Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/79

Click to flip

79 Cards in this Set

  • Front
  • Back
Which of the following issues is not addressed by Kerberos?
Availability
Privacy
Integrity
Authentication
Availability
Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control?
DAC
MAC
RBAC
TACACS
MAC
Which of the following represents the columns of the table in a relational database?
attributes
relation
record retention
records or tuples
attributes
Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?
host-based IDS
firewall-based IDS
bastion-based IDS
server-based IDS
host-based IDS
Which of the following is the primary security feature of a proxy server?
Client hiding
URL blocking
Route blocking
Content filtering
Client hiding
Which of the following is not an OSI architecture-defined broad category of security standards?
Security techniques standards
Layer security protocol standards
Application-specific security
Firewall security standards
Firewall security standards
Which of the following is an ipaddress that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?
172.12.42.5
172.140.42.5
172.31.42.5
172.15.42.5
172.31.42.5
All following observations about IPSec are correct except:
Default Hashing protocols are HMAC-MD5 or HMAC-SHA-1
Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used
Support two communication modes - Tunnel mode and Transport mode
Works only with Secret Key Cryptography
Works only with Secret Key Cryptography
Which of the following tape format types offer the highest transfer rate?
Digital Audio Tape (DAT)
Quarter inch Cartridge (QIC)
8mm tape
Digital Linear Tape (DLT)
Digital Linear Tape (DLT)
Which of the following tasks may be performed by the same person in a well-controlled information processing facility/computer center?
System development and change management
System development and systems maintenance
Security administration and change management
Computer operations and system development
System development and systems maintenance
If risk is defined as "the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets" then risk has all of the following elements EXCEPT?
An impact on assets based on threats and vulnerabilities
Controls addressing the threats
Threats to and vulnerabilities of processes and/or assets
Probabilities of the threats
Controls addressing the threats
Which of the following is not a responsibility of a database administrator?
Maintaining databases
Implementing access rules to databases
Reorganizing databases
Providing access authorization to databases
Reorganizing databases
Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following?
Confidentiality
Integrity
Availability
capability
Confidentiality
Which of the following methodologies is appropriate for planning and controlling activities and resources in a system project?
Gantt charts
Program evaluation review technique (PERT)
Critical path methodology (CPM)
Function point analysis (FP)
Program evaluation review technique (PERT)
Which of the following refers to the work product satisfying the real-world requirements and concepts?
validation
verification
concurrence
accuracy
validation
Which of the following is an advantage of using a high-level programming language?
It decreases the total amount of code written
It allows programmers to define syntax
It requires programmer-controlled storage management
It enforces coding standards
It decreases the total amount of code written
Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both?
object-relational database
object-oriented database
object-linking database
object-management database
object-relational database
Which of the following files should the security administrator be restricted to READ only access?
Security parameters
User passwords
User profiles
System log
System log
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?
A known-plaintext attack
A known-algorithm attack
A chosen-ciphertext attack
A chosen-plaintext attack
A known-plaintext attack
Which of the following is *NOT* a symmetric key algorithm?
Blowfish
Digital Signature Standard (DSS)
Triple DES (3DES)
RC5
Digital Signature Standard (DSS)
How many bits compose an IPv6 address?
128 bits
What key size is used by the Clipper Chip?
80 bits
Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of:
a class B network.
Which of the following takes the concept of RAID 1 (mirroring) and applies it to a pair of servers?
A redundant server implementation
What is used to help IP match an IP address to the appropriate hardware address of the packet's destination so it can be sent?
Address resolution protocol (ARP)
Which of the following best represent Misuse detectors?
analyze system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.
Which OSI/ISO layer does a SOCKS server operate at?
Application layer
Discretionary access controls:
are widely used in commercial environments.
What is the PRIMARY use of a password?
Authenticate the user.
Which of the following services is provided by S-RPC?
Authentication
Which of the following issues is not addressed by Kerberos?
Availability
The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level 4 is usually implemented at which of the following?
block level.
In what LAN topology do all the transmissions of the network travel the full length of cable and are received by all other stations?
Bus topology
What is a hub used for?
Connecting two segments of a single LAN
Passwords can be required to change monthly, quarterly, or at other intervals:
depending on the criticality of the information needing protection and the password's frequency of use.
Which of the following does not allow for a workstation to get an IP address assigned?
DHCP
What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility?
DS-1
What encryption algorithm is best suited for communication with handheld wireless devices?
ECC
In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use:
Encrypted Virtual Private Networks
Which of the following is not an advantage that TACACS+ has over TACACS?
Event logging
What are cognitive passwords?
Fact- or opinion-based information used to verify an individual's identity.
Which of the following transmission media would NOT be affected by cross talk or interference?
Fiber optic cables
Which protocol's primary function is to facilitate file and directory transfer between two machines?
File Transfer Protocol (FTP).
According to the Minimum Security Requirements (MSR) for Multi-User Operating Systems (NISTIR 5153) document, which of the following statements pertaining to audit data recording is incorrect?
For maintenance purposes, it shall be possible to disable the recording of activities that require privileges.
The type of discretionary access control that is based on an individual's identity is called:
Identity-based Access control
Detective/Technical measures:
include intrusion detection systems and automatically-generated violation reports from audit trail information.
A one-way hash provides which of the following?
Integrity
Low cost Internet products, like web browsers can be utilized on Intranets due to which of the following?
Intranets use TCP/IP and SMTP standards.
Which of the following are suitable protocols for securing VPN connections?
IPsec and L2TP
Who must bear the primary responsibility for determining the level of protection needed for information systems resources?
IS security specialists
What refers to legitimate users accessing networked services that would normally be restricted to them?
Logon abuse
Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control?
MAC
Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?
Mail services.
Which of the following layers does IPSec operate at?
Network
Which of the following is an issue with signature-based intrusion detection systems?
Only previously identified attack signatures are detected.
Which one of the following is used to provide authentication and confidentiality for e-mail messages?
PGP
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following?
Presentation Layer
The Internet can be utilized by either:
public or private networks (with a Virtual Private Networks).
Which of the following is less likely to assist in ensuring availability?
Regular system and security audits
Secure Shell (SSH-2) has two important components: RSA certificate exchange for authentication and Triple DES for:
session encryption.
Which of the following is not a defined layer in the TCP/IP protocol model?
Session layer
CAT3 is an older specification with a:
shorter effective distance.
What type of attack involves IP spoofing, ICMP ECHO and a bounce site?
Smurf attack
Security pros are not interested in which of the following?
softening their networks
Zip/Jaz drives are frequently used for the individual backups of small data sets of:
specific application data.
The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram?
TCP
What is the main problem of the renewal of a root CA certificate?
The authentic distribution of the new root CA certificate to all PKI participants
How do you distinguish between a bridge and a router?
The bridge connects two networks at the link layer, while router connects two networks at the network layer.
Which of the following is a drawback of fiber optic cables?
The expertise needed to install it.
Advanced Research Projects Agency Network (ARPANET), Department of Defense Research Projects Agency Network (DARPANET), Defense Data Network (DDN), or DoD Internets is referred to as which of the following?
the Internet.
Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange?
the Internet.
In Mandatory Access Control, sensitivity labels contain what information?
the item's classification and category set
What approach to a security program makes sure that the people actually responsible for protecting the company's assets are driving the program?
The top-down approach
Which of the following is most relevant to determining the maximum effective cost of access control?
the value of information that is protected.
In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
These factors include the enrolment time, the throughput rate, and acceptability.
What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment?
Threat analysis
Which OSI/ISO layers are TCP and UDP implemented at?
Transport layer
In a hierarchical PKI, the root CA has following specific functions?
Trust anchor for all PKI participants
Which of the following Operating Systems provides Kerberos implementation?
Windows 2000