Deck I Flashcards
Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?
A. Digital Signatures
B. Hashing
C. Secret Key
D. Encryption
Encryption
According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
A. NIDS
B. DMZ
C. NAT
D. VLAN
VLAN
Which of the following design components is used to isolate network devices such as web servers?
A. VLAN
B. VPN
C. NAT
D. DMZ
DMZ
Which of the following authentication protocols makes use of UDP for its services?
A. RADIUS
B. TACACS+
C. LDAP
D. XTACACS
RADIUS
Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?
A. Implement voice encryption, pop-up blockers, and host-based firewalls.
B. Implement firewalls, network access control, and strong passwords.
C. Implement screen locks, device encryption, and remote wipe capabilities.
D. Implement application patch management, antivirus, and locking cabinets.
Implement screen locks, device encryption, and remote wipe capabilities.
Emily, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Emily configure?
A. PAT
B. NAP
C. DNAT
D. NAC
PAT
Which of the following is an attack designed to activate based on time?
A. Logic Bomb
B. Backdoor
C. Trojan
D. Rootkit
Logic Bomb
Which of the following provides the HIGHEST level of confidentiality on a wireless network?
A. Disabling SSID broadcast
B. MAC filtering
C. WPA2
D. Packet switching
WPA2
Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO).
A. 10.4.4.125
B. 10.4.4.158
C. 10.4.4.165
D. 10.4.4.189
E. 10.4.4.199
- 4.4.165
10. 4.4.189
A file on a Linux server has default permissions of rw-rw-r–. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?
A. User ownership information for the file in question
B. Directory permissions on the parent directory of the file in question
C. Group memberships for the group owner of the file in question
D. The file system access control list (FACL) for the file in question
Group memberships for the group owner of the file in question
Which of the following are examples of network segmentation? (Select TWO).
A. IDS
B. IaaS
C. DMZ
D. Subnet
E. IPS
DMZ
Subnet
Which of the following provides the BEST application availability and is easily expanded as demand grows?
A. Server virtualization
B. Load balancing
C. Active-Passive Cluster
D. RAID 6
Load balancing
Which of the following protocols provides for mutual authentication of the client and server?
A. Two-factor authentication
B. Radius
C. Secure LDAP
D. Biometrics
Secure LDAP
When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?
A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing
Asymmetric
Which of the following is being tested when a company’s payroll server is powered off for eight hours?
A. Succession plan
B. Business impact document
C. Continuity of operations plan
D. Risk assessment plan
Continuity of operations plan
Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?
A. WAF
B. NIDS
C. Routers
D. Switches
WAF
Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption?
A. USB
B. HSM
C. RAID
D. TPM
TPM
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate.
Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?
A. 1
B. 2
C. 3
D. 4
3
A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Peter and Ann were hired 16 days ago. When Peter logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?
A. Ann’s user account has administrator privileges.
B. Peter’s user account was not added to the group policy.
C. Ann’s user account was not added to the group policy.
D. Peter’s user account was inadvertently disabled and must be re-created.
Ann’s user account was not added to the group policy.
A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe?
A. Fencing
B. Mantrap
C. A guard
D. Video surveillance
Mantrap
Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?
A. Fuzzing
B. Patch management
C. Error handling
D. Strong passwords
Error handling
A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?
A. Black listing applications
B. Operating System hardening
C. Mandatory Access Control
D. Patch Management
Operating System hardening
Which of the following security concepts can prevent a user from logging on from home during the weekends?
A. Time of day restrictions
B. Multifactor authentication
C. Implicit deny
D. Common access card
Time of day restrictions
Which of the following is a concern when encrypting wireless data with WEP?
A. WEP displays the plain text entire key when wireless packet captures are reassembled
B. WEP implements weak initialization vectors for key transmission
C. WEP uses a very weak encryption algorithm
D. WEP allows for only four pre-shared keys to be configured
WEP implements weak initialization vectors for key transmission