Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
1 CH 7
Which of the following terms refers to the process of establishing a standard for security? |
1
A) Baselining B) Security evaluation C) Hardening D) Methods research |
1 A
Baselining is the process of establishing a standard for security. |
|
|
2 CH 7
You’ve been chosen to lead a team of administrators in an attempt to increase security. You’re currently creating an outline of all the aspects of security that will need to be examined and acted upon. Which of the following terms describes the process of improving security in an NOS? |
2
A) Common Criteria B) Hardening C) Encryption D) Networking |
2 B
Hardening is the process of improving the security of an operating system or application. One of the primary methods of hardening an OS is to eliminate unneeded protocols. |
|
|
3 CH 7
What tool is used in Windows to encrypt an entire volume? |
3
A) BitLocker B) SysLock C) Drive Defender D) NLock |
3 A
BitLocker provides drive encryption and is available with Windows 7 and Windows Vista. |
|
|
4 CH 7
Which filesystem was primarily intended for desktop system use and offers limited security? |
4
A) NTFS B) NFS C) FAT D) AFS |
4 C
FAT technology offers limited security options. |
|
|
5 CH 7
The administrator at MTS was recently fired, and it has come to light that he didn’t install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up-to-date. What is a bundle of one or more system fixes in a single product called? |
5
A) Service pack B) Hotfix C) Patch D) System install |
5 A
A service pack is one or more repairs to system problems bundled into a single process or function. |
|
|
6 CH 7
Which of the following statements is not true? |
6
A) You should never share the root directory of a disk. B) You should share the root directory of a disk. C) You should apply the most restrictive access necessary for a shared directory. D) Filesystems are frequently based on hierarchical models. |
6 B
Never share the root directory of a disk if at all possible. Doing so opens the entire disk to potential exploitation. |
|
|
7 CH 7
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can’t afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation called? |
7
A) Upgrading B) Service pack installation C) Hotfix D) File update |
7 C
A hotfix is done while a system is operating. This reduces the necessity of taking a system out of service to fix a problem. |
|
|
8 CH 7
What is the process of applying manual changes to a program called? |
8
A) Hotfix B) Service pack C) Patches D) Replacement |
8 C
A patch is a temporary workaround of a bug or problem in code that is applied manually. Complete programs usually replace patches at a later date. |
|
|
9 CH 7
Users are complaining about name resolution problems suddenly occurring that were never an issue before. You suspect that an intruder has compromised the integrity of the DNS server on your network. What is one of the primary ways in which an attacker uses DNS? |
9
A) Network footprinting B) Network sniffing C) Database server lookup D) Registration counterfeiting |
9 A
DNS records in a DNS server provide insights into the nature and structure of a network. DNS records should be kept to a minimum in public DNS servers. Network footprinting involves the attacker collecting data about the network to devise methods of intrusion. |
|
|
10 CH 7
LDAP is an example of which of the following? |
10
A) Directory access protocol B) IDS C) Tiered model application development environment D) File server |
10 A
Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book. |
|
|
11 CH 7
Your company is growing at a tremendous rate, and the need to hire specialists in various areas of IT is becoming apparent. You’re helping to write the newspaper ads that will be used to recruit new employees, and you want to make certain that applicants possess the skills you need. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads? |
11
A) Hierarchical B) Relational C) Network D) Archival |
11 B
Relational database systems are the most frequently installed database environments in use today. |
|
|
12 CH 7
The flexibility of relational databases in use today is a result of which of the following? |
12
A) SQL B) Hard-coded queries C) Forward projection D) Mixed model access |
12 A
SQL is a powerful database access language used by most relational database systems. |
|
|
13 CH 7
You’re redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform the best that it possibly can in order to be an asset to the sale. Which model is used to provide an intermediary server between the end user and the database? |
13
A) One-tiered B) Two-tiered C) Three-tiered D) Relational database |
13 C
A three-tiered model puts a server between the client and the database. |
|
|
14 CH 7
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash? |
14
A) DLP B) Fuzzing C) TPM D)HSM |
14 B
Fuzzing is the technique of providing unexpected values as input to an application to try to make it crash. Those values can be random, invalid, or just unexpected. |
|
|
15 CH 7
Which systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed? |
15
A) DLP B) PKM C) XML D) GSP |
15 A
DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. |
|
|
16 CH7
What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? |
16
A) SQL tearing B) SQL manipulation C) SQL cracking D) SQL injection |
16 D
SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it. |
|
|
17 CH 7
If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as: |
17
A) Cross-site forgery B) Directory traversal C) Root hardening D) Trusted platform corruption |
17 B
If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as directory traversal. |
|
|
18 CH 7
What is the term used when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? |
18
A) Patch infiltration B) XML injection C) Session hijacking D) DTB exploitation |
18 C
Session hijacking occurs when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party. |
|
|
19 CH 7
Session hijacking occurs when the item used to validate a user’s session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party. |
19
A) ZDT B) HSM C) TT3 D) XSRF |
19 D
XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user’s knowledge and employs some type of social networking to pull it off. |
|
|
20 CH 7
Which of the following is the name assigned to a chip that can store cryptographic keys, passwords, or certificates? |
20
A) ODI B) TLC C) TPM D) RDP |
20 C
TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect cell phones and devices other than PCs as well. |
