100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
IAS FINAL EXAM – COMPREHENSIVE QUESTIONS $13.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. IAS
  4.  
  5. IAS

Exam (elaborations)

IAS FINAL EXAM – COMPREHENSIVE QUESTIONS

 3 views  0 purchase
  • Course
  • IAS
  • Institution
  • IAS

IAS FINAL EXAM – COMPREHENSIVE QUESTIONS

Preview 4 out of 35  pages

Document information

  • September 5, 2024
  • 35
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • ias final exam comprehensive questions

Written for

  • IAS
  • IAS

Seller

avatar-seller
GEEKA

Reviews received

Content preview

IAS FINAL EXAM – COMPREHENSIVE QUESTIONS
What measures the average amount of time between failures for a particular system?
A. Uptime
B. Recovery time objective (RTO)
C. Mean time to failure (MTTF)
D. Mean time to repair (MTTR) - Answers -C. Mean time to failure (MTTF)

Remote access security controls help to ensure that the user connecting to an
organization's network is who the user claims to be. A username is commonly used for
_______, whereas a biometric scan could be used for _______.
A. identification, authentication
B. authorization, accountability
C. identification, authorization
D. authentication, authorization - Answers -A. identification, authentication

A brute-force password attack and the theft of a mobile worker's laptop are risks most
likely found in which domain of a typical IT infrastructure?
A. Local Area Network (LAN) Domain
B. Workstation Domain
C. Remote Access Domain
D. User Domain - Answers -C. Remote Access Domain

In which domain of a typical IT infrastructure is the first layer of defense for a layered
security strategy?
A. Workstation Domain
B. Local Area Network (LAN) Domain
C. User Domain
D. System/Application Domain - Answers -C. User Domain

Rachel is investigating an information security incident that took place at the high school
where she works. She suspects that students may have broken into the student records
system and altered their grades. If that is correct, which one of the tenets of information
security did this attack violate?
A. Integrity
B. Nonrepudiation
C. Confidentiality
D. Availability - Answers -A. Integrity

Which network device is designed to block network connections that are identified as
potentially malicious?
A. Intrusion detection system (IDS)
B. Intrusion prevention system (IPS)
C. Router
D. Web server - Answers -B. Intrusion prevention system (IPS)

,Which security control is most helpful in protecting against eavesdropping on wide area
network (WAN) transmissions?
A. Deploying an intrusion detection system/intrusion prevention system (IDS/IPS)
B. Applying filters on exterior Internet Protocol (IP) stateful firewalls
C. Encrypting transmissions with virtual private networks (VPNs)
D. Blocking Transmission Control Protocol (TCP) synchronize (SYN) open connections
- Answers -C. Encrypting transmissions with virtual private networks (VPNs)

What is a U.S. federal government classification level that applies to information that
would cause serious damage to national security if it were disclosed?
A. Top secret
B. Confidential
C. Secret
D. Private - Answers -C. Secret

What is a primary risk to the Workstation Domain, the Local Area Network (LAN)
Domain, and the System/Application Domain?
A. Unauthorized network probing and port scanning
B. Unauthorized access to systems
C. Downtime of IT systems for an extended period after a disaster
D. Mobile worker token or other authentication stolen - Answers -B. Unauthorized
access to systems

Which term describes the level of exposure to some event that has an effect on an
asset, usually the likelihood that something bad will happen to an asset?
A. Threat
B. Countermeasure
C. Risk
D. Vulnerability - Answers -C. Risk

Which compliance obligation includes security requirements that apply specifically to the
European Union?
A. Gramm-Leach-Bliley Act (GLBA)
B. Health Insurance Portability and Accountability Act (HIPAA)
C. General Data Protection Regulation (GDPR)
D. Federal Information Security Management Act (FISMA) - Answers -C. General Data
Protection Regulation (GDPR)

In Mobile IP, what term describes a device that would like to communicate with a mobile
node (MN)?
A. Correspondent node (CN)
B. Foreign agent (FA)
C. Home agent (HA)
D. Care of address (COA) - Answers -A. Correspondent node (CN)

,Which of the following enables businesses to transform themselves into an Internet of
Things (IoT) service offering?
A. Store-and-forward communications
B. Remote sensoring
C. Real-time tracking and monitoring
D. Anything as a Service (AaaS) delivery model - Answers -D. Anything as a Service
(AaaS) delivery model

Which of the following is an example of a business-to-consumer (B2C) application of the
Internet of Things (IoT)?
A. Video conferencing
B. Traffic monitoring
C. Health monitoring
D. Infrastructure monitoring - Answers -C. Health monitoring
Which of the following is an example of a direct cost that might result from a business
disruption?
A. Lost market share
B. Damaged reputation
C. Facility repair
D. Lost customers - Answers -C. Facility repair

What is the main purpose of risk identification in an organization?
A. To create a disaster recovery plan (DRP)
B. To create a business continuity plan (BCP)
C. To understand threats to critical resources
D. To make the organization's personnel aware of existing risk - Answers -D. To make
the organization's personnel aware of existing risk

What is not a commonly used endpoint security technique?
A. Full device encryption
B. Network firewall
C. Application control
D. Remote wiping - Answers -B. Network firewall

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will
handle credit card transactions. Which one of the following governs the privacy of
information handled by those point-of-sale terminals?
A. Health Insurance Portability and Accountability Act (HIPAA)
B. Payment Card Industry Data Security Standard (PCI DSS)
C. Federal Information Security Management Act (FISMA)
D. Federal Financial Institutions Examination Council (FFIEC) - Answers -B. Payment
Card Industry Data Security Standard (PCI DSS)

Aditya recently assumed an information security role for a financial institution located in
the United States. He is tasked with assessing the institution's risk profile and

, cybersecurity maturity level. What compliance regulation applies specifically to Aditya's
institution?
A. FFIEC
B. FISMA
C. PCI DSS
D. HIPAA - Answers -A. FFIEC

What is the first priority when responding to a disaster recovery effort?
A. Ensuring that everyone is safe
B. Determining the cause of the event
C. Communicating with all affected parties
D. Following the disaster recovery plan (DRP) - Answers -A. Ensuring that everyone is
safe

Which of the following is not true of gap analysis?
A. One important aspect of a gap analysis is determining the cause of the gap.
B. The difference between the security controls that are in place and the controls that
are necessary to address all vulnerabilities is called the security gap.
C. A gap analysis can be performed only through a formal investigation.
D. Threats that you do not address through at least one control indicate gaps in the
security. - Answers -C. A gap analysis can be performed only through a formal
investigation.

As a follow-up to her annual testing, Isabella would like to conduct quarterly disaster
recovery tests. These tests should include role-playing and introduce as much realism
as possible without affecting live operations. What type of test should Isabella conduct?
A. Parallel test
B. Structured walk-through
C. Checklist test
D. Simulation test - Answers -D. Simulation test

What firewall approach is shown in the figure, assuming the firewall has three network
cards?
A. Screened subnet
B. Bastion host
C. Unified threat management
D. Border firewall - Answers -A. Screened subnet

What network port number is used for unencrypted web-based communication by
default?
A. 3389
B. 443
C. 80
D. 143 - Answers -C. 80

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

76800 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.49
  • (0)
  Add to cart