cybersecurity final(4th)

Ace your homework & exams now with Quizwiz!

If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?

CFAA

A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.)

Administrators can approve or deny patches., Updates can be forced on systems immediately., Updates cannot be circumvented.

What is the difference between an HIDS and a firewall?

An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.

Which service will resolve a specific web address into an IP address of the destination web server?

DNS

A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.)

Disable CD and USB access., Use content filtering., Provide security awareness training.

A consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.)

Disable administrative rights for users., Enable screen lockout., Enable automated antivirus scans.

An organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.)

Disable ping, probing, and port scanning., Test inbound and outbound traffic., Update devices with security fixes and patches.

Why is Kali Linux a popular choice in testing the network security of an organization?

It is an open source Linux security distribution and contains over 300 tools.

Unauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)

Establish policies and procedures for guests visiting the building., Conduct security awareness training regularly.

A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?

FERPA

As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?

GLBA

What are two items that can be found on the Internet Storm Center website? (Choose two.)

InfoSec reports, InfoSec job postings

Companies may have different operation centers that handle different issues with the IT operations. If an issue is related to network infrastructure, what operation center would be responsible?

NOC

What can be used to rate threats by an impact score to emphasize important vulnerabilities?

NVD

A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection?

PCI DSS

After a security audit for an organization, multiple accounts were found to have privileged access to systems and devices. Which three best practices for securing privileged accounts should be included in the audit report? (Choose three.)

Reduce the number of privileged accounts., Secure password storage., Enforce the principle of least privilege.

A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done?

Remove unnecessary programs and services.

A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software?

SaaS

An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use?

Secure Shell

Why should WEP not be used in wireless networks today?

easily crackable

Which three items are malware? (Choose three.)

Trojan horse, virus, keylogger

A company wants to implement biometric access to its data center. The company is concerned with people being able to circumvent the system by being falsely accepted as legitimate users. What type of error is false acceptance?

Type II

The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation?

VPN

A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities?

a baseline

The CIO wants to secure data on company laptops by implementing file encryption. The technician determines the best method is to encrypt each hard drive using Windows BitLocker. Which two things are needed to implement this solution? (Choose two.)

at least two volumes, TPM

The manager of a department suspects someone is trying to break into computers at night. You are asked to find out if this is the case. What logging would you enable?

audit

A user calls the help desk complaining that an application was installed on the computer and the application cannot connect to the Internet. There are no antivirus warnings and the user can browse the Internet. What is the most likely cause of the problem?

computer firewall

What are two potential threats to applications? (Choose two.)

data loss, unauthorized access

What are the three broad categories for information security positions? (Choose three.)

definers, builders, monitors

The manager of desktop support wants to minimize downtime for workstations that crash or have other software-related issues. What are three advantages of using disk cloning? (Choose three.)

easier to deploy new computers within the organization, can provide a full system backup, ensures a clean imaged machine

As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?

laws governing the data

Why is WPA2 better than WPA?

mandatory use of AES algorithms

What are three disclosure exemptions that pertain to the FOIA? (Choose three.)

national security and foreign policy information, confidential business information, law enforcement records that implicate one of a set of enumerated concerns

What three services does CERT provide? (Choose three.)

resolve software vulnerabilities, develop tools, products, and methods to analyze vulnerabilities, develop tools, products, and methods to conduct forensic examinations

A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?

rogue access point

An intern has started working in the support group. One duty is to set local policy for passwords on the workstations. What tool would be best to use?

secpol.msc

What are three types of power issues that a technician should be concerned about? (Choose three.)

spike, brownout, blackout

A user makes a request to implement a patch management service for a company. As part of the requisition the user needs to provide justification for the request. What three reasons can the user use to justify the request? (Choose three.)

the ability to obtain reports on systems, the ability to control when updates occur, no opportunities for users to circumvent updates

An auditor is asked to assess the LAN of a company for potential threats. What are three potential threats the auditor may point out? (Choose three.)

unlocked access to network equipment, unauthorized port scanning and network probing, a misconfigured firewall

A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?

vulnerability scanner


Related study sets

Chapter 09 Examination and treatment Areas

View Set

NUR3010: CHAPTER 8- PREPU QUIZZES

View Set

Evolve: Cardiovascular, Perfusion EAQ, Cardiovascular EAQ

View Set

Chapter 18: Peri-Op Nursing Care

View Set