CIS 560 all quizes and exams with answers
100% correct
1. What name is given to a method of developing software that is based on small project
iterations, or sprints, instead of long project schedules?
baseline
waterfall model
agile development
sprint
2. The term cloud computing refers to the practice of using computing services that are delivered
over a network.
True
False
3. Disaster refers to the amount of harm a threat can cause by exploiting a vulnerability.
True
False
4. What is meant by application convergence?
A basic digital signaling rate that corresponds to one voice-frequency-equivalent channel.
Although the true data rate for DS0 is 64 k bit/s, the effective data rate for a single voice channel
when using DS0 is 56 k bit/s.
The integration of applications to enhance productivity. Unified communications is an
example of application convergence. Unified communications integratesrecorded voice
messages into e-mail so that voice messages are retrievable via e-mail.
An attack that uses ping or ICMP echo-request, echo-reply messages to bring down the
availability of a server or system. DDoS attacks initiate from more than one host device.
A term used to describe streamlining processes with automation or simplified steps.
, CIS 560 all quizes and exams with answers
100% correct
5. The world needs people who understand computer-systems and who can protect
computers and networksfrom criminals and terrorists.
applications
connectivity
security
integrity
6. Security controls do not need to be implemented to secure VoIP and SIP on LANs andWANs.
True
False
9. What name is given to a comparison of security controls in place and the controls that are
needed to address all identified threats?
risk methodology
gap analysis
exposure factor (EF)
qualitative risk analysis
10. The goal and objective of a is to provide a consistent definitionfor how an
organization should handle and secure different types of data.
business continuity plan (BCP)
policy
business impact analysis (BIA)
data classification standard
11. What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to
bring down the availability of a server or system?
denial of service (DoS)
12. A time-based synchronization system is a mechanism that limits access to computer systems
and network resources.
True
False
13. Many jurisdictions require audits by law.
True
, CIS 560 all quizes and exams with answers
100% correct
False
14. Which of the following is the definition of false negative?
The process of gathering the wrong information.
Incorrectly identifying abnormal activity as normal.
Analysis of activity as it is happening.
A method of security testing that isn’t based directly on knowledge of a program’sarchitecture.
15. An organization can choose to plan for any interruption time frame, but in many BIAs,
restoration plans assume that access to primary resources will not be possible for at least 60 days.
True
False
16. What term is used to describe a reconnaissance technique that enables an attacker to use port
mapping to learn which operating system and version arerunning on a computer?
false negative
operating system fingerprinting
Security Information and Event Management (SIEM) system
network mapping
17. War dialers are becoming more frequently used given the rise of digitaltelephony and now IP
telephony or Voice over IP (VoIP).
True
False
18. The in analog communications is one error for every 1,000 bits sent; in digital
communications, the is one error for every 1,000,000 bits sent.
bit error rate
19. The annual probability that a stated threat will be realized is called a security gap.
True
False
20. What term is used to describe something builtin or used in a system to address gaps or
weaknesses in the controls that could otherwise lead to an exploit?
safeguard
, CIS 560 all quizes and exams with answers
100% correct
countermeasure
technical control
detective control
21. What is meant by gray-box testing?
Any activities designed to reduce the severity of a vulnerability or remove it altogether.
Security testing that is based on limited knowledge of an application’s design.
A technique of matching network traffic with rules or signatures based on the appearance of the
traffic and its relationship to other packets.
Analysis of activity as it is happening.
22. A compliance liaison works with each department to ensure that it understands, implements,
and monitors compliance in accordance with the organization’s policies.
True
False
23. As users upgrade LANs to GigE or 10GigE, switches must support and data IP
traffic.
voice
communications
multimodal communications
networks
24. The term asynchronous token refers to an authentication token used to process challenge-
response authentication with a server. The token takes the server’s challenge value and calculates
a response. The user enters the response to authenticate a connection.
True
False
25. When voice signals converted from analog to digital, voice and data communications could
travel on a different circuit.
True
False
100% correct
1. What name is given to a method of developing software that is based on small project
iterations, or sprints, instead of long project schedules?
baseline
waterfall model
agile development
sprint
2. The term cloud computing refers to the practice of using computing services that are delivered
over a network.
True
False
3. Disaster refers to the amount of harm a threat can cause by exploiting a vulnerability.
True
False
4. What is meant by application convergence?
A basic digital signaling rate that corresponds to one voice-frequency-equivalent channel.
Although the true data rate for DS0 is 64 k bit/s, the effective data rate for a single voice channel
when using DS0 is 56 k bit/s.
The integration of applications to enhance productivity. Unified communications is an
example of application convergence. Unified communications integratesrecorded voice
messages into e-mail so that voice messages are retrievable via e-mail.
An attack that uses ping or ICMP echo-request, echo-reply messages to bring down the
availability of a server or system. DDoS attacks initiate from more than one host device.
A term used to describe streamlining processes with automation or simplified steps.
, CIS 560 all quizes and exams with answers
100% correct
5. The world needs people who understand computer-systems and who can protect
computers and networksfrom criminals and terrorists.
applications
connectivity
security
integrity
6. Security controls do not need to be implemented to secure VoIP and SIP on LANs andWANs.
True
False
9. What name is given to a comparison of security controls in place and the controls that are
needed to address all identified threats?
risk methodology
gap analysis
exposure factor (EF)
qualitative risk analysis
10. The goal and objective of a is to provide a consistent definitionfor how an
organization should handle and secure different types of data.
business continuity plan (BCP)
policy
business impact analysis (BIA)
data classification standard
11. What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to
bring down the availability of a server or system?
denial of service (DoS)
12. A time-based synchronization system is a mechanism that limits access to computer systems
and network resources.
True
False
13. Many jurisdictions require audits by law.
True
, CIS 560 all quizes and exams with answers
100% correct
False
14. Which of the following is the definition of false negative?
The process of gathering the wrong information.
Incorrectly identifying abnormal activity as normal.
Analysis of activity as it is happening.
A method of security testing that isn’t based directly on knowledge of a program’sarchitecture.
15. An organization can choose to plan for any interruption time frame, but in many BIAs,
restoration plans assume that access to primary resources will not be possible for at least 60 days.
True
False
16. What term is used to describe a reconnaissance technique that enables an attacker to use port
mapping to learn which operating system and version arerunning on a computer?
false negative
operating system fingerprinting
Security Information and Event Management (SIEM) system
network mapping
17. War dialers are becoming more frequently used given the rise of digitaltelephony and now IP
telephony or Voice over IP (VoIP).
True
False
18. The in analog communications is one error for every 1,000 bits sent; in digital
communications, the is one error for every 1,000,000 bits sent.
bit error rate
19. The annual probability that a stated threat will be realized is called a security gap.
True
False
20. What term is used to describe something builtin or used in a system to address gaps or
weaknesses in the controls that could otherwise lead to an exploit?
safeguard
, CIS 560 all quizes and exams with answers
100% correct
countermeasure
technical control
detective control
21. What is meant by gray-box testing?
Any activities designed to reduce the severity of a vulnerability or remove it altogether.
Security testing that is based on limited knowledge of an application’s design.
A technique of matching network traffic with rules or signatures based on the appearance of the
traffic and its relationship to other packets.
Analysis of activity as it is happening.
22. A compliance liaison works with each department to ensure that it understands, implements,
and monitors compliance in accordance with the organization’s policies.
True
False
23. As users upgrade LANs to GigE or 10GigE, switches must support and data IP
traffic.
voice
communications
multimodal communications
networks
24. The term asynchronous token refers to an authentication token used to process challenge-
response authentication with a server. The token takes the server’s challenge value and calculates
a response. The user enters the response to authenticate a connection.
True
False
25. When voice signals converted from analog to digital, voice and data communications could
travel on a different circuit.
True
False
