Cyber Security Final
What describes the ability of an enterprise data center to revert to its former size after expanding? -Scalability -Elasticity -Reduction -Contraction
Elasticity
Calista is designing the specifications for new laptop computers to be purchased by her company. She is comparing the different types and sizes of USB connections found on the devices. Which type USB connection would she NOT find on a laptop? -Mini -Micro -Type D -Standard
Type D
Which of the following tools is a Linux command-line protocol analyzer? -Tcpdump -IP -Arp -Wireshark
Tcpdump
Bria is reviewing the company's updated personal email policy. Which of the following will she NOT find in it? -Employees should not forward company emails to a personal email account. -Employees should not give out their company email address unless requested. -Employees should not access personal email at work. -Employees should not use company email to send personal email messages.
Employees should not give out their company email address unless requested.
_____ biometrics is related to the perception, thought processes, and understanding of the user. -Behavioral -Intelligent -Standard -Cognitive
Cognitive
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? -Government Smart Card (GSC) -Common Access Card (CAC) -Personal Identity Verification (PIV) card -Secure ID Card (SIDC)
Common Access Card (CAC)
What allows for a single configuration to be set and then deployed to many or all users? -Group Policy -Snap-In Replication (SIR) -Command Configuration -Active Directory
Group Policy
Which statement about Rule-Based Access Control is true? -It is considered a real-world approach by linking a user's job function with security. -It dynamically assigns roles to subjects based on rules. -It requires that a custodian set all rules. -It is considered obsolete today.
Group Policy
What is a collection of suggestions that should be implemented? -Standard -Guideline -Policy -Code
Guideline
Which one-time password is event-driven? -ROTP -POTP -HOTP -TOTP
HOTP
Which human characteristic is NOT used for biometric identification? -Retina -Iris -Fingerprint -Height
Height
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? -Cold site -Warm site -Replicated site -Hot site
Hot site
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? -BPA -MOU -SLA -ISA
MOU
Which of the following is the Microsoft version of CHAP? -MS-CHAP -AD-EAP -PAP-MICROSOFT -EAP-MS
MS-CHAP
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? -MTTI -MTBF -MTBR -MTTR
MTTR
Which of the following is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? -MTBF -MTTF -MTTR -FIT
MTTR
Which of the following is a command-line alternative to Nmap? -Netcat -Statnet -Netstat -Mapper
Netcat
Which type of operating system runs on a firewall, router, or switch? -Device OS -Network OS -Server OS -Resource OS
Network OS
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? -NTLM -Shibboleth -OAuth -Open ID Connect
OAuth
Which of the following is NOT a typical OS security configuration? • Disabling default accounts/passwords • Disabling unnecessary ports and services • Restricting patch management • Employing least functionality
Restricting patch management
Which access control model is the most restrictive? -DAC -Role-Based Access Control -Rule-Based Access Control -MAC
MAC
Which tool manages the distribution and control of apps? -MFM -MAM -MCM -MDM
MAM
Which of the following technologies provides for pictures, video, or audio to be included in text messages? -QR -SMS -ANT -MMS
MMS
Which of these is NOT a characteristic of a weak password? -Using personal information -Using a predictable sequence of characters -A long password -A common dictionary word
A long password
Which of the following is NOT required for a fire to occur? -A spark to start the process -Sufficient oxygen to sustain the combustion -A chemical reaction that is the fire itself -A type of fuel or combustible material
A spark to start the process
Which type of access control model uses predefined rules that makes it flexible? -Rule-Based Access Control -ABAC -DAC -MAC
ABAC
What can be used to provide both file system security and database security? -RBASEs -CHAPs -ACLs -LDAPs
ACLs
Which policy defines the actions users may perform while accessing systems and networking equipment? -Acceptable use policy -Internet use policy -End-user policy -User permission policy
Acceptable use policy
Which of the following involves rights given to access specific resources? -Accounting -Identification -Access -Authorization
Access
Which of the following is NOT part of the AAA framework? -Accounting -Authorization -Access -Authentication
Access
Which of these is a set of permissions that is attached to an object? -Subject Access Entity (SAE) -Object modifier -Access control list (ACL) -Security entry designator
Access control list (ACL)
Agnella was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the following would she NOT list in her report? -Limit retaliation -Access to resources -Legal authorization -Indemnification
Access to resources
Which of these should NOT be classified as an asset? -Accounts payable -Buildings -Employee databases -Business partners
Accounts payable
Which of the following sends "probes" to network devices and examines the responses to evaluate whether a specific device needs remediation? -Passive scanner -Remote scanner -Active scanner -Probe scanner
Active scanner
Which of the following is NOT a time employee training should be conducted? -After monthly patch updates. -When a new computer is installed. -When an employee is promoted. -During an annual department retreat.
After monthly patch updates.
Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will she be working on? -Identification of critical systems report -Business continuity report -After-action report -Containment report
After-action report
Which of the following is NOT a function of a vulnerability scanner? -Maintains a log of all interactive network sessions -Detects which ports are served and which ports are browsed for each individual system -Alerts users when a new patch cannot be found -Detects when an application is compromised
Alerts users when a new patch cannot be found
Which of the following is NOT true regarding how an enterprise should handle an orphaned or a dormant account? -Access should be ended as soon as the employee is no longer part of the organization. -All orphaned and dormant accounts should be deleted immediately whenever they are discovered. -A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization. -Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.
All orphaned and dormant accounts should be deleted immediately whenever they are discovered.
What is a hybrid attack? -An attack that uses both automated and user input -An attack that slightly alters dictionary words -A brute force attack that uses special tables -An attack that combines a dictionary attack with a mask attack
An attack that combines a dictionary attack with a mask attack
For adult learners, which approach is often preferred? -Proactive -Institutional -Pedagogical -Andragogical
Andragogical
Which statement is NOT something that a security policy must do? -Be capable of being implemented and enforced. -State reasons why the policy is necessary. -Balance protection with productivity. -Be concise and easy to understand.
Balance protection with productivity.
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow? -Fencing -Barricade -Roller barrier -Type V controls
Barricade
An electrical fire like that which would be found in a computer data center is known as what type of fire? -Class C -Class D -Class B -Class A
Class C
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? -Hybrid attack -Brute force attack -Custom attack -Dictionary attack
Brute force attack
Which of these is NOT a state of a port that can be returned by a port scanner? -Open -Busy -Closed -Blocked
Busy
Which of the following is NOT an issue raised regarding how private data is gathered and used? -By law, all encrypted data must contain a "backdoor" entry point. -The data is gathered and kept in secret. -The accuracy of the data cannot be verified. -Informed consent is usually missing or is misunderstood.
By law, all encrypted data must contain a "backdoor" entry point.
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support? -Corporate-owned -CYOD -COPE -BYOD
CYOD
Which of the following can be used to secure a laptop or mobile device? -Cable lock -Security tab -Mobile connector -Mobile chain
Cable lock
Which of the following data sensitivity labels is the highest level of data sensitivity? -Private -Confidential -Ultra -Secret
Confidential
Paavo was reviewing a request by an executive for a new subnotebook computer. The executive said that he wanted USB OTG support and asked Paavo's opinion regarding its security. What would Paavo tell him about USB OTG security? -Subnotebooks do not support USB OTG. -USB OTG uses strong security and the executive should have no concerns. -Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device. -An unsecured mobile device could infect other tethered mobile devices or the corporate network.
Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device.
What does an incremental backup do? -Copies all files -Copies selected files -Copies all files changed since the last full or incremental backup -Copies all files since the last full backup
Copies all files changed since the last full or incremental backup
What is a disadvantage of biometric readers? -Speed -Cost -Weight -Standards
Cost
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? -Operator -End-user -Custodian -Privacy officer
Custodian
What is the least restrictive access control model? -DAC -Rule-Based Access Control -MAC -ABAC
DAC
Creating a pattern of where a user accesses a remote web account is an example of which of the following? -Keystroke dynamics -Cognitive biometrics -Geolocation -Time-Location Resource Monitoring (TLRM)
Geolocation
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? -Deterrent control -Corrective control -Detective control -Preventive control
Deterrent control
Which of the following is NOT a risk associated with the use of private data? -Associations with groups -Devices being infected with malware -Statistical inferences -Individual inconveniences and identity theft
Devices being infected with malware
Which of the following would NOT be considered as part of a clean desk policy? -Lock computer workstations when leaving the office. -Do not share passwords with other employees. -Keep mass storage devices locked in a drawer when not in use. -Place laptops in a locked filing cabinet.
Do not share passwords with other employees.
Which of the following types of testing uses unexpected or invalid inputs? -Runtime testing -Static analysis -Stress testing -Dynamic analysis
Dynamic analysis
Which of the following threats would be classified as the actions of a hactivist? -Compliance threat -External threat -Internal threat -Environmental threat
External threat
If a software application aborts and leaves the program open, which control structure is it using? -Fail-right -Fail-open -Fail-safe -Fail-secure
Fail-open
A TOTP token code is generally valid for what period of time? -Only while the user presses SEND -For up to 24 hours -Until an event occurs -For as long as it appears on the device
For as long as it appears on the device
Which question is NOT a basic question to be asked regarding creating a data backup? -Where should the backup be stored? -What information should be backed up? -What media should be used? -How long will it take to finish the backup?
How long will it take to finish the backup?
Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? -Business impact analysis planning -Risk IT planning -IT contingency planning -Disaster recovery planning
IT contingency planning
Dilma has been tasked with creating a list of potential employees to serve in an upcoming tabletop exercise. Which employees will be on her list? -Full-time employees -Only IT managers -All employees -Individuals on a decision-making level
Individuals on a decision-making level
Which can be used to establish geographical boundaries where a mobile device can and cannot be used? -Geolocation policies -Restricted access control policies -Location-based policies -Mobile device policies
Location-based policies
Agape was asked to make a recommendation regarding short-range wireless technologies to be supported in a new conference room that was being renovated. Which of the following would she NOT consider due to its slow speed and its low deployment levels today? -ANT -Infrared -Bluetooth -NFC
Infrared
How is the Security Assertion Markup Language (SAML) used? -It is no longer used because it has been replaced by LDAP. -It allows secure web domains to exchange user authentication and authorization data. -It is a backup to a RADIUS server. -It is an authenticator in IEEE 802.1x.
It allows secure web domains to exchange user authentication and authorization data.
Which statement regarding a honeypot is NOT true? -It is intentionally configured with security vulnerabilities. -It cannot be part of a honeynet. -It can direct an attacker's attention away from legitimate servers. -It is typically located in an area with limited security.
It cannot be part of a honeynet.
Which statement about Rule-Based Access Control is true? -It is considered a real-world approach by linking a user's job function with security. -It dynamically assigns roles to subjects based on rules. -It requires that a custodian set all rules. -It is considered obsolete today.
It dynamically assigns roles to subjects based on rules.
Which of these is NOT a characteristic of a disaster recovery plan (DRP)? -It is updated regularly. -It is a private document used only by top-level administrators for planning. -It is written. -It is detailed.
It is a private document used only by top-level administrators for planning.
Which statement about a mantrap is true? -It requires the use of a cipher lock. -It is a special keyed lock. -It is illegal in the United States. -It monitors and controls two interlocking doors to a room.
It monitors and controls two interlocking doors to a room.
What does containerization do? -It slows down a mobile device to half speed. -It places all keys in a special vault. -It splits operating system functions only on specific brands of mobile devices. -It separates personal data from corporate data.
It separates personal data from corporate data.
How is key stretching effective in resisting password attacks? -It takes more time to generate candidate password digests. -The license fees are very expensive to purchase and use it. -It requires the use of GPUs. -It does not require the use of salts.
It takes more time to generate candidate password digests.
A friend of Ukrit told him that he has just downloaded and installed an app that allows him to circumvent the built-in limitations on his Apple iOS smartphone. What is this called? -Rooting -Ducking -Jailbreaking -Sideloading
Jailbreaking
Which type of residential lock is most often used for keeping out intruders? -Privacy lock -Passage lock -Keyed entry lock -Encrypted key lock
Keyed entry lock
What is the version of the X.500 standard that runs on a personal computer over TCP/IP? -Lite RDAP -LDAP -IEEE X.501 -DAP
LDAP
What is the secure version of LDAP? -Secure DAP -LDAPS -802.1x -X.500
LDAPS
Which of these is an example of a nested RAID? -Level 0+1 -Level 0/1 -Level 1-0 -Level 0-1
Level 0+1
Which level of RAID uses disk mirroring and is considered fault-tolerant? -Level 3 -Level 2 -Level 4 -Level 1
Level 1
Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password? -Pass the hash attack -Rule attack -Mask attack -Rainbow attack
Mask attack
Which of the following is NOT a motion detection method? -Infrared -Magnetism -Radio frequency -Moisture
Moisture
Which of these is NOT a reason why users create weak passwords? -A lengthy and complex password can be difficult to memorize. -A security policy requires a password to be changed regularly. -Having multiple passwords makes it hard to remember all of them. -Most sites force users to create weak passwords even though they do not want to.
Most sites force users to create weak passwords even though they do not want to.
What is a token system that requires the user to enter the code along with a PIN called? -Token-passing authentication system -Dual-prong verification system -Single-factor authentication system -Multifactor authentication system
Multifactor authentication system
Which of the following must be kept secure as mandated by HIPAA? -PLILP -PHIL -PII -PHI
PHI
Which of the following command-line tools tests a connection between two network devices? -Netstat -Ping -Ifconfig -Nslookup
Ping
Which of the following should NOT be stored in a secure password database? -Salt -Iterations -Password digest -Plaintext password
Plaintext password
Which statement does NOT describe a characteristic of a policy? · Policies identify what tools and procedures are needed. · Policies define appropriate user behavior. · Policies communicate a unanimous agreement of judgment. · Policies may be helpful if it is necessary to prosecute violators.
Policies communicate a unanimous agreement of judgment.
Which of the following can a UPS NOT perform? -Prevent certain applications from launching that will consume too much power -Prevent any new users from logging on -Disconnect users and shut down the server -Notify all users that they must finish their work immediately and log off
Prevent certain applications from launching that will consume too much power
Which of the following covers the procedures of managing object authorizations? -Privilege management -Task management -Threat management -Asset management
Privilege management
Each of the following accounts should be prohibited EXCEPT: -Generic accounts -Shared accounts -Privileged accounts -Guest accounts
Privileged accounts
Which of the following data sensitivity labels has the lowest level of data sensitivity? -Unrestricted -Free -Public -Open
Public
Which of these is NOT a risk of connecting a mobile device to a public network? -Public networks may be susceptible to man-in-the-middle attacks. -Public networks are beyond the control of the employee's organization. -Replay attacks can occur on public networks. -Public networks are faster than local networks and can spread malware more quickly to mobile devices.
Public networks are faster than local networks and can spread malware more quickly to mobile devices.
With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage? -Lite RDAP -RDAP -RADIUS -DAP
RADIUS
Which type of OS is typically found on an embedded system? -COPE -RTOS -SoC -OTG
RTOS
What is the maximum length of time that an organization can tolerate between data backups? Recovery time objective (RTO) -Recovery point objective (RPO) -Recovery service point (RSP) -Optimal recovery timeframe (ORT)
Recovery point objective (RPO)
What does the abbreviation RAID represent? -Resistant Architecture of Inter-Related Data Storage -Redundant Array of Independent Drives -Resilient Architecture for Interdependent Discs -Redundant Array of IDE Drives
Redundant Array of Independent Drives
Which of the following is NOT a characteristic of an alarmed carrier PDS? -Carrier can be hidden above the ceiling -Requires periodic visual inspections -Eliminates the need to seal connections -Uses continuous monitoring
Requires periodic visual inspections
Tomassa is asked to determine the expected monetary loss every time a risk occurs. Which formula will she use? -SLE -ALE -ARO -AV
SLE
Which of the following is a cumulative package of all patches? -Rollup -Service pack -Patch -Hotfix
Service pack
Which of the following is NOT a security risk of social media sites for users? -Social media security is lax or confusing. -Social media sites use popup ads. -Personal data can be used maliciously. -Users may be too trusting.
Social media sites use popup ads.
Which stage is a "quality assurance" test that verifies the code functions as intended? -Production stage -Staging stage -Testing stage -Development stage
Staging stage
Which of the following is NOT a reason why supply chain infections are considered especially dangerous? -If the malware is planted in the ROM firmware of the device this can make it 5 or sometimes even impossible to clean an infected device. -Users are receiving infected devices at the point of purchase and are completely unaware that a brand new device may be infected. -Supply chains take advantage of the trusted "chain of trust" concept. -It is virtually impossible to closely monitor every step in the supply chain.
Supply chains take advantage of the trusted "chain of trust" concept.
What is the current version of TACACS? -TACACS v9 -TACACS+ -XTACACS -TRACACS
TACACS+
How does heuristic detection detect a virus? -The bytes of a virus are placed in different "piles" and then used to create a profile. -A virtualized environment is created and the code is executed in it. -A string of bytes from the virus is compared against the suspected file. -The virus signature file is placed in a suspended chamber before streaming to the CPU.
The bytes of a virus are placed in different "piles" and then used to create a profile.
At what point in a vulnerability assessment would an attack tree be utilized? -Risk mitigation -Threat evaluation -Risk assessment -Vulnerability appraisal
Threat evaluation
Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur? -Risk assessment -Attack assessment -Vulnerability prototyping -Threat modeling
Threat modeling
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? -Daylight savings time -Civil time -Greenwich Mean Time (GMT) -Time offset
Time offset
When an unauthorized event occurs, what is the first duty of the cyber-incident response team? -To log off from the server -To secure the crime scene -To reboot the system -To back up the hard drive
To secure the crime scene
Which of the following is NOT true about privacy? -Today, individuals can achieve any level of privacy that is desired. -Privacy is the right to be left alone to the degree that you choose. -Privacy is difficult due to the volume of data silently accumulated by technology. -Privacy is freedom from attention, observation, or interference based on your decision.
Today, individuals can achieve any level of privacy that is desired.
Which of the following is NOT an advantage to an automated patch update service? -Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. -Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. -Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. -Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.
Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
How can an SDIO card be made secure? -Requiring a username before accessing the SDIO card. -Turning on patch updates to the SDIO card. -SDIO cards are natively secure and no security settings are needed. -Using the security mechanisms on a standard Wi-Fi network.
Using the security mechanisms on a standard Wi-Fi network.
Which of the following is NOT a memory vulnerability? -Pointer deference -Variable overflow -DLL injection -Buffer overflow
Variable overflow
Which statement regarding vulnerability appraisal is NOT true? -Each threat could reveal multiple vulnerabilities. -Each vulnerability should be cataloged. -Every asset must be viewed in light of each threat. -Vulnerability appraisal is always the easiest and quickest step.
Vulnerability appraisal is always the easiest and quickest step.
Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm? -Penetration test -Vulnerability assessment -Risk appraisal -Vulnerability scan
Vulnerability assessment
Which model uses a sequential design process? -Rigid model -Secure model -Agile model -Waterfall model
Waterfall model
Which of the following is NOT a category of fire suppression systems? -Wet chemical system -Water sprinkler system -Dry chemical system -Clean agent system
Wet chemical system
Which authentication factor is based on a unique talent that a user possesses? -What you have -What you do -What you know -What you are
What you do
If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique? -White box -Blue box -Black box -Gray box
White box
Which of these is a list of approved email senders? -Yellowlist -Bluelist -Blacklist -Whitelist
Whitelist
Pakpao has been asked to provide research regarding a new company initiative to add Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Pakpao NOT list in his report as a factor in the frequency of Android firmware OTA updates? -Because OEMs and wireless carriers want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely. -Because many of the OEMs had modified Android, they are reluctant to distribute updates that could potentially conflict with their changes. -Both OEMs and wireless carriers are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates. -Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks.
Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks.
The chain of _____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. -evidence -custody -forensics -control
custody
A lock that extends a solid metal bar into the door frame for extra security is the _____. -full bar lock -deadman's lock -triple bar lock -deadbolt lock
deadbolt lock
What enforces the location in which an app can function by tracking the location of the mobile device? -GPS tagging -geofencing -location resource management -Graphical Management Tracking (GMT)
geofencing
What is the process of identifying the geographical location of a mobile device? -geolocation -geoID -geotracking -geomonitoring
geolocation
Why should the account lockout threshold not be set too low? -The network administrator would have to reset the account manually. -The user would not have to wait too long to have her password reset. -It could result in denial of service (DoS) attacks. -It could decrease calls to the help desk.
it could result in denial of service (DoS) attacks.
Which of these is feature for locating a lost or stolen mobile device? -thief picture -last known good configuration -alarm -remote lockout
last known good configuration
What allows a device to be managed remotely? mobile application management (MAM) mobile wrapper management (MWM) mobile resource management (MRM) -mobile device management (MDM)
mobile device management (MDM)
A(n) _____ is always running off its battery while the main power runs the battery charger. -off-line UPS -secure UPS -backup UPS -on-line UPS
on-line UPS
Which of these is considered the strongest type of passcode to use on a mobile device? -draw connecting dots pattern -fingerprint swipe -password -PIN
password
Which technology is NOT a core feature of a mobile device? -data synchronization capabilities -local non-removable data storage -physical keyboard -small form factor
physical keyboard
Jabez needs to alert through an SMS text message those corporate users who have a specific brand and type of mobile device regarding a serious malware incident. What technology will she use? -MAM -MCM -push notification services -COPE
push notification services
Gaetan has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. Which configuration setting is enabled on Gaetan's mobile device? -reset to factory settings -enable high security -extend lockout period -lock device
reset to factory settings
Which of these is NOT a response to risk? -avoidance -transference -mitigation -resistance
resistance
What prevents a mobile device from being used until the user enters the correct passcode? -touch swipe -screen timeout -swipe identifier (SW-ID) -screen lock
screen lock
Using one authentication credential to access multiple accounts or applications is known as _____. -single sign-on -credentialization -identification authentication -federal login
single sign-on
A RADIUS authentication server requires the ________ to be authenticated first. -authenticator -supplicant -user -authentication server
supplicant
Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites? -managerial -operational -technical -strategic
technical
While traveling abroad, Giuseppe needs to use public Internet cafe computers to access the secure network. Which of the following non-persistence tools should he use? · Snapshot · Live boot media · Revert to known state · Secure Configuration
· Live boot media
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) represents a risk? · Policy-based risk calculation · Qualitative risk calculation · Rule-based risk calculation · Quantitative risk calculation
· Qualitative risk calculation