Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security + 401 > 451-500 > Flashcards

451-500 Flashcards

1
Q

company’s website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate.

Which of the following could be causing the problem?

A

The intermediate CA certificates were not installed on the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following can be used to ensure digital certificates? (Choose two.)

A

Confidentiality

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A certificate used on an e-commerce web server is about to expire.

Which of the following will occur if the certificate is allowed to expire?

A

Clients will be notified that the certificate is invalid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com.

Which of the following files should be copied from srv4 to accomplish this?

A

certificate, private key, and intermediate certificate chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message.

Which of the following aspects of PKI BEST ensures the identity of the sender?

A

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group.

Which of the following would prevent her from denying accountability?

A

C.

Non Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company recently experienced data loss when a server crashed due to a midday power outage.

Which of the following should be used to prevent this from occurring again?

A

D.

Redundancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task.

Which of the following can Matt implement to ensure servers will withstand hardware failure?

A

RAID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability.

Which of the following solutions would mitigate this issue?

A

D.

Patch management system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls?

A

D.

Safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft.

Which of the following would provide the IT department with the BEST solution?

A

A.

Attach cable locks to each laptop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use.

Which of the following controls would BEST address this security concern?

A

C.

Locking cabinets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network.

Which of the following has been reported by the vulnerability scan?

A

D.

False negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following documents outlines the technical and security requirements of an agreement between organizations?

A

C.

ISA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity.

Which of the following would be a customer concern if the offshore staff had direct access to their data?

A

C.

Privacy considerations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following are examples of detective controls?

A

C.

Motion sensors, intruder alarm and audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses.

Which of the following technologies should this company consider?

A

C.

DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Choose two.)

A

A.
Separation of duties

E.
Least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following helps to establish an accurate timeline for a network intrusion?

A

C.

Analyzing network traffic and device logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A recent audit has revealed weaknesses in the process of deploying new servers and network devices.

Which of the following practices could be used to increase the security posture during deployment? (Choose two.)

A

B.
Disable unnecessary services

C.
Change default passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid.

Which of the following is the BEST management option for review of the new accounts?

A

A.

Mandatory vacation

22
Q

A company hosts its public websites internally. The administrator would like to make some changes to the architecture.

The three goals are:

reduce the number of public IP addresses in use by the web servers

drive all the web traffic through a central point of control

mitigate automated attacks that are based on IP address scanning

Which of the following would meet all three goals?

A

D.

Reverse proxy

23
Q

The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy.

Which of the following policies is being enforced?

A

A.

Acceptable use policy

24
Q

A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:

A

A.

escalation and notification.

25
Q

A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation.

Which of the following would meet the requirements of this scenario?

A

B.

Digital signatures

26
Q

The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler.

Which of the following is occurring?

A

B.

Incident response process

27
Q

A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people’s first name, last name, home address, date of birth and mothers last name.

Which of the following describes this type of data?

A

A.

PII

28
Q

Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result.

Which of the following BEST prevents this situation from occurring in the future?

A

C.

Security awareness training

29
Q

Which of the following types of security controls are visible security cameras considered to be?

A

C.

Deterrent

30
Q

A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts.

Which of the following security controls BEST accomplishes this goal?

A

A.

Require different account passwords through a policy

31
Q

Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company.

Which of the following could Ann implement to help identify accounts that are still active for terminated employees?

A

A.

Routine audits

32
Q

Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime.

Which of the following BEST describes the type of system Ann is installing?

A

A.

High availability

33
Q

A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure.

Which of the following should the engineer choose to meet these requirements?

A

B.

A mirrored mirror array

34
Q

In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise.

Which of the following is MOST important to the security manager?

A

B.

SLE

35
Q

A company has just deployed a centralized event log storage system.

Which of the following can be used to ensure the integrity of the logs after they are collected?

A

A.

Write-once drives

36
Q

Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network.

Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?

A

D.

A policy which details controls on removable storage use

37
Q

A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators.

Which of the following procedures could have been implemented to aid the authorities in their investigation?

A

D.

A system image should have been created and stored

38
Q

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop.

Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

A

D.

Acceptable Use Policy

39
Q

A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency.

Which of the following should be in place?

A

B.

CCTV

40
Q

A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster.

Which of the following describes the disaster?

A

C.

Threat

41
Q

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company’s rules, and she wants to limit potential legal concerns.

Which of the following is the CTO concerned with?

A

A.

Data ownership

42
Q

SEE QUESTION 492

A

Database server was attacked; actions should be to capture network traffic and Chain of Custody.

43
Q

Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?

A

C.

Adware

44
Q

A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot loader and continues to target additional Windows PCs or phones.

Which of the following malware categories BEST describes this program?

A

C.

Virus

45
Q

A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs.

Which of the following is MOST likely to be contained in the download?

A

B.

Spyware

46
Q

Which of the following malware types typically allows an attacker to monitor a user’s computer, is characterized by a drive-by download, and requires no user interaction?

A

C.

Spyware

47
Q

Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed.
Which of the following BEST describes this type of malware?

A

C.

Trojan

48
Q

During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running.

Which of the following has MOST likely been installed on the server?

A

D.

Rootkit

49
Q

A trojan was recently discovered on a server. There are now concerns that there has been a
security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:

A

B.

Backdoor.

50
Q

Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know.

Which of the following is this an example of?

A

D.

Backdoor

Security + 401 (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions