Exam cram security + review
What is the recommended range of humidity level according to the ASHRAE?
40% to 55%
You have recently had security breaches in the network. You suspect they might be coming from a telecommuter's home network. Which of the following devices would you use to require a secure method for employees to access corporate resources while working from home?
A VPN concentrator
Which rule of evidence within the United States involves Fourth Amendment protections?
Admissible
When troubleshooting SSL, which two layers of the OSI model are of most value?
Application layer and transport layer
A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as which of the following?
Botnet
Which of the three principles of security is supported by an iris biometric system?
Confidentiality
In a decentralized key management system, the user is responsible for which one of the following functions?
Creation of the private and public key
Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?
Cross-site request forgery (XSRF)
Which form of access control enables data owners to extend access rights to other logons?
DAC
Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?
DDoS
Which of the following are not methods for minimizing a threat to a web server? (Choose the two best answers.)
Ensure Telnet is running and Enable logging
The organization is concerned about vulnerabilities in commercial off-the-shelf (COTS) software. Which of the following might be the only means of reviewing the security quality of the program?
Fuzzing
Which of the following serves the purpose of trying to lure a malicious attacker into a system?
Honeypot
Which of the following is one of the biggest challenges associated with database encryption?
Key management
What is the name given to the activity that consists of collecting information that will be later used for monitoring and review purposes?
Logging
An organization is looking for a filtering solution that will help eliminate some of the recent problems it has had with viruses and worms. Which of the following best meets this requirement?
Malware inspection
If Sally wants to send a secure message to Mark using public key encryption but is not worried about sender verification, what does she need in addition to her original message text?
Mark's public key
What is the name given to the system of digital certificates and certificate authorities used for public key cryptography over networks?
Public key infrastructure (PKI)
Which of the following is a network protocol that supports file transfers and is a combination of RCP and SSH?
SCP
Which of the following methods is the most effective way to physically secure laptops that are used in an environment such as an office?
Security cables
_________ describes the potential that a weakness in hardware, software, process, or people will be identified and taken advantage of.
Threat
Which risk management response is being implemented when a company purchases insurance to protect against service outage?
Transference
A user has downloaded trial software and subsequently downloads a key generator in order to unlock the trial software. The user's antivirus detection software now alerts the user that the system is infected. Which one of the following best describes the type of malware infecting the system?
Trojan
You want to implement a technology solution for a small organization that can function as a single point of policy control and management for access to Internet content. Which of the following should you choose?
Web security gateway
Which of the following is not a principal concern for first responders to a hacking incident within a corporation operating in the United States?
Whether EMI shielding is intact