Cyber Security Final

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What describes the ability of an enterprise data center to revert to its former size after expanding? -Scalability -Elasticity -Reduction -Contraction

Elasticity

Calista is designing the specifications for new laptop computers to be purchased by her company. She is comparing the different types and sizes of USB connections found on the devices. Which type USB connection would she NOT find on a laptop? -Mini -Micro -Type D -Standard

Type D

Which of the following tools is a Linux command-line protocol analyzer? -Tcpdump -IP -Arp -Wireshark

Tcpdump

Bria is reviewing the company's updated personal email policy. Which of the following will she NOT find in it? -Employees should not forward company emails to a personal email account. -Employees should not give out their company email address unless requested. -Employees should not access personal email at work. -Employees should not use company email to send personal email messages.

Employees should not give out their company email address unless requested.

_____ biometrics is related to the perception, thought processes, and understanding of the user. -Behavioral -Intelligent -Standard -Cognitive

Cognitive

Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? -Government Smart Card (GSC) -Common Access Card (CAC) -Personal Identity Verification (PIV) card -Secure ID Card (SIDC)

Common Access Card (CAC)

What allows for a single configuration to be set and then deployed to many or all users? -Group Policy -Snap-In Replication (SIR) -Command Configuration -Active Directory

Group Policy

Which statement about Rule-Based Access Control is true? -It is considered a real-world approach by linking a user's job function with security. -It dynamically assigns roles to subjects based on rules. -It requires that a custodian set all rules. -It is considered obsolete today.

Group Policy

What is a collection of suggestions that should be implemented? -Standard -Guideline -Policy -Code

Guideline

Which one-time password is event-driven? -ROTP -POTP -HOTP -TOTP

HOTP

Which human characteristic is NOT used for biometric identification? -Retina -Iris -Fingerprint -Height

Height

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? -Cold site -Warm site -Replicated site -Hot site

Hot site

Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? -BPA -MOU -SLA -ISA

MOU

Which of the following is the Microsoft version of CHAP? -MS-CHAP -AD-EAP -PAP-MICROSOFT -EAP-MS

MS-CHAP

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? -MTTI -MTBF -MTBR -MTTR

MTTR

Which of the following is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? -MTBF -MTTF -MTTR -FIT

MTTR

Which of the following is a command-line alternative to Nmap? -Netcat -Statnet -Netstat -Mapper

Netcat

Which type of operating system runs on a firewall, router, or switch? -Device OS -Network OS -Server OS -Resource OS

Network OS

Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? -NTLM -Shibboleth -OAuth -Open ID Connect

OAuth

Which of the following is NOT a typical OS security configuration? • Disabling default accounts/passwords • Disabling unnecessary ports and services • Restricting patch management • Employing least functionality

Restricting patch management

Which access control model is the most restrictive? -DAC -Role-Based Access Control -Rule-Based Access Control -MAC

MAC

Which tool manages the distribution and control of apps? -MFM -MAM -MCM -MDM

MAM

Which of the following technologies provides for pictures, video, or audio to be included in text messages? -QR -SMS -ANT -MMS

MMS

Which of these is NOT a characteristic of a weak password? -Using personal information -Using a predictable sequence of characters -A long password -A common dictionary word

A long password

Which of the following is NOT required for a fire to occur? -A spark to start the process -Sufficient oxygen to sustain the combustion -A chemical reaction that is the fire itself -A type of fuel or combustible material

A spark to start the process

Which type of access control model uses predefined rules that makes it flexible? -Rule-Based Access Control -ABAC -DAC -MAC

ABAC

What can be used to provide both file system security and database security? -RBASEs -CHAPs -ACLs -LDAPs

ACLs

Which policy defines the actions users may perform while accessing systems and networking equipment? -Acceptable use policy -Internet use policy -End-user policy -User permission policy

Acceptable use policy

Which of the following involves rights given to access specific resources? -Accounting -Identification -Access -Authorization

Access

Which of the following is NOT part of the AAA framework? -Accounting -Authorization -Access -Authentication

Access

Which of these is a set of permissions that is attached to an object? -Subject Access Entity (SAE) -Object modifier -Access control list (ACL) -Security entry designator

Access control list (ACL)

Agnella was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the following would she NOT list in her report? -Limit retaliation -Access to resources -Legal authorization -Indemnification

Access to resources

Which of these should NOT be classified as an asset? -Accounts payable -Buildings -Employee databases -Business partners

Accounts payable

Which of the following sends "probes" to network devices and examines the responses to evaluate whether a specific device needs remediation? -Passive scanner -Remote scanner -Active scanner -Probe scanner

Active scanner

Which of the following is NOT a time employee training should be conducted? -After monthly patch updates. -When a new computer is installed. -When an employee is promoted. -During an annual department retreat.

After monthly patch updates.

Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will she be working on? -Identification of critical systems report -Business continuity report -After-action report -Containment report

After-action report

Which of the following is NOT a function of a vulnerability scanner? -Maintains a log of all interactive network sessions -Detects which ports are served and which ports are browsed for each individual system -Alerts users when a new patch cannot be found -Detects when an application is compromised

Alerts users when a new patch cannot be found

Which of the following is NOT true regarding how an enterprise should handle an orphaned or a dormant account? -Access should be ended as soon as the employee is no longer part of the organization. -All orphaned and dormant accounts should be deleted immediately whenever they are discovered. -A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization. -Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.

All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

What is a hybrid attack? -An attack that uses both automated and user input -An attack that slightly alters dictionary words -A brute force attack that uses special tables -An attack that combines a dictionary attack with a mask attack

An attack that combines a dictionary attack with a mask attack

For adult learners, which approach is often preferred? -Proactive -Institutional -Pedagogical -Andragogical

Andragogical

Which statement is NOT something that a security policy must do? -Be capable of being implemented and enforced. -State reasons why the policy is necessary. -Balance protection with productivity. -Be concise and easy to understand.

Balance protection with productivity.

Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow? -Fencing -Barricade -Roller barrier -Type V controls

Barricade

An electrical fire like that which would be found in a computer data center is known as what type of fire? -Class C -Class D -Class B -Class A

Class C

Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? -Hybrid attack -Brute force attack -Custom attack -Dictionary attack

Brute force attack

Which of these is NOT a state of a port that can be returned by a port scanner? -Open -Busy -Closed -Blocked

Busy

Which of the following is NOT an issue raised regarding how private data is gathered and used? -By law, all encrypted data must contain a "backdoor" entry point. -The data is gathered and kept in secret. -The accuracy of the data cannot be verified. -Informed consent is usually missing or is misunderstood.

By law, all encrypted data must contain a "backdoor" entry point.

In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support? -Corporate-owned -CYOD -COPE -BYOD

CYOD

Which of the following can be used to secure a laptop or mobile device? -Cable lock -Security tab -Mobile connector -Mobile chain

Cable lock

Which of the following data sensitivity labels is the highest level of data sensitivity? -Private -Confidential -Ultra -Secret

Confidential

Paavo was reviewing a request by an executive for a new subnotebook computer. The executive said that he wanted USB OTG support and asked Paavo's opinion regarding its security. What would Paavo tell him about USB OTG security? -Subnotebooks do not support USB OTG. -USB OTG uses strong security and the executive should have no concerns. -Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device. -An unsecured mobile device could infect other tethered mobile devices or the corporate network.

Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device.

What does an incremental backup do? -Copies all files -Copies selected files -Copies all files changed since the last full or incremental backup -Copies all files since the last full backup

Copies all files changed since the last full or incremental backup

What is a disadvantage of biometric readers? -Speed -Cost -Weight -Standards

Cost

Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? -Operator -End-user -Custodian -Privacy officer

Custodian

What is the least restrictive access control model? -DAC -Rule-Based Access Control -MAC -ABAC

DAC

Creating a pattern of where a user accesses a remote web account is an example of which of the following? -Keystroke dynamics -Cognitive biometrics -Geolocation -Time-Location Resource Monitoring (TLRM)

Geolocation

Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? -Deterrent control -Corrective control -Detective control -Preventive control

Deterrent control

Which of the following is NOT a risk associated with the use of private data? -Associations with groups -Devices being infected with malware -Statistical inferences -Individual inconveniences and identity theft

Devices being infected with malware

Which of the following would NOT be considered as part of a clean desk policy? -Lock computer workstations when leaving the office. -Do not share passwords with other employees. -Keep mass storage devices locked in a drawer when not in use. -Place laptops in a locked filing cabinet.

Do not share passwords with other employees.

Which of the following types of testing uses unexpected or invalid inputs? -Runtime testing -Static analysis -Stress testing -Dynamic analysis

Dynamic analysis

Which of the following threats would be classified as the actions of a hactivist? -Compliance threat -External threat -Internal threat -Environmental threat

External threat

If a software application aborts and leaves the program open, which control structure is it using? -Fail-right -Fail-open -Fail-safe -Fail-secure

Fail-open

A TOTP token code is generally valid for what period of time? -Only while the user presses SEND -For up to 24 hours -Until an event occurs -For as long as it appears on the device

For as long as it appears on the device

Which question is NOT a basic question to be asked regarding creating a data backup? -Where should the backup be stored? -What information should be backed up? -What media should be used? -How long will it take to finish the backup?

How long will it take to finish the backup?

Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? -Business impact analysis planning -Risk IT planning -IT contingency planning -Disaster recovery planning

IT contingency planning

Dilma has been tasked with creating a list of potential employees to serve in an upcoming tabletop exercise. Which employees will be on her list? -Full-time employees -Only IT managers -All employees -Individuals on a decision-making level

Individuals on a decision-making level

Which can be used to establish geographical boundaries where a mobile device can and cannot be used? -Geolocation policies -Restricted access control policies -Location-based policies -Mobile device policies

Location-based policies

Agape was asked to make a recommendation regarding short-range wireless technologies to be supported in a new conference room that was being renovated. Which of the following would she NOT consider due to its slow speed and its low deployment levels today? -ANT -Infrared -Bluetooth -NFC

Infrared

How is the Security Assertion Markup Language (SAML) used? -It is no longer used because it has been replaced by LDAP. -It allows secure web domains to exchange user authentication and authorization data. -It is a backup to a RADIUS server. -It is an authenticator in IEEE 802.1x.

It allows secure web domains to exchange user authentication and authorization data.

Which statement regarding a honeypot is NOT true? -It is intentionally configured with security vulnerabilities. -It cannot be part of a honeynet. -It can direct an attacker's attention away from legitimate servers. -It is typically located in an area with limited security.

It cannot be part of a honeynet.

Which statement about Rule-Based Access Control is true? -It is considered a real-world approach by linking a user's job function with security. -It dynamically assigns roles to subjects based on rules. -It requires that a custodian set all rules. -It is considered obsolete today.

It dynamically assigns roles to subjects based on rules.

Which of these is NOT a characteristic of a disaster recovery plan (DRP)? -It is updated regularly. -It is a private document used only by top-level administrators for planning. -It is written. -It is detailed.

It is a private document used only by top-level administrators for planning.

Which statement about a mantrap is true? -It requires the use of a cipher lock. -It is a special keyed lock. -It is illegal in the United States. -It monitors and controls two interlocking doors to a room.

It monitors and controls two interlocking doors to a room.

What does containerization do? -It slows down a mobile device to half speed. -It places all keys in a special vault. -It splits operating system functions only on specific brands of mobile devices. -It separates personal data from corporate data.

It separates personal data from corporate data.

How is key stretching effective in resisting password attacks? -It takes more time to generate candidate password digests. -The license fees are very expensive to purchase and use it. -It requires the use of GPUs. -It does not require the use of salts.

It takes more time to generate candidate password digests.

A friend of Ukrit told him that he has just downloaded and installed an app that allows him to circumvent the built-in limitations on his Apple iOS smartphone. What is this called? -Rooting -Ducking -Jailbreaking -Sideloading

Jailbreaking

Which type of residential lock is most often used for keeping out intruders? -Privacy lock -Passage lock -Keyed entry lock -Encrypted key lock

Keyed entry lock

What is the version of the X.500 standard that runs on a personal computer over TCP/IP? -Lite RDAP -LDAP -IEEE X.501 -DAP

LDAP

What is the secure version of LDAP? -Secure DAP -LDAPS -802.1x -X.500

LDAPS

Which of these is an example of a nested RAID? -Level 0+1 -Level 0/1 -Level 1-0 -Level 0-1

Level 0+1

Which level of RAID uses disk mirroring and is considered fault-tolerant? -Level 3 -Level 2 -Level 4 -Level 1

Level 1

Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password? -Pass the hash attack -Rule attack -Mask attack -Rainbow attack

Mask attack

Which of the following is NOT a motion detection method? -Infrared -Magnetism -Radio frequency -Moisture

Moisture

Which of these is NOT a reason why users create weak passwords? -A lengthy and complex password can be difficult to memorize. -A security policy requires a password to be changed regularly. -Having multiple passwords makes it hard to remember all of them. -Most sites force users to create weak passwords even though they do not want to.

Most sites force users to create weak passwords even though they do not want to.

What is a token system that requires the user to enter the code along with a PIN called? -Token-passing authentication system -Dual-prong verification system -Single-factor authentication system -Multifactor authentication system

Multifactor authentication system

Which of the following must be kept secure as mandated by HIPAA? -PLILP -PHIL -PII -PHI

PHI

Which of the following command-line tools tests a connection between two network devices? -Netstat -Ping -Ifconfig -Nslookup

Ping

Which of the following should NOT be stored in a secure password database? -Salt -Iterations -Password digest -Plaintext password

Plaintext password

Which statement does NOT describe a characteristic of a policy? · Policies identify what tools and procedures are needed. · Policies define appropriate user behavior. · Policies communicate a unanimous agreement of judgment. · Policies may be helpful if it is necessary to prosecute violators.

Policies communicate a unanimous agreement of judgment.

Which of the following can a UPS NOT perform? -Prevent certain applications from launching that will consume too much power -Prevent any new users from logging on -Disconnect users and shut down the server -Notify all users that they must finish their work immediately and log off

Prevent certain applications from launching that will consume too much power

Which of the following covers the procedures of managing object authorizations? -Privilege management -Task management -Threat management -Asset management

Privilege management

Each of the following accounts should be prohibited EXCEPT: -Generic accounts -Shared accounts -Privileged accounts -Guest accounts

Privileged accounts

Which of the following data sensitivity labels has the lowest level of data sensitivity? -Unrestricted -Free -Public -Open

Public

Which of these is NOT a risk of connecting a mobile device to a public network? -Public networks may be susceptible to man-in-the-middle attacks. -Public networks are beyond the control of the employee's organization. -Replay attacks can occur on public networks. -Public networks are faster than local networks and can spread malware more quickly to mobile devices.

Public networks are faster than local networks and can spread malware more quickly to mobile devices.

With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage? -Lite RDAP -RDAP -RADIUS -DAP

RADIUS

Which type of OS is typically found on an embedded system? -COPE -RTOS -SoC -OTG

RTOS

What is the maximum length of time that an organization can tolerate between data backups? Recovery time objective (RTO) -Recovery point objective (RPO) -Recovery service point (RSP) -Optimal recovery timeframe (ORT)

Recovery point objective (RPO)

What does the abbreviation RAID represent? -Resistant Architecture of Inter-Related Data Storage -Redundant Array of Independent Drives -Resilient Architecture for Interdependent Discs -Redundant Array of IDE Drives

Redundant Array of Independent Drives

Which of the following is NOT a characteristic of an alarmed carrier PDS? -Carrier can be hidden above the ceiling -Requires periodic visual inspections -Eliminates the need to seal connections -Uses continuous monitoring

Requires periodic visual inspections

Tomassa is asked to determine the expected monetary loss every time a risk occurs. Which formula will she use? -SLE -ALE -ARO -AV

SLE

Which of the following is a cumulative package of all patches? -Rollup -Service pack -Patch -Hotfix

Service pack

Which of the following is NOT a security risk of social media sites for users? -Social media security is lax or confusing. -Social media sites use popup ads. -Personal data can be used maliciously. -Users may be too trusting.

Social media sites use popup ads.

Which stage is a "quality assurance" test that verifies the code functions as intended? -Production stage -Staging stage -Testing stage -Development stage

Staging stage

Which of the following is NOT a reason why supply chain infections are considered especially dangerous? -If the malware is planted in the ROM firmware of the device this can make it 5 or sometimes even impossible to clean an infected device. -Users are receiving infected devices at the point of purchase and are completely unaware that a brand new device may be infected. -Supply chains take advantage of the trusted "chain of trust" concept. -It is virtually impossible to closely monitor every step in the supply chain.

Supply chains take advantage of the trusted "chain of trust" concept.

What is the current version of TACACS? -TACACS v9 -TACACS+ -XTACACS -TRACACS

TACACS+

How does heuristic detection detect a virus? -The bytes of a virus are placed in different "piles" and then used to create a profile. -A virtualized environment is created and the code is executed in it. -A string of bytes from the virus is compared against the suspected file. -The virus signature file is placed in a suspended chamber before streaming to the CPU.

The bytes of a virus are placed in different "piles" and then used to create a profile.

At what point in a vulnerability assessment would an attack tree be utilized? -Risk mitigation -Threat evaluation -Risk assessment -Vulnerability appraisal

Threat evaluation

Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur? -Risk assessment -Attack assessment -Vulnerability prototyping -Threat modeling

Threat modeling

What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? -Daylight savings time -Civil time -Greenwich Mean Time (GMT) -Time offset

Time offset

When an unauthorized event occurs, what is the first duty of the cyber-incident response team? -To log off from the server -To secure the crime scene -To reboot the system -To back up the hard drive

To secure the crime scene

Which of the following is NOT true about privacy? -Today, individuals can achieve any level of privacy that is desired. -Privacy is the right to be left alone to the degree that you choose. -Privacy is difficult due to the volume of data silently accumulated by technology. -Privacy is freedom from attention, observation, or interference based on your decision.

Today, individuals can achieve any level of privacy that is desired.

Which of the following is NOT an advantage to an automated patch update service? -Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. -Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. -Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server. -Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available.

Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.

How can an SDIO card be made secure? -Requiring a username before accessing the SDIO card. -Turning on patch updates to the SDIO card. -SDIO cards are natively secure and no security settings are needed. -Using the security mechanisms on a standard Wi-Fi network.

Using the security mechanisms on a standard Wi-Fi network.

Which of the following is NOT a memory vulnerability? -Pointer deference -Variable overflow -DLL injection -Buffer overflow

Variable overflow

Which statement regarding vulnerability appraisal is NOT true? -Each threat could reveal multiple vulnerabilities. -Each vulnerability should be cataloged. -Every asset must be viewed in light of each threat. -Vulnerability appraisal is always the easiest and quickest step.

Vulnerability appraisal is always the easiest and quickest step.

Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm? -Penetration test -Vulnerability assessment -Risk appraisal -Vulnerability scan

Vulnerability assessment

Which model uses a sequential design process? -Rigid model -Secure model -Agile model -Waterfall model

Waterfall model

Which of the following is NOT a category of fire suppression systems? -Wet chemical system -Water sprinkler system -Dry chemical system -Clean agent system

Wet chemical system

Which authentication factor is based on a unique talent that a user possesses? -What you have -What you do -What you know -What you are

What you do

If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique? -White box -Blue box -Black box -Gray box

White box

Which of these is a list of approved email senders? -Yellowlist -Bluelist -Blacklist -Whitelist

Whitelist

Pakpao has been asked to provide research regarding a new company initiative to add Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Pakpao NOT list in his report as a factor in the frequency of Android firmware OTA updates? -Because OEMs and wireless carriers want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely. -Because many of the OEMs had modified Android, they are reluctant to distribute updates that could potentially conflict with their changes. -Both OEMs and wireless carriers are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates. -Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks.

Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks.

The chain of _____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. -evidence -custody -forensics -control

custody

A lock that extends a solid metal bar into the door frame for extra security is the _____. -full bar lock -deadman's lock -triple bar lock -deadbolt lock

deadbolt lock

What enforces the location in which an app can function by tracking the location of the mobile device? -GPS tagging -geofencing -location resource management -Graphical Management Tracking (GMT)

geofencing

What is the process of identifying the geographical location of a mobile device? -geolocation -geoID -geotracking -geomonitoring

geolocation

Why should the account lockout threshold not be set too low? -The network administrator would have to reset the account manually. -The user would not have to wait too long to have her password reset. -It could result in denial of service (DoS) attacks. -It could decrease calls to the help desk.

it could result in denial of service (DoS) attacks.

Which of these is feature for locating a lost or stolen mobile device? -thief picture -last known good configuration -alarm -remote lockout

last known good configuration

What allows a device to be managed remotely? mobile application management (MAM) mobile wrapper management (MWM) mobile resource management (MRM) -mobile device management (MDM)

mobile device management (MDM)

A(n) _____ is always running off its battery while the main power runs the battery charger. -off-line UPS -secure UPS -backup UPS -on-line UPS

on-line UPS

Which of these is considered the strongest type of passcode to use on a mobile device? -draw connecting dots pattern -fingerprint swipe -password -PIN

password

Which technology is NOT a core feature of a mobile device? -data synchronization capabilities -local non-removable data storage -physical keyboard -small form factor

physical keyboard

Jabez needs to alert through an SMS text message those corporate users who have a specific brand and type of mobile device regarding a serious malware incident. What technology will she use? -MAM -MCM -push notification services -COPE

push notification services

Gaetan has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. Which configuration setting is enabled on Gaetan's mobile device? -reset to factory settings -enable high security -extend lockout period -lock device

reset to factory settings

Which of these is NOT a response to risk? -avoidance -transference -mitigation -resistance

resistance

What prevents a mobile device from being used until the user enters the correct passcode? -touch swipe -screen timeout -swipe identifier (SW-ID) -screen lock

screen lock

Using one authentication credential to access multiple accounts or applications is known as _____. -single sign-on -credentialization -identification authentication -federal login

single sign-on

A RADIUS authentication server requires the ________ to be authenticated first. -authenticator -supplicant -user -authentication server

supplicant

Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites? -managerial -operational -technical -strategic

technical

While traveling abroad, Giuseppe needs to use public Internet cafe computers to access the secure network. Which of the following non-persistence tools should he use? · Snapshot · Live boot media · Revert to known state · Secure Configuration

· Live boot media

Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) represents a risk? · Policy-based risk calculation · Qualitative risk calculation · Rule-based risk calculation · Quantitative risk calculation

· Qualitative risk calculation


Ensembles d'études connexes

Tableau Certified Associate Architect Exam

View Set

Case 1, 2, and 3 student questions

View Set

Nervous system and sensory systems

View Set

Automation, Network Virtualization, Troubleshooting IP Connectivtity

View Set

nutrition ch 7 smartbook questions

View Set