Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
22 Cards in this Set
- Front
- Back
|
Which of the following is a best pactice before deploying a new desktop operating system image?
|
Verify operating system security settings
|
|
|
Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?
|
Whaling
|
|
|
A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?
|
Security
|
|
|
An administrator wants to minimze the amount of time needed to perform backups during the week. It is also acceptable to the adminstrator for restoration to take an extended time frame. Which of the following strategies would the adminsitrator MOST likely implement?
|
Full backups on the weekend and incremental during the week
|
|
|
Which of the following access controls enforces permissions based on data labeling at specific levels?
|
Mandatory access control
|
|
|
A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. they use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?
|
Separation of duties
|
|
|
Which of the following defines an organiation goal for acceptable downtime during a disaster or other contingency?
|
RTO
|
|
|
A sytem adminstrator decides to use SNMPv3 on the network router in AuthPri mode. Which of the following algorithm combinations would be valid?
|
3DES-MD5
|
|
|
Which of the following are encryption alogithms that can use a 128-bit key size? (2)
|
AES
Twofish |
|
|
Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?
|
TLS
|
|
|
Which of the following MOST interferes with network-based detection techniques?
|
SSL
|
|
|
Elliptic curver cryptography:
(2) |
is mostly used in embedded devices
produces higher strength encryption with shorter keys |
|
|
A CRL is comprised of:
|
public keys
|
|
|
In Which of the following categories would creating a corporate privacy policy, drafting acceptible use policies, and group based access control be classified?
|
Best practice
|
|
|
Which of the following application security testing techniques is implement when an automated system generates random input data?
|
Fuzzing
|
|
|
Which of the following can use RC4 for encryption?
(2) |
SSL
WEP |
|
|
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?
|
Malicous code on the local system
|
|
|
In Which of the following scenarious is PKI LEAST hardened?
|
A malcious CA certificate is loaded on all the clients
|
|
|
Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place?
|
Penetration test
|
|
|
Configuring the mode, encryption methods, and security associations are part of which of the following?
|
IPSec
|
|
|
All of the following are valid cryptographic hash functions EXCEPT:
|
RC4
|
|
|
A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?
|
Passwork cracker
|
