MIS 450 Final Exam

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

1234

​What PIN is considered to be the most commonly used PIN?

Credential Management

​Mobile Device Management systems that allow users to store usernames and passwords within a device are said to be using:

Type I

What PC Card type is typically used for memory?​

Bluesnarfing

A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as?

A video

A QR code can't contain which of the following items directly?

Guideline

A collection of suggestions that should be implemented are referred to as a:

Charmap.exe

A list of the available nonkeyboard characters can be seen in Windows by opening what utility?

Warm Site

A location that has all the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data, is an example of a:

A Faraday Cage

A metallic enclosure that prevents the entry or escape of an electromagnetic field is known as a:

Values

A person's fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person's:

Open Port

A port in what state below implies that an application or service assigned to that port is listening for any instructions?

Password

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:

Service Level Agreement

A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as:

System Image

A snapshot of the current state of a computer that contains all current settings and data is known as what option below:

Seperation of duties

A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:

Security Policy

A written document that states how an organization plans to protect the company's information technology assets is a

85%

According to the Federal Bureau of Investigation (FBI), what percentage of crime committed today leaves behind digital evidence that can be retrieved via computer forensics?

RADIUS

Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?

rogue

An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?

21

An administrator needs to examine FTP commands being passed to a server. What port should the administrator be monitoring?

Protocol Analyzer

An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

Closed Port

An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?

Transport Layer

At what level of the OSI model does the IP protocol function?

Personal Area Network

Bluetooth is an example of what type of technology below?

802.1d

Broadcast storms can be prevented by using loop prevention technology. Which item below can be used to help prevent loops?

BIND

DNS poisoning can be prevented using the latest edition of what software below?

Change Management Team

Due to the potential impact of changes that can affect all users in a organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?

Port Scanner

During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?

Acceptable Use Policies

Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?

VLAN

How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to?

Captive Portal Access Point

How can an administrator force wireless clients to use a standard web browser to provide information, and require a user to agree to a use policy or present valid login credentials?

Uninterruptible Power Supply

How can an administrator keep devices powered when power is interrupted?

Red

In a UAC prompt, what color is used to indicate the lowest level of risk?

Black Box

In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?

Infrastructure as a Service (IaaS)

In what type of cloud computing does the customer have the highest level of control?

Symmetric Server

In what type of server cluster can services fail over from downed servers to functional servers?

Location Services

Mobile devices with global positioning system (GPS) abilities typically make use of:​

Cluster

Multiple sectors on a disk, when combined, are referred to as a:

Protocol Analyzer

Passwords that are transmitted can be captured by what type of software?

Scatternet

Piconets in which connections exist between different piconets are known as a:

Security-related human resource policy

Policies that include statements regarding how an employee's information technology resources will be addressed are part of a:

IEEE 802.1x

Port-based authentication, in which users are authenticated on a per-switch port basis, is a function of what standard below?

Kerberos

Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:

A document that outlines specific requirements or rules that must be met

Select below the option that best describes a policy:

Extreme Capacity (SDXC)

Select below the option that is not one of the SD format card families:

Asymmetric Server

Select below the type of cluster that is used to provide high-availability applications that require a high level of read and write actions, such as databases, messaging systems, and file and print services:

Web-based

Select below the type of computing device that uses a limited version of the Linux operating system and uses a web browser with an integrated media player:

EAP-FAST

Select the EAP protocol supported by WPA2 Enterprise that securely tunnels any credential form for authentication using TLS:

Active Slave

Slave devices that are connected to a piconet and are sending transmissions are known as what?

Bluetooth v1.2

The IEEE 802.15.1-2005 standard is based on what version of the Bluetooth specifications?

ExpressCard

The PC Card and CardBus devices are being replaced by what technology?

DAP

The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?

Operation

The action that is taken by a subject over an object is called a(n):

ICMP

The capability for devices to exchange low-level control messages is provided by what protocol below?

Flood Guard

The deployment of this technology below can be used as a defense against DoS and DDoS SYN flood attacks:

Threat Modeling

The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?

Business continuity planning and testing

The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient, is known as:

RAM Slack

The remaining cluster space of a partially filled sector is padded with contents from RAM. What is the name for this type of scenario?

24 Bits

The use of one authentication credential to access multiple accounts or applications is referred to as?

Rainbow Tables

The use of what item below involves the creation of a large pregenerated data set of candidate digests?

Account Expiration

To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?

Orphaned

User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

Computer Forensics

Using technology to search for computer evidence of a crime in order to retrieve information, even if it has been altered or erased, that can be used in pursuit of an attacker or criminal is an example of:

social networking

Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites?

Sticky

What MAC limiting configuration setting allows for MAC addresses to be automatically learned and stored along with any addresses that were learned prior to using the configuration setting?

Mandatory Access Control

What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

Morals

What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called?

TACACS

What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?

DNS

What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments?

Salt

What can be used to increase the strength of hashed passwords?​

Access Point

What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks?

Router

What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks?

Human Memory

What is the center of the weakness of passwords?

Penetration Test Report

What is the end result of a penetration test?

32

What is the maximum number of characters that can exist within an SSID name?

Incident Management

What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

Access Control Model

What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?

Mirror Image

What is the name for an image that consists of an evidence-grade backup because its accuracy meets evidence standards?

Attack Surface

What is the name for the code that can be executed by unauthorized users within a software product?

HoneyNET

What is the term for a network set up with intentional vulnerabilities?

Remote Client

What is the term used for a device that requests permission from an authenticator to join a network?​

LDAP Injection

What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?

Standard biometrics

What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?

Volatile

What kind of data can be lost when a computer is turned off?

Visual

What kind of learners learn from taking notes, being at the front of the class, and watching presentations?

Privacy Policy

What kind of policy outlines how organizations use personal information it collects?

Drive File Slack

What kind of slack is created from information stored on a hard drive, which can contain remnants of previously deleted files or data?

Incident Response

What may be defined as the components required to identify, analyze, and contain an incident?

iOS

What mobile operating system below requires all applications to be reviewed and approved before they can be made available on the public store front?

LEAP

What proprietary EAP method developed by Cisco requires mutual authentication for WLAN encryption using Cisco client software?

TCP/IP

What protocol suite below is the most commonly used protocol for local area network (LAN) communication?

Confidentiality

What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?​

OAuth

What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?

Blanket Purchase Agreement

What term below describes a prearranged purchase or sale agreement between a government agency and a business?

On-boarding

What term below describes the start-up relationship between partners?​

Bluejacking

What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?

Chain of Custody

What term is used to describe a documentation of control over evidence, which is used to ensure that no unauthorized person was given the opportunity to corrupt the evidence?

Inventory Control

What term is used to describe the operation of stockrooms where mobile devices are stored prior to their dispersal to employees?

NetBIOS

What transport protocol is used by Windows operating systems to allow applications on separate computers to communicate over a LAN?

Evil Twin

What type of access point is configured by an attacker in such a manner that it mimics an authorized access point?

Offline Cracking

What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?

Brute Force

What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?

Kinesthetic

What type of learner learns best through hands-on approaches?

Auditory

What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

Mobile Device Management

What type of management system below can help facilitate asset tracking?

Disaster Recovery

What type of plans include procedures to address redundancy and fault tolerance as well as data backups?

Hybrid

What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?

Business Impact Analysis (BIA)

When a company needs to identify mission-critical business functions and quantify the impact a loss of such functions may have on the organization in terms of it's operational and financial position, what should be performed?

Hypervisor

When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems?

13

When using AES-CCMP, the AES-256 bit key requires how many rounds?​

MIB

When using SNMPv1 or SNMPv2, what piece of information is needed to view information from an agent?

Rule Based Access Control

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

AES-CCMP

Which encryption protocol below is used in the WPA2 standard?

HoneyPOT

Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

Baseline

Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard?

Transport Layer

Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?

Error

Which of the following choices is not one of the four types of packets used by EAP?

Decreased network utilization

Which of the following is not a benefit that can be provided by using IP telephony?​

Track Stolen Devices

Which of the following selections is not one of the features provided by a typical MDM?

Cloud Software as a Service

Which of the three Cloud computing service models allows a customer to access software provided by a vendor using a web browser, without any installation, configuration, upgrading, or management from the user?

Authenticator

Which option below is responsible for the issuing of EAP request packets?

Vulnerability Scan

Which scan examines the current security, in a passive method?

Single Point of Failure

Which term below describes a component or entity in a system which, if it no longer functions, will disable an entire system?

Andragogical

Which term below describes the art of helping an adult learn?

Dwell Time

Which term below describes the time it takes for a key to be pressed and then released?

Cognitive Biometrics

Which type of biometrics is based on the perception, thought process, and understanding of the user?

P2P

Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server?

Common Access Card

​A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:

RS232

​A laptop may have multiple hardware ports. Which of the following is not a typical port included on a laptop?

Subnotebook

​An ultrabook is an example of what type of a portable computer?

OpenID

​Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:

Removable Media Storage

​Select below the item that is not considered to be a basic characteristic of mobile devices:

RAID 5

​What RAID type below utilizes parity data across all drives instead of using a separate drive to hold parity error checking information?

Bittorrent

​What is the most common type of P2P network?

Personal Digital Assistant (PDA)

​What term below describes a hand-held mobile device that was intended to replace paper systems, and typically included an appointment calendar, an address book, a "to-do" list, a calculator, and the ability to record limited notes?


Ensembles d'études connexes

Fahmy 3030 THE HUNCHBACK OF NOTRE DAME 1

View Set

Exam 1 - Selling (Ch.1-4 Quizzes)

View Set

Bio 111 Ch. 9 & 10 Mitosis and Meiosis

View Set

Spanish 2 - Lección 6 - Prueba de práctica

View Set