Security + 250 Questions

Ace your homework & exams now with Quizwiz!

Passive tags have ranges from about 1/3 inch to ____ feet. a. 12 c. 19 b. 15 d. 25

19

There are almost ____ different Microsoft Windows file extensions that could contain a virus. a. 50 c. 70 b. 60 d. 80

70

Approximately ____ percent of households in the United States use the Internet for managing their finances. a. 60 c. 80 b. 70 d. 90

80

____ is the probability that a risk will occur in a particular year. a. SLE c. ARO b. ALE d. EF

ARO

The default root directory of the Microsoft Internet Information Services (IIS) Web server is ____. a. /var/www c. /var/html b. C:\Inetpub\ wwwroot d. /etc/var/www

C:\Inetpub\ wwwroot

Using video cameras to transmit a signal to a specific and limited set of receivers is called ____. a. CCTV c. IPTV b. ICTV d. ITV

CCTV

____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected. a. IDS c. LLP b. ADP d. DLP

DLP

When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the ____. a. HTTP c. URNS b. NSDB d. DNS

DNS

The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry. a. DNS spooking c. DNS bonding b. DNS poisoning d. DNS blacklisting

DNS poisoning

____ substitutes DNS addresses so that the computer is automatically redirected to another device. a. DNS poisoning c. DNS marking b. Phishing d. DNS overloading

DNS poisoning

____ is the proportion of an asset's value that is likely to be destroyed by a particular risk. a. SLE c. EF b. ARO d. ER

EF

The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. a. Gramm-Leach-Bliley c. California Database Security Breach b. Sarbanes-Oxley d. USA Patriot

Gramm-Leach-Bliley Security Breach

The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted. a. HTTP header c. XML header b. HTML header d. SSL header

HTTP header

ID badges that can be detected by a proximity reader are often fitted with tiny radio ____ tags. a. wave c. AFID b. pulse d. RFID

RFID

Released in 1995, one of the first tools that was widely used for penetration testing was ____. a. GOPHER c. SATAN b. SAINT d. NESSUS

SATAN

The ____ is the expected monetary loss every time a risk occurs. a. SLE c. ALE b. ARO d. SRE

SLE

____ is a language used to view and manipulate data that is stored in a relational database. a. C c. SQL b. DQL d. ISL

SQL

A(n) ____ encrypts all data that is transmitted between the remote device and the network. a. IKE tunnel c. endpoint b. VPN d. router

VPN

____ is for the transport and storage of data, with the focus on what the data is. a. XML c. SGML b. HTML d. SML

XML

____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user. a. Adware c. Spam b. Keylogger d. Trojan

adware

In information security, a loss can be ____. a. theft of information b. a delay in transmitting information that results in a financial penalty c. the loss of good will or a reputation d. all of the above

all of the above

The ____ for software is the code that can be executed by unauthorized users. a. vulnerability surface c. input surface b. risk profile d. attack surface

attack surface

____ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter. a. Encryption c. Authorization b. Authentication d. Accounting

authentication

A ____ outlines the major security considerations for a system and becomes the starting point for solid security. a. profile c. control b. threat d. baseline

baseline

A ____ outlines the major security considerations for a system and becomes the starting point for solid security. a. reference c. profile b. baseline d. minimum

baseline

A ____ virus infects the Master Boot Record of a hard disk drive. a. file infector c. resident b. companion d. boot

boot

In information security, an example of a threat agent can be ____. a. a force of nature such as a tornado that could destroy computer equipment b. a virus that attacks a computer network c. an unsecured computer network d. both a and b

both a and b

A ____ can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device, while a cable connected to the lock can then be secured to a desk or immobile object. a. U-lock c. shield lock b. safe lock d. cable lock

cable lock

A(n) ____ indicates that no process is listening at this port. a. open port c. closed address b. open address d. closed port

closed port

While the code for a program is being written, it is being analyzed by a ____. a. black box c. white box b. code review d. scanner

code review

A(n) ____ virus adds a program to the operating system that is a malicious copycat version to a legitimate program. a. macro c. boot b. metamorphic d. companion

companion

____ ensures that only authorized parties can view information. a. Security c. Integrity b. Availability d. Confidentiality

confidentiality

____ is defined as a security analysis of the transaction within its approved context. a. Content aggregation c. Content delivery b. Content inspection d. Content management

content inspection

Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____. a. spam c. cybercrime b. phishing d. cyberterrorism

cybercrime

____ are a loose-knit network of attackers, identity thieves, and financial fraudsters. a. Cybercriminals c. Computer spies b. Cyberterrorists d. Hackers

cybercriminals

Business ____ theft involves stealing proprietary business information such as research for a new drug or a list of customers that competitors are eager to acquire. a. identity c. plan b. data d. record

data

A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a ____. a. buffer overflow c. denial of service b. drive-by-download d. stack underflow

drive-by-download

A(n) ____ refers to an undocumented, yet benign, hidden feature, that launches by entering a set of special commands, key combinations, or mouse clicks. a. Trojan horse c. bug b. virus d. Easter egg

easter egg

Securing a restricted area by erecting a barrier is called ____. a. blocking c. fencing b. boundary placement d. moating

fencing

A(n) ____ is hardware or software that is designed to prevent malicious packets from entering or leaving computers. a. IPS c. firewall b. scanner d. honeypot

firewall

____ uses "speckling" and different colors so that no two spam e-mails appear to be the same. a. GIF layering c. Word splitting b. Geometric variance d. Layer variance

geometric variance

____ is an image spam that is divided into multiple images. a. Word splitting c. Layer variance b. Geometric variance d. GIF layering

gif layering

In ____, a virtualized environment is created that simulates the central processing unit (CPU) and memory of the computer. a. heuristic detection c. hybrid detection b. pattern detection d. combination detection

heuristic detection

A ____ is a network set up with intentional vulnerabilities. a. honeynet c. honeycomb b. honeypot d. honey hole

honeynet

A ____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files. a. port scanner c. honeypot b. write blocker d. honeycomb

honeypot

A ____ is a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment. a. switch c. firewall b. router d. hub

hub

A ____ is a series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks. a. rootkit c. program b. macro d. process

macro

An information security ____ position focuses on the administration and management of plans, policies, and people. a. manager c. auditor b. engineer d. inspector

manager

A ____ is designed to separate a nonsecured area from a secured area. a. lockout c. closet b. mantrap d. pit

mantrap

____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks. a. Insourcing c. Outcasting b. Outsourcing d. Inhousing

outsourcing

A ____ virus infects program executable files. a. macro c. companion b. program d. boot sector

program

A(n) ____ is hardware or software that captures packets to decode and analyze its contents. a. application analyzer c. threat profiler b. protocol analyzer d. system analyzer

protocol analyzer

The signal from an ID badge is detected as the owner moves near a ____, which receives the signal. a. proximity reader c. barcode scanner b. mantrap d. magnetic scanner

proximity reader

A ____ is a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user. a. proxy server c. VPN server b. DNS server d. telnet server

proxy server

A ____ attack is similar to a passive man-in-the-middle attack. a. replay c. denial b. hijacking d. buffer overflow

replay

Viruses and worms are said to be self-____. a. duplicating c. copying b. updating d. replicating

replicating

A ____ virus is loaded into random access memory (RAM) each time the computer is turned on and infects files that are opened by the user or the operating system. a. companion c. resident b. file infector d. boot

resident

A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it. a. bollard c. roller barrier b. fence d. top hat

roller barrier

Users who access a Web server are usually restricted to the ____ directory. a. top c. root b. base d. tap

root

A ____ is a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms. a. rootkit c. wrapper b. backdoor d. shield

rootkit

A ____ is a network device that can forward packets across computer networks. a. switch c. bridge b. router d. firewall

router

The position of ____ is generally an entry-level position for a person who has the necessary technical skills. a. security technician c. CISO b. security administrator d. security manager

security technician

In Microsoft Windows, a ____ is a collection of security configuration settings. a. security baseline c. security summary b. security reference d. security template

security template

A ____ is software that is a cumulative package of all security updates plus additional features. a. feature pack c. service pack b. roll-up d. patch

service pack

Layer 5 of the OSI model is the ____ layer. a. Network c. Session b. Data Link d. Presentation

session

____ is an attack in which an attacker attempts to impersonate the user by using his session token. a. Session replay c. Session hijacking b. Session spoofing d. Session blocking

session hijacking

Examining network traffic, activity, transactions, or behavior and looking for well-known patterns is known as ____-based monitoring a. application c. packet b. protocol d. signature

signature

____ is when an attacker tricks users into giving out information or performing a compromising action. a. Phreaking c. Social engineering b. Hacking d. Reverse engineering

social engineering

What is another name for unsolicited e-mail messages? a. spam c. trash b. spawn d. scam

spam

An anti-climb collar is a ____ that extends horizontally for up to 3 feet (1 meter) from the pole to prevent anyone from climbing. a. flat collar c. slippery collar b. spiked collar d. sharp collar

spiked collar

In a(n) ____ infection, a virus injects itself into the program's executable code instead of at the end of the file. a. stealth c. Swiss cheese b. appender d. split

swiss cheese

HTML is a markup language that uses specific ____ embedded in brackets. a. blocks c. taps b. marks d. tags

tags

____ use multiple infrared beams that are aimed across a doorway and positioned so that as a person walks through the doorway some beams are activated. a. Lockout sensors c. Tailgate sensors b. Engineering sensors d. Proximity sensors

tailgate sensors

The end product of a penetration test is the penetration ____. a. test profile c. test system b. test report d. test view

test report

The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur. a. threat mitigation c. risk modeling b. threat profiling d. threat modeling

threat modeling

A ____ is a program advertised as performing one activity but actually does something else. a. script c. Trojan b. virus d. worm

trojan

A computer ____ is malicious computer code that reproduces itself on the same computer. a. virus c. adware b. worm d. spyware

virus

Unlike other malware, a ____ is heavily dependent upon the user for its survival. a. Trojan c. rootkit b. worm d. virus

virus

The two types of malware that have the primary objective of spreading are ____. a. viruses and worms c. Trojans and worms b. rootkits and worms d. rootkits and Trojans

viruses and worms

A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications. a. white box c. replay b. black box d. system

white box

What is the maximum fine for those who wrongfully disclose individually identifiable health information with the intent to sell it? a. $100,000 c. $500,000 b. $250,000 d. $1,000,000

$250,000

The expression ____ up one directory level. a. ;/traverses c. %20/traverses b. ./traverses d. ../ traverses

../traverses

For a Web server's Linux system, the default root directory is typically ____. a. /var/www c. /var/root b. C:\inetpub\wwwroot d. /home/root

/var/www c.

In MD5, the length of a message is padded to ____ bits. a. 32 c. 128 b. 64 d. 512

512

____ involves horizontally separating words, although it is still readable by the human eye. a. Word splitting c. Geometric variance b. GIF layering d. Layer variance

word splitting

____ switches are connected directly to the devices on a network. a. Workgroup c. Core b. Distribution d. Intermediate

workgroup

The SSID can generally be any alphanumeric string from 2 to ___ characters. a. 23 c. 32 b. 28 d. 34

32

According to the Federal Bureau of Investigation (FBI), almost ____ percent of crimes committed today leave behind digital evidence that can be retrieved through computer forensics. a. 65 c. 85 b. 75 d. 95

85

____ is using a single authentication credential that is shared across multiple networks. a. Access management c. Identity management b. Authorization management d. Risk management

identity management

____ is the planning, coordination, communications, and planning functions that are needed in order to resolve an incident in an efficient manner. a. Incident reporting c. Incident planning b. Incident management d. Incident handling

incident handling

____ can be defined as the "framework" and functions required to enable incident response and incident handling within an organization. a. Incident reporting c. Incident handling b. Incident management d. Incident planning

incident management

____ may be defined as the components required to identify, analyze, and contain that incident. a. Vulnerability response c. Risk response b. Incident response d. Threat response

incident response

The term ____ is frequently used to describe the tasks of securing information that is in a digital format. a. network security c. physical security b. information security d. logical security

information security

____ ensures that information is correct and that no unauthorized person or malicious software has altered that data. a. Availability c. Integrity b. Confidentiality d. Identity

integrity

One of the most famous ancient cryptographers was ____. a. Albert Einstein c. Julius Caesar b. Isaac Newton d. Caesar Augustus

julius caesar

____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users. a. Aurora c. CHAP b. Kerberos d. TACACS

kerberos

____ learners learn through a lab environment or other hands-on approaches. a. Visual c. Kinesthetic b. Auditory d. Spatial

kinesthetic

NTRUEncrypt uses ____ cryptography that relies on a set of points in space. a. matrix-based c. linear b. lattice-based d. quantum

lattice-based

____ is a technology that can help to evenly distribute work across a network. a. Stateful packet filtering c. DNS caching b. Load balancing d. DNS poisoning

load balancing

____ can be prewired for electrical power as well as wired network connections. a. Locking cabinets c. Locking drawers b. Fences d. Desks

locking cabinets

Broadcast storms can be prevented with ____. a. spanning tree c. 802.11x b. Dijkstra's algorithm d. loop protection

loop protection

The single most expensive malicious attack was the 2000 ____, which cost an estimated $8.7 billion. a. Nimda c. Love Bug b. Slammer d. Code Red

love bug

____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong. a. Morals c. Standards b. Ethics d. Morays

morals

The most popular attack toolkit, which has almost half of the attacker toolkit market is ____. a. SpyEye c. ZeuS b. NeoSploit d. MPack

mpack

Layer 3 of the OSI model is the ____ layer. a. Network c. Session b. Data Link d. Presentation

network

Routers operate at the ____ Layer. a. Transport c. Presentation b. Application d. Network

network

IP is the protocol that functions primarily at the Open Systems Interconnection (OSI) ____. a. Transport Layer c. Data link Layer b. Network Layer d. Presentation Layer

network layer

Due to the limitations of online guessing, most password attacks today use ____. a. offline cracking c. hash replay b. online cracking d. token replay

offline cracking

The action that is taken by the subject over the object is called a(n) ____. a. authorization c. control b. access d. operation

operation

____ accounts are user accounts that remain active after an employee has left an organization. a. Active c. Orphaned b. Stale d. Fragmented

orphaned

A ____ is a secret combination of letters, numbers, and/or characters that only the user should know. a. token c. biometric detail b. password d. challenge

password

____ certificates are frequently used to secure e-mail transmissions and typically only require the user's name and e-mail address in order to receive this certificate. a. Private digital c. Public digital b. Personal digital d. Server digital

personal digital

____ is text that has no formatting (such as bolding or underlining) applied. a. Plaintext c. Simpletext b. Plain text d. Simple text

plain text

A ____ is a document that outlines specific requirements or rules that must be met. a. procedure c. guideline b. standard d. policy

policy

A ____ is a number divisible only by itself and 1. a. prime number c. compound number b. prime decimal d. neutral number

prime number

A(n) ____ policy outlines how the organization uses personal information it collects. a. VPN c. encryption b. network d. privacy

privacy

____ IP addresses are IP addresses that are not assigned to any specific user or organization. a. Public c. Public domain b. Private d. Private domain

private

Symmetric encryption is also called ____ cryptography. a. private key c. symmetric key b. public key d. shared key

private key

A(n) ____ can also capture transmissions that contain passwords. a. application analyzer c. function analyzer b. system analyzer d. protocol analyzer

protocol analyzer

The ____ provides recommended baseline security requirements for the use and operation of CA, RA, and other PKI components. a. DP c. LP b. CP d. AP

CP

In order to allow untrusted outside users access to resources such as Web servers, most networks employ a ____. a. bastion c. DMZ b. choke d. reduction point

DMZ

The ____ is a database, organized as a hierarchy or tree, of the name of each site on the Internet and its corresponding IP number. a. WINS c. TACACS+ b. NIS d. DNS

DNS

A ____ can create entries in a log for all queries that are received. a. network log c. DNS log b. DHCP log d. proxy log

DNS log

A(n) ____ packet contains a field that indicates the function of the packet and an identifier field used to match requests and responses. a. ICMP c. EAP b. TKIP d. RADIUS

EAP

____ is a framework for transporting authentication protocols instead of the authentication protocol itself. a. PEAP c. SSL b. TKIP d. EAP

EAP

____ was first proposed in the mid-1980s and it uses sloping curves. a. FCC c. ECC b. RSA d. IKE

ECC

____ is an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. a. TACACS c. Kerberos b. RADIUS d. FTP

TACACS

The most common protocol suite used today for local area networks (LANs) as well as the Internet is ____. a. UDP c. TCP/IP b. ASN.1 d. BER

TCP/IP

A user accessing a computer system must present credentials or ____ when logging on to the system. a. access c. token b. authorize d. identification

identification

____ data is the most difficult type of data to capture. a. Volatile c. Non-volatile b. Static d. Persistent

volatile

A security weakness is known as a(n) ____. a. threat c. risk b. vulnerability d. opportunity

vulnerability

A ____ in effect takes a snapshot of the current security of the organization. a. threat analysis c. risk assessment b. vulnerability appraisal d. threat assessment

vulnerability appraisal

A ____ has all of the equipment installed, but does not have active Internet or telecommunications facilities, and does not have current backups of data. a. cold site c. spare site b. hot site d. warm site

warm site

A(n) ____ can block malicious content in "real time" as it appears without first knowing the URL of a dangerous site. a. application gateway c. Web security gateway b. security proxy d. firewall

web security gateway

The SQL injection statement ____ discovers the name of a table. a. whatever%20 AND 1=(SELECT COUNT(*) FROM tabname); -- b. whatever' AND 1=(SELECT COUNT(*) FROM tabname); -- c. whatever; AND 1=(SELECT COUNT(*) FROM tabname); -- d. whatever%; AND 1=(SELECT COUNT(*) FROM tabname); --

whatever' AND 1= (SELECT COUNT(*) FROM tabname); --

The SQL injection statement ____ determines the names of different fields in a database. a. whatever AND email IS NULL; -- c. whatever" AND email IS NULL; -- b. whatever; AND email IS NULL; -- d. whatever' AND email IS NULL; --

whatever' AND email IS NULL; --

The SQL injection statement ____ finds specific users. a. whatever' OR full_name = '%Mia%' b. whatever' OR full_name IS '%Mia%' c. whatever' OR full_name LIKE '%Mia%' d. whatever' OR full_name equals '%Mia%'

whatever' OR full_name LIKE '%Mia%'

The SQL injection statement ____ erases the database table. a. whatever'; DROP TABLE members; -- b. whatever'; DELETE TABLE members; -- c. whatever'; UPDATE TABLE members; -- d. whatever'; RENAME TABLE members; --

whatever'; DROP TABLE MEMBERS; --

____ is a relatively recent cryptographic hash function that has received international recognition and adoption by standards organizations, including the International Organization for Standardization (ISO). a. Twofish c. Whirlpool b. Blowfish d. Rijndal

whirlpool

____ allow a single access point to service different types of users. a. Wireless VPNs c. Wireless multimedia protocols b. Wireless encryption standards d. Wireless VLANs

wireless vlans

When DNS servers exchange information among themselves it is known as a ____. a. resource request c. zone transfer b. zone disarticulation d. zone removal

zone transfer

A(n) ____ is the end of the tunnel between VPN devices. a. endpoint c. server b. client d. proxy

endpoint

Key ____ refers to a process in which keys are managed by a third party, such as a trusted CA. a. escrow c. renewal b. destruction d. management

escrow

A(n) ____ is a set of permissions that are attached to an object. a. ACE c. entity b. DAC d. ACL

ACL

____ is the encryption protocol standard for WPA2. a. AES-CCMP c. AES-TKIP b. AES-CTR d. AES-SCMP

AES-TKIP

A(n) ____ acts as the "base station" for the wireless network. a. AP c. WMM b. endpoint d. ad-hoc peer

AP

DNS poisoning can be prevented by using the latest editions of the DNS software known as ____. a. BIND c. WINS b. DHCP d. finger

BIND

A(n) ____ serves as the trusted third-party agency that is responsible for issuing the digital certificates. a. RA c. CA b. DA d. PA

CA

The ____ model is the least restrictive. a. RBAC c. CAC b. MAC d. DAC

DAC

Entries in the DIB are arranged in a tree structure called the ____. a. DAP c. EAP b. PEAP d. DIT

DIT

The X.500 standard defines a protocol for a client application to access an X.500 directory called ____. a. DIB c. DIT b. DAP d. LDAP

LDAP

____ attacks may allow an attacker to construct LDAP statements based on user input statements. a. SQL injection c. LDAP injection b. Kerberos injection d. RADIUS injection

LDAP injection

The most restrictive access control model is ____. a. Mandatory Access Control c. Discretionary Access Control b. Role Based Access Control d. Rule Based Access Control

MAC

____ takes plaintext of any length and creates a hash 128 bits long. a. RSA c. MD5 b. SHA1 d. MD2

MD2

____ is a technique that allows private IP addresses to be used on the public Internet. a. PAT c. NAPT b. PNAT d. NAT

NAT

____ permits users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site. a. OpenAuth c. SAML b. OAuth d. Kerberos

Oauth

____ networks are typically used for connecting devices on an ad hoc basis for file sharing of audio, video, and data, or real-time data transmission such as telephony traffic. a. Peer c. P2P b. Client-server d. Share

P2P

____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP). a. PAT c. PAN b. NAT d. PNAT

PAT

____ is considered a more flexible EAP scheme because it creates an encrypted channel between the client and the authentication server. a. TKIP c. PEAP b. LEAP d. ICMP

PEAP

The primary function of a(n) ____ is to verify the identity of the individual. a. RA c. DA b. CA d. PA

RA

____ is suitable for what are called "high-volume service control applications" such as dial-in access to a corporate network. a. RADIUS c. FTP b. ICMP d. Telnet

RADIUS

____ pertains only to the last sector of a file. a. Disk slack c. ROM slack b. RAM slack d. Edge slack

RAM slack

The ____ algorithm is the most common asymmetric cryptography algorithm and is the basis for several products. a. AES c. Twofish b. RSA d. Blowfish

RSA

TLS is an extension of ____. a. Telnet c. SSL b. HTTP d. FTP

SSL

The ____ is essentially a chip on the motherboard of the computer that provides cryptographic services. a. TPM c. reference monitor b. SCM d. ODS

TPM

It is possible to segment a network by physical devices grouped into logical units through a(n) ____. a. VLAN c. IP address b. subnets d. MAC address

VLAN

____ are generally considered to be the most important information security policies. a. Acceptable use policies c. Data loss policies b. Encryption policies d. VPN policies

acceptable use policies

A(n) ____ model is a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications. a. accounting c. access control b. user control d. authorization control

access control

____ indicates when an account is no longer active. a. Password expiration c. Last login b. Account expiration d. Account last used

account expiration

Slave devices that are connected to the piconet and are sending transmissions are known as ____ slaves. a. active c. hybrid b. passive d. neutral

active

A(n) ____ approach is the art of helping an adult learn. a. andragogical c. deontological b. pedagogical d. metagogical

andragogical

When a device receives a beacon frame from an AP, the device then sends a frame known as a(n) ____ frame to the AP. a. broadcast SSID c. disassociation request b. association request d. connect request

association request

The basis for a digital signature rests on the ability of ____ keys to work in both directions. a. symmetric c. unique b. shared d. asymmetric

asymmetric

____ encryption uses two keys instead of only one and these keys are mathematically related. a. Symmetric c. Shared b. Asymmetric d. Public key

asymmetric

In a(n) ____ cluster, a standby server exists only to take over for another server in the event of its failure. a. symmetric network c. asymmetric network b. symmetric server d. asymmetric server

asymmetric server

____ learners tend to sit in the middle of the class and learn best through lectures and discussions. a. Visual c. Kinesthetic b. Auditory d. Spatial

auditory

During RADIUS authentication the AP, serving as the authenticator that will accept or reject the wireless device, creates a data packet from this information called the ____. a. accounting request c. verification request b. access request d. authentication request

authentication request

EAP request packets are issued by the ____. a. supplicant c. authentication server b. authenticator d. proxy

authenticator

A(n) ____ backup is an evidence-grade backup because its accuracy meets evidence standards. a. baseline c. logical image b. mirror image d. thin image

baseline

The algorithm ____ is a block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits. a. RSA c. Blowfish b. AES d. 3DES

blowfish

____ is an attack that sends unsolicited messages to Bluetooth-enabled devices. a. Bluesnarfing c. Bluecracking b. Bluejacking d. Bluetalking

bluejacking

____ is an attack that accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers. a. Bluejacking c. Bluesnarfing b. Bluecracking d. Bluetalking

bluesnarfing

With the ____ model, there is one CA that acts as a "facilitator" to interconnect all other CAs. a. bridge trust c. third-party trust b. distributed trust d. transitive trust

bridge trust

____ attack is where every possible combination of letters, numbers, and characters is used to create encrypted passwords. a. Space division c. Known ciphertext b. Brute force d. Known plaintext

brute force

____ is designed to ensure that an organization can continue to function in the event of a natural or man-made disaster. a. Business continuity planning and testing b. Disaster planning c. Business management planning and testing d. Enterprise disaster planning

business continuity planning and testing

Microsoft is Windows ____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy. a. CAPI c. CardSpace b. MAPI d. CryptoAPI

cardspace

To create a rainbow table, each ____ begins with an initial password that is encrypted. a. link c. pass b. chain d. block

chain

The ____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. a. chain of value c. chain of property b. chain of use d. chain of custody

chain of custody

Because the impact of changes can potentially affect all users, and uncoordinated changes can result in security vulnerabilities, many organizations create a(n) ____ to oversee the changes. a. change management team c. security control team b. incident response team d. compliance team

change management team

The set of letters, symbols, and characters that make up the password are known as a ____ set. a. result c. character b. problem d. search

character

A(n) ____ policy is designed to produce a standardized framework for classifying information assets. a. VPN c. privacy b. acceptable use d. classification of information

classification of information

In the ____ cloud computing model, the customer has the highest level of control. a. Cloud Application as a Service c. Cloud Software as a Service b. Cloud Infrastructure as a Service d. Cloud System as a Service

cloud infrastructure as a service

In the ____ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. a. Cloud Application as a Service c. Cloud Software as a Service b. Cloud Infrastructure as a Service d. Cloud System as a Service

cloud software as a service

It is predicted that ____ could become a key element in authentication in the future. a. cognitive biometrics c. reactive biometrics b. standard biometrics d. affective biometrics

cognitive biometrics

____ is related to the perception, thought process, and understanding of the user. a. Standard biometrics c. Cognitive biometrics b. Reactive biometrics d. Affective biometrics

cognitive biometrics

SNMP agents are protected with a password known as a(n) ____ in order to prevent unauthorized users from taking control over a device. a. entity c. MIB b. community string d. OID

community string

If a user typically accesses his bank's Web site from his home computer on nights and weekends, then this information can be used to establish a ____ of typical access. a. usage map c. beachhead b. computer footprint d. system

computer footprint

The ____ response team serves as first responders whenever digital evidence needs to be preserved. a. incident c. risk b. computer forensics d. emergency

computer forensics

____ uses technology to search for computer evidence of a crime, can attempt to retrieve information—even if it has been altered or erased—that can be used in the pursuit of the attacker or criminal. a. Computer forensics c. Vulnerability testing b. Penetration testing d. Risk management

computer forensics

The ____ model is the basis for digital certificates issued to Internet users. a. third-party trust c. managed trust b. related trust d. distributed trust

distributed trust

____ could contain remnants of previously deleted files or data from the format pattern associated with disk storage space that has yet to be used by the computer. a. RAM slack c. Drive file slack b. Edge slack d. Sector slack

drive file slack

____ is the time it takes for a key to be pressed and then released. a. Dwell time c. Sync time b. Lead time d. Show time

dwell time

____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments. a. Values c. Ethics b. Morals d. Standards

ethics

An ____ is an AP that is set up by an attacker. a. active twin c. internal replica b. authorized twin d. evil twin

evil twin

At the ____ stage of the certificate life cycle, the certificate can no longer be used. a. creation c. revocation b. suspension d. expiration

expiration

A ____ is a metallic enclosure that prevents the entry or escape of an electromagnetic field. a. bollard c. Faraday cage b. mantrap d. Newton cage

faraday cage

Windows Live ID was originally designed as a ____ system that would be used by a wide variety of Web servers. a. federated identity management c. central identity management b. liberated identity management d. distributed identity management

federated identity management

____ can be used to determine whether new IP addresses are attempting to probe the network. a. DNS logs c. DHCP logs b. Firewall logs d. Proxy logs

firewall logs

A ____ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack. a. flood guard c. link guard b. protocol guard d. frame guard

flood guard

In the UAC dialog boxes, the color ____ indicates the lowest risk. a. red c. yellow b. gray d. green

gray

A ____ is a collection of suggestions that should be implemented. a. security policy c. guideline b. baseline d. security procedure

guideline

The most basic type of cryptographic algorithm is a ____ algorithm. a. hash c. digest b. key d. block

hash

____ can be used to ensure the integrity of a file by guaranteeing that no one has tampered with it. a. Blocking c. Encrypting b. Hashing d. Cloning

hashing

The weakness of passwords centers on ____. a. human memory c. handshake technology b. encryption technology d. human reliability

human memory

The ____ attack will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters such as @, $, !, or %. a. brute force c. network replay b. hash replay d. hybrid

hybrid

Server virtualization typically relies on the ____, which is software that runs on a physical computer to manage one or more virtual machine operating systems. a. kernel c. hypercard b. supervisor d. hypervisor

hypervisor

____ involves public-key cryptography standards, trust models, and key management. a. Public key infrastructure c. Private key infrastructure b. Network key infrastructure d. Shared key infrastructure

public key infrastructure

____ attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys as well as to detect eavesdropping. a. Reactive cryptography c. Analog cryptography b. Symmetric cryptography d. Quantum cryptography

quantum crytography

Although brute force and dictionary attacks were once the primary tools used by attackers to crack an encrypted password, today attackers usually prefer ____. a. rainbow tables c. offline cracking b. online cracking d. cascade tables

rainbow tables

____ provides remote users with the same access and functionality as local users through a VPN or dial-up connection. a. Extranet c. Intranet b. Remote access d. Virtual access

remote access

At the ____ stage of the certificate life cycle, the certificate is no longer valid. a. creation c. revocation b. suspension d. expiration

revocation

At the heart of information security is the concept of ____. a. threat c. risk b. mitigation d. management

risk

A ____ access point is an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks. a. random c. rogue b. sanctioned d. legitimate

rogue

A user under Role Based Access Control can be assigned only one ____. a. role c. label b. group d. access list

role

____ is considered a more "real world" access control than the other models because the access is based on a user's job function within an organization. a. Role Based Access Control c. Discretionary Access Control b. Rule Based Access Control d. Mandatory Access Control

role based access control

A ____ forwards packets across computer networks. a. bridge c. switch b. router d. hub

router

____ is often used for managing user access to one or more systems. a. Role Based Access Control c. Rule Based Access Control b. Mandatory Access Control d. Discretionary Access Control

rule based access control

A group of piconets in which connections exist between different piconets is called a ____. a. broadnet c. boundnet b. honeynet d. scatternet

scatternet

A ____ is a written document that states how an organization plans to protect the company's information technology assets. a. security policy c. security procedure b. guideline d. standard

security policy

A policy that addresses security as it relates to human resources is known as a(n) ____ policy. a. VPN c. security-related human resource b. acceptable use d. technical

security related human resource

____ requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals. a. Separation of duties c. Mandatory vacation b. Job rotation d. Role reversal

separation of duties

A ____ is a service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service. a. service level agreement c. recovery time objective b. recovery point objective d. service point agreement

service level agreement

A ____ is a component or entity in a system which, if it no longer functions, will disable the entire system. a. recovery site c. single point of failure b. recovery point d. cascade point of failure

single point of failure

The Web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or school contacts are called ____ sites. a. social networking c. social management b. social engineering d. social control

social networking

____ accepts spoken words for input as if they had been typed on the keyboard. a. Text recognition c. Linguistic recognition b. Speech differentiation d. Speech recognition

speech recognition

____ can use fingerprints or other unique characteristics of a person's face, hands, or eyes (irises and retinas) to authenticate a user. a. Cognitive biometrics c. Standard biometrics b. Reactive biometrics d. Affective biometrics

standard biometrics

A user or a process functioning on behalf of the user that attempts to access an object is known as the ____. a. subject c. entity b. reference monitor d. label

subject

____ can protect the confidentiality of an e-mail message by ensuring that no one has read it. a. Public encryption c. Asymmetric encryption b. Standard encryption d. Symmetric encryption

symmetric encryption

Each operation in a computing environment starts with a ____. a. system call c. hardware instruction b. unit call d. system exception

system call

A ____ is a snapshot of the current state of the computer that contains all current settings and data. a. system standard c. system image b. system view d. system baseline

system image

A ____ trust refers to a situation in which two individuals trust each other because each trusts a third party. a. web of c. third-party b. mutual d. distributed

third-party

TCP is the main ____ protocol that is responsible for establishing connections and the reliable data transport between devices. a. Application Layer c. Network Layer b. Presentation Layer d. Transport Layer

transport layer

A ____ cipher rearranges letters without changing them. a. substitution c. loop b. block d. transposition

transposition

An operating system that has been reengineered so that it is designed to be secure from the ground up is known as a ____. a. reference monitor c. system monitor b. transaction monitor d. trusted OS

trusted OS

A(n) ____ is a device that maintains power to equipment in the event of an interruption in the primary electrical power source. a. uninterruptible power supply c. uninterruptible system supply b. redundant power supply d. replica power supply

uninterruptible power supply

____ are a person's fundamental beliefs and principles used to define what is good, right, and just. a. Morals c. Ethics b. Values d. Standards

values

____ is a form of eavesdropping in which special equipment is used to pick up telecommunication signals or data within a computer device by monitoring the electromagnetic fields. a. Newton phreaking c. Van Zek hacking b. Van Eck phreaking d. EMF phreaking

van eck phreaking

____ is a means of managing and presenting computer resources by function without regard to their physical layout or location. a. Portability c. Availability b. Virtualization d. Migration assistance

virtualization

____ learners learn through taking notes, being at the front of the class, and watching presentations. a. Kinesthetic c. Spatial b. Auditory d. Visual

visual

A ____ allows scattered users to be logically grouped together even though they may be attached to different switches. a. subnet c. DMZ b. broadcast domain d. VLAN

vlan


Related study sets