Sec+ 601

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Restoring data from an incremental backup requires: (Select 2 answers) - Copy of the last incremental backup - All copies of differential backups made since the last full backup - Copy of the last differential backup - All copies of incremental backups made since the last full backup - Copy of the last full backup

- All copies of incremental backups made since the last full backup - Copy of the last full backup

Hardware RAID Level 0: (Select all that apply) - Requires a minimum of 2 drives to implement - Is also known as disk striping - Decreases reliability (failure of any disk in the array destroys the entire array) - Is also referred to as disk mirroring - Offers less volume capacity in comparison to RAID 1 - Requires at least 3 drives to implement - Is suitable for systems where performance has higher priority than fault tolerance - Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data)

- Requires a minimum of 2 drives to implement - Is also known as disk striping - Decreases reliability (failure of any disk in the array destroys the entire array) - Is suitable for systems where performance has higher priority than fault tolerance

Hardware RAID Level 10 (a.k.a. RAID 1+0): (Select 3 answers) - Requires a minimum of 4 drives to implement - Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping) - Requires a minimum of 5 drives to implement - Offers increased performance and fault tolerance (failure of one drive in each mirrored pair of disk drives does not destroy the array) ( Missed) - Requires a minimum of 3 drives to implement Continues to operate in case of failure of more than 2 drives

- Requires a minimum of 4 drives to implement - Is referred to as stripe of mirrors, i.e. a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping)

Hardware RAID Level 1: (Select 3 answers) - Requires at least 2 drives to implement - Is also known as disk striping - Offers improved performance in comparison to RAID 0 - Requires at least 3 drives to implement - Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) - Is also referred to as disk mirroring

- Requires at least 2 drives to implement - Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data) - Is also referred to as disk mirroring

Hardware RAID Level 5: (Select 2 answers) - Requires at least 2 drives to implement - Continues to operate in case of failure of more than 1 drive - Requires at least 3 drives to implement - Offers increased performance and fault tolerance (single drive - failure does not destroy the array and lost data can be re-created by the remaining drives) - Requires at least 4 drives to implement

- Requires at least 3 drives to implement - Offers increased performance and fault tolerance (single drive - failure does not destroy the array and lost data can be re-created by the remaining drives)

Hardware RAID Level 6: (Select 2 answers) - Requires at least 4 drives to implement - Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives) - Requires at least 3 drives to implement - Continues to operate in case of failure of more than 2 drives - Requires at least 5 drives to implement

- Requires at least 4 drives to implement - Offers increased performance and fault tolerance (failure of up to 2 drives does not destroy the array and lost data can be re-created by the remaining drives)

In the AAA security architecture, the process of tracking accessed services as well as the amount of consumed resources is called: Authentication Authorization Accounting

Accounting

A type of hierarchical database structure used in Windows Server environments that enables centralized management of users, devices and resources on a network is known as: HomeGroup Active Directory (AD) Workgroup Windows domain

Active Directory (AD)

Which of the following statements does not apply to the concept of OSINT? Gaining advantage over competitors Passive reconnaissance in penetration testing Preparation before launching a cyberattack Active reconnaissance in penetration testing

Active reconnaissance in penetration testing

Which of the following does not have an application in the authentication process? One-time passwords SMS messages Hardware / Software tokens Static codes Push notifications Phones All of the above can be used in the authentication process

All of the above can be used in the authentication process

Which of the following is not used in the process of biometric authentication? Fingerprint scan Voice recognition Vein analysis Retina / Iris scan Face recognition Gait analysis All of the above can be used in the biometric authentication process

All of the above can be used in the biometric authentication process

In cybersecurity excercises, red team takes on the role of: An attacker A defender Both an attacker and a defender An exercise overseer

An attacker

Which part of the AAA security architecture deals with the verification of the identity of a person or process? Authentication Authorization Accounting

Authentication

Which of the following is an example of a soft authentication token? USB token Authenticator app Smart card Key fob

Authenticator app

Which of the answers listed below refers to the process of granting or denying access to resources? Authentication Authorization Accounting

Authorization

Which of the following power redundancy solutions would be best suited for providing long-term emergency power during an unexpected main power source outage? Dual-power supply Standby UPS Backup generator Managed PDU

Backup generator

Which of the following answers describe the features of TOTP ( Time-based One-Time Password)? (Select 3 answers) - Vulnerable to replay attacks - Based on a cryptographic hash function and a secret cryptographic key - Valid for multiple login sessions - Based on a shared secret key and current time - Not vulnerable to replay attacks - Valid for only one login session

Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session

In cybersecurity exercises, the defending team is referred to as: Red team Blue team White team Purple team

Blue team

Which of the answers listed below refers to a type of metric used for evaluation of a biometric security system's accuracy? FRR CRC FAR CER

CER

A type of code that has already been translated from a high-level programming language into a low-level programming language and converted into a binary executable file is referred to as: Script code Compiled code Inline code Runtime code

Compiled code

Which of the following terms refers to the concept of virtualization on an application level? Server less architecture Containerization System on a chip (SoC) Infrastructure as code

Containerization

Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information? DRP DHE DLP DEP

DLP (Data Loss Prevention)

A type of redundant source code producing an output not used anywhere in the application is commonly referred to as: Inline code Dead Code Code bloat Duplicate code

Dead code

Which of the following would add power redundancy on a server box? Standby UPS Backup generator Managed PDU Dual-power supply

Dual-power supply

Which of the following solution would be best suited for situations where response time in data processing is of critical importance? Edge computing Thin client architecture Fog computing cloud computing

Edge computing

A measure of the likelihood that a biometric security system will incorrectly accept an access attempt by an unauthorized user is known as: CRC FAR CER FRR

FAR

A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as: FAR CER CRC FRR

FRR

Code obfuscation techniques rely on encryption to protect the source code against unauthorized access. (True or False)

False

In a differential backup strategy, restoring data from backup requires only a working copy of the last full backup. (True or False)

False

In penetration testing, active reconnaissance involves gathering any type of publicly available information that can be used later for exploiting vulnerabilities found in the targeted system.

False

In penetration testing, passive reconnaissance relies on gathering information on the targeted system with the use of various non-invasive software tools and techniques, such as pinging, port scanning, or OS fingerprinting. (True or False)

False

In cybersecurity exercises, purple team combines the roles of all other teams (i.e. red, blue and white) (True or False)

False Only Red and Blue

An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations is called: AAA framework Multi-factor authentication Group-based access control Federation

Federation

Which of the following terms is used to describe a penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system? Black-box testing Fuzz testing Gray-box testing White-box testing

Gray-box testing

Examples of MFA attributes include: (Select all that apply) USB token Retina scan Handwritten signature Gait analysis GPS reading PIN Chain of trust

Handwritten signature Gait analysis GPS reading Chain of trust

Which of the three states of digital data requires data to be processed in an unencrypted form?

In processing

Which programming aspects are critical for secure application development process? (Select 2 answers) Patch management Input validation Password protection Error and exception handling Application whitelisting

Input validation, Error and exception handling

Which of the following are examples of hardware authentication tokens? (Select 3 answers) Key fob Cable lock Passphrase Biometric reader RFID badge Smart card

Key fob RFID badge Smart card

Which of the following answers refer to the concept of non-persistence? (Select 3 answers) Last known-good configuration System image Live boot media Journaling Known state reversion

Last known-good configuration Live boot media Known state reversion

A collection of commonly used programming functions designed to speed up software development process is known as: Snap-in Repository Library Container

Library

Which of the answers listed below refers to a type of removable storage media that contains a portable, non-persistent OS?

Live boot media

A network hardware or software solution designed for managing the optimal distribution of workloads across multiple computing resources is known as: Content filter Power Distribution Unit (PDU) Load balancer Domain controller

Load balancer

Which of the following would be the best solution for a company that needs IT services but lacks any IT personnel? MSA MaaS MSP MSSP

MSP (managed service provider)

Which of the following terms refers to a third-party vendor offering IT security management services? MSP MaaS MSA MSSP

MSSP (managed security service provider)

Which of the following answers refers to a sequential-access backup media? Magnetic tapes Disk drives Optical discs Flash media

Magnetic tapes

Which of the following answers refers to a device designed to distribute (and monitor the quality of) electric power to multiple outlets? Power Supply Unit (PSU) Main Distribution Frame (MDF) Managed Power Distribution Unit (Managed PDU) Intermediate Distribution Frame (IDF)

Managed Power Distribution Unit (Managed PDU)

A dedicated storage appliance that can be added to a local network is known as:

NAS

The process of combining multiple physical network adapters into a single logical interface for increased throughput and redundancy is called: Device pairing Multipath I/O Route aggregation NIC teaming

NIC teaming

The process of removing redundant entries from a database is known as: Normalization Input validation Baselining Data sanitization

Normalization

Which of the following terms refers to a nonprofit organization focused on software security? CSIRT IETF OWASP CERT

OWASP

Which of the following fall into the category of MFA factors? (Select 3 answers) GPS reading Handwritten signature PIN Chain of trust USB token Gait analysis Retina scan

PIN USB token Retina scan

Which of the following examples meets the requirement of multifactor authentication? Password and biometric scan Username and PIN Smart card and ID badge Voice recognition and fingerprint scan

Password and biometric scan

Which of the following RAID levels does not offer fault tolerance? RAID 6 RAID 10 RAID 5 RAID 0 RAID 1

RAID 0

A dedicated data storage solution that combines multiple disk drive components into a single logical unit to increase volume size, performance, or reliability is referred to as: Storage Area Network (SAN) Load balancer Redundant Array of Independent Disks (RAID) Network-Attached Storage (NAS)

Redundant Array of Independent Disks (RAID)

A dedicated local network consisting of devices providing data access is called: SDN NAS iSCSI SAN

SAN

Which of the acronyms listed below refers to a specialized suite of software tools used for developing applications for a specific platform? GUI SDLC API SDK

SDK

Which of the following answers refer to software technologies designed to simplify network infrastructure management? (Select 2 answers) SDP (Software-Defined Perimeter) SSP SDV (Software-Defined Visibility) SEH (Structured Exception Handler) SDN (Software-Defined networking)

SDV, SDN

What are the countermeasures against VM escape? Group policy Sandboxing User training Patch management Asset Documentation

Sandboxing Patch management

The capability of a hardware or software system to process increasing workload without decrease in performance is known as:

Scalability

Which of the following answers refers to an example implementation of certificate-based authentication? Smart card ID badge PIN code Biometric lock

Smart card

Which of the following devices best illustrates the concept of edge computing? Router Smartwatch Thin client Server

Smartwatch

What type of backups are commonly used with virtual machines? Incremental backups Snapshot backups Tape backups Differential backups

Snapshot backups

What are the countermeasures against SQL injection attacks? (Select 2 answers) Code obfuscation Database normalization Stored procedures Code signing Input validation

Stored procedures Input validation

An exact copy of the entire state of a computer system is known as:

System image

A cloud deployment model consiting of two or more interlinked cloud infrastructures (private, community, or public is referred to as a hybrid cloud. (True or False)

True

A penetration test of a computer system performed without the prior knowledge on how the system that is to be tested works is referred to as a black-box testing. (True or False)

True

An authenticator application is a software that generates additional authentication token (in the form of a random code) used in multi-step verification process. (True or False)

True

Authentication process can be based on various categories of authentication factors and attributes. Authentication factors include unique physical traits of each individual such as fingerprints ("something you are"), physical tokens such as smart cards ("something you have"), or usernames and passwords ("something you know"). The categories of authentication attributes include geolocation ("somewhere you are"), user-specific activity patterns, such as keyboard typing style ("something you can do"), revealing something about an individual, e.g. wearing an ID badge ("something you exhibit"), or proving the relation with a trusted third party ("someone you know"). Multifactor authentication systems require implementation of authentication factors from two or more distinct categories. (True or False)

True

In client-server model, the term "Thin client" refers to a networked computer equipped with the minimum amount of hardware and software components. As opposed to thick client, which runs applications locally from its own hard drive, thin client relies on network resources provided by remote server performing most of the data processing and storage functions. (True or False)

True

In computer security, the term "Biometrics" refers to physical characteristics of the human body that can be used for identification and access control purposes. (True or False)

True

In software engineering, the term "Microservice describes independent and self-contained code componets that can be put together to form an application. (True or False)

True

In web application programming, the term "Backend" typically refers to the part of a computer system or application that is not directly accessed by the user (for example a web server). on the opposite side, "Frontend" means software that can be accessed by the user locally (an example of this would be user's web browser). Code execution and input validation that take place in the backend are referred to as server-side operations, the frontend equivalent of this is known as client-side operations. (True or False)

True

Physical and logical network diagrams provide visual representation of network architecture. A physical network diagram contains information on hardware devices and physical links between them. A logical network diagram describes the actual traffic flow on a network and provides information related to IP addressing schemes, subnets, device roles, or protocols that are in use on the network. (True or False)

True

The term "Fog computing" refers to a local network infrastructure between IoT devices and cloud designed to speed up data transmission and processing. (True or False)

True

The term "Multipath I/O" refers to a framework that improves fault tolerance and performance by enabling additional, alternate routes for data that is being transferred to and from storage devices. (True or False)

True

The term "VM escape" refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine. (True or False)

True

The term "VM sprawl" is used to describe a situation in which large number of deployed virtual machines lack proper administrative controls. (True or False)

True

What is the name of a device that can provide short-term emergency power during an unexpected main power source outage? UPS PoE SVC PSU

UPS

Which of the following security measures can be used to prevent VM sprawl? Patch management Usage audit Physical security controls Sandboxing Asset documentation

Usage audit Asset documentation

Examples of static authentication methods include: Token generator User-generated password Short Message Service (SMS) Personal Identification Number (PIN) Push notification

User-generated password Personal Identification Number (PIN)

In cloud computing, users on an on-premises network take advantage of a transit gateway to connect to : WAN VPC SAN VLAN

VPC ( Virtual Private Cloud)

Which of the following answers refer to the characteristics of HOTP? Valid for only one login session Based on a shared secret key and current time Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Not vulnerable to replay attacks

Valid for only one login session Based on a cryptographic hash function and a secret cryptographic key Not vulnerable to replay attacks

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: War chalking Spoofing War driving Insider threat

War driving

In cybersecurity excercises, the role of an event overseer (i.e. the referee) is delegated to: Red team Blue team White team Purple team

White team

A penetration test performed by an authorized professional with the full prior knowledge on how the system that is to be tested works is called: Black-hat hacking White-box testing Black-box testing White-hat hacking

White-box testing


संबंधित स्टडी सेट्स

Pharmacology Ch 16: Anti-Inflammatory, Antiarthritis, and Related Agents

View Set

LearnningCurve 16b- Evaluating Psychotherapies

View Set

Honors Gov't/Econ Practice Questions

View Set