ISC2

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/25

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

26 Terms

1
New cards

Which type of attack has the PRIMARY objective controlling the system from outside?

Backdoor

2
New cards

Which of the following is not a protocol of the OSI Level 3?

SNMP

3
New cards

When a company hires an insurance company to mitigate risk, which risk management technique is being applied?

Risk transfer

4
New cards

The SMTP protocol operates at OSI Level:

7

5
New cards

The process of verifying or proving the user's identification is known as:

Authentication

6
New cards

If an organization wants to protect itself against tailgating, which of the following types of access control would be most effective?

Turnstiles

7
New cards

Logging and monitoring systems are essential to:

Identifying inefficient performing systems, detecting compromises, and providing a record of how systems are used

8
New cards

In the event of a disaster, which of these should be the PRIMARY objective?

Guarantee the safety of people

9
New cards

The process that ensures that system changes do not adversely impact business operations is known as:

Change Management

10
New cards

The last phase in the data security cycle is:

Destruction

11
New cards

Which access control model specifies access to an object based on the subject's role in the organization?

RBAC

12
New cards

Which of the following is NOT an example of a physical security control?

Firewalls

13
New cards

Which type of attack will most effectively maintain remote access and control over the victim's computer?

Rootkits

14
New cards

In incident terminology, the meaning of Zero Day is:

A previously unknown system vulnerability

15
New cards

Which of the following is NOT a possible model for an Incident Response Team (IRT)?

Pre-existing

16
New cards

A device found not to comply with the security baseline should be:

Disabled or isolated into a quarantine area until it can be checked and updated.

17
New cards

A biometric reader that grants access to a computer system in a data center is a:

Technical Control

18
New cards

Which type of attack PRIMARILY aims to make a resource inaccessible to its intended users?

Denials of Service

19
New cards

Which type of attack embeds malicious payload inside a reputable or trusted software?

Trojans

20
New cards

Which tool is commonly used to sniff network traffic?

Wireshark

21
New cards

Which of these is not an attack against an IP network?

Side-channel Attack

22
New cards

The detailed steps to complete tasks supporting departmental or organizational policies are typically documented in:

Procedures

23
New cards

Which device is used to connect a LAN to the Internet?

Router

24
New cards

What does SIEM mean?

Security Information and Event Manager

25
New cards

A Security safeguard is the same as a:

Security control

26
New cards

Which access control model can grant access to a given object based on complex rules?

ABAC