
A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software?
PaaS
RaaS
SaaS
IaaS
SaaS
A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?
malware
pentest
packet analyzer
vulnerability scanner
vulnerability scanner
A consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.)
Enable automated antivirus scans.
Remove content filtering.
Enforce strict HR policies.
Disable administrative rights for users.
Enable media devices.
Enable screen lockout.
Enable automated antivirus scans.
Disable administrative rights for users.
Enable screen lockout.
What three services does CERT provide? (Choose three.)
develop tools, products, and methods to conduct forensic examinations
enforce software standards
develop tools, products, and methods to analyze vulnerabilities
resolve software vulnerabilities
develop attack tools
create malware tools
develop tools, products, and method to conduct forensic examinations
develop tools, products, and methods to analyze vulnerabilities
resolve software vulnerabilities
What are two items that can be found on the Internet Storm Center website? (Choose two.)
current laws
InfoSec reports
InfoSec job postings
historical information
InfoSec reports
InfoSec job postings
An organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.)
Disable firewalls.
Hire a consultant.
Disable ping, probing, and port scanning.
Grant administrative rights.
Test inbound and outbound traffic.
Update devices with security fixes and patches.
Disable ping, probing, and port scanning.
Test inbound and outbound traffic.
Update devices with security fixes and patches.
A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?
HIPPA
CIPA
FERPA
COPPA
FERPA
What are the three broad categories for information security positions? (Choose three.)
seekers
doers
builders
creators
monitors
definers
builders
monitors
definers
What are three disclosure exemptions that pertain to the FOIA? (Choose three.)
information specifically non-exempt by statue
confidential business information
public information from financial institutions
law enforcement records that implicate one of a set of enumerated concerns
non-geological information regarding wells
national security and foreign policy information
confidential business information
law enforcement records that implicate one of a set of enumerated concerns
national security and foreign policy information
As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?
cloud providers
potential gain
partnerships
laws governing the data
potential bonus
laws governing the data
What are two potential threats to applications? (Choose two.)
unauthorized access
data loss
power interruptions
social engineering
unauthorized access
data loss
