Upgrade to remove ads
Privacy and Security Quiz Questions
Terms in this set (44)
Which of the following is not one of the organizational roles in the security governance structure?
Description of the role of a security professional?
Someone that is responsible for the functional, day-to-day implementation of security in an organization
Jared is investigating a security incident and discovers that an attacker began with a normal user account but managed to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE threat model?
Elevation of privilege
Which of the following is the main reason the Chief Information Security Officer (CISO) should report directly to senior management?
To avoid political conflicts circumventing security concerns
Which part of the AAA service model is focused on ensuring that only people who should have access to a resource can access that resource?
James's network begins to experience symptoms of slowness. After investigating he realizes that the network is being bombarded with TCP SYN packets and believes that his organization is the victim of a denial of service attack. What principle of information security is being violated?
Which one of the following individuals is normally responsible for fulfilling the operational data protection responsibilities delegated by senior management, such as validating data integrity, testing backups, and managing security policies?
Aderogba is the security administrator for a public school district. He is implementing a new student information system and is testing the code to ensure that students are not able to alter their own grades. What principle of information security is Aderogba enforcing?
Luke discovers a keylogger (a program that logs all keystrokes) hidden on the laptop of his company's chief executive officer. Which information security principle is the keylogger violating?
Which of the following is not a common method used to prioritize potential threats?
Lindsey is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Lindsey attempting to enforce?
Emee is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third party that the message did indeed come from the purported originator. What goal is Emee trying to achieve?
What principle of information security states that an organization should implement overlapping security controls whenever possible?
C. Defense in depth
Which of the following tools is most often used for identification purposes and is not suitable for use as an authenticator?
Using a top-down approach to security policy structure, which of the following correctly orders the security policy components from top to bottom?
Policies, Standards/Baselines, Guidelines, Procedures
A group of compromised computers that can be coordinated together is known as which of the following?
Michael is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the same type of traffic is coming from more than 50 computers on the network, indicating that they are all compromised. Which of the following is the most likely reason?
Which of the following is not an example of malware?
Which type of attack requires numerous computers to execute?
Which type of malware typically involves encrypting data?
Which of the following defines the difference between a virus and a worm? (Select the best answer.)
Worms self-replicate but viruses do not
Katharine complains of very slow system performance and says that a lot of pop-up messages are being displayed. She admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has probably affected Katharine's computer?
Julia is the security administrator for her organization and has just completed a routine server audit. She did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, Julia finds hidden processes that are running on the server. Which of the following has most likely been installed on the server?
Gordon checks the application log of his web server and sees that someone attempted unsuccessfully to enter the text "James Smith'); DROP TABLE users; --" into an HTML form field. Which type of attack was attempted?
Which of the following does not typically fall under the umbrella of web application security?
Configuring network firewall rules
What is the best way to prevent SQL injection attacks on web applications?
Validate Form Input
Jorge notices that the URL to look at his bank account statements ends with /user/getStatements. He decides to replace "user" in the URL with "admin" and finds that now he can retrieve other users' statements. Which security risk is Jorge exploiting?
Broken Access Control
Gwendolyn is logged into her bank's website which stores an authentication cookie in her browser. She then browses her social media and clicks on a link promising cute cat gifs. The link takes her to an unknown site that plays Nyan Cat on loop. Gwendolyn is satisfied, but unbeknownst to her, the website executed code to make a bank transaction using her bank credentials from her browser. Gwendolyn fell victim to which type of attack?
Cross-Site Request Forgery
Which IP address class contains exactly 256 addresses?
Teddy is the network engineer at his company. He wants to protect the identity of his clients while they access the Internet by forcing all outbound Internet traffic through a single location that would mask his clients' addresses. Which of the following can provide that service?
During troubleshooting, Kelly uses the 'nslookup' command to check the IP address of a host she is attempting to connect to. The IP address she sees in the response is not the IP address that should resolve when the lookup is done. What type of attack has likely been conducted?
How many layers are included in the OSI networking framework model?
The Windows ipconfig command displays the following information: BC-5F-F4-7B-4B-7D. What term describes this value, and what information can be gathered from it?
The MAC address, the network interface card's manufacturer
What is the subnet mask for the network with the CIDR range of 172.16.0.0/16?
How many bits are in an IPv4 address?
What protocol is a secure way to remotely administer Linux systems?
Hannah is installing a new Domain Name System in her company. Which port should she open so that people can access her new DNS server?
Keegan set up a new website running on her web server located at 220.127.116.11. What address range does she need to include as the source address range in her firewall rule to allow all HTTPS traffic to hit her web server?
Which of the following temporarily solved the issue of IPv4 address space depletion?
How many IP addresses are in the CIDR range 192.168.1.64/28?
Which of the following is likely to be the last rule contained within the ACLs of a firewall?
Implicit Deny All
A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer?
Which of the following lists the packets of the TCP Handshake in the correct order?
SYN, SYN/ACK, ACK
YOU MIGHT ALSO LIKE...
Security + Sys0-401 (4-8-2017)
182 Security + Final Exam
OTHER SETS BY THIS CREATOR
P/S Quiz 11/12
SAD Quiz Questions
Privacy and Security Midterm Terms
OTHER QUIZLET SETS
CS PRINCIPLES UNIT 5 TEST 1
Philosophy of Art Quiz 1