Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
170 Cards in this Set
- Front
- Back
When considering security what is the major drawback of implementing physical tokens?
|
Mass distribution of such devices is costly.
|
|
How would you prevent users from accessing sensitive company data during non-business hours?
|
By setting time of day restrictions.
|
|
You are the network administrator responsible for selecting the access control method that will be used for a new kiosk system to be used in a local museum. The museum's donors want to have full access to information about all items, but visitors should have access only to those items on current display. Which forms of access control are most appropriate to this requirement? (choose all that apply.)
|
Role-based access control
Mandatory access control |
|
What determines what a user can view and alter?
|
Access control
|
|
Which of the following best describes identity proofing?
|
Organizational process that binds users to authentication methods.
|
|
When you organize security groups and define rights/privileges, the rules should be defined in which of the following ways?
|
Rules are made by management, configured b the administrators, and enforced by the operating system.
|
|
You have decided to use the Terminal Access Controller Access Control System (TACACS) standard for dial-up authentication. Which of the following capabilities will be provided by this service?
|
Encrypted forwarding.
|
|
Which of the following is a type of access control that provides access rights assigned to roles and then accounts assigned to these roles?
|
RBAC
|
|
At which layer of the OSI model does the Internet Protocol Security protocol function?
|
Network Layer
|
|
With the Discretionary access control model, the most common implementation is through:
|
Access control lists
|
|
Sustained high levels of processor usage could mean that:
|
There is a serious application error.
Your CPU needs to be upgraded. |
|
Anomaly-based monitoring is useful for detecting which types of attacks? (Choose all that apply)
|
New exploits or buffer overflow attacks.
DoS attacks based on payloads or volume Normal network failures Protocol and port exploitation |
|
On Linux, BIND based DNS uses which daemon for logging?
|
syslogd
|
|
Which of the following are examples of suspicious activity? (Choose all that apply.)
|
Multiple connections that are in a half-open state.
A log report that indicates multiple login failures on a single account. |
|
You suspect that there are problems with your DNS server. No one seems to be able to contact intranet hosts using DNS names. However, the intranet can be contacted by IP address. You're not exactly sure where the problem lies. You go to a workstation, open a DOS prompt, and enter which of the following commands?
|
Nslookup
|
|
On Windows, you may restrict disk usage through which of the following facilities?
|
Disk quota
|
|
You have installed a custom monitoring service on the webserver that reviews web service logs to watch for the URL's used by the Code Red worm to propagate itself. When this custom service detects an attack, it raises an alert via email. Which of the following types of IDS is this solution? (Choose all that apply.)
|
Host-based IDS
Knowledge-based IDS |
|
To monitor the health of all systems, agents are installed on the machines, and then the agents are monitored from a central location. This is an implementation of which of the following?
|
SNMP
|
|
What is the name given to the activity that consists of collecting information that will later be used for monitoring and review purposes?
|
Logging
|
|
You are tracking SNMP traffic. Which of the following prots would you monitor? (Choose all that apply.)
|
162
161 |
|
Which of the following kinds of attack aim at exploiting flaws in human logic?
|
Social engineering.
|
|
In the context of computer forensics, possible dangers to digital evidence may include: (Choose all that apply.)
|
Electromagnetic damage
Booby traps Viruses |
|
Classification of corporate information should be based on: (Choose all that apply.)
|
Business risk
Data value |
|
Which of the following is a type of site similar to the original site in that it has all the equipment fully configured, has up-to-date data, and can become operational with minimal delay?
|
Hot site
|
|
Which of the following is a well-grounded metal structure used to protect a large quantity of equipment from electronic eavesdropping?
|
Faraday cage
|
|
Redundancy planning includes which of the following? (Choose all that apply.)
|
UPS placement
RAID |
|
Phishing often takes place in the form of:
|
Email
|
|
Which of the following levels of RAID do Windows servers support? (Choose all that apply.)
|
RAID 1
RAID 0 RAID 5 |
|
Which of the following is a formal set of statements that defines how systems or network resources can be used?
|
Policies
|
|
Of the following, which are the characteristics of a cold site?
|
Requires setup time and Company needs to bring it's own equipment.
|
|
On a Windows network, you may use what feature to restrict users and enforce limitations?
|
Group Policy
|
|
Which one of the following best represents the principle of least privilege?
|
Requiring that a user be given no more privilege than necessary to perform a job
|
|
Which of the following are commonly deployed fro warning protective services personnel that physical security measures are being violated?
|
Detective physical controls
|
|
What are the pros and cons of single sign-on (SSO)? (Choose all that apply.)
|
It aims at improving user experience.
It aims at reducing human error. |
|
Which standard prot will be used to establish a web connection using the 40-bit RC4 encryption protocol?
|
443
|
|
Which of the following criteria is not a common criterion to authenticate a valid access request?
|
Where you log on.
|
|
Which of the following correctly describe the use of CHAP and MS CHAP for authentication? (Choose all that apply.)
|
MS-CHAP is mainly for older MS compatible clients.
CHAP is an old standard no longer commonly in use. |
|
With door access systems, what is commonly used for unlocking doors?
|
Magnetic card keys
|
|
You are having problems with your email server. No one seems to be receiving any email. You're not exactly sure where the problem lies. You go to a workstation, open a DOS prompt, and enter which of the following commands?
|
Tracert
|
|
Which of the following are advantages of behavior-based monitoring? (Choose all that apply.)
|
Can learn about malware based on previous detection.
Can identify malware before it's added to signature files. Can monitor for malware activities. |
|
A denial-of-service attack is being waged against the company's webserver using a large external botnet. Which of the following IDS solutions could enhance the attack's effect?
|
Host-based
|
|
When defining storage and retention policies, which of the following guidelines should you follow? (Choose all that apply.)
|
Files no longer in use should be properly archived.
Junk files should be removed from the file systems as early as possible. |
|
Which of the following must be performed when reviewing group policies on a regular basis?
|
Privileges granted to groups and their corresponding membership must be carefully reviewed.
|
|
You suspect one of your servers may have succumbed to a SYN flood attack. Which one of the following tools might you consider using to help confirm your suspicions?
|
Netstat
|
|
You have configured your web server to use windows partitions and the Microsoft System Update Service (SUS) to regularly apply new hotfixes and patches. Which of the follow forms of hardening is specified in this solution?
|
Operating system.
|
|
What does SAINT stand for?
|
Security Administrator's Integrated Network Tool.
|
|
Which of the following security policies would require users to take mandatory vacations?
|
Separation of duties.
|
|
Which of the following best describes the objective of a service-level agreement (SLA)?
|
Contracts with suppliers that detail levels of support that must be provided.
|
|
A Physical security plan should include which of the following? (Choose all that apply.)
|
The threats from which you are protecting against and their likelihood.
Description of the physical assets being protected. Description of the physical areas where assets are located. |
|
Which of the following tells how the evidence made it from the crime scene to the courtroom, including documentation of how the evidence was collected, preserved, and analyzed?
|
Chain of custody
|
|
Your company does not allow users to use the Internet for personal reasons during work hours. Where is this statement most likely documented?
|
Company policies
|
|
Information Diving is made possible by the people who do not consider the sensitivity of the items they trash.
|
This is true.
|
|
You want to implement a proxy firewall technology that can distinguish between FTP commands. Which of the following types of firewall should you choose?
|
Application-level gateway
|
|
A peer-to-peer network or a workgroup where access is granted based on individual needs is an example of which type of access control?
|
User-based access control
|
|
Which of the following is the process of identifying and reducing risk to a level that is comfortable and then implementing controls to maintain that level?
|
Risk management
|
|
Which of the following are the advantages of honeypots and honeynets? (Choose all that apply.)
|
Attacker's actions can more easily be monitored and resulting steps taken to improve system security.
Administrators are allotted time to decide how to respond to an attack. Attackers are diverted to systems that they cannot damage. |
|
An attacker trying to exploit a web server will likely want to scan systems running web services. What port will the attacker scan for?
|
80
|
|
You have recently had some security breaches in the network. You suspect it may be a small group of employees. You want to implement a solution that will monitor the internal network activity and incoming external traffic. Which of the following devices would you use? (Choose all that apply.)
|
A host-based IDS
A network-based IDS |
|
What port is used for a DNS zone transfer?
|
53
|
|
Which of the following best describes the formula for calculating single loss expectancy?
|
The estimated possibility of a specific threat taking place in a one-year time frame.
|
|
Which of the following groups is the most appropriate for email distribution lists?
|
Only distribution groups.
|
|
Which of the following are recommended password account policies? (Choose all that apply.)
|
Set the server not to allow users to use the same password over and over again.
Make the password length at least eight characters and require the use of uppercase and lowercase letters, numbers, and special characters. Require users to change passwords every 60 to 90 days. |
|
Which of the following standards ensures privacy between communicating applications and clients on teh web and has been designed to replace SSL?
|
Transport Layer Security
|
|
For a key escrow arrangement to work, what must be overcome?
|
Technical mistrust on the security of the escrow arrangement.
|
|
A certificate request should contain what sort of information? (Choose all that aplly.)
|
Contact email address
Corporate information Web site name |
|
Advanced Encryption Standard (AES) as a block cipher has a fixed block size of:
|
128-bit
|
|
MD5 uses what hash value to create a hash?
|
A 128-bit hash value
|
|
Which of the following refers to an encryption technology for ensuring that messages transmitted from one VPN node to another are secure?
|
IPsec
|
|
Which of the following serves as the authoritative source for certificate revocation status?
|
OCSP responder
|
|
In the context of windows, with NT 4.0 how are trust relationships configured?
|
Through manual configuration
|
|
Which of the following is not a certificate trust model for the arranging of certificate authorities?
|
SUB-CA architecture
|
|
A cryptographic hash function is suitable for use as a primitive in various information security applications, such as: (Choose all that apply.)
|
Message integrity
Authentication |
|
Which encryption standard is currently considered the best for WI-FI connections?
|
WPA2
|
|
Why do spammers value unsecured SMTP relay servers?
|
They can be used to hide the origin of a message.
|
|
Which of the following is a valid reason why JavaScript and ActiveX can pose significant security risks?
|
They could carry malicious code, which could be easily downloaded though a Web browser.
|
|
Which of the following mail server features allows email messages to pass from server to server until they reach their final destinations?
|
Open Relay
|
|
A vulnerability in the BIOS can allow local users to cause which of the following? (Choose all that apply.)
|
Denial of service
System not to boot |
|
You have created a utility for defragmenting hard drives. You have hidden code inside the utility that will install itself and cause the infected system to earase the hard drive's contents on April 1 2008. Which of the following attacks has been used in your code?
|
Logic bomb
|
|
Which of the following correctly describes the host based IDS?
|
All anti-threat applications are installed on every network computer that has been given two-way access to the internet.
|
|
What type of virus does not require programming knowledge and is found in electronic office documents?
|
Macro
|
|
A situation in which a program or process attempts to store more data in a temprary data storage area than it was intended to hold is known as what?
|
Buffer overflow
|
|
Code red is considered a ______.
|
Worm
|
|
Between which two layers of the OSI model does the Secure Sockets Layer (SSL) protocol function? (Choose all that apply.)
|
Transport Layer
Application Layer |
|
Of the following, which one transmits log-on credentials as clear text?
|
PAP
|
|
Within a router, access may be granted or denied based on IP address. What name is given to this method?
|
ACL
|
|
External motion detectors can use which of the following technologies? (Choose all that apply.)
|
Infrared
Ultrasonic Sound |
|
Which of the following is a NMAP scan mode in which there is no special privileged needed and low-level control would be impossible?
|
Connect scan
|
|
Which of the following are performance parameters that should be monitored? (Choose all that aplly.)
|
Ram
CPU Logical disks |
|
when reviewing group policies, you want to be sure:
|
The right people are being placed in the right group.
|
|
Which of the following describes a host configured to expose a specific service to a public network, while hardening all other resource access to restrict access within an organization's secure network?
|
Bastion
|
|
You have deployed a packet-monitoring system to sniff packets passing through an organization's DMZ. Which of the following types of IDS is this solution?
|
Network-based IDS
|
|
LDAP is often perceived as a simpler implementation of which standard?
|
The X.500
|
|
In a RADIUS authentication scenario, which of the following systems would be considered the RADIUS client?
|
The RAS server
|
|
Which of the following refers to a record of system activities for the reconstruction and examination of the sequence of events of a transaction from its inception to output of final results?
|
audit trail
|
|
What must be periodically audited to ensure least privilege is being maintained?
|
User access rights
|
|
In service level management what specifies that the contracting parties agree upon a particular level of service?
|
SLA
|
|
Which of the following would be defined in an acceptable use policy? (Choose all that apply.)
|
Detailed standards of behavior.
Privacy statement. Detailed enforcement guidelines and standards. |
|
A physical security plan should include which of the following? (Choose all that apply.)
|
Description of the physical areas wheres assets are located
Description of the physical assets being protected. The threats from which you are protecting against and their likelihood. |
|
Which of the following are examples of social engineering? (Choose all that apply.)
|
An attacker unplugs a user's network connection and then offers to help try to correct the problem.
An attacker obtains an IT office T-Shirt from a local thrift store and takes a user's computer for service. |
|
Which of the following is a type of uninterruptible power supply where power usually derives directly from the power line, until the power fails?
|
Standby power supply
|
|
Which of the following should be used to help prevent against the mishandling of media?
|
Labeling
|
|
Full backups are performed weekly on Sunday at 1:00 a.m., and incremental backups are done on weekdays at 1:00 a.m. If a drive failure causes a total loss of data at 8:00 a.m. on Tuesday morning, what is the minimum number of backup files that must be used to restore the lost data?
|
Three
|
|
Which of the following is one major function of NIDS/NIPS?
|
It determines if a trend of unauthorized attempts is occurring.
|
|
What type of backup is normally done once a day and clears the archive bit after the files have been backend up?
|
Incremental
|
|
Which of the following are the best reasons for the use of virtualized environments? (Choose all that apply)
|
Reduced need for equipment
Capability to isolate applications |
|
Your network is under attack. Traffic patterns indicate that an unauthorized service is relaying information to a source outside the network. What type of attack is being executed against you?
|
Man-in-the-middle
|
|
You are setting up a web server that needs to be accessed by both the employees and by external customers. What type of architecture should you implement?
|
DMZ
|
|
Which of the following are uses for proxy serves? (Choose all that apply.)
|
Internet connectivity
Load balancing Web content caching |
|
When configuring a broadband router, what action is recommended for security enhancement in a practical way?
|
Change the default account settings.
|
|
Trusted Platform Module describes the microcontroller affixed to the computing device at which level?
|
motherboard level
|
|
Which one of the following best identifies the system of digital certificates and certification authorities used in public key technology?
|
Public key infrastructure (PKI)
|
|
Which of the following is a type of cipher that has earned the distinction of being unbreakable?
|
OTP
|
|
The sender of data is provided with proof of delivery, and neither the sender nor receiver can deny either having sent or received the data. What is this called?
|
Nonrepudiation
|
|
Which one of the following is an older, proprietary, two-way reversible encryption protocol?
|
Shiva Password Authentication Protocol (SPAP)
|
|
Which of the following is the best choice for choice for encrypting large amounts of data?
|
Symmetric encryption
|
|
Which one of the following defines APIs for devices such as smart cards that will contain cryptographic information?
|
PKCS #11
|
|
In the world of IKE, what describes how entities will utilize security services for communicationg data flow securely?
|
Security Association
|
|
Which type of algorithm generates a key pair (a public key and a private key) that is then used to encrypt and decrypt data and messages sent and received?
|
Asymmetric encryption algorithm
|
|
Which of the following is associated with behaviors such as collecting personal information or changing your computer configuration, without appropriately obtaining prior consent?
|
Spyware
|
|
Logic bombs may be used for providing which of the following functions?
|
setting off a malicious function
|
|
Which of the following is a program or piece of code that runs on your computer without your knowledge and is designed to attach itself to other code and replicate?
|
Virus
|
|
BIOS access control can be bypassed by which of the following methods? (Choose all that apply.)
|
Deleting the contents of the CMOS RAM
Cracking the BIOS password Overloading the keyboard buffer |
|
Which of the following is a correct definition of a Trojan?
|
It buries itself in the operating system software and infects other systems only after a user executes the application that it is buried in.
|
|
A hacker attempting to break into a server running microsoft windows will most likely attempt to break into which account?
|
Administrator
|
|
What is the primary purpose of releasing software hotfixes?
|
To address vulnerability issue.
|
|
an attacker places code within a web page that executes when a client's browser opens the web page, causing the client's browser to attempt to access a secured banking site in another city. This is an example of what type of attack?
|
Cross-site scripting
|
|
Platform virtualization is typically performed by
|
The host software
|
|
When using RADIUS to authenticate a dial-in user, which of the following is the RADIUS client?
|
The RAS server
|
|
At what layer of the OSI model does the Point-to-Point Protocol (PPP) provide services?
|
2
|
|
What does Implicity deny mean?
|
This means an access would be denied UNLESS it is explicitly allowed.
|
|
Man-Traps are typically implemented in the form of which of the following?
|
access control security booths
|
|
Whith role based access control (RBAC), how are access rights grouped?
|
Role name
|
|
Which of the following components are methods of addressing risk? (Choose all that apply.)
|
Mitigating the risk
accepting the risk Transfering the risk |
|
You are the network administrator responsible for overseeing the help desk. An employee calls to report that she cannot view the security events in event viewer. Which of the following is a reason why the security events cannot be viewed? (choose all that apply.)
|
This is available for view only to administrators.
Auditing must be enabled. |
|
A system restoration plan should include which of the following? (Choose all that apply.)
|
Backup generator procedures
Contingency planning to recover systems and data even in the event of administration personnel loss |
|
With which of the following can you protect yourself from a totally disconnected situation?
|
redundant ISPs
|
|
Dumpster diving rrefers to the action of:
|
Rummaging though trash to find useful things
|
|
Which one of the following is not true about a web server?
|
A web server must always run on port 80.
|
|
Vampire tap would be a concern primarily for which of network?
|
network running coaxial cable
|
|
Which of the following represent the pool of well-known ports?
|
0 through 1023
|
|
You are setting up a switched network and want to group users by department. Which technology would you implement?
|
VLAN
|
|
When evaluating assets wich of the following factors must be considered? (choose all that apply.)
|
Its worth to the competition
The replacement cost Its value to the organization |
|
In a PKI, you need the help of which of the following to recover lost keys?
|
Recovery agent.
|
|
Which of the following describes the writing of hidden messages in such a way that a third party would hardly realize there is a hidden message?
|
Steganography
|
|
When encrypting and decrypting an email using an asymmetric encryption algorithm, you ____________.
|
Use the private key to decrypt data encrypted with the public key.
|
|
Which of the following is a hybrid cryptosystem?
|
PGP
|
|
Which of the following is a piece of software that can be installed and hidden on a computer mainly for the purpose of compromising the system?
|
Rootkit
|
|
Which of the following involves having nearly identical messages sent to multiple recipients via e-mail?
|
E-mail spam
|
|
What file system is preferred for use on all systems running Microsoft Windows NT, Windows 2000, Windows XP, and Windows vista operating systems?
|
NTFS
|
|
A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as what?
|
Botnet
|
|
You are presented with an authentication scheme in which Computer A calculates a code it sends to Computer B, Computer B returns a calculated code based on the one from Computer b and one of its own, and then Computer A returns a calculated code to computer B based on its transmitted code. What type of authentications is this?
|
Mutual authentication
|
|
What are the pros and cons of Single sing-on (SSO)? (Choose all that apply.)
|
It aims at improving user experience.
It aims at reducing human error. |
|
You may use Etherpeek for what purposes?
|
To check and ensure that your firewall is blocking your computers from replying with valuable information to a port scan from someone outside of your network.
|
|
Shoulder surfing refers to the use of what technique to gain information without the consent of the victim?
|
direct observation
|
|
Which of the following is a type of site similar to the original site in that it has all the equipment fully configured, has up-to-date data, and can become operational with mainimal delay?
|
Hot site
|
|
Which of the following refers to an offsite data processing facility that if fully operational?
|
hot site
|
|
What is the IEEE standard for wireless LAN technology?
|
802.11
|
|
Your company is in the process of locking down CIFS and SMB file and print sharing. Which of the following ports do you have to secure? (Choose all that apply.)
|
138
139 |
|
You're the security administrator for a bank. The users are complaining about the network being slow. However, it is not a particularly busy time of the day. you capture network packets and discover that hundreds of ICMP packets have been snet to the host. What type of attack is likely being executed against your network?
|
Denial of service
|
|
Which of the following is a form of network attack in which an authentic data transmissino is dishonestly or treacherously repeated or postponed?
|
replay attack
|
|
Which of the following can be deployed to intercept and log network traffic that passes through the network?
|
packet sniffer
|
|
A cryptografhic hash function is suitable for use as a primitive in various informatin security applications, such as: (Choose all that apply.)
|
message integrity
authentication |
|
A conventional secret-key cryptosystem should be retained for use on the bulk of the message when encryption has to be performed.
|
True if performance is a concern
|
|
Which of the following is the major purpose of deploying digital certificates?
|
Verifying the identity of the user who sent out the message
|
|
Which of the following is a UNIX-based command interface and protocol for accessing a remote computer securely?
|
Secure Socket Shell (SSH)
|
|
Which of the following are primary weaknesses of LM hash? (Choose all that apply.)
|
Before being hashed, all lowercase characters in the password are converted to uppercase characters.
Passwords longer than seven characters are broken down into chuncks. |
|
Which of the following is a primary method for minimizing threat to a web server?
|
Disable nonessential services.
|
|
Which one of the following is not a private IP address?
|
165.193.123.44
|
|
A SYN flood is a form of:
|
Denial-of-service attack
|
|
Virtualization technologies are made possible through which of the following means?
|
Multiple processor cores in the same processor die?
|