True/False Indicate whether the statement is true or false. ____ 1. The informat

Question

True/False

Indicate whether the statement is true or false.

____ 1. The information in an IR plan does NOT need to be protected as sensitive information.

____ 2. An event can be categorized as a disaster when the organization is able to mitigate the impact of an incident during the incident.

____ 3. Not everyone is on an alert roster, only those individuals necessary to respond to an incident.

____ 4. If an incident originates outside the organization, the simplest and most straightforward approach is to sever the affected communication circuits.

____ 5. There are commercial implementations of RAID Level 2.

____ 6. Although traditional systems were configured to detect incidences and then notify the human administrator, new systems can respond to the incident threat autonomously, based on preconfigured options.

____ 7. Much like electronic vaulting, remote journaling also transfers archived data.

____ 8. It is unethical for a security administrator to use tools used by hackers to examine his defenses and attempt to discover his weak spots.

____ 9. A content filter allows administrators to restrict accessible content, such as pornography, from within a network.

____ 10. When Web services are offered outside the firewall, it is advisable to deny HTTP traffic from reaching your internal networks by using packet filtering routers.

____ 11. Even though a bastion host contains only cached copies of the internal Web documents, it should be very thoroughly secured.

____ 12. Of the 65,536 port numbers in use, the registered ports are those from 0 through 1023.

____ 13. An intermediate area of enhanced security between a trusted network and an untrusted network is called the InfraZone or IZ.

____ 14. There are two types of locks: mechanical and electrochemical.

____ 15. Much like carbon dioxide, halon robs the fire of its oxygen.

Multiple Choice

Identify the choice that best completes the statement or answers the question.

__c__ 16. One can classify incident response, disaster recovery, and business continuity planning, as components of ____ planning.

a.

improvement

c.

contingency

b.

recovery

d.

disaster

____ 17. Which of the following events is NOT a definite indicator of an incident?

a.

Notification from IDS

c.

Changes to logs

b.

Use of dormant accounts

d.

Notification by partner or peer

_b___ 18. Which of the following is a predefined situation that signals an automatic incident?

a.

Notification by hacker

c.

Notification by partner or peer

b.

Loss of availability

d.

Presence of hacker tools

____ 19. The ____ is a scripted description of the incident, usually just enough information so that each individual knows what portion of the incident response plan (IRP) to implement, and not enough to slow down the notification process.

a.

alert roster

c.

sequential roster

b.

hierarchical roster

d.

alert message

_b___ 20. Incident ____ assessment is the immediate determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets immediately following an incident.

a.

loophole

c.

breach

b.

damage

d.

injury

____ 21. Before returning to routine duties, the IR team must conduct an ____-action review or AAR.

a.

alleviate

c.

after

b.

affirmative

d.

associated

____ 22. The most common schedule for system backups is a ____.

a.

daily on-site full backup, with a weekly on-site incremental or differential backup

b.

weekly on-site full backup, with a weekly off-site full backup

c.

daily on-site incremental or differential, with a weekly off-site full backup

d.

weekly on-site incremental or differential, with a weekly on-site full backup

____ 23. It is important that each employee has in his or her possession ____ types of emergency information cards.

a.

two

c.

four

b.

three

d.

five

____ 24. How many network interface cards (NICs) does a bastion host configuration contain?

a.

One

c.

Three

b.

Two

d.

Four

____ 25. Which of the following is a major drawback of packet filtering routers?

a.

Vulnerability to denial of service attacks

b.

Difficult to configure and maintain

c.

Lack of strong authentication and auditing

d.

Long processing requirements for verifying packets

____ 26. The ____ option on most popular Web browsers allows users to see the source code behind the graphics.

a.

Show Configuration

c.

Reveal Source

b.

Display Code

d.

View Detail

____ 27. Which of the following is NOT a good practice for firewall use in a business?

a.

All Internet Control Message Protocol (ICMP) data should be denied

b.

The firewall device is never accessible directly from the public network

c.

Telnet access to the organization's Domain Name Service (DNS) server should be allowed

d.

Simple Mail Transport Protocol (SMTP) data should be allowed to pass through the firewall

____ 28. A Type II error is ____.

a.

synonymous with the false reject rate

b.

unacceptable to security

c.

associated with the rate at which authentic users are denied access

d.

an example of a syntax error

____ 29. When IPSec works in ____ mode, only the IP data is encrypted rather than the IP headers themselves, allowing intermediate nodes to read the source and destination addresses.

a.

transport

c.

synchronous

b.

tunnel

d.

asynchronous

____ 30. Dynamic packet filtering firewalls are ____ generation firewalls.

a.

second

c.

fourth

b.

third

d.

fifth

____ 31. Which of the following statements is NOT true regarding signature-based IDS?

a.

It can detect new types of attack.

b.

Signatures must be constantly updated.

c.

It is also known as knowledge-based IDS.

d.

Duration of attacks may impact matching to signatures.

____ 32. Which method of IDS should NOT be used if the actions of the users or systems on the network vary widely with periods of low activity and periods of frantic packet exchange?

a.

Signature-based

c.

Network-based

b.

Behavior-based

d.

Host-based

____ 33. NetNanny, SurfControl, and Novell Border Manager are examples of ____.

a.

honeypots

c.

vulnerability scanners

b.

packet sniffers

d.

content filters

____ 34. When using the Caesar Cipher, G would transform to ____.

a.

E

c.

I

b.

H

d.

J

____ 35. The process of collecting information, such as the Internet addresses owned or controlled by a target organization in preparation for an attack is known as ____.

a.

sniffing

c.

fingerprinting

b.

scanning

d.

footprinting

____ 36. What is the relationship between the effectiveness and the acceptance of the various biometric authentication systems?

a.

They have an opposite relationship.

b.

They have a parallel relationship.

c.

They have a matching relationship only with signature recognition.

d.

They are not related in any way.

____ 37. Which of the following human characteristics is considered truly unique?

a.

Hand topology

c.

Facial recognition

b.

Retina of the eye

d.

Keyboard dynamics

____ 38. A network channel or connection point in a data communications system is called a ____.

a.

port

c.

starboard

b.

host

d.

waveform

____ 39. Which of the following is responsible for performing risk assessments and implementation reviews for the physical security controls implemented by other groups?

a.

General management

b.

IT management and professionals

c.

Information security management and professionals

d.

Facilities management

____ 40. Which of the following types of detectors is a sensor that detects the infrared or ultraviolet light produced by an open flame?

a.

Thermal

c.

Smoke

b.

Fixed

d.

Flame

____ 41. Which of the following classes of portable extinguishers can extinguish fires that involve ordinary combustible fuels such as wood, paper, textiles, rubber, cloth, and trash?

a.

Class A

c.

Class C

b.

Class B

d.

Class D

____ 42. Which of the following classes of portable extinguishers can extinguish fires with energized electrical equipment or appliances?

a.

Class A

c.

Class C

b.

Class B

d.

Class D

____ 43. A variation of the pre-action system is the ____ system, in which the valves are kept open, and as soon as the first phase is activated, valves allow water to be immediately applied to various areas without waiting for the second phase to trigger the individual heads.

a.

cascade

c.

deluge

b.

saturate

d.

flood

____ 44. Integrated circuits in a computer use between two and ____ volts of electricity.

a.

five

c.

twenty

b.

ten

d.

fifty

____ 45. A ____ works with the primary power source being the battery, and the power feeding from the utility constantly recharges the batteries.

a.

standby or offline UPS

c.

line-interactive UPS

b.

ferroresonant standby UPS

d.

true online UPS

____ 46. Which of the following types of UPS is the most expensive?

a.

Standby or offline UPS

c.

Line-interactive UPS

b.

Ferroresonant standby UPS

d.

True online UPS

____ 47. Which of the following is NOT a method of data interception?

a.

Direct observation

c.

Interception of data transmission

b.

Indirect observation

d.

Electromagnetic interception

____ 48. A ____ lock is used when human safety is not a factor.

a.

fail-safe

c.

bolt-safe

b.

fail-secure

d.

bolt-secure

____ 49. When the power stops flowing to the equipment, which of the following types of UPS kicks in, activating a transfer switch which then provides power from the batteries, through a DC to AC converter, until the power is restored or the computer is shut down?

a.

Standby or offline UPS

c.

True online UPS

b.

Line-interactive UPS

d.

Grounding power supply

____ 50. Fires fueled by combustible liquids or gases, such as solvents, gasoline, paint, lacquer, and oil are rated Class ____.

a.

A

c.

C

b.

B

d.

D

a.

improvement

c.

contingency

b.

recovery

d.

disaster

Explanation / Answer

true The Information in an Incident response plan need not be confidencial. Everyone in the organization these days are trained with Incident response plan so that they could respond to the incident immediately avoiding further breach. true Such an event is preferred to be called as a breach instead of a disaster since the disaster mitigation plan worked and it is no more a disaster true Only the individuals neccesary to respond and report an incident are on alert roster. Putting everyone on alert roster is not required and there is also a chance of Data breach if everyone know about it. true An incident can occur from both inside or outside the organization. But if an attack is happening from outside of the organization then the simplest and quickest way to stop the attack is by disrupting the communication lines so that the outsider wont have access anymore to the internal server systems. false No commercial implementations exist for RAID Level 2. The implementation is inefficient(Very high ratio of ECC disks to Data Disks) and expensive entry cost. RAID Level 2 also have the same transaction rate equal to that of a single disk so this is generally not preferred for commercial implementations

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.