Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
104 Cards in this Set
- Front
- Back
|
An organization has experienced a large amount of traffic being re-routed from its voice over IP (VoIP) packet network. The organization believes it is a victim of eavesdropping. Which of the following could result in eavesdropping of VoIP traffic? |
Corruption of the ARP cache in Ethernet switches |
|
|
Which of the following ensures a sender's authenticity and an emails Confidentiality? |
Encrypting the hash of the message with the sender's private key and thereafter encrypting the message with the receivers public key. |
|
|
An efficient use of public key infrastructure should encrypt the: |
Systematic session key |
|
|
Which of the following cryptographic systems is most appropriate for bulk data encryption and small devices such as smart cards? |
AES |
|
|
Disabling Which of the following would make wireless local area networks more secure against unauthorized access? |
SSID broadcasting |
|
|
Which of the following is best suited for secure communications within a small group? |
Web of trust |
|
|
Which of the following is the most important action in recovering from a cyber attack? |
Execution if a business continuity plan |
|
|
What method might an IS auditor utilize to test wireless security at branch office locations? |
War driving |
|
|
Which of the following intrusion detection systems will most likely generate false alarms resulting from normal network activity? |
Statistical based |
|
|
When auditing security for a data center, an IS auditor should look for the presence of a voltage generator to ensure the: |
Hardware is protected against power surges |
|
|
Which of the following methods of suppressing a fire in a data center is the most effective and environmentally friendly |
Dry pipe sprinklers |
|
|
Which of the following environmental controls is appropriate to protect computer equipment against short term reductions in electrical power? |
Power line conditioners |
|
|
An IS auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers- one filled with CO2, the other filled with Halon gas. Which of the following should be given highest priority in the auditor's report? |
Both fire suppression systems present a risk of suffocation when used in a closed room |
|
|
What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks? |
Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. |
|
|
An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is most important? |
False-acceptance rate |
|
|
The most effective control for addressing the risk of piggybacking is: |
A deadman door |
|
|
The best overall quantitative measure of the performance of biometric control devices is: |
Equal-error rate |
|
|
Which of the following is the most effective control over visitor access to a data center? |
Visitors are escorted |
|
|
In a public key infrastructure, a registration authority: |
Verifies information supplied by the subject requesting a certificate |
|
|
Confidentiality of the data transmitted in a wireless local area network is best protected if the session is: |
Encrypted using dynamic keys |
|
|
Which of the following provides the most relevant information for proactivly strengthening security settings? |
Honeypot |
|
|
Over the long term, which of the following has the greatest potential to improve the security incident response system? |
Post event reviews by the incident response team |
|
|
When reviewing an intrusion detection system, an IS auditor should be most concerned about which of the following? |
Attacks not being identified by the system |
|
|
Distribution denial-of-service attacks on internet sites are typically evoked by hackers using which of the following? |
Trojan horses |
|
|
Validated digital signatures in an email software application will: |
Help detect spam |
|
|
In transport mode, the use of the Encapsulating Security Payload protocol is advantageous over the Authentication Header protocol because it provides: |
Confidentiality |
|
|
An IS auditor notes the intrusion detection system log entries related to port scanning are not being analyzed. This lack of analysis will most likely increase the risk of success of which of the following attacks? |
Denial-of-service |
|
|
IS management recently replaced it's existing wired local are network with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks? |
War driving |
|
|
Which of the following encryption techniques will best protect a wireless network from a man-in-the-middle attack? |
Randomly generated pre-shared key |
|
|
The IS management of a multinational company is considering upgrading it's existing virtual private network to support voice-over IP communications via tunneling. Which of the following Considerations should be primarily addressed? |
Reliability and quality of service |
|
|
Which of the following antispam filtering techniques would best prevent a valid, variable length email message containing a heavily weighted spam keyword from being labeled as spam? |
Bayesian |
|
|
Which of the following public key infrastructure elements provides detailed descriptions for dealing with a compromised private key? |
Certification practice statement |
|
|
The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? |
Replay |
|
|
Active radio frequency ID tags are subject to which of the following exposures? |
Eavesdropping |
|
|
When conducting a penetration test of an organization's internal network, which of the following approaches would best enable the conductor of the test to remain undetected on the network? |
Pause the scanning every few minutes to allow thresholds to reset. |
|
|
Two-factor authentication can be circumvented through which of the following attacks? |
Man-in-the-middle |
|
|
An organization can ensure that the recipients of emails from its employees can authenticate the identity of the sender by: |
Digitally signing all email messages |
|
|
Sending a message and a message hash encrypted by the sender's private key will ensure: |
Authenticity and integrity |
|
|
Which of the following is a general operating system access control function? |
Creating individual accountability |
|
|
Which of the following best restricts users to those functions needed to perform their duties? |
Application-level access control |
|
|
Which of the following is a passive attack to a network? |
Traffic analysis |
|
|
An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the nonupgradable access points. Which of the following would best justify the IS auditor's recommendation? |
The organization's security would be as strong as its weakest point |
|
|
For a discretionary access control to be effective, it must: |
Operate within the context of mandatory access controls |
|
|
An instrument advisor emails periodic newsletters to clients and wants reasonable Assurance that no one has modified the news letter. The objective can be achieved by: |
Encrypting the hash of the newsletter using the advisors private key |
|
|
An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice: |
Reduces the risk of unauthorized access to the network |
|
|
An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Of the following, which is the best control against risk? |
Kerberos |
|
|
A virtual private network provides data confidentially by using: |
Tunneling |
|
|
A firm is considering using biometric fingerprint identification on all PCs that access critical data. This requires: |
That a registration process is executed for all accredited PC users. |
|
|
In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized access to confidential information through: |
Common gateway interface scripts |
|
|
From a control perspective, the primary objective of classifying information assets is to: |
Establish guidelines for the level of access controls that should be assigned |
|
|
An organization has been recently downsized. In light of this, an IS auditor decides to test logical access controls. The IS auditor's primary concern should be that: |
All system access is authorized and appropriate for an individual's and responsibilities. |
|
|
An IS auditor reviewing access controls for a client-server environment should first: |
Identify the network access points |
|
|
To prevent IP spoofing attacks, a firewall should be configured to drop a packet if: |
The source routing field is enabled |
|
|
Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption? |
Key distribution |
|
|
The logical exposure associated with the use of a checkpoint restart procedure is: |
An asynchronous attack |
|
|
Which of the following biometrics has been he highest reliability and lowest false acceptance rate? |
Retina scan |
|
|
An IS auditor reviewing the implementation of an intrusion detection system should be most concerned if: |
The IDS is used to detect encrypted traffic |
|
|
Which of the following best describes the role of a directory server in a public key infrastructure? |
Makes other users' certificates available to applications |
|
|
An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symeteic encryption: |
Can cause key management to be difficult |
|
|
Inadequate programing and coding practices introduce the risk of: |
Buffer overload and exploitation |
|
|
Which of the following would provide the best protection against the hacking of a computer connected to the Internet? |
A personal fire wall |
|
|
Which of the following would prevent unauthorized changes to information stored in a server's log? |
Storing the system log in write-once media |
|
|
When installing an intrusion detection system, which of the following is most important? |
Properly locating it in the network architecture |
|
|
A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it? |
Physically destroy the hard disk |
|
|
In a public key infrastructure, Which of the following may be relied upon to prove that an online transaction was authorized by a specific customer? |
Nonrepudiation |
|
|
After reviewing it's business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the most appropriate approach for implementing access control that will facilitate security management of VoIP web application? |
Role based access control |
|
|
Which of the following ensures confidentiality of information sent over the Internet? |
Private key cryptosystem |
|
|
To protect a VoIP infrastructure against a denial-of-service attack, it is most important to secure the: |
Session border controllers |
|
|
In an online banking application, which of the following would best protect against identity theft? |
Two-factor authentication |
|
|
Which of the following is a secure sockets layer? |
Man-in-the-middle |
|
|
Which of the following potentially blocks hacking attempts? |
Intrusion prevention system |
|
|
Which of the following is the best method for preventing the leakage of confidential information in a laptop computer? |
Encrypt the hard disk with the owners public key |
|
|
A web server is attacked and comprised. Which of the following should be performed first to handle the incident? |
Disconnect the web server from the network |
|
|
To address a maintenance problem, a vendor needs remote access to a critical network the most secure and effective solution is to provide the vendor with a: |
Secure shell tunnel for the duration of the problem |
|
|
What is the best approach to mitigate the risk of a phishing attack? |
User education |
|
|
The responsibility for authorizing access to application data should be with: |
Data owner |
|
|
During an audit of the logical access control of an enterprise resource planning financial system an IS auditor found some user accounts shared by multiple individuals. The user IDs were based on roles rather than individual identities. These accounts allow access to financial transactions on the ERP. What should the IS auditor do? |
Look for compensating controls |
|
|
The most likely explanation for a successful social engineering attack is: |
That people make judgement errors |
|
|
A sender of an email message applies a digital signature to the digest of the message. This action provides assurance of the: |
Authenticity of the sender |
|
|
Minimum password length and password complexity verification are examples of: |
Control procedures |
|
|
An IS auditor finds that a DBA has read and write access to production data. the IS auditor should: |
Assess the controls relevant to the DBA function |
|
|
When using universal storage bus flash drive to transport confidential corporate data to an off site location, an effective control would be: |
Encrypt the folder containing the data with a strong key |
|
|
The best filter rule for protecting a network from being used as an amplifier in a denial of service attack is to deny all: |
outgoing traffic with IP source addresses external to the network |
|
|
The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents? |
Honeypots |
|
|
The purpose of a deadman door controlling access to a computer facility is primarily to: |
Prevent piggybacking |
|
|
Which of the following is the most robust method for disposing of magnetic media that contains confidential information? |
Destroying |
|
|
A company has decided to implement an electronic signature scheme based on public key infrastructure. The user's private key will be stored on the computer's hard drive and protected by a password. The most significant risk of this approach is: |
Impersonation of a user by substitution of the user's public key with another person's public key. |
|
|
Which of the following would be best prevented by a raised floor in the computer machine room? |
Damage of wires around the computers and servers |
|
|
A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data? |
Apply role-based permissions within the application system |
|
|
An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is most important? |
Permission from the data owner of the server |
|
|
Which of the following would most effectively control the usage of universal storage bus storage devices? |
Software for tracking and managing USB storage devices |
|
|
After observing suspicious activities in a server, a manager requests forensic analysis. Which of the following findings should be of most concern to the investigator? |
Audit logs are not embedded on the server |
|
|
Which of the following would be the greatest cause for concern when data are sent over the Internet using HTTPS protocol? |
Presence of spyware in one of the ends |
|
|
Which of the following is the most reliable form of single factor personal identification? |
Iris scan |
|
|
Which of the following is the best practice to ensure that access authorizations are still valid? |
Identify management is integrated with human resource processes |
|
|
A penetration test performed as part of evaluating network security: |
Exploits the existing vulnerabilities to gain unauthorized access |
|
|
A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of greatest concern if discovered during a forensic investigation? |
Audit logs are not embedded for the system |
|
|
An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be most effective? |
Physical destruction of the hard drive |
|
|
Users are issued security tokens to be used in combination with a PIN to access the corporate virtual private network. Regarding the PIN, what is the most important rule to be included in a security policy? |
Users should never write down their PIN |
|
|
A firewall is being deployed at a new location. Which of the following is the most important factor in insuring a successful deployment? |
Testing and validating the rules |
|
|
A data center has a badge-entry system. Which of the following is most important to protect the computing assets in the center? |
A process for promptly deactivating lost or stolen badges exists |
|
|
The human resource department had developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data? |
SSL encryption |
|
|
What is the most prevalent security risk when an organization implements remote virtual private network access to its network? |
Malicious code could be spread across the network |
|
|
An organization is using an enterprise resource management application. Which of the following would be an effective access control? |
Role-based |
