18-19
What is an example of privilege escalation attack?
A threat actor performs an access attack and gains the administrator password
What are three access control security services? (Choose three.)
Authorization authentication accounting
How does BYOD change the way in which businesses implement networks?
BYOD provides flexibility in where and how users can access network resources
What is the biggest issue with local implementation of AAA?
Local implementation does not scale well
Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?
MAC
Which two protocols are used to provide server-based AAA authentication? (Choose two.)
TACAS RADIUS
What is a characteristic of a layered defense-in-depth security approach?
The failure of one safeguard does not affect the effectiveness of the other safeguards
What is the principle of least privilege access control model?
Users are granted rights on an as-needed approach
An administrator is concerned with restricting which network applications and uses are acceptable to the organization. What security policy component does the administrator use to address these concerns?
acceptable use policy
What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?
acceptable use policy
A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?
accounting
With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?
artichoke
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?
authorization
A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?
availibility
Which type of business policy establishes the rules of conduct and the responsibilities of employees and employers?
company
Which objective of secure communications is achieved by encrypting data?
confidentiality
What three items are components of the CIA triad? (Choose three.)
confidentiality avaliability integrity
Which access control model allows users to control access to data as an owner of that data?
discretionary access control
Which device is usually the first line of defense in a layered defense-in-depth approach?
edge router
What device would be used as a second line of defense in a defense-in-depth approach?
firewall
Which two areas must an IT security person understand in order to identify vulnerabilities on a network? (Choose two.)
hardware used by applications important applications used
What device would be used as the third line of defense in a defense-in-depth approach?
internal router
Refer to the exhibit. The security policy of an organization allows employees to connect to the office intranet from their homes. Which type of security policy is this?
remote access
Which is a BYOD security best practice?
subscribe to a device locator service with remote wipe feature
What do security compliance regulations define?
what organizations are resonsible for providing and the liability for failure to comply
