Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements? |
C. USB token and PIN |
A. Username and password B. Retina scan and fingerprint scan C. USB token and PIN D. Proximity badge and token |
|
|
Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended? |
A. Screen lock |
A. Screen lock B. Voice encryption C. GPS tracking D. Device encryption |
|
|
Which of the following security concepts can prevent a user from logging on from home during the weekends? |
A. Time of day restrictions |
A. Time of day restrictions B. Multifactor authentication C. Implicit deny |
|
|
Which of the following would provide the STRONGEST encryption? |
A. Random one-time pad |
A. Random one-time pad B. DES with a 56-bit key C. AES with a 256-bit key D. RSA with a 1024-bit key |
|
|
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server? |
D. Rootkit |
A. SPIM B. Backdoor C. Logic bomb D. Rootkit |
|
|
A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with? |
C. Data integrity |
A. Data confidentiality B. High availability C. Data integrity D. Business continuity |
|
|
Which of the following can be performed when an element of the company policy cannot be enforced by technical means? |
D. User training |
A. Develop a set of standards B. Separation of duties C. Develop a privacy policy D. User training |
|
|
Timestamps and sequence numbers act as countermeasures against which of the following types of attacks? |
D. Replay |
A. Smurf B. DoS C. Vishing D. Replay |
|
|
Which of the following would be used as a secure substitute for Telnet? |
A. SSH |
A. SSH B. SFTP C. SSL D. HTTPS |
|
|
Which of the following is described as an attack against an application using a malicious file? |
A. Client side attack |
A. Client side attack B. Spam C. Impersonation attack D. Phishing attack |
|
|
Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly? |
D. Design reviews |
A. Baseline reporting B. Input validation C. Determine attack surface D. Design reviews |
|
|
Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly? |
A. Protocol analyzer |
A. Protocol analyzer B. Baseline report C. Risk assessment D. Vulnerability scan |
|
|
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server? |
C. Baseline review |
A. Penetration test B. Code review C. Baseline review D. Design review |
|
|
Which of the following tools would a security administrator use in order to identify all running services throughout an organization? |
C. Port scanner |
A. Architectural review B. Penetration test C. Port scanner D. Design review |
|
|
Which of the following protocols provides transport security for virtual terminal emulation? |
B. SSH |
A. TLS B. SSH C. SCP D. S/MIME |
|
|
Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could: |
A. Set up a honeypot and place false project documentation on an unsecure share. |
A. Set up a honeypot and place false project documentation on an unsecure share. B. Block access to the project documentation using a firewall. C. Increase antivirus coverage of the project servers. D. Apply security updates and harden the OS on all project servers. |
|
|
A set of standardized system images with a pre-defined set of applications is used to build enduser workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the: |
A. Attack surface. |
A. Attack surface. B. Application hardening effectiveness. C. Application baseline. D OS hardening effectiveness. |
|
|
A perimeter survey finds that the wireless network within a facility is easily reachable outside of the physical perimeter. Which of the following should be adjusted to mitigate this risk? |
D. Power level controls |
A. CCMP B. MAC filter C. SSID broadcast D. Power level controls |
|
|
Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application? |
B. Vulnerability scan |
A. Protocol analyzer B. Vulnerability scan C. Penetration test D. Port scanner |
|
|
Connections using point-to-point protocol authenticate using which of the following? (Select TWO). |
B. PAP C. CHAP |
A. RIPEMD B. PAP C. CHAP D. RC4 E. Kerbero |
|
|
Which of the following will help prevent smurf attacks |
B. Disabling directed broadcast on border routers |
A. Allowing necessary UDP packets in and out of the network B. Disabling directed broadcast on border routers C. Disabling unused services on the gateway firewall D. Flash the BIOS with the latest firmware |
|
|
An advantage of virtualizing servers, databases, and office applications is: |
A. Centralized management. |
A. Centralized management. B. Providing greater resources to users. C. Stronger access control. D. Decentralized management. |
|
|
A major security risk with co-mingling of hosts with different security requirements is: |
A. Security policy violations. |
A. Security policy violations. B. Zombie attacks. C. Password compromises. D. Privilege creep. |
|
|
Which of the following attacks targets high level executives to gain company information? |
B. Whaling |
A. Phishing B. Whaling C. Vishing D. Spoofing |
|
|
Which of the following can be used as an equipment theft deterrent? |
C. Cable locks |
A. Screen locks B. GPS tracking C. Cable locks D. Whole disk encryption |
|
|
At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe? |
B. Tailgating |
A. Shoulder surfing B. Tailgating C. Whaling D. Impersonation |
|
|
A company that has a mandatory vacation policy has implemented which of the following controls? |
A. Risk control |
A. Risk control B. Privacy control C. Technical control D. Physical control |
|
|
Ann, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Ann should immediately implement which of the following? |
D. Security awareness training |
A. Acceptable Use Policy B. Physical security controls C. Technical controls D. Security awareness training |
|
|
Which of the following is the MOST intrusive type of testing against a production system? |
D. Penetration testing |
A. White box testing B. War dialing C. Vulnerability testing D. Penetration testing |
|
|
The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this? |
D. Lower the power for office coverage only |
A. Disable the SSID broadcasting B. Configure the access points so that MAC filtering is not used C. Implement WEP encryption on the access points D. Lower the power for office coverage only |
|
|
The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response? |
D. Identification |
A. Recovery B. Follow-up C. Validation D. Identification E. Eradication F. Containment |
|
|
Which of the following protocols would be used to verify connectivity between two remote devices at the HIGHEST level of the OSI model? |
C. SCP |
A. ICMP B. IPSec C. SCP D. TCP |
|
|
Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website? |
B. Load balancer |
A. Protocol analyzer B. Load balancer C. VPN concentrator D. Web security gateway |
|
|
Which of the following uses port 22 by default? (Select THREE). |
A. SSH D. SFTP |
A. SSH B. SSL C. TLS D. SFTP E. SCP F. FTPS G. SMTP H. SNMP |
|
|
Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO). |
B. Logic Bomb D. Backdoor |
A. Rootkit B. Logic Bomb C. Botnet D. Backdoor E. Spyware |
|
|
The string: |
C. SQL Injection |
A. Bluejacking B. Rogue access point C. SQL Injection D. Client-side attacks |
|
|
Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server. However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server? |
D. Honeypot |
A. DMZ B. Honeynet C. VLAN D. Honeypot |
|
|
Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network? |
D. Honeypot |
A. Security logs B. Protocol analyzer C. Audit logs D. Honeypot |
|
|
Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company? |
D. Mandatory Vacations |
A. Privacy Policy B. Least Privilege C. Acceptable Use D. Mandatory Vacations |
|
|
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results? |
C. False positives |
A. True negatives B. True positives C. False positives D. False negatives |
|
|
Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO). |
A. Acceptable use policy C. Privacy policy |
A. Acceptable use policy B. Risk acceptance policy C. Privacy policy D. Email policy E. Security policy |
|
|
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as: |
A. Black box testing |
A. Black box testing B. White box testing C. Black hat testing D. Gray box testing |
|
|
Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network? |
C. Protocol analyzer |
A. Honeypot B. Port scanner C. Protocol analyzer D. Vulnerability scanner |
|
|
Which of the following should an administrator implement to research current attack methodologies? |
B. Honeypot |
A. Design reviews B. Honeypot C. Vulnerability scanner D. Code reviews |
|
|
Which of the following consists of peer assessments that help identify security threats and vulnerabilities? |
B. Code reviews |
A. Risk assessment B. Code reviews C. Baseline reporting D. Alarms |
|
|
Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this? |
A. Structured walk through |
A. Structured walk through B. Full Interruption test C. Check list test D. Table top exercise |
|
|
An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal? |
B. Password complexity |
A. Add reverse encryption B. Password complexity C. Increase password length D. Allow single sign on |
|
|
Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks? |
C. Web Application Firewall |
A. Intrusion Detection System B. Flood Guard Protection C. Web Application Firewall D. URL Content Filter |
|
|
Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release? |
D. Code review |
A. Product baseline report B. Input validation C. Patch regression testing D. Code review |
|
|
Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would |
A. Vulnerability scanning |
A. Vulnerability scanning B. SQL injection C. Penetration testing D. Antivirus update |
