Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
|
Computer forensics experts collect and analyze data using which of the following
guidelines so as to minimize data loss? |
Chain of custody
|
|
|
At what stage of an assessment would an auditor test systems for weaknesses and attempt
to defeat existing encryption, passwords and access lists? |
Penetration
|
|
|
The best protection against the abuse of remote maintenance of PBX (Private Branch
Exchange) system is to: |
Insists on strong authentication before allowing remote maintenance
|
|
|
What results from a domain name server resolving the domain name to a
different and thus misdirecting Internet traffic? |
Spoofing
|
|
|
A recent audit shows that a user logged into a server with their user account and executed
a program. The user then performed activities only available to an administrator. This is an example of an attack? |
Privilege escalation
|
|
|
When securing a FTP (File Transfer Protocol) server, what can be done to ensure that
only authorized users can access the server? |
Disable anonymous authentication.
|
|
|
The protection of data against unauthorized access or disclosure is an example of what?
|
Confidentiality
|
|
|
What kind of attack is a type of security breach to a computer system that does not
usually result in the theft of information or other security loss but the lack of legitimate use of that system? |
DOS - Denial of service
|
|
|
Controlling access to information systems and associated networks is necessary for the
preservation of their: |
Confidentiality, integrity and availability.
|
|
|
If a private key becomes compromised before its certificate’s normal expiration, X.509
defines a method requiring each CA (Certificate Authority) to periodically issue a signed data structure called a certificate: |
Revocation list
|
|
|
User A needs to send a private e-mail to User B. User A does not want anyone to have
the ability to read the e-mail except for User B, thus retaining privacy. Which tenet of information security is User A concerned about? |
Confidentiality
|
|
|
An application that appears to perform a useful function but instead contains some sort of
malicious code is called: |
a Trojan Horse
|
|
|
What type of authentication may be needed when a stored key and memorized password
are not strong enough and additional layers of security is needed? |
Multi-factor
|
|
|
What transport protocol and port number does SHH (Secure Shell) use?
|
TCP (Transmission Control Protocol) port 22
|
|
|
A autonomous agent that copies itself into one or more host programs, then propagates
when the host is run, is best described as a: |
Virus
|
|
|
Giving each user or group of users only the access they need to do their job is an example
of which security principal. |
Least privilege
|
|
|
A well defined business continuity plan must consist of risk and analysis, business impact
analysis, strategic planning and mitigation, training and awareness, maintenance and audit and: |
Integration and validation.
|
|
|
While performing a routing site audit of your wireless network, you discover an
unauthorized Access Point placed on your network under the desk of Accounting department security. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you just become a victim of? |
Social Engineering
|
|
|
When a session is initiated between the Transport Control Program (TCP) client and
server in a network, a very small buffer space exist to handle the usually rapid “handshaking” exchange of messages that sets up the session. What kind of attack exploits this functionality? |
SYN Attack
|
|
|
John wants to encrypt a sensitive message before sending it to one of his managers.
Which type of encryption is often used for e-mail? |
S/MINE
|
|
|
Providing false information about the source of an attack is known as:
|
Spoofing
|
|
|
What technology was originally designed to decrease broadcast traffic but is also
beneficial in reducing the likelihood of having information compromised by sniffers? |
VLAN (Virtual Local Area Network)
|
|
|
What is the greatest benefit to be gained through the use of S/MINE /Secure
Multipurpose Internet Mail Extension) The ability to: |
Encrypted and digitally sign e-mail messages.
|
|
|
A program that can infect other programs by modifying them to include a version of itself
is a: |
Virus
|
