Exam Cram Flashcards
The ASHRAE recommends humidity levels in which range?
25%-40%
40%-55%
55%-70%
70%-85%
40%-55%
The Air-Conditioning Engineers (ASHRAE) recommendation for optimal humidity levels is between 40 percent and 55 percent to minimize electrostatic discharge and condensation. Answer A is incorrect because it specifies a low range that would be dangerous for static discharge. Answers C and D are incorrect because they represent too high of a humidity level that could result in the buildup of condensation on cool components and boards.
An organization that has several small branches in North Dakota, Minnesota, and Ontario, Canada, is planning for a fire-suppression system installation. Which of the following bests fit the needs of the organization?
Dry pipe
Wet pipe
Deluge
Preaction
Dry pipe
One reason for using a dry-pipe system is that, when the outside temperature drops below freezing, any water in the pipes will freeze, causing them to burst.
Which of the following are potential impacts of a race condition?
System malfunction
Denial of service
Escalated privileges
All of the above
All of the above
Which one of the following is designed to execute malicious actions when a certain event occurs or a specific time period elapses?
Logic bomb
Spyware
Botnet
DDoS
Logic Bombs
Logic bombs are designed to execute after certain events, on a certain date, or after a specific time period.
You discover you are unable to access files on your computer. A message appears asking for payment to allow for the recovery of your files. Which of the following is most likely?
Your files have been deleted.
Your files have been moved to a remote server.
Your files have been encrypted.
Your files have been copied.
Your files have been encrypted.
This situation implies ransomware or crypto-malware. In this attack, files are encrypted and are essentially “held ransom” until payment is made.
Which of the following describes the difference between a worm and a virus?
Viruses are self-replicating.
Viruses are often malicious.
Worms are self-replicating.
Worms are self-replicating
Worms are self-replicating. Viruses require an infected file to be executed or launched to replicate. Both viruses and worms are usually malicious.
Which one of the following best describes the four primary phases of a penetration test?
Planning, discovery, attack, reporting
Exploit, escalation, pivot, persistence
Planning, exploit, attack, persistence
Discovery, attack, pivot, reporting
Planning, discovery, attack, reporting
A small IT consulting firm has installed new wireless routers across all your small regional offices. Within days, you learn that you are unable to access the administrative interfaces of these routers due to an incorrect password. Which one of the following is most likely the reason?
The wireless routers were set up with the default configuration, which included a default password that was never changed.
The wireless routers are not powered on.
The wireless routers have been placed on end-of-life by the manufacturer and are no longer supported for remote login.
The wireless routers have been designed to allow improper input handling, resulting in failed password input.
The wireless routers were set up with the default configuration, which included a default password that was never changed.
In this scenario, the wireless routers most likely include a known default password that was never changed upon installation. This gave an outsider a simple means of access.
You are conducting a penetration test on a software application for a client. The client provides you with the details around the source code and development process. What type of test will you likely be conducting?
A. Black box
B. Vulnerability
C. White box
D. Answers A and C
White Box
Explanation:
White box testing is more transparent. Because you are provided with source code, you have more knowledge about the system before you begin your penetration testing. Answer A is incorrect because black box testing assumes no prior knowledge. Answer B is incorrect because this refers to a weakness. Therefore, answer D is also incorrect.
After a six-month inquiry, a company closed the investigation of a data leakage incident. The new management team issued an updated computer use policy to include the prohibited use of removable media. Workstations no longer have CD drives. What may be the reasons for this? (Select two)
A. End of life support
B. Vector for malware
C. Device incompatibility
D. Exfiltrating data
B. Vector for malware
D. Exfiltrating data
Separation of duties is a method of putting checks and balances in place to prevent the compromise of critical systems from insiders. Which of the following are examples of separation of duty policies? (Choose two)
A. Mandatory Vacations
B. User Training
C. Job Rotation
D. Fair Use
A. Mandatory Vacations
C. Job Rotation
To implement defense in-depth of a system, a system admin employed an IDS, a HIDS and scheduled penetration testing on a regular basis. Within the week, the company will install HVAC. Which of the following should a system administrator apply to reach control diversity?
A. Vulnerability Assessment
B. Shoulder Surfing
C. Firewall
D. Door Lock
C. Firewall
A social engineer intercepted an end-user’s phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user’s home with permission. What type of social engineering attack did the ISP and end-user fall victim to?
A. Hoax
B. Pharming
C. Tailgaiting
D. Impersonation
D. Impersonation
A network administrator sets up a switched network and wants to group users by department. Which technology should the administrator implement?
A. Ad Hoc
B. VLAN
C. Extranet
D. DMZ
B. VLAN
A Virtual Local Area Network (VLAN) is a logical group of network devices on the same LAN, despite their geographical distribution. It can divide the devices logically on the data link layer and group users according to departments.
Which term defines the range of key values available for use with a particular cipher, and is approximately two to the power of the size of the key?
A. Substitution Cipher
B. Ciphertext
C. Keyspace
D. Transposition cipher
C. Keyspace
Keyspace is a range of key values available to use with a particular cipher. It is approximately equivalent to two to the power of the size of the key. Using a longer key, such as 2048 bits rather than 1024 bits, makes the encryption scheme stronger.
