Quizzes Part 2

Card Set Information

Author:
slmckissack
ID:
296192
Filename:
Quizzes Part 2
Updated:
2015-02-20 15:19:04
Tags:
Quizzes Part
Folders:
Quizzes Part 2
Description:
Quizzes Part 2
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user slmckissack on FreezingBlue Flashcards. What would you like to do?


  1. A user enters a username and password to a standard login function. What process is taking place?
    A. Digital Signature
    B. Single-factor authentication
    C. Two-factor authentication
    D. Multifactor Authentication
    B. Single-factor authentication
    (this multiple choice question has been scrambled)
  2. Which of the elements in the CIA triad provides that data are only accessible by appropriate, authorized, and trusted users.
    A. Authentication
    B. Confidentiality
    C. Integrity
    D. Availability
    B. Confidentiality
    (this multiple choice question has been scrambled)
  3. What is the category of devices that uniquely identify people through their physiological or behavioral traits?
    A. Security Tokens
    B. Smart Cards
    C. Personal Identification Verification (PIV) card
    D. Biometrics
    Biometrics
  4. What is the correct order of access control processes?
    A. Authentication, Identification, Authorization
    B. Authentication, Authorization, Identification
    C. Authorization, Authentication, Identification
    D. Identification, Authorization, Authentication
    A. Authentication, Identification, Authorization
    (this multiple choice question has been scrambled)
  5. What is the client/server authentication protocol that provides mutual authentication capabilities?
    A. SSL
    B. Kerberos
    C. SSH
    D. IPSec
    B. Kerberos
    (this multiple choice question has been scrambled)
  6. What principle of internal limits users or groups to only the objects and resources they require to preform their duties?
    A. Principle of Least Privilege
    B. Access Control
    C. Separation of duties
    D. Authentication
    A. Principle of Least Privilege
    (this multiple choice question has been scrambled)
  7. The ACL statement "access-list 10 deny any" is an example of what type of access control policy?
    A. Implicit Deny
    B. Implicit permit
    C. Explicit Permit
    D. Explicit Deny
    A. Implicit deny
    (this multiple choice question has been scrambled)
  8. What type of access control policy limits requesters to only the privilege and permissions associated with the performance of their job function?
    A. Discretionary access control
    B. Rules-based access control
    C. Role-based access control
    D. Mandatory access control
    C. Role-based access control
    (this multiple choice question has been scrambled)
  9. What internal control principle is intended to prevent theft and misappropriation, and limit access to secured objects?
    A. Separation of duties
    B. Mandatory access control
    C. Single sign on
    D. Two-signature authorization
    A. Separation of duties
    (this multiple choice question has been scrambled)
  10. What international standard defines a security specification for operating systems and access control?
    A. Common Criteria
    B. OTP
    C. OSI
    D. RFID
    A. Common Criteria
    (this multiple choice question has been scrambled)
  11. What security authorization policy should be applied to ensure that new users are limited to only the rights needed to perform their assigned duties?
    A. Principle of adequate privilege
    B. Password expiration
    C. Principle of least privilege
    D. Principle of most privilege
    C. Principle of least privilege
    (this multiple choice question has been scrambled)
  12. If you're using username and password authentication, which of the following should you work to avoid.
    A. Weak passwords
    B. Biometrics
    C. Smart cards
    D. Strong passwords
    A. Weak passwords
    (this multiple choice question has been scrambled)
  13. What type of group account is limited to a single computer?
    A. Local group
    B. Global Group
    C. Universal group
    D. Domain Group
    A. local computer
    (this multiple choice question has been scrambled)
  14. What is the primary benefit of an account lockout policy?
    A. To force a user to memorize a password and never forget it.
    B. To force users to use strong passwords.
    C. To prevent unauthorized users from having unlimited attempts to guess a password.
    D. To allow users to use weaker passwords to avoid an account lockout
    C. To prevent unauthorized users from having unlimited attempts to guess a password.
    (this multiple choice question has been scrambled)
  15. What user account type is able to operate a computer and open, create, and save documents, but cannot manipulate system settings?
    A. Guest
    B. Administrator
    C. Privilege account
    D. Restricted Account
    D. Restricted Account
    (this multiple choice question has been scrambled)
  16. You are designing a new Web application service for your company. An initial design review reveals a number of attack surfaces not identified in the initial baseline for the application, including unneeded network services that are enabled. What should you do?
    A. Perform a conceptual test.
    B. Rework the initial baseline
    C. Remove unneeded services from the design.
    D. Reduce the attack surfaces during actual coding.
    C. Remove unneeded service from the design
    (this multiple choice question has been scrambled)
  17. Which of the following is the least intrusive way of checking an environment for know software flaws?
    A. Vulnerability scanner
    B. Port Scanner
    C. Protocol analyzer
    D. Penetration test
    A. Vulnerability Scanner
    (this multiple choice question has been scrambled)
  18. After a system risk assessment, the cost to mitigate a risk is higher than the expected loss if the threat materializes. In this situation, which of the following is the better course of action?
    A. Accept the risk
    B. Reject the risk
    C. Mitigate the risk
    D. Run a new risk assessment
    A. Accept the risk
    (this multiple choice question has been scrambled)
  19. After completing a risk assessment, a security administrator recommends that the network owner take actions to prevent future security incidents. Which of the following describes this type of action?
    A. Rick Avoidance
    B. Risk Transference
    C. Risk Mitigation
    D. Risk Acceptance
    C. Risk Mitigation
    (this multiple choice question has been scrambled)
  20. What is likely your best course of action when a vulnerability is identified on an operating system?
    A. Visit the OS manufacturer's website for information and a patch.
    B. Shut down all affected servers until management can be notified.
    C. Search for a patch on the internet.
    D. Ignore the vulnerability for now and wait for an automatic update from the manufacturer.
    A. Visit the OS manufacturer's website for information and a patch.
    (this multiple choice question has been scrambled)
  21. What is the type of testing that ignores the internal workings of a system and focuses on only its outputs?
    A. Black box testing
    B. Gray box testing
    C. Penetration testing
    D. White box testing
    A. Black box testing
    (this multiple choice question has been scrambled)
  22. What important planning document should an organization create, maintain, and test in preparation for a catastrophic event?
    A. Backout Contingency Plan
    B. RTO and PRO plans.
    C. Disaster Recovery Plan
    D. Penetration Test Plan
    C. Disaster Recovery Plan
    (this multiple choice question has been scrambled)
  23. Which of the following backup strategies would provide the most efficient recovery from a disaster in which the data servers for a business are lost?
    A. Weekly differential backups only
    B. Quarterly full backups, monthly differential backups, and daily incremental backups
    C. Daily incremental backups only
    D. Weekly full backups and daily differential backups
    D. Weekly full backups and daily differential backups
    (this multiple choice question has been scrambled)
  24. Who should perform penetration testing on a network?
    A. A network security administrator.
    B. An internal auditor
    C. An independent, outside consultant or service
    D. An internal non-IT employee
    C. An independent, outside consultant or service.
    (this multiple choice question has been scrambled)
  25. Management insists that the organization's recovery plans must include the requirement for all critical data and systems to be operational to the beginning of the business day within one hour of failure, regardless of the event occurring. Which of the following metrics would you NOT use in a disaster recovery plan to state these requirements?
    A. RPO
    B. EoD
    C. SoD
    D. RTO
    EoD (End of Business day)
  26. Which of the following is not a system type common to data loss prevention systems?
    A. Endpoint DLP
    B. Storage DLP
    C. Network DLP
    D. Archival DLP
    D. Archival DLP
    (this multiple choice question has been scrambled)
  27. What is provided by a digital security process that verifies the identity of a message sender along with the origin of protected data?
    A. Data Identificaiton
    B. Data Protection
    C. Non-repudiation
    D. Authorization
    C. Non-repudiation
    (this multiple choice question has been scrambled)
  28. With which DLP system is data in motion (DiM) most associated?
    A. Archival DLP
    B. Endpoint DLP
    C. Network DLP
    D. Storage DLP
    C. Network DLP
    (this multiple choice question has been scrambled)
  29. Which data security policies set the standards to ensure that data remains in its original form without modification, corruption, or loss?
    A. Data retention
    B. Data Security
    C. Data Integrity
    D. Data Identification
    C. Data Integrity
    (this multiple choice question has been scrambled)
  30. What digital entity facilitates verification of a claim that a specific public key belongs to a specific individual?
    A. Security Association
    B. Digital Signature
    C. Ciphertext
    D. Certificate Authority
    Digital Signature
  31. Your organization wishes to reduce its exposure to zero-day vulnerabilities. What policies should it implement to achieve this?
    A. Patch Management
    B. Disable unneeded services on the server
    C. Removal of obsolete user accounts
    D. Closing ports on the firewall
    A. Patch Management
    (this multiple choice question has been scrambled)
  32. Which principle ensures a host computer performs only the tasks required by its user and nothing more?
    A. Threat Modeling
    B. Principle of defense in depth
    C. Gilster's law
    D. Principle of least privilege
    D. Principle of least privilege
    (this multiple choice question has been scrambled)
  33. What attack involves an attacker inserting SQL commands into a webpage form to corrupt the request made to a database?
    A. SQL injection attack
    B. DDoS attack
    C. XSS attack
    D. Man-in-the-middle attack
    SQL injection attack
  34. What form of a baseline documents the initial operating system settings on a host computer?
    A. Settings baseline
    B. Security baseline
    C. Configuration Baseline
    D. Performance baseline
    C. Configuration baseline
    (this multiple choice question has been scrambled)
  35. What type of a threat model focuses on the actions taken to exploit vulnerabilities?
    A. Attacker-centric
    B. Asset-centric
    C. Fuzz testing
    D. Software-centric
    A. Attacker-centric
    (this multiple choice question has been scrambled)
  36. What acronym refers to an environment in which employees provide their own mobile communication devices?
    A. BYOD
    B. OOB
    C. OTP
    D. MSM
    A. BYOD
    (this multiple choice question has been scrambled)
  37. Text messaging makes a mobile device especially susceptible to what type of vulnerability?
    A. Outdated firmware
    B. Signal interception
    C. Device diversity
    D. Bluetooth discovery mode
    B. Signal interception
    (this multiple choice question has been scrambled)
  38. Your company wishes to limit its risk for the unauthorized access to confidential company data that may be stored on the tablet computers it issues to employees. Which of the following methods would guarantee that an unauthorized person couldn't access data on a lost or stolen tablet?
    A. Screen lock
    B. Strong password authentication
    C. Whole device encryption
    D. Data wiping
    D. Data wiping
    (this multiple choice question has been scrambled)
  39. What security system involves the use of an analog-to-digital converter (ADC) and either hardware-based encryption or software-based encryption for the transmission of converted signals using the ZRTP protocol?
    A. VPN
    B. Secure Voice
    C. Device-generated OTP
    D. VoIP
    B. Secure Voice
    (this multiple choice question has been scrambled)
  40. What form of security policies typically includes measures like secured possession, remote reporting, screen locks, and storage policies?
    A. Environmental Security
    B. External Security
    C. Internal Security
    D. Disaster Recovery
    B. External Security
    (this multiple choice question has been scrambled)
  41. What term refers to an actual server on which virtualization software runs, creates, and manages virtual machines?
    A. Virtual private server
    B. Virtual guest
    C. Virtual host
    D. Virtual machine
    C. Virtual Host
    (this multiple choice question has been scrambled)
  42. What type of an attack may start on a virtual server but could threaten a physical host?
    A. VM escape
    B. Sandbox
    C. VMware
    D. Cloud bursting
    A. VM escape
    (this multiple choice question has been scrambled)
  43. You access your email through a cloud-based email server. What type of service are you using?
    A. PaaS
    B. IaaS
    C. SaaS
    D. VDI
    C. SaaS
    (this multiple choice question has been scrambled)
  44. Which of the following is NOT a benefit of virtualization?
    A. Decentralized administration
    B. Component Isolation
    C. Availability of computing resources
    D. Reduced footprint
    A. Decentralized administration
    (this multiple choice question has been scrambled)
  45. After reviewing the hardware inventory in the IT data center, senior management cites that many of the servers are underutilized, and it sees this as a waste of resources. What do you recommend to improve this situation?
    A. Implement virtualization
    B. Reduce the number of active servers
    C. Implement a VM escape
    D. Implement IaaS
    A. Implement virtualization
    (this multiple choice question has been scrambled)
  46. What process converts readable data into unreadable or unrecognizable text?
    A. Decryption
    B. Hashing
    C. Cryptography
    D. Steganography
    C. Steganography
    (this multiple choice question has been scrambled)
  47. Which function will always produce a fixed-length value regardless of the length of the original data?
    A. Chaffing and Winnowing
    B. Encryption
    C. Quantum Cryptography
    D. Hash Algorithm
    D. Hash Algorithm
    (this multiple choice question has been scrambled)
  48. What are the two primary components of encryption?
    A. Cryptography and Steganography
    B. Algorithms and keys
    C. Certificates and private keys
    D. Hashing and public keys
    B. Algorithms and keys
    (this multiple choice question has been scrambled)
  49. Which encryption algorithm is most commonly used in small wireless devices, such as smartphones?
    A. Quantum cryptography
    B. 3DES
    C. Elliptic curve
    D. SHA
    C. Elliptic curve
    (this multiple choice question has been scrambled)
  50. An encryption system encrypts data prior to transmitting it across the network. The receiving end of the transmission decrypts the data. If the two systems are both using a symmetric algorithm, what do you know about the keys in this scenario?
    A. The system uses different keys to encrypt and decrypt data.
    B. The system's keys are a very insecure method for encrypting data for transmission across the network.
    C. The system uses the same key to encrypt and decrypt data.
    D. The system doesn't use keys to encrypt or decrypt data.
    C. The system uses the same key to encrypt and decrypt data.
    (this multiple choice question has been scrambled)

What would you like to do?

Home > Flashcards > Print Preview