For Amy To reuse

Created by AmyAyers 

Upgrade to
remove ads

All of the following provide confidentiality protection as part of the underlying protocol EXCEPT:
A. SSL.
B. SSH.
C. L2TP.
D. IPSeC.

C. L2TP

Which of the following allows an attacker to manipulate files by using the least significant bit(s) tosecretly embed data?A. SteganographyB. WormC. Trojan horseD. Virus

A. Steganography

Which of the following type of attacks would allow an attacker to capture HTTP requests and sendback a spoofed page?
A. Teardrop
B. TCP/IP hijacking
C. Phishing
D. Replay

B. TCP/IP hijacking

How should a company test the integrity of its backup data?
A. By conducting another backup
B. By using software to recover deleted files
C. By restoring part of the backup
D. By reviewing the written procedures

C. By restoring part of the backup

Which of following can BEST be used to determine the topology of a network and discover unknown devices?
A. Vulnerability scanner
B. NIPS
C. Protocol analyzer
D. Network mapper

D. Netowork Mapper

When should a technician perform penetration testing?
A. When the technician suspects that weak passwords exist on the network
B. When the technician is trying to guess passwords on a network
C. When the technician has permission from the owner of the network
D. When the technician is war driving and trying to gain access

C. When the technician has permission from the owner of the network

An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in a spam real-time blocklist. Which of the following is wrong with the server?
A. SMTP open relaying is enable D.
B. It does not have a spam filter.
C. The amount of sessions needs to be limited.
D. The public IP address is incorrect.

A. SMTP open relaying is enableD

Which of the following is MOST efficient for encrypting large amounts of data?
A. Hashing algorithms
B. Symmetric key algorithms
C. Asymmetric key algorithms
D. ECC algorithms

B. Symmetric key algorithms

Which of the following BEST describes ARP?
A. Discovering the IP address of a device from the MAC address
B. Discovering the IP address of a device from the DNS name
C. Discovering the MAC address of a device from the IP address
D. Discovering the DNS name of a device from the IP address

B. War driving

Which of the following BEST describes ARP?
A. Discovering the IP address of a device from the MAC address
B. Discovering the IP address of a device from the DNS name
C. Discovering the MAC address of a device from the IP address
D. Discovering the DNS name of a device from the IP address

C. Discovering the MAC address of a device from the IP address

Which of the following would be BEST to use to apply corporate security settings to a device?
A. A security patch
B. A security hotfix
C. An OS service pack
D. A security template

D. A security template

Which of the following are not valid access control mechanisms?
A. MAC
B. SAC
C. DAC
D. RBAC

B. SAC

Access control mechanism in which access is granted based on the responsibilities an individual user or process has in an organization?
A. MAC
B. SAC
C. DAC
D. RBAC

D. RBAC (Role Based Access Control)

Access control mechanism that allows the data owner to create and administer access control?
A. MAC
B. SAC
C. DAC
D. RBAC

C. DAC (Discretionary Access Control)

What is the primary flaw in the DAC model?

DAC (Discretionary Access Control) relies on the ID of the user or process, leaving room for a Trojan Horse.

Which Access Control methods provide the most granular access to objects?
A. Capabilities
B. Access Control Lists
C. Permission bits
D. Profiles

B. Access Control Lists

Owner: Read, Write, Execute, User A: Read, Write. User B: none Sales: Read Marketing: Read, Write. User B is in Sales, what effective perms does he have?

User B has no permissions on the file. Individual permissions override group permissions.

Which are examples of RBAC?
A. File, Printer, mailbox roles
B. Sales, marketing, production
C. User and workstation access roles

B. Sales, marketing, and production

With DAC access controls each object has an owner, which has full control over the object. (True or False)

TRUE

Which of the following are used to make access decisions in MAC?
A. Access Control Lists
B. Ownership
C. Group Membership
D. Sensitivity Labels

D. Sensitivity Labels

Which Access Control methods allow access control based on security labels associated with each data item and each user? A. MAC B. RBAC C. DAC D. SAC

A. MAC (Mandatory Access Control)

Which Access Control methods allow access control based on security labels associated with each data item and each user?
A. MAC
B. RBAC
C. DAC
D. SAC

A. MAC (Mandatory Access Control)

One characteristic of MAC is that it uses levels of security to classify users and data. (True/False)

TRUE

Which of the following terms best represents MAC?
A. Lattice
B. Bell La-Padula
C. BIBA
D. Clark and Wilson

A. Lattice

Which of the following passwords generators is based on challenge-response?
A) asymmetric
B) symmetric
C) cryptographic keys
D) smart cards

A) asymmetric

Which password system provides for large numbers of users?
A) self service password resets
B) locally saved passwords
C) multiple access methods

A) self service password resets

Which of the following provide the best protection against an intercepted password?
A. VPN
B. PPTP
C. One time password
D. Complex password requirement

C. One Time Password Requirement

A system generates a random challenge string that the user enters when prompted along with the PIN is an example of a __________________ session.

Challenge-Response

What must be present for Kerberos to work?
A) Time synchronization services only
B)Token Authentication devices
C)Time synchronization services for client and servers.

C)Time synchronization services for clients and servers

Why are clocks used in Kerberos systems?
A) Ensure proper connections
B) Ensure tickets expire
C) To generate seed value for encryption keys

B) To ensure tickets expire correctly

What should be considered when using Kerberos?
A) Tickets can be spoofed
B) It requires a central managed database of user/resource passwords

B) It requires a centrally managed database of all user and resource passwords

Which protocol is used to ensure only encrypted passwords are used during authentication?
A. PPTP
B. SMTP
C. Kerberos
D. CHAP

D. CHAP (Challenge Handshake Authentication Protocol) is used to encrypt passwords

What are the main components of a Kerberos server?

Authentication server, security database, and privilege server

When does CHAP perform the handshake process?
A. When establishing a connection and anytime after it's established
B. only when making a connection?

A. When establishing a connection and anytime after it is established (Challenge Handshake Authentication Protocol

For which of the following can Biometrics be used?
A. Accountability
B. Certification
C. Authorization
D. Authentication

D. Authentication

Which is the most costly method of Authentication?
A. Passwords
B. Tokens
C. Biometrics
D. Shared Secrets

C. Biometrics

All of the following provide confidentiality protection as part of the underlying protocol EXCEPT:
A. SSL.
B. SSH.
C. L2TP.
D. IPSeC.

C. L2TP

Which of the following allows an attacker to manipulate files by using the least significant bit(s) tosecretly embed data?
A. Steganography
B. Worm
C. Trojan horse
D. Virus

A. Steganography

Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?
A. Teardrop
B. TCP/IP hijacking
C. Phishing
D. Replay

B. TCP/IP hijacking

How should a company test the integrity of its backup data?
A. By conducting another backup
B. By using software to recover deleted files
C. By restoring part of the backup
D. By reviewing the written procedures

C. By restoring part of the backup

Which of following can BEST be used to determine the topology of a network and discover unknown devices?
A. Vulnerability scanner
B. NIPS
C. Protocol analyzer
D. Network mapper

D. Network Mapper

Which of the following is MOST efficient for encrypting large amounts of data?
A. Hashing algorithms
B. Symmetric key algorithms
C. Asymmetric key algorithms
D. ECC algorithms

B. Symmetric key algorithms

Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points?
A. Rogue access points
B. War driving
C. Weak encryption
D. Session hijacking

B. War driving

Which of the following would be BEST to use to apply corporate security settings to a device?
A. A security patch
B. A security hotfix
C. An OS service pack
D. A security template

D. A security template

In computer networking, _________ is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.

L2TP (Layer 2 Tunneling Protocol)

_____________ is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service.

RADIUS (Remote Authentication Dial In User Service)

The _____________ is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

DNS (Domain Name System)

The _______________ is an auto configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. It allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address.

DHCP (Dynamic Host Configuration Protocol)

A _____ is an electronic device that intercepts signals on a computer network. It determines where the signals have to go. Each signal it receives is called a data packet. The packet contains address information that it uses to divert signals appropriately.

Router

The ________ is a computer networking protocol for determining a network host's Link Layer or hardware address when only it's Internet Layer (IP) or Network Layer address is known. This function is critical in local area networking as well as for routing internet working traffic across gateways (routers) based on IP addresses when the next-hop router must be determined.

ARP (Address Resolution Protocol)

The __________ , is a data link protocol commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption privacy, and compression.

PPP (Point-to-Point Protocol)

________ is a networking protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web.

HTTP (Hypertext Transfer Protocol)

________ is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.

IPSec (Internet Protocol Security)

____________ allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network.

TACACS (Terminal Access Control Access-Control System)

Uses ONE KEY; shared FAST CONFIDENTIALITY (e.g., DES, 3DES, AES, IDEA, Blowfish, Twofish, RC4, RC5, RC6, CAST)

Symmetric

Uses KEY PAIR SLOWER CONFIDENTIALITY, AUTHORIZATION, & NON-REPUDIATION (PUBLIC KEY ALGORITHMS)

Asymmetric

System event logs will document any unsuccessful events and the most significant successful events.

True

A baseline is a reference set of data against which operational data is compared.

TRUE

System event logs cannot help identify performance issues and determine what additional resources can be added to address these issues.

FALSE

Permissions inheritance becomes less complicated with GPOs.

FALSE

A decentralized organizational structure for privilege management delegates the authority for assigning or revoking privileges more closely to the geographic location or end user.

TRUE

With most symmetric ciphers, the final step is to combine the cipher stream with the plaintext to create the ciphertext.

TRUE

____ is essentially a chip on the motherboard of the computer that provides cryptographic services.

TPM

Although hashing is considered a cryptographic algorithm, its function is not to create a ciphertext that can later be decrypted by the receiving party.

TRUE

DES is approximately 100 times faster than RSA in software and between 1,000 and 10,000 times as fast in hardware.

TRUE

Hashing is the same as creating a checksum.

FALSE

Plaintext is text that has no formatting (such as bolding or underlining) applied.

FALSE

Instead of letting a key expire and then creating a new key, an existing key can be renewed.

TRUE

A CA can be external to the organization, such as a commercial CA that charges for the service, or it can be a CA internal to the organization that provides this service to employees.

TRUE

In an X.509 system, the CA cannot issue a certificate binding a public key to a unique name or to an alternate identifier such as a DNS entry or e-mail address.

FALSE

Trust may be defined as confidence in or reliance on another person or entity.

TRUE

One of the most common e-mail transport protocols is ____.

S/MIME

Direct trust is only feasible when dealing with multiple users who each have digital certificates.

FALSE

Symmetric server clusters cannot be used in environments in which the primary server is for a particular set of applications.

FALSE

It is rare for electromagnetic fields to "leak" out from wired network cables, since the insulation and shielding that covers a copper cable are intended to prevent this.

FALSE

Fire suppression is an important concern for the safety of employees and business continuity.

TRUE

____ is the application of science to questions that are of interest to the legal profession.

forensics

D2D offers better RPO than tape because recording to hard disks is faster than recording to magnetic tape, and therefore has an excellent RTO.

TRUE

Mirror image backups are not considered a primary key to uncovering evidence because they cannot create exact replicas of the crime scene.

FALSE

____ relies on tricking and deceiving someone to provide secure information.

social engineering

The ethics of decisions and actions is defined individually, not by a group.

FALSE

Security policies should be at least 10 pages long in order to be effective.

FALSE

Acceptable use policies are generally considered to be the most important information security policies.

TRUE

____ are a person's fundamental beliefs and principles used to define what is good, right, and just.

values

A security policy attempts to provide the right amount of trust by balancing no trust and too much trust.

TRUE

One of the key policies in an organization is a security policy.

TRUE

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set