Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
Which of the following is a method of encrypting email?
|
S/MIME
|
|
Which of the following risks would be reduced by implementing screen filters?
|
Shoulder surfing
|
|
Which of the following allows an attacker to hide the presence of malicious code by altering the
systems process and registry entries? |
Rootkit
|
|
Which of the following will propagate itself without any user interaction?
|
Worm
|
|
An administrator wants to setup their network with only one public IP address. Which of the
following would allow for this? |
NAT
|
|
An administrator wants to proactively collect information on attackers and their attempted methods
of gaining access to the internal network. Which of the following would allow the administrator to do this? |
Honeypot
|
|
Which of the following allows a technician to correct a specific issue with a solution that has not
been fully tested? |
Hotfix
|
|
A technician wants to regulate and deny traffic to websites that contain information on
hacking.Which of the following would be the BEST solution to deploy? |
Internet content filter
|
|
Which of the following is the LEAST intrusive way of checking the environment for known software
flaws? |
Vulnerability scanner
|
|
If a certificate has been compromised, which of the following should be done?
|
Put the certificate on the CRL.
|
|
Which of the following requires an update to the baseline after installing new software on a
machine? |
Behavior-based HIDS
|
|
Which of the following would be the MOST secure choice to implement for authenticating remote
connections? |
RADIUS
|
|
Which of the following is the BEST way to reduce the number of accounts a user must maintain?
|
SSO
|
|
Which of the following can be used as a means for dual-factor authentication?
|
Iris scan and proximity card
|
|
After implementing file auditing, which of the following logs would show unauthorized usage
attempts? |
Security
|
|
Which of the following type of attacks requires an attacker to sniff the network?
|
Man-in-the-Middle
|
|
If a user attempts to go to a website and notices the URL has changed, which of the following
attacks is MOST likely the cause? |
DNS poisoning
|
|
Which of the following attacks can be caused by a user being unaware of their physical
surroundings? |
Shoulder surfing
|
|
Which of the following actions should be performed upon discovering an unauthorized wireless
access point attached to a network? |
Unplug the Ethernet cable from the wireless access point.
|
|
Which of the following redundancy solutions contains hardware systems similar to the affected
organization, but does not provide live data? |
Warm site
|
|
During the implementation of LDAP, which of the following will typically be changed within the
organizations software programs? |
Authentication credentials
|
|
Which of the following would be MOST useful to determine why packets from a computer outside
the network are being dropped on the way to a computer inside the network? |
Firewall log
|
|
Which of the following security policies is BEST to use when trying to mitigate the risks involved
with allowing a user to access company email via their cell phone? |
The cell phone should require a password after a set period of inactivity.
|
|
An administrator has been asked to encrypt credit card datA. Which of the following algorithms
would be the MOST secure with the least CPU utilization? |
AES
|
|
Which of the following algorithms is the LEAST secure?
|
LANMAN
|
|
Which of the following algorithms is MOST closely associated with the signing of email messages?
|
PGP
|
|
An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting
the body of the email, the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which of the following asymmetric keys should the executive use to encrypt the signature? |
Private
|
|
A technician needs to detect staff members that are connecting to an unauthorized website. Which
of the following could be used? |
Protocol analyzer
|
|
An administrator suspects that multiple PCs are infected with a zombie. Which of the following
tools could be used to confirm this? |
Antivirus
|
|
Which of the following is an example of security personnel that administer access control
functions, but do not administer audit functions? |
Separation of duties
|
|
A malware incident has just been detected within a company. Which of the following should be the
administrators FIRST response? |
Containment
|
|
Taking into account personal safety, which of the following types of fire suppression substances
would BEST prevent damage to electronic equipment? |
CO2
|
|
Which of the following describes the process of securely removing information from media (E. g.
hard drive) for future use? |
Sanitization
|
|
Which of the following principles should be applied when assigning permissions?
|
Least privilege
|
|
Which of the following type of strategies can be applied to allow a user to enter their username
and password once in order to authenticate to multiple systems and applications? |
Single sign-on
|
|
User A is a member of the payroll security group. Each member of the group should have
read/write permissions to a sharE. User A was trying to update a file but when the user tried to access the file the user was denieD. Which of the following would explain why User A could not access the file? |
Rights are not set correctly
|
|
Which of the following threats is the MOST difficult to detect and hides itself from the operating
system? |
Rootkit
|
|
Which of the following methods is used to perform denial of service (DoS) attacks?
|
Botnet
|
|
Which of the following is an attack that is triggered by a specific event or by a date?
|
Logic bomb
|
|
Which of the following can an attacker use to gather information on a system without having a user
ID or password? |
Null session
|
|
Which of the following is a way to logically separate a network through a switch?
|
VLAN
|
|
Which of the following is a security threat when a new network device is configured for first-time
installation? |
Use of default passwords
|
|
Which of the following is an exploit against a device where only the hardware model and
manufacturer are known? |
Default passwords
|
|
A technician is implementing a new wireless network for an organization. The technician should be
concerned with all of the following wireless vulnerabilities EXCEPT: |
80211 modE.
|
|
Which of the following tools will allow the technician to find all open ports on the network?
|
Network scanner
|
|
An organization is installing new servers into their infrastructurE. A technician is responsible for
making sure that all new servers meet security requirements for uptimE. In which of the following is the availability requirements identified? |
Service level agreement
|
|
After issuance a technician becomes aware that some keys were issued to individuals who are not
authorized to use them. Which of the following should the technician use to correct this problem? |
Certificate revocation list
|
|
Password crackers are generally used by malicious attackers to:
|
gain system access.
|
|
Which of the following properly describes penetration testing?
|
Penetration tests are generally used to demonstrate a weakness in a system and then provide
documentation on the weakness. |
|
Which of the following should a technician review when a user is moved from one department to
another? |
User access and rights
|