Information Tech Security Final Exam

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

An endpoint DLP sensor monitors data in motion. True or False

False

TKIP is a wireless protocol used in WPA2 and is considered more secure than the CCMP protocol. True or False

False

In choosing between a hot, warm, and cold site, a hot site is the only one that can provide a full recovery from a disaster. True or False

True

One weakness of a stateful network firewall is that it can't control traffic associated with specific applications. True or False

True

The Linux version of Windows Performance Monitor is called System Monitor. True or False

True

The best way to make data redundant on file servers is to use ___________ . a. Cloud computing b. RAID c. Clustering d. Real time backups

b. RAID

Which of the statements below is NOT an advantage of a load balancing cluster? a. No one server in the cluster becomes overloaded b. All processor cores in the cluster are the combined processing power of the cluster c. More RAM is available to the entire cluster than what is available to a single server in the cluster d. Data remains available even if one server fails

d. Data remains available even if one server fails

Which of the following are asymmetric encryption algorithms? (Select the two best answers.) a. 3DES b. RC5 c. AES d. Diffie-Hellman e. RSA

d. Diffie-Hellman e. RSA

Which of the following encryption algorithms is based on an elliptic curve? a. PGP b. RCC c. Blowfish d. ECC

d. ECC

The act that governs banks and insurance companies is (the) ___________ . a. HIPPA b. Privacy act of 1974 c. SOX d. GLB

d. GLB

Tina needs to implement a backup strategy that will allow the company to recover backed up data the fastest. She is already performing a full backup on Saturday nights. What should Tina implement to allow for the fastest data recovery? a. Nightly incremental backup b. Cold site c. Daily grandfather-father-son rotation d. Nightly differential backup

d. Nightly differential backup

The final step of file auditing procedures would be to ___________ . a. Assign the policy to user accounts b. Run gpupdate to apply the policy across the domain c. Create a firewall rule to match the audit policy d. Review security logs

d. Review security logs

Select the best example of a dry pipe fire suppression system below. a. Halotron fire suppression system b. Any dry chemical fire suppression system c. Water free fire suppression system used in data centers d. Water pipes are pressurized with air until water is needed

d. Water pipes are pressurized with air until water is needed

Which of the selections below is NOT something to be considered when choosing a backup power generator? a. Fuel used to power the generator b. How the generator is started c. How long the generator would run between re-fueling d. Where generator will be installed

d. Where generator will be installed

Best practices call for plugging a laser printer into a UPS to protect the printer and to allow printing to continue during a power outage. True or False

False

Erik has built a failover cluster by using servers located at the corporate headquarters to meet the organizations always available data needs. Data must be available regardless of server failure or natural disaster. Did Erik make the right choice in his redundancy plans? Select "True" for Yes, or "False" for No. True or False

False

Protocol analyzers are not reliable in detecting packet header manipulation, but are reliable in detecting man-in-the-middle attacks. True or False

False

An important difference between pretexting and phishing is that in phishing little information about the target is necessary. True or False

True

What version of SNMP encrypts packets? a. 3 b. 4 c. 3.5 d. 4.1

a. 3

HVAC systems in data centers ______________ . a. Address integrity of data issues b. Control SCADA systems c. Address availability of data issues d. Manage industrial control systems

a. Address integrity of data issues

The individual security log events, as a combined whole are referred to as (a) ________ ? a. Audit trails b. Policy c. Syslog d. Network management system

a. Audit trails

An advantage of using S/MIME to send email is that it provides ___________ . Choose all that apply. a. Authentication b. Integrity c. Authorization d. Non repudiation e. Accounting

a. Authentication b. Integrity d. Non repudiation

(A) ____________ involves selecting something to measure and measuring it consistently for a period of time. a. Baseline b. Computer security audit c. Simple Network Management Protocol d. Security posture assessment

a. Baseline

Anomaly based monitoring uses __________ to detect and block suspect traffic. a. Baselines b. Behavior patterns c. Signatures d. Heuristics

a. Baselines

Order of volatility is important when capturing a forensics image of a computer. If a forensics investigator finds the suspect computer is turned off, what should be the first data imaged? a. Hard drive b. DVD c. CPU register d. RAM

a. Hard drive

The XYZ company wants to be able to recover data encrypted using Jonathan's private key in the event he looses his key or leaves the company. What should the company implement to be able to recover data when the original key is not available? a. Key escrow b. CRL c. One to many mapping d. CA

a. Key escrow

Which of the following would not use PKI? a. Symmetric key algorithms b. VPN connection to a network c. SSH session to a router d. Asymmetric key algorithms

a. Symmetric key algorithms

Standby power generators use a(n) ___________ to automatically start the generator when power is lost. a. Transfer switch b. Breaker c. On-line sensor d. Smart receptacle

a. Transfer switch

Select the RAID level that can survive two failed hard drives. a. 0+1 b. 10 c. 6 d. 5

b. 10

802.1X operates at what OSI layer? a. 4 b. 2 c. 3 d. 7

b. 2

What is the probability that 2 random people in a group of 23 people have the same birth date? a. 45% b. 50% c. 60% d. 40%

b. 50%

Select the correct statement below. a. As humidity decreases static electricity decreases b. As humidity increases static electricity decreases c. An increase in humidity will reduce the effectiveness of a special hazard protection system d. There's no relationship between humidity and static electricity or a special hazard protection system

b. As humidity increases static electricity decreases

(A) _________ is a one way function that uses block ciphers to protect data. a. PGP b. Cryptographic hash c. Diffie-Hellman d. One time pad

b. Cryptographic hash

In anomaly based monitoring, what increases the likelihood of false positives? a. Not enough bandwidth b. Inaccurate baselines c. Heavy network loads d. Sensors misplaced in network

b. Inaccurate baselines

The ___________ command can be used to disconnect a remote session with an open file. a. Net use b. Openfiles c. Netstat d. Opensessions

b. Openfiles

Select the statement below that should NOT be part of a disaster recovery plan. a. Business impact analysis b. Patch management procedures c. Copies of vendor agreements d. List of systems necessary for business operations

b. Patch management procedures

Victors boss told him that the new company policy is that passwords must be protected with a 160-bit hash. What hashing algorithm should Victor use to comply with company policy? a. RIPEMD b. SHA-1 c. MD5 d. SHA-2

b. SHA-1

Which of the following ciphers has a 128-bit block size but the key size can be as large as 256 bit? a. PGP b. Twofish c. RC6 d. AES

b. Twofish d. AES

What is the acronym for the type of policy that defines how computers and networks can and cannot be used? a. DCP b. SOD c. AUP d. BYOD

c. AUP

Daniel's boss has requested that he set up L2TP for remote users to use to connect securely to the enterprise network from anywhere in the world. What protocol would be the best choice to use to encrypt the remote L2TP connections? a. ESP b. EAP-TLS c. IPsec d. AH

c. IPsec

Which of the following is the newest and strongest Windows hash? a. RC4 b. NTLMv3 c. NTLMv2 d. NTLM

c. NTLMv2

Which of the following uses a MD5 hash to protect data? a. NTLM b. RIPEMD c. NTLMv2 d. LANMAN

c. NTLMv2

Julio's company has just been awarded a major military contract. A stipulation in the government contract is that his company must use a stream cipher that is considered impossible to crack to protect passwords. Julio is considering an algorithm that uses random keys the same length as the plaintext. What encryption algorithm is Julio considering? a. AES b. SHA-3 c. One time pad d. Twofish

c. One time pad

PGP has a(n) __________ PKI trust model for certificates. a. Escrow b. OCSP c. Peer to peer d. Dual sided

c. Peer to peer

Mary wants to implement stream cipher encryption to protect the company's health care records. Which algorithm below is a stream cipher? a. RC6 b. AES c. RC4 d. Twofish

c. RC4

__________ are a component of __________ ? a. Wireshark b. Management devices c. SNMP d. Counters e. Protocol analyzers f. Agents

c. SNMP f. Agents

What uses TCP port 161? a. Wireshark b. Linux System Monitor c. SNMP agents d. Windows Network Monitor

c. SNMP agents

On a Windows computer, the file that is the security log is named _________ ? a. Security.Evt b. No file name is associated with it for security reasons c. SecEvent.Evt d. Sevnt.Evt

c. SecEvent.Evt

Which type of certificate is most commonly used by communications sessions? a. S/MIME b. Dual sided c. Single sided d. Web of trust

c. Single sided

Damage and loss control is applied in what step of the Incident response process? a. 1 b. 5 c. 2 d. 6

d. 6

Select the monitoring methods below that use baselines to determine if traffic is allowed to pass or not. a. Behavior based b. Signature based c. Heuristic based d. Anomaly based

d. Anomaly based

Sara needs to install a fire extinguisher in the server room until a permanent fire suppression system can be installed. What type of fire extinguisher should she install in the server room? a. D b. K c. A d. C

d. C

What is a certificate added to when it is considered to be no longer valid? a. Key recovery agent b. CDL c. Escrow d. CRL

d. CRL

Another name for vertical privilege escalation is privilege elevation. True or False

True

As a security mechanism, user account control (UAC) in Windows keeps users in standard user mode even if they are members of the administrators group. True or False

True

Vulnerability scanning could be done actively or passively, but penetration testing is always done actively. True or False

True

Which of the following ranges comprise the well-known ports category? a. 0-1023 b. 1-1024 c. 49,152-65,535 d. 1024-49,151

a. 0-1023

RADIUS uses UDP port _______ for authentication. a. 1812 b. 1645 c. 1646 d. 1813

a. 1812

When remote desktop services is used to connect to a remote server what port is used by default on the server? a. 3389 b. 389 c. 88 d. 636

a. 3389

To use the Lightweight Directory Access Protocol (LDAP) in a secure fashion, what port should be used? a. 389 b. 636 c. 443 d. 3389

a. 389

What is the most common port used when connecting an Internet Explorer browser to a proxy server for use with HTTP connections? a. 80 b. 53 c. 21 d. 443

a. 80

Avery has a client who wants him to perform an intrusive scan on their network to find vulnerabilities. What type of security analysis is Avery being paid to perform? a. Active security analysis b. Quantitative security analysis c. Qualitative security analysis d. Passive security analysis

a. Active security analysis

Which of the following can help to secure the BIOS of a computer? (Select the two best answers.) a. BIOS supervisor password b. Disable USB ports c. User password d. Case lock

a. BIOS supervisor password d. Case lock

Daniel is the technician at a small company with no network servers. Each PC has two users, the person who works at that desk and the Administrator. Each user shares their files with co-workers as needed. Daniel's boss asked him to tell her what access control model they are using. What should Daniel tell her? a. Discretionary access control b. Mandatory access control c. Role based access control d. Rule based access control

a. Discretionary access control

Which of the following occurs when an IDS identifies legitimate activity as something malicious? a. False-positive b. Monitoring positive c. Misidentification d. False-negative

a. False-positive

Select the most important element in a network. a. Firewall b. Data loss prevention system c. Proxy server d. Network intrusion prevention system

a. Firewall

You are hired by an organization to test an application that you have internal knowledge of. You are told to conduct the test at the user level. What type of test are you running? a. Gray box b. Black box c. White box d. Sand box

a. Gray box

Which type of hacker has no affiliation with an organization yet will hack systems without malicious intent? a. Gray hat b. Black hat c. Blue hat d. White hat

a. Gray hat

How can Internet Explorer be centrally managed for several computers? a. Group policy b. In the Advanced tab of the Internet Options dialog box c. Active Directory Organizaitonal Units d. The registery

a. Group policy

What are some of the drawbacks to using HIDS instead of NIDS on a server? Select the two best answers. a. HIDS cannot detect network attacks b. HIDS may use lots of resources that can slow server performance c. HIDS cannot detect operating system attacks d. a HIDS has a low level of detection of operating systems attacks

a. HIDS cannot detect network attacks b. HIDS may use lots of resources that can slow server performance

You are developing a security plan for your organization. Which of the following is an example of a physical control? a. ID Card b. Password c. Encryption d. DRP

a. ID Card

Management controls, Operational controls, and Technical controls are the NIST's three compensating security controls. They are part of CompTIA's 2.1 objectives for the Security+ certification. Select the control below that would fall under the category of Operational controls. a. Incident handling b. SDLC c. Access control d. Cryptography

a. Incident handling

In information security, what are the three main goals? (Select the three best answers.) a. Integrity b. Confidentiality c. Auditing d. Availability e. Risk Assessment f. Nonrepudiation

a. Integrity b. Confidentiality d. Availability

Which of the following are examples of virtualization? (Select the best answers.) a. Microsoft Virtual Server b. VMware c. Microsoft Visio d. Microsoft Virtual PC

a. Microsoft Virtual Server b. VMware

What is the best file system to use in Windows? a. NTFS b. FAT c. FAT16 d. FAT32

a. NTFS

Select the three correct statements below concerning share and NTFS permissions. a. NTFS permissions are known as security permissions b. Share permissions apply only to folders c. Modify is a NTFS permission d. Change is a NTFS permission e. NTFS permissions can be granted but not specifically denied f. Read and Execute is a share permission

a. NTFS permissions are known as security permissions b. Share permissions apply only to folders c. Modify is a NTFS permission

Which command(s) disable a service in the command line? a. Net disable b. Net start c. Net stop d. SC config

a. Net disable d. SC config

Which of the following commands can be used to turn a service off? a. Net stop b. Chkconfig <service> off c. SC config d. Net config

a. Net stop

The OSSTMM defines the proper methods for ___________ ? a. Penetration testing b. Vulnerability testing c. Creating and implementing security controls d. Performing risk assessments

a. Penetration testing

Jennifer's boss John, has requested she perform an assessment to determine the probability of a number of risks he has identified, and what impact these risks would have on the organizations network and systems. Jennifer should perform what type of assessment? a. Qualitative assessment b. Quantitative assessment c. Risk mitigation assessment d. Single loss expectancy assessment

a. Qualitative assessment

Which of the following is not a denial-of-service attack? a. Replay attack b. Teardrop attack c. Smurf attack d. Fork bomb

a. Replay attack

What are two ways of discouraging bluesnarfing? (Select the two best answers.) a. Set the device to undiscoverable b. Turn off the device c. Use a difficult to guess pairing key d. Use infrared

a. Set the device to undiscoverable c. Use a difficult to guess pairing key

You use WPA2 with a 256 bit AES encryption key on your wireless network. Your boss is concerned about IV attacks. What should you tell your boss to ease her mind. a. This is the best way to prevent IV attacks. b. You would need to use an IPsec encrypted tunnel to prevent IV attacks. c. You will hide the SSID to prevent IV attacks. d. IV attacks can't be prevented, even with WPA2 and AES.

a. This is the best way to prevent IV attacks.

Which of the following should you implement to keep a well-maintained computer? (Select the three best answers.) a. Update the BIOS b. Use a surge protector c. Update the firewall d. Remove the host based firewall and use a network based firewall

a. Update the BIOS b. Use a surge protector c. Update the firewall

Which of the following are ways to help defend against distributed denial-of-service attacks? (Select the three best answers.) a. Use a "clean pipe" b. Use an IDS c. Use ACL's on switches d. Update stateful firewalls

a. Use a "clean pipe" c. Use ACL's on switches d. Update stateful firewalls

Which of the following ways can help secure a modem? (Select the two best answers.) a. Use the callback feature b. Use telnet c. Mount the modem in common areas so it can be monitored d. Use strong passwords

a. Use the callback feature d. Use strong passwords

Which of the following should be done to maintain and harden a hard disk? (Select the two best answers.) a. Use whole disk encryption b. Sanitize the drive c. Install a third party app to harden it d. Defragment the drive

a. Use whole disk encryption d. Defragment the drive

In a 802.1X authentication mechanism the supplicant is a _________ ? a. Users computer b. User c. Switch d. Wireless access point

a. Users computer

The preprogrammed last rule in a firewall is known as a(n) __________ rule and blocks all traffic not configured to pass through. a. implicit deny b. automatic deny c. explicit deny d. last drop

a. implicit deny

Using a firewall as intended will ___________________ . a. reduce its vulnerabilities b. make a security administrators job easier c. reduce the need for other security systems d. make a network nearly impenetrable

a. reduce its vulnerabilities

Which of the following port numbers is used by the Character Generator? a. 21 b. 19 c. 53 d. 7

b. 19

When SSL is used over LDAP what port is used? a. 88 b. 636 c. 443 d. 389

b. 636

A client computer uses the IP address 10.254.254.189. It has made a connection to a web server by opening the outbound port 1589. The server uses the IP address 65.19.28.154. From your client network you want to filter out any HTTP packets coming from the server. Which IP address and port should you specify to be filtered on your firewall? a. 10.254.254.189:80 b. 65.19.28.154:80 c. 65.19.28.154: 1589 d. 10.254.254.189:1589

b. 65.19.28.154:80

Select the one true statement below. a. Qualitative assessments are precise measurements of risks. b. An ALE assessment only measures past failures, it cannot predict future failures. c. Future failures can be accurately predicted using a MTBF calculation. d. FIT is a more accurate calculation of future failure than MTBF.

b. An ALE assessment only measures past failures, it cannot predict future failures.

Your boss asked you to verify that your Web server is not suseptable to SQL injection attacks. How would you accomplish this? a. Ensure the Web server is up to date on security patches b. Check for input validation vulnerabilities c. Install a host based firewall on the Web server d. Use only HTTPS pages on the Web server

b. Check for input validation vulnerabilities

James doesn't want people to see where he browsed to on the Internet. What is a good way to clear his Internet browsing history? a. Use cross-site scripting. b. Checkmark the "Empty Temporary Internet Files Folder When the Browser Is Closed" check box. c. Clear all cookies in the Advanced Privacy Settings dialog box. d. Use the disk defragmenter.

b. Checkmark the "Empty Temporary Internet Files Folder When the Browser Is Closed" check box.

Which of the following navigational paths shows the current service pack level? a. Click Start, right-click Network, and select Properties. b. Click Start, right-click Computer, and select Properties. c. Click Start, right-click Network, and select Manage. d. Click Start, right-click Computer, and select Manage.

b. Click Start, right-click Computer, and select Properties.

Which of the following can help to prevent spam? (Select the two best answers.) a. Consider technologies that discourage spyware b. Close open mail relays c. use a spam filter d. Run a Trojan scan

b. Close open mail relays c. use a spam filter

You are checking the logs of your web server and notice that someone entered system level commands into an HTML imput field. Which type of attack was attempted? a. SQL injection b. Command injection c. Buffer overflow d. Code injection

b. Command injection

Which of the following is the greatest risk for removable storage? a. Accountability of data b. Confidentiality of data c. Availability of data d. Integrity of data

b. Confidentiality of data

Your boss wants you to make changes to the Internet Explorer programs on 20 computers. To do this quickly, what is the best solution? a. Create a script b. Create a template c. Use a Proxy Server d. Create an Active Directory Organizaitonal Unit

b. Create a template

What access control model is used by highly classified government and military systems, and is the strictest of the access control models? a. RBAC b. MAC c. RMAC d. DAC

b. MAC

Of the following, what are three ways to increase the security of Microsoft Outlook? (Select the three best answers.) a. Increase macro security levels b. Password protect .PST files c. Install the latest service pack d. Increase the junk mail security level

b. Password protect .PST files c. Install the latest service pack d. Increase the junk mail security level

Which of the following type of virus can change every time it is executed in an attempt to avoid Antivirus detection? a. Boot sector b. Polymorphic c. Armored d. Macro

b. Polymorphic

An example of __________ is when an organization decides to not go through with a proposed plan because the risk is too high. a. Risk assessment b. Risk avoidance c. Risk reduction d. Risk acceptance

b. Risk avoidance

Which type of firewall is vulnerable to IP spoofing attacks? a. Circuit level gateway b. Stateless packet inspection c. NAT filtering d. Application level gateway

b. Stateless packet inspection

Using a smart card to open a door falls in the category of something a _____________ and is known as (a) _______ . a. User does b. Token c. Person has d. Person knows e. Multifactor authentication f. OTP

b. Token c. Person has

Which of the following should you include as general browser security practices? (Select the two best answers.) a. Use the latest browser b. Train users c. Use multiple web browsers d. Use a Proxy Server

b. Train users d. Use a Proxy Server

Select the 3 correct ways to protect against war-driving. a. Hide the location of the AP b. Use strong encryption c. Use MAC filters d. Change the encryption key regularly e. Decrease power level of the AP f. Place the AP in a faraday cage

b. Use strong encryption c. Use MAC filters e. Decrease power level of the AP

Which of the following does the "A" in CIA stand for when it comes to IT security? Select the best answer. a. Accountability b. Assessment c. Availability d. Auditing

c. Availability

Which of the following methods of malware delivery is used in computer programs to bypass normal authentication? a. Active interception b. Rootkit c. Backdoor d. Privilege escalation

c. Backdoor

Data emanation is the most common security risk in which cabling? a. Fiber optic b. Unshielded twisted pair c. Coaxial d. Shielded twisted pair

c. Coaxial

Which tab in the Internet Options dialog box of Internet Explorer enables a person to make secure connections through a VPN? a. Content tab b. Advanced tab c. Connections tab d. Programs tab

c. Connections tab

Which of the following attacks uses a JavaScript image tag in an email? a. Directory traversal b. SQL injection c. Cross-site scripting d. Cross-site request forgery

c. Cross-site scripting

Telnet should be replaced with which protocol to increase security? a. TLS b. SSL c. RADIUS d. SSH

d. SSH

_______________ uses TCP port 49 and encrypts entire client-server dialogues. a. LDAP b. RADIUS c. Kerberos d. TACACS+

d. TACACS+

An example of centralized access control is when the CIO requires that only the on-site security administrator at each corporate location is given permission to administer access to resources at that location. True or False

False

Hubs and switches operate in the OSI Data Link layer, or layer 2. True or False

False

Mark has been denied access to the server room by the biometric authentication device, even though he is the Security Administrator and has rights to be in the server room. This is an example of (a) _____________ ? a. Failed SSO b. False positive c. False negative d. Negative federated identity management

c. False negative

Your boss wants you to secure your server's Web transactions. Which protocol and port number should you use to accomplish this? a. LDAP - 389 b. SSH - 22 c. HTTPS - 443 d. SSL over Kerberos - 636

c. HTTPS - 443

To protect against malicious attacks, what should you think like? a. Auditor b. Spoofer c. Hacker d. Network Admin

c. Hacker

Select the type of proxy server below that makes computers behind it anonymous. a. Internet content filter b. Caching proxy c. IP proxy d. Web proxy

c. IP proxy

The CIO has asked Kevin to ensure that any traffic not specifically allowed through permissions, rights, and ACL's be automatically denied by default. This is an example of what access control practice? a. Explicit deny b. Mandatory deny c. Implicit deny d. Least privilege

c. Implicit deny

For information security, what is the "I" in CIA? a. Indigestion b. Information c. Integrity d. Insurrection

c. Integrity

Choose the correct statement below concerning a NIPS. a. They are less susceptible to false negatives than a NIDS. b. When properly configured they can detect problems on individual computers. c. It is an application aware device. d. They cannot read encrypted traffic.

c. It is an application aware device.

Which of the following is an inline device that checks all packets? a. HIDS b. Statistical anomaly c. NIDS d. Personal software firewall

c. NIDS

Which of the following is the best option to use to prevent spyware? a. Whitelists b. Antivirus software c. Personal software firewall d. Windows Defender

c. Personal software firewall

An Internet content filter is a special type of _______________ . a. Web application firewall b. Intrusion prevention system c. Proxy server d. Access control list

c. Proxy server

SLE is a type of _______ a. Qualitative risk assessment b. Risk mitigation_____ . c. Quantitative risk assessment d. Risk acceptance

c. Quantitative risk assessment

Which type of firewall operates at the network layer? a. Circuit level gateway b. NAT filtering c. SPI d. ALG

c. SPI

User Access Control in Windows 7 is an example of ___________ in action. a. Job rotation b. DAC c. Separation of duties d. Implicit deny

c. Separation of duties

Which of the following can best be described as the exploitation of a computer session in an attempt to gain unauthorized access to computer resources? a. DoS b. Domain name kiting c. Session hijacking d. Null session

c. Session hijacking

Which command line command lists the hotfixes installed in Windows?a. Hotfix b. SC list c. Systeminfo d. Fsutil

c. Systeminfo

WPA2-PSK indicates what on a wireless network? a. WPA2-Enterprise is selected as the security mode. b. AES encryption is being used. c. WPA2-Personal is selected as the security mode. d. A smaller encryption key size is being used.

c. WPA2-Personal is selected as the security mode.

Monitoring the network is step number _____ in vulnerability management. a. 6 b. 2 c. 1 d. 5

d. 5

When a Domain Controller uses Kerberos for authentication port _____ will be open. a. 636 b. 334 c. 389 d. 88

d. 88

Timothy complains about a lot of pop-up Windows when he uses Internet Explorer. Which key combination should you tell him to use to close the pop-up Windows? a. Ctrl+Alt+Del b. Windows key c. Ctrl+Shift+Esc d. Alt+F4

d. Alt+F4

Choose the statement below that correctly describes rogue access points and evil twin access points. a. A rogue is both counterfeit and unauthorized, whereas an evil twin is unauthorized. b. A network scan can detect a rogue but not an evil twin. c. A network scan can detect an evil twin but not a rogue. d. An evil twin is both counterfeit and unauthorized, whereas a rogue is unauthorized.

d. An evil twin is both counterfeit and unauthorized, whereas a rogue is unauthorized.

Which of the following is placed in an application by programmers either knowingly or inadvertently to bypass normal authentication? a. Input validation b. Sandbox c. Virus d. Back door

d. Back door

Which of the following is an example of whole disk encryption? a. Windows Vista Ultimate b. Bluesnarfing c. AES d. BitLocker

d. BitLocker

NEXT and FEXT are terms used in measuring which cable vulnerability? a. RFI b. Data emanation c. EMI d. Crosstalk

d. Crosstalk

The most common security risk with twisted pair cable is ___________ ? a. RFI b. Data emanation c. EMI d. Crosstalk

d. Crosstalk

If a server has inbound Port 21 open, what service is it running? a. SMTP b. Kerberos c. SSH d. FTP

d. FTP

Of the following, which can be a security benefit when using virtualization? a. If one virtual machine is compromised, none of the other virtual machines can be compromised. b. Virtual machines cannot be affected by hacking techniques. c. Patching a computer patches all virtual machines running on the computer. d. If a virtual machine is compromised, the adverse effects can be compartmentalized.

d. If a virtual machine is compromised, the adverse effects can be compartmentalized.

Tom sends out many emails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the emails? a. Confidentiality b. Integrity c. Authenticity d. Nonrepudiation

d. Nonrepudiation

Select the access control model that is an implementation of Mandatory access control. a. Discretionary access control b. Enhanced access control c. Role based access control d. Rule based access control

d. Rule based access control

What is baselining? a. The act of securing an operating system and updating it b. A group of updates, bug fixes, and security fixes c. A type of patch management d. The process of measuring changes in networking devices, hardware, and software

d. The process of measuring changes in networking devices, hardware, and software

What is the best option to use to isolate an operating system? a. Antivirus software b. HIDS c. NIDS d. Virtualization software

d. Virtualization software

Which of the following is an example of a personal software firewall? a. Microsoft ISA Server b. Proxy server c. Antivirus software d. ZoneAlarm

d. ZoneAlarm


Set pelajaran terkait

Intro to Catholic Morality Midterm Vocab

View Set

Chapter 10 - Financial Planning with Life Insurance

View Set

Macroeconomics Foothill College Exam Ch: 6-8

View Set

Chapter 12 Social and Emotional Development in Middle Childhood

View Set

PFIN Test 2 Chapter 5, Chapter 6, and Chapter 7

View Set

Unit 15. Insurance-Based products

View Set

CIS 307 Network Telecommunications Midterm

View Set