CYBR 501 Exam 1

studied byStudied by 68 people
5.0(1)
get a hint
hint

Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.

A. True

B. False

1 / 76

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

Studying Progress

0%
New cards
77
Still learning
0
Almost done
0
Mastered
0
77 Terms
1
New cards

Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.

A. True

B. False

A. True

New cards
2
New cards

When selling software, software manufacturers limit their liability using which of the following?

A. End-User License Agreements

B. Confidentiality agreements

C. Software development agreements

D. By developing error-free software and code so there is no liability

E. None of the above

A. End-User License Agreements

New cards
3
New cards

The __________ tenet of information systems security is concerned with the recovery time objective.

A. Confidentiality

B. Integrity

C. Availability

D. All of the above

E. None of the above

C. Availability

New cards
4
New cards

A publicly traded company or U.S. federal government agency must go public and announce that it has had a data breach and inform the impacted individuals of that data breach.

A. True

B. False

A. True

New cards
5
New cards

Which security control would reduce the likelihood of an attacker’s gaining unauthorized access to a user’s login ID?

A. VPN

B. Two-factor authentication

C. Encrypting all stored data

D. Firewall

B. Two-factor authentication

New cards
6
New cards

The __________ is the weakest link in an IT infrastructure.

A. System/Application Domain

B. LAN-to-WAN Domain

C. WAN Domain

D. Remote Access Domain

E. User Domain

E. User Domain

New cards
7
New cards

Which of the following security controls can help mitigate malicious email attachments?

A. Email filtering and quarantining

B. Email attachment antivirus scanning

C. Verifying with users that email source is reputable

D. Holding all incoming emails with unknown attachments

E. All of the above

E. All of the above

New cards
8
New cards

Which security control would be implemented to stop attackers from intercepting and reading sensitive email messages?

A. An acceptable use policy

B. A data classification standard

C. An IT security policy framework

D. A VPN for remote access

E. Secure access controls

D. A VPN for remote access

New cards
9
New cards

Encrypting email communications is needed when sending confidential information within an email message through the public Internet.

A. True

B. False

A. True

New cards
10
New cards

Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats.

A. True

B. False

A. True

New cards
11
New cards

A data classification standard is usually part of which policy definition?

A. Asset classification policy

B. Acceptable use policy

C. Vulnerability assessment and management policy

D. Security awareness policy

E. Threat assessment and monitoring policy

A. Asset classification policy

New cards
12
New cards

A data breach typically occurs after which of the following?

A. Unauthorized access to systems and application is obtained

B. Vulnerability assessment scan

C. Configuration change request

D. Implementation of a new data center

E. Implementation of a web application update

A. Unauthorized access to systems and application is obtained

New cards
13
New cards

Maximizing availability primarily involves minimizing __________.

A. The amount of downtime recovering from a disaster

B. The mean time to repair a system or application

C. Downtime by implementing a business continuity plan

D. The recovery time objective

E. All of the above

E. All of the above

New cards
14
New cards

Which of the following is not a U.S. compliance law or act?

A. CIPA

B. FERPA

C. FISMA

D. PCI DSS

E. HIPAA

D. PCI DSS

New cards
15
New cards

Internet IP packets are to cleartext what encrypted IP packets are to __________.

A. Confidentiality

B. Ciphertext

C. Virtual private networks

D. Cryptography algorithms

E. None of the above

B. Ciphertext

New cards
16
New cards

The Internet is an open, public network shared by the entire planet. Anyone can connect to the Internet with a computer and a valid Internet connection and browser.

A. True

B. False

A. True

New cards
17
New cards

Which of the following are challenges that the IoT industry must overcome?

A. Security and privacy

B. Interoperability and standards

C. Legal and regulatory compliance

D. E-commerce and economic development

E. All of the above

E. All of the above

New cards
18
New cards

Which phenomenon helped drive near real-time, high-speed broadband connectivity to the endpoint device?

A. Internet connectivity

B. Email

C. VoIP

D. Social media sharing

E. All of the above

A. Internet connectivity

New cards
19
New cards

Which of the following requires an IoT-connected automobile?

A. Near real-time access to household controls and systems

B. Ability to track the whereabouts of your children through location-finder GPS applications

C. Real-time alerts regarding reminders to pay bills on time

D. Online e-commerce and online shopping with direct delivery

E. Traffic monitoring sensors that provide real-time updates for traffic conditions

E. Traffic monitoring sensors that provide real-time updates for traffic conditions

New cards
20
New cards

Which of the following are impacts of the IoT on our business lives?

A. E-commerce

B. Integrated supply chain with front-end sales order entry

C. Companies now offering delivery services for products and services with real-time updates

D. Customer reviews providing consumers with product and service reviews online and with more information about customer satisfaction

E. All of the above

E. All of the above

New cards
21
New cards

Which of the following helps support remote teleworking?

A. Presence/availability

B. IM chat

C. Video conferencing

D. Collaboration

E. All of the above

E. All of the above

New cards
22
New cards

What is a security challenge that IoT deployments must overcome?

A. Congestion of mobile IP traffic

B. Secure communication with other IoT devices

C. Liability of an IoT device failing to send an update message

D. Pricing for software licensing in the IoT device

E. Privacy data use sharing agreement

B. Secure communication with other IoT devices

New cards
23
New cards

Unified messaging provides what functionality for users on the go?

A. Voice messages that are converted to audio files and emailed to the user’s inbox for playback while on the road

B. One-to-many communications

C. Automatic secure connections, regardless of location

D. VoIP communications and messaging

E. Transparent connection between cellular and wireless endpoints

A. Voice messages that are converted to audio files and emailed to the user’s inbox for playback while on the road

New cards
24
New cards

Which of the following applications can eliminate the need for in-person training?

A. Audio conferencing and video conferencing

B. Social media

C. IM chat

D. Presence/availability

E. All of the above

A. Audio conferencing and video conferencing

New cards
25
New cards

Why do e-commerce systems need the utmost in security controls?

A. It is a PCI DSS standard.

B. Private customer data is entered into websites.

C. Credit card data is entered into websites.

D. Customer retention requires confidence in secure online purchases.

E. All of the above

E. All of the above

New cards
26
New cards

Which of the following is not a challenge that must be overcome by IoT deployments?

A. Security

B. Availability

C. Legal and regulatory

D. E-commerce and economic development

E. Privacy

B. Availability

New cards
27
New cards

Typically, data must be _____________ to be shared or used for research purposes.

A. Encrypted

B. Hashed

C. De-identified

D. Masked out

E. In cleartext

C. De-identified

New cards
28
New cards

The main goal of a hacker is to circumvent access controls and potentially steal data.

A. True

B. False

A. True

New cards
29
New cards

Which of the following best describes intellectual property?

A. The items a business has copyrighted

B. Patents owned by a business

C. Sales and marketing plans

D. Customer lists

E. All of the above

E. All of the above

New cards
30
New cards

Which of the following terms best describes a person with very little hacking skills?

A. Hacker

B. Script kiddie

C. Cracker

D. Wannabe

E. All of the above

B. Script kiddie

New cards
31
New cards

A(n) ___________________ is a software tool that is used to capture packets from a network.

packet sniffer

New cards
32
New cards

Which type of attack results in legitimate users not having access to a system resource?

A. Denial

B. Disclosure

C. Alteration

D. Spoofing

A. Denial

New cards
33
New cards

A qualitative risk assessment assigns a subjective risk rating to assess the risk.

A. True

B. False

A. True

New cards
34
New cards

Which of the following is an example of social engineering?

A. SQL injection

B. XML injection

C. Security design

D. Impersonation

E. All of the above

D. Impersonation

New cards
35
New cards

Which of the following is an example of an administrative security control?

A. Antivirus/anti-malware protection

B. Data leakage prevention

C. Standardized workstation and laptop images

D. Security awareness training

E. All of the above

D. Security awareness training

New cards
36
New cards

Vulnerability assessment scanners look for software vulnerabilities in IP host devices.

A. True

B. False

A. True

New cards
37
New cards

Which of the following affects availability?

A. Cross-site scripting

B. SQL injection

C. Denial

D. Packet sniffing

E. None of the above

C. Denial

New cards
38
New cards

Which type of attack involves capturing data packets from a network and transmitting them later to produce an unauthorized effect?

A. Man in the middle

B. Denial

C. Replay

D. Phishing

E. SQL injection

C. Replay

New cards
39
New cards

The list of known software vulnerabilities maintained by MITRE is called:

A. National Vulnerability Database (NVD)

B. Common Vulnerabilities and Exposures (CVE)

C. Zero-Day List (ZDL)

D. Software Vulnerabilities List (SVL)

B. Common Vulnerabilities and Exposures (CVE)

New cards
40
New cards

Which type of malware attaches to, or infects, other programs?

A. Spyware

B. Virus

C. Worm

D. Rootkit

B. Virus

New cards
41
New cards

________ is any unwanted message.

spam

New cards
42
New cards

Which type of malicious software is a stand-alone program that propagates from one computer to another?

A. Spyware

B. Virus

C. Worm

D. Snake

C. Worm

New cards
43
New cards

In the context of malware, which of the following best defines the term mobile code?

A. Website active content

B. Malware targeted at tablets and smartphones

C. Software that runs on multiple operating systems

D. Malware that uses networks to propagate

A. Website active content

New cards
44
New cards

A(n) __________ is a network of compromised computers that attackers use to launch attacks and spread malware.

A. Black network

B. Botnet

C. Attacknet

D. Trojan store

B. Botnet

New cards
45
New cards

What does the TCP SYN flood attack do to cause a DDoS?

A. Causes the network daemon to crash

B. Crashes the host computer

C. Saturates the available network bandwidth

D. Fills up the pending connections table

D. Fills up the pending connections table

New cards
46
New cards

Which type of attack tricks a user into providing personal information by masquerading as a legitimate website?

A. Phreaking

B. Phishing

C. Trolling

D. Keystroke logging

B. Phishing

New cards
47
New cards

The best defense from keystroke loggers is to carefully inspect the keyboard cable before using a computer because the logger must connect to the keyboard’s cable.

A. True

B. False

B. False

New cards
48
New cards

How did viruses spread in the early days of malware?

A. Wired network connections

B. Punch cards

C. Diskettes

D. As program bugs

C. Diskettes

New cards
49
New cards

What is the most common first phase of an attack?

A. Vulnerability identification

B. Reconnaissance and probing

C. Target selection

D. Evidence containment

B. Reconnaissance and probing

New cards
50
New cards

Which software tool provides extensive port-scanning capabilities?

A. Ping

B. Whois

C. Rpcinfo

D. Nmap

D. Nmap

New cards
51
New cards

The __________ strategy ensures that an attacker must compromise multiple controls to reach any protected resource.

defense-in-depth

New cards
52
New cards

A honeypot is a sacrificial host with deliberately insecure services deployed at the edges of a network to act as bait for potential hacking attacks.

A. True

B. False

A. True

New cards
53
New cards

Risk management focuses on responding to a negative event when it occurs.

A. True

B. False

B. False

New cards
54
New cards

With respect to IT security, a risk can result in either a positive or a negative effect.

A. True

B. False

A. True

New cards
55
New cards

According to PMI, which term describes the list of identified risks?

A. Risk checklist

B. Risk register

C. Risk methodology

D. Mitigation list

E. All of the above

B. Risk register

New cards
56
New cards

What is the primary purpose of a business impact analysis (BIA)?

A. To identify, categorize, and prioritize mission-critical business functions

B. To provide a road map for business continuity and disaster recovery planning

C. To assist organizations with risk management

D. To assist organizations with incident response planning

E. All of the above

E. All of the above

New cards
57
New cards

Which of the following terms defines the maximum allowable time it takes to recover a production IT system, application, and access to data?

A. Recovery point objective

B. Recovery time objective

C. Risk exposure time

D. Production recovery time

E. None of the above

B. Recovery time objective

New cards
58
New cards

The recovery point objective (RPO) defines the state at which _______ processing is able to resume.

A.Recovery

B. Alternate site

C. Limited

D. Normal

D. Normal

New cards
59
New cards

Which of the following solutions are used for authenticating a user to gain access to systems, applications, and data?

A. Passwords and PINs

B. Smart cards and tokens

C. Biometric devices

D. Digital certificates

E. All of the above

E. All of the above

New cards
60
New cards

Which risk management approach requires a distributed approach with business units working with the IT organization?

A. OCTAVE

B. CRAMM

C. NIST SP800-30

D. ISO 27005

E. None of the above

A. OCTAVE

New cards
61
New cards

The NIST SP800-30 standard is a _______________management framework standard for performing risk management.

A. Risk

B. Threat

C. Vulnerability

D. Security

E. None of the above

A. Risk

New cards
62
New cards

Which term indicates the maximum amount of data loss over a time period?

A. RAI

B. ROI

C. RTO

D. RPO

E. None of the above

D. RPO

New cards
63
New cards

Organizations that permit their employees to use their own laptops or smartphone devices and connect to the IT infrastructure describe a policy referred to as:

A. RTO

B. MDM

C. BYOD

D. AUP

E. None of the above

C. BYOD

New cards
64
New cards

Which of the following are organizational concerns for BYOD and mobility?

A. Data ownership

B. Privacy

C. Lost or stolen device

D. Data wiping

E. All of the above

E. All of the above

New cards
65
New cards

_______________ is the U.S. security-related act that governs regulated health care information.

HIPAA

New cards
66
New cards

Which U.S. security-related act governs the security of data specifically for the financial industry?

A. GLBA

B. COPPA

C. HIPAA

D. FERPA

E. None of the above

A. GLBA

New cards
67
New cards

Which of the following business drivers are impacting businesses’ and organizations’ security requirements and implementations?

A. Mobility

B. Regulatory compliance

C. Productivity enhancements

D. Always-on connectivity

E. All of the above

E. All of the above

New cards
68
New cards

A plan that contains the actions needed to keep critical business processes running after a disruption is called a __________.

A. Disaster recovery plan (DRP)

B. Business impact analysis (BIA)

C. Business continuity plan (BCP)

D. None of the above

C. Business continuity plan (BCP)

New cards
69
New cards

A plan that details the steps to recover from a major disruption and restore the infrastructure necessary for normal business operations is a __________.

A. Disaster recovery plan (DRP)

B. Business impact analysis (BIA)

C. Business continuity plan (BCP)

D. None of the above

A. Disaster recovery plan (DRP)

New cards
70
New cards

What term represents processes that must be operational for an organization to carry out its core business operations?

A. CBF

B. BCM

C. DRP

D. BIA

A. CBF

New cards
71
New cards

Which type of backup backs up only changes since the previous backup?

A. Incremental

B. Full

C. Differential

D. Redundant

A. Incremental

New cards
72
New cards

__________ is the limit of time that a business can survive without a particular critical system.

A. Recovery time objective (RTO)

B. Critical business function (CBF)

C. Maximum tolerable downtime (MTD)

D. None of the above

C. Maximum tolerable downtime (MTD)

New cards
73
New cards

The incident-handling process includes which of the following?

A. Documentation

B. Response

C. Notification

D. Recovery and follow-up

E. All of the above

E. All of the above

New cards
74
New cards

The primary steps to disaster recovery include the safety of individuals, containing the damage, assessing the damage, and beginning the recovery operations.

A. True

B. False

A. True

New cards
75
New cards

Which type of report includes a list of functions that are critical to an organization’s operations and sets the priority for restoring those functions after a disruption?

A. CSP

B. BCM

C. CBF

D. BIA

D. BIA

New cards
76
New cards

What type of document includes uptime and availability guarantees for cloud service providers?

A. Reciprocal agreement

B. Service level agreement

C. Processing agreement

D. Cloud performance agreement

B. Service level agreement

New cards
77
New cards

Which type of disaster recovery plan test activates an alternate site but does not stop processing at the primary site?

A. Structured walk-through

B. Simulation

C. Parallel

D. Full interruption

C. Parallel

New cards

Explore top notes

note Note
studied byStudied by 15 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 422 people
Updated ... ago
5.0 Stars(3)
note Note
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 9 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 135 people
Updated ... ago
4.2 Stars(5)
note Note
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 8728 people
Updated ... ago
4.8 Stars(79)

Explore top flashcards

flashcards Flashcard46 terms
studied byStudied by 28 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard55 terms
studied byStudied by 2 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard60 terms
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard43 terms
studied byStudied by 5 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard100 terms
studied byStudied by 2 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard91 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard52 terms
studied byStudied by 15 people
Updated ... ago
5.0 Stars(2)
flashcards Flashcard104 terms
studied byStudied by 63 people
Updated ... ago
5.0 Stars(2)