Information Security Finals Reviewer

0.0(0)
Studied by 1 person
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/518

flashcard set

Earn XP

Description and Tags

IT0005 / IT0125 || Compileation of FAs 1-4

Last updated 6:07 PM on 7/9/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

519 Terms

1
New cards

Franz is working on her university applications online, when the admissions website crashes. She is unable to turn in her application on time.

Choices:

Confidentiality

Integrity

Availability

None of the above

Availability

2
New cards

It is the third core security principle, and it is defined as a characteristic of a resource being accessible to a user, application, or computer system when required.

Choices:

Integrity

Attack

Confidentiality

Availability

Availability

3
New cards

What does confidentiality of data imply to

Choices:

Rules which hide data

Rules which allow access only to all parties

Rules which prevent data from being changed

Rules which restrict access only to those who need to know

Rules which restrict access only to those who need to know

4
New cards

Facts and statistics collected together for reference or analysis.

Choices:

Detection

Data

IT Resources

Prevention

Data

5
New cards

It is the state of being whole and undivided.

Choices:

Confidentiality

Availability

Integrity

Attack

Integrity

6
New cards

JP gets his phone bill in the mail. The bill was supposed to be for $80, but the mail person spilled water on the bill, smearing the ink. The bill now asks for $8.

Choices:

None of the above

Confidentiality

Availability

Integrity

Integrity

7
New cards

A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.

Choices:

Prevention

Threat

Vulnerability

Intrusion

Vulnerability

8
New cards

What is not goal of security?

Choices:

Threats

Risk

Intrusion

Vulnerability

Intrusion

9
New cards

Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?

Choices:

Increased availability of network services due to higher throughput

Longer MTBF of hardware due to lower operating temperatures   

Longer UPS run time due to increased airflow   

Higher data integrity due to more efficient SSD cooling   

Increased availability of network services due to higher throughput

10
New cards

It limits when users can access specific systems based on the time of day or week.

Choices:

Security token

Time of day restrictions

Mandatory vacations

Biometrics

Time of day restrictions

11
New cards

Which of the following security concepts can avoid a client from logging on from home amid the ends of the week?

Choices:

Implicit deny

Multifactor authentication

Common access card

Time of day restrictions

Time of day restrictions

12
New cards

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client-side certificate.  Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

Choices:

2

4

1

3

3

13
New cards

It is a principle that prevents any single person or entity from being able to have full access or complete all the functions of a critical or sensitive process.

Choices:

Job rotation

Access control

Implicit deny

Separation of duties

Separation of duties

14
New cards

It is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

Choices:

Key exchange

Cipher Suites

Digital Signature

Session Keys

Key exchange

15
New cards

It is the practice of converting a password to a longer and more random key for cryptographic purposes such as encryption.

Choices:

Key exchange

Key Stretching

Cipher Suites

Session Keys

Key Stretching

16
New cards

Which of the following security concepts can prevent a user from logging on from home during the weekends?

Choices:

Implicit deny

Common access card

Multifactor authentication

Time of day restrictions

Time of day restrictions

17
New cards

Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

Choices:

Single factor authentication

Biometrics

Multifactor authentication

PKI

Multifactor authentication

18
New cards

It also known as public key cryptography

Choices:

Hashing

encryption key

Asymmetric encryption

Symmetric encryption

Asymmetric encryption

19
New cards

It is the action or process of classifying something according to shared qualities or characteristics.

Choices:

Classification

Retention Schedules

Paper documents

Official information

Classification

20
New cards

It could be a level of quality or fulfillment

Choices:

Guidelines

Standards

Policy statement

Security policy

24. It involves first identifying the

Standards

21
New cards

It involves first identifying the groups and people who will need to change as the result of the project, and in what ways they will need to change.

Choices:

Organizational change management

Individual change management

Change management

Enterprise change management

Organizational change management

22
New cards

It could be a set of rules connected by the proprietor, maker or director of a network, site, or service

Choices:

Remote Access

Acceptable User Policy

Information Security Auditing

Information Security Training

Acceptable User Policy

23
New cards

Is the act or process of throwing away or getting rid of documentation

Choices:

destruction

retention

Storage

disposal

disposal

24
New cards

It talks about what in the event that any Network Security Intrusion Detection or Prevention Framework is utilized and how it is executed.

Choices:

Intrusion Detection

Internet

Back-up and Recovery

Anti-Virus

Intrusion Detection

25
New cards

It distinguishes all the ways that the system can be remotely accessed and what is in put to guarantee that get to be from as it were authorized people

Choices:

Remote Access

Information Security Auditing

Acceptable User Policy

Information Security Training

Remote Access

26
New cards

It ought to report what sort of mindfulness program is in put and how is it communicated on a normal premise.

Choices:

Information Security Auditing

Information Security Training

Remote Access

Acceptable User Policy

Information Security Training

27
New cards

Paper and electronic records to the University Archives if they have permanent legal, fiscal, administrative, or historical value.

Choices:

Transfer

Shred

Delete

Recycle

Transfer

28
New cards

It may be a cyber-attack that employments camouflaged mail as a weapon.

Choices:

Vishing

Phishing

Spoofing

Hoax

Phishing

29
New cards

It is the process by which a URL is wrongly removed from the search engine index and replaced by another URL.

Choices:

URL hijacking

Spim

whaling

Spam

whaling

30
New cards

It is sort of phishing assaults that attempt to bait casualties by means of voice calls

Choices:

Vishing

Hoax

Spoofing

Phishing

Vishing

31
New cards

It is also known as piggybacking

Choices:

Dumpster diving

Shoulder surfing

Spam

Tailgating

Tailgating

32
New cards

At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe?

Choices:

Whaling

Tailgating

Shoulder surfing

Impersonation

Tailgating

33
New cards

It is spontaneous as a rule commercial messages sent to a huge number of beneficiaries or posted in an expansive number of places

Choices:

Spim

whaling

URL hijacking

Spam

Spam

34
New cards

Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?

Choices:

Spoofing

Hoaxes

Spam

Spear phishing

Spam

35
New cards

It is type of phishing attacks that try to lure victims via voice calls.

Choices:

Hoax

Phishing

Vishing

Spoofing

Vishing

36
New cards

It could be a developing issue for person computer clients as well as huge organizations and organizations.

Choices:

Malicious insiders

Data theft

Script kiddie

Hacktivists

Data theft

37
New cards

This technique typically relies on the trusting nature of the person being attacked.

Choices:

Computer Engineering

Social Engineering

Reverse Engineering

Cyber Engineering

Social Engineering

38
New cards

Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?

Choices:

Rootkit

Botnet

Logic bomb

Worm

Logic bomb

39
New cards

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).  Which of the following attack types has occurred?

Choices:

XML injection

SQL injection

Buffer overflow

Cross-site scripting

Buffer overflow

40
New cards

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of?

Choices:

Botnet

Backdoor

Rootkit

Spyware

Backdoor

41
New cards

It is several Internet-connected devices, each of which is running one or more bots.

Choices:

Polymorphic Malware

Botnets

Logic Bombs

Ransomware

Botnets

42
New cards

It may be a program that can duplicate itself and infect a computer without the user’s consent or information. Early viruses were usually a few forms of executable code that was hidden within the boot sector of a disk or as an executable file.

Choices:

Viruses

Adware

Worms

Spyware

Viruses

43
New cards

It is an executable program that appears as a desirable or useful program.

Choices:

Backdoor Attacks

keylogger

Trojan Horse

Rootkits

Trojan Horse

44
New cards

It is a software program designed to provide a user with administrator access to a computer without being detected.

Choices:

Trojan Horse

Rootkits

Backdoor Attacks

keylogger

Rootkits

45
New cards

It is a software that automatically displays or downloads advertising material (often unwanted) when a user is online.

Choices:

Worms

Viruses

Adware

Spyware

Adware

46
New cards

It does this by monitoring a user's input and keeping a log of all keys that are pressed.

Choices:

Trojan Horse

keylogger

Rootkits

Backdoor Attacks

keylogger

47
New cards

It can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.

Choices:

Polymorphic Malware

Botnets

Ransomware

Logic Bombs

Botnets

48
New cards

It may be a sort of assault where the aggressor breaks into the communication between the endpoints of a arrange association.

Choices:

Evil twin attack

Man-in-the-Middle Attacks

Eavesdropping Attacks

Replay Attacks

Man-in-the-Middle Attacks

49
New cards

It is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.

Choices:

Man-in-the-Middle Attacks

Replay Attacks

Evil twin attack

Eavesdropping Attacks

Man-in-the-Middle Attacks

50
New cards
51
New cards

It is the use of messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same website.

Choices:

Password stealer

Account phishing

Spamming

Clickjacking

Spamming

52
New cards

It is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.

Choices:

Spamming

Password stealer

Clickjacking

Account phishing

Clickjacking

53
New cards

Which of the following attacks allows access to contact lists on cellular phones?

Choices:

War chalking

Packet sniffing

Bluesnarfing

Blue jacking

Bluesnarfing

54
New cards

All the following are Environmental Threats except

Choices:

Assessment

Flood

Extreme humidity

Extreme temperature

Assessment

55
New cards

It is any Wi-Fi access point that is installed on a network but is not authorized for operation on that network and is not under the management of the network administrator.

Choices:

Rogue Access Points

Wireless security

Transitive access

Evil Twins

Rogue Access Points

56
New cards

It can be difficult to detect because the network transmissions will appear to be operating normally.

Choices:

Man-in-the-Middle Attacks

Eavesdropping Attacks

Evil twin attack

Replay Attacks

Eavesdropping Attacks

57
New cards

It is also called access point mapping

Choices:

War Chalking

Wireless Replay Attacks

War driving

Sinkhole Attacks

War driving

58
New cards

Which of the following describes how an attacker can send unwanted advertisements to a mobile device?

Choices:

Man-in-the-middle

Bluejacking

Packet sniffing

Bluesnarfing

Bluejacking

59
New cards

A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?

Choices:

Business continuity

Data integrity

High availability

Data confidentiality

Data integrity

60
New cards

A shortcoming which can be misused by a risk actor, such as an aggressor, to perform unauthorized activities inside a computer system.

Choices:

Intrusion

Vulnerability

Threat

Prevention

Vulnerability

61
New cards

These are attacks designed to compromise network security by either eavesdropping on or intercepting and manipulating network traffic.

Choices:

Software-Based Attacks

Social Engineering Attacks

Network-Based Attacks

Physical Security Attacks

Network-Based Attacks

62
New cards

It is protection of available information or information resources.

Choices:

Information Confidentiality

Information Privacy

Information Security

Information Integrity

Information Security

63
New cards

It is to set upon in a forceful, violent, hostile, or aggressive way, with or without a weapon

Choices:

Control

CIA Triad

Integrity

Attack

Attack

64
New cards

What does availability of data refer to?

Choices:

The level of assurance that data will be available to people who need it, when they need it

The level of assurance that data exists

The level of assurance that data will be accurate and trustworthy

The level of assurance that data will be restricted to people who need it, when they need it

The level of assurance that data exists

65
New cards

What does confidentiality of information allude to?

Choices:

Rules which restrict access only to those who need to know

Rules which allow access only to all parties

Rules which hide data

Rules which prevent data from being changed

Rules which restrict access only to those who need to know

66
New cards

It is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.

Choices:

Intrusion

Threat

Prevention

Vulnerability

Threat

67
New cards

It is a concept that has employees rotate through different jobs to learn the procedures and processes in each.

Choices:

Access control

Job rotation

Separation of duties

Implicit deny

Job rotation

68
New cards

It uses a single key to encrypt and decrypt data.

Choices:

Hashing

encryption key

Asymmetric encryption

Symmetric encryption

Symmetric encryption

69
New cards

A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?

Choices:

Enforce mandatory vacations

Enforce time of day restrictions

Implement privacy policies

Implement a security policy

Enforce mandatory vacations

70
New cards

It is an authentication method that identifies and recognizes individuals based on voice recognition or physical characteristics such as a fingerprint, face acknowledgment, iris recognition, and retina check

Choices:

Biometrics

Keystroke dynamics

Token

Kerberos

Biometrics

71
New cards

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third-party software and hardware vendors. Which of the following should be recommended?

Choices:

Blowfish

SHA

MD5

AES

AES

72
New cards

It provides two-way authentication

Choices:

Mutual authentication

Biometrics

Multifactor authentication

Single factor authentication

Multifactor authentication

73
New cards

During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).

Choices:

SSL 1.0

AES

RC4

SSL 3.0

SSL 1.0

74
New cards

Records that are not confidential and do not contain personal/financial identifying information.

Choices:

Shred

Transfer

Delete

Recycle

Recycle

75
New cards

It ought to recognize the parts and duties of clients getting to assets on the organization’s network

Choices:

Enforcement

Security policies

User Access to Computer Resources

Procedures

User Access to Computer Resources

76
New cards

These are typically stored in folders, which are kept in filing cabinets.

Choices:

Paper documents

Retention Schedules

Classification

Official information

Paper documents

77
New cards

It portrays the approach beneath which third-party organizations connect to your systems for the reason of executing commerce related to your company

Choices:

Password policy

Extranet policy

Privacy policy

Audit policy

Extranet policy

78
New cards

It could be a living report that gives rules for your organization’s social media utilize.

Choices:

Wireless standards policy

Social media policy

System Architecture

Group Policy

Social media policy

79
New cards

It could be a set of rules outlined to upgrade computer security by empowering clients to utilize solid passwords and utilize them appropriately.

Choices:

Privacy policy

Extranet policy

Audit policy

Password policy

Password policy

80
New cards

It ought to incorporate data that recognizes how security profiles will be connected consistently over common gadgets

Choices:

Security Profiles

Sensitive data

E-Mail

Passwords

Security Profiles

81
New cards

It incorporates how to handle connections, through sifting, individual utilize of the mail framework, dialect confinements, and authentic necessities

Choices:

Security Profiles

Passwords

Sensitive data

E-Mail

E-Mail

82
New cards
83
New cards

It has been determined to require, in the interests of national security, protection against unauthorized disclosure and which has been so designated.

Choices:

Paper documents

Official information

Retention Schedules

Classification

Official information

84
New cards

It could be an individual who picks up unauthorized get to to computer records or systems in arrange to encourage social or political closes.

Choices:

Hacktivists

Malicious insiders

Data theft

Script kiddie

Hacktivists

85
New cards

A human resources employee receives an email from a family member stating there is a new virus going around. In order to remove the virus, a user must delete the Boot.ini file from the system immediately. This is an example of which of the following?

Choices:

Hoax

Whaling

Spam

Phishing

Hoax

86
New cards

It is a growing problem for individual computer users as well as large corporations and organizations.

Choices:

Script kiddie

Malicious insiders

Hacktivists

Data theft

Data theft

87
New cards

It can be current or previous representatives, temporary workers or trade accomplices that picks up get to an organization arrange, system or information and discharge this data without authorization by the organization.

Choices:

Script kiddie

Malicious insiders

Hacktivists

Data theft

Malicious insiders

88
New cards

It is unsolicited usually commercial messages sent to a large number of recipients or posted in a large number of places

Choices:

whaling

URL hijacking

Spam

Spim

Spam

89
New cards

It is the false hone of sending emails implying to be from legitimate companies in arrange to actuate people to uncover individual data, such as passwords and credit card numbers.

Choices:

Vishing

Phishing

Spoofing

Hoax

Phishing

90
New cards

It is frequently a chain message telling beneficiaries to forward the mail to all their contacts.

Choices:

Phishing

Vishing

Spoofing

Hoax

Hoax

91
New cards

It is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation.

Choices:

Electronic vandalism

Script kiddie

Data theft

Cyberterrorism

Cyberterrorism

92
New cards

It copies (something) whereas overstating its characteristic highlights for comedian impact

Choices:

Phishing

Vishing

Hoax

Spoofing

Spoofing

93
New cards

It is the act of disguising a communication from an unknown source as being from a known, trusted source.

Choices:

Hoax

Spoofing

Vishing

Phishing

Spoofing

94
New cards

A security administrator is concerned about the strength of user's passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

Choices:

Increase the password history

Shorten the password expiration period

Increase the password length requirements

Decrease the account lockout time

Shorten the password expiration period

95
New cards

These are considered one of the most serious types of malware since they may be used to gain unauthorized access to remote systems and perform malicious operations.

Choices:

Backdoor Attacks

Trojan Horse

Rootkits

keylogger

Rootkits

96
New cards

It attacks are often facilitated by social engineering attacks which lure the user to a fake site.

Choices:

Man In the Middle

Rainbow Table Attack

Brute force

Dictionary attack

Man In the Middle

97
New cards

A type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult

Choices:

armored virus

Polymorphic Malware

Ransomware

Botnets

armored virus

98
New cards

It Use a program to generate likely passwords or even random character sets.

Choices:

Rainbow Table Attack

Dictionary attack

Brute force

Man In the Middle

Brute force

99
New cards

It consumes bandwidth and ties up processor and memory resources, slowing the system down, and causing the system to become unusable.

Choices:

Viruses

Adware

Worms

Spyware

Worms

100
New cards

Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe's browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this impersonation?

Choices:

XML injection

Header manipulation

Directory traversal

Session hijacking

Session hijacking