A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing?
Click the card to flip 👆
1 / 72
Terms in this set (72)
Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user.
In this example, what protection does the hashing activity provide?
Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.)The constant change in personal habits and passwords to prevent anticipated events and exploitation. Randomness Diversifying layers of defense. Variety Giving users only the access they need to do their job and nothing more. Principle of least privilege Implementing multiple security measures to protect the same asset. Layering Eliminating single points of failure. Layering Giving groups only the access they need to do their job and nothing more. Principle of least privilegeThe IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: Create and follow onboarding and off-boarding procedures Employ the principal of least privilege Have appropriate physical security controls in place Which type of threat actor do these steps guard against?InsiderA script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks?Keep systems up-to-date and use standard security practices.Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.)Stealing information. Exploitation Preparing a computer to perform additional tasks in the attack. Staging Crashing systems. Exploitation Gathering system hardware information. Reconnaissance Penetrating system defenses to gain unauthorized access. Breaching Configuring additional rights to do more than breach the system. Escalating privilegesWhich of the following is the best definition of the term hacker?A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?HacktivistWhich of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth?Layered securityDrag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.)Includes fences, door locks, mantraps, turnstiles, device locks, and server cages. Physical Includes each individual workstation, laptop, and mobile device. Host Includes authentication and authorization, user management, and group policies. Application Includes cameras, motion detectors, and even environmental controls. Physical Includes implementation of VLANs, penetration testing, and the utilization of virtualization. NetworkWhich of the following is the single greatest threat to network security?EmployeesDrag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.)Includes OS hardening, patch management, malware, and password attacks Host Includes how to manage employee onboarding and off-boarding Policies, Procedures, and Awareness Includes cryptography and secure transmissions Data Includes user education and manageable network plans Policies, Procedures, and Awareness Includes firewalls using ACLs and securing the wireless network PerimeterWhich of the following reduce the risk of a threat agent being able to exploit a vulnerability?CountermeasuresWhich type of media preparation is sufficient for media that will be reused in a different security contexts within your organization?SanitizationWhich of the following is an example of privilege escalation?Creeping privilegesWhich security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?Separation of dutiesYou assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with?Principle of least privilegeAn access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list?Implicit denyYou want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal?Separation of dutiesYou are concerned that the accountant in your organization might have the chance to modify financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which security principle are you implementing by periodically shifting accounting responsibilities?Job rotationYou want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use?Explicit allow, implicit denyWhich of the following principles is implemented in a mandatory access control model to determine object access by classification level?Need to knowWhat is the primary purpose of separation of duties?Prevent conflicts of interestSeparation of duties is an example of which type of access control?PreventiveNeed to know access is required to access which types of resources?Compartmentalized resourcesWhen a cryptographic system is used to protect the data confidentiality, what actually takes place?Unauthorized users are prevented from viewing or accessing the resourceWhich type of cipher changes the position of the characters in a plain text message?TranspositionWhich is the cryptography mechanism that hides secret communications within various forms of data?SteganographyWhich of the following is not a valid example of steganography?Encrypting a data file with an encryption keyWhich of the following algorithms combines a random value with plain text to produce cipher text?One-time padWhat is the cryptography method of recovering original data that has been encrypted without having access to the key used in the encryption process.CryptanalysisYou want to examine the data on your network to find out if any of the following are happening: Users are connecting to unauthorized websites Cleartext passwords are allowed by protocols or services Unencrypted traffic that contains sensitive data is on the network Which of the following tools would you use?Protocol analyzerYou are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?Configure the network interface to use promiscuous modeWhich of the following tools would you use to validate the bandwidth on your network and identify when the bandwidth is significantly below what it should be?Throughput testerWhich of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email?Load testerWhich of the following accurately describes what a protocol analyzer is used for? (Select two.)A passive device that is used to copy frames and allow you to view frame contents. A device that does not allow you to capture, modify, and retransmit frames (to perform an attack).After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?Back up all logs and audits regarding the incidentWhich of the following is an important aspect of evidence gathering?Backing up all log files and audit trailsDuring a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence?Disconnect the access point from the networkYou have discovered a computer that is connected to your network and was used for an attack. You have disconnected the computer from the network to isolate it and stop the attack. What should you do next?Perform a memory dumpYou are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?Document what's on the screenWhich method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?HashingWhen duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate?Bit-level cloningHow can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?Create a checksum using a hashing algorithmYou manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first?Make a bit-level copy of the diskWhat is the best definition of a security incident?Violation of a security policyWhat is the most important element related to evidence in addition to the evidence itself?Chain of custody documentThe chain of custody is used for which purposes?Listing people coming into contact with evidenceYou have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?Chain of custodyWhich of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client?Service level agreementHIPAA is a set of federal regulations that define security guidelines. What do HIPAA guidelines protect?PrivacyWhat is a service level agreement (SLA)?A guarantee of a specific level of serviceA Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.)Detailed provider responsibilities for all continuity and disaster recovery mechanisms. Correct Answer: Clear and detailed descriptions of penalties if the level of service is not provided.You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?Change managementWhen you inform an employee that they are being terminated, what is the most important activity?Disabling their network accessWhat is the most effective way to improve or enforce security in any environment?Providing user-awareness trainingYou have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent data extraction from the discs?Shred the disksWhich of the following best describes the concept of due care or due diligence?Reasonable precautions based on industry best practices are utilized and documented.Which of the following is an example of a strong password?a8bT11$yiWhich of the following is a recommendation to use when a specific standard or procedure does not exist?GuidelineWhich of the following is the best protection against security violations?Defense in-depthWhat is the primary purpose of source code escrow?To obtain change rights over software after the vendor goes out of businessChange control should be used to oversee and manage changes over what aspect of an organization?Every aspectYou have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you be legally required to do?Contact your customers to let them know about the security breach