QUESTION: 194

Which of the following is used by attackers to record everything a person types, including usernames, passwords, and account information?

Packet sniffing
Keystroke logging
Spoofing
Wiretapping

Answer(s): B

Explanation:

Keystroke logging is used by attackers to record everything a person types, including usernames, passwords, and account information. Keystroke logging is a method of logging and recording user keystrokes. It can be performed with software or hardware devices. Keystroke logging devices can record everything a person types using his keyboard, such as to measure employee's productivity on certain clerical tasks. These types of devices can also be used to get usernames, passwords, etc. Answer D is incorrect. Wiretapping is used to eavesdrop on voice calls. Eavesdropping is the process of listening in on private conversations. It also includes attackers listening in on network traffic. Answer C is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected. Answer A is incorrect. Packet sniffing is a process of monitoring data packets that travel across a network. The software used for packet sniffing is known as sniffers. There are many packet-sniffing programs that are available on the Internet. Some of these are unauthorized, which can be harmful for a network's security.

Reveal Solution Next Question

QUESTION: 195

Which of the following policies can explain how the company interacts with partners, the company's goals and mission, and a general reporting structure in different situations?

Informative
Advisory
Selective
Regulatory

Answer(s): A

Explanation:

An informative policy informs employees about certain topics. It is not an enforceable policy, but rather one to teach individuals about specific issues relevant to the company. The informative policy can explain how the company interacts with partners, the company's goals and mission, and a general reporting structure in different situations. Answer D is incorrect. A regulatory policy ensures that an organization follows the standards set by specific industry regulations. This type of policy is very detailed and specific to a type of industry. The regulatory policy is used in financial institutions, health care facilities, public utilities, and other government-regulated industries, e.g., TRAI. Answer B is incorrect. An advisory policy strongly advises employees regarding which types of behaviors and activities should and should not take place within the organization. It also outlines possible ramifications if employees do not comply with the established behaviors and activities. The advisory policy can be used to describe how to handle medical information, handle financial transactions, and process confidential information. Answer C is incorrect. It is not a valid type of policy.

Reveal Solution Next Question

QUESTION: 196

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

Single Loss Expectancy (SLE)
Annualized Rate of Occurrence (ARO)
Safeguard
Exposure Factor (EF)

Answer(s): B

Explanation:

The Annualized Rate of Occurrence (ARO) is a number that represents the estimated frequency at which a threat is expected to occur. It is calculated based upon the probability of the event occurring and the number of employees that could make that event occur. Answer D is incorrect. The Exposure Factor (EF) represents the % of assets loss caused by a threat. The EF is required to calculate the Single Loss Expectancy (SLE). Answer A is incorrect. The Single Loss Expectancy (SLE) is the value in dollars that is assigned to a single event. SLE = Asset Value ($) X Exposure Factor (EF) Answer C is incorrect. Safeguard acts as a countermeasure for reducing the risk associated with a specific threat or a group of threats.

Reveal Solution Next Question

QUESTION: 197

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

Conduct validation activities.
Execute and update IA implementation plan.
Combine validation results in DIACAP scorecard.
Conduct activities related to the disposition of the system data and objects.

Answer(s): A,B,C

Explanation:

The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the United States Department of Defense (DoD) for managing risk. The subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process are as follows: Execute and update IA implementation plan. Conduct validation activities. Combine validation results in the DIACAP scorecard. Answer D is incorrect. The activities related to the disposition of the system data and objects are conducted in the fifth phase of the DIACAP process. The fifth phase of the DIACAP process is known as Decommission System.

Reveal Solution Next Question

Free CSSLP Exam Braindumps (page: 48)

QUESTION: 194

Explanation:

QUESTION: 195

Explanation:

QUESTION: 196

Explanation:

QUESTION: 197

Explanation: