Quick LinksLogout Surya Kiran Mannava6 Home 1. 2016_SPR_MAIN_Operations Security_22 2. Content 3. Week 6 4. Take Test: Lecture 6 Quiz 2016_SPR_MAIN_Operations Security_22 Home Page Information My Instructor Twitter Feed Content Discussions Communicate Course Messages My Grades Calendar Library Resources Groups Tools Help Take Test: Lecture 6 Quiz Test Information Description Instructions Multiple Attempts This test allows multiple attempts. Force Completion This test can be saved and resumed later. Question Completion Status: Save and Submit Question 1 1. Though the position of CISO may also be known by many other titles, the CISO role itself is the topranking individual with full-time responsibility for information security. True False 10 points Question 2 1. It is often the case that a security manager must make tough management decisions when defining the scope of a program. For example, the manager may need to decide how the program applies to contractors who connect to the company’s systems. True False 10 points Question 3 1. Order the policy framework components from top level (e.g 50,000 feet view) to bottom level (templates and parameters). 2. Standards 1. Policy 4. Guidelines 3. Procedures 10 points Question 4 1. Select the area of the image that best represents the network switches that provide connectivity to this SAN setup. Selected Coordinates 345, 226 Clear 10 points Question 5 1. Which RAID level provides no fault tolerance? RAID 1 RAID 0 RAID 60 RAID 10 10 points Question 6 1. Which of the following RAID levels implement striping? RAID 0 RAID 1 RAID 4 RAID 5 10 points Question 7 1. Choose the RAID level which is least used into today's systems. RAID 1 RAID 3 RAID 5 RAID 6 10 points Question 8 1. Choose the RAID level that implements byte-level striping. RAID 1 RAID 3 RAID 50 RAID 10 10 points Question 9 Week 7 4. True False 10 points Save and Submit Click Save and Submit to save and submit. True False 10 points Question 10 1. Save and Submit Quick Links Logout Surya Kiran Mannava30 Home 1. Redundancy is the fabric of a Fiber Channel SAN is not important since there are multiple hard disk drives implemented in the system. 2016_SPR_MAIN_Operations Security_22 2.1. Click Save All Answers to save all answers. Content 3. Take Test: Lecture 7 Quiz . iSCSI SAN's are much faster than Fiber Channel (FC) SAN's and are therefore more expensive. In the slideset. Question Completion Status: Save and Submit Question 1 1. Altona Manufacturing had a problem that plagued their datacenter. 2016_SPR_MAIN_Operations Security_22 Home Page Information My Instructor Twitter Feed Content Discussions Communicate Course Messages My Grades Calendar Library Resources Groups Tools Help Take Test: Lecture 7 Quiz Test Information Description Instructions Multiple Attempts This test allows multiple attempts. What support system did Altona need to implement to resolve their issue? HVAC Fire suppression Fire detection Power conditioning 10 points . Force Completion This test can be saved and resumed later. VESDA uses the following device to detect particles in the air: Water Filter Laser Photoelectric eye Magnet 10 points Question 5 1. This fire stage actually occurs before fire combustion begins.Question 2 1. Heat Visible smoke Incipient Fast flaming 10 points Question 3 1. HVAC stands for: Heating. which is the least desirable in a datacenter? Halon Carbon Dioxide Halotron Water 10 points Question 4 1. and Air Conditioning Higher Vents for Air Cooling Heating Vents for Air Conditioning . Of the following fire suppressants. Ventilation. 10 points Question 8 1. Installing a household smoke detector in a datacenter is sufficient. Volume. Of the following options. Match the following classes of fire to the proper definition. which is the MOST effective way of destroying data and reducing data remnance? Overwriting Physical Destruction Degaussing Windows Format 10 points Question 7 1. B C. Flammable Liquids and Gases A. Combustible Metals B. Cooking Media E. K C. D E. True False . C D. Live Electrical Equipment B.Heating. Common Combustibles D. and Air Controls 10 points Question 6 1. A A. 2016_SPR_MAIN_Operations Security_22 2.10 points Question 9 1. Save and Submit Quick Links Logout Surya Kiran Mannava18 Home 1. The three factors of a fire are heat. Click Save All Answers to save all answers. combustible materials. A VESDA system can detect fire at the incipient stage. Content 3. Week 9 . True False 10 points Question 10 1. True False 10 points Save and Submit Click Save and Submit to save and submit. and a catalyst (such as oxygen). Force Completion This test can be saved and resumed later.4. POP SMTP HTML IMAP . This protocol provides for the transfer of mail between mail servers. Question Completion Status: Save and Submit Question 1 1. Take Test: Lecture 9 Quiz 2016_SPR_MAIN_Operations Security_22 Home Page Information My Instructor Twitter Feed Content Discussions Communicate Course Messages My Grades Calendar Library Resources Groups Tools Help Take Test: Lecture 9 Quiz Test Information Description Instructions Multiple Attempts This test allows multiple attempts. com 10 points Question 5 1. This protocol allows a user to use one or more devices to view emails saved on the server. the CEO and President of Acme Corporation. POP SMTP HTML IMAP 10 points Question 3 1. However.10 points Question 2 1. just received an email with a link to a sports site from his friend.edu account a sandiego. Dr. In the spam/spoof/phishing email example provided in the lecture. Doe's friend and the link would have attempted to .edu account yahoo. the email is also deleted from the server after download. the email that looked like it was sent from University of the Cumberlands actually came from: a gmail account a valid ucumberlands. POP SMTP HTML IMAP 10 points Question 4 1. After further review. the IT department determines that the email did not originate from Dr. This protocol allows a user to download email off the email server. Doe notices that the destination link does not match the link in the email. Typically. Doe. Dr. after hovering over the link. steal Dr. True False 10 points Question 8 1. Doe's administrative credentials to the financial systems. A secure web URL will start with: http:// ftp:// sftp:// https:// 10 points Question 9 1. A subscription service on a spam firewall allows the firewall to: run faster download the latest email threats database . Hovering over an email link allows us to confirm the link's identity. True False 10 points Question 7 1. Doe may have just been a potential victim of what type of attack? Whale Phishing Attack Firewall Backlash Attack Spear Phishing Attack Financial Audit Attack 10 points Question 6 1. Whale phishing is very generic and intended to attack the general public. Dr. not the SMTP server and the clients. True False 10 points Save and Submit Click Save and Submit to save and submit. a secure transmission only needs to be implemented between the two SMTP servers. See the image below. Click Save All Answers to save all answers.give the admin weekly security magazines process more email 10 points Question 10 1. Save and Submit Quick Links Logout . In this example. Week 11 4. 2016_SPR_MAIN_Operations Security_22 2. .Surya Kiran Mannava41 Home 1. This test can be saved and resumed later. Content 3. Take Test: Lecture 11 Quiz 2016_SPR_MAIN_Operations Security_22 Home Page Information My Instructor Twitter Feed Content Discussions Communicate Course Messages My Grades Calendar Library Resources Groups Tools Help Take Test: Lecture 11 Quiz Test Information Description Instructions Multiple Attempts Force Completion This test allows multiple attempts. What response should this action evoke from the helpdesk admin? The admin should be watchful for further incidents. The database administrator is notified that the DBMS is encountering issues and employees are unable to do their work. 10 points Question 3 1. The admin should follow policy outlining the disciplinary actions taken for this incident. The DBA and the Network Admin are both similar in that: They work in the same office They use the same servers . Under what part of the CIA triad does this issue fall? Avaliability Confidentiality Integrity None of the above 10 points Question 4 1. The admin should nicely tell the employee not to do it again.Question Completion Status: Save and Submit Question 1 1. The helpdesk administrator is notified that one of his employees is asking users for their password when they call in to check their account status. The admin should terminate the employee who asked for passwords. A systems analyst: writes software code designs systems to meet user specifications manages a software implementation directs the IT department 10 points Question 2 1. True False 10 points Question 7 1. Quality assurance and quality control ensure that systems and services comply with accepted standards.Their respective systems are foundational and required by other systems They have the same training 10 points Question 5 1. What principle should be implemented in Jim's office. Jim is the only person on the IT teams and has admin access to all systems. (Choose the best answer) Hire more employees and implement Separation of duties Job rotation . A denial of service attack only affects web servers. How can this be accomplished? Open each file and view the contents Open each file and compare the backup file to the production file Ask each user to review their backup files Run a checksum of the files to determine if they match production without actually viewing the files 10 points Question 6 1. True False 10 points Question 8 1. The backup admin is attempting to confirm that last night's backup files are acceptable. Separation of duties. Save and Submit Quick Links Logout . and mandatory vacation seek to reduce: overworked employees too much employee salary collusion and fraud burnout 10 points Question 10 1. job rotation.Need to know Least priviledge 10 points Question 9 1. Click Save All Answers to save all answers. Mitigating malicious code at the network level is best done by: a switch a router a firewall or unified threat management appliance a gateway 10 points Save and Submit Click Save and Submit to save and submit. Week 10 4. 2016_SPR_MAIN_Operations Security_22 2.Surya Kiran Mannava28 Home 1. This test can be saved and resumed later. Take Test: Lecture 10 Quiz 2016_SPR_MAIN_Operations Security_22 Home Page Information My Instructor Twitter Feed Content Discussions Communicate Course Messages My Grades Calendar Library Resources Groups Tools Help Take Test: Lecture 10 Quiz Test Information Description Instructions Multiple Attempts Force Completion This test allows multiple attempts. . Content 3. White Hat Black Hat Grey Hat Script Kiddie 10 points Question 2 1. This type of attacker follows ethical protocols and stays within the scope of a project to determine whether or not an organization can be attacked and how. This type of seasoned attacker is malicious in nature and usually commits illegal acts. . This type of attacker mostly attempts to perform appropriate actions but does not always follow ethical guidelines.Question Completion Status: Save and Submit Question 1 1. White Hat Black Hat Gray Hat Script Kiddie 10 points Question 4 1. This type of attacker is a moderately skilled but amateur cyberattacker who can wreak havoc on systems. White Hat Black Hat Gray Hat Script Kiddie 10 points Question 3 1. DNS port number: 80 53 443 22 10 points Question 7 1. Secure web traffic (HTTPS) port number: 443 80 53 25 10 points Question 8 .White Hat Black Hat Gray Hat Script Kiddie 10 points Question 5 1. SMTP port number: 80 443 25 53 10 points Question 6 1. Jimmy notices a high risk system that has several vulnerabilities. Putting a username in a password is easier to remember and therefore proper password protocol. Jimmy has been hired by ABC Corp. Immediately notify management of the vulnerable system but take no further actions. The step in the Pen Testing process where the hacker actually attempts to interact with the system is: Discovery Exploitation Reporting Enumeration 10 points Question 9 1. However. 10 points Save and Submit Click Save and Submit to save and submit. Make a post online about the vulnerable system. True False 10 points Question 10 1. Take no action. that system is out of the scope of the project. Click Save All Answers to save all answers. What should Jimmy do? Test the vulnerable system and provide the results to management. During the discovery phase. to perform a penetration test.1. Save and Submit Quick Links Logout . Take Test: Lecture 10 Quiz 2016_SPR_MAIN_Operations Security_22 Home Page Information My Instructor Twitter Feed Content Discussions Communicate Course Messages My Grades Calendar Library Resources Groups Tools Help Take Test: Lecture 10 Quiz Test Information Description Instructions Multiple Attempts Force Completion This test allows multiple attempts. 2016_SPR_MAIN_Operations Security_22 6. Week 10 8. This test can be saved and resumed later. Content 7. .Surya Kiran Mannava28 Home 5. Question Completion Status: Save and Submit Question 1 2. White Hat Black Hat Grey Hat Script Kiddie 10 points Question 2 2. This type of attacker is a moderately skilled but amateur cyberattacker who can wreak havoc on systems. . White Hat Black Hat Gray Hat Script Kiddie 10 points Question 3 2. This type of attacker follows ethical protocols and stays within the scope of a project to determine whether or not an organization can be attacked and how. This type of seasoned attacker is malicious in nature and usually commits illegal acts. This type of attacker mostly attempts to perform appropriate actions but does not always follow ethical guidelines. White Hat Black Hat Gray Hat Script Kiddie 10 points Question 4 2. Secure web traffic (HTTPS) port number: 443 80 53 25 10 points Question 8 . SMTP port number: 80 443 25 53 10 points Question 6 2.White Hat Black Hat Gray Hat Script Kiddie 10 points Question 5 2. DNS port number: 80 53 443 22 10 points Question 7 2. 2. Jimmy has been hired by ABC Corp. to perform a penetration test. However. Take no action. that system is out of the scope of the project. Make a post online about the vulnerable system. Which backup type has a fast restore time and processes a backup for all data changed since the last full backup? . Save and Submit Save and Submit Question 1 1. Jimmy notices a high risk system that has several vulnerabilities. Putting a username in a password is easier to remember and therefore proper password protocol. Immediately notify management of the vulnerable system but take no further actions. True False 10 points Question 10 2. During the discovery phase. 10 points Save and Submit Click Save and Submit to save and submit. What should Jimmy do? Test the vulnerable system and provide the results to management. The step in the Pen Testing process where the hacker actually attempts to interact with the system is: Discovery Exploitation Reporting Enumeration 10 points Question 9 2. Click Save All Answers to save all answers. bell. Question 2 Which of the following represent the three fundamental components of an alarm? Housing. and light Sensor. and air horn Pull box. Which of the following situations best illustrates the process of authentication? A Web site sets users’ passwords to expire every 90 days Using an electronic signature on official documentation When an application sets a limit on the amount of payment a user can approve When a service is made unavailable to a user due to a server crash 2 points Question 4 1. Which RAID level provides mirroring and requires at two drives? 1 3 . control box.Full Incremental Differential Mirror 2 points 1. control and communication. and signal horn 2 points Question 3 1. and enunciator Strobe. whistle. Question 5 Which RAID level provides no redundancy or failure protection and is employs only striping? 6 5 1 0 2 points 1. Which backup type provides the quickest restore time but the slowest backup time? Full Incremental . which is the least secure and oldest method? Magnetic stripe Proximity Card Smart Card Credit Card 2 points Question 7 1.4 5 2 points 1. Question 6 Of these security card types. 2 points Question 9 1. Which of the following is not one of the responsibilities of the CPO? The CPO is responsible for keeping up with privacy laws. Data mirroring is the process of reflecting data in order to increase disk access speeds. A firewall can be an example of a preventative control. Question 8 The most senior leader responsible for managing an organization’s risks is the chief privacy officer (CPO). The CPO also needs to understand how the laws impact business. The CPO must work closely with a technology team to create strong security policies. The CPO must be a lawyer.Differential Mirror 2 points 1. True False 2 points 1. True False 2 points Question 10 1. Question 11 Which of the following items do HVAC systems not control? Temperature . In order to have a successful backup plan. Question 13 Intrusion Detection Systems (IDS) are designed to alert the admin of a potential issue but do not make any proactive changes to the system. the information owner must determine availability requirements. True False 2 points 1. Question 14 Availability ensures information is available to authorized users and devices. Question 15 An Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) function exactly the same but just have different terms associated to them. True False 2 points 1. .Humidity Air pollution and contamination Power protection 2 points Question 12 1. backups must be tested regularly. The owner must determine who needs access to the data and when. True False 2 points 1. Initially. True False 2 points Question 16 1. Information systems security Policy framework Change management Policy principles document . What fire classification would be the most likely culprit in a datacenter fire? A B C D 2 points 1. Question 18 ___________________ is the act of protecting information and the systems that store and process it. Which RAID level can survive two drive failures without the entire RAID failing? 0 1 5 6 2 points Question 17 1. Deter 4. which can be a process or a method for implementing a solution. True False 2 points Question 21 . Respond 1. 5. Correctly order the steps of a physical security system. Delay 2 points Question 20 1. Assess 3. Policies. often become the measuring stick by which an organization is evaluated for compliance. Detect 2.2 points Question 19 1. Which of the following is an early smoke detection system based on laser smoke detection? VESDA Simplex Honeywell First Alert 2 points 1. Question 22 Locard's Exchange Principle states that "when a crime is committed.1. breach residual risk . the perpetrators leave something behind and take something with them". Question 23 CCTV stands for: Circular Conduit TV Closed Conduit TV Circular Circuit TV Closed Circuit TV 2 points Question 24 1. or availability of information. A(n) ___________________ is a confirmed event that compromises the confidentiality. True False 2 points 1. integrity. corrective automated .operational deviation threat 2 points 1. but they function on the network in completely different ways. the control is considered _______________. True False 2 points Question 26 1. ___________________ has emerged as major technology. It provides a way of buying software. and platform services on someone else’s network. True False 2 points Question 27 1. Integrity ensures that only authorized individuals are able to access information. Question 25 A SAN and a NAS are both types of network storage. remote access domain social networking cloud computing web graffiti 2 points 1. Question 28 If human action is required. In recent years. infrastructure. the hard drive from their workstation was retrieved for archival purposes per the security policy guidelines. Question 31 Which RAID level employs block-level striping and distributed parity. The maximum archival time has now elapsed and the drive should be destroyed. Question 29 Which backup type only processes new or modified files and folders? Full Incremental Differential Mirror 2 points 1. What is the most effective way to destroy the data on the drive? Degauss and physical destruction Format using Windows format Overwrite Reuse the drive 2 points 1. Question 30 An employee was recently terminated. After the termination. requires at least three disks.manual preventative 2 points 1. 0 4 5 . and can survive a single-disk failure. Heat 3. Question 32 Order the four stages of fire development. Incipient 4. Visible smoke 1. 2. Question 33 Backups can be an example of a corrective control when used for restoration purposes. Fast flaming 2 points 1. True False 2 points Question 34 .6 2 points 1. Authentication of a workstation and encryption of wireless traffic are issues that belong to which of the following two domains? LAN and WAN workstation and LAN LAN-WAN and remote access workstation and WAN . True False 2 points 1. Question 35 RAID is important in small home/office computers but is not employed in large corporate datacenters.1. True False 2 points 1. An admin is assigned to review logs on a daily basis. Question 36 Which of the following drive types have no moving parts and therefore have a longer mean time between failures? Legacy hard drive Spindle hard drive Solid state hard drive Super state hard drive 2 points Question 37 1. This is an example of a detective control. Regular updates Awareness Technically knowledgeable staff A list of all possible attacks 2 points 1. True False 2 points Question 41 1. Question 39 A policy defining security awareness training has recently been drafted by your organization. What type of control does the firewall represent? Physical . A UPS is designed to provide clean and steady power to electronic equipment. Your team is in charge of implementing and maintaining a network firewall. Which of the following is not required for effective IDS managment.2 points Question 38 1. What type of control does this respresent? Physical Administrative/Procedural Technical Backup 2 points Question 40 1. such as when traveling across a network. True False 2 points Question 44 1. such as on a backup tape. A A. Combustible Metals B C. True False 2 points Question 43 1. Match the fire classification letter to the fire type. Flammable Liquids and Gases E. Live Electrical Equipment D . Common Combustibles C D. Cooking Media edcba B.Administrative/Procedural Technical Backup 2 points Question 42 1. or data in transit. Data exists generally in one of two states: data at rest. Degaussing requires a high strength magnetic field. such as a smartphone. workstation. you are not aware of the transfer and no procedures are completed on the computer before the transfer. Which security card type employs a small radio transmitter to transfer a signal to a nearby reader? Magnetic Stripe Proximity Card Smart Card Credit Card 2 points 1.K 2 points Question 45 1. that machine is going to be reallocated to another staff member and the new director will receive a new machine. your organizations HR director has retired. which includes but is not limited to mean any smart device in the end user’s physical possession and any device accessed by the end user. Question 47 The _______________ domain refers to any endpoint device used by end users. After many years of service. Since the director's machine was newly purchased. Which security standard has been violated? Recoverability Intrusion prevention Object reuse and/or contamination Acceptable use policy 2 points Question 46 1. laptop. or mobile device . As a security admin. How many hours of fuel should the generator have at minimum? 12 hours 18 hours 24 hours 48 hours 2 points Question 49 1. . A door lock is damaged and in need of repair. A vulnerability is a human-caused or natural event that could impact the system. whereas a risk is a weakness in a system that can be exploited. you ensure that backup generators have enough fuel to meet standards. You are in charge of a mission-critical data center. What type of control does the door lock represent? Physical Administrative/Procedural Technical Backup 2 points Question 50 1.workstation user remote access system/application 2 points Question 48 1. As part of your checklist. . Click Save All Answers to save all answers.True False 2 points Save and Submit Click Save and Submit to save and submit.