Set 4
Click anywhere on the flashcard to reveal the answer.
Which system migration method is the riskiest?
Direct cutover or abrupt cutover
What is the greatest concern about direct cutover?
Lack of a backup plan
What is the objective of the post-implementation review?
1. To determine the extent to which a project meets its objective and addresses the originally defined requirements
2. To conduct a cost-benefit analysis and work out the return on investment
3. To determine the lessons learned from this project for the improvement of future projects
What is a major concern about the use of open source software?
Non-adherence to terms and conditions for the use of open source software
What is the best method to prevent the reoccurrence of an incident?
Root cause analysis
The procedure that restores a system to its prior state is known as:
The backout procedure
What are the best practices for wireless security?
1. Enable MAC filtering
2. Enable encryption
3. Disabling SSID
4. Disabling DHCP
Which technique is used by a hacker to search for wireless networks from a moving car or vehicle by using hacking tools and software? (The same technique is used by an IS auditor to test the security of wireless networks.)
Wardriving
Which protocol automatically assigns an IP address to each device connected to the network?
Dynamic Host Control Protocol (DHCP)
What is the objective of web and email filtering tools?
To prevent viruses, malware, and spam
What is the best method for ensuring email authenticity?
A digital signature
Which technique is used to obtain passwords without technical tools or programs?
Social engineering
What is the most effective way to minimize the impact of social engineering attacks?
Security awareness training
The risk of a phishing attack can be best addressed with:
User education
What is the best way to reduce the risk of shoulder surfing?
The password screen should be masked.
Which technique is used to test wireless security?
Wardriving
In which type of attack are computers used as zombies to perform DDOS, spam, or other kinds of attacks?
Botnet
What is the primary risk that arises due to poor programming and coding practices?
Buffer overflow
What kind of penetration testing indicates a real kind of attack and determines the incident response capability of the target?
Double-blind testing
A setup to capture information pertaining to an intruder in order to proactively strengthen security controls is known as what?
A honeypot
What is the first action performed by an intruder/attacker in preparation for a system attack?
To gather information
A plan to detect and recover from an attack is known as:
An incident response plan
What is the primary objective of having uniform time across all devices?
It supports incident investigation.
What is the most important aspect of forensic investigations that will potentially involve legal action?
Chain of custody
What is the primary purpose of maintaining incident history?
To track and record the progress of the incident handling process