User Account

All Pages

Which of the following reflect good uses of application host

Assignment Help Management Information Sys
Reference no: EM132166010

Question 1

Malicious cyber activity directed at private and public entities can manifest itself in which of the following ways?

Denial of service through DOS attacks, and data and property destruction.

Business disruption (sometimes for the purpose of collecting ransoms) and theft of proprietary data.

Theft or corruption of intellectual property, and sensitive financial and strategic information.

All of the above.

Question 2

A cyber activity is considered malicious when it compromises at least one component of what is known as the "CIA triad": confidentiality, integrity, and availability.

True
False

Question 3

A DOS attack which interferes with a firm's web-based services is categorized as an attack on availability.

True
False

Question 4

A cyber-theft of funds from a bank's customer account is considered an attack on confidentiality.

True
False

Question 5

A cyber-enabled theft of the personally identifiable information (PII) of a firm's customers or employees compromises data confidentiality.

True
False

Question 6

A basic conceptual framework that describes the functions of a networking or telecommunications system is referred to as the Open Systems Interconnection (OSI) model.

True
False

Question 7

The TCP/IP model has become the defacto standard for real-world implementation of networking.

True
False

Question 8

Network Analysis uses the Signature Analysis method for the following action(s)

Testing

Hunting

Campaign Detection

All of the responses

Question 9

In general, a Network Forensic Examination includes the following steps, in the following order:

Incident response, identification, preservation, collection, examination, analysis, presentation

Identification, preservation, collection examination, analysis, presentation, Incident Response

Identification, presentation, collection, examination, analysis, preservation, incident response.

Analysis, collection, examination, Identification, Incident Response, presentation, preservation

Question 10

Network behavior analysis (NBA) helps in enhancing network safety by monitoring traffic and noting unusual activity or departures from a normal network operation.

True
False

Question 11

Under GDPR, a controller is the entity that determines the purposes, conditions and means of the processing of personal data.

True
False

Question 12

The eHIPAA Privacy Rule defines "covered entities" as which of the following:

Health plans

Health care providers

Health care services

All of the above

Question 13

The first step in the Configuration Management Process is

Detail design and development phase

Preliminary design phase

Conceptual design phase

Production and construction phase

Question 14

Under GLBA, financial institutions must provide their clients a privacy notice that explains the following:

What information the company gathers about the client

Where this information is shared

How the company safeguards that information

All of the above

Question 15

NIST 800-53, rev 4 provides a catalog of security and privacy controls for federal information systems which federal agencies implement as part of an organization-wide process that manages information security and privacy risk.

True
False

Question 16

GDPR enhanced individual control over the use of personal data by introducing two new rights - the right to be forgotten and the right to data portability.

True
False

Question 17

The HIPAA Security Rule requires covered entities to do all of the following, except:

Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit

Protect against reasonably anticipated, impermissible uses or disclosures

Identify and protect against every possible identified threats to the security or integrity of the information

Ensure compliance by their workforce

Question 18

Which of the following reflect good uses of application hosting?

Applications available only internally in the organizations

Applications that format data for display

Shopping cart services

Email services

A and B

C and D

Question 19

Application hosting is also commonly called SAAS, or software as a service.

True
False

Question 20

The use of duplicate servers as a deception strategy is simplified when the organization utilizes DHCP.

True
False

Question 21

The term "protected element" refers to a proxy's network clients or servers.

True
False

Question 22

Several benefits of using a honeypot or honeynet include.

Deception and frustration of an attacker.

the ability to study an attacker.

Little initial work because one can use the default parameters for deception

Determined attackers are generally slow to recognize honeypots or honeynet.

A and B

C and D

All of the above

Question 23

Datagrams, used in UDP transfers, help guarantee the accuracy of data being transmitted and are commonly used when ensure that data is transmitted correctly

True
False

Question 24

TCP transmissions are usually referred to as "packets" as distinguished from "datagrams."

True
False

Question 25

Information transmitted in segments is referred to as a "packet" of a "datagram" depending on where it is travelling

True
False

Question 26

A "datagram" can include the following: IP header fields, TCP header fields, UDP header fields, AH header fields and ESP psychic connections.

True
False

Question 27

The term "protected element" refers to a proxies network clients or servers.

True
False

Question 28

Which of the following is NOT an advantage ?

Login failures track would-be attackers

Login timeouts after several failed attempts block and thwart repeated attacks by an attacker

Login failure documentation helps systems administrators target needed changes to storage and access mechanisms.

Multiple login failures indicate thwarted attacks and mean the system is worry-free.

Question 29

Proxies inspect outside traffic before it passes into internal systems

True
False

Question 30

A stateful router is one that remembers common and accepted paths for reconnection and will not suffer from a query overload.

True
False

Question 31

A host's defense against an exploiter's asymmetric advantage includes which of the following (Choose all that apply):

Defenders choose what systems to run

Defenders choose how to connect systems

Defenders generally maintain the default settings on vendor devices

Defenders choose which policies to implement

Question 32

Which one of the following is a disadvantage of mathematical mode.

Mathematical models are clear and unambiguous

Mathematical models can address every predictable human variation and situation

Mathematical models are static and do not need revision over time

Mathematical models permit infinite complexity

Question 33

What features of application-level proxies make them more vulnerable to adversaries, and what are ways to mitigate them?

Question 34

Match the model to its description

Biba Model

Bell-LaPadula

Chinese Wall

Integrity Model

a. Identifies both (i) confidential information (e.g., files and documents) and (ii) users permitted to access each type of confidential information, and defines access to permit only those users from accessing information for which they have confidential privileges. is specifically used when an organization has two or more projects or sets of documents that are highly confidential and for which exposure to members of the other team could competitive or ethical conflict. It is commonly used to describe information barriers within businesses and law firms that are created to prevent exchanges, sharing of information or other communications that could lead to conflicts of interest.

b. Systems or rules or procedures that are used to help ensure that data is not modified, accessed, destroyed or otherwise compromised or misused by persons who should not have the proper level of access.

c. Data and system integrity model using both mandatory and discretionary components for enforcing access control, and uses an algebraic formula to express its enforcement. It is more common in government and military applications. Each object (e.g., program, machine, document) is given a label assigning it a confidentiality level. Each subject (user) is given a clearance level. No subject can access an object with a classification level higher than the subject's clearance. No subject may write down to an object with a classification level lower than the confidentiality level of the subject.

d. Formal state mandatory integrity modelling system that describes a set of access control rules. These rules are designed and enforced to protect data integrity, and assign an integrity class and rating to each object (data). Data and subjects (users) are grouped into ordered levels of integrity, such as "user" and "administrator." This model tends to use only a few classifications and classifications cannot be changed by the system once set, although an object can be duplicated and assigned a new integrity level.

Question 35

You have been hired to organize a new network which will be accessible to attack from outside users, what are two deception strategies you can use to mitigate these attacks and why are they effective?

Question 36

You have been hired by a company whose former employee stole then deleted all user passwords. They do not wish to suffer this type of loss again. What do you tell them to do?

Question 37

Basic factors for authentication include

What the subject knows

What the subject has

What the subject is

Where the subject is

All of the above

None of the above

A,B,C

Question 38

Which of the following are examples of multi-factor authentication:

Combining a password with the subject's mother's maiden name

Combining a password with the subject's place of birth

Combining a password with the subject's fingerprint

Combining a password with a security token

None of the above

All of the above

A and B

C and D

Question 39

CAPTCHA is an authentication method that demonstrates:

What a subject knows

Where a subject is

What the subject is

Whether the subject is authorized to access the network

Question 40

What is Role-Based Access Control ("RBAC")? Is it a good approach? Advantages? Disadvantages?

Question 41

Common change management drivers include which of the following:

Technology evolution

Consumer habit changes

Pressure from new business entrants

All of the above

Question 42

What is Change Management? What is Configuration Management? How are they different?

Question 43

How would you document Change Management?

Question 44

Compare and contrast: Privacy and Security

Question 45

HIPAA relates to what industry?

Financial, i.e., banks, investment houses, lenders

Education

Manufacturing

Healthcare

Question 46

Gramm-Leach-Bliley relates to what kind of information?

non-public financial information

personnel records

educational records

medical records

Question 47

FERPA applies to which entities?

Healthcare professionals and business associates

educational agencies and institutions that receive funds under any program administered by the Department of Education

Banks and other financial institutions

Manufacturers of internet-connected devices

Question 48

What is the best way to mitigate liability from a network breach?

Faithfully execute your restoration and remediation plan

Lobby your regulatory agency for minimal fines

Blame a third party for the breach

None of the above

Question 49

Discuss the sources of liability that may arise after a network breach. Consider whether liability may arise from harm to customers, violation of laws or rules. Bonus for specific industry focus.

Question 50

A PIA stands for

Private Industry Assessment

Privacy Industry Assessment

Privacy Impact Assessment

Privacy Impact Analysis

Question 51

The Privacy Act determined that policy guidance, assistance and oversight of implementation of the Act is provided by the Office of Management and Budget (OMB)

True
False

Question 52

What is FOIA?

Federal Organization Information Act

Freedom of Information Act

Federation of Information Act

Federal Organization Information Agreement

Question 53

NIST issues Special Publications to provide guidance for federal information systems.

True
False

Question 54

Federal agencies have adopted a risk-based approach to operating their agency's information security systems and they rely on the ATO process to accomplish this. Briefly explain the ATO process.

Question 55

NIST has developed information security standards such as Federal Information Processing Standards (FIPS), which are mandatory for the Federal agencies to follow. FIPS 200 is used to determine the system impact level, based on the categorization. FIPS 200 established a "high water mark" as the highest potential impact value assigned to each security objective for each type of information resident on those information systems. Explain what that means and provide an example of your analysis.

Reference no: EM132166010

Questions Cloud

Describe contingency plan : Quality is the degree to which a product of service fulfils requirements and provides value for its price - Discuss.
What is virtual desktop infrastructure : Write a 2 page paper that focuses on the following questions concerning Virtual Desktop Infrastructure (VDI): What is Virtual Desktop Infrastructure (VDI)?
Brief statement describing IT acquisition : Write a brief statement describing an IT acquisition by an organization about which you have knowledge.
Discuss how to access team productivity : Discuss how to access team productivity: What conditions need to be in place for teams to excel and why? Suggestion ways to design teamwork so that threats.
Which of the following reflect good uses of application host : Malicious cyber activity directed at private and public entities can manifest itself in which of the following ways?
What are some errors that an interviewer may commit : What are some errors that an interviewer may commit? Describe them and any potential legal implications of committing these errors.
Fellow team members handle social loafing teammates : Share an example, where you experienced social loafing. How might the leader or fellow team members handle social loafing teammates?
Prepare a report to Victoria Lao : Mini case - Victoria's Equipment Manufacturing Ltd. You are to prepare a report to Victoria Lao, President of VEM, covering the given two scenarios
Decide how your organization should house the backups : Your organization has approximately 10TB of data, and you need to decide if your organization should have on-site or offsite tape storage.

Reviews

Write a Review

Management Information Sys Questions & Answers

  How the issue is addressed from an international perspective

ITM 517- Discuss in great depth the politics/legislation perspective in this issue. Suggest solutions to address the politics/legislation perspective in this issue. Discuss how the issue is addressed from an international perspective.

  Who would you recommend to be on the acceptance testing team

Who would you recommend to be on the acceptance testing team? Describe two or three alternatives solutions that should be considered.

  Compare the three top browsers chrome ms ie and

compare the three top browsers chrome ms ie and firefoxthere are multiple internet browsers available today and many

  How you may use the project control panel to communicate

Describe how you may use the project control panel to communicate with different project stakeholders. Include an example to support your response.

  Explain the advantages of virtualization

Explain the connection between IT infrastructure and business capabilities? Explain the advantages of virtualization over using physical resources for organizations?

  Information systems cannot solve every business challenge

Show the Information systems cannot solve every business challenge.

  Discuss the evolution of information technology

Research, identify and discuss the evolution of Information Technology and the impact it has had on businesses

  The effect of the industrial revolution on our society today

Technology helped to cause the Industrial Revolution. Explain the effects of the Industrial Revolution on our society today.

  Give the case background and organizational environment

The case presented in Module 3 is another real-world situation using advancements in technology to improve health care and IT governance.

  Information systems life cycle-time codingapply the

information systems life cycle-time codingapply the information systems life cycle to a business converting from a

  Write an introductory statement of the company

Determine at least five (5) information technology personnel / roles that would be in place in order to start the business venture of gaining better traction.

  Where do you see business intelligence ten years from

Where do you see Business Intelligence and related technology 5 or 10 years from? What new technologies are being developed in the computer industry and how can those technologies be utilized for business and process analysis?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd