I&A 7

Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator?

Authenticode

____ is a system that uses digital signatures and allows Windows users to determine who produced a specific piece of code and whether or not the code has been altered.

Authenticode

___________________ is a system that uses digital signatures and allows Windows users to determine who produced a specific piece of code and whether or not the code has been altered.

Authenticode

Which strategy has the goal of defining the requirements for business continuity?

BCP

Which attack is the most common exploit used to hack into software?

Buffer overflow

___is the term used to describe the document that details the specific impact of elements on a business operation

Business impact analysis (BIA)

What is a security issue with Common Gateway Interface (CGI)?

CGI scripts that are poorly written can cause unintended consequences at runtime.

____________________ was an attempt to bring the security of shrink-wrapped software to software downloaded from the Internet.

Code signing

Which alternative site provides the basic environmental controls necessary to operate, but has few of the computing components necessary for processing?

Cold Site

___ was the original method for having a Web server execute a program outside the Web server process, yet on the same server.

Common Gateway Interface (CGI)

In a(n) ____________________ backup, only the files that have changed since the last full backup was completed are backed up.

Differential

What application is associated with TCP Ports 20 and 21?

FTP

Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection?

FTP

What application is associated with TCP Ports 989 and 990?

FTPS

Which backup technique requires a large amount of space and is considered to have a simple restoration process?

Full

Which term refers to the ability to distribute the processing load over two or more systems?

Load balancing

Which type of alternative site generally use trailers, often rely on generators for their power but also factor in the requirement for environmental controls immediately

Mobile Backup Sites

What DRP category would a business function fall under if an organization could last without that function for up to 30 days before the business was severely impacted?

Necessary for normal processing

Which RAID configuration, known as striped disks, simply spreads the data that would be kept on the one disk across several disks?

RAID 0

Which attack works on both SSL and TLS by transparently converting the secure HTTPS connection into a plain HTTP connection, removing the transport layer encryption protections?

SSL stripping attack

When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task?

Secure Shell (SSH)

"____________________ is a general-purpose protocol developed by Netscape for managing the encryption of information being transmitted over the Internet." Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL)

Which term is the use of packet sniffing to steal a session cookie?

Side-Jacking

"Which term refers to a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation? Single Point of Failure"

Single Point of Failure

Which port is used by HTTPS?

TCP port 443

Which port is used by SSMTP?

TCP port 465

Which statement describes the primary purpose of JavaScript?

The primary purpose of JavaScript is to enable features such as validation of forms before they are submitted to the server

Which item should be available for short-term interruptions, such as what might occur as the result of an electrical storm?

Uninterruptible power supply (UPS)

Which alternative site is partially configured, usually having peripherals and software, but perhaps not the more expensive main processing components?

Warm site

Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?

disaster recovery plan

Which term refers to refers to the predicted average time that will elapse before failure (or between failures) of a system?

mean time to failure

With a(n) ____________________, similar organizations agree to assume the processing for the other party in the event a disaster occurs.

mutual aid agreement

____________________ refer to copies of virtual machines.

snap shots

Which term describes a proactive plan for personnel substitutions in the event that the primary person is not available to fulfill their assigned duties?

succession planning

Which alternative site is designed to be operational within a few days?

warm site

____________________ is an application-level protocol that operates over a wide range of lower-level protocols.

File Transfer Protocol

Which RAID configuration, known as mirrored disks, copies the data from one disk onto two or more disks?

RAID 1

Which strategy is focused on backup frequency

Recovery point objective (RPO)

The term ____________________ is used to describe the target time that is set for resuming operations after an incident.

Recovery time objective

___________________ is the term used to describe the document that details the specific impact of elements on a business operation.

business impact analysis

____________________ is the name given to a broad collection of application programming interfaces (APIs), protocols, and programs developed by Microsoft to download and execute code automatically over an Internet-based channel.

ActiveX

Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program?

Add-on

Which attack is a code injection attack in which an attacker sends code in response to an input request?

Cross-site scripting attack

basically has the same goal as high availability—the uninterrupted access to data and services—and is accomplished by the mirroring of data and systems.

Fault tolerance

Which term describes a computer language invented by Sun Microsystems as an alternative to Microsoft's development languages?

Java

Which RAID configuration, known as byte-striped with error check, spreads the data across multiple disks at the byte level with one disk dedicated to parity bits?

RAID 3

In the case of an FTP server, which account allows unlimited public access to the files and is commonly used when you want to have unlimited distribution?

Anonymous

Which backup requires a small amount of space and is considered to have a complex restoration process?

Delta

Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers?

HTTP

Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present?

HTTPS everywhere

____________________ refers to the ability to maintain availability of data and operational processing (services) despite a disrupting event.

High availability

Which statement correctly describes SSL v3 and TLS authentication?

In SSL v3/TLS, mutual authentication of both client and server is possible.

Which backup requires a medium amount of space and is considered to have an involved restoration process?

Incremental

Which term is a mechanism where traffic is directed to identical servers based on availability?

Load balancing

Which browser plug-in allows the user to determine which domains have trusted scripts?

NoScript

____________________ are small application programs that increase a browser's ability to handle new data types and add new functionality.

Plug-ins

Which RAID configuration is known as bit-level error-correcting code and not typically used, as it stripes data across the drives at the bit level as opposed to the block level?

RAID 2

Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives?

RAID 5

____________________ is the time period representing the maximum period of acceptable data loss.

Recovery Point Objective RPO

Which port does HTTP traffic travel over by default?

TCP port 80

What is the goal of TCP?

To send an unauthenticated, error-free stream of information between two computers.

Which term describes a collection of technologies that is designed to make Web sites more useful for users?

Web 2.0

To enable interoperability, the ____________________ standard was created as a standard for directory services.

X.500

What attack type is possible when user-supplied information is used in a header?

cache poisoning

A(n) ____________________ is a group of servers deployed to achieve a common objective.

cluster

Planning for the issue of returning to an earlier release of a software application in the event that a new release causes either a partial or complete failure is known as _______

backout planning

Which RAID configuration, known as dedicated parity drive, stripes data across several disks but in larger stripes than in RAID 3 and uses a single drive for parity-based error checking?

raid 4