Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
In information security, what are the three main goals? |
Integrity, confidentiality, and availability |
|
Which of the following is the greatest risk when it comes to removable storage? |
Confidentiality of data |
|
Which of these can hide an entire network of IP addresses? |
NAT |
|
Where are software firewalls usually located? |
On a PC |
|
You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate which each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What would be the best method to accomplish this? |
Use a virtual switch |
|
Which device's log file will show access control lists and which systems were or were not allowed access? |
Firewall |
|
HIDS and NIDS are similar intrusion detection systems. However, one is for indiviudal computers, and the other is for networks. Which of the following would a HIDS be installed to a monitor? |
System Files |
|
Jake is in the process of running a bulk data update. However, the process writes incorrect data throughout the database. What has been compromised? |
Integrity |
|
Which tool would you use if you want to view the contents of a packet? |
Protocol analyzer |
|
The IT director asks you t protect a server's data from unauthorized access and disclosure. What is this an example of? |
Confidentiality |
|
What is a goal for information security? |
Accountability |
|
Where is the optimal place to have a proxy server? |
In between a private network and a public network |
|
Which of the following devices should you employ to protect your network? |
Firewall |
|
Specific secure data is only supposed to be viewed by certain authorized users. What concept ensures this? |
Confidentiality |
|
If you ISP blocks objectionable material, what device wold you guess has been implemented? |
Internet content filter |
|
You are developing a security plan for your organization. Which of the following is an example of a physical control? |
ID Card |
|
Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses? |
IP Proxy |
|
Which of the following does the A in CIA stand for when it comes to IT security? |
Availability |
|
Which of the following security applications cannot proactively prevent computer anomalies? |
NIDS |
|
Which of the following types of firewalls provides inspection of data at layer 7 of the OSI model? |
Application-proxy |
|
You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security devices needs to be configured to disable false alarms in the future? |
Anomaly-based IDS |
|
Which device can use packet inspection? |
Firewall |
|
Of the following, which type of device attempts to serve client request without the user actually contacting the remove server |
HTTP Proxy |
|
Which of the following firewall rules only denies DNS zone transfers? |
Deny TCP any any port 53 |
|
Which of the following is a type of packet filtering used by firewalls that retains memory of the packets that pass through the firewall? |
Stateful packet inspection |
|
Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows? |
Load balancing |
|
Which of the following is a layer 7 device used to prevent specific typed of HTML tags from passing through to the client computer? |
Content filter |
|
One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see thar the proper FTP ports are open. What should your check next? |
ACLs |
|
Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what? |
Firewall rules |
|
Which of the following will an Internet filtering appliance analyze? |
Content |
|
Which of the following devices would detect but not react to suspicious behavior on the network? |
NIDS |
|
Which of the following cable media is the least susceptible to a tap? |
Fiber-optic cable |
|
Which of the following uses multiple computers to share work? |
Load balancing |
|
Which of the following will detect malicious packets and discard them? |
NIPS |
|
A client contracts you to prevent users from accessing inappropriate websites. Which of the following technologies should you implement? |
Internet content filter |
|
Which of the following is the most secure type of cabling? |
Shield twisted-pair |
|
Which of the following is a best practice when installing and securing a new computer for a home user? |
Install a firewall |
|
What is a device doing when it actively monitors data streams for malicious code? |
Content inspection |
|
What kind of attack would a flood guard protect a network from? |
SYN attack |
|
Don must configure his firewall to support TACACS+. Which port should he open on the firewall? |
Port 49 |
|
Which of the following protocols or services uses port 19? |
CHARGEN |
|
Which of the following will most likely enable an attacker to force a switch to function like a hub? |
MAC flooding |
|
A security analyst wants to ensure that all external traffic is able to access an organization's front-end servers but also wants to protect access to internal resources. Which network design element is the best option for the security analyst? |
DMZ |
|
Which of the following services uses port 49? |
Terminal Access Controller Access-Control System Plus |
|
Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? |
Proxy server |
|
Which of the following threats is not associated with Bluetooth? |
Fraggle attack |
|
In your organization's network you have VoIP phones and PCs connected to the same switch. Which of the following is the best way to logically separate the device types while still allowing traffic between them via an ACL |
Create two VLANs on the switch connected to a router |
|
Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? |
Non-repudiation |
|
Which of the following is likely to be the last rule contained within the ACLs of a firewall? |
Implicit deny |
|
Which of the following might be included in Microsoft Security Bulletins? |
CVE |
|
Which port is used by Microsoft SQL |
1433 |
|
Which port number is used by RPC? |
135 |
|
A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts? |
Integrity |
|
A coworker has installed an SMTP server on your organization's database server. What security principle does this violate? |
use of a device as it was intended |
|
You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in? |
Promiscuous mode |
|
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? |
Data confidentiality |
|
For a remote tech to access the desktop of a user's computer in another state, what inbound port must be open on the user's computer? |
3389 |
|
Tom is getting reports from several users that they are unable to download specific items from particular websites, although they can access other pages of those websites. Also, they can download information from other websites just fine. Tom's IDS is also sending him alarms about possible malicious traffic on the network. What is the most likely cause why the users cannot download the information they want? |
The NIPS is blocking web activity from those specific websites. |
|
Your organization's network has a main office and has two remote sites that connect back to the main office solely. You have been tasked with blocking Telnet access into the entire network. Which would be the best way to go about this? |
Block port 23 on the main office's firewall |
|
To protect against malicious attacks, who should you think like? |
hacker |