Chapter 2 - Intro To Security Terminology

Question 1

As requested by your manager, you purchase two servers to participate in a server cluster so that if one server fails, the other server will take over the workload. Which of the following goals security has been met?

Answer 1

Availability

Question 2

You have protected the contents of a highly sensitive file by encrypting the data. Which of the following goals of security has been satisfied?

Answer 2

Confidentiality

Question 3

You have managed the file permissions on a file so that unauthorized persons cannot make modifications to the file. What goal of security has been met?

Answer 3

Integrity

Question 4

You have configured your network so that each person on the network must provide a username and password to gain access. Presenting a username is an example of ____________

Answer 4

Identification

Question 5

You have configured the permissions on the accounting folder so that the accounting group can create, modify, and delete content in the folder; the Managers group can read the contents of the folder; and all other users are denied access. This is an example of which of the following?

Answer 5

Authorization

Question 6

Which of the following are considered biometrics?(Choose 2)

A. Username and Password
B. Smart card
C. PIN number
D. Fingerprint
E. Retina scan

Answer 6

D. Fingerprint

E. Retina scan

Question 7

Before an individual is authorized to access resources on the network, they are first ______________ with the network.

Answer 7

Authenticated

Question 8

You have taken the time to create and implement security policies within your organization. This is an example of what?

Answer 8

Due care

Question 9

All accountants need to be able to modify the accounting data except for Bob. Due to Bob’s job requirements, you have ensured that Bon receives only the read permission to the accounting data. This is an example of what?

Answer 9

Least privilege

Question 10

Which of the following represents the reasoning for implementing rotation of duties in your environment?

A. To limit fraudulent activities within the organization

B. To keep data private to the appropriate individuals

C. To make information available

D. To ensure the secrecy of the information

Answer 10

A. To limit fraudulent activities within the organization

Question 11

Within most organizations, the person who writes the check is not the person who signs the check. What is this an example of?

Answer 11

Separation of duties

Question 12

After creating and implementing the company security policy, you verify that policies are being followed on a regular basis by performing regular audits. What is this an example of?

Answer 12

Due diligence

Question 13

What type of hacker learns hacking techniques so that they can better defend against a malicious hacker?

Answer 13

White-hat

Question 14

Which of the following vulnerability types directly relate to the programmer of the software?

A. Improper input handling
B. Misconfiguration/weak configuration
C. Improper error handling
D. Race condition
E. Improperly configured account

Answer 14

A. Improper input handling

C. Improper error handling

D. Race condition

Question 15

The entity that is responsible for deciding the level of protection that is placed on data and that is ultimately responsible for the security of that data is which of the following?

A. Custodian
B. Owner
C. User
D. Administrator

Answer 15

B. Owner

Question 16

The entity that is responsible for implementing the appropriate security controls to protect an asset is which of the following?

A. Custodian
B. Owner
C. User
D. Administrator

Answer 16

A. Custodian