100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Pearson Test Prep Question and answers rated A+ 2023 $12.99   Add to cart

Exam (elaborations)

Pearson Test Prep Question and answers rated A+ 2023

 1 view  0 purchase
  • Course
  • Institution

Pearson Test Prep Question and answers rated A+ 2023

Preview 4 out of 36  pages

  • October 18, 2023
  • 36
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
Pearson Test Prep
What are the three main goals of information security?

Auditing
Integrity
Non-repudiation
Confidentiality
Risk assessment
Availability - correct answer Confidentiality, integrity, and availability (known as CIA or
the CIA triad) are the three main goals of information security. Another goal within
information security is accountability.

What is another name for a malicious attacker?


White hat

Penetration tester

Fuzzer

Black hat - correct answer A black hat is someone who attempts to break into
computers and networks without authorization. A black hat is considered to be a
malicious attacker.

Which of the following does the A in CIA stand for when it comes to IT security? (Select
the best answer.)


Accountability

Assessment

Availability

Auditing - correct answer Availability is what the A in CIA stands for, as in "the
availability of data." Together the acronym stands for confidentiality, integrity, and
availability. Although accountability is important and is often included as a fourth
component of the CIA triad, it is not the best answer. Assessment and auditing are both
important concepts when checking for vulnerabilities and reviewing and logging, but
they are not considered to be part of the CIA triad.

,A user receives an e-mail but the e-mail client software says that the digital signature is
invalid and the sender of the e-mail cannot be verified. The would-be recipient is
concerned about which of the following concepts?


Confidentiality

Integrity

Remediation

Availability - correct answer The recipient should be concerned about the integrity of
the message. If the e-mail client application cannot verify the digital signature of the
sender of the e-mail, then there is a chance that the e-mail either was intercepted or is
coming from a separate dangerous source. Remember, integrity means the reliability of
the data, and whether or not it has been modified or compromised by a third party
before arriving at its final destination.

What should a disaster recovery plan (DRP) contain?


Hierarchical access control lists

Single points of failure

Hierarchical list of hot sites

Hierarchical list of critical systems - correct answer A disaster recovery plan should
contain (among other things) a list of critical systems in order from the most critical to
the least critical.

When is a system completely secure?


When it is updated

When it is assessed for vulnerabilities

When all anomalies have been removed

Never - correct answer A system can never truly be completely secure. The scales
are always tipping back and forth; a hacker develops a way to break into a system, then
an administrator finds a way to block that attack, and then the hacker looks for an
alternative method. It goes on and on; be ready to wage the eternal battle!

,Whitelisting, blacklisting, and closing open relays are all mitigation techniques
addressing what kind of threat?


Spyware

Spam

Viruses

Botnets - correct answer Closing open relays, whitelisting, and blacklisting are all
mitigation techniques that address spam. Spam e-mail is a serious problem for all
companies and must be filtered as much as possible.

A group of compromised computers that have software installed by a worm or Trojan is
known as which of the following?


Botnet

Virus

Rootkit

Zombie - correct answer A botnet is a group of compromised computers, usually
working together, with malware that was installed by a worm or a Trojan horse. An
individual computer within a botnet is referred to as a zombie (among other things). A
virus is code that can infect a computer's files. A rootkit is a type of software designed to
gain administrator-level access to a system.

A virus is designed to format a hard drive on a specific day. What kind of threat is this?


Botnet

Logic bomb

Spyware

Adware - correct answer Logic bomb
Explanation: A logic bomb is a type of malware that is designed to be set off at a
specific time. It could contain a virus or worm.

You investigate an executive's laptop and find a system-level kernel module that is
modifying the operating system's functions. What is this an example of?

, Logic bomb

Virus

Rootkit

Worm - correct answer Rootkits are designed to gain administrative control over an
OS without being detected and perform malicious operations.

Which of the following is a type of malware that is difficult to reverse engineer?


Logic bomb

Worm

Backdoor

Armored virus - correct answer The armored virus protects itself from AV programs by
tricking the program into thinking that it is located in a different place than where it
actually resides. It thwarts attempts at analysis of its code. This makes it difficult to
reverse engineer, and therefore makes building a defense against it difficult.

What is a malicious attack that executes at the same time every week?


Virus

Worm

Ransomware

Logic bomb - correct answer A logic bomb is a malicious attack that executes at a
specific time. Viruses normally execute when a user inadvertently runs them. Worms
can self-replicate at will. Ransomware is a type of malware that restricts access to files
(or entire systems) and demands a ransom be paid.

Which of the following threats has the highest probability of being increased by the
availability of devices such as USB flash drives on your network?


Introduction of new data on the network

Increased loss of business data

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Carzola98. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.99
  • (0)
  Add to cart