SEC 110 Final Review – Flashcards

Unlock all answers in this set

Unlock answers
question
evil twin
answer
What type of access point is configured by an attacker in such a manner that it mimics an authorized access point?
question
Bluejacking
answer
What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?
question
Personal Area Network
answer
Bluetooth is an example of what type of technology below?
question
Bluejacking
answer
What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?
question
48 bits
answer
The Temporal Key Integrity Protocol (TKIP) encryption technology increases IVs to what length?
question
Error
answer
Which of the following choices is not one of the four types of packets used by EAP?
question
Bluesnarfing
answer
A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as?
question
32
answer
What is the maximum number of characters that can exist within an SSID name?
question
13
answer
When using AES-CCMP, the AES-256 bit key requires how many rounds??
question
PEAP
answer
Which EAP protocol creates an encrypted channel between the client authentication server and the client, and uses Microsoft Windows logins and passwords?
question
scatternet
answer
Piconets in which connections exist between different piconets are known as a:
question
Captive portal access point
answer
How can an administrator force wireless clients to use a standard web browser to provide information, and require a user to agree to a use policy or present valid login credentials?
question
AES-CCMP
answer
Which encryption protocol below is used in the WPA2 standard?
question
LEAP
answer
What proprietary EAP method developed by Cisco requires mutual authentication for WLAN encryption using Cisco client software?
question
33 ft
answer
What is the maximum range of most Bluetooth devices?
question
rogue
answer
An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?
question
Bluetooth v1.2
answer
The IEEE 802.15.1-2005 standard is based on what version of the Bluetooth specifications?
question
EAP-FAST
answer
Select the EAP protocol supported by WPA2 Enterprise that securely tunnels any credential form for authentication using TLS:
question
authenticator
answer
Which option below is responsible for the issuing of EAP request packets?
question
Access Point
answer
What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks?
question
Active slave
answer
Slave devices that are connected to a piconet and are sending transmissions are known as what?
question
iOS
answer
?What mobile operating system below requires all applications to be reviewed and approved before they can be made available on the public store front?
question
?Extreme Capacity (SDXC)
answer
?Select below the option that is not one of the SD format card families:
question
?Location services
answer
Mobile devices with global positioning system (GPS) abilities typically make use of:?
question
?Google Glass
answer
Select below the option that represents a wearable technology:?
question
?Credential management
answer
?Mobile Device Management systems that allow users to store usernames and passwords within a device are said to be using:
question
?Track stolen devices
answer
?Which of the following selections is not one of the features provided by a typical MDM?
question
?Type I
answer
What PC Card type is typically used for memory??
question
?ExpressCard
answer
The PC Card and CardBus devices are being replaced by what technology?
question
1234
answer
?What PIN is considered to be the most commonly used PIN?
question
?RS232
answer
?A laptop may have multiple hardware ports. Which of the following is not a typical port included on a laptop?
question
?Mobile Application Management
answer
?How can an administrator manage applications on mobile devices using a technique called "app wrapping?"
question
?Personal digital assistant (PDA)
answer
?What term below describes a hand-held mobile device that was intended to replace paper systems, and typically included an appointment calendar, an address book, a "to-do" list, a calculator, and the ability to record limited notes?
question
?Web-based
answer
?Select below the type of computing device that uses a limited version of the Linux operating system and uses a web browser with an integrated media player:
question
?Enable a lock screen
answer
?What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password?
question
?Secure Digital Input Output (SDIO)
answer
What SD card family can be used to transmit pictures over a wireless network to a laptop hard drive or wireless printer??
question
?A video
answer
A QR code can't contain which of the following items directly?
question
?Subnotebook
answer
?An ultrabook is an example of what type of a portable computer?
question
?Removable media storage
answer
?Select below the item that is not considered to be a basic characteristic of mobile devices:
question
?Inventory control
answer
?What term is used to describe the operation of stockrooms where mobile devices are stored prior to their dispersal to employees?
question
?Mobile Device Management (MDM)
answer
What type of management system below can help facilitate asset tracking?
question
Kerberos
answer
Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:
question
access control model
answer
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
question
ACL
answer
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
question
operation
answer
The action that is taken by a subject over an object is called a(n):
question
Rule Based Access Control
answer
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
question
Separation of duties
answer
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:
question
Roles
answer
When using Role Based Access Control (RBAC), permissions are assigned to:
question
TACACS
answer
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
question
Discretionary Access Control
answer
Which access control model is considered to be the least restrictive?
question
DAP
answer
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
question
Account expiration
answer
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
question
Role Based Access Control
answer
Select below the access control model that uses access based on a user's job function within an organization:
question
LDAP injection
answer
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?
question
RADIUS
answer
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
question
DIT
answer
Entries within a Directory Information Base are arranged in a tree structure called the:
question
authentication request
answer
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
question
Orphaned
answer
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
question
Mandatory Access Control
answer
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?
question
subject
answer
A user or a process functioning on behalf of the user that attempts to access an object is known as the:
question
gray
answer
In a UAC prompt, what color is used to indicate the lowest level of risk?
question
protocol analyzer
answer
Passwords that are transmitted can be captured by what type of software?
question
Cognitive biometrics
answer
Which type of biometrics is based on the perception, thought process, and understanding of the user?
question
?Common Access Card (CAC)
answer
?A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:
question
Brute force
answer
What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?
question
offline cracking
answer
What type of attack involves an attacker stealing a file containing password digests and comparing the digests with digests created by the attacker?
question
password
answer
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:
question
Standard biometrics
answer
What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face?
question
OAuth
answer
?What federated identity management (FIM) relies on token credentials?
question
Dwell time
answer
Which term below describes the time it takes for a key to be pressed and then released?
question
Single Sign On
answer
The use of one authentication credential to access multiple accounts or applications is referred to as?
question
hybrid
answer
What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters?
question
OAuth
answer
What technology allows users to share resources stored on one site with a second site without forwarding their authentication credentials to the other site?
question
Identity management
answer
The use of a single authentication credential that is shared across multiple networks is called:
question
human memory
answer
What is the center of the weakness of passwords?
question
OpenID
answer
?Select below the decentralized open-source FIM that does not require specific software to be installed on the desktop:
question
?MD5
answer
?Which hashing algorithm below is used with NTLMv2's Hashed Message Authentication Code?
question
?HMAC-Based one-time password (HOTP)
answer
?What type of one-time password (OTP) changes after a set time period?
question
Salt
answer
What can be used to increase the strength of hashed passwords??
question
?charmap.exe
answer
?A list of the available nonkeyboard characters can be seen in Windows by opening what utility?
question
Rainbow tables
answer
The use of what item below involves the creation of a large pregenerated data set of candidate digests?
question
cluster
answer
Multiple sectors on a disk, when combined, are referred to as a:
question
RAM slack
answer
The remaining cluster space of a partially filled sector is padded with contents from RAM. What is the name for this type of scenario?
question
uninterruptible power supply
answer
How can an administrator keep devices powered when power is interrupted?
question
mirror image
answer
What is the name for an image that consists of an evidence-grade backup because its accuracy meets evidence standards?
question
Business impact analysis (BIA)
answer
When a company needs to identify mission-critical business functions and quantify the impact a loss of such functions may have on the organization in terms of it's operational and financial position, what should be performed?
question
Drive file slack
answer
What kind of slack is created from information stored on a hard drive, which can contain remnants of previously deleted files or data?
question
single point of failure
answer
Which term below describes a component or entity in a system which, if it no longer functions, will disable an entire system?
question
system image
answer
A snapshot of the current state of a computer that contains all current settings and data is known as what option below:
question
85
answer
According to the Federal Bureau of Investigation (FBI), what percentage of crime committed today leaves behind digital evidence that can be retrieved via computer forensics?
question
?RAID 5
answer
?What RAID type below utilizes parity data across all drives instead of using a separate drive to hold parity error checking information?
question
Volatile
answer
What kind of data can be lost when a computer is turned off?
question
chain of custody
answer
What term is used to describe a documentation of control over evidence, which is used to ensure that no unauthorized person was given the opportunity to corrupt the evidence?
question
Business continuity planning and testing
answer
The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient, is known as:
question
warm site
answer
A location that has all the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data, is an example of a:
question
Faraday cage
answer
A metallic enclosure that prevents the entry or escape of an electromagnetic field is known as a:
question
Computer forensics
answer
Using technology to search for computer evidence of a crime in order to retrieve information, even if it has been altered or erased, that can be used in pursuit of an attacker or criminal is an example of:
question
Disaster recovery
answer
What type of plans include procedures to address redundancy and fault tolerance as well as data backups?
question
symmetric server
answer
In what type of server cluster can services fail over from downed servers to functional servers?
question
asymmetric server
answer
Select below the type of cluster that is used to provide high-availability applications that require a high level of read and write actions, such as databases, messaging systems, and file and print services:
question
service level agreement
answer
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as:
question
Acceptable use policies
answer
Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?
question
privacy
answer
What kind of policy outlines how organizations use personal information it collects?
question
social networking
answer
Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites?
question
security-related human resource policy
answer
Policies that include statements regarding how an employee's information technology resources will be addressed are part of a:
question
Auditory
answer
What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?
question
Visual
answer
What kind of learners learn from taking notes, being at the front of the class, and watching presentations?
question
Ethics
answer
What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments?
question
guideline
answer
A collection of suggestions that should be implemented are referred to as a:
question
change management team
answer
Due to the potential impact of changes that can affect all users in a organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?
question
andragogical
answer
Which term below describes the art of helping an adult learn?
question
A document that outlines specific requirements or rules that must be met
answer
Select below the option that best describes a policy:
question
Bittorrent
answer
?What is the most common type of P2P network?
question
Incident response
answer
What may be defined as the components required to identify, analyze, and contain an incident?
question
P2P
answer
Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server?
question
Kinesthetic
answer
What type of learner learns best through hands-on approaches?
question
Incident management
answer
What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?
question
security policy
answer
A written document that states how an organization plans to protect the company's information technology assets is a:
question
risk
answer
What concept below is at the very heart of information security?
question
Values
answer
A person's fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person's:
question
Morals
answer
What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called?
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New