Domain 4 Flashcards
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
A. Well established and defined digital forensics process
B. Establishing Enterprise-owned Botnets for preemptive attacks
C. Be able to retaliate under the framework of Active Defense
D. Collaboration with law enforcement
Answer : Well established and defined digital forensics process
Which of the following is a countermeasure to prevent unauthorized database access from web applications?
A. Session encryption
B. Removing all stored procedures
C. Input sanitization
D. Library control
Answer : Input sanitization
Security related breaches are assessed and contained through which of the following?
A. The IT support team.
B. A forensic analysis.
C. Incident response
D. Physical security team.
Answer : Incident response
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
A. In-line hardware keyloggers don’t require physical access
B. In-line hardware keyloggers don’t comply to industry regulations
C. In-line hardware keyloggers are undetectable by software
D. In-line hardware keyloggers are relatively inexpensive
Answer : In-line hardware keyloggers are undetectable by software
Which of the following is the MAIN security concern for public cloud computing?
A. Unable to control physical access to the servers
B. Unable to track log on activity
C. Unable to run anti-virus scans
D. Unable to patch systems as needed
Answer : Unable to control physical access to the servers
Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?
A. Configure logging on each access point
B. Install a firewall software on each wireless access point.
C. Provide IP and MAC address
D. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.
Answer : Provide IP and MAC address
A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
A. non-repudiation
B. conflict resolution
C. strong authentication
D. digital rights management
Answer : non-repudiation
The process of identifying and classifying assets is typically included in the
A. Threat analysis process
B. Asset configuration management process
C. Business Impact Analysis
D. Disaster Recovery plan
Answer : Business Impact Analysis
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
A. The need to change accounting periods on a regular basis.
B. The requirement to post entries for a closed accounting period.
C. The need to create and modify the chart of accounts and its allocations.
D. The lack of policies and procedures for the proper segregation of duties.
Answer : The lack of policies and procedures for the proper segregation of duties.
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
A. Execute
B. Read
C. Administrator
D. Public
Answer : Public
What is the FIRST step in developing the vulnerability management program?
A. Baseline the Environment
B. Maintain and Monitor
C. Organization Vulnerability
D. Define Policy
Answer : Baseline the Environment
SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:
A. ‘ o 1=1 - -
B. /../../../../
C. “DROPTABLE USERNAME”
D. NOPS
Answer : ‘ o 1=1 - -
While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
A. Enterprise Risk Assessment
B. Disaster recovery strategic plan
C. Business continuity plan
D. Application mapping document
Answer : Disaster recovery strategic plan
The process of creating a system which divides documents based on their security level to manage access to private data is known as
A. security coding
B. data security system
C. data classification
D. privacy protection
Answer : data classification
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
A. Your public key
B. The recipient’s private key
C. The recipient’s public key
D. Certificate authority key
Answer : The recipient’s public key