Security+
cloud computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.
Software as a Service (SaaS)
A model of cloud computing in which the consumer can use the provider's applications, but they do not manage or control any of the underlying cloud infrastructure.
Infrastructure as a Service (IaaS)
A model of cloud computing that utilizes virtualization; clients pay an outsourcer for the resources used.
NIDS
A network-based intrusion detection system. An NIPS is an intrusion prevention system. Unlike an HIDS/HIPS, an NIDS/NIPS scans an entire network segment.
passive response
A nonactive response, such as logging. Passive response is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.
implicit deny
A condition that states that unless otherwise given, the permission will be denied.
wireless access point
A connection device used for clients in a radio frequency (RF) network.
switch
A network device that can replace a router or hub in a local network and get data from a source to a destination. Switching allows for higher speeds.
honeynet
A network that functions in the same manner as a honeypot.
alarm
A notification that an unusual condition exists and should be investigated.
least privilege
A permission method in which users are granted only the privileges necessary to perform their job function.
cable lock
A physical security deterrent used to protect a computer.
virus
A program intended to damage a computer system.
Wired Equivalent Privacy (WEP)
A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network.
hot aisles
A server room aisle that removes hot air.
shim
A small library that is created to intercept API calls transparently.
waterfall method
A software development method that uses very well-defined sequential phases.
macro virus
A software exploitation virus that works by using the macro feature included in many applications, such as Microsoft Office.
HSM (hardware security module)
A software or appliance stand-alone used to enhance security and commonly used with PKI systems.
privacy
A state of security in which information isn't seen by unauthorized parties without the express permission of the party involved.
rainbow table
A table of precomputed hashes used to guess passwords by searching for the hash of a password.
access control list (ACL)
A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.
radio frequency identification (RFID)
A technology that incorporates the use of electromagnetic coupling in the radio frequency (RF) portion of the spectrum to identify items uniquely (object, animal, person, credit cards, door access tokens, antishoplifting devices, and so on).
malicious insider threat
A threat from someone inside the organization intent on doing harm.
network scanner
A tool that enumerates your network and provides a map of the network.
denial-of-service (DoS)
A type of attack that prevents any users—even legitimate ones—from using a system.
multipartite virus
A virus that attacks a system in more than one way.
data disposal
Getting rid of/destroying media no longer needed.
What is a system that is intended or designed to be broken into by an attacker?
Honeypot
Which of the following is a system used for trapping attackers?
Honeypot
What is the machine on which virtualization software is running known as?
Host
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation?
Hotfix
Which of the following will not reduce EMI?
Humidity control
Which cloud delivery model could be considered an amalgamation of other types of delivery models?
Hybrid
Which device monitors network traffic in a passive manner?
IDS
Which of the following U.S. government agencies takes interest in improving the Internet?
IETF
polymorphic
An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to the viruses.
A configuration of multiple hard disks used to provide fault tolerance should a disk fail. Different levels of RAID exist.
Redundant Array of Independent Disks (RAID)
cold aisles
Server room aisles that blow cold air from the floor.
A periodic update that corrects problems in one version of a product is called a(n) __________.
Service pack
The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up to date. What is a bundle of one or more system fixes in a single product called?
Service pack
The process of reducing or eliminating susceptibility to outside interference is called what?
Shielding
attack surface
The area of an application that is available to users—those who are authenticated and, more importantly, those who are not.
interference
The byproduct of electrical processes. One common form of interference is Radio Frequency Interference (RFI), which is usually projected across a radio spectrum.
false rejection rate (FRR)
The rate at which a biometric solution rejects individuals it should have allowed.
bluejacking
The sending of unsolicited messages over a Bluetooth connection.
false negative
An event that should be flagged but isn't.
advanced persistent threats (APTs)
Any sophisticated series of related attacks taking place over an extended period of time.
zombie
Any system taking directions from a master control computer. Zombies are often used in distributed denial-of-service (DDoS) and botnet attacks.
data execution prevention (DEP)
Any technique that prevents a program from running without the user's approval.
attack
Any unauthorized intrusion into the normal operations of a computer or computer network. The attack can be carried out to gain access to the system or any of its resources.
Which of the following types of viruses is described in the statement given below? "It covers itself with protective code that prevents disassemblers from examining critical elements of it."
Armored
In which of the following phases of the IT security life cycle is the organization's current security posture described?
Assessment
Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on preestablished access and can't be changed by users?
MAC
Which of the following access control methodologies permits users to share information dynamically with other users?
DAC
Which AP-based technology can increase security dramatically by allowing or denying access based on a client's physical address?
MAC filtering
Which of the following is an agreement between two or more parties outlining their respective responsibilities in completing a particular goal?
MOU
Myra is concerned about database security. She wants to begin with a good configuration of the database. Which of the following is a fundamental issue with database configuration?
Normalization
The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified?
OCSP
cloud access security broker
On-premise or cloud-based security policy enforcement points.
network access control (NAC)
The set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.
hypervisor
The software that allows virtual machines to exist. The machine running the hypervisor is known as a host, while the instances of virtual machines are known as guests.
You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. Which model is used to provide an intermediary server between the end user and the database?
Three-tiered
Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session?
Tokens
intrusion detection system (IDS)
Tools that identify attacks using defined rules or logic and are considered passive. An IDS can be network based or host based.
intrusion prevention system (IPS)
Tools that respond to attacks using defined rules or logic and are considered active. An IPS can be network based or host based.
Which of the following is another name for social engineering?
Wetware
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.
acceptable use policy/rules of behavior
The purpose of hypervisor is to:
allow a virtual machine to exist.
Question 3 : Consider the following scenario. The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the SLE for this scenario?
$2 million
Consider the following scenario. The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following amounts is the ALE for this scenario?
$33,333.33
If you calculate the SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is ___________.
$40,000
Question 19 : If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE?
$6,250
Platform as a Service (PaaS)
A cloud service model wherein the consumer can deploy but does not manage or control any of the underlying cloud infrastructure.
federation
A collection of computer networks that agree on standards of operation, such as security standards.
QoS (quality of service)
A collection of technologies that provide the ability to balance network traffic and prioritize workloads.
firewall
A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access through public networks, including the Internet.
administrative control
A control implemented through administrative policies or procedures.
application-level proxy
A device or software that recognizes application-specific commands and offers granular control over them.
mantrap
A device, such as a small room, that limits access to one or a few individuals. Mantraps typically use electronic locks and other methods to control access.
honeypot
A fake system designed to divert attackers from your real systems. It is often replete with logging and tracking to gather evidence.
stateful packet inspection (SPI)
A firewall that not only examines each packet but also remembers the recent previous packets.
false positive
A flagged event that isn't really an event and has been falsely triggered.
rogueware
A form of malware that tries to convince the user to pay for a fake threat.
spear phishing
A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.
phishing
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via email.
cross-site request forgery (XSRF)
A form of web-based attack in which unauthorized commands are sent from a user that a website trusts.
appliance
A freestanding device that operates in a largely self-contained manner.
cryptographic hash
A function that is one-way (nonreversible), has a fixed length output, and is collision resistant.
HIDS
A host-based intrusion detection system. An HIPS is a host-based intrusion prevention system.
ping of death
A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host's buffer. A ping of death usually causes the remote host to reboot or hang.
clustering
A method of balancing loads and providing fault tolerance.
Agile development
A method of software development meant to be rapid.
fuzzing
A method of testing that intentionally enters invalid input to see if the application can handle it.
Secure Sockets Layer (SSL)
A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer.
proxy firewall
A proxy server that also acts as a firewall, blocking network access from external networks.
PRNG
A pseudo-random number generator is an algorithm used to generate a number that is sufficiently random for cryptographic purposes.
active response
A response generated in real time.
Internet Protocol Security (IPSec)
A set of protocols that enable encryption, authentication, and integrity over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3.
Security as a Service
A subscription-based business model intended to be more cost effective than smaller individuals/corporations could ever achieve on their own.
signature-based system
A system that acts based on the digital signature it sees and offers no repudiation to increase the integrity of a message.
buffer overflow
A type of denial-of-service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it (as the name implies).
proxy server
A type of server that makes a single Internet connection and services requests on behalf of many users.
proxy
A type of system that prevents direct communication between a client and a host by acting as an intermediary.
VDE
A virtual desktop environment (VDE) stores everything related to the user (wallpaper, folders, windows, and so on) remotely and client software locally simulates the user's desktop environment and capabilities while running them on the host.
retrovirus
A virus that attacks or bypasses the antivirus software installed on a computer.
stealth virus
A virus that attempts to avoid detection by masking itself from applications.
companion virus
A virus that creates a new program that runs in the place of an expected program of the same name.
armored virus
A virus that is protected in a way that makes disassembling it difficult. The difficulty makes it "armored" against antivirus programs that have trouble getting to, and understanding, its code.
Wi-Fi
A wireless network operating in the 2.4 GHz or 5 GHz range.
Xmas attack
An advanced attack that tries to get around detection and send a packet with every single option enabled.
DNS poisoning
An attack method in which a daemon caches DNS reply packets, which sometimes contain other information (data used to fill the packets). The extra data can be scanned for information useful in a break-in or man-in-the-middle attack.
zero-day exploit
An attack that begins the very day an exploit is discovered.
replay attack
An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection.
Address Resolution Protocol (ARP) poisoning
An attack that convinces the network that the attacker's MAC (Media Access Control) address is the one associated with an allowed address so that traffic is wrongly sent to attacker's address.
IV attack
An attack that involves looking at repeated results in order to crack the WEP secret key.
man-in-the-middle
An attack that occurs when someone/something that is trusted intercepts packets and retransmits them to another party. Man-in-the-middle attacks have also been called TCP/IP hijacking in the past.
social engineering
An attack that uses others by deceiving them. It does not directly target hardware or software, but instead it targets and manipulates people.
script kiddy
An attacker with very minimal skills.
spoofing
An attempt by someone or something to masquerade as someone/something else.
Wi-Fi Protected Setup (WPS)
An authentication process that requires the user to do something in order to complete the enrollment process. Examples include pressing a button on the router within a short time period, entering a PIN, or bringing the new device close.
Kerberos
An authentication protocol developed at MIT that uses tickets for authentication.
Challenge Handshake Authentication Protocol (CHAP)
An authentication protocol that periodically reauthenticates.
bot
An automated software program (network robot) that collects information on the web. In its malicious form, a bot is a compromised computer being controlled remotely.
Faraday cage
An electrically conductive wire mesh or other conductor woven into a "cage" that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.
alert
An indication that an unusual condition could exist and should be investigated.
host-based IDS (HIDS)
An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.
network intrusion prevention system (NIPS)
An intrusion prevention system that is network based.
Open Web Application Security Project (OWASP)
An online community that develops free articles, documentation, tools, and more on web application security.
backdoor
An opening left in a program application (usually by the developer) that allows additional access to data. Typically, a backdoor is created for debugging purposes and is not documented. Before the product ships, the backdoors are closed; when they aren't closed, security loopholes exist.
rogue access point
An unauthorized wireless access point on a network.
wetware
Another term for social engineering.
Trojan horse
Any application that masquerades as one thing in order to get past scrutiny and then does something malicious. One of the major differences between Trojan horses and viruses is that Trojan horses tend not to replicate themselves.
hybrid cloud
Any cloud delivery model that combines two or more of the other delivery model types.
logic bomb
Any code that is hidden within an application and causes something unexpected to happen based on some criteria being met. For example, a programmer could create a program that always makes sure her name appears on the payroll roster; if it doesn't, then key files begin to be erased.
malicious code
Any code that is meant to do harm.
symmetric cipher
Any cryptographic algorithm that uses the same key to encrypt and decrypt. DES, AES, and Blowfish are examples.
password attacks
Attempting to ascertain a password that you should not know.
Tom has been instructed to find a security standard, applicable to the United States, that will help him develop appropriate security policies. He has found a standard that describes 8 principles and 14 practices that can be used to develop security policies. What standard is Tom most likely reviewing?
NIST 800-14
Which network devices are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two?
Bridges
During a training session, you want to impress upon users the serious nature of security and, in particular, cryptography. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use?
NSA
If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called:
Desensitizing
Internet of Things (IoT)
Devices that interact on the Internet, without human intervention.
Ahmed has been directed to ensure that LDAP on his network is secure. LDAP is an example of which of the following?
Directory access protocol
Karl has checked into a hotel after a long day of travel. He is attempting to check his daily deluge of email messages using the free in-room Wi-Fi, but it keeps losing the connection. When he calls the front desk, they suggest that he might want to use the premium Wi-Fi (which costs more) to get a better connection. What type of attack could this scenario represent?
Disassociation
With Bluetooth devices suddenly popping up everywhere in your network, you want to secure as many of them as possible. One of the simplest methods of securing these devices is not to set their attribute to:
Discoverable.
load balancing
Dividing a load for greater efficiency of management among multiple devices.
What is the process of managing and provisioning computer datacenters through machine-readable definition files called?
IaC
GoGrid is a well-known example of which of the following cloud computing models?
IaaS
In which cloud service model can the consumer "provision" and "deploy and run"?
IaaS
watering hole attack
Identifying a site that is visited by those whom they are targeting, poisoning that site, and then waiting for the results.
Which of the following attacks involves any act of pretending to be another person to obtain information?
Impersonation
personally identifiable information (PII)
Information that can be uniquely used to identify, contact, or locate a single person. Examples include Social Security number, driver's license number, fingerprints, and handwriting.
restricted information
Information that isn't made available to all and to which access is granted based on some criteria.
In which of the following attacks does an attacker crack the WEP secret key?
Initialization vector
Gerard is concerned about SQL injection attacks on his company's e-commerce server. What security measure would be most important for him to implement?
Input validation
stateful inspection
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communications channel.
During an automated updated procedure, a database is updated with wrong data. Which of the following is compromised?
Integrity
sandboxing
Isolating applications to keep users of them from venturing to other data.
What is a PGP?
It is a freeware email encryption system.
In a hot and cold aisle system, what is the typical method of handling cold air?
It is pumped in from below raised floor tiles.
Juanita is the security administrator for a large university. She is concerned about copyright issues and wants to ensure that her university does not violate copyrights. What would be her main concern regarding unauthorized software?
It might be copyrighted.
An attacker intentionally obstructs or interferes with a signal and prevents the legitimate device from communicating. This is described as what type of an attack?
Jamming
Evan fears that the tenant in the office next door is using RF interference to try to force his small company to vacate the building in frustration. Purposely obstructing or interfering with a signal is known as which of the following?
Jamming
Terrance is examining an authentication system that was developed at MIT and uses tickets for authentication. What system is Terrance most likely examining?
KERBEROS
You've been assigned to mentor a junior administrator and bring her up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems?
Kerberos
Your company has implemented email encryption throughout the enterprise. You are concerned that someone might lose their cryptographic key. You want to implement some mechanism for storing copies of keys and recovering them. What should you implement?
Key escrow
Key escrow is implemented for which of the following?
Key recovery
You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately, you notice that they're using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process?
Key transmission
A directory protocol that includes all the information about a network is a/an:
LDAP protocol.
Which EAP protocol uses a modified version of MS-CHAP?
LEAP
Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more?
Least privilege
Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—used to shift a load from one device to another?
Load balancer
Which of the following does not apply to a hashing algorithm?
Long key size
dumpster diving
Looking through trash for clues—often in the form of paper scraps—to find users' passwords and other pertinent information.
Which problem can occur when more than one bridge or switch is implemented on the network, and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not?
Loops
Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects?
Low CER
In which of the following access control methodologies are all access capabilities predefined?
MAC
John is concerned about message integrity. He wants to ensure that message integrity cannot be compromised no matter what the threat. What would best help him accomplish this goal?
MAC
Which of the following risk measurements evaluates a system's reliability and life expectancy?
MTBF
IP spoofing
Making the data look as if it came from a trusted host when it didn't (thus spoofing the IP address of the sending host).
An attacker successfully places a malicious software between two communicating hosts to record information. What type of attack is this known as?
Man-in-the-middle
Which of the following is an intermediate access control mechanism used in a high-security installation that requires visual identification, as well as authentication, to gain access?
Mantrap
MAC is an acronym for what as it relates to cryptography?
Message authentication code
attack surface reduction (ASR)
Minimizing the possibility of exploitation by reducing the amount of code and limiting potential damage.
ARP spoofing
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.
cloud bursting
Moving the execution of an application to the cloud on an as-needed basis.
After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?
Multifactor
Which of the following terms implies hosting data from more than one consumer on the same equipment?
Multitenancy
Which of the following terms means that workloads from various clients can be on the same machine?
Multitenancy
Which of the following is the term used whenever two or more parties authenticate each other?
Mutual authentication
Which is the process of translating the private IP address to a public IP address so that it can be routed across the Internet?
NAT
What technology is used to send data between phones that are in close proximity to each other?
NFC
Which technology establishes communication between devices when they are close together?
NFC
Ahmed has been working to mitigate the threat of malware in his network. He has selected a specific vendor (Vendor ABC) for his antivirus software. He is using ABC products everywhere he needs antivirus software. Is this the correct decision? Why or why not
No, this violates vendor diversity.
Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide?
Nonrepudiation
Mary is responsible for website security in her company. She wants to address widely known and documented web application vulnerabilities. Which resource would be most helpful?
OWASP
OAUTH
Open Authorization standard. It is a common method for authorizing websites or applications to access information.
Your system is infected with a virus that can modify signature each time it is executed to fool antivirus software. Which type of virus is this?
Polymorphic
impersonation
Pretending to be another person to gain information.
URL hijacking
Registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
Which of the following testing verifies the changes made to a software program to ensure that the older programming still works with the new changes?
Regression
Juan has just made a minor change to the company's e-commerce application. The change works as expected. What type of testing is most important for him to perform?
Regression testing
Jarod is evaluating web-based, single sign-on solutions. Which of the following technologies is most associated with web page authorization?
SAML
With which of the following subscription-based models is security more cost effective than individuals or smaller corporations could ever get on their own?
SECaaS
Juanita is implementing a security mechanism that will fully encrypt the hard drive of laptops in her organization. The encryption and decryption will be automatic. What best describes what Juanita is implementing?
SED
An attack in which a hacker manipulates database code for retrieving information is a/an:
SQL injection attack.
stored procedures
SQL statements written and stored on the database that can be called by applications.
Which of the following is used for naming 802.11 wireless networks?
SSID
Which of the following can be used to offload the public-key encryption to a separate hardware plug-in card?
SSL accelerator
Which of the following work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination?
SSL decryptors
To combat the loop problem, which of the following technologies enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent problems?
STP
In which of the following cloud service models are applications accessible from a thin client interface, such as a web browser?
SaaS
Which cloud service model gives the consumer the ability to use applications provided by the cloud provider over the Internet?
SaaS
What is the term for restricting an application to a safe/restricted resource area?
Sandboxing
What is the term used for running applications in restricted memory areas to provide escape protection?
Sandboxing
Which of the following would be the most secure way to deploy a legacy application that requires a legacy operating system?
Sandboxing
privacy filters
Screens that restrict viewing of monitors to only those sitting in front of them.
In symmetric algorithm, sender uses the private key to encrypt a message. Which key will be used to decrypt that message?
Secret
SIEM
Security information and event management (SIEM) software combines security information management (SIM) and security event management (SEM) functions to provide real-time analysis of security alerts.
perimeter security
Security set up on the outside of the network or server to protect it.
You're the leader of the security committee at ACME Company. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following categories best describes a motion detector mounted in the corner of a hallway?
Security zone
Which component is a primary data collection point for the IDS/IPS?
Sensor
Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization?
Separation of duties
Implementing privacy filter on screen helps mitigate which of the following social engineering attacks?
Shoulder surfing
What is the process of reducing the size of objects to make them no longer usable called?
Shredding
Which of the following systems is also known as misuse-detection intrusion detection system?
Signature-based
Dennis has implemented an authentication system that uses a password, a PIN, and the user's birthday. What best describes this system?
Single factor
Which of the following integrates the required electronic circuits of system components onto a single chip?
SoC
You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you want to have the product certified. Which certification is used to indicate minimal electronic emissions?
TEMPEST
Which protocol is employed to strengthen WEP encryption?
TKIP
Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols?
TLS
What is the name assigned to a chip that stores cryptographic keys, passwords, or certificates?
TPM
Which of the following is a chip that can store cryptographic keys, passwords, or certificates?
TPM
Which of the following is a packet sniffer tool?
Tcpdump
control types
Technical, physical, or administrative measures in place to assist with resource management.
near field communication (NFC)
Technology that enables communication between devices when they're "touched" together. Often used to verify (often through RFID or Wi-Fi) that the device is present.
DNS spoofing
The DNS server is given information about a name server that it thinks is legitimate when it isn't.
802.1x
The IEEE standard that defines port-based security for wireless network access control.
SSID
The Service Set Identifier (SSID) is used by the access point of a wireless LAN to identify itself and is intended to be unique for a particular area/entity on a network.
X.509
The X.509 standard is the most widely used standard for digital certificates.
VM escape
The act of breaking out of one virtual machine into one or more others on the same physical host.
fire suppression
The act of stopping a fire and preventing it from spreading.
key management
The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction and replacement.
Domain Name System (DNS)
The network service used in TCP/IP networks that translates hostnames to IP addresses.
When going with a public cloud delivery model, who is accountable for the security and privacy of the outsourced service?
The organization
access point (AP)
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).
crossover error rate (CER)
The point at which the FRR and FAR are equal. Sometimes called the equal error rate (ERR).
least privilege policy
The policy of giving a user only the minimum permissions needed to do the work that must be done.
information classification
The process of determining what information is accessible, to what parties, and for what purposes.
encapsulation
The process of enclosing data in a packet.
hardening
The process of making a server or an application resistant to an attack.
Infrastructure as Code (IaC)
The process of managing and provisioning computer datacenters through machine-readable definition files.
database normalization
The process of removing duplication in a relational database.
false acceptance rate (FAR)
The rate at which a biometric solution incorrectly authorizes a non-authorized person.
privilege escalation
The result when a user obtains access to a resource that they wouldn't normally be able to access. Privilege escalation can be done inadvertently by running a program with Set User ID (SUID) or Set Group ID (SGID) permissions or by temporarily becoming another user (via su or sudo in Unix/Linux or RunAs in Windows). It can also be done purposefully by an attacker seeking full access.
You have added a new child domain to your network. As a result of this, the child has adopted all of the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this?
Transitive access
In which two modes can IPSec work?
Tunneling and Transport
Which of the following is similar to Blowfish but works on 128-bit blocks?
Twofish
Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher?
Type B
You've been drafted for the safety committee. One of your first tasks is to inventory all the fire extinguishers and make certain that the correct types are in the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires?
Type C
Which type of hypervisor implementation is known as "bare metal"?
Type I
Which type of hypervisor implementation is known as "hosted"?
Type II
Which type of hypervisor model is described in the statement given below? "It is dependent on the operating system and runs on top of another operating system."
Type II
hoax
Typically, an email message warning of something that isn't true, such as an outbreak of a new virus. A hoax can send users into a panic and cause more harm than the virus.
clickjacking
Using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page.
Which of the following is created by configuring a set of ports on a switch to behave like a separate network?
VLAN
An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.
business partners agreement (BPA)
The process of scrambling or complicating characters to hide their value is known as:
ciphering
Your system continues to operate even though its disk drive has failed. This ability is known as:
fault tolerance.
The process of making an operating system secure without the addition of third-party software is known as:
hardening.
As defined by NIST (in Publication 800-47), it is "an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations."
interconnection security agreement (ISA)
The maximum period of time that a business process can be down before the survival of the organization is at risk.
maximum tolerable downtime (MTD)
The measurement of the anticipated lifetime of a system or component.
mean time between failures (MTBF)
The measurement of the average of how long it takes a system or component to fail.
mean time to failure (MTTF)
The measurement of how long it takes to repair a system or component once a failure occurs.
mean time to restore (MTTR)
Most commonly known as an MOU rather than MOA, this is a document between two or more parties defining their respective responsibilities in accomplishing a particular goal or mission, such as securing a system.
memorandum of understanding (MOU)/memorandum of agreement (MOA)
Which network utility is used for both Windows and Linux?
netstat
The process of removing duplicate entries from a database is called as:
normalization
A social engineering attack in which malicious user uses a telephone for illegal access of data is known as:
vishing
A flaw or weakness in some part of a system's security procedures, design, implementation, or internal controls that could expose it to danger (accidental or intentional) and result in a violation of the security policy.
vulnerability
The potential percentage of loss to an asset if a threat is realized.
exposure factor (EF)
Kristin from Payroll has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true?
Suspended keys can be reactivated.
As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency?
Switch
Which of the following are multiport devices that improve network efficiency?
Switches
What is the port number used by the Telnet protocol?
23
Question 18 : Consider the following scenario. The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the ARO for this scenario?
0.0167
With near field communication (NFC) technology, the industry tends to use what distance as "near"?
1.6 inches
Proximity readers work with which of the following? (Choose all that apply.)
125 kHz proximity card 13.56 MHZ smart card
What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet?
128-bit
What is the size of the wrapper that TKIP places around the WEP encryption for increasing security?
128-bit
At which of the following layers of the OSI model does an access point work?
2
What is the size of the initialization vector (IV) that WEP uses for encryption?
24-bit
At which of the following layers of the OSI model does the IPsec protocol operate?
3
How many minimum number of disks are required for implementing RAID 5?
3
How many levels of normalization are there in a database?
4
How many phases of the IT security life cycle are defined in the NIST 800-35 standard?
6
Which of the following standards is also referenced as WPA2?
802.11i
Which standard defines port-based security for wireless network access control?
802.1x
information security management system (ISMS)
A broad term that applies to a wide range of systems used to manage information security.
public cloud
A cloud delivery model available to others.
private cloud
A cloud delivery model owned and managed internally.
SSID broadcast
An access point's broadcasting of the network name.
You are a network administrator for ACME Corporation. You want to implement a new access control mechanism. The mechanism you are considering takes into account the entire environment/scenario of the access request. What does this describe?
ABAC
Which of the following algorithms supports key sizes of 128, 192, and 256 bits?
AES
You need to encrypt your hard drive. Which of the following is the best choice?
AES
Which of the following is the monetary measure of how much loss can be expected for an asset due to a risk in a year?
ALE
Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware?
Acceptable use
Which of the following policy statements should address who is responsible for ensuring that the policy is enforced?
Accountability
Which type of load balancing configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in?
Active-active
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?
Administrator
You are concerned about your backup files becoming infected with malware. Which of the following technologies would be best to protect your backup?
Air-gap
Encapsulating Security Payload (ESP)
An IPSec header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).
Authentication Header (AH)
An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.
National Institute of Standards and Technology (NIST)
An agency (formerly known as the National Bureau of Standards [NBS]) that has been involved in developing and supporting standards for the U.S. government for over 100 years. NIST has become involved in cryptography standards, systems, and technology in a variety of areas. It's primarily concerned with governmental systems, where it exercises a great deal of influence.
anomaly-detection IDS (AD-IDS)
An anomaly-detection intrusion detection system works by looking for deviations from a pattern of normal network traffic.
all-in-one appliance
An appliance that performs multiple functions.
network-based IDS (NIDS)
An approach to an intrusion detection system (IDS); it attaches the system to a point in the network where it can monitor and report on all network traffic.
evil twin
An attack in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
disassociation
An attack in which the intruder sends a frame to the AP with a spoofed address to make it look like it came from the victim and disconnects them from the network.
Which of the following is the gaining of unauthorized access through a Bluetooth connection?
Bluesnarfing
Which of the following types of attacks involves the sending of unsolicited messages over a Bluetooth connection?
Bluejacking
The risk assessment component, in conjunction with the __________, provides the organization with an accurate picture of the situation facing it.
BIA
Which process evaluates all of the critical systems in an organization to define impact and recovery plans?
BIA
Which of the following terms refers to the process of establishing a standard for security?
Baselining
Which technology uses a physical characteristic to establish identity?
Biometrics
salt
Bits added to a hash to make it resistant to rainbow table attacks.
What is the primary organization for maintaining certificates called?
CA
Which of the following is a type of smartcard issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?
CAC
You are working as a security administrator for a small financial institution. You want to use an authentication method that will periodically reauthenticate clients. Which protocol is best suited for this?
CHAP
Which of the following controls of ISO 27017 states that the customer and the cloud provider both must ensure the virtual machines are hardened?
CLD.9.5.2
Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate?
CRL
PTZ
Cameras that can pan, tilt, and zoom.
Personal Identity Verification (PIV)
Card required of federal employees and contractors to gain access (physical and logical) to government resources.
What document describes how a CA issues certificates and for what they are used?
Certificate policies
Which of the following is the best example of perimeter security?
Chain link fence
Which of the following is the structured approach that is followed to secure a company's assets?
Change management
A client calls you and says that he wants to turn off the SSID broadcast on his small network because he is afraid that those simply scanning for a network are finding it and trying to connect to it. You inform him that this is a very weak form of security and suggest some other options, but he is insistent on this being done. What is this form of hiding the router known as?
Cloaking
Which of the following are on-premise or cloud-based security policy enforcement points?
Cloud access security brokers
During the times when your server becomes too busy, you offload traffic to resources from a cloud provider through which implementation?
Cloud bursting
When your servers become too busy, you can offload traffic to resources from a cloud provider. This is known as which of the following?
Cloud bursting
community cloud
Cloud delivery model in which the infrastructure is shared by organizations with something in common.
Separation of duties helps to prevent an individual from embezzling money from a company. To embezzle funds successfully, an individual would need to recruit others to commit an act of __________ (an agreement between two or more parties established for the purpose of committing deception or fraud).
Collusion
vishing
Combining phishing with Voice over IP (VoIP).
Which cloud delivery model has an infrastructure shared by several organizations with shared interests and common IT needs?
Community
Which of the following terms is defined in the statement given below? "It limits access on certain types of information to retain its privacy."
Confidentiality
Which method of virtualization runs various isolated systems on a control host using a single kernel?
Container
physical controls
Controls and countermeasures of a tangible nature intended to minimize intrusions.
preventive controls
Controls intended to prevent attacks or intrusions.
detective control
Controls that are intended to identify and characterize an incident in progress (for example, sounding the alarm and alerting the administrator).
technical controls
Controls that rely on technology.
baselining
Creating a fundamental, or baseline, security level.
prototyping
Creating a version of an application that has only the bare minimum functionality so that it can be evaluated before further development.
typo squatting
Creating domains that are based on the misspelling of another.
asymmetric cipher
Cryptographic algorithms that use two different keys—one key to encrypt and another to decrypt. Also called public key cryptography.
You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign?
Delete
The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be slightly reduced. Which access model allows users some flexibility for information-sharing purposes?
DAC
Which network component monitors and protects the contents of systems to prevent it from unauthorized use?
DLP
Which of the following is a physical or logical subnetwork that allows restrictive access to untrusted users?
DMZ
Which process permanently wipes the content from a given device before it is repurposed?
Data sanitization
Big Data
Data that is larger than what can be handled with traditional tools and algorithms.
NoSQL database
Datastores that do not use a relational structure.
What is a disassociation attack more commonly known as?
Deauthentication attack
Which of the following is an active response strategy?
Deception
Which feature of cloud computing involves dynamically provisioning (or deprovisioning) resources as needed?
Elasticity
virtualization
Emulating one or more physical computers on the same host.
Elizabeth works for a company that manufactures portable medical devices, such as insulin pumps. She is concerned about security for the device. Which of the following would be the most helpful in securing these devices?
Ensure that all communications with the device are encrypted.
As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage?
Environmental controls
In which of the following attacks does a rogue access point appear as a legitimate wireless service provider to intercept information?
Evil twin
Which of the following is attack in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit?
Evil twin
Which of the following policy statements may include an escalation contact in the event that the person dealing with a situation needs to know whom to contact?
Exception
Which of the following agreements contains the technical information regarding the technical and security requirements of the interconnection between two or more organizations?
ISA
Which of the following encrypts the entire disk, not just a specific file or folder?
FDE
What is the term used for events that were mistakenly flagged although they weren't truly events about which to be concerned?
False positives
What kind of network security device isolates one network from another?
Firewall
Which of the following is the best description of tailgating?
Following someone through a door they just unlocked
tailgating
Following someone through an entry point.
An invalid input is intentionally entered in an application to check if the application can handle it. Which type of testing is performed?
Fuzzing
John is responsible for application security at his company. He is concerned that the application reacts appropriately to unexpected input. What type of testing would be most helpful to him?
Fuzzing
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash?
Fuzzing
compensating controls
Gap controls that fill in the coverage between other types of vulnerability mitigation techniques. (Where there are holes in coverage, we compensate for them.)
Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire?
Gas-based
VM sprawl
Growth that occurs on a large number of virtual machines and requires resources—usually administration related—to keep up with.
You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and to create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task?
Guidelines
Who among the following attacks a network due to some political issue?
Hacktivist
You are a junior security administrator for a large bank. You have been asked to make the database servers as secure as they can be. The process of making certain that an entity (operating system, application, and so on) is as secure as it can be is known as which of the following?
Hardening
You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a network operating system (NOS)?
Hardening
Which IDS system uses algorithms to analyze the traffic passing through the network?
Heuristic
Which of the following approaches of IDS uses algorithms to analyze the traffic passing through the network?
Heuristic system
Which term describes an email message that warns of something that isn't true?
Hoax
Ahmed is responsible for security of a SCADA system. If availability is his biggest concern, what is the most important thing for him to implement?
IPS
Which of the following protocols encrypts and authenticates network transmissions?
IPSec
You've been notified that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security?
IPSec
embedded system
Operating system in a device, sometimes on a single chip.
Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice?
PGP
Which cloud service model provides the consumer with the infrastructure to create applications and host them?
PaaS
What is the process of applying manual changes to a program called?
Patching
What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request?
Phishing
You received an email that appears to be a legitimate request asking for some personal information. What type of attack is this known as?
Phishing
whaling
Phishing only large accounts
An attacker sends large ICMP packet to overflow the remote host's buffer. This describes which of the following attacks?
Ping of death
John is working on designing a network for the insurance company where he is employed. He wants to put the web server in an area that has somewhat less security so that outside users might access it. But he does not want that to compromise the security of the rest of the network. What would be John's best approach?
Place the web server in a DMZ.
cross-site scripting (XSS)
Running a script routine on a user's machine from a website without their permission.
Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?
Prevents unauthorized packets from entering the network
Which cloud delivery model is implemented by a single organization, enabling it to be implemented behind a firewall?
Private
control
Processes or actions used to respond to situations or events.
secure coding
Programming in a manner that is secure.
Address Resolution Protocol (ARP)
Protocol used to map known IP addresses to unknown physical addresses.
What is another name for a dual-homed firewall?
Proxy
Which cloud delivery model could be considered a pool of services and resources delivered across the Internet by a cloud provider?
Public
Although a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of which of the following?
Public and private
jamming
Purposely obstructing or interfering with a signal.
integer overflow
Putting too much information into too small of a space that has been set aside for numbers.
What protocol is used by technologies for load balancing/prioritizing traffic?
QoS
Which organization can be used to identify an individual for certificate issue in a PKI environment?
RA
In which of the following RAID levels is all data lost if one of the drives fails?
RAID 0
Which of the following RAID levels is also known as disk striping with parity?
RAID 5
Your office administrator is being trained to perform server backups. Which access control method would be ideal for this situation?
RBAC
You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym?
RFC
Which of the following technologies is used to identify and track tags attached to objects?
RFID
You are responsible for e-commerce security at your company. You want to use the most widely implemented asymmetric algorithm available today. Which of the following is the most widely used asymmetric algorithm today?
RSA
Denish is testing an application that is multithreaded. Which of the following is a specific concern for multithreaded applications?
Race conditions
RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following?
Radio spectrum
Which type of malware demands payment from a user before restoring his/her data?
Ransomware
Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You're helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads?
Relational
In which of the following attacks does an attacker capture the information and maliciously reuse for a purpose other than intended?
Replay
What type of attack captures portions of a session to play back later to convince a host that it is still talking to the original connection?
Replay
Which of the following is an example of biometric device?
Retinal scanner
Which type of virus attacks antivirus software and destroys virus definition database file?
Retrovirus
Which of the following risk strategies acknowledges that a risk exists and chooses to do nothing about it?
Risk acceptance
Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to live with it?
Risk acceptance
Which of the following strategies involves identifying a risk and making the decision to discontinue engaging in the action?
Risk avoidance
Which of the following strategies is accomplished any time you take steps to reduce risk?
Risk mitigation
Which of the following strategies involves sharing some of the risk burden with someone else, such as an insurance company?
Risk transference
Frustrated with the low signal that the devices in his cubicle receive, Spencer brings in his own access point and creates his own network. Kristin, a co-worker, tells him that if the boss finds out about this it is grounds for immediate dismissal, and he should read the employee handbook if he has any questions. Setting up your own access point represents which of the following?
Rogue
An unauthorized wireless access point on a network is called what?
Rouge
With which type of load balance scheduling is the first client request sent to the first group of servers, the second is sent to the second, and so on?
Round-robin
Which device stores information about destinations in a network (choose the best answer)?
Router
Which of the following devices is the most capable of providing infrastructure security?
Router
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type?
Social engineering
data loss prevention (DLP)
Software or techniques designed to detect attempts to exfiltrate data.
rootkit
Software program that has the ability to obtain root-level access and hide certain things from the operating system.
spyware
Software programs that work—often actively—on behalf of a third party.
ransomware
Software that demands payment before restoring the data or system infected.
adware
Software that gathers information to pass on to marketers or that intercepts personal data such as credit card numbers and makes it available to third parties.
antivirus software
Software that identifies the presence of a virus and is capable of removing or quarantining the virus.
scareware
Software that tries to convince unsuspecting users that a threat exists.
Which of the following authentication factors includes password or PIN?
Something you know
With which tunnel configuration are only some (usually all incoming) requests routed and encrypted over the VPN?
Split
Who among the following has operational responsibility for the physical and electronic security of the data?
Steward
stress testing
Subjecting a system to workloads that are extreme.
Vincent is a programmer working on an e-commerce site. He has conducted a vulnerability scan and discovered a flaw in a third-party module. There is an update available for this module that fixes the flaw. What is the best approach for him to take to mitigate this threat?
Submit an RFC.
analyzer
The component or process that analyzes the data collected by the sensor.
PASS method
The correct method of extinguishing a fire with an extinguisher: Pull, Aim, Squeeze, and Sweep.
software-defined network (SDN)
The entire network, including all security devices, is virtualized.
Structured Query Language (SQL)
The language used by all relational databases.
When your company purchased a virtual datacenter provider, you inherited a mess. The employees working there had to respond regularly to requests to create virtual machines without the disciplines and controls normally found in the physical world. This resulted in machines being over-provisioned (too much CPU, memory, or disk) and consuming resources long after they were no longer required. What type of problem is this?
VM sprawl
anomalies
Variations from normal operations.
VDI
Virtual desktop infrastructure (VDI) is the process of running a user desktop inside a virtual machine that lives on a server in the datacenter. It enables fully personalized desktops for each user yet maintains centralized management and security.
Type II hypervisor
Virtualization method that is dependent on the operating system.
Type I hypervisor
Virtualization method that is independent of the operating system and boots before the OS.
When you combine phishing with Voice over IP, it is known as:
Vishing
A device that sits on the wired network and then acts as the router for the wireless clients is known as:
WAP.
An IV attack is usually associated with which of the following wireless protocols?
WEP
Which security protocol for wireless networks attempts to establish the same security for them as would be present in a wired network?
WEP
Which of the following protections implies that information, once written, cannot be modified?
WORM
Which of the following fully implements the 802.11i security requirements?
WPA2
What technology is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join?
WPS
Which of the following is the best description of shoulder surfing?
Watching someone enter important information
shoulder surfing
Watching someone when they enter their username, password, or sensitive data.
Gertrude is managing a new software project. The project has very clearly defined requirements that are not likely to change. Which of the following is the most appropriate development model for her?
Waterfall
Which programming model will be appropriate for the situations wherein the requirements are clearly defined well in advance?
Waterfall
John is a network administrator for ACME company. He is trying to explain least privileges to a new technician. Which of the following is the basic premise of least privilege?
When assigning permissions, give users only the permissions they need to do their work and no more.
collision
When two different inputs into a cryptographic hash produce the same output, this is known as a collision.
During the authentication part of setting up his small office access point, Wolfgang was required to enter a PIN within 60 seconds. This process is known as:
Wi-Fi Protected Setup.
A study of the possible impact if a disruption to a business's vital resources were to occur.
business impact analysis (BIA)
A calculation used to identify risks and calculate the expected loss each year.
annual loss expectancy (ALE)
A calculation of how often a threat will occur. For example, a threat that occurs once every five years has an annualized rate of occurrence of 1/5, or 0.2.
annualized rate of occurrence (ARO)
The assessed value of an item (server, property, and so on) associated with cash flow.
asset value (AV)
The mechanism of verifying the identity of a process is known as:
authentication.
Which of the following filename extensions should not be allowed into a network as email attachments?
pif
Which of the following command-line tools tests the reachability of a particular website in a network?
ping
The cloud delivery model that exists on the premises of the cloud provider is known as:
public.
The point in time at which the system needs to be restored.
recovery point objective (RPO)
The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable.
recovery time objective (RTO)
The process of identifying the flow and then modifying the internal structure of code without changing the external behavior of the code is known as:
refactoring
The probability that a particular threat will occur, either accidentally or intentionally, leaving a system vulnerable and the impact of this occurring.
risk
A strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen.
risk acceptance
An evaluation of each risk that can be identified. Each risk should be outlined, described, and evaluated on the likelihood of its occurring
risk analysis
An evaluation of the possibility of a threat or vulnerability existing. An assessment must be performed before any other actions—such as how much to spend on security in terms of dollars and manpower—can be decided.
risk assessment
A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk.
risk avoidance
The process of calculating the risks that exist in terms of costs, number, frequency, and so forth.
risk calculation
A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk.
risk deterrence
A strategy of dealing with risk in which it is decided that the best approach is to lessen the risk.
risk mitigation
A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk through insurance, third-party contracts, and/or shared responsibility.
risk transference
An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA.
service-level agreement (SLA)
The process of preventing outside electronic emissions from disrupting information-processing abilities is known as:
shielding.
The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.
single loss expectancy (SLE)
A single weakness that is capable of bringing an entire system down.
single point of failure (SPOF)
A program that observes user's activity and reports it to a third party without informing the user is known as:
spyware
The process of hiding data in files is known as:
steganography.
John is trying to determine the origin of an email. He has captured the email headers and knows the IP address of the originating email server. What command would show John the complete path to that IP address?
tracert
The purpose of detective control is to:
uncover a violation.