Final - Security+
Which RAID level provides for no fault tolerance?
RAID 0
Which document is used to propose a new standard?
RFC
Which organization is primarily interested in developing the World Wide Web and its associated technologies?
W3C
A major organization in the tracking and reporting of common computer and network security problems is ___________________.
IEEE or CERT (RESEARCH)
Which organization is tasked with developing standards for, and tries to improve, the Internet.
IETF
If SLE is calculated at $2,500 and there are an anticipated 4 occurrences a year (ARO), then ALE is:
10000
Which port should be closed on systems to prevent the unauthorized running of programs?
111
Which of the following is NOT an asymmetric encryption algorithm?
3DES
According to the TCP/IP model, HTTP functions at which layer?
Application
Which of the following is the process of ensuring that policies, procedures, and regulations are carried out in a manner consistent with organizational standards?
Auditing
Which of the following is an attack where a program or service is placed on a server to bypass normal security procedures?
Back Door
Which encryption algorithm uses a 40 to 128-bit key and is used on many products from Microsoft and IBM?
CAST
Individuals who specialize in the breaking of codes are known as ___________________.
Cryptanalysts
Which access control method model allows the owner of a resource to grant privileges to information they own?
DAC
You are the administrator of the xyz.com website. You are working when suddenly web server and network utilization spikes to 100% and stays there for several minutes and users start reporting "Server not available" errors. You may have been the victim of what kind of attack?
DoS
Which access control model is a static model that uses predefined access privileges for resources that are assigned by the administrator?
MAC
Which specification is a fairly accurate estimation of how long a component will last?
MTBF
Which U.S. government agency publishes lists of known vulnerabilities in operating systems?
NIST
Which PKCS standard is the standard for password-based cryptography?
PKCS 5
The area of an application that is available to users (those who are authenticated as well as those who are not) is known as its:
attack surface
Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit?
Evil twin
A ___________________ is used to provide EMI & RFI shielding for an entire room of computer or electronic equipment (also used to prevent eavesdropping).
Faraday cage
Which U.S. regulation dictates the standards for storage, use, and transmission of personal medical information?
HIPAA
The process of making a computing environment more secure from attacks and intruders is known as ___________________.
Hardening
A ___________________ is a repair made while the system being repaired remains in operation
Hotfix
Which of the following is NOT a routing protocol?
ICMP
Which organization is concerned with defining technology and other electrical standards?
IEEE
Wireless Ethernet conforms to which IEEE standard?
IEEE 802.11
Which type of policy determines if information is secret, top-secret, or public?
Information classification policies
Which of the following will NOT contribute to network hardening?
Installing new anti-virus software on workstations
___________________ are used to monitor a network for suspect activity
Intrusion Detection System
Which access control method model allows the owner of a resource to grant privileges to information they own?
Kerberos
A firewall operating as a ___________________ firewall will pass or block packets based on their application or TCP port number.
Packet filter
On the outer edge of physical security is the first barrier to entry. This barrier is known as a(n) ___________________.
Perimeter
Which encryption/security measure, originally developed by Netscape, is used to establish a secure, lower-layer communication connection between two TCP/IP-based machines?
Secure Sockets Layer SSL
You require your ISP to keep your Internet connection up 99.999% of the time. In which document would this condition be placed?
Service level agreement
Which remote access protocol, implemented almost exclusively by Cisco, is a central server providing remote access usernames that dial-up users can use for authentication.
TACACS+
You have taken out an insurance policy on your data/systems to share some of the risk with another entity. What type of risk strategy is this?
Transference
Which fire extinguisher type is the best to be used on computer equipment in the case of a computer fire?
Type C
Which hypervisor model needs the operating system to be up and cannot boot until it is?
Type II
Which "X." standard defines certificate formats and fields for public keys?
X.509
Which of the following is NOT one of the three cloud service models recognized by the NIST?
XaaS
___________________ is the process of keeping services and systems operational during a time of outage
high availability
Which U.S. government agency is responsible for creating and breaking codes?
NSA
Which security standard is used to encrypt e-mails?
S/MIME
Which hashing algorithm uses a 160-bit hash value?
SHA
Which of the following is NOT a tunneling protocol?
SLIP
If you wanted to connect two networks securely over the Internet, what type of technology could you use?
VPN
802.11 connections using WAP.
WTLS
In order to run "sniffer" software properly, the NIC in the computer running the software must be set to:
Promiscuous Mode