Professional Documents
Culture Documents
Logout
Hom
CoursesTab 2 of 2 (active tab)
e
1. 2016_SPR_MAIN_Operations Security_22
2. Content
3. Week 6
4. Take Test: Lecture 6 Quiz
2016_SPR_MAIN_Operations Security_22
Home Page
Information
My Instructor
Twitter Feed
Content
Discussions
Communicate
Course Messages
My Grades
Calendar
Library Resources
Groups
Tools
Help
Take Test: Lecture 6 Quiz
Test Information
Description
Instructions
Multiple Attempts This test allows multiple attempts.
Force Completion This test can be saved and resumed later.
Question Completion Status:
Save and Submit
Question 1
1. Though the position of CISO may also be known by many
other titles, the CISO role itself is the top-ranking individual
with full-time responsibility for information security.
True
False
10 points
Question 2
1. It is often the case that a security manager must make tough
management decisions when defining the scope of a program.
For example, the manager may need to decide how the program
applies to contractors who connect to the company’s systems.
True
False
10 points
Question 3
1. Order the policy framework components from top level (e.g
50,000 feet view) to bottom level (templates and parameters).
2.
Standards
1.
Policy
4.
Guidelines
3.
Procedures
10 points
Question 4
1. Select the area of the image that best represents the network
switches that provide connectivity to this SAN setup.
10 points
Question 5
1. Which RAID level provides no fault tolerance?
RAID 1
RAID 0
RAID 60
RAID 10
10 points
Question 6
1. Which of the following RAID levels implement striping?
RAID 0
RAID 1
RAID 4
RAID 5
10 points
Question 7
1. Choose the RAID level which is least used into today's
systems.
RAID 1
RAID 3
RAID 5
RAID 6
10 points
Question 8
1. Choose the RAID level that implements byte-level striping.
RAID 1
RAID 3
RAID 50
RAID 10
10 points
Question 9
1. Redundancy is the fabric of a Fiber Channel SAN is not
important since there are multiple hard disk drives implemented
in the system.
True
False
10 points
Question 10
1. iSCSI SAN's are much faster than Fiber Channel (FC) SAN's
and are therefore more expensive.
True
False
10 points
Quick Links
Logout
Hom
CoursesTab 2 of 2 (active tab)
e
1. 2016_SPR_MAIN_Operations Security_22
2. Content
3. Week 7
4. Take Test: Lecture 7 Quiz
2016_SPR_MAIN_Operations Security_22
Home Page
Information
My Instructor
Twitter Feed
Content
Discussions
Communicate
Course Messages
My Grades
Calendar
Library Resources
Groups
Tools
Help
Take Test: Lecture 7 Quiz
Test Information
Description
Instructions
Multiple Attempts This test allows multiple attempts.
Force Completion This test can be saved and resumed later.
Question Completion Status:
Save and Submit
Question 1
1. In the slideset, Altona Manufacturing had a problem that
plagued their datacenter. What support system did Altona need
to implement to resolve their issue?
HVAC
Fire suppression
Fire detection
Power conditioning
10 points
Question 2
1. This fire stage actually occurs before fire combustion begins.
Heat
Visible smoke
Incipient
Fast flaming
10 points
Question 3
1. Of the following fire suppressants, which is the least desirable
in a datacenter?
Halon
Carbon Dioxide
Halotron
Water
10 points
Question 4
1. VESDA uses the following device to detect particles in the air:
Water Filter
Laser
Photoelectric eye
Magnet
10 points
Question 5
1. HVAC stands for:
10 points
Question 6
1. Of the following options, which is the MOST effective way of
destroying data and reducing data remnance?
Overwriting
Physical Destruction
Degaussing
Windows Format
10 points
Question 7
1. Match the following classes of fire to the proper definition.
A A Combustible Metals
D. .
B B. Common Combustibles
A.
C. Flammable Liquids and Gases
C
B. D Cooking Media
D.
E. E. Live Electrical Equipment
K
C.
10 points
Question 8
1. Installing a household smoke detector in a datacenter is
sufficient.
True
False
10 points
Question 9
1. The three factors of a fire are heat, combustible materials, and a
catalyst (such as oxygen).
True
False
10 points
Question 10
1. A VESDA system can detect fire at the incipient stage.
True
False
10 points
Quick Links
Logout
Hom
CoursesTab 2 of 2 (active tab)
e
1. 2016_SPR_MAIN_Operations Security_22
2. Content
3. Week 9
4. Take Test: Lecture 9 Quiz
2016_SPR_MAIN_Operations Security_22
Home Page
Information
My Instructor
Twitter Feed
Content
Discussions
Communicate
Course Messages
My Grades
Calendar
Library Resources
Groups
Tools
Help
Take Test: Lecture 9 Quiz
Test Information
Description
Instructions
Multiple This test allows multiple attempts.
Attempts
Force Completion This test can be saved and resumed later.
Question Completion Status:
Save and Submit
Question 1
1. This protocol provides for the transfer of mail between mail servers.
POP
SMTP
HTML
IMAP
10 points
Question 2
1. This protocol allows a user to download email off the email server.
Typically, the email is also deleted from the server after download.
POP
SMTP
HTML
IMAP
10 points
Question 3
1. This protocol allows a user to use one or more devices to view emails
saved on the server.
POP
SMTP
HTML
IMAP
10 points
Question 4
1. In the spam/spoof/phishing email example provided in the lecture, the
email that looked like it was sent from University of
the Cumberlands actually came from:
a gmail account
a valid ucumberlands.edu account
a sandiego.edu account
yahoo.com
10 points
Question 5
1. Dr. Doe, the CEO and President of Acme Corporation, just received an
email with a link to a sports site from his friend. However, after hovering
over the link, Dr. Doe notices that the destination link does not match the
link in the email. After further review, the IT department determines that
the email did not originate from Dr. Doe's friend and the link would have
attempted to steal Dr. Doe's administrative credentials to the financial
systems. Dr. Doe may have just been a potential victim of what type of
attack?
Whale Phishing Attack
Firewall Backlash Attack
Spear Phishing Attack
Financial Audit Attack
10 points
Question 6
1. Whale phishing is very generic and intended to attack the general public.
True
False
10 points
Question 7
1. Hovering over an email link allows us to confirm the link's identity.
True
False
10 points
Question 8
1. A secure web URL will start with:
http://
ftp://
sftp://
https://
10 points
Question 9
1. A subscription service on a spam firewall allows the firewall to:
run faster
10 points
Question 10
1. See the image below. In this example, a secure transmission only needs to
be implemented between the two SMTP servers, not the SMTP server and
the clients.
True
False
10 points
Quick Links
Logout
Hom
CoursesTab 2 of 2 (active tab)
e
1. 2016_SPR_MAIN_Operations Security_22
2. Content
3. Week 11
4. Take Test: Lecture 11 Quiz
2016_SPR_MAIN_Operations Security_22
Home Page
Information
My Instructor
Twitter Feed
Content
Discussions
Communicate
Course Messages
My Grades
Calendar
Library Resources
Groups
Tools
Help
Take Test: Lecture 11 Quiz
Test Information
Description
Instructions
Multiple This test allows multiple attempts.
Attempts
Force Completion This test can be saved and resumed later.
Question Completion Status:
Save and Submit
Question 1
1. A systems analyst:
10 points
Question 2
1. The helpdesk administrator is notified that one of his employees is asking
users for their password when they call in to check their account status.
What response should this action evoke from the helpdesk admin?
The admin should be watchful for further incidents.
The admin should terminate the employee who asked for passwords.
The admin should follow policy outlining the disciplinary actions taken for this incident.
The admin should nicely tell the employee not to do it again.
10 points
Question 3
1. The database administrator is notified that the DBMS is encountering
issues and employees are unable to do their work. Under what part of the
CIA triad does this issue fall?
Avaliability
Confidentiality
Integrity
10 points
Question 5
1. The backup admin is attempting to confirm that last night's backup files
are acceptable. How can this be accomplished?
Open each file and view the contents
Open each file and compare the backup file to the production file
Run a checksum of the files to determine if they match production without actually
viewing the files
10 points
Question 6
1. A denial of service attack only affects web servers.
True
False
10 points
Question 7
1. Quality assurance and quality control ensure that systems and services
comply with accepted standards.
True
False
10 points
Question 8
1. Jim is the only person on the IT teams and has admin access to all systems.
What principle should be implemented in Jim's office. (Choose the best
answer)
Hire more employees and implement Separation of duties
Job rotation
Need to know
Least priviledge
10 points
Question 9
1. Separation of duties, job rotation, and mandatory vacation seek to reduce:
overworked employees
burnout
10 points
Question 10
1. Mitigating malicious code at the network level is best done by:
a switch
a router
a gateway
10 points
Quick Links
Logout
Surya Kiran Mannava28
Hom
CoursesTab 2 of 2 (active tab)
e
1. 2016_SPR_MAIN_Operations Security_22
2. Content
3. Week 10
4. Take Test: Lecture 10 Quiz
2016_SPR_MAIN_Operations Security_22
Home Page
Information
My Instructor
Twitter Feed
Content
Discussions
Communicate
Course Messages
My Grades
Calendar
Library Resources
Groups
Tools
Help
Take Test: Lecture 10 Quiz
Test Information
Description
Instructions
Multiple This test allows multiple attempts.
Attempts
Force Completion This test can be saved and resumed later.
Question Completion Status:
Save and Submit
Question 1
1. This type of seasoned attacker is malicious in nature and usually
commits illegal acts.
White Hat
Black Hat
Grey Hat
Script Kiddie
10 points
Question 2
1. This type of attacker is a moderately skilled
but amateur cyberattacker who can wreak havoc on systems.
White Hat
Black Hat
Gray Hat
Script Kiddie
10 points
Question 3
1. This type of attacker mostly attempts to perform appropriate actions but
does not always follow ethical guidelines.
White Hat
Black Hat
Gray Hat
Script Kiddie
10 points
Question 4
1. This type of attacker follows ethical protocols and stays within the scope
of a project to determine whether or not an organization can be attacked
and how.
White Hat
Black Hat
Gray Hat
Script Kiddie
10 points
Question 5
1. SMTP port number:
80
443
25
53
10 points
Question 6
1. DNS port number:
80
53
443
22
10 points
Question 7
1. Secure web traffic (HTTPS) port number:
443
80
53
25
10 points
Question 8
1. The step in the Pen Testing process where the hacker actually attempts to
interact with the system is:
Discovery
Exploitation
Reporting
Enumeration
10 points
Question 9
1. Putting a username in a password is easier to remember and therefore
proper password protocol.
True
False
10 points
Question 10
1. Jimmy has been hired by ABC Corp. to perform a penetration test. During
the discovery phase, Jimmy notices a high risk system that has several
vulnerabilities. However, that system is out of the scope of the project.
What should Jimmy do?
Test the vulnerable system and provide the results to management.
Make a post online about the vulnerable system.
Immediately notify management of the vulnerable system but take no further actions.
Take no action.
10 points
Quick Links
Logout
Surya Kiran Mannava28
Hom
CoursesTab 2 of 2 (active tab)
e
5. 2016_SPR_MAIN_Operations Security_22
6. Content
7. Week 10
8. Take Test: Lecture 10 Quiz
2016_SPR_MAIN_Operations Security_22
Home Page
Information
My Instructor
Twitter Feed
Content
Discussions
Communicate
Course Messages
My Grades
Calendar
Library Resources
Groups
Tools
Help
Take Test: Lecture 10 Quiz
Test Information
Description
Instructions
Multiple This test allows multiple attempts.
Attempts
Force Completion This test can be saved and resumed later.
Question Completion Status:
Save and Submit
Question 1
2. This type of seasoned attacker is malicious in nature and usually
commits illegal acts.
White Hat
Black Hat
Grey Hat
Script Kiddie
10 points
Question 2
2. This type of attacker is a moderately skilled
but amateur cyberattacker who can wreak havoc on systems.
White Hat
Black Hat
Gray Hat
Script Kiddie
10 points
Question 3
2. This type of attacker mostly attempts to perform appropriate actions but
does not always follow ethical guidelines.
White Hat
Black Hat
Gray Hat
Script Kiddie
10 points
Question 4
2. This type of attacker follows ethical protocols and stays within the scope
of a project to determine whether or not an organization can be attacked
and how.
White Hat
Black Hat
Gray Hat
Script Kiddie
10 points
Question 5
2. SMTP port number:
80
443
25
53
10 points
Question 6
2. DNS port number:
80
53
443
22
10 points
Question 7
2. Secure web traffic (HTTPS) port number:
443
80
53
25
10 points
Question 8
2. The step in the Pen Testing process where the hacker actually attempts to
interact with the system is:
Discovery
Exploitation
Reporting
Enumeration
10 points
Question 9
2. Putting a username in a password is easier to remember and therefore
proper password protocol.
True
False
10 points
Question 10
2. Jimmy has been hired by ABC Corp. to perform a penetration test. During
the discovery phase, Jimmy notices a high risk system that has several
vulnerabilities. However, that system is out of the scope of the project.
What should Jimmy do?
Test the vulnerable system and provide the results to management.
Make a post online about the vulnerable system.
Immediately notify management of the vulnerable system but take no further actions.
Take no action.
10 points
Full
Incremental
Differential
Mirror
2 points
Question 2
1. Which of the following represent the three fundamental components of an alarm?
2 points
Question 3
1. Which of the following situations best illustrates the process of authentication?
When an application sets a limit on the amount of payment a user can approve
2 points
Question 4
1. Which RAID level provides mirroring and requires at two drives?
5
2 points
Question 5
1. Which RAID level provides no redundancy or failure protection and is employs only
striping?
2 points
Question 6
1. Of these security card types, which is the least secure and oldest method?
Magnetic stripe
Proximity Card
Smart Card
Credit Card
2 points
Question 7
1. Which backup type provides the quickest restore time but the slowest backup time?
Full
Incremental
Differential
Mirror
2 points
Question 8
1. The most senior leader responsible for managing an organization’s risks is the chief
privacy officer (CPO). Which of the following is not one of the responsibilities of the CPO?
The CPO also needs to understand how the laws impact business.
The CPO must work closely with a technology team to create strong security policies.
2 points
Question 9
1. A firewall can be an example of a preventative control.
True
False
2 points
Question 10
1. Data mirroring is the process of reflecting data in order to increase disk access speeds.
True
False
2 points
Question 11
1. Which of the following items do HVAC systems not control?
Temperature
Humidity
Air pollution and contamination
Power protection
2 points
Question 12
1. In order to have a successful backup plan, backups must be tested regularly.
True
False
2 points
Question 13
1. Intrusion Detection Systems (IDS) are designed to alert the admin of a potential issue
but do not make any proactive changes to the system.
True
False
2 points
Question 14
1. Availability ensures information is available to authorized users and devices. Initially,
the information owner must determine availability requirements. The owner must determine
who needs access to the data and when.
True
False
2 points
Question 15
1. An Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) function
exactly the same but just have different terms associated to them.
True
False
2 points
Question 16
1. Which RAID level can survive two drive failures without the entire RAID failing?
2 points
Question 17
1. What fire classification would be the most likely culprit in a datacenter fire?
A
2 points
Question 18
1. ___________________ is the act of protecting information and the systems that store
and process it.
Policy framework
Change management
2 points
Question 19
1. Correctly order the steps of a physical security system.
5.
Respond
1.
Deter
4.
Assess
3.
Detect
2.
Delay
2 points
Question 20
1. Policies, which can be a process or a method for implementing a solution, often
become the measuring stick by which an organization is evaluated for compliance.
True
False
2 points
Question 21
1. Which of the following is an early smoke detection system based on laser smoke
detection?
VESDA
Simplex
Honeywell
First Alert
2 points
Question 22
1. Locard's Exchange Principle states that "when a crime is committed, the perpetrators
leave something behind and take something with them".
True
False
2 points
Question 23
1. CCTV stands for:
Circular Conduit TV
Closed Conduit TV
Circular Circuit TV
Closed Circuit TV
2 points
Question 24
1. A(n) ___________________ is a confirmed event that compromises the
confidentiality, integrity, or availability of information.
breach
residual risk
operational deviation
threat
2 points
Question 25
1. A SAN and a NAS are both types of network storage, but they function on the
network in completely different ways.
True
False
2 points
Question 26
1. Integrity ensures that only authorized individuals are able to access information.
True
False
2 points
Question 27
1. In recent years, ___________________ has emerged as major technology. It provides
a way of buying software, infrastructure, and platform services on someone else’s network.
cloud computing
web graffiti
2 points
Question 28
1. If human action is required, the control is considered _______________.
corrective
automated
manual
preventative
2 points
Question 29
1. Which backup type only processes new or modified files and folders?
Full
Incremental
Differential
Mirror
2 points
Question 30
1. An employee was recently terminated. After the termination, the hard drive from
their workstation was retrieved for archival purposes per the security policy guidelines. The
maximum archival time has now elapsed and the drive should be destroyed. What is the most
effective way to destroy the data on the drive?
Overwrite
Question 31
1. Which RAID level employs block-level striping and distributed parity, requires at
least three disks, and can survive a single-disk failure.
0
2 points
Question 32
1. Order the four stages of fire development.
2.
Visible smoke
1.
Incipient
4.
Heat
3.
Fast flaming
2 points
Question 33
1. Backups can be an example of a corrective control when used for restoration
purposes.
True
False
2 points
Question 34
1. An admin is assigned to review logs on a daily basis. This is an example of a
detective control.
True
False
2 points
Question 35
1. RAID is important in small home/office computers but is not employed in large
corporate datacenters.
True
False
2 points
Question 36
1. Which of the following drive types have no moving parts and therefore have a longer
mean time between failures?
2 points
Question 37
1. Authentication of a workstation and encryption of wireless traffic are issues that
belong to which of the following two domains?
2 points
Question 38
1. Which of the following is not required for effective IDS managment.
Regular updates
Awareness
Technically knowledgeable staff
2 points
Question 39
1. A policy defining security awareness training has recently been drafted by your
organization. What type of control does this respresent?
Physical
Administrative/Procedural
Technical
Backup
2 points
Question 40
1. A UPS is designed to provide clean and steady power to electronic equipment.
True
False
2 points
Question 41
1. Your team is in charge of implementing and maintaining a network firewall. What
type of control does the firewall represent?
Physical
Administrative/Procedural
Technical
Backup
2 points
Question 42
1. Degaussing requires a high strength magnetic field.
True
False
2 points
Question 43
1. Data exists generally in one of two states: data at rest, such as on a backup tape,
or data in transit, such as when traveling across a network.
True
False
2 points
Question 44
1. Match the fire classification letter to the fire type.
A A Cooking Media
.
edcba
B. Combustible Metals
B
C. Common Combustibles
C
D Flammable Liquids and Gases
D.
E. Live Electrical Equipment
K
2 points
Question 45
1. After many years of service, your organizations HR director has retired. Since
the director's machine was newly purchased, that machine is going to be reallocated
to another staff member and the new director will receive a new machine. As a
security admin, you are not aware of the transfer and no procedures are completed
on the computer before the transfer. Which security standard has been violated?
Recoverability
Intrusion prevention
2 points
Question 46
1. Which security card type employs a small radio transmitter to transfer a signal to a
nearby reader?
Magnetic Stripe
Proximity Card
Smart Card
Credit Card
2 points
Question 47
1. The _______________ domain refers to any endpoint device used by end users,
which includes but is not limited to mean any smart device in the end user’s physical
possession and any device accessed by the end user, such as a smartphone, laptop,
workstation, or mobile device
workstation
user
remote access
system/application
2 points
Question 48
1. You are in charge of a mission-critical data center. As part of your checklist, you
ensure that backup generators have enough fuel to meet standards. How many hours of fuel
should the generator have at minimum?
12 hours
18 hours
24 hours
48 hours
2 points
Question 49
1. A door lock is damaged and in need of repair. What type of control does the door
lock represent?
Physical
Administrative/Procedural
Technical
Backup
2 points
Question 50
1. A vulnerability is a human-caused or natural event that could impact the system,
whereas a risk is a weakness in a system that can be exploited.
True
False
2 points