Exam Review

Ace your homework & exams now with Quizwiz!

A major organization in the tracking and reporting of common computer and network security problems is ___________________.

CERT

Which of the following is a passive method of threat response?

Logging the event

The TCP protocol functions at which layer of the TCP/IP model?

Host to Host

A ___________________ is a backup location that can provide services within hours of complete system failure.

Hot Site

A ___________________ is a repair made while the system being repaired remains in operation.

Hotfix

Which of the following is NOT a routing protocol?

ICMP

A ___________________is the term for an area in a building where access is individually monitored and controlled.

Security Zone

According to the TCP/IP model, HTTP functions at which layer?

Application

Which of the following is NOT necessary to back up?

Applications

Which access control method model allows the owner of a resource to grant privileges to information they own?

DAC

Which access control model is a static model that uses predefined access privileges for resources that are assigned by the administrator?

MAC

Which type of risk strategy is undertaken when you attempt to reduce the risk?

Mitigation

Which U.S. government agency is responsible for creating and breaking codes?

NSA

A ___________________ is used to provide EMI and RFI shielding for an entire room of computer or electronic equipment (also used to prevent eavesdropping).

Faraday Cage

Which of the following devices are the first line of defense for networks connected to the Internet?

Firewalls

The __________ backup method is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly?

GFS

Which PKCS standard is the standard for password-based cryptography?

PKCS #5

A firewall operating as a _____________ will pass or block packets based on their application or TCP port number.

Packet Filter

Locking the door(s) to the server room involves what kind of security?

Physical

___________________ provide rules for expected behaviors to people in an organization.

Policies

Which access control method model grants rights or privileges based on their job function or position held?

RBAC

USB Ports

To prevent files from being copied on a workstation to removable media, you should disable which ports?

Which fire extinguisher type is the best to be used on computer equipment in the case of a computer fire?

Type C

Which hypervisor model needs the operating system to be up and cannot boot until it is?

Type II

To prevent files from being copied on a workstation to removable media, you should disable which ports?

USB

Which of the following is NOT one of the cloud delivery models recognized by NIST?

Unlisted

If you wanted to connect two networks securely over the Internet, what type of technology could you use?

VPN

___________________ is the security layer for wireless 802.11 connections using WAP.

WTLS

"Full disclosure testing" is more often known as which of the following?

White Box

How many channels does the 802.11 standard define?

14

What TCP port does Telnet use?

23

What TCP port does HTTP use?

80

Computer room humidity should ideally be kept above ___________________ percent.

Above 50

Which of the following is an attack where a program or service is places on a server to bypass normal security procedures?

Back Door

A ___________________ security device uses some biological characteristic of human beings to uniquely identify a person for authentication.

Biometric

Which method of code breaking tries every possible combination of characters in an attempt to "guess" the password or key?

Brute Force

Individuals who specialize in the making of codes are known as ___________________.

Cryptographers

You are administrator of the sybex.com website. You are working when suddenly web server and network utilization spikes to 100% and stays there for several minutes and users start reporting "Server not available" errors. You may have been the victim of what kind of attack?

DoS

Servers or computers that have two NIC cards, each connected to separate networks, are known as what type of computers?

Dual-homed

Which of the following Evaluation Assurance Levels (EAL) specifies that the user wants assurance that the system will operate correctly, but threats to security are not viewed as serious?

EAL 1

Which of the following Evaluation Assurance Levels (EAL) is the common security benchmark for commercial systems?

EAL 4

Which of the following is an IPsec header used to provide a mix of security services in IPv4 and IPv6?

ESP

Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit?

Evil Twin

Which of the following is a series of standards that define procedures for implementing electronically secure industrial automation and control systems?

ISA/IEC-62443

_______ are used to monitor a network for suspect activity.

Intrustion Detection System

Which authentication method uses a Key Distribution Center (KCD)?

Kerberos

Which hashing algorithm uses a 160-bit hash value?

SHA

Which encryption/security measure, originally developed by Netscape, is used to establish a secure, lower-layer communication connection between two TCP/IP-based machines?

SSL

Which kind of security attack is a result of the trusting nature of human beings?

Social Engineering

What kind of cryptographic method replaces one character with another from a "match-up list" to produce the ciphertext? The decoder wheels kids get in cereal boxes often make this kind of cryptography.

Substitution Cipher

Which of the following is an internal threat?

System Failure

Which remote access protocol, implemented almost exclusively by Cisco, is a central server providing remote access usernames that dial-up users can use for authentication.

TACACS+

The area of an application that is available to users (those whoa re authenticated as well as those who are not) is known as its:

attack surface

Which organization is tasked with developing standards for, and tries to improve, the internet.

IETF

Which of the following provides continuous online backup by using optical or tape jukeboxes?

HSM

A _______ is a system designed to fool attackers into thinking a system in unsecured so they will attack it. Then the "victim" will learn their attack methods without compromising a live system.

Honey Pot

You have taken out an insurance policy on your data/systems to share some of the risk with another entity. What type of risk strategy is this?

Transference

Which "X." standard defines certificate formats and fields for public keys?

X.509

Which of the following is NOT one of the three cloud service models recognized by the NIST?

XaaS

Which encryption algorithm uses a 40 to 128-bit key and is used on many products from Microsoft and IBM?

CAST


Related study sets

macroeconomics chapters 8&10 review problems

View Set

CompTIA 220-1001 Core 1 A+ Course Notes

View Set

Chapter 3 - Small Business Environment - Managing External Relations

View Set

Analysis of Social Problems CH 2

View Set

Chapter 26 Respiratory Function - PrepU questions

View Set

Chapter 10 The t Test for Two Independent Samples

View Set