MIS 170 exam 1

rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? A. COnfidentiality B. Integrity C. Availability D. Nonrepudiation

Juan's web server was down for an entire day last september. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? A. 96.67% B. 3.33% C. 99.96% D. .04%

which mitigation plan is the least appropriate to limit the risk of unauthorized access to workstations? A. Enable Password Protection B. Enable Automatic Screen lockouts C. Disable system administration rights for end user D. Install and update antivirus software

Which one of the following is not a good technique for performing authentication of an end user? A. Password B. Biometric scan C. Identification number D. Token

to reduce the risk of compromised confidentiality of data transmissions over a wlan, implement encryption between the workstation and wireless access point (WAP).

an intrusion prevention system (IPS) examines internet protocol (IP) data streams for signs of malicious activity and can block those streams identified as malicious. IPSs can end the actual communication session, filter by source IP addresses, and block access to the targeted host.

IT security guidelines are short written statements that the people in charge of an organization have set as a course of action or direction. A guideline comes from upper management and applies to the entire organization.

cryptography is the process of transforming data from cleartext to ciphertext

which term describes an action that can damage or compromise an asset? A. RIsk B. Vulnerability C. Countermeasure D. Threat

which type of attack involves the creation of some deception in order to trick unsuspecting users? A. Intersection B. INterruption C. Fabrication D. Modification

an internet protocol (IP) stateful firewall is a security appliance that is used to filter IP packets and block unwanted IP, Transmission control Protocol, and user datagram protocol packet types from entering or leaving the network.

organizations should start defining their IT security policy framework by defining an asset classification policy.

which type of attack against a web application uses a newly discovered vulnerability that is not patchable? A. SQL Injection B. Cross-Site Scripting C. Cross-Site request forgery D. Zero-day Attack

brian notices an attack taking place on his network. when he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging media access control addresses. which type of attack is most likely taking place? A. address resolution protocol (ARP) poisoning B. Internet Protocol IP Spoofing C. URL Hijacking D. Christmas Attack

A port scanner is a software program that enables a computer to monitor and capture network traffic, whether on a LAN or wireless network.

flooding attacks, such as smurf and syn flood attacks, attacks use software flaws to crash or seriously hinder the performance of remote servers.

which one of the following is an example of a logical access control? A. key for a lock B. Access card C. Password D. Fence

in a session hijacking attack, the attacker attempts to take over an existing connection between two network computers.

which type of authentication includes smart cards? A. Knowledge B. Ownership C. Location D. Action

Which characteristic of a biometric system measures the system's accuracy using a balance of a different error types? A. False acceptance rate ( FAR) B. False rejection rate (FRR) C. Crossover error rate ( CER) D. Reaction time

A worm is malware that masquerades as a useful program. It uses its outward appearance to trick users into running them. It looks like a programs that perform useful tasks, but actually it hides a malicious code

an alteration threat violates information integrity

which of the following is an example of a hardware security control? A. NTFS permission B. MAC filtering C. ID badge D. Security policy

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. WHich model fits that scenario? A. Discretionary access control (DAC) B. Mandatory access control (MAC) C. Rule-based access control D. Role-based access control (RBAC)

tomahawk industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter the access codes before allowing the system to engage. Which principlpe of security is this following? A. Least privilege B. Security through obscurity C. Need to Know D. Separation of dutuies

Man-in-the-middle attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

The security kernel provides a central point of access control and implements the reference monitor concept. It mediates all access requests and requests and permits access only when the appropriate rules or conditions are met.

Kerberos uses both key distribution centers (KDCs) and ticket-granting servers (TGSs) in the authentication and authorization process to provide legitimate users with access to systems appropriate to their authorization level

which security model does protect the confidentiality of information? A. BIBA B. Bell-LaPadula C. Brewer and Nash D. Clark-Wilson

Remote Authentication Dial-In User Service (RADIUS) offers authentication, authorization, and accounting (AAA) services

A dictionary attack works by hashing all the words in a dictionary then comparing the hashed value with the system password file to discover a match.

what type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature? A. RSA B. Decryption C. Encryption D. Hash

Alice would like to send a message to Bob using a digital signature. What cryptographic key does alice use to create the digital signature? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key

Message authentication confirms the identity of the person who started a correspondence.