הכנה למבחן בניהול אבטחת מידע

A main objective of awareness training is

1

שאלה #15639

		Provide understanding of responsibilities
		Entertaining the users through creative programs
		Overcoming all resistance to security procedures
		To be repetitive to ensure accountability

All employees must understand their basic security responsibilities.

מיין לפי

What is a primary target of a person employing social engineering?

1

שאלה #15640

		An individual
		A policy
		Government agencies
		An information system

Social engineering deals with individual dynamics as opposed to group dynamics, as the primary targets are help desks and/or administrative or technical support people.

מיין לפי

Social engineering can take many forms EXCEPT

1

שאלה #15641

		Dumpster diving
		Coercion or intimidation
		Sympathy
		Eavesdropping

An effective countermeasure is to have very good, established information security policies that are communicated across your organization.

מיין לפי

Incident response planning can be instrumental in

1

שאלה #15642

		Meeting regulatory requirements
		Creating customer loyalty
		Reducing the impact of an adverse event on the organization
		Ensuring management makes the correct decisions in a crisis

The goals of a well-prepared incident response team are to detect potential information security breaches and provide an effective and efficient means of dealing with the

מיין לפי

Two types of covert channels are storage based or:

1

שאלה #15652

		Accidental
		Timing
		Cooperative
		Malicious

Timing channel — using timing of occurrences of an activity to transfer information in an unintended manner. Saturating or not saturating a communications path in a timed fashion can transfer information to a receiver observing the communication path in synchronism with the sender.

מיין לפי

Daniel Margalit 0 נקודות · יותר מ-6 חודשים

מוניטין: 515

The TCSEC defines two kinds of covert channels: Storage channels - Communicate by modifying a "storage location", such as a hard drive. Timing channels - Perform operations that affect the "real response time observed" by the receiver.

Data remanence is:

1

שאלה #15653

		When residual data remains on a storage medium following degaussing
		The permanence of the data resisting accidental deletion
		Data that exceeds the boundaries of its memory buffers
		The process of overwriting data

When some data, after the magnetic media is written over or degaussed, still remains on the magnetic media.

מיין לפי

Internal intruders are NOT usually defined as:

1

שאלה #15654

		Authorized users exceeding their authority
		Persons who have defeated the physical access controls of a facility
		Employees gaining access to controlled areas
		Users who access unintended areas of the network

Authorized users trying to gain access to data or resources beyond their need-to-know or access limitations. Authorized users trying to gain unauthorized physical access to network connections, server equipment, etc.

מיין לפי

How might an attacker with little systems experience gain privileged systems access?

1

שאלה #15655

		Dictionary attack
		Brute-force attack
		Birthday attack
		Shoulder-surfing attack

Shoulder-surfing , the process of direct visual observation of monitor displays to obtain access to sensitive information.

מיין לפי

Which of the following is NOT a characteristic of a virus?

1

שאלה #15656

		Its primary effect is to consume system resources.
		It may or may not carry a malicious payload.
		It spreads through user action.
		It attaches itself to executable code.

Worms usually do not cause damage to data; instead, the worm absorbs the network’s resources causing the damage.

מיין לפי

Requiring approval before granting system access would be:

1

שאלה #15657

		A physical control
		A logical control
		A compensating control
		An administrative control

Administrative controls consist of management activities such as organizational policies and procedures.

מיין לפי

הכנה למבחן בניהול אבטחת מידע

Discuss, Learn and be Happy דיון בשאלות

A main objective of awareness training is

What is a primary target of a person employing social engineering?

Social engineering can take many forms EXCEPT

Incident response planning can be instrumental in

Two types of covert channels are storage based or:

Data remanence is:

Internal intruders are NOT usually defined as:

How might an attacker with little systems experience gain privileged systems access?

Which of the following is NOT a characteristic of a virus?

Requiring approval before granting system access would be:

בקשה לשינוי התשובה / תיקון שאלה gavel

בקשה למחיקת השאלהmood_bad

בקשה לשינוי התשובה / תיקון שאלה

בקשה למחיקת השאלה