Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

24 Cards in this Set

  • Front
  • Back
Computer forensics experts collect and analyze data using which of the following
guidelines so as to minimize data loss?
Chain of custody
At what stage of an assessment would an auditor test systems for weaknesses and attempt
to defeat existing encryption, passwords and access lists?
The best protection against the abuse of remote maintenance of PBX (Private Branch
Exchange) system is to:
Insists on strong authentication before allowing remote maintenance
What results from a domain name server resolving the domain name to a
different and thus misdirecting Internet traffic?
A recent audit shows that a user logged into a server with their user account and executed
a program. The user then performed activities only available to an administrator.
This is an example of an attack?
Privilege escalation
When securing a FTP (File Transfer Protocol) server, what can be done to ensure that
only authorized users can access the server?
Disable anonymous authentication.
The protection of data against unauthorized access or disclosure is an example of what?
What kind of attack is a type of security breach to a computer system that does not
usually result in the theft of information or other security loss but the lack of legitimate
use of that system?
DOS - Denial of service
Controlling access to information systems and associated networks is necessary for the
preservation of their:
Confidentiality, integrity and availability.
If a private key becomes compromised before its certificate’s normal expiration, X.509
defines a method requiring each CA (Certificate Authority) to periodically issue a signed
data structure called a certificate:
Revocation list
User A needs to send a private e-mail to User B. User A does not want anyone to have
the ability to read the e-mail except for User B, thus retaining privacy.
Which tenet of information security is User A concerned about?
An application that appears to perform a useful function but instead contains some sort of
malicious code is called:
a Trojan Horse
What type of authentication may be needed when a stored key and memorized password
are not strong enough and additional layers of security is needed?
What transport protocol and port number does SHH (Secure Shell) use?
TCP (Transmission Control Protocol) port 22
A autonomous agent that copies itself into one or more host programs, then propagates
when the host is run, is best described as a:
Giving each user or group of users only the access they need to do their job is an example
of which security principal.
Least privilege
A well defined business continuity plan must consist of risk and analysis, business impact
analysis, strategic planning and mitigation, training and awareness, maintenance and
audit and:
Integration and validation.
While performing a routing site audit of your wireless network, you discover an
unauthorized Access Point placed on your network under the desk of Accounting
department security. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time.
What type of attack have you just become a victim of?
Social Engineering
When a session is initiated between the Transport Control Program (TCP) client and
server in a network, a very small buffer space exist to handle the usually rapid “handshaking”
exchange of messages that sets up the session.
What kind of attack exploits this functionality?
SYN Attack
John wants to encrypt a sensitive message before sending it to one of his managers.
Which type of encryption is often used for e-mail?
Providing false information about the source of an attack is known as:
What technology was originally designed to decrease broadcast traffic but is also
beneficial in reducing the likelihood of having information compromised by sniffers?
VLAN (Virtual Local Area Network)
What is the greatest benefit to be gained through the use of S/MINE /Secure
Multipurpose Internet Mail Extension) The ability to:
Encrypted and digitally sign e-mail messages.
A program that can infect other programs by modifying them to include a version of itself
is a: