Exam (elaborations)
Fundamentals Of Information Security – Qs/As
- Course
- Institution
Fundamentals Of Information Security – Qs/As
[Show more]
Seller
Follow
Studycafe
Reviews received
Content preview
Fundamentals |Of Information Security – Qs/AsControls that protect the systems, networks, and environments that process,
transmit, and store our data are called _______. ✔️Ans -Logical Controls
During what phase of the incident response process do we determine what
happened, why it happened, and what we can do to keep it from happening
again? ✔️Ans -Post-Incident Activity
Something that has the potential to cause harm to our assets is known as a(n)
________. ✔️Ans -Threat
What is the first and arguably one of the most important steps of the risk
management process? ✔️Ans -Identify assess
The Fabrication attack type most commonly affects which principle(s) of the
CIA triad? ✔️Ans -Integrity and Availability
The Interception attack type most commonly affects which principle(s) of the
CIA triad? ✔️Ans -Confidentiality
A badge or token is considered what type of authentication? ✔️Ans -
Something you have
A password or PIN is considered what type of authentication? ✔️Ans -
Something you know
The set of methods we use to establish a claim of identity as being true is
called ______. ✔️Ans -Authentication
A fingerprint is considered what type of authentication? ✔️Ans -Something
you are
What type of authentication can prevent a man-in-the-middle attack?
✔️Ans -Mutual
The biometric characteristic that measures how well a factor resists change
over time and with advancing age is called __________ ✔️Ans -Permanence
,What dictates that we should only allow the bare minimum of access, as
needed? ✔️Ans -Principle of least privilege
Access controls are policies or procedures used to control access to certain
items. ✔️Ans -True
What is implemented through the use of access controls? ✔️Ans -
Authorization
Which answer best describes the authorization component of access control?
✔️Ans -Authorization is the process of determining who is approved for
access and what resources they are approved for.
A client-side attack that involves the attacker placing an invisible layer over
something on a website that the user would normally click on, in order to
execute a command differing from what the user thinks they are performing,
is known as ___________. ✔️Ans -Clickjacking
What type of access control can prevent the confused deputy problem?
✔️Ans -Capability-based security
A user who creates a network share and sets permissions on that share is
employing which model of access control? ✔️Ans -Discretionary access
control
A VPN connection that is set to time out after 24 hours is demonstrating which
model of access control? ✔️Ans -Attribute-based access control
Confidential Services Inc. is a military-support branch consisting of 1,400
computers with Internet access and 250 servers. All employees are required
to have security clearances. From the options listed below, what access
control model would be most appropriate for this organization? ✔️Ans -
Mandatory access control
What is information security? ✔️Ans -Protecting information and
information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction.
, Using the concept of defense in depth we can protect ourselves against
someone using a USB flash drive to remove confidential data from an office
space within our building. ✔️Ans -True
Select the example(s) of identity verification. (Choose all that apply.) ✔️Ans
-SSN
Passport
Birth certificate
Multifactor authentication is the use of more than one authentication method
to access an information system. ✔️Ans -True
Which password below would meet complexity standards? ✔️Ans -!
Q@S#z6ge7Uks1lw3
What is accountability comprised of? ✔️Ans -Authorization
Authentication
Identification
Access
What document do courts require for admissibility of records? ✔️Ans -
Chain of custody
An employee is charged with fraud, and the company can prove in court that
there are email transactions showing that the employee completed these
using a digital signature. What term is being described? ✔️Ans -
Nonrepudiation
What is auditing? ✔️Ans -The primary means to ensure accountability
through technical means
What are the two common forms of assessments performed on networks?
(Choose all that apply.) ✔️Ans -Penetration test
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Studycafe. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $19.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
51292 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 15 years now