Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
299 Cards in this Set
- Front
- Back
|
What are three characteristics of Advanced Persistent Threat (APT)? |
It can span several years It targets sensitive proprietary information It uses advanced tools and techniques |
|
|
What type of attackers break into a computer system without the owner's permission and publicly disclose the vulnerability? |
Black hat hackers |
|
|
What are three reasons why it is difficult to defend against today's attackers? |
Increased speed of attacks Simplicity of attack tools delays in security updating |
|
|
Why can brokers command such a high price for what they sell? |
The vulnerability was previously unknown and is unlikely to be patched quickly. |
|
|
How would you describe the term "security" in a general sense? |
The necessary steps to protect a person or property from harm |
|
|
_____ ensures that only authorized parties can view the information. |
Confidentiality |
|
|
What are the 3 successive layer in which information security is achieved? |
Products Procedures People |
|
|
What is a person or element that has the power to carry out a threat? |
Threat agent |
|
|
_____ ensures that individuals are who they claim to be. |
Authentication |
|
|
What is the difference between a hacktivist and a cyberterrorist? |
The aim of a hacktivist is not to incite panic like cyberterrorists. |
|
|
What are 3 goals of information security? |
Foil Cyberterrorism Prevent data theft limit access control |
|
|
Which act requires enterprises to guard protected health information and implement policies and procedures to safeguard it? |
Health Insurance Portability and Accountability Act (HIPAA) |
|
|
Why do cyberterrorists target power plants, air traffic control centers, and water systems? |
They can cause significant disruption by destroying only a few targets. |
|
|
What are the steps of the Cyber Kill Chain |
Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives |
|
|
An organization that purchased security products from different vendors is demonstrating which security principle? |
Diversity |
|
|
Who could be classified as an "insider" |
Business partners Contractors Employees |
|
|
What are attackers called who belong to a network of identity thieves and financial fraudsters? |
Cybercriminals |
|
|
What is an objective of state-sponsored attackers? |
To spy on citizens |
|
|
An example of _____ is not revealing the type of computer, operating system, software, and network connection a computer uses. |
Obscurity |
|
|
The _____ is primarily responsible for assessing, managing, and implementing security. |
Chief Information Security Officer (CISO) |
|
|
A(n) ________ requires a user to transport it from one computer to another. |
Virus |
|
|
What are three actions a virus can take? |
Cause a computer to crash erase files from a hard drive reformat the hard disk drive |
|
|
Which malware locks up a user's computer and then displays a message that purports to come from a law enforcement agency? |
Ransomware |
|
|
What is an attempt to influence a user by coercion? |
Intimidation |
|
|
A user who installs a program that prints out coupons but in the background silently collects her passwords has installed a _____. |
Trojan |
|
|
What should you do to completely remove a rootkit from a computer? |
Reformat the hard drive and reinstall the operating system. |
|
|
What are three examples of a logic bomb? |
Erase all data if John Smith's name is removed from the list of employees Reformat the hard drive three months after Susan left the company If the company's stock price drops below $10, credit Jeff with 10 additional years of retirement credit |
|
|
What is it called when a user makes a typing error when entering a URL that takes him or her to an imposter website? |
Typo Squatting |
|
|
Which of these is a general term used for describing software that gathers information without the user's consent? |
Spyware |
|
|
What are three true statement about keyloggers? |
Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port Keyloggers can be used to capture passwords, person info etc Software keyloggers can be designed to send captured information automatically back to the attacker through the internet |
|
|
The preferred method today of bot herders for command and control of zombies is _____. |
Hypertext Transport Protocol (HTTP) |
|
|
A watering hole attack is directed against _____. |
Users who access a common website |
|
|
______ sends phishing messages only to wealthy individuals. |
Whaling |
|
|
What is an unsolicited instant messaging called? |
Spim |
|
|
Michelle pretends to be the help desk manager and calls Steve to trick him into giving her his password. What social engineering attack has Michelle performed? |
Impersonation |
|
|
How can an attacker use a hoax? |
A hoax could convince a user that a bad Trojan is circulating and that he should change his security settings. |
|
|
What are three useful items can dumpster diving provide? |
Calendars Memos Organizational Charts |
|
|
______ is following an authorized person through a secure door. |
Tailgating |
|
|
What are three reasons why adware is scorned? |
It can interfere with a user's productivity It displays objectionable content It can cause a computer to crash or slow down |
|
|
What is the term used for an attacker who controls multiple zombies in a botnet? |
Bot Herder |
|
|
What are 3 reasons why securing server-side web applications is difficult? |
Although traditional network security devices can block traditional network attacks, they can't always block web application attacks Many web application attacks exploit previously unknown vulnerabilities By design, dynamic server-side web applications accept user input that can contain malicious code. |
|
|
What are three HTTP header attacks? |
Referer Response Splitting Accept-Language |
|
|
What is another name for a locally shared object? |
Flash Cookie |
|
|
Browser plug-ins _______. |
Can be embedded inside a webpage but add-ons cannot |
|
|
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? |
Integer overflow |
|
|
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another? |
Transistive |
|
|
Why can't traditional network security devices be used to block web application attacks? |
Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of Web application attacks |
|
|
What do attackers use buffer overflows to do? |
Point to another area in data memory that contains the attacker's malware code. |
|
|
What is unique about a cross-site scripting (XSS) attack compared to other injection attacks? |
XSS does not attack the web application server to steal or corrupt its information. |
|
|
What is a cookie that was not created by the website being viewed called? |
Third-party cookie |
|
|
What is the basis of an SQL injection attack? |
To inject SQL statement through unfiltered user input. |
|
|
What are three actions that can be performed through a successful SQL injection attack? |
Display a list of customer telephone numbers Discover the names of different fields in a table Erase a database table |
|
|
Which markup language is designed to carry data? |
XML |
|
|
What type of attack involves an attacker access files in directories other than the root directory? |
Directory Traversal |
|
|
Which type of attack modifies the fields that contain the different characteristics of the data that is being transmitted? |
HTTP header |
|
|
What is a session token? |
A random string assigned by a web server |
|
|
What are three types of DoS attacks? |
SYN flood Ping flood Smurf |
|
|
What type of attack intercepts legitimate communication and forges a fictitious response to the sender? |
man-in-the-middle |
|
|
A replay attack _______. |
Makes a copy of the transmission for use at a later time. |
|
|
DNS poisoning _______. |
Substitutes DNS addresses so that the computer is automatically redirected to another device |
|
|
What type of controls are the processes for developing and ensuring that policies and procedures are carried out? |
Administrative Controls |
|
|
What are the activity phase controls? |
Compensating control - Alternative to normal control Detective Control - discourage attack Deterrent Control - identify attack Preventive Control - Prevent attack Corrective Control - Lessen damage of attack |
|
|
What is NOT designed to prevent individuals from entering sensitive areas but instead intended to direct traffic flow? |
Barricade |
|
|
What are three motion detection methods? |
Radio Frequency Magnetism Infrared |
|
|
The residential lock most often used for keeping out intruders is the ______. |
Keyed entry lock |
|
|
A lock that extends a solid metal bar in to the door frame for extra security is the ______. |
Deadbolt Lock |
|
|
What is true about a mantrap? |
It monitors and controls two interlocking doors to a room. |
|
|
What are three things that can be used along with fencing as a security perimeter? |
Rotating Spikes Roller Barrier Anticlimb Paint |
|
|
A _____ can be used to secure a mobile device. |
Cable Lock |
|
|
What are three characteristics of a Protected Distribution System (PDS)? |
Continuous Monitoring Carrier can be hidden below a floor Eliminates the need to seal connections |
|
|
What is the first step in securing an operating system? |
Develop the security policy |
|
|
What are three steps included in a typical configuration of a baseline? |
Changing any default settings that are insecure Eliminating any unnecessary software Enabling operating system security features |
|
|
What are three Microsoft Windows settings that can be configured through a security template? |
Account Policies User Rights System Services |
|
|
_____ allows for a single configuration to be set and then deployed to many or all users |
Group Policy |
|
|
A _______ addresses a specific customer situation and often may not be distributed outside that customer's organization. |
Hotfix |
|
|
What are some advantages of an automated patch update service? |
Admins can approve or decline updates for client systems, force updates to install by a specific date & obtain reports on what updates each comp needs Downloading patches from a local server instead of using the vendors online service can save bandwidth and time since each comp doesn't have to connect o an external server Specific types of updates that the organization does not test, such hotfixes, can automatically installed whenever they become available |
|
|
What are the states of data that Data Loss Prevention (DLP)s examine? |
Data in-use - data actions being performed Data in-transit - actions that transmit data across a network Data at-rest - Data stored on electronic media |
|
|
How does heuristic detection detect a virus? |
A virtualized environment is created and the code is executed in it |
|
|
What is a list of approved email senders referred to as? |
A Whitelist |
|
|
What are three statements about Data Loss Prevention (DLP)? |
It can scan data on a DVD It can read inside compressed files A policy violation can generate a report or block the data |
|
|
The Hashed Message Authentication Code (HMAC) _______. |
encrypts the key and the message |
|
|
What is the latest version of the Secure Hash Algorithm? |
SHA-3 |
|
|
All of the following can be broke mathematically EXCEPT__________. AES 3DES SHA OTP |
One Time Pad (OTP) |
|
|
Elliptic Curve Diffie-Hellman (ECDH) is an example of ______. |
in-band key exchange |
|
|
Which of the following key exchanges uses the same keys each time? Diffie-Hellman Ephermeral (DHE) Diffie-Hellman (DH) Diffie-Hellman-RSA (DHRSA) Elliptic Curve Diffie-Hellman (ECDH) |
Diffie-Hellman (DH) |
|
|
Public key systems that generate random public keys that are different for each session are called ________. |
Perfect forward secrecy |
|
|
What is data called that is to be encrypted by inputting it into a cryptographic algorithm? |
Plaintext |
|
|
What are the basic security protects for information that cryptography can provide? |
Integrity Confidentiality Authenticity |
|
|
What are the areas of a file in which steganography can hide data in? |
In data that is used to describe the content or structure of the actual data In the file header fields that describe the file In areas that contain the content data itself |
|
|
Proving that a user sent an email message is known as _______. |
Repudiation |
|
|
A(n) ________ is not decrypted but is only used for comparison purposes. |
Digest |
|
|
What are three characteristics of a secure hash algorithm? |
The results of a hash function should not be reversed The hash should always be the same fixed size A message cannot be produced from a predefined hash |
|
|
What protection is provided by hashing? |
Integrity |
|
|
What is the strongest symmetric cryptographic algorithm? |
Advanced Encryption Standard (AES) |
|
|
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? |
Alice's public key |
|
|
A digital signature can provide what three benefits? |
Prove the integrity of the message Verify the sender Enforce nonrepudiation |
|
|
What asymmetric cryptographic algorithm is the most secure? |
RSA |
|
|
What asymmetric encryption algorithm uses prime numbers? |
RSA |
|
|
The Trusted Platform Module (TPM) ______. |
Provides cryptographic services in hardware instead of software |
|
|
What has an onboard key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption, and can back up sensitive material in an encrypted format? |
Hardware Security Module (HSM) |
|
|
A _________ is a specially formatted encrypted message that validates the information the CA requires to issue a digital certificate. |
Certificate Signing Request (CSR) |
|
|
_______ performs a real-time lookup of a digital certificate's status. |
Online Certificate Status Protocol (OCSP) |
|
|
________ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity. |
Session keys |
|
|
What is considered the weakest cryptographic transport protocol? |
SSL v2.0 |
|
|
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _______. |
Digital Certificate |
|
|
A digital certificate associates _________. |
The user's identity with his public key |
|
|
What are three things that Digital Certificates can be used for? |
To encrypt channels to provide secure communication between clients and servers To verify the identity of clients and servers on the Web To encrypt messages for secure email communications |
|
|
An entity that issues digital certificates is a _____. |
Certificate Authority |
|
|
A centralized directory of digital certificates is called a(n)__________. |
Certificate Repository |
|
|
In order to ensure a secure cryptographic connection between a web browser and a web server, a(n) ______ would be used. |
Server Digital Certificate |
|
|
A digital certificate that turns the address bar green is a(n) ______. |
Extended Validation SSL Certificate |
|
|
The ______-party trust model supports CA. |
Third |
|
|
Public Key Cryptography Standards (PKCS)______. |
Are a numbered set of Public Key Infrastructure (PKI) standards that have been defined by the RSA corporation. Composed of 15 standards. Based on the RSA public key algorithm. |
|
|
What are three true statements about hierarchical trust models? |
The root signs all digital certificate authorities with a single key. It assigns a single hierarchy with one master CA The master CA is called the root |
|
|
Where can encryption keys be stored? |
In tokens On the user's local system Embedded in digital certificates |
|
|
Public Key Infrastructure (PKI) _________. |
Is the management of digital certificates |
|
|
A(n) _________ is a published set of rules that govern the operation of a PKI |
Certificate Policy |
|
|
What are the parts of the certificate life cycle? |
Creation-created and issued to user Suspension-can occur multiple times in the life of a certificate if validity must be temporarily suspended Revocation-Certificate is no longer valid Expiration-Certificate can no longer be used |
|
|
_________ refers to a situation in which keys are managed by a third party, such as a trusted CA. |
Key Escrow |
|
|
________ is a protocol for securely accessing a remote computer. |
Secure Shell (SSH) |
|
|
What three secure features does a load balancer provide? |
Hide HTTP error pages Remove server identification headers from HTTP responses Block Denial-of-service (DoS) attacks |
|
|
What are the filtering mechanisms found in a firewall rule? |
Source/Destination Address Protocol Direction Action Source/Destination Port |
|
|
A(n) __________ can identify the application that send packets and then make decisions about filtering based on it. |
Application-aware Firewall |
|
|
What are some of the functions of an Internet content filter performs? |
URL filtering Malware Inspection Content Inspection |
|
|
How does Network Address Translation (NAT) improve security? |
It discards unsolicited packets |
|
|
How does a virtual LAN allow devices to be grouped? |
Logically |
|
|
Which device is easiest for an attacker to take advantage of in order to capture an analyze packets? |
Hub |
|
|
What are Three attacks that can be performed against a switch? |
MAC address impersonation ARP poisoning MAC flooding |
|
|
What are three true statements regarding a Demilitarized Zone (DMZ)? |
It can be configured to have one or two firewalls It provides an extra degree of security It typically includes an email or web server |
|
|
What is a true statement about network address translation (NAT) is true? |
It removes private addresses when the packet leaves the network |
|
|
What are three advantages of a load balancer? |
Network hosts can benefit from having optimized bandwidth Network downtime can be reduced DoS attacks can be detected and stopped |
|
|
A(n) ________ intercepts internal user requests and then processes those requests on behalf of the users. |
Proxy Server |
|
|
A reverse proxy _____. |
Routes incoming requests to the correct server |
|
|
What is the preferred location for installation of a spam filter? |
SMTP server |
|
|
A ______ watches for attacks and sounds an alert only when on occurs. |
Network Intrusion Detection System (NIDS) |
|
|
A multipurpose security device is known as ______. |
Unified Threat Management (UTM) |
|
|
What are three things that can be used to hide information about the internal network? |
Subnetting A Proxy Server Network Address Translation (NAT) |
|
|
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? |
A NIPS can take actions more quickly to combat an attack |
|
|
If a device is determined to have an out-of-date virus signature file, then Network Access Control (NAC) can redirect that device to a network by ______. |
Address Resolution Protocol (ARP) poisoning |
|
|
A firewall using ________ is the most secure type of firewall. |
Stateful packet filtering |
|
|
Which high-speed storage network protocols used by a SAN is IP-based? |
iSCSI |
|
|
What Fibre Channel zone is the most restrictive? |
FC hard zone |
|
|
An attacker can use NetBIOS to determine what three things? |
Computer names Contents of the remote name cache List of resolved names |
|
|
What type of log can provide details regarding requests for specific files on a system? |
Access log |
|
|
What time of device log contains the most beneficial security data? |
Firewall log |
|
|
What type of cloud is offered to all users? |
Public Cloud |
|
|
What are three valid Internet Control Message Protocol (ICMP) error messages? |
Host Unreachable Network Unreachable Destination Network Unknown |
|
|
Internet Control Message Protocol (ICMP) is used in what attacks? |
Smurf DoS attack ICMP redirect attack Ping of death |
|
|
What version of Simple Network Management Protocol (SNMP) is considered the most secure? |
SNMPv3 |
|
|
What Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name? |
DNS poisoning |
|
|
What is the most secure protocol for transferring files? |
SFTP |
|
|
What are three techniques for securing a router? |
Securing all ports Setting a strong administrator password Using a meaningful router name |
|
|
What is a true statement about a flood guard? |
It prevents DoS or DDoS attacks. |
|
|
What are two entries in a firewall log that should be investigated? |
IP addresses that are being rejected and dropped Suspicious outbound connections |
|
|
If a group of users must be separated from other users, which is the most secure network design? |
Connect them to different switches and routers |
|
|
Why is loop protection necessary? |
It prevents a broadcast storm that can cripple a network |
|
|
What does MAC limiting and filtering do? |
It limits devices that can connect to a switch |
|
|
In a network using IEEE 802.1x, a supplicant ______. |
Makes a request to the authenticator |
|
|
What is a true statement regarding security for a computer that boots to Apple Mac OS X and then runs a Windows virtual machine? |
The Windows virtual machine needs its own security |
|
|
What are three security concerns of a virtualized environment? |
VMs must be protected from both the outside world and also from other virtual machines on the same physical computer Physical security appliances are not always designed to protect virtual systems Live migration can immediately move on virtualized server to another hypervisor |
|
|
Which technology is predominately used for contactless payment systems? |
Near Field Communication (NFC) |
|
|
Bluetooth falls under the category of _____. |
Personal Area Network (PAN) |
|
|
What IEEE WLAN has the highest data rate? |
802.11ac |
|
|
What are some of the technologies found in a wireless broadband router? |
Firewall Router Access Point |
|
|
Why is a rogue AP a security vulnerability? |
It allows an attacker to bypass many of the network security configurations |
|
|
What are some of the risks when a home wireless router is not securely configured? |
An attacker can steal data from folders with sharing enabled Usernames, passwords, and other info sent over the WLAN could be captured by an attacker. Malware can be injected into a computer connected to the WLAN |
|
|
What Wi-Fi Protected Setup (WPS) method is vulnerable? |
PIN method |
|
|
If Cora tries to access a free public Wi-Fi at a local coffee shop that requires her to first agree to an Acceptable User Policy (AUP) before continuing, what type of AP has she encountered? |
Captive Portal |
|
|
What is the unauthorized access of information from a wireless device through a Blue-tooth connection called? |
Bluesnarfing |
|
|
The primary design of a(n) ______ is to capture the transmissions from legitimate users. |
Evil Twin |
|
|
What is a vulnerability of MAC address filtering? |
MAC addresses are initially exchanged between wireless device and the AP in an unencrypted format |
|
|
What are three limitations of turning off the SSID broadcast from an AP? |
The SSID can easily be discovered, even when not contained in beacon frames, as it is still transmitted in other frames sent by the AP Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another Some versions of operating systems favor a network that broadcasts an SSID over one that does not. |
|
|
What is the primary weakness of wired equivalent privacy (WEP)? |
Its usage creates a detectable pattern |
|
|
WPA replaces WEP with _____. |
Temporal Key Integrity protocol (TKIP) |
|
|
A preshared key (PSK) of fewer than ______ characters may be subject to an attack if that key is a common dictionary word. |
20 |
|
|
A WEP key that is 128 bits in length ______. |
Has an initalization vector (IV) that is the same length as a WEP key of 64 bits |
|
|
AES-CCMP is the encryption protocol standard used in _________. |
WPA2 |
|
|
What is the Extensible Authentication Protocol (EAP)? |
A framework for transporting authentication protocols |
|
|
Which technology should be used instead of LEAP? |
PEAP |
|
|
What are three types of wireless AP probes? |
Wireless device probe Dedicated probe AP probe |
|
|
What are three technologies that are a characteristic of a mobile device? |
Small form Factor Local nonremovable data storage Data synchronization capabilities |
|
|
What are three optional features found on most mobile devices? |
Digital Camera Microphone Removable storage media |
|
|
What type of computer most closely resembles a desktop computer? |
Laptop |
|
|
Tablet computers are designed for _______. |
Ease of use |
|
|
One of the first mobile devices was a _______. |
Personal Digital Assistant (PDA) |
|
|
What are the form factors of an SD card? |
Standard-Capacity (SDSC) High-Capacity (SDHC) eXtended-Capacity (SDXC) Secure Digital Input Output (SDIO) |
|
|
What are the risks of connecting a mobile device to a public network? |
Public networks are beyond the control of the employee's organization Public networks may be susceptible to man-in-the-middle attacks Replay attacks can occur on public networks |
|
|
Mobile devices using ______ are at increased risk of targeted physical attacks. |
Location Services |
|
|
What is one reason Android devices are considered to be at a higher security risk than iOS devices? |
Android apps can be sideloaded |
|
|
What are some of the things a QR code can contain? |
URL Email address Phone number |
|
|
What prevents a mobile device from being used until the user enters the correct passcode? |
Lockscreen |
|
|
Bob has attempted to enter the passcode for his mobile device, but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. This means that Bob's mobile device is configured to _________. |
Reset to factory settings |
|
|
What does containerization do? |
It separates personal data from corporate data |
|
|
What allows a device to be managed remotely |
Mobile Device Management (MDM) |
|
|
What are some of the security features for locating a lost or stolen mobile device? |
Remote lockout
Alarm Thief Picture |
|
|
What enforces the location in which an app can function by tracking the location of the mobile device? |
Geo-Fencing |
|
|
What are some advantages of a BYOD organization? |
Flexibility Increased employee performance Reduced internal service |
|
|
What mobile device is the smallest? |
Subnotebook |
|
|
Where does a web-based computer store user files? |
On the Internet |
|
|
What is the current version of Terminal Access Control Access Control System (TACACS)? |
TACACS+ |
|
|
How is the Security Assertion Markup Language (SAML) used? |
It allows secure web domains to exchange user authentication and authorization data. |
|
|
A RADIUS authentication server requires that the _______ be authenticated first. |
Supplicant |
|
|
What four actions make up the AAA elements in network security? |
Identification-Review of credentials Authentications-Validate credentials as genuine Authorization-Permission granted for admittance Access-Right given to access specific resources |
|
|
With the development of IEEE 802.1x port security, the _______ authentication server has seen even greater usage. |
RADIUS |
|
|
What authentication protocol is available as a free download that runs on Microsoft Windows, Apple Mac OS X, and Linux? |
Kerberos |
|
|
What is the version of the X.500 standard that runs on a personal computer over TCP/IP? |
LDAP |
|
|
A user entering her user name would correspond to the ______ action in access control. |
Identification |
|
|
A process functioning on behalf of the user who attempts to access a file is known as a(n) _________. |
Subject |
|
|
What is the name given to the individual who periodically reviews security settings and maintains records of access by users? |
Custodian |
|
|
In the __________ model, the end-user cannot change any security settings. |
Mandatory Access Control (MAC) |
|
|
What is a true statement about Rule Based Access Control (RBAC)? |
It dynamically assigns roles to subjects based on rules. |
|
|
_______ in access control means that if a condition is not explicitly met, then access is to be rejected. |
Implicit Deny |
|
|
What is a set of permissions that is attached to an object? |
Access Control List (ACL) |
|
|
Which Microsoft Windows feature provides centralized management and configuration of computers and remote users who are using Active Directory? |
Group Policy |
|
|
A(n) _______ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents. |
LDAP injection attack |
|
|
What is the least restrictive access control model? |
Discretionary Access Control (DAC) |
|
|
The principle known as ______ in access control means that each user should be given only the minimal amount of privileges necessary for that person to perform his job function. |
Least Privilege |
|
|
A(n) ________ is the person who is responsible for the information, determines the level of security needed for the data, and delegates security duties as required. |
Owner |
|
|
In the Mandatory Access Control (MAC) model, every subject and object _______. |
Is assigned a label. |
|
|
What authentication factor is based on a unique talent that a user possesses? |
What you do |
|
|
What are three characteristics of a weak password? |
A Common Dictionary word Using personal information Using a predictable sequence of chracters |
|
|
What attack is an attempt to compare a known digest to an unknown digest? |
Pre-image attack |
|
|
What algorithm is the weakest for creating password digests? |
LM (LAN Manager) has |
|
|
How is key stretching effective in resisting password attackis? |
It takes more time to generate candidate password digests |
|
|
What are reasons why users create weak passwords? |
Long and complex passwords are difficult to memorize A security policy requires a password to be changed regularly Having multiple passwords makes it hard to remember all of them |
|
|
What is a hybrid attack? |
An attack that slighly alters dictionary words |
|
|
A Time-based One-Time Password TOTP token code is valid _____. |
For as long as it appears on the device |
|
|
What is a token system that requires the user to enter the code along with a PIN called? |
Multifactor authentication system |
|
|
What is the name of a U.S. Department of Defense smart card that is used for identification of active-duty and reserve military personnel? |
Common Access Card |
|
|
Keystroke dynamics is an example of which type of biometrics? |
Behavioral |
|
|
Creating a pattern of where a user accesses a remote web account is an example of ______. |
Geolocation |
|
|
What is a decentralized open-source Federated Identity Management (FIM) that does not require specific software to be installed on the desktop? |
OpenID |
|
|
What are three human characteristics used for biometric identification? |
Retina Face Fingerprint |
|
|
_____ biometrics is related to the perception, thought processes, and understanding of the user. |
Cognative |
|
|
Using one authentication credential to access multiple accounts or applications is known as _____. |
Single Sign-on (SSO) |
|
|
What is a disadvantage of biometric readers? |
Cost |
|
|
What Single Sign-on (SSO) technology depends on tokens? |
OAuth |
|
|
Why should the account lockout threshold not be set too low? |
It could result in Denial of Service (DoS) attacks |
|
|
What One-time Password is event-driven? |
HMAC-based One-Time Password (HOTP) |
|
|
_______ is the process of developing an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. |
IT contingency planning |
|
|
Who should be involved in a tabletop exercise? |
Individuals on a decision-making level |
|
|
The average amount of time that i will take a device to recover from a failure that is not a terminal failure is called the __________. |
Mean Time To Recovery (MTTR) |
|
|
What are three categories of fire suppression systems? |
Water sprinkler system Clean agent system Dry chemical system |
|
|
What are three things required for a fire to start? |
A chemical reaction that is the fire itself a type of fuel or combustible material sufficient oxygen to sustain the combustion |
|
|
An electrical fire like that which would be found in a computer data center is known as what type of fire? |
Class C |
|
|
What level of RAID uses disk mirroring and is considered fault-tolerant? |
Level 1 |
|
|
A standby server that exists only to take over for another server in the event of its failure is known as a(n) ________. |
Asymmetric server cluster |
|
|
What does the abbreviation RAID represent? |
Redundant Array of Independent Drives |
|
|
What is an example of a nested RAID? |
Raid 0+1 |
|
|
A(n) _______ is always running off its battery while the main power runs the battery charger. |
On-line UPS |
|
|
What type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? |
Hot Site |
|
|
What are three functions a UPS can perform? |
Disconnect users and shut down the server prevent any new users form logging on notify all users that they must finish their work immediately and log off |
|
|
What are three characteristics of a Disaster Recovery Plan (DRP)? |
It is updated regularly It is written It is detailed |
|
|
What does an incremental backup do? |
Copies all files changed since the last full or incremental backup |
|
|
What are three basic questions to be asked regarding creating a data backup? |
What media should be used? Where should the backup be stored? What information should be backed up up? |
|
|
The chain of __________ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. |
Custody |
|
|
What is the maximum length of time that an organization can tolerate between data backups? |
Recovery Point Objective (RPO) |
|
|
What data backup solution uses the magnetic disk as a temporary storage area? |
Disk to Disk to Tape (D2D2T) |
|
|
When an unauthorized event occurs, what is the first duty of the computer forensics response team? |
To secure the crime scene |
|
|
An event that appears to be a risk but turns out not to be one is called a _________. |
False positive |
|
|
What are the responses to risk? |
Transference-3rd party responsible for the risk Risk Avoidance-identifying the risk and not engaging in the activity Mitigation-Address the risk & make it less serious |
|
|
What are three approaches to the Simple Risk Model? |
Preventive-Prevent a loss from occuring Detective-Monitor activity to determine where practices were not followed Corrective-Restore the system to prior state before malicious event occured |
|
|
A(n) __________ risk control type would use video surveillance systems and barricades to limit access to secure sites. |
Operational |
|
|
A statement regarding due diligence would be found in which security policy? |
Security-related human resource policy |
|
|
What risk category addresses events that impact the daily business of the organization? |
Operational |
|
|
_______ management covers the procedures of managing object authorizations. |
Privilege |
|
|
What are three statements describing the characteristics of a policy? |
Policies define appropriate user behavior Policies may be helpful if it is necessary to prosecute violators. Policies identify what tools and procedures are needed |
|
|
__________ is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them. |
Due Care |
|
|
What is a collection of suggestions that should be implemented? |
Guideline |
|
|
What are three statements that are a guideline for developing a security policy? |
Notify users in advance that a new policy is being developed and why it is needed Provide a sample of ppl affected by the policy w/ an opportunity to review the policy and comment on it Prior to deployment, give users 2 weeks to review the policy and comment |
|
|
What are three things a security policy must do? |
Balance protection with productivity Be capable of being implemented and enforced Be concise and easy to understand |
|
|
Who are three people who should serve on a security policy development team? |
Senior-level administrator Member of the legal staff Member of management who can enforce the policy |
|
|
What policy defines the actions users may perform while accessing systems and net-working equipment? |
Acceptable user policy |
|
|
________ may be defined as the study of what people understand to be good and right behavior and how people make those judgements. |
Ethics |
|
|
What are three recommendations that would be found in a password management and complexity policy? |
Do not use the name of a pet Do not use a password that is a word found in a dictionary Do not use personally identifiable information |
|
|
For adult learners, a(n) ______ approach is often preferred. |
Andragogical |
|
|
Requiring employees to clear their workspace of all papers at the end of each business day is called ______. |
Clean desk policy |
|
|
What is the security risk of a P2P network? |
A virus can be transmitted |
|
|
What are three general security recommendations when using social networking sites? |
Consider carefully who is accepted as a friend Show "limited friends" a reduced version of your profile Disable options and then reopen them only as necessary |
|
|
At what point in a vulnerability assessment would an attack tree be utilized? |
Threat evaluation |
|
|
In the software development process, when should a design review be conducted? |
As the functional and design specifications are being developed based on the requirements. |
|
|
A(n) __________ attempts to penetrate a system in order to perform a simulated attack. |
Intrusive vulnerability scan |
|
|
A(n) _________ is an agreement between two parties that is not legally enforceable. |
Memorandum of Understanding (MOU) |
|
|
A _________ is a systematic and methodical evaluation of t he exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm. |
Vulnerability assessment |
|
|
What are three things that can be classified as an asset? |
Buildings Business partners Employee database |
|
|
What are the steps in Risk Management? |
Asset Identification Threat Evaluation Vulnerability Appraisal Risk Assessment Risk Mitigation |
|
|
What are three true statements regarding vulnerability appraisal? |
Every asset must be viewed in light of each threat Each threat could reveal multiple vulnerabilities Each vulnerability should be cataloged |
|
|
________ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur. |
Threat Modeling |
|
|
What is a current snapshot of the security of an organization? |
Vulnerability appraisal |
|
|
______ is a comparison of the present security state of a system to a standard established by the organization. |
Baseline reporting |
|
|
What are the states of a port that can be returned by a port scanner? |
Open Blocked Closed |
|
|
What are three true statements regarding TCP SYN port scanning? |
Instead of using the operating system's network functions, the port scanner generates IP packets itself and monitors for responses The scanner host closes the connection before the handshake is completed This scan type is also known as "half-open scanning" because it never actually opens a full TCP connection |
|
|
The protocol File Transfer Protocol (FTP) uses which two ports? |
20 and 21 |
|
|
What are three functions of a vulnerability scanner? |
Detects which ports are served and which ports are browsed for each individual system Maintains a log of all interactive network sessions Detects when an application is compromised |
|
|
What is a true statement about the Open Vulnerability and Assessment Language (OVAL)? |
It attempts to standardize vulnerability assessments |
|
|
What are three true things about a honeypot? |
It is typically located in an area with limited security It is intentionally configured with security vulnerabilities It can direct an attacker's attention away from legitimate servers |
|
|
What is a true statement about vulnerability scanning? |
It uses automated software to scan for vulnerabilities |
|
|
If a tester is given the IP addresses, network diagrams and source code of customer applications, the tester is using what technique? |
White box |
|
|
If a software application aborts and leaves the program open, which control structure it is using? |
Fail-open |
