CISC 2820W EXAM ACTUAL QUESTIONS

CISC 2820W EXAM (ACTUAL / ) QUESTIONS &

VERIFIED ANSWERS

Risk Assessment - --Answers---The process of assessing security-related risks to an organization's computers and networks from both internal and external threats.

Rootkit - --Answers---A set of programs that enables its user to gain administrator-level access to a computer without the end user's consent or knowledge.

Security Audit - --Answers---An evaluation of whether an organization has a well-considered security policy in place and if it is being followed.

Security Policy - --Answers---An organization's security requirements, as well as the controls and sanctions needed to meet those requirements.

Smishing - --Answers---Another variation of phishing that involves the use of texting.Cyberterrorism - --Answers---The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, 1 / 3

transportation, financial, law enforcement, and emergency response) to achieve political, religious, or ideological goals.

Department of Homeland Security (DHS) - --Answers---A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a "safer, more secure America, which is resilient against terrorism and other potential threats."

Disaster Recovery Plan - --Answers---A documented process for recovering an organization's business information system assets—including hardware, software, data, networks, and facilities— in the event of a disaster.

Distributed Denial-of-Service (DDoS) Attack - --Answers--- An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.

Encryption Key - --Answers---A value that is applied (using an algorithm) to a set of unencrypted text (plaintext) to produce encrypted text that appears as a series of seemingly random characters (ciphertext) that is unreadable by those without the encryption key needed to decipher it.

Exploit - --Answers---An attack on an information system that takes advantage of a particular system vulnerability.

• / 3

Intrusion Detection System (IDS) - --Answers---Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.

Logic Bomb - --Answers---A type of Trojan horse malware that executes when it is triggered by a specific event or at a predetermined time.

Managed Security Service Provider (MSSP) - --Answers---A company that monitors, manages, and maintains computer and network security for other organizations.

Mission-Critical Process - --Answers---Business processes that are more pivotal to continued operations and goal attainment than others.

Next-Generation Firewall (NGFW) - --Answers---A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

Phishing - --Answers---The act of fraudulently using email to try to get the recipient to reveal personal data.

Reasonable Assurance - --Answers---A concept in computer security that recognizes that managers must use their

• / 3