Exam Cram Flashcards

1
Q

The ASHRAE recommends humidity levels in which range?

25%-40%

40%-55%

55%-70%

70%-85%

A

40%-55%

The Air-Conditioning Engineers (ASHRAE) recommendation for optimal humidity levels is between 40 percent and 55 percent to minimize electrostatic discharge and condensation. Answer A is incorrect because it specifies a low range that would be dangerous for static discharge. Answers C and D are incorrect because they represent too high of a humidity level that could result in the buildup of condensation on cool components and boards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization that has several small branches in North Dakota, Minnesota, and Ontario, Canada, is planning for a fire-suppression system installation. Which of the following bests fit the needs of the organization?

Dry pipe

Wet pipe

Deluge

Preaction

A

Dry pipe

One reason for using a dry-pipe system is that, when the outside temperature drops below freezing, any water in the pipes will freeze, causing them to burst.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following are potential impacts of a race condition?

System malfunction

Denial of service

Escalated privileges

All of the above

A

All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which one of the following is designed to execute malicious actions when a certain event occurs or a specific time period elapses?

Logic bomb

Spyware

Botnet

DDoS

A

Logic Bombs

Logic bombs are designed to execute after certain events, on a certain date, or after a specific time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You discover you are unable to access files on your computer. A message appears asking for payment to allow for the recovery of your files. Which of the following is most likely?

Your files have been deleted.

Your files have been moved to a remote server.

Your files have been encrypted.

Your files have been copied.

A

Your files have been encrypted.

This situation implies ransomware or crypto-malware. In this attack, files are encrypted and are essentially “held ransom” until payment is made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following describes the difference between a worm and a virus?

Viruses are self-replicating.

Viruses are often malicious.

Worms are self-replicating.

A

Worms are self-replicating

Worms are self-replicating. Viruses require an infected file to be executed or launched to replicate. Both viruses and worms are usually malicious.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which one of the following best describes the four primary phases of a penetration test?

Planning, discovery, attack, reporting

Exploit, escalation, pivot, persistence

Planning, exploit, attack, persistence

Discovery, attack, pivot, reporting

A

Planning, discovery, attack, reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A small IT consulting firm has installed new wireless routers across all your small regional offices. Within days, you learn that you are unable to access the administrative interfaces of these routers due to an incorrect password. Which one of the following is most likely the reason?

The wireless routers were set up with the default configuration, which included a default password that was never changed.

The wireless routers are not powered on.

The wireless routers have been placed on end-of-life by the manufacturer and are no longer supported for remote login.

The wireless routers have been designed to allow improper input handling, resulting in failed password input.

A

The wireless routers were set up with the default configuration, which included a default password that was never changed.

In this scenario, the wireless routers most likely include a known default password that was never changed upon installation. This gave an outsider a simple means of access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are conducting a penetration test on a software application for a client. The client provides you with the details around the source code and development process. What type of test will you likely be conducting?

A. Black box

B. Vulnerability

C. White box

D. Answers A and C

A

White Box

Explanation:

White box testing is more transparent. Because you are provided with source code, you have more knowledge about the system before you begin your penetration testing. Answer A is incorrect because black box testing assumes no prior knowledge. Answer B is incorrect because this refers to a weakness. Therefore, answer D is also incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

After a six-month inquiry, a company closed the investigation of a data leakage incident. The new management team issued an updated computer use policy to include the prohibited use of removable media. Workstations no longer have CD drives. What may be the reasons for this? (Select two)

A. End of life support

B. Vector for malware

C. Device incompatibility

D. Exfiltrating data

A

B. Vector for malware

D. Exfiltrating data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Separation of duties is a method of putting checks and balances in place to prevent the compromise of critical systems from insiders. Which of the following are examples of separation of duty policies? (Choose two)

A. Mandatory Vacations

B. User Training

C. Job Rotation

D. Fair Use

A

A. Mandatory Vacations

C. Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To implement defense in-depth of a system, a system admin employed an IDS, a HIDS and scheduled penetration testing on a regular basis. Within the week, the company will install HVAC. Which of the following should a system administrator apply to reach control diversity?

A. Vulnerability Assessment

B. Shoulder Surfing

C. Firewall

D. Door Lock

A

C. Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A social engineer intercepted an end-user’s phone call to an internet service provider (ISP) about a home internet outage. Pretending to be the caller reporting the outage, the attacker immediately contacted the ISP to cancel the service call, dressed up as an internet tech, and then proceeded to enter the end-user’s home with permission. What type of social engineering attack did the ISP and end-user fall victim to?

A. Hoax

B. Pharming

C. Tailgaiting

D. Impersonation

A

D. Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A network administrator sets up a switched network and wants to group users by department. Which technology should the administrator implement?

A. Ad Hoc

B. VLAN

C. Extranet

D. DMZ

A

B. VLAN

A Virtual Local Area Network (VLAN) is a logical group of network devices on the same LAN, despite their geographical distribution. It can divide the devices logically on the data link layer and group users according to departments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which term defines the range of key values available for use with a particular cipher, and is approximately two to the power of the size of the key?

A. Substitution Cipher

B. Ciphertext

C. Keyspace

D. Transposition cipher

A

C. Keyspace

Keyspace is a range of key values available to use with a particular cipher. It is approximately equivalent to two to the power of the size of the key. Using a longer key, such as 2048 bits rather than 1024 bits, makes the encryption scheme stronger.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is NOT a component of a user’s account?

A. Identifier

B. Credentials

C. Profile

D. Encryption

A

D. Encryption

17
Q

An IT staff member used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user received pop-up ads, frequent crashes, slow computer performance, and strange services running when the staff member turns on the computer. What most likely happened to cause these issues?

A. User installed adware

B. User installed trojan horse

C. User installed rogueware

D. User installed crypto-malware

A

B. User installed trojan horse

A Trojan is a malicious program hidden within an innocuous-seeming piece of software. Usually, the Trojan tries to compromise the security of the target computer.

18
Q

A company’s data loss prevention (DLP) system’s setup blocks the transferring of proprietary company information to all, but which of the following?

A. Email

B. CD

C. USB

D. One Drive

A

D. One Drive

19
Q

In what way does Challenge Handshake Authentication Protocol (CHAP) protect against replay attacks?

A. The handshake is repeated with different challenge messages periodically throughout the session connection

B. The challenge is different every time a user authenticates to the server

C. The client responds with a hash calculated from the server challenge message and a shared secret

D. Mutual authentication is performed every time the handshake is initiated and repeated throughout the session

A

A. The handshake is repeated with different challenge messages periodically throughout the session connection

In CHAP, the handshake is repeated with different challenge messages throughout the session, which updates the session timestamp and guards against replay attacks.

20
Q
A