Related Essays

  • Case Study: Moving Target Security

    Additionally, organizations with limited personnel can monitor its networks in multiple locations from a central hub. Utilizing remote agents is not entirely...

  • Leading Change Analysis

    Change management is about clarifying the process and controlling the change through setting objectives and measuring performance (Alcorn & Jarrard, 2013). “...

  • Carlson Change Management Case Study

    Change management also assists in diagnosing challenges linked to the smooth-flow of operations in the company. Hence, it is essential to first define change...

  • Compare And Contrast Whitland Medical Center And Raymond James

    Wyoming Medical Center, Los Angeles County, and Raymond James all share similar struggles with how to secure the network, computers and mobile devices. Cont...

  • A Summary Of The Goal Of APT

    IT administrators will not suspect any malicious activity since connecting outside the network is not out of the ordinary (Cruz, 2013). In our case study, ...

  • Security Analysis Of Yahoo

    As such, the company’s information technology department is concerned with the process of making sure that each of the organization’s computer systems are sa...

  • Workstation Security Policy Paper

    - Securing workstations with screen lock or logout screens before leaving the workstation to prevent unauthorized access. - Allow a password-protected scree...

  • Scams And Fraud Policy Analysis

    In an effort to protect the customers, employees, and assets of Edu Corp, no Edu Corp computer connected to the company’s internal network is capable of web-...

  • ICS-CERT-Executive Summary

    Physical access control, audit review: Unauthorized access to sensitive facilities could occur without challenge, during which time a malicious party may di...

  • Change Management In Health Care

    Change management is a structured approach to transitioning individuals, teams, and organizations from a current state to the desired future state, to fulfil...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/30

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

30 Cards in this Set

  • Front
  • Back

Which of the following BEST describes both change and incident management?



a) Incident management is not a valid term in IT, however change management is
b) Change management is not a valid term in IT, however incident management is
c) Incident management and change management are interchangeable terms meaning the same thing
d) Incident management is for unexpected consequences, change management is for planned work

d) Incident management is for unexpected consequences, change management is for planned work

Which of the following account policy controls requires a user to enter a 15 character alpha-numerical password?



a) Disablement
b) Length
c) Expiration
d) Password complexity

d) Password complexity

Which of the following information types would be considered personally identifiable information?



a) First name
b) Email address
c) Date of birth
d) Last name

c) Date of birth

Which of the following is the benefit of single file versus full disk encryption?



a) Encryption is preserved in full disk encryption when a file is copied from one media to another
b) Encryption is preserved in single file encryption when a file is copied from one media to another
c) Single file encryption provides better security when decrypting single files than full disk encryption when properly implemented and used
d) Full disk encryption provides better security when decrypting single files than single file encryption when properly implemented and used

b) Encryption is preserved in single file encryption when a file is copied from one media to another

Which of the following is another name for a CAC?



a) Token
b) RFID
c) MAC
d) PIV

d) PIV

Which of the following systems offers Trusted OS capabilities by default?



a) Windows Vista
b) Windows 7
c) SE Linux
d) Backtrack

c) SE Linux

Which of the following describes a common operational problem when using patch management software that results in a false sense of security?



a) Conflicts with vulnerability scans impede patch effectiveness
b) Distributed updates may fail to apply or may not be active until a reboot
c) Vendor patches are released too frequently consuming excessive network bandwidth
d) It is resource intensive to test all patches

b) Distributed updates may fail to apply or may not be active until a reboot

Which of the following is BEST identified as an attacker who has or is about to use a Logic bomb?



a) Grey hat
b) Malicious insider
c) White hat
d) Black box

b) Malicious insider

Which of the following is the BEST choice in regards to training staff members on dealing with PII?



a) PII requires public access but must be flagged as confidential
b) PII data breaches are always the result of negligent staff and punishable by law
c) PII must be handled properly in order to minimize security breaches and mishandling
d) PII must be stored in an encrypted fashion and only printed on shared printers

c) PII must be handled properly in order to minimize security breaches and mishandling

Which of the following processes are used to avoid employee exhaustion and implement a system of checks and balances?



a) Job rotation
b) Incident response
c) Least privilege
d) On-going security

a) Job rotation

When designing secure LDAP compliant applications, null passwords should NOT be allowed because:



a) null password can be changed by all users on a network
b) a null password is a successful anonymous bind
c) null passwords can only be changed by the administrator
d) LDAP passwords are one-way encrypted

b) a null password is a successful anonymous bind

A security administrator visits a remote data center dressed as a delivery person. Which of the following is MOST likely being conducted?



a) Social engineering
b) Remote access
c) Vulnerability scan
d) Trojan horse

a) Social engineering

Mobile devices used in the enterprise should be administered using:



a) encrypted networks and system logging
b) full disk encryption and central password management
c) vendor provided software update systems
d) centrally managed update services and access controls

d) centrally managed update services and access controls

The Chief Information Officer (CIO) wants to implement widespread network and hardware changes within the organization. The CIO has adopted an aggressive deployment schedule and does not want to bother with documentation, because it will slow down the deployment. Which of the following are the risks associated with not documenting the changes?



a) Undocumented networks might not be protected and can be used to support insider attacks
b) Documenting a network hinders production because it is time consuming and ties up critical resources
c) Documented networks provide a visual representation of the network for an attacker to exploit
d) Undocumented networks ensure the confidentiality and secrecy of the network topology

a) Undocumented networks might not be protected and can be used to support insider attacks

Which of the following could mitigate shoulder surfing?



a) Privacy screens
b) Hashing
c) Man traps
d) Screen locks

a) Privacy screens

Which of the following passwords is the MOST complex?



a) 5@rAru99
b) CarL8241g
c) j1l!1b5
d) l@ur0

a) 5@rAru99

Which of the following is being utilized when the BIOS and operating system’s responsibility is platform integrity?



a) SSL
b) USB encryption
c) Data loss prevention
d) TPM

d) TPM

Which of the following BEST describes a Buffer Overflow attack that allows access to a remote system?



a) The attacker attempts to have the receiving server run a payload using programming commonly found on web servers
b) The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage
c) The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information
d) The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload

d) The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload

A company fails to monitor and maintain the HVAC system in the datacenter. Which of the following is the MOST likely to affect availability of systems?



a) Employee productivity in a hot datacenter
b) Premature failure of components
c) Decreased number of systems in the datacenter
d) Increased utility costs

b) Premature failure of components

Which of the following protocols is defined in RFC 1157 as utilizing UDP ports 161 and 162?



a) SNMP
b) IPSec
c) SSL
d) TLS

a) SNMP

Which of the following is LEAST likely to have a legitimate business purpose?



a) Metasploit
b) Vulnerability scanner
c) Steganography
d) Port scanner

c) Steganography

Which of the following does full disk encryption on a laptop computer NOT protect against?



a) Confidentiality of the data
b) Key loggers
c) Theft of the data
d) Disclosure of the data

b) Key loggers

Which of the following passwords exemplifies the STRONGEST complexity?



a) Passw0rd
b) P@ssw0rd
c) Passwrd
d) passwordpassword

b) P@ssw0rd

Which following port ranges would give a technician the MOST comprehensive port scan of a server?



a) 1024-15000
b) 0-99999
c) 0-65535
d) 0-1024

c) 0-65535

Which of the following attacks steals contacts from a mobile device?



a) Bluesnarfing
b) Smurf attack
c) Session hijacking
d) Bluejacking

a) Bluesnarfing

Which of the following attacks sends unwanted messages to a mobile device?



a) Session hijacking
b) Smurf attack
c) Bluejacking
d) Bluesnarfing

c) Bluejacking

A smurf attack relies on which protocol to perform a Denial of Service?



a) DNS
b) SNMP
c) SMTP
d) ICMP

d) ICMP

Which of the following allows for multiple operating systems to run on a single piece of hardware?



a) Virtualization
b) Port security
c) Remote access
d) DMZ

a) Virtualization

A user name is an example of which of the following?



a) Identification
b) Authentication
c) Authorization
d) Access

a) Identification

The CRL contains a list of:



a) private keys
b) public keys
c) root certificates
d) valid certificates

b) public keys