FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 2: Certified Network Defender

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 221

Multiple Choice

Review LaterAdd Note

Review Later

The process of creating a system which divides documents based on their security level to manage access to private data is known as ____________________.

A) security coding
B) Privacy protection
C) data security system
D) data classification

Correct Answer

verified

Show Answer

Question 222

Multiple Choice

Review LaterAdd Note

Review Later

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

A) Ping sweep
B) Nmap
C) Netcraft
D) Dig

Correct Answer

verified

Show Answer

Question 223

Multiple Choice

Review LaterAdd Note

Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server. Your defenses did not hold up to the test as originally thought. As you investigate how the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time. Which technology or solution could you deploy to prevent employees from removing corporate data from your network?

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision?

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

Which of the following information may be found in table top exercises for incident response?

Which represents PROPER separation of duties in the corporate environment?

What will the following URL produce in an unpatched IIS Web Server? Http : //www.thetargetsite.com /scripts/..% co%af../..%co%af../ windows / system32/c md.exe?/ c+dir+c:\

To get an Information Security project back on schedule, which of the following will provide the MOST help?

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

Which of the following is considered the MOST effective tool against social engineering?

What file structure database would you expect to find on floppy disks?

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do. What can John do in this instance?