Download CSIA 105: Information Security Questions and Answers and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
CSIA 105 Questions and Answers
Rated A+
according to the US bureau of labor statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade ✔✔ 18
what information security position reports to the ciso and supervises technicians, administrators, and security staff? ✔✔manager
Which position below is considered an entry-level position for a person who has the necessary technical skills? ✔✔security technician
what country is now the number one source of attack traffic? ✔✔Indonesia
What kind of server connects a remote system through the Internet to local serial ports using TCP/IP? ✔✔serial server
in what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or Network ✔✔distributed
Which term below is frequently used to describe the tasks of securing information that is in a digital format? ✔✔information security
the security protection item that ensures that the individual is who they claim to be the authentic or genuine person and not and an imposter is known as ✔✔authentication
which of the three protections ensures that only authorized parties can view information ✔✔confidentiality
select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data ✔✔integrity
what type of theft involves stealing another person's personal information, such as a social security number, and then using the information to impersonate the victim, generally for financial gain? ✔✔identity theft
in information security, what constitutes a loss? ✔✔all all of the above
created 2 improve the security and privacy of sensitive information and to create acceptable security practices ✔✔computer security act
created to protect the privacy of student records ✔✔FERPA
an act created to help protected children under the age of 13 from exploitation by governing the online collection of the child's personal information ✔✔the children's online act
requires Banks and financial institutions to alert customers of their policies and practices in disclosing customer information ✔✔Gramm-Leach-Bliley Act
Script kiddies acquire which item below from other attackers to easily craft an attack: ✔✔exploit kit
created for corporate governance and financial practice ✔✔Sarbanes-Oxley Act
defines minimum requirements for merchants and service providers to protect cardholder data ✔✔payment-card industry act
what are some key things people need to know about how to handle evidence related to different types of disputes civil, criminal, private? what makes this difficult at times ✔✔difficulties: human error, contamination, not knowing policy, live operations
Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users knees. which of these generally recognized security positions has in been offered ✔✔security administrator
alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. she has decided to focus on the issue of widespread vulnerabilities. which of the following would a alyona not include in her presentation ✔✔Misconfiguration
Tatiana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. which of the following configuration issues would not covered ✔✔vulnerable business processes
adone is attempting to explain to his friend the relationship between security and convenience. which of the following statements would he use ✔✔security and convenience are inversely proportional
which of the following is an Enterprise critical asset ✔✔information
Gunner is creating a document that explains risk response techniques which of the following would he not list and explain in his document ✔✔extinguish risk
an organization that practices purchasing products from different vendors is demonstrating which security principle ✔✔diversity
What is an objective of state-sponsored attackers? ✔✔to spy on citizens
which act requires Banks and financial institutions to alert their customers of their policies in disclosing customer information ✔✔Gramm-Leach-Bliley Act (GLBA)
signe wants to improve the security of the small business where she serves as a security manager. she determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. what security principle does signe want to use ✔✔obscurity
why do cyber terrorists Target power plants, air traffic control centers, and water systems ✔✔they can cause significant disruption by destroying only a few targets
what are industry-standard frameworks and reference architectures that are required by external agencies known as ✔✔regulatory
which tool is most commonly associated with nation-state threat actors ✔✔advanced persistent threat
what is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments ✔✔brokers
which of the following is not a primary trait of malware ✔✔diffusion
which type of malware requires a user to transport it from one computer to another ✔✔virus
which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed ✔✔metamorphic
Astrid's computer screen suddenly says that all files are now locked until money is transferred to a specific account, at which time she will receive amen means to unlock the files what type of malware has infected her computer ✔✔crypto malware
which of these is a general term used for describing software that gathers information without the user's consent ✔✔spyware
which statement regarding a keylogger is not true ✔✔software keyloggers are generally easy to detect
a watering hole attack is directed against ✔✔a smaller group of specific users
sends fishing messages only to wealthy individuals ✔✔whaling
which of these items retrieved through the dumpster diving would not provide useful information ✔✔books
is following an authorized person through a secure door ✔✔tailgating
lykke receives a call while working at the help desk from someone who needs his account reset immediately when lykke questions the collar, he says if you don't reset my account immediately I will call your supervisor what psychological approach is the collar attention to use ✔✔intimidation
Each of the following is the reason adware is scorned except __________.. ✔✔it displays the attackers programming skills
what is the term used for a threat actor who controls multiple bots in a botnet ✔✔bot herder
the hash message authentication code HMAC ✔✔in encrypt the key and the message
What is the latest version of the Secure Hash Algorithm? ✔✔SHA-
what is data called that is to be encrypted by inputting it into a cryptographic algorithm ✔✔plain text
Alexi was given a key to a substitution cipher the key show that the entire alphabet was rotated 13 steps. what type of cipher is used ✔✔ROT13 cipher
Public key systems that generate random public keys that are different for each session. ✔✔perfect forward secrecy
a______is not decrypted but is only used for comparison purposes ✔✔digest
which of these is not a characteristic of a secure hash algorithm ✔✔collision should be rare
illya was asked to recommend the most secure asymmetric cryptographic algorithm to his supervisor. which of the following did he choose ✔✔rsa
alyosha was explaining to a friend the importance of protecting a cryptographic key from crypto analysis. he said that the key should not relate in a simple way to the ciphertext which protection is he describing ✔✔confusion
at a staff meeting one of the technicians suggested that the Enterprise for tactics new web server by hiding it and not telling anyone where it is located why is security through obscurity a poor idea ✔✔it would be a essentially impossible to keep its location a secret from everyone
which of these is the strongest symmetric cryptographic algorithm ✔✔advanced encryption standard
If Bob wants to send a secure message to Alice using an asymmetric cryptographic
algorithm, which key does he use to encrypt the message? ✔✔Alice's public key
What is a characteristic of the Trusted Platform Module (TPM)? ✔✔it provides cryptographic services in hardware instead of software
Edgar wanted to use a digital signature which of the following benefits will the digital signature not provide ✔✔verify the receiver
which of these has an on-board key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption and can back up system material in encrypted form ✔✔hardware security module
which of the following is not a method for strengthening a key ✔✔variability
C. to encrypt messages for secure e-mail communications
D. to encrypt channels to provide secure communication between clients and servers ✔✔to verify the authenticity of the registration authorizer
in entity that issues digital certificates is a ✔✔certificate authority
a centralized directory of digital certificates is called ✔✔certificate repository
performs a real-time lookup of a digital certificate status ✔✔online certificate status protocol
what is a value that can be used to ensure that hashed plaintext will not consistent sleep result in the same digest ✔✔salt
which did a digital certificate displays the name of the entity behind the website ✔✔extended validation
which trust model has multiple cas one of which acts as a facilitator ✔✔bridge
which statement is not true regarding hierarchical trust models ✔✔it is designed for use on larger scale
public key infrastructure ✔✔is the management of digital certificates
a_______is a published set of rules that govern the operation of a pki ✔✔certificate policy
which of these is not part of the certificate lifecycle ✔✔authorization
refers to a situation in which keys are managed by third-party such as a trusted CA ✔✔key escrow
is a protocol for securely accessing a remote computer ✔✔secure shell
which attack intercepts communications between a web browser and the underlying computer ✔✔man-in-the-browser
John was explaining about an attack that accepts uses input without validation and uses that input in a response. what type of attack was he describing ✔✔xss
which attack uses the user's web browser settings to impersonate that user ✔✔xsrf
what is the basis of an SQL injection attack ✔✔to insert SQL statements through unfiltered user input
Which action cannot be performed through a successful SQL injection attack? ✔✔reformat the web application servers hard drive
attackers who register domain names that are similar to legitimate domain names are performing ✔✔URL hijacking
