Domain 4 Flashcards

1
Q

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
A. Well established and defined digital forensics process
B. Establishing Enterprise-owned Botnets for preemptive attacks
C. Be able to retaliate under the framework of Active Defense
D. Collaboration with law enforcement

A

Answer : Well established and defined digital forensics process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is a countermeasure to prevent unauthorized database access from web applications?
A. Session encryption
B. Removing all stored procedures
C. Input sanitization
D. Library control

A

Answer : Input sanitization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security related breaches are assessed and contained through which of the following?
A. The IT support team.
B. A forensic analysis.
C. Incident response
D. Physical security team.

A

Answer : Incident response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
A. In-line hardware keyloggers don’t require physical access
B. In-line hardware keyloggers don’t comply to industry regulations
C. In-line hardware keyloggers are undetectable by software
D. In-line hardware keyloggers are relatively inexpensive

A

Answer : In-line hardware keyloggers are undetectable by software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is the MAIN security concern for public cloud computing?
A. Unable to control physical access to the servers
B. Unable to track log on activity
C. Unable to run anti-virus scans
D. Unable to patch systems as needed

A

Answer : Unable to control physical access to the servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?
A. Configure logging on each access point
B. Install a firewall software on each wireless access point.
C. Provide IP and MAC address
D. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

A

Answer : Provide IP and MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
A. non-repudiation
B. conflict resolution
C. strong authentication
D. digital rights management

A

Answer : non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The process of identifying and classifying assets is typically included in the
A. Threat analysis process
B. Asset configuration management process
C. Business Impact Analysis
D. Disaster Recovery plan

A

Answer : Business Impact Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
A. The need to change accounting periods on a regular basis.
B. The requirement to post entries for a closed accounting period.
C. The need to create and modify the chart of accounts and its allocations.
D. The lack of policies and procedures for the proper segregation of duties.

A

Answer : The lack of policies and procedures for the proper segregation of duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
A. Execute
B. Read
C. Administrator
D. Public

A

Answer : Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the FIRST step in developing the vulnerability management program?
A. Baseline the Environment
B. Maintain and Monitor
C. Organization Vulnerability
D. Define Policy

A

Answer : Baseline the Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:
A. ‘ o 1=1 - -
B. /../../../../
C. “DROPTABLE USERNAME”
D. NOPS

A

Answer : ‘ o 1=1 - -

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
A. Enterprise Risk Assessment
B. Disaster recovery strategic plan
C. Business continuity plan
D. Application mapping document

A

Answer : Disaster recovery strategic plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The process of creating a system which divides documents based on their security level to manage access to private data is known as
A. security coding
B. data security system
C. data classification
D. privacy protection

A

Answer : data classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
A. Your public key
B. The recipient’s private key
C. The recipient’s public key
D. Certificate authority key

A

Answer : The recipient’s public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The process for identifying, collecting, and producing digital information in support of legal proceedings is called
A. chain of custody.
B. electronic discovery.
C. evidence tampering.
D. electronic review.

A

Answer : electronic discovery.

17
Q

An anonymity network is a series of?
A. Covert government networks
B. War driving maps
C. Government networks in Tora
D. Virtual network tunnels

A

Answer : Virtual network tunnels

18
Q

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
A. Comprehensive Log-Files from all servers and network devices affected during the attack
B. Fully trained network forensic experts to analyze all data right after the attack
C. Uninterrupted Chain of Custody
D. Expert forensics witness

A

Answer : Uninterrupted Chain of Custody

19
Q

Which of the following is a symmetric encryption algorithm?
A. 3DES
B. MD5
C. ECC
D. RSA

A

Answer : 3DES

20
Q

What type of attack requires the least amount of technical equipment and has the highest success rate?
A. War driving
B. Operating system attacks
C. Social engineering
D. Shrink wrap attack

A

Answer : Social engineering

21
Q

Physical security measures typically include which of the following components?
A. Physical, Technical, Operational
B. Technical, Strong Password, Operational
C. Operational, Biometric, Physical
D. Strong password, Biometric, Common Access Card

A

Answer : Physical, Technical, Operational

22
Q

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?
A. Containment
B. Recovery
C. Identification
D. Eradication

A

Answer : Eradication

23
Q

Which of the following backup sites takes the longest recovery time?
A. Cold site
B. Hot site
C. Warm site
D. Mobile backup site

A

Answer : Cold site

24
Q

Which of the following statements about Encapsulating Security Payload (ESP) is true?
A. It is an IPSec protocol.
B. It is a text-based communication protocol.
C. It uses TCP port 22 as the default port and operates at the application layer.
D. It uses UDP port 22

A

Answer : It is an IPSec protocol.

25
Q

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
A. Shared key
B. Asynchronous
C. Open
D. None

A

Answer : Shared key

26
Q

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
A. 4, 2, 5, 3, 1
B. 2, 5, 3, 1, 4
C. 4, 5, 2, 3, 1
D. 4, 3, 5, 2, 1

A

Answer : 4, 2, 5, 3, 1

27
Q

In terms of supporting a forensic investigation, it is now imperative that managers, first responders, etc., accomplish the following actions to the computer under investigation:
A. Secure the area and shut-down the computer until investigators arrive
B. Secure the area and attempt to maintain power until investigators arrive
C. Immediately place hard drive and other components in an anti-static bag
D. Secure the area.

A

Answer : Secure the area and attempt to maintain power until investigators arrive

28
Q

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?
A. Trusted and untrusted networks
B. Type of authentication
C. Storage encryption
D. Log retention

A

Answer : Trusted and untrusted networks

29
Q

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
A. Traffic Analysis
B. Deep-Packet inspection
C. Packet sampling
D. Heuristic analysis

A

Answer : Deep-Packet inspection

30
Q

Which wireless encryption technology makes use of temporal keys?
A. Wireless Application Protocol (WAP)
B. Wifi Protected Access version 2 (WPA2)
C. Wireless Equivalence Protocol (WEP)
D. Extensible Authentication Protocol (EAP)

A

Answer : Wifi Protected Access version 2 (WPA2)