1-50 Flashcards

(50 cards)

1
Q

Why would a security administrator use a vulnerability scanner? (Select the best answer.)

A

To find open ports on a server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You work for a company that requires a user’s credentials to include providing something they know and something they are. Which of the following types of authentication is being described?

A

Multi factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address?

A

ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following would be the BEST choice for the technicians?

A

Vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following tools uses ICMP as its main underlying protocol?

A

Ping scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is the final step a user needs to take before that user can access domain resources?

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Of the following, which is the best way for a person to find out what security holes exist on the network?

A

Perform a vulnerability assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following penetration testing concepts is being used when an attacker uses public Internet databases to enumerate and learn more about a target?

A

Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?

A

Examine the services and/or processes that use those ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company has hired an outside security firm to perform various tests on your network, specifically vulnerability scans. During this vulnerability scan, you provided the company with a set of usernames and passwords for various systems (database server, application server, web server) to assist in their scan. What best describes what is happening?

A

Credentialed scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An advanced form of phishing in which the connection between the IP address and its target server is redirected

A

Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following has cross-platform support and is used for remote access into a network?

A

RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cheyenne is doing a penetration test for a client’s network and is currently gathering information from sources such as archive.org, netcraft.com, social media, and other information websites. What stage has just been described?

A

Passive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Of the following principles, which one can be used for a means of two(multi)-factor authentication?

A

IRIS SCAN AND PASSWORD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Shannon works for a security company that performs pen tests for clients. She’s currently conducting a test of an e-commerce company and discovers that after compromising the web server, she can use the web server to launch a second attack into the company’s internal network. What type of attack is this considered?

A

Pivot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A collection of information that defines or describes the user and his or her interests.

A

Profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?

A

Enforce authentication for network devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The web server administrator at your e-commerce company is concerned about someone using netcat to connect to the company web server to retrieve detailed information. What best describes this concern?

A

Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which authentication mechanism performs better in a secured environment?

A

TACACS+ because it encrypts client-server negotiation dialogues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Derrick is a security administrator for a medium-sized mortgage company. He needs to verify that the network is using the most secure login/authentication scheme possible. Which of the following options is the best choice for that?

A

Multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which type of vulnerability assessments software can check for weak passwords on the network?

A

password cracker

22
Q

What are the two items needed before a user can be given access to the network?

A

Identification and authentication

23
Q

The most secure method of authentication and authorization in its default form is ______

24
Q

Security program manager wanted to conduct active testing in the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

A

Penetration testing

25
An in-house penetration tester uses a packet capturing device that listens on network communications. This is an example of:
Passive reconnaissance
25
What can attackers accomplish using malicious port scanning?
Topology of the network
26
An organization requires users to provide their fingerprints in accessing a software application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?
Require a palm geometry scan
27
Which of the following is NOT a physical method of conducting Identity theft
Phishing
28
Which of the following is a vulnerability assessment tool?
Nessus
29
To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this?
Multifactor
30
Which of the following would fall into the category of something a person is?
Fingerprints
31
A black hat hacker enumerates a network and wanted to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?
The vulnerability scanner is performing in network sniffer mode.
32
Which of the following is the verification of a person's identity?
Authentication
33
What is the main purpose of a physical access log?
To show who entered the facility
34
You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing?
Gray-box
35
Which of the following methods can be used by a security administrator to recover a user’s forgotten password from a password-protected file?
Brute-force
36
Which of the following is an example of two-factor authentication?
Thumbprint and key card
37
An employer requires employees to use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as:
Something you have
38
A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the following techniques would BEST describe the approach the analyst has taken?
Passive vulnerability scanning
39
Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool?
Exploit framework
40
Which of the following about authentication is false?
MS-CHAPv2 is not capable of mutual authentication of the client and server.
41
Frank is concerned that confidential documents, with proprietary information, may be leaked. The leaks could either be intentional or accidental, but he is looking for a solution that would embed some identifying information into documents in a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet these needs?
Steganography
42
You’ve been asked to conduct a penetration test for a small company and for the test, you were only given a company name, the domain name of their website, and the IP address of their gateway router. What describes the type of test?
Blackbox
43
Jeff is the network administrator and sometimes needs to run a packet sniffer so he can view the network traffic. He would like to find a well-known packet sniffer that works on Linux. Which of the following is the best choice?
tcpdump
44
Which of the following is not a common criteria when authenticating users?
Something you like
45
A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos?
It uses tickets to identify authenticated users
46
An auditor identifies an access control system that incorrectly accept an access attempt from an unauthorized user. Which of the following authentication systems has the auditor reviewed?
Biometric-based
47
You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance?
Network mapper
48
Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches?
TACACS+
49
Which of the following is NOT a threat that users face on social networking sites?
Site flaws