Information Technology Reference
In-Depth Information
1.
Which of the follow ing security legislation applies protection for credit card
holder data?
a.
SOX
b.
GLBA
c.
HIPAA
d.
PCI DSS
2.
What classification of security threat gathers information about the target host?
a.
Gaining unauthorized access
b.
Reconnaissance
c.
Denial of service
d.
None of the above
3.
What type of security threat works to overwhelm network resources such as mem-
ory, CPU, and bandwidth?
a.
Denial of service
b.
Reconnaissance
c.
Gaining unauthorized access
d.
NMAP scans
4.
What is it called when attackers change sensitive data without proper authorization?
a.
VLAN filtering
b.
ACLs
c.
Integrity violations
d.
Loss of availability
5.
What security document focuses on the processes and procedures for managing net-
work events in addition to emergency-type scenarios?
a.
Acceptable-use policy
b.
Incident-handling policy
c.
Network access control policy
d.
Security management policy
6.
Which of the follow ing should be included in a security policy? (Select all that apply.)
a.
Identification of assets
b.
Definition of roles and responsibilities
c.
Description of permitted behaviors
d.
All of the above
