chapter 10-11
WHICH OF THE FOLLOWING HAS SCHEMAS WIRTTEN IN XML? A. OVAL B. 3DES C. WPA D.PAP
A OVAL
WHAT WOULD YOU USE TO CONTROL THE TRAFFIC THAT IS ALLOWED IN OR OUT OF A NETWORK? A. ACCESS CONTROL LISTS B. FIREWALL C. ADDRESS RESOLUTION PROTOCOL D. DISCRETIONARY ACCESS CONTROL
A. ACCESS CONTROL LISTS
YOU ARE CONTRACTED TO CONDUCT A FORENSIC ANALYSSI OF THE COMPUTER. WHAT SHOULD YOU DO FIRST? A. BACK UP SYSTEM B. ANALYZE THE FILES C. SCAN FOR VIRUSES D. MAKE CHANGES TO THE OPERATING SYSTEM.
A. BACK UP THE SYSTEM
WHEN USING THE MANDATORY ACCESS CONTROL MODEL, WHAT COMPONENT IS NEEDED? A. LABELS B. CERTIFICATES C. TOKENS D. RBAC
A. LABELS
YOU ARE A CONSULTANT FOR AN IT COMPANY. yOUR BOSS ASKS YOU TO DETERMINE THAT TOPLOGY OF THE NETWORK. WHAT IS THE BEST DEVICE TO USE IN THIS CIRCUMSTANCE? A. NETWORK MAPPER B. PROTOCOL ANALYZER C. PORT SCANNER D. VULNERABILITY SCANNER
A. NETWORK MAPPER
YOU ORGANIZATION HAS ENACTED A POLICY WHERE EMPLOYEES ARE REQUIRED TO CREATE PASSWORDS WITH AT LEAST 15 CHARACTERS. WHAT TYPE OF POLICY DOES THIS DEFINE? A. PASSWORD LENGTH B. PASSWORD EXPIRATION C. MINIMUM PASSWORD AGE D. PASSWORD COMPLEXITY
A. PASSWORD LENGTH
A COMPANY HAS A HIGH ATTRITION RATE. WHAT SHOULD YOU ASK THE NETWORK ADMINISTRATOR TO DO FIRST? A. REVIEW USER PERMISSIONS AND ACCESS CONTROL LISTS. B REVIEW GROUP POLICIES. C. REVIEW PERFORMANCE LOGS. D. REVIEW TE APPLICATION LOG.
A. REVIEW USER PERMISSIONS AND ACCESS CONTROL LISTS.
IN AN ENVIRONMENT WHERE ADMINISTRATORS THE ACCOUNTING DEPARTMENT, AND THE MARKETING DEPARTMENT ALL HAVE DIFFERENT LEVELS OF ACCESS, WHICH OF THE FOLLOWING ACCESS CONTROL MODELS IS BEING USED? A. ROLE BASED ACCESS CONTROL (RBAC) B. MANDATORY ACCESS CONTROL (MAC) C. DISCRETIONARY ACCESS CONTROL (DAC) D. RULE BASED ACCESS CONTROL (RBAC)
A. ROLE BASED ACCESS CONTROL (RBAC)
WHICH OF THE FOLLOWING ACCESS CONTROL METHODS USES RULES TO GOVERN WHETER OBJECT ACCESS WILL BE ALLOWED? A. RULE-BASED ACCESS CONTROL B. ROLE-BASED ACCESS CONTROL C. DISCRETIONARY ACCESS CONTROL D. MANDATORY ACCESS CONTROL
A. RULE-BASED ACCESS CONTROL
IN A DISCRETIONARY ACCESS CONTROL MODEL, WHO IS IN CHARGE OF SETTING PERMISSIONS TO A RESOURCE? A. THE OWNER OF THE RESOURCE B. THE ADMINISTRATOR C. ANY USER OF THE COMPUTER D. THE ADMINISTRATOR AND THE OWNER
A. THE OWNER OF THE RESOURCE
WHICH OF THESE IS A SECURITY COMPONENT OF WINDOWS? A. UAC B. UPS C. GADGETS D. CONTROL PANEL
A. UAC
WHICH OF THE FOLLOWING IS THE MOST COMMON AUTHENTICATION MODEL? A. uSERNAME AND PASSWORD B. BIOMETRICS C. KEY CARDS D. TOKENS
A. USERNAME AND PASSWORD
RUSS IS USING ONLY DOCUMENTATION TO TEST THE SECURITY OF A SYSTEM. WHAT TYPE OF TESTING METHODOLOGY IS THIS KNOWN AS? A. ACTIVE SECURITY ANALYSIS B. PASSIVE SECURITY ANALYSIS C. HYBRID SECURITY ANALYSIS D. HANDS ON SECURITY ANALYSIS
B PASSIVE SECURITY ANALYSIS
TO SHOW RISK FROM A MONETARY STANDPOINT, WHICH OF THE FOLLOWING SHOULD RISK ASSESSMENTS BE BASED UPON? A. SURVEY OF LOSS POTENTIAL THREATS AND ASSES VALUE B. QUANTITATIVE MEASUREMENT OF RISK, IMPACT, AND ASSET VALUE C. COMPLETE MEASUREMENT OF ALL THREATS D. QUALITATIVE MEASUREMENT OF RISK AND IMPACT
B QUANTITATIVE MEASUREMENT OF RISK, IMPACT, AND ASSET VALUE
IN THE DAC MODEL, HOW ARE PERMISSIONS IDENTIFIED? A. ROLE MEMBERSHIP B. ACCESS CONTROL LISTS. C. THEY ARE PREDEFINED. D. IT IS AUTOMATIC.
B. ACCESS CONTROL LISTS.
ROBERT NEEDS TO ACCESS A RESOURCE. IN THE DAC MODEL, WHAT IS USED TO IDENTIFY HIM OR OTHER USERS? A. ROLES B. ACLs C. MAC D. RULES
B. ACLs
A SECURITY ADMINISTRATOR IMPLEMENTS ACCESS CONTROLS BASED ON THE SECURITY CLASSIFICATION OF THE DATA AND NEED TO KNOW INFORMATION. WHICH OF THE FOLLOWING WOULD BEST DESCRIBE THIS LEVEL OF ACCESS CONTROL? A. LEAST PRIVILEGE B. MANDATORY ACCESS CONTROL C. ROLE BASED ACCESS CONTROL D. IMPLICIT DENY
B. MANDATORY ACCESS CONTROL
WHICH OF THE FOLLOWING CAN ENABLE YOU TO FIND ALL THE OPEN PORTS ON AN ENTIRE NETWORK? A PROTOCOL ANALYZER B. NETWORK SCANNER C. FIREWALL D. PERFORMANCE MONITOR
B. NETWORK SCANNER
WHICH OF THE FOLLOWING METHODS COULD IDENTIFY WHEN AN UNAUTHORIZED ACCESS AS OCCURRED? A. TWO FACTOR AUTHENTICATION B. SESSION TERMINATION C. PREVIOUS LOGON NOTIFICATION D. SESSION LOCK
C PREVIOUS LOGON NOTIFICATION
YOU ARE CONSULTING A SMALL ORGANIZATION THAT RELIES ON EMPLOYEES WHO WORK FROM HOME AND ON THE ROAD. A HACK HAS COMPROMISED THE NETWORK BY DENYING REMOTE ACCESS TO THE COMPANY USING A SCRIPT. WHICH OF THE FOLLOWING SECURITY CONTROLS DID THE HACKER EXPLOIT? A. PASSWORD COMPLEXITY B. DOS C. ACCOUNT LOCKOUT D. PASSWORD LENGTH
C. ACCOUNT LOCKOUT
WHAT KEY COMBINATION HELPS TO SECURE THE LOGON PROCESS? A. WINDOWS=R B. CTRL+SHIFT+ESC C. CTRL+ALT+DEL D. ALT+F4
C. CTRL+ALT+DEL
IN AN ATTEMPT TO DET FRAUD AND DEFEND AGAINST IT, YOUR COMPANY CROSS TRAINS PEOPLE IN EACH DEPARTMENT IS AN EXAMPLE OF? A. SEPARATION OF DUTIES B. CHAIN OF CUSTODY C. JOB ROTATION D. LEAST PRIVILEGE
C. JOB ROTATION
WHICH OF THE FOLLOWING IS A VULNERABILITY ASSESMENT TOOL? A. JOHN THE RIPPER B. AIRCRACK NG C. NESSUS D. CAIN AND ABEL
C. NESSUS
USERS ARE REQUIRED TO CHANGE THEIR PASSWORDS EVERY 30 DAYS. WHICH POLICY SHOULD BE CONFIGURED? A. PASSWORD LENGTH B. PASSWORD RECOVERY C. PASSWORD EXPIRATION D. ACCOUNT LOCKOUT
C. PASSWORD EXPIRATION
OF THE FOLLOWING, WHICH IS THE BEST WAY FOR A PERSON TO FIND OUT WHAT SECURITY HOLES EXIST ON THE NETWORK? A. RUN A PORT SCAN B USE A NETWORK SNIFFER. C PERFORM A VULNERABILITY ASSESSMENT D. USE AN IDS SOLUTION
C. PERFORM A VULNERABILITY ASSESSMENT.
WHICH OF THE FOLLOWING PERSONS IS ULTIMATELY IN CHARGE OF DECIDING HOW MUCH RESIDUAL RISK THERE WILL BE? A. CHIEF SECURITY OFFICER B. SECURITY ADMINISTRATOR C. SENIOR MANAGEMENT D. DISASTER RECOVERY PLAN COORDINATOR
C. SENIOR MANAGEMENT
JASON NEEDS TO ADD SEVERAL USERS TO A GROUP. WHICH OF THE FOLLOWING WILL HELP HIM TO GET THE JOB DONE FASTER? A. PROPAGATION B. INHERITANCE. C. TEMPLATE D. ACCESS CONTROL LISTS
C. TEMPLATE
WHICH OF THE FOLLOWING IS THE STRONGEST PASSWORD? A.!OCRAIN# B. Marq1sD3S0d C. This1sV#rys3cure D. Thisisverysecure
C. This1sV#ryS3cure
YOU WANT TO MITIGATE THAT POSSIBILITY OF PRIVILEGE CREEP AMONG YOUR LONG-TERM USERS. WHAT PROCEDURE SHOULD YOU EMPLOY? A. MANDATORY VACATIONS B. JOB ROTATION C. USER PERMISSION REVIEWS D. SEPARATION OF DUTIES
C. USER PERMISSION REVIEWS
YOU ADMINISTER A BULLETIN BOARD SYSTEM FOR A ROCK AND ROLL BAND. WHILE REVIEWING LOGS FOR THE BOARD, YOU SEE ONE PARTICULAR IP ADDRESS POSTING SPAM MULTIPLE TIMES PER DAY. WHAT IS THE BEST WAY TO PREVENT THIS TYPE OF PROBLEM? A. BLOCK THE IP ADDRESS OF THE USER B. BAN THE USER C. DISABLE ACTIVEX D IMPLEMENT CAPTCHA
D IMPLEMENT CAPTCHA
WHICH OF THE FOLLOWING WOULD LOWER THE LEVEL OF PASSWORD SECURITY? A. AFTER A SET NUMBER OF FAILED ATTEMPTS THE SERVER WILL LOCK THE USER OUT, FORCING HER TO CALL THE ADMINISTRATOR TO RE-ENABLE THE ACCOUNT. B. PASSWORDS MUST BE GREATER THAN EIGHT CHARACTERS AND CONTAIN AT LEAST ONE SPECIAL CHARACTER. C. ALL PASSWORDS ARE SET TO EXPIRE AFTER 30 DAYS. D. COMPLEX PASSWORDS THAT USERS CANNOT CHANGE ARE RANDOMLY GENERATED BY THE ADMINISTRATOR.
D. COMPLEXS PASSWORDS THAT USERS CANNOT CHANGE ARE RANDOMLY GENERATED BY THE ADMINISTRATOR.
AFTER USING NMAP TO DO A PORT SCAN OF YOUR SERVER YOU FIND THAT SEVERAL PORTS ARE OPEN. WHICH OF THE FOOLLOWING SHOULD YOU DO NEXT? A. LEAVE THE PORTS OPEN AND MONITOR THEM FOR MALICIOUS ATTACKS. B RUN THE PORT SCAN AGAIN. C. CLOSE ALL PORTS. D. EXAMINE THAT SERVICES AND OR PROCESSES THAT USE THOSE PORTS
D. EXAMINE THE SERVICES AND OR PROCESSES THAT USE THOSE PORTS
OF THE FOLLOWING ACCESS CONTROL MODELS WHICH USES OBJECT LABELS? A. DISCRETIONARY ACCESS CONTROL B. ROLE BASED ACCESS CONTROL C. RULE BASED ACCESS CONTROL D. MANDATORY ACCESS CONTROL
D. MANDATORY ACCESS CONTROL
WHICH OF THE FOLLWOING STATEMENTS REGARDING THE MAC MODEL IS TRUE? A. MANDATORY ACCESS CONTROL IS A DYNAMIC MODEL. B. MANDATORY ACCESS CONTROL ENABLES AN OWNER TO ESTABLISH ACCESS PRIVILEGES TO A RESOURCE. C. MANDATORY ACCESS CONTROL IS NOT RESTRICTIVE. D. MANDATORY ACCESS CONTROL USERS CANNOT SHARE RESOURCES DYNAMICALLY.
D. MANDATORY ACCESS CONTROL USERS CANNOT SHARE RESOURCES DYNAMICALLY.
WHICH SECURITY MEASURE SHOULD BE INCLUDED WHEN IMPLEMENTING ACCESS CONTROL? A. DISABLING SSID BROADCAST B. TIME OF DAY RESTRICTIONS C. CHANGING DEFAULT PASSWORDS D. PASSWORDS COMPLEXITY REQUIREMENTS
D. PASSWORD COMPLEXITY REQUIREMENTS
WHICH TYPE OF VULNERABILITY ASSESSMENTS SOFTWARE CAN CHECK FOR WEAK PASSWORDS ON THE NETWORK? A. WIRESHARK B. ANTIVIRUS C PERFORMANCE MONITOR D. PASSWORD CRACKER
D. PASSWORD CRACKER
HOW ARE PERMISSIONS DEFINED IN THE MANDATORY ACCESS CONTROL MODEL? A. ACCESS CONTROL LISTS B. USER ROLES C. DEFINED BY THE USER D. PREDEFINED ACCESS PRIVILEGES
D. PREDEFINED ACCESS PRIVILEGES
WHAT CAN HACKERS ACCOMPLISH USING MALICIOUS PORT SCANNING? A. FINGERPRINT OF THE OPERATING SYSTEM B. TOPOLOGY OF THE NETWORK C. ALL THE COMPUTER NAMES ON THE NETWORK D. ALL THE USERNAMES AND PASSWORDS MANY COMPANIES SEND PASSWORDS VIA CLEAR TEXT. WHICH OF THE FOLLOWING CAN VIEW THESE PASSWORDS? A. RAINBOW TABLE B. PORT SCANNER C. JOHN THE RIPPER D. PROTOCOL ANALYZER
D. PROTOCOL ANALYZER
WHAT IS A DEFINITION OF IMPLICIT DENY? A. EVERYTHING IS DENIED BY DEFAULT. B. ALL TRAFFIC FROM ONE NETWORK TO ANOTHER IS DENIED. C. ACLs ARE USED TO SECURE THE FIREWALL. D. RESOURCES THAT ARE NOT GIVEN ACCESS ARE DENIED BY DEFAULT.
D. RESOURCES THAT ARE NOT GIVEN ACCESS ARE DENIED BY DEFAULT.
WHICH OF THE FOLLOWING ACCESS CONTROL MODELS WOULD BE FOUND IN A FIREWALL? A. MANDATORY ACCESS CONTROL B. DISCRETIONARY ACCESS CONTROL C. ROLE BASED ACCESS CONTROL D. RULE BASED ACCESS CONTROL
D. RULE BASED ACCESS CONTROL
WHICH PASSWORD MANAGEMENT SYSTEM BEST PROVIDES FOR A SYSTEM WITH A LARGE NUMBER OF USERS? A. LOCALLY SAVED PASSWORDS MANAGEMENT SYSTEM B. SYNCHRONIZED PASSWORDS MANAGEMENT SYSTEM C. MULTIPLE ACCESS METHODS MANAGEMENT SYSTEM D. SELF SERVICE PASSWORD REST MANAGEMENT SYSTEM.
D. SELF SERVICE PASSWORD RESET MANAGEMENT SYSTEM
YOUR COMPANY HAS 1000 USERS. WHICH OF THE FOLLOWING PASSWORD MANAGEMENT SYSTEMS WILL WORK BEST FOR YOUR COMPANY? A. MULTIPLE ACCESS METHODS. B. SYNCHRONIZE PASSWORDS C. HISTORICAL PASSWORDS. D. SELF-SERVICE PASSWORD RESTTING
D. SELF-SERVICE PASSWORD RESETTING