Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
Which of the following is NOT a network set aside as a private internal network by RFC 1918?
1.) 10.0.0.0 2.) 172.16.0.0 3.) 192.168.0.0 4.) 169.254.254.0 |
4.) 169.254.254.0
10.0.0.0, 192.168.0.0 and 172.16.0.0 - 172.31.0.0 are designated as private addresses according to IETF RFC 1918. |
|
|
Which of the following are indicators of security-centric log entries? (I) System hardware and software errors (II) Low-level host information (III) Database checkpoint record (IV) High-level host information
1.) II and III 2.) I, II, and III 3.) I, II, and IV 4.) I and III |
4.) I, II, and IV
A database checkpoint log is not a security oriented log. |
|
|
What can impede the implementation of the IPSec VPN?
1.) NAT 2.) AH only provides authentication 3.) Lack of PKI 4.) IKE - Internet Key Exchange |
1.) NAT
NAT is not supported by IPSec. |
|
|
A policy for implementing security requirements
1.) is a high level document that states what must be done but does not contain specific steps or criteria. 2.) guides the reader through security controls and is optional for the organization. 3.) has step-by-step instructions that detail how to install the controls. 4.) is a rigid document containing specific actions and projects. |
1.) is a high level document that states what must be done but does not contain specific steps or criteria.
|
|
|
Exponential key exchange is used for
1.) encrypted key transport. 2.) public-private key cryptography. 3.) Internet Key Exchange (IKE) 4.) Kerberos key distribution. |
2.) public-private key cryptography.
Exponential key exchange, also called Diffie-Hellman key agreement, is a fundamental technique for unauthenticated key agreement, and is the basis of public-private key authentication. |
|
|
An Automated teller Machine (ATM) should restrict what operations a user can perform via the
1.) encryption of transmitted data. 2.) complexity of the cryptographic algorithms. 3.) use of a constrained user interface. 4.) use of closed-circuit television (CCTV) to record activity. |
3.) use of a constrained user interface.
A constrained user interface allows the user to select pre-defined options and limits their ability to perform undesired operations. |
|
|
Which of the following functions is MOST problematic when administering a PKI?
1.) Implementing Key Distribution Centers (KDC) 2.) Key management 3.) Time-stamping public keys 4.) Creating unique private keys for individuals |
2.) key management
Properly managing keys continues to be the most significant problem when administering a PKI. |
|
|
An E1 line operates at which speed?
1.) 2.048 MBPs 2.) 1.544 Mbps 3.) 1.544 MBps 4.) 2.048 Mbps |
4.) 2.048 Mbps
The speed of a T1 is 1.54 megabits per second. 2.048mbps is the speed of an E1 line. MBps is MegaBytes per second. |
|
|
In access control, the principle of defense in depth is represented by
1.) MAC 2.) Mission-dependent Access Control. 3.) Mutually-exclusive Access Control. 4.) Multiparty Access Control. |
4.) Multiparty Access Control.
Mutually-exclusive Access Control is correct since it requires several actions performed by different users to complete a task. |
|
|
Station-to-station protocol is used to
1.) protect the encapsulated symmetric key. 2.) provide a dedicated VPN tunnel between devices. 3.) protect the integrity of the data. 4.) protect the anonymity of the senders from eavesdroppers. |
4.) protect the anonymity of the senders from eavesdroppers.
Station-to-station protocol is a tree-pass variation of the Diffie-Hellman protocol, which allows the establishment of a shared secret between two parties without exposing their identity to eavesdroppers. |
|
|
What is considered to be the MOST important difference between the Transport and Tunnel mode implementations of Encapsulating Security Payload (ESP) within the IPSec?
1.) Transport mode is easier to implement than tunnel mode. 2.) Transport mode takes place between two hosts, while tunnel mode takes place between two gateways. 3.) Transport mode does not protect the entire IP packet, while tunnel mode does. 4.) Transport mode utilizes less bandwidth then tunnel mode. |
3.) Transport mode does not protect the entire IP packet, while tunnel mode does.
The main and most critical difference concerning ESP with IPSec is the fact that Transport mode does not offer as much protection as Tunnel mode due to the fact that in Tunnel mode, ESP is inserted before the original IP header, and the new IP header is inserted in front of the ESP header. |
|
|
When a critical system has crashed and requires immediate changes prior to restarting, it is important to
1.) delete improperly closed files or corrupted databases prior to restart. 2.) ensure the change still follows a document approved process. 3.) expedite the recovery by bypassing unnecessary controls. 4.) force the change to follow the same steps as all other changes. |
2.) ensure the change still follows a document approved process.
Emergency changes should not follow the normal change process but should still follow a predefined process. |
|
|
Honeypots are deployed on the edge of the network to
1.) test production applications. 2.) block traffic to and from the network. 3.) test context-based filtering software. 4.) distract potential hacking attacks. |
4.) distract potential hacking attacks.
Honeypots also capture attack methodologies for analysis. |
|
|
Effective handling of evidence requires a
1.) digital backup. 2.) Chain of custody. 3.) certified auditor. 4.) signed warrant. |
2.) chain of custody.
|
|
|
Password testing measure all the following EXCEPT
1.) password length and complexity. 2.) compliance with password policy. 3.) how well users protect their passwords. 4.) frequency of change and re-use. |
3.) how well users protect their passwords.
With current password testing methodologies, it is not possible to test how well users protect their passwords. |
|
|
Which of the following will increase the security and reliability for Syslog? (I) TLS (II) TCP (III) SHA-1 (IV) UDP
1.) I, II, IV 2.) II, III, IV 3.) I, II, III 4.) I, III, IV |
3.) I, II, III
UDP port 514 was the original syslog listening port. Due to the connectionless property of UDP, RFC 3195 proposed use of stronger mechanisms. |
|
|
Which is the maximum length of a Fully Qualified Domain Name?
1.) 192 octets 2.) 254 octets 3.) 255 octets 4.) 63 octets |
3.) 255 octets
The size of Fully Qualified Domain Name is 255 octets, including the terminal dot. The size of the domain level is 63 octets. Attacks against DNS often will provide more than 255 octets as part of DoS attack. |
|
|
Security awareness training should be provided
1.) as required by management and approved by HR 2.) as time permits. 3.) when the employee is hired and on a periodic basis. 4.) when the employee is hired. |
3.) When the employee is hired and on a periodic basis.
Employees must be educated as they are brought into an organization and retrained as the information threats, risks, and controls to the assets change. |
|
|
The PRIMARY objective of a security awareness program is to
1.) affect the behavior of users to adhere to security principles. 2.) ensure continuity of business in the event of a crisis. 3.) promote the activity of the information security department. 4.) advise management about risk and vulnerabilities. |
1.) affect the behavior of users to adhere to security principles.
|
|
|
A one-time password system is often based on
1.) static-value access. 2.) knowledge-based access. 3.) biometric-based access. 4.) challenge-response access. |
4.) challenge-response access.
Challenge response is one viable method for setting up a one-time password system. |
|
|
To protect a network device from being compromised, deploy
1.) strong authentication and access controls 2.) disable administrator login IDs and management ports. 3.) hash and integrity checks for system files. 4.) SNMP and secure remote access. |
1.) Strong authentication and access controls.
Strong access controls prevent unauthorized individuals from changing or compromising the device. |
|
|
To MINIMIZE signal bleeding, place Access Points (AP)
1.) on an exterior wall. 2.) above a window. 3.) in the center of the office area. 4.) at the highest point of the building. |
3.) in the center of the office area.
|
|
|
Which of the following are discouraged explicitly by the (ISC)2 Code of Ethics? (I) Consorting with hackers. (II) Consenting to bad practice (III) Separating work roles (IV) Crying wolf
1.) I, III, and IV 2.) II, III, and IV 3.) I, II, and III 4.) I, II, and IV |
4.) I, II, and IV
Separation of duties is not discouraged by the (ISC)2 Code of Ethics. |
|
|
A boot sector virus extracts a malicious executable that proceeds to infect device drivers. The operating system runs the infected driver after a reboot, which in turn loads the virus into memory and allows it to intercept any attempts to save document files. This is an example of what type of virus?
1.) Polymorphic 2.) Cross platform 3.) Multipartite 4.) File infector |
3.) Multipartitie
|
|
|
When acquiring a new system, Certification and Accreditation (C&A) of the system is performed
1.) prior to the system entering production. 2.) during the maintenance phase. 3.) prior to acquisition. 4.) three years after initial deployment |
1.) prior to the system entering production.
The system should be formally authorized to operate and be accredited prior to being put into production. This ensure only an appropriate amount of risk is being assumed by the authorizaing official. |
