Practice Test B

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

You've been hired as a security consultant for a company that's beginning to implement handheld devices, such as smartphones. You're told that the company must use an asymmetric system. Which security standard will be best for you to implement

ECC

A security analyst is examining a database server to verify that the correct security measures are in place to protect the data. In which, some of the fields consist of data like people's first name, last name, home address, date of birth, and mother's last name. Which of the following illustrates this type of data

PII

Which of the following threat actors is an unskilled individual who uses tools or programs developed by others to attack computer systems and networks

Script kiddies

In an organization, several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following will be best to prevent this situation from occurring in the future

Security awareness training

Smith works as a network administrator for an organization. He sets up a DNS server on the network and enables DNS service on all computers. However, DNS is not working properly. Which of the following commands should Smith use to verify the DNS configuration

nslookup

You have a lock at your office door. Often you share your keys with some of your trusted colleagues. This is an example of ____

symmetric key sharing

Maria works as a network administrator for an organization that has a TCP/IP-based network, which is connected to the Internet through a firewall. A user complains that he is unable to access one of the site. However, he can access all other sites. Which of the following tools will help her to diagnose the problem

tracert

Which of the following Windows RRAS authentication protocols uses completely unencrypted passwords

PAP

To increase security, TKIP places a wrapper around the WEP encryption with a key based on things such as the MAC address of the host device and the serial number of the packet. What is the size of the wrapper

128-bit

Rose works as a security technician for a company. She is unable to manage a remote server. For enabling this, which of the following ports should be activated on the firewall for remote server management? Each correct answer represents a complete solution. Choose two

3389 22

In an organization, the users usually connect to wireless APs and have speed of 11 Mbps. Which of the following WLAN standards is in use

802.11b

Joe, a security administrator, wants to control traffic on a layer 3 device to support FTP from a new remote site. Which of the following would Joe implement to accomplish this

Access control list

The XYZ medical billing company needs to create a privacy policy for patient data. Hector has been tasked with formulating such a policy. Which of the following types of control is a privacy policy

Administrative

Ann, a network administrator, is worried about the threat of malware on the network. She wants every workstation to install software that will detect worms and Trojan horses. What type of software should she install

Antivirus

As part of the process of calculating risk, Demetrius wants to know the cost of a single breach. What formula should he use for this

Asset Value (AV) * Exposure Factor (EF)

Raul is looking for a cryptography algorithm used for customers' shopping on his company's web site. It is important that users are able to encrypt transmissions without concern over cryptographic key exchange. Which type of cryptography should he use

Asymmetric

Ron, an employee, oversees finding a new web hosting provider and has noticed that the potential choices list an uptime of 99.999 percent. Which term best describes this

Availability

In the case of a major business interruption, the security analysis team has documented the following objectives: expected loss of earnings, potential fines, and potential consequence to customer service. Which of the following documents would include the details of the above mentioned objectives

BIA

A company has received recent reports of equipment thefts from its workstations. Which physical security methods can be used to prevent this from happening? Each correct answer represents a complete solution. Choose all that apply

Biometric lock Mantrap Cipher lock

A smartphone is disk encrypted and screen-lock protected. Which of the following attacks can be used to steal data from it

Bluesnarfing

Loy, a security administrator, wants to successfully recover a user's forgotten password on a password protected file. Which of the following techniques can he use to accomplish this task

Brute-force

Max, a security analyst, is concerned that the application his team is currently developing is vulnerable to unexpected user input that could lead to issues within the memory. Due to which, it is affected in a harmful manner leading to potential exploitation. Which of the following describes this application threat

Buffer overflow

While performing a vulnerability check of a web application, you found that the programmer has allocated 32 bytes for a string variable. He has not performed any check to ensure that more than 32 bytes is not stored in the variable. To which of the following attacks is the application vulnerable

Buffer overflow

Rex, a forensic analyst, received a hard drive from detectives. After receiving, he used a log to capture corresponding events before sending the evidence to lawyers for a court case. Which of the following do these actions indicate

Chain of custody

You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers of the district, they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client

Cold site

Which of the following is the process of investigating a computer system for clues about an event

Computer forensics

Virtualization that does not utilize hypervisors can be accomplished using which of the following

Container

Which of the following helps in reducing electronic noise from devices that would divulge intelligence about systems and information

TEMPEST

Which of the following attacks allows an attacker to enter the malicious data into a Website

Cross-site scripting

Which algorithm is used to create a temporary secure session for the exchange of key information

KEA

You are a security administrator for an online share trading portal. The trading portal is closed for customers during weekends. You notice that the portal is receiving large number of traffic from various external networks during a weekend. Which type of attack are you most likely facing

DDoS

You are the security administrator for a consulting firm. One of your clients' needs to encrypt traffic. However, he has specific requirements for the encryption algorithm. It must be a symmetric key block cipher. Which of the following should you choose for this client

DES

You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls. One firewall between the Web server and the outside world. The other between the Web server and your network. What is this called

DMZ

A company wants to direct secure transactions of large data files. Before encrypting and exchanging the data files, the company wants to make sure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange

Diffie-Hellman

You are responsible for security at a defense contracting firm. You're evaluating various possible encryption algorithms to use. One of the algorithms you're examining is not integer-based, uses shorter keys, and is public key-based. What type of algorithm is it

Elliptic curve

You want to use some amalgamation of computer hardware and software to perform particular functions within a larger system. Which of the following will you use to achieve this

Embedded system

After recovering from a data violation in which customer data was lost, the working team meets with the CSO (Chief Security Officer) to find better ways to protect the privacy of customer data. Which of the following will help the working team members to achieve this goal

Encryption and stronger access control

Rex, a security administrator, has a firewall with an outside network connected to the Internet and an inside network connected to the business network. Which of the following should the administrator change to divert traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080

Establish a static PAT from port 80 on the outside network to the internal network on port 8080.

Pete, a security manager, wants to have a backup plan in case power is lost for more than a few hours. Which of the following solutions should he implement

Generator

Your company decides to purchase a cloud computing service. Which of the following is highly ensured in the cloud computing environment

High availability of data

The security team of an organization has trapped an attacker in an isolated environment where they are being monitored. The team has also tricked the attacker into believing that they are causing damage to the organization's systems. Which of the following practices is used by the security team

Honeypot

Which of the following statements are true about asymmetric encryption? Each correct answer represents a complete solution. Choose two

In asymmetric encryption, the public key is distributed and the private key is available only to the recipient of the message. It uses a public key and a private key pair for data encryption.

A security administrator wants an employee who uses email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. In this scenario, a security administrator is concerned about which of the following types of security control

Integrity

Which of the following statements are true about the RSA algorithm? Each correct answer represents a complete solution. Choose three

It is an asymmetric algorithm. It uses large integers as the basis for the process. It works with both encryption and digital signatures.

Jennifer, a technician, has assigned a task to implement a new network based anti-virus product. For this, she has to assess all potential problems with the new system, so that she can prepare an analysis for the CIO. What problem might occur due to false positives

It is possible that a file will be mistakenly treated as a virus.

Which of the following statements are true about incremental backups? Each correct answer represents a complete solution. Choose two

It is the fastest method of backing up data. It backs up only the files changed since the most recent backup and clears the archive bit.

Bob is a network engineer with over 10 years of experience, and multiple industry certifications including CompTIA Security+. He is very well versed in security and networking. His current job responsibility is to handle the email servers of his company. His account is only a member of the email server admins group, and not the domain admins group. What is this an example of

Least privileges

In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence

Lessons learned

Max, a network administrator, wants to make sure that only those computers that he has authorized can connect on his network. What is the most appropriate security measure he will recommend

MAC filtering

You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a 128-bit hash value. Which of the following should you use

MD5

Juan is a computer forensics investigator. He has just received a Windows 7 computer suspected of containing evidence of identity theft. Which of the following should be done first

Make a bit stream copy of the hard drive.

An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to

Multifactor

The use of single sign-on eliminates the need for which of the following items

Multiple usernames and passwords

You have put various security devices on your network. Which of the following network devices can detect the suspicious behavior, but cannot react to it

NIDS

You want to stop malicious traffic from affecting your company's web servers. Which of the following will help you accomplish the task

NIPS

Sia, a cybersecurity analyst, wants to use a command utility to identify open ports and running services on a host along with the application associated with those services and port. Which of the following should she use to achieve this

Netstat

Penetration or vulnerability testing takes a passive approach rather than trying to break into the network is known as which one of the following

Nonintrusive testing

A network administrator wants to implement the multifactor authentication technique to secure the company's data center. Which of the following possible methods should the administrator use? Each correct answer represents a complete solution. Choose two

Password and fingerprint scan Retina scan and PIN

Smith, a security technician, has been given a task to identify, locate, and resolve security issues of the server. Which of the following tools will he use? Each correct answer represents a complete solution. Choose two

Port scanner Protocol analyzer

Rex, a security administrator, wants to prevent unwanted people from viewing the data on mobile devices if the device is left unattended. Which of the following should he implement to achieve this

Screen lock

Which of the following can be used to determine whether accounts have been established properly and verify that permission creep isn't occurring

Privilege audit

Which of the following RAID best represents disk striping with parity and contains a minimum of three disks

RAID 5

Which access control method is primarily concerned with the role that individuals have in the organization

RBAC

Which of the following is a collection of documents that details standards and protocols for Internet-related technologies

RFC

Eric is a security administrator of uCertify Inc. John, a sales manager, reports Eric about an e-mail through which an attacker is asking for money to decrypt the source code that he has encrypted. Which of the following types of threat is it

Ransomware

Rex, a software developer, during a code review notices a security risk that may result in hundreds of hours of rework. The security team has classified these issues as low risk. So, the management has decided that the code will not be rewritten. This is an example of which of the following risk response techniques

Risk acceptance

Which of the following is a process of shifting the risk to a third party, together with the ownership of the response

Risk transference

Which of the following provides real-time analysis of security alerts generated by applications and devices

SIEM

Which component of an IDS collects data

Sensor

Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users

Shielding

Joe, a security administrator, wants to enhance the security of an organization by providing hardware based cryptographic processing and secure key storage for full-disk encryption. Which of the following should he implement to achieve this

TPM

What encryption process uses one message to hide another

Steganography

Brena, a security analyst, notices that external users are constantly reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices will she implement to prevent this issue

Stress testing

Arthur plans on gaining physical access to your server room by walking through the front door right behind someone else while pretending to use crutches. Which form of social engineering does this entail

Tailgating

Rick and Sasha are security guards of your organization. They are on duty at the data center gate. As the number of staff is quite high, this location has lots of traffic. The guards must be concerned for which of the following attacks

Tailgating

You are revising the acceptable use policies for your company. Which of the following items should be covered by your company's acceptable use policy? Each correct answer represents a complete solution. Choose two

The specific permitted and prohibited uses of Web pages including what pages, types of pages, and purposes that Web pages can be used for. The specific permitted and prohibited uses and purposes of email.

You work as a security administrator of Tech Perfect Inc. You decide to use the RAID 5 volume disk configuration on one of your servers that run Windows Server 2008 for fault tolerance. What is the minimum number of disk drives required for implementing RAID 5 volumes

Three

Azim is beginning an investigation of a suspect computer with a Windows operating system. He takes several screenshots of the computer with the task manager window open before shutting it down to make a copy of the drive. What is the best reason to do this

To show running processes on the machine

You work as a network administrator for an organization. The organization wants to ensure that the server room should be highly secured. To implement this, the organization wants that anyone who has right to authenticate himself should enter a password, which changes at every 60 seconds. Which of the following identification and authentication techniques will you select to accomplish the task

Token

Mary has found a project risk that could harm project team members. She does not want to accept any risk where someone could be harmed on this project, so she employs a professional vendor to complete the critical part of the project work. This workaround to the risk event is known as what type of risk response

Transference

You're concerned about the operating systems on your servers, especially on your Web server. Which of the following critical operating system hardening techniques would you implement on your Web server? Each correct answer represents a complete solution. Choose two

Update patches. Shut down unneeded services.

Mark needs to have hosted server operating systems isolated from each other to prevent a security breach of one operating system from spreading to another. What is the most cost effective way for him to do this

Use virtualization to host operating systems

Emily works as a network administrator for uCertify Inc. She has been given a task to extend network segment through which employees working from home will transmit data securely across the Internet. Which of the following will help her to complete the task

VPN

A companies headquarter is connected to its remotely located branch offices by creating secure tunnels across the Internet. The terminating end at the headquarter requires heavy data processing. Which of the following devices should be used for this purpose

VPN concentrator

Rena works as a security manager for a company. She's working in a partly equipped office space which accommodates some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is she working

Warm

John wishes to configure his network so that only the appropriate servers are located in the DMZ. Which of the following servers would he most likely put into a DMZ

Web Server

An organization has recently launched a new billing invoice website for a few key vendors. Emily, a security analyst, is receiving calls that the website is performing slowly and the pages sometimes display time out errors. The analyst discovers the website is receiving millions of requests, causing the service to become unavailable. Which of the following should she implement to maintain the availability of the website

Whitelisting

What type of program exists primarily to propagate and spread itself to other systems

Worm

An attacker exploits actual code of an application and uses a security hole to carry out an attack before the application vendor knows about the vulnerability. Which of the following types of attacks is this

Zero-day

Adrian knows the host names of all the computers on his network. He wants to find the IP addresses of these computers. Which of the following TCP/IP utilities can he use to find the IP addresses of these computers remotely from his computer? Each correct answer represents a complete solution. Choose two

ping tracert


Set pelajaran terkait

Chapter 7 - Virtualization and Cloud Computing

View Set

Chapter 5; Porifera and Placozoa

View Set

Human Motivation: Chapter 11: Nature of Emotion - Five Perennial Questions

View Set

CH. 3 - Business Idea Generation and Initial Evaluation

View Set