ITN 260 Module 15 Review, ITN 260 Module 13 Review, ITN 260 Module 12 Review, Module 14, Quiz: Module 12 Authentication, Quiz 14, Quiz 11
Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device? A. Geo-spatial B. Geolocation C. Geo-tagging D. Geofencing
A. Geo-spatial
A BIA can be a foundation for which of the following? A. Functional recovery plan B. Site risk assessment C. Contingency reaction plan D. Resumption assessment plan
A. Resumption assessment plan
Which type of access control scheme uses predefined rules that makes it the most flexible scheme? a. DAC b. ABAC c. NAC d. MAC
ABAC
Which of these is a set of permissions that is attached to an object? a. Object modifier b. Entity attribute (EnATT) c. ACL d. SRE
ACL
What can be used to provide both filesystem security and database security? a. LDAPs b. RBASEs c. CHAPs d. ACLs
ACLs
Which of the following is NOT part of the AAA framework? a. Authorization b. Authentication c. Accounting d. Access
Access
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? a. Authorization b. Authentication c. Attestation d. Accountability
Attestation
Which of these is NOT a factor in determining restoration order? A. Dependencies B. Speed of implementation C. Process of fundamental importance D. Alternative business practices
B. Speed of implementation
Which of the following is NOT an MFA using a smartphone? a. SMS text message b. Authentication app c. Biometric gait analysis d. Automated phone call
Biometric gait analysis
Which of the following is NOT an MFA using a smartphone? a. SMS text message b. Automated phone call c. Authentication app d. Biometric gait analysis
Biometric gait analysis Gait analysis requires more technology than a smartphone to measure.
Which of these attacks is the last-resort effort in cracking a stolen password digest file? a. Brute force b. Rule list c. Hybrid d. Mask
Brute force
Which of the following is the most fragile and should be captured first in a forensics investigation? a. Kernel statistics b. CPU cache c. ARP cache d. RAM
CPU cache
What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor? a. SIP b. IP voice c. Call manager d. VoIP
Call Manager
Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing?
Change control policy
_____ biometrics is related to the perception, thought processes, and understanding of the user. a. Behavioral b. Intelligent c. Cognitive d. Standard
Cognitive
_____ biometrics is related to the perception, thought processes, and understanding of the user. a. Standard b. Intelligent c. Behavioral d. Cognitive
Cognitive Cognitive biometrics is considered to be much easier for the user to remember because it is based on the user's life experiences. This also makes it more difficult for an attacker to imitate. Cognitive biometrics is also called knowledge-based authentication.
Which of the following data types has the highest level of data sensitivity? a. Sensitive b. Confidential c. Secure d. Private
Confidential
Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found? a. Financial risk b. Reporting risk c. Monetary risk d. Control risk
Control Risk
What does an incremental backup do?
Copies all files changed since the last full or incremental backup
What is a disadvantage of biometric readers? a. Standards b. Cost c. Weight d. Speed
Cost
What is a disadvantage of biometric readers? a. Cost b. Weight c. Speed d. Standards
Cost Biometric readers can be very expensive.
Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances? A. DPPR B. BIA C. MTBF D. COOP
D. COOP
Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this? a. EOP b. EOL c. EOS d. EOA
EOL
Which of the following threats would be classified as the actions of a hactivist? a. Environmental threat b. External threat c. Compliance threat d. Internal threat
External Threat
Which of the following is NOT true about data sovereignty? a. Governments cannot force companies to store data within specific countries. b. Data sovereignty is a concept that until recently was less of an issue. c. Generally, data is subject to the laws of the country in which it is collected or processed. d. Regulations are not necessarily on where an organization is headquartered.
Governments cannot force companies to store data within specific countries.
Which one-time password is event driven? a. HOTP b. ROTP c. TOTP d. POTP
HOTP
Which human characteristic is NOT used for biometric identification? a. Height b. Fingerprint c. Iris d. Retina
Height Height cannot be used for biometric identification because many people share the same height.
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?
Hot site
Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea?
Impossible Travel
How is the Security Assertion Markup Language (SAML) used? a. It is no longer used because it has been replaced by LDAP. b. It is an authenticator in IEEE 802.1x. c. It allows secure web domains to exchange user authentication and authorization data. d. It serves as a backup to a RADIUS server.
It allows secure web domains to exchange user authentication and authorization data.
How is key stretching effective in resisting password attacks? a. It does not require the use of salts. b. It requires the use of GPUs. c. The license fees are very expensive to purchase and use it. d. It takes more time to generate candidate password digests.
It takes more time to generate candidate password digests.
How is key stretching effective in resisting password attacks? a. It takes more time to generate candidate password digests. b. It requires the use of GPUs. c. The license fees are very expensive to purchase and use it. d. It does not require the use of salts.
It takes more time to generate candidate password digests. Using general-purpose hash algorithms like MD5 and SHA is not considered secure for creating digests because these hashing algorithms are designed to create a digest as quickly as possible. The fast speed of general-purpose hash algorithms works in an attacker's favor. When an attacker is creating candidate digests, a general-purpose hashing algorithm can rapidly create a very large number of passwords for matching purposes. A more secure approach for creating password digests is to use a specialized password hash algorithm that is intentionally designed to be slower.
Which access control scheme is the most restrictive? a. DAC b. MAC c. Role-Based Access Control d. Rule-Based Access Control
MAC
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? a. ISA b. SLA c. BPA d. MOU
MOU
Which of the following is not a legally enforceable agreement but is still more formal than an unwritten agreement? a. MOU b. BPA c. SLA d. MSA
MOU
Which of the following is the Microsoft version of EAP? a. AD-EAP b. PAP-Microsoft c. EAP-MS d. MS-CHAP
MS-CHAP
Which of the following is the Microsoft version of EAP? a. AD-EAP b. EAP-MS c. MS-CHAP d. PAP-Microsoft
MS-CHAP EAP was created as a more secure alternative than the weak Challenge-Handshake Authentication Protocol (CHAP), and the Microsoft version of CHAP is MS-CHAP.
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password? a. Rainbow b. Overlay c. Mask d. Pass the hash
Mask
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?
Mean time to recovery (MTTR)
Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change?
Network location
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? a. NTLM b. Shibboleth c. OAuth d. Open ID
OAuth
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? a. Open ID b. NTLM c. OAuth d. Shibboleth
OAuth OAuth is a federation system technology that is an open source federation framework that can support the development of authorization protocols.
What device is always running off its battery while the main power runs the battery charger?
Online UPS
In which of the following threat classifications would a power blackout be classified? a. Operational b. Technical c. Strategic d. Managerial
Operational
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers? a. Password crackers differ as to how candidates are created. b. Most states prohibit password crackers unless they are used to retrieve a lost password. c. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken. d. Due to their advanced capabilities, they require only a small amount of computing power.
Password crackers differ as to how candidates are created. These programs create known digests (called candidates) and then compare them against the stolen digests. When a match occurs, then the attacker knows the underlying password. Password crackers differ as to how these candidates are created.
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts? a. Password spraying attack b. Offline brute force attack c. Role attack d. Online brute force attack
Password spraying attack A password spraying attack uses one or a small number of commonly used passwords (Password1 or 123456) and then uses this same password when trying to log in to several different user accounts. Because this targeted guess is spread across many different accounts instead of attempting multiple password variations on a single account, it is much less likely to raise any alarms or lock out the user account from too many failed password attempts.
Which of the following is an authentication credential used to access multiple accounts or applications? a. Federal login b. Identification authentication c. Credentialization d. Single sign-on
Single sign-on
Which of the following is NOT used for authentication? a. Something you can do b. Something you exhibit c. Somewhere you are d. Something you can find
Something you can find
Which of the following is NOT used for authentication? a. Something you can find b. Something you exhibit c. Somewhere you are d. Something you can do
Something you can find Something you can find is not used for authentication.
Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan? a. Simulation b. Incident Response Plan Evaluation (IRP-E) c. Tabletop d. Walkthrough
Tabletop
Which of the following is NOT a threat classification category? a. Financial b. Compliance c. Strategic d. Tactical
Tactical
What is a definition of RPO?
The maximum length of time that an organization can tolerate between back ups
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? a. Daylight savings time b. Time offset c. Greenwich Mean Time (GMT) d. Civil time
Time Offset
Which of the following is NOT a problem associated with log management? a. Different log formats b. Multiple devices generating logs c. Time-stamped log data d. Large volume of log data
Time-stamped log data
Which of the following is NOT a concern for users regarding the usage of their privacy data? a. Individual inconveniences and identity theft b. Statistical inferences c. Timeliness of data d. Associations with groups
Timeliness of data
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? a. Data custodian/steward b. Data privacy officer c. Data processor d. Data controller
Unknown
Which statement about Rule-Based Access Control is true? a. It requires that a custodian set all rules. b. It is considered a real-world approach by linking a user's job function with security. c. It is no longer considered secure. d. It dynamically assigns roles to subjects based on rules.
Unknown
Why are dictionary attacks successful? a. They use pregenerated rules to speed up the processing. b. Password crackers using a dictionary attack require less RAM than other types of password crackers. c. They link known words together in a "string" for faster processing. d. Users often create passwords from dictionary words.
Users often create passwords from dictionary words. Because users often create passwords from dictionary words, this makes the attack successful.
Fernando is explaining to a colleague how a password cracker works. Which of the following is a valid statement about password crackers? a. Due to their advanced capabilities, they require only a small amount of computing power. b. Password crackers differ as to how candidates are created. c. Most states prohibit password crackers unless they are used to retrieve a lost password. d. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken.
d. A password cracker attempts to uncover the type of hash algorithm that created the digest because once it is known, the password is broken.
Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets? a. IPFIX b. sFlow c. NetFlow d. journalctl
sFlow
Which tool is an open source utility for UNIX devices that includes content filtering? a. nxlog b. syslog c. rsyslog d. syslog-ng
syslog-ng
Which of the following can a UPS NOT perform? A. Prevent certain applications from launching that will consume too much power B. Disconnect users and shut down the server C. Prevent any new users from logging on D. Notify all users that they must finish their work immediately and log off
A. Prevent certain applications from launching that will consume too much power
Pablo has been asked to look into security keys that have a feature of a key pair that is "burned" into the security key during manufacturing time and is specific to a device model. What feature is this? a. Accountability b. Authentication c. Attestation d. Authorization
Attestation Attestation is a key pair that is "burned" into the security key during manufacturing and is specific to a device model. It can be used to cryptographically prove that a user has a specific model of device when it is registered.
Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new a data center because it would be located in an earthquake zone? a. Transference b. Prevention c. Avoidance d. Rejection
Avoidance
Which of the following is a document that outlines specific requirements or rules that must be met? A. Guideline B. Policy C. Framework D. Specification
B. Policy
Which of the following is NOT an element that should be part of a BCP? A. High availability B. Robustness C. Diversity D. Scalability
B. Robustness
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? a. Hybrid attack b. Brute force attack c. Custom attack d. Dictionary attack
Brute Force Attack
Which of these attacks is the last-resort effort in cracking a stolen password digest file? a. Rule list b. Mask c. Brute force d. Hybrid
Brute force As the slowest attack, a brute force attack is the last resort.
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? a. Brute force attack b. Dictionary attack c. Custom attack d. Hybrid attack
Brute force attack A brute force attack is the slowest yet most thorough type.
Which of the following is NOT true about RAID? A. It can be implemented in hardware or software B. Nested levels can combine other RAID levels C. It is designed primarily to backup data D. The most common levels of RAID are LEVEL 0, 1, 5, 6, and 10
C. It is designed primarily to back up data
Which of the following will a BIA NOT help determine? A. Mission-essential functions B. Identification of critical systems C. Single point of failure D. Percentage availability of systems
D. Percentage availability of systems
Which of the following uses data anonymization? a. Data masking b. Data minimization c. Tokenization d. Data obfuscation sanitization (DOS)
Data Masking
Which of the following is NOT a consequence to an organization that has suffered a data security breach? a. Reputation damage b. Monetary fine c. De-escalation of reporting requirements d. IP theft
De-escalation of reporting requirements
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? a. Preventive control b. Detective control c. Deterrent control d. Corrective control
Deterrent Control
Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose? a. Cyber Kill Chain b. Mitre ATT&CK c. Basic-Advanced Incident (BAI) Framework d. Diamond Model of Intrusion Analysis
Diamond Model of Intrusion Analysis
Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?
Disaster recovery planning
Which one-time password is event driven? a. ROTP b. POTP c. HOTP d. TOTP
HOTP Instead of changing after a set number of seconds, an HMAC-based one-time password (HOTP) password is "event driven" and changes when a specific event occurs, such as when a user enters a personal identification number (PIN) on the token's keypad, which triggers the token to create a random code.
Which human characteristic is NOT used for biometric identification? a. Retina b. Height c. Fingerprint d. Iris
Height
How is the Security Assertion Markup Language (SAML) used? a. It serves as a backup to a RADIUS server. b. It is an authenticator in IEEE 802.1x. c. It is no longer used because it has been replaced by LDAP. d. It allows secure web domains to exchange user authentication and authorization data.
It allows secure web domains to exchange user authentication and authorization data. Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. This allows a user's login credentials to be stored with a single identity provider instead of being stored on each web service provider's server.
Which of these creates a format of the candidate password to significantly reduce the time needed to crack a password? a. Rainbow b. Overlay c. Pass the hash d. Mask
Mask A mask can reduce the time needed to crack a password by creating a format.
Which of the following is a Linux utility that displays the contents of system memory? a. memdump b. WinHex c. dd d. Autopsy
Memdump
Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching?
NAS
Which of the following control categories includes conducting workshops to help users resist phishing attacks? a. Technical b. Operational c. Managerial d. Administrative
Operational
Which attack uses one or a small number of commonly used passwords to attempt to log in to several different user accounts? a. Role attack b. Online brute force attack c. Password spraying attack d. Offline brute force attack
Password spraying attack
Which of the following should NOT be stored in a secure password database? a. Iterations b. Password digest c. Salt d. Plaintext password
Plaintext password
Which of the following should NOT be stored in a secure password database? a. Plaintext password b. Iterations c. Salt d. Password digest
Plaintext password Passwords should never be stored in plaintext.
Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create? a. ARC Codebook b. Runbook c. Playbook d. SIEM-book
Playbook
Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data? a. Unrestricted b. Open c. Public d. Available
Public
Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed?
Public
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) to represent a risk? a. Quantitative risk calculation b. Rule-based risk calculation c. Policy-based risk calculation d. Qualitative risk calculation
Qualitative risk calculation
Which of these is NOT an incident response process step? a. Eradication b. Reporting c. Lessons learned d. Recovery
Reporting
Which of these is NOT a response to risk? a. Mitigation b. Transference c. Resistance d. Avoidance
Resistance
What is a list of potential threats and associated risks? a. Risk matrix b. Risk portfolio c. Risk register d. Risk assessment
Risk Register
Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use? a. ALE b. AV c. SLE d. ARO
SLE
Which of the following should be performed in advance of an incident? a. Isolation b. Capture c. Containment d. Segmentation
Segmentation
Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create? a. User account b. Service account c. Privilege account d. Generic account
Service Account
Which of the following is an authentication credential used to access multiple accounts or applications? a. Federal login b. Identification authentication c. Single sign-on d. Credentialization
Single sign-on One application of federation is single sign-on (SSO) or using one authentication credential to access multiple accounts or applications. SSO holds the promise of reducing the number of usernames and passwords that users must memorize.
Which of these is NOT a reason that users create weak passwords? a. The length and complexity required force users to circumvent creating strong passwords. b. Having multiple passwords makes it hard to remember all of them. c. A security policy requires a password to be changed regularly. d. A lengthy and complex password can be difficult to memorize.
The length and complexity required force users to circumvent creating strong passwords.
Which of these is NOT a reason that users create weak passwords? a. A lengthy and complex password can be difficult to memorize. b. A security policy requires a password to be changed regularly. c. Having multiple passwords makes it hard to remember all of them. d. The length and complexity required force users to circumvent creating strong passwords.
The length and complexity required force users to circumvent creating strong passwords. Length and complexity do not force users to circumvent creating strong passwords.
Why are dictionary attacks successful? a. Password crackers using a dictionary attack require less RAM than other types of password crackers. b. Users often create passwords from dictionary words. c. They use pregenerated rules to speed up the processing. d. They link known words together in a "string" for faster processing.
Users often create passwords from dictionary words.
