Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
27 Cards in this Set
- Front
- Back
Common access cards use which of the following authentication models?
|
PKI
|
|
Which of the following does a second authentication requirement mitigate when accessing privileged areas of a website, such as password changes or user profile changes?
|
Cookie Stealing
|
|
Which of the following is true concerning WEP security?
|
The WEP key initialization process if flawed
|
|
Which of the following are used to implement VPNs?
|
IPSec
SSL |
|
Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?
|
Initial baseline configuration
|
|
Which of the following application attacks is used to gain access to SEH?
|
Buffer overflow
|
|
In planning for a firewall implementation, Pete, a security administrator, needs a tool to help him understand what traffic patterns are normal on his network. Which of the following tools would help Pete determine traffic patterns?
|
Protocol analyzer
|
|
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully login to it. Which ports and protocols are MOST likely to be open on the firewall?
(4) |
22
23 SSH Telnet |
|
Which of the following protocols would be implemented to secure file transfers using SSL?
|
FTPS
|
|
Which of the following should the security administrator do when taking a forensic image of a hard drive?
|
Hash the original hard drive, image the original hard drive, and hash the image
|
|
A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?
|
Availability
|
|
Jane, an administrator, needs to transfer DNS zone files from outside of the corporate network. Which of the following protocols must be used?
|
TCP
|
|
Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?
|
Secure zone transfers
|
|
Mike, a security analyst, has captured a packet with the following payload: GET ..//..//..//..system32\/cmd.exe
Which of the following is this an example of? |
Directory traversal
|
|
Which of the following security concepts are used for data classification an labeling to protect data?
(2) |
Need to know
Authorization |
|
Sara from IT Governance wants to provide a mathematical probability of an earthquake using facts and figures. Which of the following concepts would achieve this?
|
Quantitative Analysis
|
|
Which of the following protocols would be used to verify connectivity between two remote devices at the LOWEST level of the OSI model?
|
ICMP
|
|
Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?
|
DNS poisoning
|
|
Which of the following protocols is used to authenticate the client and server's digital certificate?
|
TLS
|
|
Which of the following symmetric key algorithms are examples of block ciphers?
(3) |
3DES
AES Blowfish |
|
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?
|
All users have read access to the file
|
|
Which of the following devices can Sara, an administrator, implement to detect and stop known attacks?
|
Signature-based NIPS
|
|
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?
|
NIPS
|
|
A buffer overflow can result in which of the following attack types?
|
Privilege escalation
|
|
Which of the following is an application security coding problem?
|
Error and exception handling
|
|
Which of the following anti-malware solutions can be implemented to mitigate the risk of phishing?
|
Anti-spam
|
|
Which of the following must Jane, a security administrator, implement to ensure all wired ports are authenticated before a user is allowed onto the network?
|
Network Access Control
|