Midterm
Cards (47)
- A brute-force password attack and the theft of a mobile worker's laptop are risks most likely found in which domain of a typical IT infrastructure?
- Bob is the information security and compliance manager for a financial institution. Which regulation is most likely to directly apply to Bob's employer?
- Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
- Devaki is capturing traffic on her network. She notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections?
- In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy?
- Juan's web server was down for an entire day in April. It experienced no other downtime during that month. What represents the web server uptime for that month?
- Maria is writing a policy that defines her organization's data classification standard. The policy designates the IT assets that are critical to the organization's mission and defines the organization's systems, uses, and data priorities. It also identifies assets within the seven domains of a typical IT infrastructure. Which policy is Maria writing?
- Unauthorized access to data centers and downtime of servers are risks to which domain of an IT infrastructure?
- What is a U.S. federal government classification level that applies to information that would cause serious damage to national security if it were disclosed?
- Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
- Which element of the security policy framework requires approval from upper management and applies to the entire organization?
- Gwen's company is planning to accept credit cards over the Internet. What governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?
- In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
- Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?
- Ron is the IT director at a medium-sized company. He frequently gets requests from employees who want to select customized mobile devices. He decides to allow them to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?
- What is key to implementing a consistent Internet of Things (IoT) device, connectivity, and communications environment?
- What term describes data that has been stripped of personally identifiable information for privacy reasons?
- Which action is the best step toward protecting Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?
- Which compliance obligation includes security requirements that apply specifically to the European Union?
- Which of the following enables businesses to transform themselves into an Internet of Things (IoT) service offering?
- Which of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?
- Which of the following is not a market driver for the Internet of Things (IoT)?
- Telephone call
- Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet?
- Which term best describes how a wide variety of objects, devices, sensors, and everyday items can connect and be accessed?
- The most common version of the communications protocol (i.e., a list of rules and methods for communicating across the Internet); a suite of protocols developed for communicating across a network. Work together to allow any two computers to be connected, in order to communicate, and thus create a network.
- A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?
- Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution?
- As a follow-up to her annual testing, Isabella would like to conduct quarterly disaster recovery tests. These tests should include role-playing and introduce as much realism as possible without affecting live operations. What type of test should Isabella conduct?
- Dawn is selecting an alternative processing facility for her organization's primary data center. She needs a facility with the least switchover time, even if it's the most expensive option. What is the most appropriate option in this situation?
- Hajar is developing a business impact assessment for her organization. She is working with business units to determine the target state of recovered data that allows the organization to continue normal processing after a major interruption. Which of the following is Hajar determining?
- Isabella is in charge of the disaster recovery plan (DRP) team. She needs to ensure that data center operations will transfer smoothly to an alternate site in the event of a major interruption. She plans to run a complete test that will interrupt the primary data center and transfer processing capability to a hot site. What option is described in this scenario?
- Rodrigo is a security professional. He is creating a policy that gives his organization control over mobile devices used by employees while giving them some options as to the type of device they will use. Which approach to mobile devices is Rodrigo focusing on in the policy?
- Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
- What compliance regulation focuses on management and evaluation of the security of unclassified and national security systems?
- What compliance regulation is similar to the European Union (EU) General Data Protection Regulation (GDPR) of 2016 and focuses on individual privacy and rights of data owners?
- What is not a commonly used endpoint security technique?
- What is the first priority when responding to a disaster recovery effort?
- What is the main purpose of risk identification in an organization?