CASP+ Study

Ace your homework & exams now with Quizwiz!

Which of the following is a commonly used diagramming and charting tool?

Lucidchart

T/F. NetFlow only contains information about the packet from the header and doesn't contain any information about its contents.

True

T/F. The "break and inspect" technique allows an organization to place their network sensors to monitor the traffic inside of a TLS/SSL connection.

True

T/F. The phrase "Where Are You From?" (WAYF) is generally used to characterize identity provider discovery.

True

T/F. Total Cost of Ownership is compared against both the organization's own trend and against its business competitors' trends.

True

T/F. VM migration Multiple owners and custodians operating on the same Type 2 hypervisors is a security vulnerability. True or False?

True

T/F. Vulnerabilities with virtual machines are often found as a result of a hacker contest with a cash reward?

True

T/F. Wearables often rely on unencrypted communications between the device and a smartphone or computer.

True

T/F. Zero-day vulnerabilities are exploits for which we have no patch and zero-day malware is something for which we have no method to detect.

True

What is considered a proper IPv6 address representation?

2001:0ba3::8256:02f7:abe3

What port must be open on the firewall to allow VNC traffic to pass through?

5900

What port or ports on the firewall must you open to allow FTPS to operate properly?

989, 990

What authentication method sends the password over the network in cleartext?

PAP

Which one of the following would most likely affect a large retailer that conducts many credit card transactions a day?

PCI-DSS

What are some of the emerging advanced best practice for analyzing cyber defense trends?

-Using heuristic machine-learning and neural networks -Big data analysis using Hive over Hadoop -Data science and statistical analysis with the R programming language

Which of the following are some of the *external* influences for the security practitioner to consider?

-Vendors -Regulators -Lenders

Which of the following are some of the common tools run on a host computer system?

-Command line tools -Antivirus -File integrity monitor -Log analysis tool

Which of the following contribute to increases risk due to the introduction of new products?

-Commodization of devices -Internet of everything -Internet of things

What are terms associated with Software Defined Networking?

-Control plane -Data plane -Management plane

Which are examples of categories of security controls?

-Corrective -Preventive -Detective

What are types of availability control?

-Load balancing and clustering -Redundant hardware and fault-tolerance -Service level agreements

Which of the following are common valid corporate options for Bring-Your-Own-Device (BYOD)?

-Access while preventing local storage of data -Access with IT control over personal devices, apps, and stored data -Access only to non-sensitive systems and data -Unlimited access for personal devices

Which of the following are key data security conisderations?

-Aggregation -Ownership -Remnants -Isolation -Non-repudiation

Which of the following are valid ways to overcome a physical locking control?

-Lock Picking -Lock Bumping -Lock Breaking

Which element does ABAC rely upon?

-Attributes of the subject -Attributes of the object -A formal relationship -Environment conditions

Which of the following demands an AUP sanctioning in your written security policy?

-Augmented reality -Mobile device cameras -Mobile device audio recording

Which of the following are common mediated access (proxy) services deployed in modern enterprise networks?

-Authentication and identity proxy -Application Layer Gateways (ALGs) -Encryption proxies -XML coding translation

Which of the following entities are successfully reverse engineered on a regular basis?

-Benign code -Structured APT attacks -Web sites

Which certifications focus on the attacker's methodology?

-CEH -OSCP -Pentest+

Which of the following are common C-Suite members in the enterprise?

-CISO -CIO -COO -CEO

Which of the following questions do you need to address before entering into an outsourcing agreement?

-Can your outsourcing provider meet all the legal and regulatory requirements you want them to handle on your behalf? -Does the outsourcing agreement make it clear who is responsible for what security measures? -Have you done a proper risk analysis of the functions being outsourced?

Which of the following statements is true concerning provisioning and de-provisioning of virtual machines?

-De-provisioning affects data and code leakage and loss -Change and configuration management tools are available for private or public cloud -Need to audit weekly usage and spinning of virtual instances

What are the 3 types of KPIs?

-Decision-making -Variance control -Visibility

Which of the following are methods for reacting to device loss or theft?

-Device tracking -Remote wipe -Remote lock

What are examples of Personal Identifiable Information?

-Digitized version of an employee's thumbprint -Social Security Number -Date of Birth

Which of the following activities are typically conducted by the Human Resources department?

-Dispensing policies to new hires -Conducting background and credit checks -Policy warnings and punitive enforcement

Which of the following settings CAN be assigned to a switch port using the Dynamic Trunking Protocol?

-Dynamic Desirable -Dynamic Auto -Trunk -Access

Which of the following is true concerning RADIUS?

-Earlier implementations used UDP ports 1645 and 1646 -It uses a client-server model -It excels in the AAA accounting service

Which of the following are factors that cause policies, procedures, and processes to be modified over time?

-Environment -Regulations -Technology

Which of the following are uses cases for cryptographic hashing?

-Non-repudiation -Authentication -Data integrity -Fingerprinting

Which of the following are valid models or frameworks that are commonly used outside of the United States?

-OBASHI -IDABC -ITIL

Which of the following statements *ARE TRUE* concerning Least Functionality?

-Explicitly limits the use of protocols and ports -Systems are configured to only offer essential capabilities -Overtly prohibits the use of functions and services

When integrating diver industries, which of the following are likely to be a problem when combining two geographically diverse organizations?

-Exportation of encryption technologies -Different Cultures -Differing privacy regulations

Which of the following is a highly regulated industry?

-Healthcare -Broadcasting -Banking

Which of the following Cisco switch security features can leverage the DHCP snooping binding table?

-IP Source guard (PACLs) -Dynamic ARP inspection (DAI)

What are the components of the Policy and Process Management Life Cycle?

-IT Risk Assessment -IT Risk Identification -Risk Response and Mitigation -Risk and Control Monitoring and Reporting

Which of the following activities occur during the data breach analysis process?

-Identify breach severity -Notify all affected parties -Quarantine and isolation

When making changes in order to adapt for the best solution, which of the follow is important to perform?

-Identify disruptive technologies -Ascertain security trends -Recognize emerging threats

Which of the following are goals of an analytical AAR?

-Identifying problematic issues and areas for improvement -Recommending measures to counteract challenges -Forming the lessons learned

For which functions do Cryptographic processors execute cryptographic algorithms within the hardware?

-Protection against tampering -Secure I/OS -Acceleration of encryption

Which of the following statements are true concerning the need to provide objective guidance and recommendations?

-Impartial recommendations will need to be made to staff and senior management on security processes and controls -Personal and group communication skills are important -Visibility tools and objective reports should be implemented

What are the phases of the Electronic Discovery Reference Model (EDRM)?

-Information Governance -Identification -Preservation -Collection -Processing -Review -Analysis -Production -Presentation

The first five Center for Internet Security (CIS) controls will allow you to create baselines and ongoing benchmarks to eliminate the majority of enterprise vulnerabilities. Which of the following are in the top 5 controls?

-Inventory of Authorized and Unauthorized Software -Secure configurations for Hardware and Software -Controlled Use of Administrative Privileges -Continuous Vulnerability Assessment and Remediation -Inventory of Authorized and Unauthorized Devices

Which of the following are true about stream ciphers?

-Its pseudorandom generator should be unpredictable -Stream ciphers can produce a One-Time Pad -It encrypts 1 bit or byte of plaintext at a time

Which of the following *ARE* client-side processing applications?

-JavaScript -Browser extension -ActiveX

Which of the following are document and collaboration solutions?

-Microsoft SharePoint -AWS Glacier -Google Drive

Which of the following would commonly be used with big data?

-MongoDB -R programming -Apache Hadoop

Programmers will often contribute their development and scripting expertise for which of the following?

-NGFW regex rules -Machine learning modules -Custom IPS signatures

Which of the following would be considered emerging evolving technologies?

-OpenDNS -Hashgraph -Quantum computing -Blockchain

What are some of the *MAJOR* problems with cookies?

-Out-of-sync with browser Same-Origin Policy (SOP) -Cookie manipulation attacks are rampant -Cookies were originally poorly designed

What are major types of business models?

-Outsourcing -Partnerships -Cloud

What are some common types of mobile authentication methods?

-PIN -Gestures -Biometrics

Which of the following are features of most modern EDR systems?

-Patch management -Anti-spyware -Anti-malware -Spam filtering

Which of the following are valid ways to countermeasure application vulnerabilities?

-Perform regular patch management -Test in cloud before deployment -Use digitally signed code -Implement change and configuration management

What are some common methods of social engineering?

-Phishing -Dumpster diving -Tailgating -Phone call hoaxing

Which of the following are common threat agents that will take advantage of a data leak or data loss breach?

-Press or media services -Competitors -Disgruntled internal users -Cyber Criminals

Which of the following is a type of cloud architecture?

-Private -Public -Hybrid

What security implementations would be appropriate when securing your SSH server?

-Properly configure ACLs, iptables, and TCP wrappers to control access to SSH enabled devices -Disable root login access to devices that have a root account -Only allow version 2 to be utilized

Which of the following cryptographic protocols are recommended for transport security using TLS?

-RSA -SHA-1 -ECDSA -AES-256

Which of the following would be considered part or the global IA industry?

-Research consultants -Conferences -Conventions -Security Product Vendors

The organization should continuously monitor performance of the system to ensure that it is consistent with pre-established user and security requirements. Which of the following are valid tools for monitoring and maintenance?

-SIEM -NetFlow Collectors -Syslog Servers -SNMP NMs

Which of the following are leading security tool vendors?

-Splunk -Magnet Forensics -Rapid7

What are the common threats to conferencing services?

-Stolen PINs -Stolen static phone numbers -Fake vanity URLs -Social engineering

Which of the following are valid and reliable inputs for using expert judgement to solve problems with information security?

-Subject matter expertise of stakeholders -Third-party regulators and compliance auditors -Lessons learned from after-action reports -Legal teams and insurance providers

Which of the following are considered trusted systems?

-TOMOYO Linux -Ubuntu AppArmor -SELinux

Which statements are true about video and audio files?

-They can use up a lot of network bandwidth -They are often used as carriers for steganography -They are prime targets for ransomware encryption

Which of the following statements accurately describes a hunt team?

-They may often be compliance officers -They are investigators who aggressively seek out threats on a network -The members often dig through data to fix security problems and replicate bugs

Which of the following are reasons for an application to be de-provisionined?

-Unsecure coding practices -Support problems with the vendor -Transitioning to a SaaS solution -Compliance or regulatory issues

Which of the following are valid application vulnerabilities or issues?

-Unsecure direct object references -Privilege escalation -Improper storage of sensitive data -Improper error and exception handling

What are valid methods of prototype testing?

-Use a hybrid clouds for application and system development with GCP or AWS -Lease time for on public clouds to generate pilot tests for security solutions -Create prototype labs with private virtualization tools

Which of the following are common component options that would be deployed specifically for data flow security in the enterprise?

-WIDS -DAM -NGFW -DLP

Which of the following are common examples of wearable technology?

-Watches -Headsets -Glasses -Medical sensors

Which of the following are examples of IoT or IoE devices?

-Wearable technology -Smart HVAC -SoC -IP Video

Which questions about metrics are covered by the organizational guidelines?

-Which metrics will be collected? -When are the metrics collected? -Who will collect the metrics?

Your current domain controller is servicing 500 users. The maximum capacity of your domain controller is 1,000 users. Based on your trend analysis, you determine that your company has been adding 50 users per week to the domain controller. How many weeks do you have before this domain controller reaches its maximum capacity?

10 weeks

What Federal Information Processing Standard (FIPS) requires each asset or system to receive a score of Low, Moderate, or High for each tenet of information security?

199

What document commonly has a section on lessons learned for future continual improvement of programs and projects?

AAR

Which of the following is an open standard as opposed to a de facto or de jure standard?

ANSI

Which of the following is another way to represent Single Loss Expectancy?

AV x EF

In the Systems Development Life Cycle what is another term used for the Development phase?

Acquisition

What type of control is Separation of Duties considered?

Administrative

Which one of the following is an ongoing evaluation and confirmation process that helps enterprises reduce risk by comparing users and entities (like mobile devices) with access to systems and applications?

Attestation

You are making a transition to a new system. In the asset disposal phase, plans are typically developed for discarding all but which of the following?

Archived documents

How often should you conduct your internal security audits?

At least annually

When 802.1x is used in a wireless network, what role does the WAP fulfill?

Authenticator

What is the general agreed upon set of procedures to get back to normal operations during and after a major event occurs?

BCP

What process refers to the plans and processes used during a disruptive event?

BCP

What type of hypervisor runs directly on the hardware?

Bare-metal

According to the Harvard Business Review, what is "an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way"?

Blockchain

Which of the following exercise teams will attempt to discover and keep out the other team as well as perform incident response when necessary?

Blue team

What type of wearable device is used by policy, security officers, and the military to record the perspective of the wearer?

Body cameras

What is the most basic shell available on a UNIX host?

Bourne shell

What is the term for the minimum number of login errors that must occur before an alert is created?

Clipping level

Which de-perimeterization technology uses public, private, hybrid, or community architectures?

Cloud Computing

What mobile device deployment model allows an employee to select a device from a list of approved vendors or devices?

CYOD

What specific Security-as-a-Service offering is implemented between a cloud customer and the CSP to act as a gatekeeper for SaaS solutions?

CASB

What service is commonly used with SaaS to facilitate performance, security and identity for sanctioned and unsanctioned apps in the enterprise?

CASB (Cloud Access Security Broker)

Which of the following represents systems like WordPress, Joomla, and Drupal that are prime targets for web hackers?

CMS (Content Management System)

What term describes a pseudo-random number generator that is suitable for cryptographic applications

CSPRNG (Cryptographically Secure Pseudo-Random Number Generator)

If you are going to permit IM in the enterprise, which feature is most likely to be retained and allowed in the AUP?

Chat

Which of the following commonly uses cleverly modified iFrames, style sheets, and text boxes to perform a redress exploit?

Clickjacking

What is the most common use of NFC in mobile devices?

Communicate payment from a digital wallet

What type of cloud deployment uses a private or public solution shared only between trusted or affiliated groups?

Community

Digital signatures are the most common S/MIME service. Which security features are not offered by S/MIME signatures?

Confidentiality

Which service is not provided by digital signatures?

Confidentiality

Which tenet of information security would you be ensuring by implementing BitLocker to encrypt the data at rest on your hard drive?

Confidentiality

What is the third stage in the Incident Response process?

Report

What method, closely related to and often combined with ASLR, prevents certain memory sectors (e.g. the stack) from being executed?

DEP

What feature will best prevent the leakage of information like credit card data, social security numbers, and corporate intellectual property?

DLP

What type of software could be installed to prevent data from being emailed to anyone outside your department or organization?

DLP

In which zone should you host your external facing web-server?

DMZ

Which of the following is an IPv6 translation strategy where A DNS server synthesizes AAAA records from the A records when asked for a domain's AAAA records, but only finds A records?

DNS64

What vital technology was developed to protect against naming service attacks by digitally signing data so one can be assured of the validity?

DNSSEC

What type of administrative control is Job Rotation considered?

Dectective

What is the second step of the Extreme Scenario and Worst-Case Scenario Planning process?

Determine what the organization wants to protect

What term BEST describes having investigated all reasonable measures to address a given risk?

Due Diligence

Certificates must be installed on both the client and server in which authentication method?

EAP-TLS

What is the best protection against a DDoS attack?

Elastic cloud infrastructure

Which of the following security-related job roles deals with service contracts, maintenance issues, financial planning, repairs, and efficiency improvements as part of day-to-day tasks?

Facilities management

T/F. A Baseline is a defined metric that is a reference point captured in a specific instant in time.

False

T/F. A memorandum of Understanding (MOU) is written by lawyers and is contractually binding?

False

T/F. ACL entries are processed in order, therefore it is important to have the least specific rules list at the top of your ACL.

False

T/F. After a major incident, the incident response team should be given time off of work to recover before conducting a fact-finding meeting?

False

T/F. An Interconnection Agreement (ICA) is used to dictate the security controls that each party in the partnership must utilize to protect the data being exchanged

False

T/F. It is not necessary to test patches from your operating system vendor prior to installation in your live network since they have already tested them in their labs.

False

T/F. Qualitative Risk Analysis uses numeric values and monetary values for all parts of the risk analysis.

False

T/F. Return on Investment is always measured in terms of a quantifiable amount of money.

False

T/F. Return on investment calculates the overall cost of securing the organization.

False

T/F. Sideloading occurs when a user installs an app through an official application store like the Apple App Store or Google Play Store

False

T/F. Steganography protects data while cryptography conceals data content.

False

T/F. There is always a correct answer to information systems security questions. There is no art to it, it is all based on data and metrics.

False

T/F. When you outsource a service, you have passed the legal and regulatory responsibility to the outsourcing provider.

False

T/F. You should conduct a Risk Assessment on every system and component in your network.

False

Which of the following scenarios is characterized by a system administrator entering so many failed logon attempts that an SNMP trap fires and the user's IP address is blocked on an IPS inline sensor?

False Positive

What is the term for the common grouping of settings applied to a set of users or hosts?

GPO

What term refers to the process of limiting mobile employees to a precise geographic locale by tracking them using GPS?

Geofencing

What is process of adding geographical identification metadata to media such as photographs, videos, websites, and SMS messages?

Geotagging

What technique will often use AngularJS to modify a request made by the $http service both before it is sent and after it returns?

HTTP interceptor

What system uses a knowledge-based inference engine and rule-based programming to detect malicious activitiy?

Heuristic-based IDS

What type of software code/package should be installed immediately to solve a security issue?

Hot fixes

What form of deployment, such as V Cisco HyperFlex M5, expands on SDN concepts?

Hyper-converged

What type of new technology creates unique security challenges for enterprise networks?

IOT

What technique allows for a NIC to be managed out-of-band even when the device is powered off?

Intel AMT

Which type of agreement should be used between two smaller companies that are owned by the same larger company?

Interoperability Agreement

You have been reviewing the log files for your file server and noticed that the disk utilization is currently at 50%. According to your baseline, the normal disk utilization is around 30%. What should you do?

Investigate the reason fro the abnormally high utilization

Which of the following statements is accurate concerning the act of jailbreaking?

It allows the installation of third party apps not approved by Apple's strict controls

What is an inventory strategy used to increase efficiency and decrease waste4 by receiving goods only as needed in the production process?

JIT

What is the result of the Check and Act phases of PDCA when data is analyzed and presented?

Knowledge

Which one of the following business metrics would best measure delays in delivering unified communications, VPN access, incident response, and data replication?

Latency

What is *NOT* a criteria used in ranking and categorizing threat actors?

Location

What technology allows for the centralized management over a wide variety of mobile devices?

MDM

What technology is often used to conduct remote assistance on a mobile device user's device?

MDM

Which of the following is part of Intel's TXT initiative that describes platform-level improvements that offer building blocks for developing trusted platforms?

Measured Launch

Which document should you use if you want to formalize what data can be shared in the development of a product without fear of trade secrets being stolen?

NDA

You want to wave your smartphone over a compatible device to send information without needing to touch the devices together or go through multiple steps setting up a connection. What technology do you want to use?

NFC

What does the acronym NVD stand for?

National Vulnerability Database

What is an effective command to use when you need to display the NetBIOS over TCP/IP protocol statistics?

Nbtstat

What term best describes configuring a router or a switch solely on the console port or through a switch that is not bridging any corporate production or data traffic?

OOB management

What technique looks for information in public records, social media, online searches?

OSINT

What technology is used to provide wireless firmware, and operating system updates to a mobile device?

OTA

Which one of the following is an online community that offers free articles, methodologies, documentation, tools, and technologies for specific application security?

OWASP

Which one of the following is a basic identity layer on top of the OAuth 2.0 protocol?

OpenID Connect 1.0

In which cloud service model are the applications and data managed by the customer, while the rest is managed by the cloud service provider?

PaaS

Which of the following is *NOT* yet a common biometric authentication method for a mobile device?

Palm scan

Which one of the following statements is *TRUE* when comparing penetration testing to vulnerability assessment?

Penetration testing is more likely to disrupt productivity

How do you describe a scenario where a program is running on a laptop that was downloaded over a VPN connection from a headend device fro the purposes of network admission control that stays on the system after a reboot?

Persistent and agent-based

What *BEST* describes a technology's ability to fulfill its intended purpose or the efficiency with which it fulfills it?

Performance

Which technology, intended to supplement or even supplant the chain of trust, serves as an "allow list" of digital certificates that your company will use for HTTPS?

Pinning

What term best describes the technique of using an instance as a foothold to move around inside of an internal network or system?

Pivoting

What is the second step of the Forensic Investigation process?

Preservation

Which main category of data persistence provides no persistence at all is in memcahce?

Pure in-memory

How of ten must an audit be conducted according to the PCI-DSS standard?

Quarterly

What type of RAID is also called disk mirroring?

RAID 1

Which acronym commonly represents a combination of hardware and software that connects a client system to a host computer?

RAS

You are deploying SSL/TLS 1.2 on a public web server in your corporate DMZ. Which of the following cryptographic protocols should you avoid?

RC4

Which protocol is commonly used on Windows systems to create a remote window connection to another system?

RDP

What mechanism is commonly used by browsers as the main language of the Internet by such sites as Amazon, Google, LinkedIn and Twitter?

REST (Representational State Transfer)

What ISP technique uses routing protocol updates to manipulate route tables

RTBH (Remotely Triggered Black Hole)

Which of the following business metrics would best measure resilience, database and transaction restoration, and the effectiveness of disaster recovery site selection?

Recoverability

Which networking service has a specialty use for help desk, service desk, technical, and customer support teams?

Remote assistance

Which of the following is the *MOST* volatile from a data forensic standpoint?

Routing table

Which type of business model was introduced in the late 1950's to support new small business and entrepreneurs?

S Corporation

What device converts sensor readings into digital data for sending over a network?

SCADA

Which of the following is a protocol used for enrollment and other Public Key Infrastructure functions?

SCEP (Simple Certificate Enrollment Protocol)

Which of the following is inserted into a slot located on various electronic devices like mobile devices like mobile phones, video game consoles and cameras primarily to store and transfer data?

SD

Which technology can allow cloud computing services to provide automated, on-demand application delivery and mobility at scale leveraging the benefits of data center virtualization?

SDN

Which of the following is *NOT* a client-side processing application?

SOAP (Simple Object Access Protocol)

If your organization is a publicly-traded corporation, which regulation would MOST likely apply to you?

SOX

What can provide a grid template for a software or system design document and requirements definition?

SRTM

What type of SSL connection is used to allow a user to gain access to multiple services on a web server?

SSL portal VPN

Which cloud augmented service creates a partitioned virtual environment to replicate exploits and zero-day attacks on endpoints?

Sandboxing

Which element of a data breach response would be most applicable for evaluating the spread of a DDoS attack throughout the management VLAN?

Scope

What term describes the process of deleting data from an audit log?

Scrubbing

Which of the following design considerations assume that the application is natively secure without any modifications or additional controls?

Secure by default

What term describes a security circuit designed to perform secure services for the rest of the SoC?

Secure enclave processor (SEP)

What will provide the *BEST* Return on Investment (ROI) for the security of the network?

Security Awareness Training

Which of the following methodologies is often suitable for worst-case scenarios as long as the risks are properly prioritized?

Semi-quantitative

What is an operating system called that provides sufficient support for multi-level security and evidence that it meets a set of government regulations?

TOS (Trusted Operating System)

Which software, also known as custom software, is specifically developed for a specific business sector, organization, or individual user?

Tailored commercial

What term best describes using your mobile phone as a wireless access point for your laptop?

Tethering

T/F. In order to enhance collaboration, strong project management initiatives such as PMP or PRINCE2 should be in place.

True

Which of the following is *NOT* a major problem with cookies?

They track the user activity on a web site

What term BEST describes when senior management initiates, supports, and directs changes?

Top-down

A Business Partnership Agreement is conducted between two business partners that establishes the conditions of their relationship?

True

T/F. A Master Service Agreement is an open-ended contract that should be established whenever you are likely to have contractor perform multiple contracts with differing scopes.

True

T/F. A VDI environment, in itself, can make endpoints more secure by storing user data on VDI servers in a datacenter or a public cloud.

True

T/F. A chain of custody is the chronological documentation of the handling, guardianship, control, transfer, examination, and disposition of electronic evidence. True or False?

True

T/F. A major security challenge of the Sales department is that there is often a lot of turnover and transient employees.

True

T/F. An Operating Level Agreement is an internal agreement between departments within an organization that provides the details of the relationship involved between them as they support the organization's business functions.

True

T/F. Before conducting a merger, the value of assets is a determinant for the purposes of risk management. True or False?

True

T/F. Before using a vulnerability scanning tool like Nessus, you should first have an inventory of all physical and virtual assets such as client and ever operating systems, versions/builds, and posture of patches, updates, and security fixes. True or False?

True

T/F. Cyber Security Professions should consult with the human resources team when creating a draft of the new security policy?

True

What specific component provides extensions as enhancements for secure MAC for accounting, role-based access control and auditing of an operating system?

TrustedSolaris

What software testing technique is similar to a validation and acceptance test where features and functionality is tested by customers to meet business needs?

UAT

What is the term for a device that performs many different security functions within the same appliance?

UTM

What is the weakest link in the security of our networks?

Users

What security exploit is characterized by a scenario where a process running in a VM interacts directly with the host OS?

VM escape

What common type of automated tool can scan web applications and look for vulnerabilities like XSS, CSRF, SQL and command injection, and path traversal flaws?

Vulnerability scanner

What technology describes methods and technologies that hide information in images, video, and audio media?

Watermarking

Which type of attack would specifically target your CEO?

Whaling

What type of testing requires considerable implementation and programming knowledge of the application being developed?

White box

What is the list of approved and allowed applications called?

Whitelist

What term best describes the process of only allowing certain applications to be run on an endpoint or to be forwarded through a firewall?

Whitelisting

How quickly should an asset categorized as urgent be restored?

Within 24 hours

Which federation service uses a PEP and a PDP?

XACML

Which feature was originally conceived by IBM as a simple way to change the function and performance of a chip in real time?

eFuse

What is the name of the host-based firewall for Linux?

iptables


Related study sets

BUS 404 Burgender Cal Poly FInal

View Set

Julio-Claudian revision palm cards

View Set

Vocabulary 17: China - The World's Most Populous Country

View Set

Henry VIII and the English Reformation

View Set

which of the following actions done in a substance abused nurse would result in immediate suspension/termination vs must be reported to board of nursing?

View Set