Combo with ;study5; and 3 others – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
answer
False Negative
question
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
answer
DAC (Discretionary Access Control)
question
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
answer
Identity
question
Which of the following is not an important aspect of password management?
answer
Enable account lockout
question
Which access control model manages rights and permissions based on job descriptions and responsibilities?
answer
Role Based Access Control
question
What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
answer
User ACL
question
What is the most important aspect of a biometric device?
answer
Accuracy
question
A device which is synchronized to an authentication server is which type of authentication?
answer
Synchronous token
question
Which of the following is the term for the process of validating a subject's identity?
answer
Authentication
question
Which of the following are requirements to deploy Kerberos on a network? (Select two)
answer
-A centralized database of users and passwords -Time synchronization between devices
question
Which of the following is not used to oversee and/or improve the security performance of employees?
answer
Exit Interviews
question
Which form of authentication solution employs a hashed form of the user's password that has an added time stamp as a form of identity?
answer
Kerberos
question
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
answer
Separation of duties
question
Which of the following is the best action to take to make remembering passwords easier so that a person no longer has to write the password down?
answer
Implement end-user training
question
In a variation of a brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasures best addresses this issue?
answer
A strong password policy
question
Which of the following defines the crossover rate for evaluating bio-metric systems?
answer
The point where the number of false positives matches the number of false negatives in the biometric system
question
In which form of access control environment is access controlled by rules rather than by identity?
answer
MAC (Mandatory Access Control
question
Which of the following is the strongest form of multi-factor authentication?
answer
A password, a biometric scan, and a token device
question
Which of the following is stronger than any biometric authentication factor?
answer
A two factor authentication
question
Which of the following defines an object as used in access control?
answer
Data applications, systems, networks, and physical space
question
Which form of access control is based on job descriptions?
answer
Role-based access control (RBAC)
question
Which of the following are disadvantages of biometrics? (Select two)
answer
-When used alone or solely, they are no more secure than a strong password -They require time synchronization
question
What is it called if the ACL automatically prevents access to anyone not on the list?
answer
Implicit deny
question
What is mutual authentication?
answer
A process by which each party in an online communication verifies the identity of the other party
question
What is another term for the type of logon credentials provided by a token device?
answer
One-time password
question
Which of the following is not a characteristic of Kerberos?
answer
Peer-to-peer relationships between entities
question
What should be done to a user account if the user goes on an extended vacation?
answer
Disable the account
question
Which of the following is a password that relates to things that people know, such as a mother's maiden name, or the name of a pet?
answer
Cognitive
question
A router access control list uses information in a packet such as the destination IP address and port number to make allow or deny forwarding decisions. This is an example of what type of access control mode?
answer
RBAC (based on rules)
question
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
answer
MAC (Mandatory access control)
question
Which of the following advantages can Single Sign-On (SSO) provide? (Select two)
answer
-Access to all authorized resources with a single instance of authentication -The elimination of multiple user accounts and passwords for an individual
question
What is the primary goal of separation of duties?
answer
Prevent conflicts of interest
question
You have installed anti-virus software on computers at your You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits shed did not scan the file before running it. What should you add to your security measures to help prevent this from happening again?
answer
User awareness training
question
Your plan is to implement a new security device on your network. You should consult what before implementing ?
answer
Change management policy
question
Your organization uses the following tape rotation strategy for its backup tapes: 1. The first set of tapes is used for daily backups. 2. At the end of each wee, the latest daily backup tape is promoted to be the weekly backup tape. 3. At the end of the each month, one of the weekly backup tapes is promoted to be the monthly backup tape. What kind of backup tape rotation strategy is being used?
answer
Grandfather
question
Which backup strategy backs up all files from a computer's file system regardless of whether the files archive bit is set or not and marks them has as having been backed up?
answer
Full
question
Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?
answer
Class C
question
Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do to help reduce problems?
answer
Add a separate A/C unit in the server room
question
Which of the following fire extinguisher types poses a safety risk to users in the area?(Select two)
answer
Halon AND CO2
question
What is the recommended humidity level for server rooms?
answer
50%
question
Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running. What should you do?
answer
Install shielded cables near the elevator
question
Besides protecting a computer from under voltages, a typical UPS also performs which two actions?
answer
Conditions the power signal AND protects from over voltages
question
You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into the server components and affecting the availability of the network. Which of the following should you implement?
answer
Positive pressure system
question
What does a differential backup do during the backup?
answer
Backs up all files with the archive bit set; does not rest the archive bit.
question
Your network uses the following backup strategy: full backups every Sunday night and Differential backups Monday through Saturday nights. Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?
answer
2
question
What does an incremental backup do during the backup?
answer
Backs up all files with the archive bit set; resets the archive bit.
question
A system failure has occurred. Which of the following restoration process would result in the fastest restoration of all data to its most current state?
answer
Restore the full backup and the last differential backup.
question
Your network uses the following backup strategy..... Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?
answer
4
question
Which of the following are backed up during incremental backup?
answer
Only files that have changed since the last full or incremental backup
question
Which backup strategy backs up all files from a computer's file system regardless of whether the files archive bit is set or not and marks them has as having been backed up?
answer
full
question
To increase your ability to recover from a disaster, where should you store backup tapes?
answer
At the vice president's home
question
Why should backup media be stored offsite?
answer
To prevent the same disaster from affecting both the network and the backup media.
question
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?
answer
Regularly test restoration procedures
question
The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but is also quick to back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups?
answer
Perform a full backup once a week with differential backup the other days of the week.
question
Which of the following are backed up during the differential backup?
answer
Only files that have changed since the last full backup
question
Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. Wednesday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?
answer
1
question
Which backup strategy backs up only files which have the archive bit set, but does not mark them as having been backed up?
answer
Differential
question
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its clients
answer
Service level agreement
question
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization
answer
Sanitization
question
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them through a local liquidator. Computers were previously not used for storing sensitive information. What should you do prior to getting rid of the computers
answer
Sanitize the hard drives
question
Which of the following is not part of security awareness training
answer
Employee agreement documents.
question
A service level agreement (SLA) defines the relationship between, and the contractual responsibilities of providers and recipients of service. Which of the following characteristics are most important when designing an SLA
answer
Clear and detailed description of penalties if the level of service is not provided. Detailed provider responsibilities for continuity and disaster recovery mechanisms.
question
Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment
answer
Improve and hold new awareness sessions
question
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach
answer
Negligence
question
Which of the following are typically associated with human resource security policies
answer
Termination, Background checks
question
A code of ethics provides for all but which of the following
answer
Clearly defines course of action to take when a complex issue is encountered.
question
What is the primary purpose of forcing employees to take mandatory on-week minimum vacations every-year
answer
To check for evidence of fraud
question
Who is responsible for performing the steps of the business continuity plan or disaster recovery plain in the event of an emergency
answer
Recovery team
question
In business continuity planning, what is the primary focus of the scope
answer
Business processes
question
What is the primary goal of business continuity planning
answer
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
question
Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its tasks, preventing a disruption in service
answer
Clustering
question
Which of the following disk configurations can sustain a loss of any two disks
answer
RAID 1+0, RAID 0+1
question
What is an advantage of RAID 5 over RAID 1
answer
RAID 5 improves performance over RAID 1
question
To prevent server downtime, which of the following components should be installed redundantly in a server system
answer
Power supply
question
You have a computer with three hard disks.............Disk 2 fails. Which of the following is true
answer
Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not.
question
When returning to the rebuilt primary site, the salvage team will restore or return what process first.
answer
Least business-critical
question
Daily backups are done at the ABD company location and only a weekly backup is maintained at another network location. Which of the following disaster recovery strategies is ABD using
answer
Warm site
question
Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present
answer
Cold site
question
You manage a Web site for your company. The Web site three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point of failure
answer
Website storage
question
You manage the website for your company. The website uses clusters of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage, and a single connection to your ISP. You want to provide redundancy such that a failure in a single component does not cause the website to be unavailable. What should you add to your configuration to accomplish this
answer
Connect one server through a different ISP to the Internet.
question
What is the primary security feature that can be designed into a network's infrastructure to protect and support availability
answer
Redundancy
question
Which form of alternate site is the cheapest but my not allow an organization to recover before reaching their maximum tolerable downtime
answer
Reciprocal agreement
question
You have been asked to implement a RAID 5 solution for RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5
answer
3
question
Which of the following drive configuration is fault tolerant
answer
RAID 5
question
Which of the following are backed up during an incremental backup
answer
Only files that have changed since the last full or incremental backup.
question
Even if you perform regular backups, what must be done to ensure that you are protected against data loss
answer
Regularly test restoration procedures
question
You're responsible for implementing network cabling in a new Gigabit Ethernet network installation. The cabling will be installed in a manufacturing environment where there is a great deal of electromagnetic interference (EMI). Which type of cabling would operate best in this environment
answer
Category 5 shielded twisted pair cable, Fiber-optic cable
question
Components within your server room are failing at rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do the help reduce problems
answer
Add a separate A/C unit in the server room
question
Of the following cables, which offer the best protection against EMI
answer
Single mode fiber optic cable
question
When developing the totality of security policy documentation, what type of policy document will contain instructions or information on remaining in compliance with regulations and industry standards?
answer
Standards
question
If your mission critical services have a maximum tolerable downtime (MTD) (or a recovery time objective (RTO)) of 36 hours, what would be the optimum form of recovery site you should choose?
answer
Warm
question
When recovery is being performed due to a disaster, what services are to be stabilized first?
answer
Mission-critical
question
A disaster recovery plan should include all but which of the following?
answer
Penetration testing
question
When should a hardware device be replaced in order to minimize downtime?
answer
Just before it's MTBF is reached
question
Dumpster diving is a low-tech mean of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving
answer
Establish and enforce a document destruction policy
question
What is the primary difference between impersonating and masquerading
answer
One is more active, the other is more passive
question
Which of the following is a common form of social engineering attack
answer
Hoax virus information e-mails.
question
Which of the following are examples of social engineering
answer
Shoulder surfing, Dumpster diving
question
What is the primary countermeasure to social engineering
answer
Awareness
question
How can an organization help prevent social engineering attacks
answer
Publish and enforce clearly-written security policies, Educate employees on the risk and countermeasures
question
You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer form the network to isolate it from the network and stop the attack. What should you do next
answer
Perform a memory dump
question
You want to store your computer-generated audits logs in case they are needed in the future examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future
answer
Create a hash of each log.
question
During a recent site survey, you find a rouge wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence
answer
Disconnect the access point from the network
question
When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first
answer
Document what's on screen
question
The chain of custody is used for what purposes
answer
Listing people coming into contact with evidence
question
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this
answer
Chain of custody
question
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activates on the disk to see what kind of information it contains. What should you do first
answer
Make a bit-level copy of the disk
question
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take
answer
Back up all logs and audits regarding the incident
question
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by the attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do
answer
Contact your customer to let them know of the security breach
question
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence
answer
Create a checksum using a hashing algorithm
question
What is the most important element related to evidence in addition to the evidence itself
answer
Chain of custody document
question
Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
answer
Photographs
question
When duplicating a drive for forensic investigative purposes, which of the following copying methods is most appropriate?
answer
Bit-level cloning
question
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?
answer
Rebooting the system
question
Which of the following is not a form of social engineering?
answer
Impersonating a user by logging on with stolen credentials
question
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?
answer
Disconnect the intruder
question
How can an organization help prevent social engineering attacks?
answer
Educate employees on the risks and countermeasures, Publish and enforce clearly written security policies.
question
Which of the following is a form of attack that tricks a victim into providing confidential information, such as identity information or logon credentials, through emails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site?
answer
Phishing
question
You have just received a generic-looking e-mail that is addressed as coming from the admin of you company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service. What should you do?
answer
Verify that the e-mail was sent by the admin and that this new service is legit
question
On your way into the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do?
answer
Direct him to the front entrance and to check in with the receptionist.
question
Which of the following social engineering attacks use VOIP to gain sensitive data?
answer
Vishing
question
A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. What type of an attack best describes the scenario?
answer
Whaling - targeting senior execs
question
You are configuring your computer to dial up to the Internet. What protocol should you use?
answer
PPP
question
Which of the following are characteristics of TACACS +?
answer
Allowing for a possible of three different servers, one each for authentication, authorization, and accounting. Uses TCP.
question
Which of the following is a platform independent authentication system that maintains a database of user accounts and passwords that centralizes the maintenance of those accounts?
answer
RADIUS
question
You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement?
answer
RAS
question
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration?
answer
Configure the remote access servers as RADIUS clients.
question
You have just signed up for Internet access using a local provider that gives you a fiber optic line into your house. From there, the Ethernet and wireless connections are used to create a small network within your home. Which of the following protocols would be used to provide authentication, authorization, and accounting for the Internet connection?
answer
PPPoE
question
Which of the following are differences between RADIUS and TACACS+?
answer
Radius combines authentication and authorization into a single function. TACAS+ allows these services to be split between different servers.
question
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?
answer
TACACS+ RADIUS
question
Which of the following protocols or services is commonly used on cable Internet connections for user authentication?
answer
PPPoE
question
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need. You want the connection to be as secure as possible. Which type of connection will you need?
answer
Remote access
question
Which of the following are performed by proxies?
answer
Block employees from accessing certain Web sites. Cache web pages.
question
What port does Telnet use?
answer
23
question
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
answer
Circuit-level.
question
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?
answer
Host based firewall.
question
You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers?
answer
Put the database server on the private network. Put the Web server on the DMZ.
question
Which of the following are characteristics of a circuit-level gateway?
answer
Filters based on sessions. Stateful.
question
You administer a Web server on your network. The computer has multiple IP addresses. They are 192.198.23.8 and 192.168.23.17. The name of the computer is www.westsim.com. You configured the Web site as follows: -IP address: 192.168.23.8 -HTTP Port: 1030 -SSL Port: 443 Users complain that they can't connect to the Web site when they type www.westsim.com. What is the most likely source of the problem?
answer
The HTTP port should be changed to 80.
question
Your company leases a very fast Internet connection and pays for it based on usage. You have been asked by the company to reduce Internet line lease costs. You want to reduce the amount of web pages that are downloaded over the leased connection, without decreasing performance. What is the best way to do this?
answer
Install a proxy server.
question
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?
answer
IP address.
question
You are configuring a firewall to allow access to a server hosted on the demilitarized zone on your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, what applications are most likely to be hosted on the server?
answer
Web server, e-mail server.
question
To increase security on your computer's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
answer
443.
question
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?
answer
Application level.
question
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
answer
ACL.
question
You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?
answer
Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ.
question
Which protocol and port is used by BOOTP/DHCP?
answer
UDP 67
question
After blocking a number of ports to secure your server, you are unable to send e-mail. To allow e-mail service which of the following needs to be done?
answer
Open port 25 and allow STMP service.
question
Which of the following network services or protocols uses TCP/IP port 69?
answer
TFTP.
question
How does a proxy server differ from a packet filtering firewall?
answer
A proxy server operates at the Application layer, while a packet filtering firewall operates at the Network layer.
question
Which protocol and port number is used by TFTP?
answer
UDP 69.
question
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
answer
Network based firewall.