Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
Which of the following BEST describes both change and incident management?
a) Incident management is not a valid term in IT, however change management is |
d) Incident management is for unexpected consequences, change management is for planned work
|
|
Which of the following account policy controls requires a user to enter a 15 character alpha-numerical password?
a) Disablement |
d) Password complexity
|
|
Which of the following information types would be considered personally identifiable information?
a) First name |
c) Date of birth |
|
Which of the following is the benefit of single file versus full disk encryption?
a) Encryption is preserved in full disk encryption when a file is copied from one media to another |
b) Encryption is preserved in single file encryption when a file is copied from one media to another |
|
Which of the following is another name for a CAC?
a) Token |
d) PIV
|
|
Which of the following systems offers Trusted OS capabilities by default?
a) Windows Vista |
c) SE Linux |
|
Which of the following describes a common operational problem when using patch management software that results in a false sense of security?
a) Conflicts with vulnerability scans impede patch effectiveness |
b) Distributed updates may fail to apply or may not be active until a reboot |
|
Which of the following is BEST identified as an attacker who has or is about to use a Logic bomb?
a) Grey hat |
b) Malicious insider |
|
Which of the following is the BEST choice in regards to training staff members on dealing with PII?
a) PII requires public access but must be flagged as confidential |
c) PII must be handled properly in order to minimize security breaches and mishandling |
|
Which of the following processes are used to avoid employee exhaustion and implement a system of checks and balances?
a) Job rotation |
a) Job rotation |
|
When designing secure LDAP compliant applications, null passwords should NOT be allowed because:
a) null password can be changed by all users on a network |
b) a null password is a successful anonymous bind |
|
A security administrator visits a remote data center dressed as a delivery person. Which of the following is MOST likely being conducted?
a) Social engineering |
a) Social engineering |
|
Mobile devices used in the enterprise should be administered using:
a) encrypted networks and system logging |
d) centrally managed update services and access controls
|
|
The Chief Information Officer (CIO) wants to implement widespread network and hardware changes within the organization. The CIO has adopted an aggressive deployment schedule and does not want to bother with documentation, because it will slow down the deployment. Which of the following are the risks associated with not documenting the changes?
a) Undocumented networks might not be protected and can be used to support insider attacks |
a) Undocumented networks might not be protected and can be used to support insider attacks |
|
Which of the following could mitigate shoulder surfing?
a) Privacy screens |
a) Privacy screens |
|
Which of the following passwords is the MOST complex?
a) 5@rAru99 |
a) 5@rAru99 |
|
Which of the following is being utilized when the BIOS and operating system’s responsibility is platform integrity?
a) SSL |
d) TPM
|
|
Which of the following BEST describes a Buffer Overflow attack that allows access to a remote system?
a) The attacker attempts to have the receiving server run a payload using programming commonly found on web servers |
d) The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload
|
|
A company fails to monitor and maintain the HVAC system in the datacenter. Which of the following is the MOST likely to affect availability of systems?
a) Employee productivity in a hot datacenter |
b) Premature failure of components |
|
Which of the following protocols is defined in RFC 1157 as utilizing UDP ports 161 and 162?
a) SNMP |
a) SNMP |
|
Which of the following is LEAST likely to have a legitimate business purpose?
a) Metasploit |
c) Steganography |
|
Which of the following does full disk encryption on a laptop computer NOT protect against?
a) Confidentiality of the data |
b) Key loggers |
|
Which of the following passwords exemplifies the STRONGEST complexity?
a) Passw0rd |
b) P@ssw0rd |
|
Which following port ranges would give a technician the MOST comprehensive port scan of a server?
a) 1024-15000 |
c) 0-65535 |
|
Which of the following attacks steals contacts from a mobile device?
a) Bluesnarfing |
a) Bluesnarfing |
|
Which of the following attacks sends unwanted messages to a mobile device?
a) Session hijacking |
c) Bluejacking |
|
A smurf attack relies on which protocol to perform a Denial of Service?
a) DNS |
d) ICMP
|
|
Which of the following allows for multiple operating systems to run on a single piece of hardware?
a) Virtualization |
a) Virtualization |
|
A user name is an example of which of the following?
a) Identification |
a) Identification |
|
The CRL contains a list of:
a) private keys |
b) public keys |