Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
86 Cards in this Set
- Front
- Back
|
Wha is Covert Security testing? |
Uses covert methods witout the knowledg of the organization's IT Staff but with full knowledge and permission of upper management |
|
|
A hacker is a person who ______ |
Uses computers to gain unauthorized access to data. |
|
|
What is a port scanner? |
A program that can remotly determine which ports on a system are open |
|
|
A rootkit is a collection of files that is installed on a host to alter its standard functionality in a malicious and stealthy way. It can make many changes to a host to hide its existence, making it very difficult to determine that it is present and to identify what has changed. True or False |
True |
|
|
A ruleset is ______ |
A collection of rules or signatures that network traffic or system activity is compared against to determin an action to take. |
|
|
What is true about worms. |
They are self replicating |
|
|
What is active security testing? |
Security testing that involces direct interaction with a target |
|
|
What is ethical hacker? |
A person who hacks into a computer network in order to test or evaluate it security rather than with malicous or criminal intent |
|
|
_______ Monitor and record keyboard use. Some require the attacker to retrieve data from the host, whereas other loggers actively transfer the data to another host through email, file, transfer or other means. |
Keystroke Loggers |
|
|
While you are typing up your report that is due on Tuesday, you receive the following email from the IT help desk. We will be deleting all inactive email accounts in order to create space for more users. you are requird to send usyou name, email login, password, and dat of birth in order to continue using your email account. If we do not receive this information from you by the end of the week, you email account will be closed. Please contact the webmail team with any questions. Thank you for your immediate attention. What should you do? |
Do not send anything |
|
|
The mouse curser on your laptop starts to move around on your desktop. What should you do? A. Cal your co-workers over so they can see B. Disconnect your computer from the Network C. Unplug your mouse D. All of the above |
Disconnect your computer from the network |
|
|
What is true about malware? A. it is a program that runs covertly inserted into another program with the intent to destroy data B. It runs destructive or intrusive programs C. It compromises the confidentiality, integrity, or availability of the victims' data, applications, or operating system D. It inserts copies of itself into host programs or data files E. All of the above F. None of the above |
None of the above |
|
|
An interpreted virus is a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or comprimise the confidentiality, integrity or availability of the victims data, applications, or operating system. True or false |
False |
|
|
What distingueses pasive security testing from other types of testing? |
It does not involve any direct interaction with the targets, such as sending packets to a target, |
|
|
A security administrator needs to separate two departments, Which of the following would the administrator implement to perform this? A. Cloud Computing B. VLAN C. Load Balancer D. MAC filtering |
VLAN |
|
|
What ports are associated with SMTP and secure SMTP? Select all that apply. A. 25 B. 2525 C. 465 D. 445 |
A. 25 B. 2525 |
|
|
Which of the following neworks would most likely be used to detect but not react to suspicious behavior on the network? A. Firewall B. NIDS C. NIPS D. HIDS |
B. NIDS |
|
|
Which of the following would need to be configured correctly to allow remote access to the network? A. ACLs B. Kerberos C. Tokens D. Biometrics |
A. ACLs |
|
|
A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following, by default would be the Best Choice to accomplish this goal? A. Block port 23 on the L2 switch at each remote site B. Block port 23 on the network firewall C. Block port 25 on the 2 switch at each remote site D. Block port 25 on the network firewall |
B. Block port 23 on the network firewall |
|
|
What are two ports the HTTP protocol is known to use? Select two. A. 443 B. 21 C. 80 D. 8181 E. 8080 |
C. 80 E. 8080 |
|
|
Which of the following file transfer protocols is an extension of SSH? A. FTP B. TFTP C. SFTP D. FTPS |
SFTP |
|
|
Which of the following are the default ports for HTTPS Protocol? A. 21 B. 80 C. 135 D. 443 E. 445 |
D. 443 |
|
|
The security administrator notices a number of TCP connections from the development departmnt to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is most likely occuring? The development team is transferring data to test systems: A. using FTP ad TFTP B. using SCP and Telnet C. using SFTP and SCP d. SSL and SFTP |
The development team is transferring data to test systems C. using SFTP and SCP |
|
|
Which two ports are associated with POP3 and Secure POP3? A. 110 B. 993 C. 25 D. 995 |
C. 25 |
|
|
A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel? A. RTP B. SNMP C. IPSec D. 802.1x |
C. IPSec |
|
|
Emal protocol pop3 uses port 25 True or False |
False SMTP is 25 |
|
|
Which of the following uses TCP port 22 by default? A. SSL, SCP, and TFTP B. SSh and SFTP C. HTTPS, SFTP, TFTP D. TLS, Telnet, and SCP |
B. SSH and SSFTP |
|
|
Which of the following devices is often used to cache and filter content? A. Proxies B. Firewall C. VPN D. Load Balance |
A. Proxies |
|
|
A security Administrator needs to separate two departments. Which of the following would the administrator implement to perform this? A. Cloud Computing B. VLAN C. Load Balancer D. Mac Filtering |
VLAN |
|
|
What ports are associated with SMTP and Secure SMTP? |
SMTP
Secure SMTP
|
|
|
Which of the following network devices would most likely be used to detect but not react to suspicous behavior on the network? A. Firewall B. NIDS C. NIPS D. HIDS |
B. NIDS |
|
|
Which of the following would need to be configured correctly to allow remote access to the network? A. ACLs B. Kerberos C. Tokens D. Biometrics |
A. ACLs |
|
|
A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following, by default would be the best choice o accomplish this goal? A. Block port 23 on the L2 switch at each remote site B. Block port 23 on the network firewall C. Block port 25 on the L2 switch at each remote site D. Block port 25 on the network firewall |
Block port 23 on the network firewall |
|
|
What are two ports the HTTP protocol is known to use? |
80 8080 |
|
|
Which of the following file transfer protocols is an extension of SSH? A. FTP B. TFTP C. SFTP D. FTPS |
C. SFTP |
|
|
Which of the following are the default ports for HTTPS Protocol? A. 21 B. 80 C. 135 D. 443 E. 445 |
D. 443 |
|
|
In order to provide flexible working conditions, a company has decided to allow some employees remote acccess into corporate headquarters. Which of the following security technologies could be used to provide remote access? A. Subnetting B. NAT C. Firewall D. NAC |
D. NAC
|
|
|
The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are transmitted between the two networks only on port 22. Which of the following is most likely occurring? The development team is transferring data to test systems using ______ A. FTP and TFTP B. SCP and TELNET C. SFTP and SCP D. SSL and SFTP |
C. SFTP and SCP |
|
|
Which two ports are associated with POP3 and Secure POP3? A. 110 B. 993 C. 25 D. 995 |
POP3
Secure POP3
|
|
|
A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel? A. RTP C. SNMP C. IPSec D. 802.1x |
C. IPSec |
|
|
Email protocol POP3 uses port 25 True or False |
False port 110 |
|
|
Which of the following BEST describes the proper method and reason t implement port security? Apply a security control which ties specific ______ A. ports to end-device MAC addresses and prevents additional devices from being connected to the network B. networks to end-device IP address and prevents new device from being connected to the network. C. ports to end-device MAC addresses and prevents all devices from being connected to the network D. ports to end-device IP addresses and prevents mobile devices from being connected to the network |
Apply a security control which ties specific A. ports to end-device MAC addresses and prevents additional devices from being connected to the network |
|
|
Which of the following uses TCP port 22 by default? A. SSL, SCP, and TFTP B. SSH and SFTP C. HTTPS, SFTP, and TFTp D. TLS, TELNET, and SCP |
B. SSH and SFTP |
|
|
Which of the following devices is often used to cache and filter content? A. Proxies B. Firewall C. VPN D. Load Balancer |
A. Proxies |
|
|
A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised? |
Integrity |
|
|
Which of the following is a trused OS implementation used to prevent malicuous or suspicious code from executing on Linux and Unic plantforms? A. SELinux B. vmlinuz C. System File Checker D. Tripwire |
A. SELinux |
|
|
To prevent cross-site scripting, a programmer MUST validate what? |
Validate input to remove hypertext |
|
|
If several users are stating tha they are receiving unwanted email containing advertisements, a security administrator should implement ______ |
Anti-Spam |
|
|
If a portanle device is compromised, the best way to mitigate data loss is _______ |
Full disk encryption |
|
|
The purpose of vulnerability scanning is to exercise system protections, particularly human response to attack indications, by using common tools and techniques developed by attackers. True or False |
False |
|
|
A web application has been found to be vulnerable to a SQL injection attack. Which of the following best describes the required remediation action? A. Challenge the servers SSL key and add the previous key to CRL B. Install a host-based firewall C. Install missing security updates for the operating system D. Add input validation to forms |
D. Add input validation to forms |
|
|
To ensure that an application is secure and all unneccessary services are disabled, an administrator should do what? |
Application Hardening |
|
|
The fundamental difference between symmetric and assymmetric key cryptographic is that the symmetric key cryptography uses ______ |
The same key on each end of the transmission medium |
|
|
A hardening step of an application during the SDLC is ____ A. Disabling Unnecessary Accounts B. 3rd party certificate trust authority C. Hardware chip that restores encryption keys D. A trusted OS |
C. Hardware chip that restores encryption keys |
|
|
A security administrator is implementing a solution that encrypts an employee's newly purchased laptop but does not require the company to purchase additional hardware or software. What could be used to meet this requirement? A. Mobile device encryption B. HSM C. TPM D. USB encryption |
C. TPM |
|
|
A security administrator ensures that certain characters and commands entered on a web server are not interpreted as legitimate data and not passed on to backend servers. This is an example of _______________ |
Input validation |
|
|
Which of the CIS Security Triad is most important? A. Authenticity B. Recovery C. Integrity D. Availability E. Confidentiality |
C. Integrity D. Availability E. Confidentiality |
|
|
Which of the following is a security control that is lost when using cloud computing? A. Logical Control of the Data B. Access to the application's administrative settings C. Administrative access to the data D. Physical Control of the data |
D. Physical Control of the data |
|
|
The primary type of server backups are |
Full, Incremential and Differential |
|
|
Which of the following is true about hardware encryption? A. It must use elliptical curve encryption B. It requires a HSM file system C. It only works when data is not highly fragmented D. It is faster than software encryption |
D. It is faster than software encryption |
|
|
Port Scanners are automated tools used to identify vulnerabilities and misconfigurations of hosts True or False |
False Unless the port was accidently left open, than it would be a misconfiguration |
|
|
Initially in software development, which of the following security practices should occur? A. Secure code review B. Patch Management C. Fuzzing D. Penetration Tests |
A. Secure code review |
|
|
A security administrator working for a large law office needs to protect customer data by installing an HVAC system in the datacenter. By doing this, she is addressing ______ |
Availability |
|
|
A penentration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures? A. Application Hardening B. OS Hardening C. Application Patch Management D. SQL Injection |
A. Application Hardening |
|
|
An example of verifying new software changes on a test system is ________ |
Patch Management |
|
|
The best way to secure data for the purpose of retention is |
Off-Site Backup |
|
|
A security administrator working for a company in the financial sector needs to protect customer data by installing biometric authentication on the servers in the datacenter. By doing this, he is addressing ________ |
confidentiality |
|
|
The __________ protocol only encrpts password packets from client to server |
RADIUS |
|
|
__________ would be considered multifactor authentication? A. A pin number and a smart card B. ACL entry and a pin number C. A username and password D. Common access Card |
A. A pin number and a smart card |
|
|
By default, __________ stops network traffic when the traffic is not identified in the firewall ruleset |
Implicit deny |
|
|
_________ uses tickets to identify users to the network |
Kerberos |
|
|
A system administrator could hae a user level account and an administrator account to prevent escalation of privileges True or False |
True |
|
|
A security administrator wants to prevent users in sales from accessing the HR network at all times. Which of the following should the administrator implement to accomplish this goal? |
Access Control Lists |
|
|
Which of the following is a technical control? A System security Categorizations requirements B. Baseline Configuration development C. Contingency Planning D. Least privilege implementation |
D. Least privilege implementaion |
|
|
To access the corportate network, employees are required to come up with a passphrase of a least 11 characters. This exemplifies the _____ account |
Password length |
|
|
The security administrator often observes that an employee who entered the datacenter does not match the owner of the PIN that was entered into the keypad, Which of the following would BEST prevent this situation? A. Multifactor Authentication B. Username and Password C. Mandatory Access Control D. Biometrics |
D. Biometrics |
|
|
In order to access the network, an employee must swip thei finger on a device. This is an example of which form of authentication? |
Biometrics |
|
|
A human resource manager is assigning access to users in their specific deparment performing the same job function. This is an example of _________ access control. |
Role-Based |
|
|
When gaining access, the ______ protocol uses multipl-challenge responses for authentication, authorization, and audit |
TACACS + |
|
|
A system administrator could have a user level account and an administror account to prevent _______ |
Escalation of Privileges |
|
|
What is one purpose of LDAP authentication services? A. to implement mandatory access controls B. a single point of user management C. prevent multifactor authentication D. to issue one-time hashed passwords |
B. a single point of user management |
|
|
The ______ method of access, authentication, and authorization is the MOST Secure by default A. Kerberos B. TACACS C. RADIUS D. LDAP |
A. Kerberos |
|
|
A security administrator is setting up a corporate wireless network using WPA2 with CCMP but does not want to use PSK for authentication. Which of the following could be used to support 802.1x authentication? A. LDAP B. RADIUS C. Kerberos D. Smart Card |
B. RADIUS |
|
|
A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. What is this? |
Mandatory Vacation |
|
|
Instead of gicing a security administratoior full administrative rights on the network, the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job descriptions. What describes this form of access control? |
Least Privilege |
|
|
Which of the following allows a user to have a one-time password? A. Biometrics B. SSO C. PIV D. Tokens |
D. Tokens |
