1-50 Flashcards

1
Q

Why would a security administrator use a vulnerability scanner? (Select the best answer.)

A

To find open ports on a server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You work for a company that requires a user’s credentials to include providing something they know and something they are. Which of the following types of authentication is being described?

A

Multi factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address?

A

ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following would be the BEST choice for the technicians?

A

Vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following tools uses ICMP as its main underlying protocol?

A

Ping scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is the final step a user needs to take before that user can access domain resources?

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Of the following, which is the best way for a person to find out what security holes exist on the network?

A

Perform a vulnerability assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following penetration testing concepts is being used when an attacker uses public Internet databases to enumerate and learn more about a target?

A

Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?

A

Examine the services and/or processes that use those ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company has hired an outside security firm to perform various tests on your network, specifically vulnerability scans. During this vulnerability scan, you provided the company with a set of usernames and passwords for various systems (database server, application server, web server) to assist in their scan. What best describes what is happening?

A

Credentialed scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An advanced form of phishing in which the connection between the IP address and its target server is redirected

A

Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following has cross-platform support and is used for remote access into a network?

A

RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cheyenne is doing a penetration test for a client’s network and is currently gathering information from sources such as archive.org, netcraft.com, social media, and other information websites. What stage has just been described?

A

Passive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Of the following principles, which one can be used for a means of two(multi)-factor authentication?

A

IRIS SCAN AND PASSWORD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Shannon works for a security company that performs pen tests for clients. She’s currently conducting a test of an e-commerce company and discovers that after compromising the web server, she can use the web server to launch a second attack into the company’s internal network. What type of attack is this considered?

A

Pivot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A collection of information that defines or describes the user and his or her interests.

A

Profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?

A

Enforce authentication for network devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The web server administrator at your e-commerce company is concerned about someone using netcat to connect to the company web server to retrieve detailed information. What best describes this concern?

A

Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which authentication mechanism performs better in a secured environment?

A

TACACS+ because it encrypts client-server negotiation dialogues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Derrick is a security administrator for a medium-sized mortgage company. He needs to verify that the network is using the most secure login/authentication scheme possible. Which of the following options is the best choice for that?

A

Multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which type of vulnerability assessments software can check for weak passwords on the network?

A

password cracker

22
Q

What are the two items needed before a user can be given access to the network?

A

Identification and authentication

23
Q

The most secure method of authentication and authorization in its default form is ______

A

Kerberos

24
Q

Security program manager wanted to conduct active testing in the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

A

Penetration testing

25
Q

An in-house penetration tester uses a packet capturing device that listens on network communications. This is an example of:

A

Passive reconnaissance

25
Q

What can attackers accomplish using malicious port scanning?

A

Topology of the network

26
Q

An organization requires users to provide their fingerprints in accessing a software application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?

A

Require a palm geometry scan

27
Q

Which of the following is NOT a physical method of conducting Identity theft

A

Phishing

28
Q

Which of the following is a vulnerability assessment tool?

A

Nessus

29
Q

To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this?

A

Multifactor

30
Q

Which of the following would fall into the category of something a person is?

A

Fingerprints

31
Q

A black hat hacker enumerates a network and wanted to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

A

The vulnerability scanner is performing in network sniffer mode.

32
Q

Which of the following is the verification of a person’s identity?

A

Authentication

33
Q

What is the main purpose of a physical access log?

A

To show who entered the facility

34
Q

You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing?

A

Gray-box

35
Q

Which of the following methods can be used by a security administrator to recover a user’s forgotten password from a password-protected file?

A

Brute-force

36
Q

Which of the following is an example of two-factor authentication?

A

Thumbprint and key card

37
Q

An employer requires employees to use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as:

A

Something you have

38
Q

A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the following techniques would BEST describe the approach the analyst has taken?

A

Passive vulnerability scanning

39
Q

Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool?

A

Exploit framework

40
Q

Which of the following about authentication is false?

A

MS-CHAPv2 is not capable of mutual authentication of the client and server.

41
Q

Frank is concerned that confidential documents, with proprietary information, may be leaked. The leaks could either be intentional or accidental, but he is looking for a solution that would embed some identifying information into documents in a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet these needs?

A

Steganography

42
Q

You’ve been asked to conduct a penetration test for a small company and for the test, you were only given a company name, the domain name of their website, and the IP address of their gateway router. What describes the type of test?

A

Blackbox

43
Q

Jeff is the network administrator and sometimes needs to run a packet sniffer so he can view the network traffic. He would like to find a well-known packet sniffer that works on Linux. Which of the following is the best choice?

A

tcpdump

44
Q

Which of the following is not a common criteria when authenticating users?

A

Something you like

45
Q

A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos?

A

It uses tickets to identify authenticated users

46
Q

An auditor identifies an access control system that incorrectly accept an access attempt from an unauthorized user. Which of the following authentication systems has the auditor reviewed?

A

Biometric-based

47
Q

You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance?

A

Network mapper

48
Q

Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches?

A

TACACS+

49
Q

Which of the following is NOT a threat that users face on social networking sites?

A

Site flaws