Deck G Flashcards
Which of the following authentication methods can use the SCTP and TLS protocols for reliable packet transmissions?
A. TACACS+
B. SAML
C. Diameter
D. Kerberos
Diameter
Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?
A. Biometrics
B. PKI
C. Single factor authentication
D. Multifactor authentication
Multifactor authentication
It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue?
A. Device encryption
B. Application control
C. Content filtering
D. Screen-locks
Application control
After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).
A. To allow load balancing for cloud support
B. To allow for business continuity if one provider goes out of business
C. To eliminate a single point of failure
D. To allow for a hot site in case of disaster
E. To improve intranet communication speeds
To allow for business continuity if one provider goes out of business
To eliminate a single point of failure
The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO).
A. Device encryption
B. Antivirus
C. Privacy screen
D. Cable locks
E. Remote wipe
Antivirus
Cable locks
A periodic update that corrects problems in one version of a product is called a
A. Hotfix
B. Overhaul
C. Service pack
D. Security update
Service pack
Peter, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario?
A. Application Firewall
B. Anomaly Based IDS
C. Proxy Firewall
D. Signature IDS
Anomaly Based IDS
Which of the following is the primary security concern when deploying a mobile device on a network?
A. Strong authentication
B. Interoperability
C. Data security
D. Cloud storage technique
Data security
Which of the following is a best practice for error and exception handling?
A. Log detailed exception but display generic error message
B. Display detailed exception but log generic error message
C. Log and display detailed error and exception messages
D. Do not log or display error or exception messages
Log detailed exception but display generic error message
A company replaces a number of devices with a mobile appliance, combining several functions.
Which of the following descriptions fits this new implementation? (Select TWO).
A. Cloud computing
B. Virtualization
C. All-in-one device
D. Load balancing
E. Single point of failure
All-in-one device
Single point of failure
An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?
A. Password history
B. Password complexity
C. Password length
D. Password expiration
Password history
A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?
A. Bind server
B. Apache server
C. Exchange server
D. RADIUS server
Bind server
An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).
A. Length of password
B. Password history
C. Minimum password age
D. Password expiration
E. Password complexity
F. Non-dictionary words
Password history
Minimum password age
Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed?
A. Bollards
B. Video surveillance
C. Proximity readers
D. Fencing
Video surveillance
Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be.
Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients?
A. Enable MAC filtering on the wireless access point.
B. Configure WPA2 encryption on the wireless access point.
C. Lower the antenna’s broadcasting power.
D. Disable SSID broadcasting.
Lower the antenna’s broadcasting power.
When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?
A. Trust models
B. CRL
C. CA
D. Recovery agent
CA
A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution?
A. Driving a van full of Micro SD cards from data center to data center to transfer data
B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN
C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN
D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server
Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN
A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?
A. Role-based privileges
B. Credential management
C. User assigned privileges
D. User access
Role-based privileges
A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?
A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES
Diffie-Hellman
A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here?
A. Separation of duties
B. Least privilege
C. Same sign-on
D. Single sign-on
Same sign-on
Which of the following may cause Jane, the security administrator, to seek an ACL work around?
A. Zero day exploit
B. Dumpster diving
C. Virus outbreak
D. Tailgating
Zero day exploit
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following?
A. Peer to Peer
B. Mobile devices
C. Social networking
D. Personally owned devices
Social networking
Emily, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong encryption with the FASTEST speed?
A. 3DES
B. Blowfish
C. Serpent
D. AES256
Blowfish
An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
NAT