CYBR2.TestOut Chap 8 MC-style Review (601) (127)
Which of the following best describes one-factor authentication? A.)Only Type 1 authentication credentials are accepted. B.)Multiple authentication credentials may be required, but they are all of the same type. C.)A user name without any additional credentials is accepted. D.)Only a single authentication credential is submitted.
B
In the /ect/shadow file, which character in the password field indicates that a standard user account is locked?
!
Which file should you edit to limit the amount of concurrent logins for a specific user? (Tip: Enter the full path to the file.)
/ect/security/limits.conf
Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon? A.)Security policy B.)Smart card C.)Biometric D.)SSID E.)WAP
B
Which of the following is the most common form of authentication? A.)Photo ID B.)Password C.)Digital certificate on a smart card D.)Fingerprint
B
Which of the following is the single best rule to enforce when designing complex passwords? A.)Maximum password age B.)Longer passwords C.)Computer-generated passwords D.)Force us of all four type of characters (uppercase, lowercase, numbers, symbols)
B
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login? A.)Account policy B.)Access token C.)Proxy D.)Cookie
B
You are the administrator for a small company. You need to add a new group of users to the system. The group's name is sales. Which command will accomplish this? A.)addgroup sale B.)groupadd sales C.)addgroup -x sales D.)groupadd -r sales
B
Which of the following utilities could you use to lock a user account? (Select two.) A.)useradd B.)passwd C.)usermod D.)userdel
B and C
You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five before changing it again. Which policies should you configure? (Select two.) A.)Maximum password age B.)Minimum password age C.)Enforce password history D.)Password complexity
B and C
You are configuring the Local Security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent login after three unsuccessful login attempts. Which policies should you configure? (Select two.) A.)Maximum password age B.)Minimum password length C.)Enforce password history D.)Account lockout duration E.)Password complexity F.)Account lockout threshold
B and F
Which of the following advantages can single sing-on (SSO) provide? (Select two.) A.)Access to all authorized resources with a single instance of authentication B.)Enhanced password complexity requirements C.)The elimination of multiple user accounts and passwords for each individual D.)Secure remote access
A and C
Which access control model manages rights and permissions based on job descriptions and responsibilities? A.)Task-based access control (TBAC) B.)Role-based access control (RBAC) C.)Mandatory access control (MAC) D.)Discretionary access control (DAC)
B
Which form of access control enforce security based on user identities and allows individual users to define access controls over owned resources? A.)MAC B.)DAC C.)RBAC D.)TBAC
B
What should you do to a user account if the user goes on an extended vacation? A.)Disable the account B.)Remove all the rights from the account C.)Delete the account D.)Monitor the account more closely
A
Which of the following best describes Active Directory? A.)A centralized database that contains user account and security information B.)An administratively-defined collection of network resources that share a common directory database and security policies C.)A collection of related domain trees that establishes the relationship between trees that have different DNS namespaces D.)A group of related domains that share the same contiguous DNS namespace
A
Which of the following information is typically not included in an access token? A.)User account password B.)User rights C.)Group membership D.)User security identifier
A
Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet? A.)Cognitive B.)One-time C.)Dynamic D.)Pass Phrase
A
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack? A.)Buffer overflow B.)Privilege escalation C.)Session hijacking D.)Backdoor
A
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources? A.)Identify proofing and authentication B.)Authentication and authorization C.)Authentication and accounting D.)Authorization and accounting E.)Identity proofing and authorization
A
A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. This is an example of which kind of access control model? A.)RSBAC B.)MAC C.)DAC D.)RBAC
A
A user with the account name larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage files in the system in the very near future. Which of the following commands will disable or remove the user account from the system and remove his home directory? A.)userdel -r larry B.)userdel -home larry C.)userdel -h larry D.)userdel larry
A
Choose the Active Directory component for the description listed below: -A server that holds a copy of the Active Directory database that can be written to. A.)Domain Controller B.)Organizational Unit C.)Domain D.)Objects
A
Choose the authentication factor types for the authentication factor listed below: -PIN A.)Something you know B.)Something you have C.)Something you are D.)Something you do
A
Choose the authentication factor types for the authentication factor listed below: -Pass phrase A.)Something you know B.)Something you have C.)Something you are D.)Something you do
A
Choose the authentication factor types for the authentication factor listed below: -Password A.)Something you know B.)Something you have C.)Something you are D.)Something you do
A
Choose the smart card attack for the description listed below: -Exploiting vulnerabilities in a card's protocol or encryption methods A.)Software Attacks B.)Eavesdropping C.)Fault Generation D.)Microprobing
A
Group policy objects (GPO) are applied in which of the following orders? A.)Local group policy, GPO linked to site, GPO linked to domain, GPO liked to Organizational Unit highest to lowest. B.)GPO linked to site, GPO linked to domain, GPO liked to Organizational Unit lowest to highest, local group policy. C.)GPO linked to site, GPO linked to domain, GPO liked to Organizational Unit highest to lowest, local group policy. D.)Local group policy, GPO linked to site, GPO linked to domain, GPO like to Organizational Unit lowest to highest.
A
Select the exploit for the appropriate description listed below: -An attacker compromises a Web site, hoping that a target individual will access the site and be exposed to the exploit. A.)Watering hole attack B.)Arbitrary code execution exploit C.)LSO exploit D.)Zero-day attack
A
To help prevent browser attacks, users of public computers should do which of the following? A.)Clear the browser cache B.)Not use any public computer that has been used in the last 30 minutes C.)Turn the public computer off immediately after use D.)Ensure that public login credentials are unique
A
What form of access control based on job descriptions? A.)Role-based access control (RBAC) B.)Discretionary access control (DAC) C.)Location-based access control (LBAC) D.)Mandatory access control (MAC)
A
What is another term of the type of login credentials provided by a token device? A.)One-time password B.)Mutual authentication C.)Biometrics D.)Two-factor authentication
A
What is the effect of the following command? *chage -M 60 -W 10 jsmith A.)Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires. B.)Set the password for jsmith to expire after 6 days and gives a warning 10 days before it expires. C.)Forces jsmith to keep the password 60 days before changing it and gives a warning 10 days before changing it. D.)Deletes the jsmith user account after 60 days and gives a warning 10 days before it expires.
A
What is the most important aspect of a biometrics device? A.)Accuracy B.)Size of the reference profile C.)Throughput D.)Enrollment time
A
Which of the following is an example of a Rule Access Control (RBAC)? A.)Router access control lists that allows or denies traffic based on the characteristics of an IP packet. B.)A member of the accounting team is given access to the accounting department documents. C.)A subject with a government clearance that allows access to government classification labels of confidential, secret and top secret. D.)A computer file owner grants access to the file by adding other users to an access control list.
A
Which of the following is not an important aspect of password management? A.)Enable account lockout. B.)Train users to create complex passwords that are easy to remember. C.)Always store passwords in a secure medium. D.)Prevent use of personal information in a password.
A
Which security mechanism uses a unique list that meets the following specifications: *The list is embedded directly in the object itself *The list defines which subjects have access to certain objects *The list specifies the level or type of access allowed to certain objects A.)User ACL B.)Hashing C.)Mandatory access control D.)Kerberos
A
Within the /ect/security/limits.conf file, you notice the following entry: -@guests hard maxlogins 3 What effects does this line have on the Linux system? A.)Limits the number of logins from the Guest group to three. B.)Limits the maximum files size that the Guest group can create to 3GB. C.)Limits the total amount of memory used by the Guest group to 3 MB D.)Limits concurrent logins from the same user to three.
A
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred? A.)SQL injection B.)DLL injection C.)Cross-site scripting D.)Buffer overflow
A
You have hired 10 new temporary workers who will be with the company for 3 months. How can you make sure that these users can only log on during regular business hours? A.)Configure day/time restrictions in the user accounts B.)Configure account policies in Group Policy C.)Configure account lockout in Group Policy D.)Configure account expiration in the user accounts
A
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is used? A.)RBAC B.)MAC C.)DAC D.)DACL
A
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration? A.)Users cannot change the password for 10 days. B.)Users must change the password at least every 10 days. C.)The password must be entered within 10 minutes of the login prompt being displayed. D.)The password must contain 10 or more characters. E.)The previous 10 passwords cannot be reused.
A
You have performed an audit and have found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account? A.)usermod -L joer B.)usermod -d joer C.)usermod -u joer D.)usermod -I joer
A
You manage several Windows systems. Desktop users access an in-house application that is hosted on your intranet web server. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do? A.)Add the URL of the website to the Local intranet zone. B.)In Internet Options, use the Privacy tab to turn off Pop-up Blocker. C.)Change the filter level in Pop-up Blocker to Medium. D.)Change the filter level in Pop-up Blocker to High.
A
an attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit? A.)Implementing client-side validation. B.)Using the latest browser version and patch level. C.)Installing antivirus, anti-spyware, pop-up blockers, and firewall software. D.)Implementing a script blocker
A
You've been given an assignment to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lob environment. What should you do to harden this database before implementing it in a production environment? (Select two.) A.)Disable anonymous access B.)Enable data encryption in the database configuration C.)Implement an application-layer protocol to encrypt data prior to saving it in the database D.)Enable anonymous access E.)Implement as IDS to detect SQL injection attacks on the database
A and C
An employee named Bob Smith, whose user name is bsmith, has left the company. You have been instructed to delete his user account and home directory. Which of the following commands would produce the required outcome? (Select two.) A.)userdel bsmith;rm -rf /home/bsmith B.)userdel -h bsmith C.)userdel bsmith D.)userdel -r bsmith
A and D
While using a web-based order form, an attacker enters an unusually large value in the Quantity field. The value entered is large enough to exceed the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. Which practices would have prevented this exploit? (Select two.) A.)Implementing server-side validation. B.)Installing the latest operating system updates. C.)Using the latest browser version and patch level. D.)Installing antivirus, anti-spyware, pop-up blockers, and firewall software. E.)Implementing client-side validation.
A and E
Which access control model is based on multilevel security where objects are assigned a security classification and subjects are granted a security clearance which allows them to access objects at or below that security classification? A.)Discretionary Access Control (DAC) B.)Mandatory Access Control (MAC) C.)Attribute-Based Access Control (ABAC) D.)Role-based Access Control (RBAC)
B
Choose the Active Directory component for the description listed below: -A folder that subdivides and organizes network resources within a domain. A.)Domain Controller B.)Organizational Unit C.)Domain D.)Objects
B
Choose the authentication factor types for the authentication factor listed below: -Hardware token A.)Something you know B.)Something you have C.)Something you are D.)Something you do
B
Choose the authentication factor types for the authentication factor listed below: -Smart card A.)Something you know B.)Something you have C.)Something you are D.)Something you do
B
Choose the smart card attack for the description listed below: -Capturing transmission data produced by a card as it is used A.)Software Attacks B.)Eavesdropping C.)Fault Generation D.)Microprobing
B
Due to a manager with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this? A.)grpconv marketing sales B.)groupmod -n marketing sales C.)grpchange marketing sales D.)groupadd -c marketing sales
B
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do? A.)Add his user account to the ACL for the shared folder B.)Have Marcus log off and log back in C.)Manually refresh Group Policy settings on the file server D.)Manually refresh Group Policy settings on his computer
B
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the following commands will accomplish this? A.)usermod -u kscott kjones B.)usermod -I kjones kscott C.)usermod -u kjones kscott D.)usermod -I kscott kjones
B
Select the exploit for the appropriate description listed below: -A vulnerability in a running process allows an attacker to inject malicious instructions and run them. A.)Watering hole attack B.)Arbitrary code execution exploit C.)LSO exploit D.)Zero-day attack
B
Use of which of the following is a possible violation of privacy? A.)VPNs B.)Cookies C.)FTP D.)HTTP
B
What is a cookie? A.)An executable file that runs in the background and tracks internet use. B.)A file saved on your hard drive that tracks websites preferences and use. C.)A malicious program that disguises itself as a useful program. D.)A malicious program that runs when you read an email attachment.
B
What type of password is maryhadalittlelamb? A.)Static B.)Pass phrase C.)Cognitive D.)Composition
B
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which should you do? A.)Create a granular password policy. Create a distribution group. Apply the policy to the group. Add all users in the Directors OU to the group. B.)Create a granular password policy. Apply the policy to all users in the Directors OU. C.)Create a granular password policy. Apply the policy to the Directors OU. D.)Create a granular password policy. Apply the policy to all users in the widgets.com domain.
B
You want to allow e-commerce web sites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings? A.)Enable the phishing filter to check all embedded links in webpages you visit B.)Allow first party cookies, but block third-party cookies C.)Prevent ActiveX controls and Java on linked websites D.)Block cross-site scripting (XSS)
B
You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. What should you do? A.)Configure day/time settings in the user accounts B.)Configure account policies in Group Policy C.)Configure expiration settings in the user accounts D.)Configure account lockout policies in Group Policy
B
Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure? A.)Organization B.)Delegation C.)Decentralization D.)Scalability E.)Replication
C
As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing? A.)Anti-adware B.)Anti-spyware C.)Pop-up blocker D.)Phishing filter E.)Anti-virus
C
Choose the Active Directory component for the description listed below: -An administratively-defined collection of network resources that share a common directory database and security policies. A.)Domain Controller B.)Organizational Unit C.)Domain D.)Objects
C
Choose the authentication factor types for the authentication factor listed below: -Fingerprint scan A.)Something you know B.)Something you have C.)Something you are D.)Something you do
C
Choose the authentication factor types for the authentication factor listed below: -Retina scan A.)Something you know B.)Something you have C.)Something you are D.)Something you do
C
Choose the authentication factor types for the authentication factor listed below: -Voice recognition A.)Something you know B.)Something you have C.)Something you are D.)Something you do
C
Choose the authentication factor types for the authentication factor listed below: -Wi-Fi triangulation A.)Something you know B.)Something you have C.)Something you are D.)Something you do
C
Choose the smart card attack for the description listed below: -Deliberately inducing malfunctions in a card A.)Software Attacks B.)Eavesdropping C.)Fault Generation D.)Microprobing
C
Computer policies include a special category called user rights? A.)Set ACL rights for users on specified computers in an OU. B.)Designate a basic set of rights for all users in an OU. C.)Identify users who can perform maintenance tasks on computers in an OU. D.)Specify the registry settings for all users in an OU.
C
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario? A.)Baseline reporting B.)Input validation C.)Code review D.)Fuzzing
C
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario? A.)Code review B.)Fuzzing C.)Configuration testing D.)Baseline reporting
C
You mange an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain. But you want users in the Administrators OU to have a different set of internet options. What should you do? A.)Create a GPO computer policy for the Administrators OU. B.)Create a GPO user policy for the domain. C.)Create a GPO user policy for the Administrators OU. D.)Create a Local Group policy on the computers used by members of the administrators OU.
C
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? A.)CGI B.)ActiveX C.)Client-side scripts D.)Server-side scripts
C
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is most likely preventing for from accessing this system? A.)Her user object has been assigned an explicit Allow permission to the performance management system, but she inherits the Deny permission assigned to the Project Management group (which she still belongs to). Inherited Deny permission override explicit Allow permissions. B.)Her user object has been assigned an explicit Deny permission to the performance management system. C.)She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions. D.)She is still a member of the Project Management group, which has been denied permission to this system. However, being a member of the Managers group should allow her to access this system. Allow permissions always override Deny permissions. There must be an explicit permission entry that is preventing her form accessing the management system.
C
Select the exploit for the appropriate description listed below: -A Flash cookie is used to collect information about the user's browsing habits without their permission. A.)Watering hole attack B.)Arbitrary code execution exploit C.)LSO exploit D.)Zero-day attack
C
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click in the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred? A.)SQL injection B.)Trojan horse C.)Drive-by download D.)DLL injection
C
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject? A.)Rule-based Access Control B.)Mandatory Access Control (MAC) C.)Attribute-Based Access Control (ABAC) D.)Role-Based Access Control (RBAC)
C
Which of the following is a text file provided by a website to a client that is stored on a user's hard drive in order to track and record information about the user? A.)Certificate B.)Mobile code C.)Cookie D.)Digital signature
C
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information? A.)Drive-by download B.)SQL injection C.)XSS D.)DLL injection
C
Which of the following is not a form of biometric? A.)Face recognition B.)Retina scan C.)Token device D.)Fingerprint
C
Which of the following is not true of smart cards? A.)Smart cards use PKI technology to store digital signatures, cryptography keys, and identification codes. B.)Smart cards are generally considered to be tamper-proof. C.)Smart cards a powered internally by a small battery. D.)Smart cards have their own processor, allowing the card itself to perform its own cryptographic functions.
C
Which of the following is the strongest form of multi-factor authentication? A.)A password and a biometric B.)Two-factor authentication C.)A password, a biometric scan, and a token device D.)Two passwords
C
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that the user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario? A.)Zero-day B.)Buffer overflow C.)Locally shared object (LSO) exploit D.)Header manipulation
C
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario? A.)Watering hole B.)Buffer overflow C.)Integer overflow D.)URL hijacking
C
You are teaching new users about security and passwords. Which of the following is the best example if a secure password? A.)8181952 B.)JoHnSmITh C.)T1a73gZ9! D.)Stiles_2031
C
You are the network administrator of a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work? A.)No. Making a copy of an existing user causes both accounts to have the same security identifier (SID). B.)Yes. This strategy will be successful. C.)No. Permissions are not copied when a user account is copied. D.)No. Active Directory does not permit you to copy an existing user account.
C
You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use? A.)groupmod -p Research B.)newpasswd Research C.)gpasswd Research D.)gpasswd research
C
You have a system that allows the owner of a bile to identify users and their permissions to the file. Which type of access control model is implemented? A.)RBAC (based on roles) B.)RBAC (based on rules) C.)DAC D.)MAC
C
You have implemented account lockout with a clipping level of 4. What will be the effect of this setting? A.)Password hashes will be generated using a salt value of four. B.)Incorrect login attempts during the past four hours will be tracked. C.)The account will be locked after four incorrect attempts. D.)Locked accounts will remain locked for four hours.
C
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. Which action should you take? (Select two.) A.)Implement a Group Policy object that restricts simultaneous logins to one. B.)Implement a Group Policy object that implements time-of-day login restrictions. C.)Train sales employees to use their own user accounts to update the customer database. D.)Apply the Group Policy object to the container where the sales user accounts reside. E.)Delete the account that the sales employees are currently using.
C and E
Audit trails produced by auditing activities are which type of security control? A.)Deterrent B.)Preventative C.)Directive D.)Detective
D
Choose the Active Directory component for the description listed below: -A computing element that identifies resources in the Active Directory database. A.)Domain Controller B.)Organizational Unit C.)Domain D.)Objects
D
Choose the authentication factor types for the authentication factor listed below: -Typing behaviors A.)Something you know B.)Something you have C.)Something you are D.)Something you do
D
Choose the smart card attack for the description listed below: -Accessing the chip surface directly to observe, manipulate, and interfere with a circuit A.)Software Attacks B.)Eavesdropping C.)Fault Generation D.)Microprobing
D
Encryption is which type of access control? A.)Restrictive B.)Physical C.)Administrative D.)Technical
D
For users on your network, you want to automatically lock user accounts if four passwords are used within 10 minutes. What should you do? A.)Configure password policies in Group Policy B.)Configure the enable/disable feature in the user accounts C.)Configure account expiration in the user accounts D.)Configure account lockout policies in Group Policy E.)Configure day/time restrictions in the user accounts
D
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack? A.)Superzapping B.)Denial of service C.)Dictionary D.)Buffer overflow
D
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: * www.videoshare.com * www.vidshar.com * www.vidsshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario? A.)Watering hole B.)Buffer overflow C.)Command injection D.)Typosquatting
D
Select the exploit for the appropriate description listed below: -An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer. A.)Watering hole attack B.)Arbitrary code execution exploit C.)LSO exploit D.)Zero-day attack
D
What statement is true regarding application of GPO settings? A.)If a setting is defined in the Local Group policy on the computer and defined differently in the GPO linked to the OU, the Local Group Policy setting is applied. B.)If a setting is not defined in the Local Group policy and is defined in the GPO linked to the OU, the setting is not applied. C.)If a setting is defined in the Local Group policy on the computer and defined in the GPO linked to the OU, the setting is not applied. D.)If a setting is detained in the Local Group policy on the computer and not defined in the GPO linked to the OU, the setting is applied.
D
Which access control type is used to implement short-term repairs to restore basic functionality following an attack? A.)Recovery B.)Compensative C.)Detective D.)Corrective
D
Which chage option keeps a user from changing their password every two weeks? A.)-a 33 B.)-M 33 C.)-W 33 D.)-m 33
D
Which of the following are subject to SQL injection attacks? A.)Browsers that allow client-side scripts B.)Web servers serving static content C.)ActiveX D.)Database servers
D
Which of the following defines an object as an entity in the context of access control? A.)Resources, policies, and systems. B.)Users, applications, or processes that need to be given access. C.)Policies, procedures, and technologies that are implemented within a system. D.)Data, applications, system, networks, and physical space.
D
Which of the following defines the crossover error rate for evaluating biometric systems? A.)The rate of people who are given access that should be denied access. B.)The rate of people who are denied access that should be allowed access. C.)The number of subjects of authentication attempts that can be validated. D.)The point where the number of false positives matches the number of false negatives in a biometric systems.
D
Which of the following enters random data to the inputs of an application? A.)Routines B.)Validation rules C.)Application hardening D.)Fuzzing
D
Which of the following is an example of a decentralized privilege management solution? A.)TACACS+ B.)RADIUS C.)Active Directory D.)Workgroup
D
Which of the following is an example of a single sign-on authentication solution? A.)Biometrics B.)RADIUS C.)Digital certificates D.)Kerberos
D
Which of the following is not true regarding cookies? A.)They can collect user information B.)They can help a hacker spoof a user's identity C.)They can retain connection and session information D.)They operate within a security sandbox
D
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data? A.)Application hardening B.)Process spawning C.)Error and exception handling D.)Input validation
D
Which of the following is stronger than any biometric authentication factor? A.)A dynamic asynchronous token device without a PIN B.)A USB device hosting PKI certificates C.)A 47-character password D.)Two-factor authentication
D
Which of the following is the term for the process of validating a subject's identity? A.)Identification B.)Authorization C.)Auditing D.)Authentication
D
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target? A.)Data diddling B.)TOC/TOU C.)Covert channel exploitation D.)Buffer overflow
D
You have a group name temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use? A.)groupmod -n temp_sales B.)newgroup -R temp_sales C.)groupmod -R temp_sales D.)groupdel temp_sales
D
You manage a single domain named widgets.com Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than required for the rest of the users. You need to make the change as easily as possible. Which should you do? A.)In Active Directory Users and Computers, select all user accounts in the Directors OU. Edit the user account properties to require the longer password. B.)Create a GPO linked to the Directors OU. Configure the password policy in the new GPO. C.)Create a new domain. Move the contents of the Directors OU to the new domain. Configure the necessary password policy on the domain. D.)Implement a granular password policy for the users in the Directors OU.
D
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members in the Directors OU. What should you do? A.)Edit the existing password policy. Define exceptions for the required settings. Apply the exceptions to Matt's user account. B.)Create a granular password policy for Matt. Apply the new policy directly to Matt's user account. Remove Matt from the DirectorsGG group. C.)Create a granular password policy for Matt. Create a new group and make Matt a member of the group. Apply the new policy directly to the new group. Make sure the new policy has a higher precedence value than the value for the existing policy. D.)Create a granular password policy for Matt. Apply the new policy directly to Matt's user account.
D
You manage several Windows systems. All computers are members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do? A.)Add the internal website to the Trusted sites zone. B.)Open Credential Manager and modify your credentials. C.)Create a complex password for your user account. D.)Add the internal website to the Local intranet zone.
D
You want to ensure that all users in the Development OU have a common set of network communication security setting applied. Which action should you take? A.)Create a GPO folder policy for the folders containing the files. B.)Create a GPO computer policy for the Computers container. C.)Create a GPO user policy for the Development OU. D.)Create a GPO computer policy for the computers in the Development OU.
D
You've been assigned to evaluate NoSQL databases as a part if a big data analysis initiative in your organization. You've download an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system? (Select two.) A.)The default admin user password is admin. B.)By default, data is stored in the database in an encrypted format. C.)The database is more susceptible to SQL injection attacks than traditional SQL databases. D.)Data is stored in the database in an unencrypted format. E.)The database admin user has no password assigned.
D and E
You manage a single domain named widget.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use? A.)Active Directory Users and Computers B.)Group Policy Management Console and Group Policy Management Editor C.)Active Directory Sites and Services D.)Active Directory Domains and Trusts E.)ADSI Edit
E
Which of the following are examples of single sign-on authentication solutions? (Select two.) A.)DIAMETER B.)Biometrics C.)Digital certificates D.)RADIUS E.)SESAME F.)Kerberos
E and F
What chage command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Choose the command as if at the command prompt.)
chage -M 60 -W 10 jsmith
You want to see which primary and secondary groups the dredford user belongs to. What command would you use to display group memberships for dredford?
groups dredford
You suspect that the gshant user account is locked. What is the command you use at the command prompt to show the status of the user account?
passwd -S gshant