9
UBS BitLocker to implement full volume encryption on a notebook system. The Notebook motherboard does not have a TPM chip so you've use an external USB drive to store the BitLocker startup key. Which system components are encrypted in the scenario?
-C:\ volume -Master boot record
which of the following algorithms are using asymmetric encryption
-Diffie Hellman -RSA
IPsec is implemented through two separate protocols. what are these protocols called?
-ESP -AH
which of the following disk configurations might sustain losing two disks?
-RAID 1+0 -RAID 0+1
which of the following protocols can TLS use for key exchange?
-RSA -Diffie Hellman
which of the following tools allow for remote management of servers?
-SSH -telnet
which of the following protocols are often added to other protocols to provide secure transmission of data?
-TLS -SSL
you use BitLocker to implement full volume encryption on the notebook system The Notebook motherboard to not have a TPM chip so you use an external flash drive to store the BitLocker startup key you use EFS to encrypt the C:\secrets folder and its contents. Which of the following is true in the scenario?
-by default only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it - if the C:\secret\confidential docx file is copy to an external USB flash drive it will be saved in an unencrypted state
google cloud, amazon web services, and microsoft azure are some of the most widely used cloud storage solutions for enterprises. which of the following factors prompt companies to take advantage of cloud storage?
-growing demand for storage -need to bring costs down
which of the following are characteristics of ECC?
-uses a finite set of values within an algebraic field - asymmetric encryption
your network performs a full backup every night. each Sunday, the previous night's backup tape is archived. on a Wednesday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data?
1
how many keys are used with public keycryptography
2
your network uses the following backup strategy: full backups every Sunday night differntial backups Monday night through Saturday night on a Thursday morning, the storage system fails. how many operations will you need to perform to recover all of the data?
2
you have been asked to implement a RAID 5 solution on your network. what is the minimum number of hard disks that can be used to configure RAID 5?
3
your network uses the following backup strategy: full backups every Sunday night incremental backups Monday night through Saturday night on a Thursday morning, the storage system fails. how many operations will you need to perform to recover all of the data?
4
which of the following is a secure alternative to FTP that uses SSL for encryption?
FTPS
which TCP/IP protocol is a secure form of HTTP that uses SSL as a sublayer for security?
HTTPS
which of the following network layer protocols provides authentication and encryption services for IP-based network traffic?
IPsec
what option is an advantage RAID 5 has over RAID 1?
RAID 5 improves performance over RAID 1
an SSL client has determined that the certificate Authority is showing a server certificate is on its list of trusted Cas what is the next step in verifying the server's identity
RCA's public key must validate the cas digital signature on the server certificate
Red Lobster private key that you have used to encrypt files you need to get a copy of the private key to open some encrypted files who should you contact
Recovery Agent
which standards is the most widely used for certificates
X. 509
which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure?
a cloud access security broker
which of the following best describes High amplification when apply to the hashing algorithms
a small change in the message results in a big change in the hash value
a pki is an implementation for managing which type of encryption
asymmetric
what does an differential backup do during the backup?
backs up all files with the archive bit set and does not reset the archive bit
what does an incremental backup do during the backup?
backs up all files with the archive bit set and resets the archive bit
which of the following conditions does not result in a certificate being added to the certificate revocation list
certificate exploration
which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?
cold site
you create a new document and save it to a hard drive on a file server on your company's Network. The new employee decryption tool to encrypt a file using AES. The secretary is an example of accomplishing word security goal?
confidentiality
hashing algorithms are used to perform what activity
create a message Digest
what is the primary function of the IKE protocol used with IPsec?
create a security association between communicating partners
which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?
data loss prevention
you have a computer with three hard disks a RAID 0 volume space on disk 1 and disk 2 a RAID 1 volume uses space on disk 2 and disk 3 Disk 2 fails. which of the following is true?
data on the RAID 1 volume is accessible, data on the RAID 0 volume is not
which backup strategy backs up only files that have the archive bit set, but does not mark them as having been backed up?
differential
you manage you company's website. the web1 server hosts the website. this server has the following configurations: dual core processor dual power supplies RAID 5 volume one RAID controller two 1000 mbps network adapters which component is a single point of failure for the website?
disk controller
which of the following is another security measure you can implement to secure cloud storage?
disposing of data when it is no loner needed by using specialized tools
implements the Diffie Hellman key exchange protocol using elliptic curve cryptography
ecdh
you would like to implement BitLocker to encrypt data on a hard disk even it if it is moved to another system. You want the system to boot automatically without providing a start-up key on an external USB device. What should you do
enable TPM in the Bios
which of the following DLP implementations can be used to monitor and control access to the physical devices on workstations or servers?
endpoint DLP
excess for only a lifetime of a specific communication session
ephemeral keys
DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within a file. which of the following DLP implementations travels with sensitive data file when they are moved or copied?
file-level DLP
while backup strategy backs up all files from a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up?
full
your organization uses the following tape rotation strategy for its backup tapes. 1. the first set of tapes is used for daily backups 2. at the end of each week, the latest daily backup tape is promoted to the weekly backup tape 3. at the end of each month, one of the weekly backup tapes is promoted to the monthly back up tape what kind of backup tape rotation strategy is being used?
grandfather
which of the following is used to verify that it downloaded file has not been altered
hash
birthday attack focuses on what
hashing algorithms
what is a pki
hierarchy of computers for issuing certificates
you have been asked to deploy a network solution that includes an alternate location where operational recovery is provided within minutes of disaster. which of the following strategies would you choose?
hot site
which of the following protocols uses port 443?
https
MTTR
identifies the average amount of time necessary to repair a failed component or to restore operations
MTBF
identifies the average lifetime of a system or component
MTD
identifies the length of time an organization can survive with a specified service, asset, or process down
to obtain a digital certificate and participate in a public key infrastructure pki what must be submitted and where to obtain a digital certificate and participate in a public key infrastructure pki what must be submitted and where
identifying data and a certification request to the registration Authority
which aspect of birth certificate makes it a reliable and useful mechanism for proving the identity of a person system or service on the internet?
it is a trusted third party
when should a hardware device be replaces in order to minimize downtime?
just before it's MTBF is reached
you have a web server on your network that hosts the public website for your company. you want to make sure that the website will continue to be available even if a NIC, hard drive, or other problem prevents the server from responding. which solution should you implement?
load balancing
you manage a server that runs your company website. the web server has reached its capacity, and the number of client requests is greater that the server can handle. you would like to find a solution so that a second server can respond to requests for website content. which solution should you implement?
load balancing
which of the following is the weakest hashing algorithm
md5
MTTF
measures the average time to failure of a system or component
when is the best time to apply for a certificate renewal
near the end of the certificates valid lifetime
DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in a proprietary intellectual property?
network DLP
which technology was developed to help improve the efficiency and reliability of checking the validity of certificates in large complex environment
online certificate status protocol
sha - 1 uses which of the following bit length hashing algorithms
only 160 bit
which of the following are backed up during an differntial backup?
only files that have changed since the last backup
which of the following are backed up during an incremental backup?
only files that have changed since the last full or incremental backup
uses no deterministic algorithm when generating public keys
perfect forward secrecy
your disaster recovery plan calls for tape backups stored at a different location. the location is a safe deposit box at the local bank. because of this, the disaster recovery plan specifies that you choose the method that uses the fewest tapes, but also allows you to quickly backup and restore files. which backup strategy would best meet the disaster recovery plan for tape backups?
perform a full backup once per week and a differential backup the other days of the week
to prevent server downtime, which of the following components should be installed redundantly in a server system?
power supply
which of the following is not a feature of the cloud storage model of data storage?
provide access control to the file system stored in the cloud
which form of alternate sites is the cheapest, but may not allow an organization to recover before reaching their maximum tolerable downtime?
reciprocal agreement
what is the primary security feature that can be designed into a network's infrastructure to protect and support availability?
redundancy
which of the following is an entity that accepts and validates information contained within a request for certificate
registration Authority
even if you perform regular backups, what must be done to ensure that you are protected against data loss?
regularly test restoration procedures
a system failure has occurred. which of the following restoration processes would result in the fastest restoration of all data to its most current state?
restore the full backup and the last differential backup
a receiver wants to verify the Integrity of a message received from a sender. Josh and volume is contained within the digital signature of the sender. Which of the following was the receiver used to access the hashing values and verify the Integrity of the transmission?
senders public key
SSL (secure socket layer) operates at which layer of the OSI model?
session
which of the following does not or cannot produce a hash value of 128 bits
sha - 1
which of the following is the strongest hashing algorithm
sha - 1
can be reused by multiple communication sessions
static keys
which action is taken when the private key associated with a digital certificate becomes compromised
the certificate is revoked and added to the certificate revocation list
certificate revocation should occur under all but which of the following conditions
the certificate owner has held the certificate Beyond establish lifetime timer
when using SSL authentication, what does the client verify first when checking a server's identity?
the current date and time must fall within the server's certificate validity period
how many keys are used with asymmetric (public-key) cryptography?
two
which of the following items are contained in a digital certificate
validity period public key
if your mission-critical services have a maximum tolerable downtime (MTD)(or a recovery time objective [RTO]) of 36 hours, what is the optimum form of recovery site?
warm
you manage a website for your company. the website uses three servers configured in a cluster. incoming requests are distributed automatically between the three servers. all servers use a shared storage service that holds the website contents. each server has a single network connection and a single power supply. considering the availability of your website, which component represents a single point of failure?
website storage
sensitive data is monitored by the data loss prevention (DLP) system in four different states. which of the following is not one of the states monitored by DLP?
while a file with sensitive data is being created
you have just downloaded a file you create a hash of a file and compare to the hash posted on the website the two hashes match what do you know about the file
your copy is the same as a copy posted on the website
which of the following is not an advantage of using cloud storage?
your organization can purchase additional storage capacity when needed
you want a security solution that protects entire hard drive from pratense access even if the drive is moved to another system. Which solution would you choose
BitLocker
when two different messages produce the same hash value what has occurred
Collision
which cryptography system generates encryption keys that could be used with des, aesidea, rc5 or any other symmetric cryptography solution
Diffie Hellman
which of the following security measures and Crips entire contents of a hard drive
Drive lock
which of the following Security Solutions would prevent a user from reading a file that she did not create
EFS
which form of asymmetric cryptography is based upon Diffie Hellman
El Gamal
you want to protect date on hard drives for users with laptops. You want the drive to be encrypted and you want to prevent the laptops from booting unless the special USB drive is inserted. In addition the system should not boot if it changes detected in any of the boot files. What should you do?
Implement BitLocker with TPM
telnet is inherently insecure because of its communications is in plaintext and easily intercepted. which of the following is an acceptable alternative to telnet?
SSH
which protocol does HTTPS use to offer greater security in web transactions?
SSL
you are purchasing a hard disk from an online retailer over the internet. what does your browser use to ensure that others cannot see your credit card number on the internet?
SSL
you want to allow traveling users to connect to your private network through the internet. users will connect from various locations, including airports, hotels, and public access points such as coffee shops and libraries. as such, you own't be able to configure the firewalls that might be controlling access to the internet in these locations. which of the following protocols would be most likely to be allowed through the widest number of firewalls?
SSL
