Which network device is capable of blocking network connections that are identified as potentially malicious?

A. Intrusion detection system (IDS)

B. Intrusion prevention system (IPS)

C. Demilitarized zone (DMZ)

D. Web server

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

A. Policy

B. Standard

C. Guideline

D. Procedure

Which element of the security policy framework offers suggestions rather than mandatory actions?

A. Policy

B. Standard

C. Guideline

D. Procedure

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?

A. Policy

B. Standard

C. Guideline

D. Procedure

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?

A. Security

B. Privacy

C. Interoperability

D. Compliance

Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?

A. Platform as a Service (PaaS)

B. Software as a Service (SaaS)

C. Communications as a Service (CaaS)

D. Infrastructure as a Service (IaaS)

Which one of the following is NOT an example of store-and-forward messaging?

A. Telephone call

B. Voicemail

C. Unified messaging

D. Email

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?

A. Applying security updates promptly

B. Using encryption for communications

C. Removing IoT devices from the network

D. Turning IoT devices off when not in use

Which one of the following governs the use of Internet of Things (IoT) by health care providers, such as physicians and hospitals?

A. Payment Card Industry Data Security Standard (PCI DSS)

B. Federal Financial Institutions Examination Council (FFIEC)

C. Federal Information Security Management Act (FISMA)

D. Health Insurance Portability and Accountability Act (HIPAA)

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?

A. Replacement cost

B. Opportunity cost

C. Manpower cost

D. Cost of good sold

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

A. SYN flood attack

B. Smurf attack

C. Logic attack

D. Flooding attack

Which term describes an action that can damage or compromise an asset?

A. Risk

B. Vulnerability

C. Countermeasure

D. Threat

Which password attack is typically used specifically against password files that contain cryptographic hashes?

A. Brute-force attacks

B. Dictionary attacks

C. Birthday attacks

D. Social engineering attacks

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?

A. SQL injection

B. Cross-site scripting

C. Cross-site request forgery

D. Zero-day attack

Which control is not designed to combat malware?

A. Firewalls

B. Antivirus software

C. Awareness and education efforts

D. Quarantine computers

Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking?

A. Integrity

B. Availability

C. Accounting

D. Confidentiality

What is NOT a typical sign of virus activity on a system?

A. Unexplained decrease in available disk space

B. Unexpected error messages

C. Unexpected power failures

D. Sudden sluggishness of applications

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

A. Polymorphic virus

B. Stealth virus

C. Cross-platform virus

D. Multipartite virus

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?

A. Spear phishing

B. Pharming

C. Adware

D. Command injection

What is NOT one of the four main purposes of an attack?

A. Denial of availability

B. Data import

C. Data modification

D. Launch point

What type of system is intentionally exposed to attackers in an attempt to lure them out?

A. Honeypot

B. Bastion host

C. Web server

D. Database server

What type of malicious software allows an attacker to remotely control a compromised computer?

A. Worm

B. Polymorphic virus

C. Remote Access Tool (RAT)

D. Armored virus

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

A. Confidentiality

B. Integrity

C. Availability

D. Nonrepudiation