Pearson Test Prep
What are the three main goals of information security?
Auditing
Integrity
Non-repudiation
Confidentiality
Risk assessment
Availability - correct answer Confidentiality, integrity, and availability (known as CIA or
the CIA triad) are the three main goals of information security. Another goal within
information security is accountability.
What is another name for a malicious attacker?
White hat
Penetration tester
Fuzzer
Black hat - correct answer A black hat is someone who attempts to break into
computers and networks without authorization. A black hat is considered to be a
malicious attacker.
Which of the following does the A in CIA stand for when it comes to IT security? (Select
the best answer.)
Accountability
Assessment
Availability
Auditing - correct answer Availability is what the A in CIA stands for, as in "the
availability of data." Together the acronym stands for confidentiality, integrity, and
availability. Although accountability is important and is often included as a fourth
component of the CIA triad, it is not the best answer. Assessment and auditing are both
important concepts when checking for vulnerabilities and reviewing and logging, but
they are not considered to be part of the CIA triad.
,A user receives an e-mail but the e-mail client software says that the digital signature is
invalid and the sender of the e-mail cannot be verified. The would-be recipient is
concerned about which of the following concepts?
Confidentiality
Integrity
Remediation
Availability - correct answer The recipient should be concerned about the integrity of
the message. If the e-mail client application cannot verify the digital signature of the
sender of the e-mail, then there is a chance that the e-mail either was intercepted or is
coming from a separate dangerous source. Remember, integrity means the reliability of
the data, and whether or not it has been modified or compromised by a third party
before arriving at its final destination.
What should a disaster recovery plan (DRP) contain?
Hierarchical access control lists
Single points of failure
Hierarchical list of hot sites
Hierarchical list of critical systems - correct answer A disaster recovery plan should
contain (among other things) a list of critical systems in order from the most critical to
the least critical.
When is a system completely secure?
When it is updated
When it is assessed for vulnerabilities
When all anomalies have been removed
Never - correct answer A system can never truly be completely secure. The scales
are always tipping back and forth; a hacker develops a way to break into a system, then
an administrator finds a way to block that attack, and then the hacker looks for an
alternative method. It goes on and on; be ready to wage the eternal battle!
,Whitelisting, blacklisting, and closing open relays are all mitigation techniques
addressing what kind of threat?
Spyware
Spam
Viruses
Botnets - correct answer Closing open relays, whitelisting, and blacklisting are all
mitigation techniques that address spam. Spam e-mail is a serious problem for all
companies and must be filtered as much as possible.
A group of compromised computers that have software installed by a worm or Trojan is
known as which of the following?
Botnet
Virus
Rootkit
Zombie - correct answer A botnet is a group of compromised computers, usually
working together, with malware that was installed by a worm or a Trojan horse. An
individual computer within a botnet is referred to as a zombie (among other things). A
virus is code that can infect a computer's files. A rootkit is a type of software designed to
gain administrator-level access to a system.
A virus is designed to format a hard drive on a specific day. What kind of threat is this?
Botnet
Logic bomb
Spyware
Adware - correct answer Logic bomb
Explanation: A logic bomb is a type of malware that is designed to be set off at a
specific time. It could contain a virus or worm.
You investigate an executive's laptop and find a system-level kernel module that is
modifying the operating system's functions. What is this an example of?
, Logic bomb
Virus
Rootkit
Worm - correct answer Rootkits are designed to gain administrative control over an
OS without being detected and perform malicious operations.
Which of the following is a type of malware that is difficult to reverse engineer?
Logic bomb
Worm
Backdoor
Armored virus - correct answer The armored virus protects itself from AV programs by
tricking the program into thinking that it is located in a different place than where it
actually resides. It thwarts attempts at analysis of its code. This makes it difficult to
reverse engineer, and therefore makes building a defense against it difficult.
What is a malicious attack that executes at the same time every week?
Virus
Worm
Ransomware
Logic bomb - correct answer A logic bomb is a malicious attack that executes at a
specific time. Viruses normally execute when a user inadvertently runs them. Worms
can self-replicate at will. Ransomware is a type of malware that restricts access to files
(or entire systems) and demands a ransom be paid.
Which of the following threats has the highest probability of being increased by the
availability of devices such as USB flash drives on your network?
Introduction of new data on the network
Increased loss of business data
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller flyhigher329. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.96. You're not tied to anything after your purchase.