Security Plus Chapter 7-12 Practice Final
Which of the following is NOT an asymmetric encryption algorithm?
3DS
Computer room humidity should ideally be kept at what percent?
50%
Which of the following statements is true?
A virus requires a user action to propagate & infect other host systems.
A programmer that fails to check the length of input before processing leaves the code vulnerable to what form of common attack?
Buffer overflow
Which of the following is NOT a goal of information security?
Archival
Which of the following is a solution that addresses physical security?
Escort visitors at all times
Which of the following security device uses some biological characteristic of human beings to uniquely identify a person for authentication?
Biometric
Which method of attack against a password happens when an attacker tries many different combinations of alphanumeric characters until successful?
Brute Force
Which method of code breaking tries every possible combination of characters in an attempt to "guess" the password or key?
Brute Force
Which of the following dictates that educational institutions may not release information to unauthorized parties without the express permission of the student?
FERPA
Which U.S. government agency is responsible for creating and breaking codes?
NSA
Individuals who specialize in the making of codes are known as which of the following?
Crpytographers
Which of the following is primarily subject to an SQL injection attack?
Database Servers
Which of the following can be used to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?
Deploy a mantrap
You are the administrator of a website. You are working when you suddenly notice web server and network utilization spike to 100% and it stays there for several minutes. Network users start reporting "Server not available" errors. You may have been the victim of what kind of attack?
DoS
Your company is getting rid of old 1GB USB flash drives that contain sensitive data. What is the proper method of disposing of this type of storage media?
Drilling a hole into the flash memory component of the USB drives and then discarding them
Which of the following statements about electrostatic discharge (ESD) is not correct?
ESD is much more likely to occur when the relative humidity is above 50%
Which of the following is used to provide EMI & RFI shielding for an entire room of computer or electronic equipment (also used to prevent eavesdropping)?
Faraday cage
Which of the following prohibits banks from releasing information to nonaffiliated third parties without permission?
Gramm-Leach-Bliley Act
Which U.S. regulation dictates the standards for storage, use, and transmission of personal medical information?
HIPPA
Which type of policy determines if information is secret, top-secret, or public?
Information classifications policies
An End User License Agreement (EULA) for software would typically be considered what classification of information?
Limited Distribution
Which U.S. government agency publishes lists of known vulnerabilities in operating systems?
NIST
Which PKCS standard is the standard for password-based cryptography?
PKCS#5
On the outer edge of physical security is the first barrier to entry. This barrier is known as which of the following?
Perimeter
Locking the door(s) to the server room involves what kind of security?
Physical
A digital file containg a comany's proprietary processes and strategic information would be classified as which of the following?
Restricted
Which type of virus attacks or bypasses the antivirus software installed on a computer?
Retrovirus
Which of the following is a hashing algorithm?
SHA
Which of the following is a slang term for unwanted commercial e-mail?
SPAM
Which kind of security attack is a result of the trusting nature of human beings?
Social Engineering
Which of the following is an internal threat?
System Failure
Which fire extinguisher type is the best to be used on computer equipment in the case of a computer fire?
Type C
Which "X." standard defines certificate formats and fields for public keys?
X.509
Which of the following is not a component of Public Key Infrastructure (PKI)?
XA
Which of the following is an attack that inject malicious scripts into Web pages to redirect users to fake websites or gather personal information?
XSS
Which of the following is the term for an area in a building where access is individually monitored and controlled?
man trap
Which of the following is a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client (like it's IP address).
Spoofing
What kind of cryptographic method replaces one character with another from a "match-up list" to produce the ciphertext?
Substitution cipher
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view.Which tool can you implement to prevent these windows from showing?
pop-up blocker