تكلم مع الذكاء الاصطناعي
Deck 8: Controls for Information Security
ملء الشاشة (f)
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
سؤال
فتح الحزمة
قم بالتسجيل لفتح البطاقات في هذه المجموعة!
Unlock Deck
Unlock Deck
1/69
العب
ملء الشاشة (f)
Deck 8: Controls for Information Security
1
Identify a party below who was involved with developing the Trust Services Framework.
A) FASB
B) United States Congress
C) AICPA
D) IMA
A) FASB
B) United States Congress
C) AICPA
D) IMA
C
2
Identify one aspect of systems reliability that is not a source of concern with regards to a public cloud.
A) confidentiality
B) privacy
C) efficiency
D) availability
A) confidentiality
B) privacy
C) efficiency
D) availability
C
3
There are "white hat" hackers and "black hat" hackers.Cowboy451 was one of the "black hat" hackers.He had researched an exploit and determined that he could penetrate the target system,download a file containing valuable data,and cover his tracks in eight minutes.Six minutes into the attack he was locked out of the system.Using the notation of the time-based model of security,which of the following must be true?
A) P < 6
B) D = 6
C) P = 6
D) P > 6
A) P < 6
B) D = 6
C) P = 6
D) P > 6
D
4
The Trust Services Framework reliability principle that states that users must be able to enter,update,and retrieve data during agreed-upon times is known as
A) availability.
B) security.
C) maintainability.
D) integrity.
A) availability.
B) security.
C) maintainability.
D) integrity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
5
Verifying the identity of the person or device attempting to access the system is an example of
A) authentication.
B) authorization.
C) identification.
D) threat monitoring.
A) authentication.
B) authorization.
C) identification.
D) threat monitoring.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
6
Cloud computing can potentially generate significant cost savings for an organization.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
7
Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability,as discussed in the Trust Services Framework?
A) developing and documenting policies
B) effectively communicating policies to all outsiders
C) designing and employing appropriate control procedures to implement policies
D) monitoring the system and taking corrective action to maintain compliance with policies
A) developing and documenting policies
B) effectively communicating policies to all outsiders
C) designing and employing appropriate control procedures to implement policies
D) monitoring the system and taking corrective action to maintain compliance with policies
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
8
The Trust Services Framework reliability principle that states sensitive information be protected from unauthorized disclosure is known as
A) availability.
B) security.
C) confidentiality.
D) integrity.
A) availability.
B) security.
C) confidentiality.
D) integrity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
9
Kuzman Jovan called a meeting of the top management at Jovan Capital Management.Number one on the agenda was computer system security."The risk of security breach incidents has become unacceptable," he said,and turned to the Chief Information Officer."What do you intend to do?" Which of the following is the best answer?
A) Evaluate and modify the system using COBOL.
B) Evaluate and modify the system using the CTC checklist.
C) Evaluate and modify the system using the Trust Services framework
D) Evaluate and modify the system using the COSO Internal Control Framework.
A) Evaluate and modify the system using COBOL.
B) Evaluate and modify the system using the CTC checklist.
C) Evaluate and modify the system using the Trust Services framework
D) Evaluate and modify the system using the COSO Internal Control Framework.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
10
Cloud computing is generally more secure than traditional computing.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
11
The Trust Services Framework reliability principle that states personal information should be protected from unauthorized disclosure is known as
A) availability.
B) security.
C) privacy.
D) integrity.
A) availability.
B) security.
C) privacy.
D) integrity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
12
Information security procedures protect information integrity by
A) preventing fictitious transactions.
B) reducing the system cost.
C) making the system more efficient.
D) making it impossible for unauthorized users to access the system.
A) preventing fictitious transactions.
B) reducing the system cost.
C) making the system more efficient.
D) making it impossible for unauthorized users to access the system.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
13
Virtualization refers to the ability of
A) running multiple systems simultaneously on one physical computer.
B) eliminating the need for a physical computer.
C) using the Internet to perform all needed system functions.
D) using web-based security to protect an organization.
A) running multiple systems simultaneously on one physical computer.
B) eliminating the need for a physical computer.
C) using the Internet to perform all needed system functions.
D) using web-based security to protect an organization.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
14
If the time an attacker takes to break through the organization's preventive controls is greater than the sum of the time required to detect the attack and the time required to respond to the attack,then security is
A) effective.
B) ineffective.
C) overdone.
D) undermanaged.
A) effective.
B) ineffective.
C) overdone.
D) undermanaged.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
15
The Trust Services Framework reliability principle that states access to the system and its data should be controlled and restricted to legitimate users is known as
A) availability.
B) security.
C) privacy.
D) integrity.
A) availability.
B) security.
C) privacy.
D) integrity.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
16
Identify the statement below which is not a useful control procedure regarding access to system outputs.
A) restricting access to rooms with printers
B) coding reports to reflect their importance
C) allowing visitors to move through the building without supervision
D) requiring employees to log out of applications when leaving their desk
A) restricting access to rooms with printers
B) coding reports to reflect their importance
C) allowing visitors to move through the building without supervision
D) requiring employees to log out of applications when leaving their desk
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
17
According to the Trust Services Framework,the reliability principle of integrity is achieved when the system produces data that
A) is available for operation and use at times set forth by agreement.
B) is protected against unauthorized physical and logical access.
C) can be maintained as required without affecting system availability, security, and integrity.
D) is complete, accurate, and valid.
A) is available for operation and use at times set forth by agreement.
B) is protected against unauthorized physical and logical access.
C) can be maintained as required without affecting system availability, security, and integrity.
D) is complete, accurate, and valid.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
18
Identify the primary means of protecting data stored in a cloud from unauthorized access.
A) authentication
B) authorization
C) virtualization
D) securitization
A) authentication
B) authorization
C) virtualization
D) securitization
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
19
It was 8:03 A.M.when Jiao Jan,the Network Administrator for South Asian Technologies,was informed that the intrusion detection system had identified an ongoing attempt to breach network security.By the time that Jiao had identified and blocked the attack,the hacker had accessed and downloaded several files from the company's server.Using the notation for the time-based model of security,in this case
A) D > P
B) P > D
C) P > C
D) C > P
A) D > P
B) P > D
C) P > C
D) C > P
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
20
Which of the following is not one of the three fundamental information security concepts?
A) Information security is a technology issue based on prevention.
B) Security is a management issue, not a technology issue.
C) The idea of defense-in-depth employs multiple layers of controls.
D) The time-based model of security focuses on the relationship between preventive, detective and corrective controls.
A) Information security is a technology issue based on prevention.
B) Security is a management issue, not a technology issue.
C) The idea of defense-in-depth employs multiple layers of controls.
D) The time-based model of security focuses on the relationship between preventive, detective and corrective controls.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
21
The process of maintaining a table listing all established connections between the organization's computers and the internet to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer is known as
A) stateful packet filtering.
B) deep packet inspection.
C) access control list.
D) static packet filtering.
A) stateful packet filtering.
B) deep packet inspection.
C) access control list.
D) static packet filtering.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
22
The process that allows a firewall to be more effective by examining the data in the body of an IP packet,instead of just the header,is known as
A) deep packet inspection.
B) stateful packet filtering.
C) static packet filtering.
D) an intrusion prevention system.
A) deep packet inspection.
B) stateful packet filtering.
C) static packet filtering.
D) an intrusion prevention system.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
23
________ is/are an example of a preventive control.
A) Emergency response teams
B) Encryption
C) Log analysis
D) Intrusion detection
A) Emergency response teams
B) Encryption
C) Log analysis
D) Intrusion detection
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
24
The security technology that evaluates IP packet traffic patterns in order to identify attacks against a system is known as
A) an intrusion prevention system.
B) stateful packet filtering.
C) static packet filtering.
D) deep packet inspection.
A) an intrusion prevention system.
B) stateful packet filtering.
C) static packet filtering.
D) deep packet inspection.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
25
The process that screens individual IP packets based solely on the contents of the source and/or destination fields in the packet header is known as
A) access control list.
B) deep packet inspection.
C) stateful packet filtering.
D) static packet filtering.
A) access control list.
B) deep packet inspection.
C) stateful packet filtering.
D) static packet filtering.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
26
The process of turning off unnecessary features in the system is known as
A) deep packet inspection.
B) hardening.
C) intrusion detection.
D) war dialing.
A) deep packet inspection.
B) hardening.
C) intrusion detection.
D) war dialing.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
27
Which of the following preventive controls are necessary to provide adequate security for social engineering threats?
A) controlling remote access
B) encryption
C) host and application hardening
D) awareness training
A) controlling remote access
B) encryption
C) host and application hardening
D) awareness training
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
28
Multi-factor authentication
A) involves the use of two or more basic authentication methods.
B) is a table specifying which portions of the systems users are permitted to access.
C) provides weaker authentication than the use of effective passwords.
D) requires the use of more than one effective password.
A) involves the use of two or more basic authentication methods.
B) is a table specifying which portions of the systems users are permitted to access.
C) provides weaker authentication than the use of effective passwords.
D) requires the use of more than one effective password.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
29
________ is/are an example of a detective control.
A) Physical access controls
B) Encryption
C) Emergency response teams
D) Log analysis
A) Physical access controls
B) Encryption
C) Emergency response teams
D) Log analysis
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
30
This is used to identify rogue modems (or by hackers to identify targets).
A) war chalking
B) war dialing
C) war driving
D) none of the above
A) war chalking
B) war dialing
C) war driving
D) none of the above
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
31
This network access control determines which IP packets are allowed entry to a network and which are dropped.
A) access control list
B) deep packet inspection
C) stateful packet filtering
D) static packet filtering
A) access control list
B) deep packet inspection
C) stateful packet filtering
D) static packet filtering
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
32
A special purpose hardware device or software running on a general purpose computer,which filters information that is allowed to enter and leave the organization's information system,is known as a(n)
A) demilitarized zone.
B) intrusion detection system.
C) intrusion prevention system.
D) firewall.
A) demilitarized zone.
B) intrusion detection system.
C) intrusion prevention system.
D) firewall.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
33
This protocol specifies the structure of packets sent over the internet and the route to get them to the proper destination.
A) access control list
B) Internet protocol
C) packet switching protocol
D) transmission control protocol
A) access control list
B) Internet protocol
C) packet switching protocol
D) transmission control protocol
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
34
Restricting access of users to specific portions of the system as well as specific tasks,is an example of
A) authentication.
B) authorization.
C) identification.
D) threat monitoring.
A) authentication.
B) authorization.
C) identification.
D) threat monitoring.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
35
This protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet.
A) access control list
B) Internet protocol
C) packet switching protocol
D) transmission control protocol
A) access control list
B) Internet protocol
C) packet switching protocol
D) transmission control protocol
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
36
Compatibility tests utilize a(n)________,which is a list of authorized users,programs,and data files the users are authorized to access or manipulate.
A) validity test
B) biometric matrix
C) logical control matrix
D) access control matrix
A) validity test
B) biometric matrix
C) logical control matrix
D) access control matrix
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
37
Which of the following is an example of a corrective control?
A) physical access controls
B) encryption
C) intrusion detection
D) incident response teams
A) physical access controls
B) encryption
C) intrusion detection
D) incident response teams
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
38
Which of the following is not a requirement of effective passwords?
A) Passwords should be changed at regular intervals.
B) Passwords should be no more than 8 characters in length.
C) Passwords should contain a mixture of upper and lowercase letters, numbers and characters.
D) Passwords should not be words found in dictionaries.
A) Passwords should be changed at regular intervals.
B) Passwords should be no more than 8 characters in length.
C) Passwords should contain a mixture of upper and lowercase letters, numbers and characters.
D) Passwords should not be words found in dictionaries.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
39
Perimeter defense is an example of which of the following preventive controls that are necessary to provide adequate security?
A) training
B) controlling physical access
C) controlling remote access
D) host and application hardening
A) training
B) controlling physical access
C) controlling remote access
D) host and application hardening
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
40
Identify the best description of an access control matrix below.
A) does not have to be updated
B) is used to implement authentication controls
C) matches the user's authentication credentials to his authorization
D) is a table specifying which portions of the system users are permitted to access
A) does not have to be updated
B) is used to implement authentication controls
C) matches the user's authentication credentials to his authorization
D) is a table specifying which portions of the system users are permitted to access
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
41
Information technology managers are often in a bind when a new exploit is discovered in the wild.They can respond by updating the affected software or hardware with new code provided by the manufacturer,which runs the risk that a flaw in the update will break the system.Or they can wait until the new code has been extensively tested,but that runs the risk that they will be compromised by the exploit during the testing period.Dealing with these issues is referred to as
A) change management.
B) hardening.
C) patch management.
D) defense in depth.
A) change management.
B) hardening.
C) patch management.
D) defense in depth.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
42
On April 1,2012,students enrolled in an economics course at Harvard University received an e-mail stating that class would be cancelled.The e-mail claimed to be from the professor,but it wasn't.Computer forensic experts determined that the e-mail was sent from a computer in one of the campus labs at 6:32 A.M.They were then able to uniquely identify the computer that was used by means of its network interface card's ________ address.Security cameras revealed the identity of the student responsible for spoofing the class.
A) IDS
B) TCP/IP
C) MAC
D) DMZ
A) IDS
B) TCP/IP
C) MAC
D) DMZ
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
43
All employees of E.C.Hoxy are required to pass through a gate and present their photo identification cards to the guard before they are admitted.Entry to secure areas,such as the Information Technology Department offices,requires further procedures.This is an example of a(n)
A) authentication control.
B) authorization control.
C) physical access control.
D) hardening procedure.
A) authentication control.
B) authorization control.
C) physical access control.
D) hardening procedure.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
44
Which of the below keeps a record of the network traffic permitted to pass through a firewall?
A) intrusion detection system
B) vulnerability scan
C) log analysis
D) penetration test
A) intrusion detection system
B) vulnerability scan
C) log analysis
D) penetration test
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
45
The ________ disseminates information about fraud,errors,breaches and other improper system uses and their consequences.
A) chief information officer
B) chief operations officer
C) chief security officer
D) computer emergency response team
A) chief information officer
B) chief operations officer
C) chief security officer
D) computer emergency response team
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
46
The process that uses automated tools to identify whether a system possesses any well-known security problems is known as a(n)
A) intrusion detection system.
B) log analysis.
C) penetration test.
D) vulnerability scan.
A) intrusion detection system.
B) log analysis.
C) penetration test.
D) vulnerability scan.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
47
When new employees are hired by Pacific Technologies,they are assigned user names and appropriate permissions are entered into the information system's access control matrix.This is an example of a(n)
A) authentication control.
B) biometric device.
C) remote access control.
D) authorization control.
A) authentication control.
B) biometric device.
C) remote access control.
D) authorization control.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
48
A well-known hacker started his own computer security consulting business shortly after being released from prison.Many companies pay him to attempt to gain unauthorized access to their network.If he is successful,he offers advice as to how to design and implement better controls.What is the name of the testing for which the hacker is being paid?
A) penetration test
B) vulnerability scan
C) deep packet inspection
D) buffer overflow test
A) penetration test
B) vulnerability scan
C) deep packet inspection
D) buffer overflow test
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
49
In 2007,a major U.S.financial institution hired a security firm to attempt to compromise its computer network.A week later,the firm reported that it had successfully entered the system without apparent detection and presented an analysis of the vulnerabilities that had been found.This is an example of a
A) preventive control.
B) detective control.
C) corrective control.
D) standard control.
A) preventive control.
B) detective control.
C) corrective control.
D) standard control.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
50
When new employees are hired by Pacific Technologies,they are assigned user names and passwords and provided with laptop computers that have an integrated fingerprint reader.In order to log in,the user's fingerprint must be recognized by the reader.This is an example of a(n)
A) authorization control.
B) biometric device.
C) remote access control.
D) defense in depth.
A) authorization control.
B) biometric device.
C) remote access control.
D) defense in depth.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
51
In recent years,many of the attacks carried out by hackers have relied on this type of vulnerability in computer software.
A) code mastication
B) boot sector corruption
C) weak authentication
D) buffer overflow
A) code mastication
B) boot sector corruption
C) weak authentication
D) buffer overflow
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
52
This is an authorized attempt by an internal audit team or an external security consultant to attempt to break into the organization's information system.
A) log analysis
B) intrusion detection system
C) penetration test
D) vulnerability scan
A) log analysis
B) intrusion detection system
C) penetration test
D) vulnerability scan
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
53
The most common input-related vulnerability is
A) buffer overflow attack.
B) hardening.
C) war dialing.
D) encryption.
A) buffer overflow attack.
B) hardening.
C) war dialing.
D) encryption.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
54
Identify three ways users can be authenticated and give an example of each.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
55
Which of the following is commonly true of the default settings for most commercially available wireless access points?
A) The security level is set at the factory and cannot be changed.
B) Wireless access points present little danger of vulnerability so security is not a concern.
C) Security is set to the lowest level that the device is capable of.
D) Security is set to the highest level that the device is capable of.
A) The security level is set at the factory and cannot be changed.
B) Wireless access points present little danger of vulnerability so security is not a concern.
C) Security is set to the lowest level that the device is capable of.
D) Security is set to the highest level that the device is capable of.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
56
Explain social engineering.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
57
The most effective method for protecting an organization from social engineering attacks is providing
A) a firewall.
B) stateful packet filtering.
C) a demilitarized zone.
D) employee awareness training.
A) a firewall.
B) stateful packet filtering.
C) a demilitarized zone.
D) employee awareness training.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
58
Describe four requirements of effective passwords .
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
59
Noseybook is a social networking site that boasts over a million registered users and a quarterly membership growth rate in the double digits.As a consequence,the size of the information technology department has been growing very rapidly,with many new hires.Each employee is provided with a name badge with a photo and embedded computer chip that is used to gain entry to the facility.This is an example of a(n)
A) authentication control.
B) biometric device.
C) remote access control.
D) authorization control.
A) authentication control.
B) biometric device.
C) remote access control.
D) authorization control.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
60
The most effective way to protect network resources that are exposed to the internet,yet reside outside of a network is
A) a firewall.
B) employee training.
C) a demilitarized zone.
D) stateful packet filtering.
A) a firewall.
B) employee training.
C) a demilitarized zone.
D) stateful packet filtering.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
61
A demilitarized zone
A) routes electronic communications within an organization.
B) connects an organization's information system to the Internet.
C) permits controlled access from the Internet to selected resources.
D) serves as the main firewall.
A) routes electronic communications within an organization.
B) connects an organization's information system to the Internet.
C) permits controlled access from the Internet to selected resources.
D) serves as the main firewall.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
62
Describe what a man-trap is and how it contributes to information security.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
63
Explain the value of penetration testing.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
64
Identify six physical access controls.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
65
Why does COBIT5 DSS-05.06 stress the importance of restricting physical access to network printers?
A) because hackers can use them to print out sensitive information
B) because hackers often hide inside large network printers until night
C) because document images are often stored on network printers
D) because network printers are easier to hack into than computers
A) because hackers can use them to print out sensitive information
B) because hackers often hide inside large network printers until night
C) because document images are often stored on network printers
D) because network printers are easier to hack into than computers
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
66
The most important element of any preventive control is
A) the people.
B) the performance.
C) the procedure(s).
D) the penalty.
A) the people.
B) the performance.
C) the procedure(s).
D) the penalty.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
67
Describe what information security process the term hardening refers to.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
68
Describe the function of a computer incident response team (CIRT)and the steps that a CIRT should perform following a security incident.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
69
A border router
A) routes electronic communications within an organization.
B) connects an organization's information system to the Internet.
C) permits controlled access from the Internet to selected resources.
D) serves as the main firewall.
A) routes electronic communications within an organization.
B) connects an organization's information system to the Internet.
C) permits controlled access from the Internet to selected resources.
D) serves as the main firewall.
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
فتح الحزمة
k this deck
فتح الحزمة
افتح القفل للوصول البطاقات البالغ عددها 69 في هذه المجموعة.
