Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

myexam > Exam I > Flashcards

Exam I Flashcards

2
Q

QUESTION 1Which of the following pseudo codes can be used to handle program exceptions?A. If program detects another instance of itself, then kill program instance.B. If user enters invalid input, then restart program.C. If program module crashes, then restart program module.D. If user’s input exceeds buffer length, then truncate the input.

A

C. If program module crashes, then restart program module.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

QUESTION 2Jane, an administrator, hears reports of circles being drawn in the parking lot. Because the symbols fall within range of the company’s wireless AP, the MOST likely concern is:A. that someone has used war chalking to help others access the company’s network.B. that the symbols indicate the presence of an evil twin of a legitimate APC. that someone is planning to install an AP where the symbols are, to cause interferenceD. that a rogue access point has been installed within range of the symbols.

A

A. that someone has used war chalking to help others access the company’s network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

QUESTION 3Enforcing data encryption of removable media ensures that the:A. lost media cannot easily be compromised.B. media can be identified.C. location of the media is known at all times.D. identification of the user is non-repudiated.

A

A. lost media cannot easily be compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

QUESTION 4When employees that use certificates leave the company they should be added to which of the following?A. PKIB. CAC. CRLD. TKIP

A

C. CRL - Certificate Revocation List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

QUESTION 5Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?A. Incident managementB. Server clusteringC. Change managementD. Forensic analysis

A

C. Change management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

QUESTION 6Which of the following can Pete, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program?A. RAIDB. ClusteringC. RedundancyD. Virtualization

A

B. Clustering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

QUESTION 7Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?A. Identify user habitsB. Disconnect system from networkC. Capture system imageD. Interview witnesses

A

C. Capture system image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

QUESTION 8Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?A. Implement WPAB. Disable SSIDC. Adjust antenna placementD. Implement WEP

A

A. Implement WPA Wireless Protected Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

QUESTION 10Which of the following application attacks is used to gain access to SEH?A. Cookie stealingB. Buffer overflowC. Directory traversalD. XML injection

A

B. Buffer overflow

SEH - structured exception handler

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

QUESTION 9Which of the following incident response procedures BEST allows Sara, the security technician, to identify who had possession of a hard drive prior to forensics analysis?A. Chain of custodyB. Tracking man hoursC. WitnessesD. Capturing system images

A

A. Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

QUESTION 11Jane, a security technician, has been tasked with preventing contractor staff from logging into the company network after business hours. Which of the following BEST allows her to accomplish this?A. Time of day restrictionsB. Access control listC. Personal identity verificationD. Mandatory vacations

A

A. Time of day restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

QUESTION 12Which of the following can be implemented on a lost mobile device to help recover it?A. Remote sanitizationB. GPS trackingC. Voice encryptionD. Patch management

A

B. GPS tracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

QUESTION 13Jane, a security analyst, wants to ensure that data is being stored encrypted, in the event that a corporate laptop is stolen. Which of the following encryption types will accomplish her goal?A. IPSecB. Secure socket layerC. Whole diskD. Transport layer security

A

C. Whole disk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

QUESTION 14Sara, the Chief Executive Officer (CEO) of a corporation, wishes to receive her corporate email and file attachments on her corporate mobile computing device. If the device is lost or stolen, the BEST security measure to ensure that sensitive information is not comprised would beA. to immediately file a police report and insurance reportB. the ability to remotely wipe the device to remove the dataC. to immediately issue a replacement device and restore data from the last backupD. to turn on remote GPS tracking to find the device and track its movements

A

B. the ability to remotely wipe the device to remove the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

QUESTION 15Which of the following protocols allows for secure transfer of files? (Select TWO).A. ICMPB. SNMPC. SFTPD. SCPE. TFTP

A

C. SFTP - Secure File Transfer Protocol - 115D. SCP - Secure Copy Protocol 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

QUESTION 16Users at a corporation are unable to login using the directory access server at certain times of the day. Which of the following concepts BEST describes this lack of access?A. Mandatory access controlB. Least privilegeC. Time of day restrictionsD. Discretionary access control

A

C. Time of day restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

QUESTION 17During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).A. 21B. 22C. 23D. 69E. 3389F. SSHG. Terminal servicesH. RloginI. RsyncJ. Telnet

A

B. 22 - SSHC. 23 - TELNETF. SSHJ. Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

QUESTION 18Matt, an IT security technician, needs to create a way to recover lost or stolen company devices. Which of the following BEST meets this need?A. Locking cabinetsB. GPS trackingC. SafeD. Firewalls

A

B. GPS tracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

QUESTION 19Which of the following is the MOST specific plan for various problems that can arise within a system?A. Business Continuity PlanB. Continuity of Operation PlanC. Disaster Recovery PlanD. IT Contingency Plan

A

D. IT Contingency Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

QUESTION 20Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection?A. Sign in and sign out logsB. MantrapC. Video surveillanceD. HVAC

A

B. Mantrap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

QUESTION 21Which of the following fire suppression systems is MOST likely used in a datacenter?A. FM-200B. Dry-pipeC. Wet-pipeD. Vacuum

A

A. FM-200 Fire Suppression Agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

QUESTION 22A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?A. LDAPB. RADIUSC. KerberosD. XTACACS

A

C. Kerberos (88)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

QUESTION 23While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?A. Cross-site scriptingB. Buffer overflowC. Header manipulationD. Directory traversal

A

B. Buffer overflow

25
Q

QUESTION 24Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?A. Vulnerability assessmentB. Black box testingC. White box testingD. Penetration testing

A

A. Vulnerability assessment

26
Q

QUESTION 25Matt, an account manager, arrives at work early in the morning and cannot log into his workstation. He calls the help desk an hour later to open a trouble ticket, but they tell him there is nothing wrong with his account. Matt tries his login once more and is granted access. Which of the following control types BEST explains this anomaly?A. Discretionary access controlB. Time of day restrictionsC. Separation of dutiesD. Single sign-on

A

B. Time of day restrictions

27
Q

QUESTION 26A security technician is working with the network firewall team to implement access controls at the company’s demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?A. Rule based access controlB. Role based access controlC. Discretionary access controlD. Mandatory access control

A

A. Rule based access control

28
Q

QUESTION 27Jane, a security administrator, has been tasked with explaining authentication services to the company’s management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company’s environment?A. KerberosB. Least privilegeC. TACACS+D. LDAP

A

A. Kerberos 88

29
Q

QUESTION 28Which of the following can be used to discover if a security attack is occurring on a web server?A. Creating a new baselineB. Disable unused accountsC. Implementing full disk encryptionD. Monitoring access logs

A

D. Monitoring access logs

30
Q

QUESTION 29Jane, the CEO, receives an email wanting her to clink on a link to change her username and password. Which of the following attacks has she just received?A. HoaxesB. WhalingC. BluejackingD. Vishing

A

B. Whaling

31
Q

QUESTION 30Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?A. TwofishB. Diffie-HellmanC. ECCD. RSA

A

C. ECC- Elliptic curve cryptography

32
Q

QUESTION 31Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?A. $1,500B. $3,750C. $15,000D. $75,000

A

B. $3,750

33
Q

QUESTION 32Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?A. Warm siteB. Load balancingC. ClusteringD. RAID

A

C. Clustering

34
Q

QUESTION 33Which of the following does full disk encryption prevent?A. Client side attacksB. Clear text accessC. Database theftD. Network-based attacks

A

B. Clear text access

35
Q

QUESTION 34Which of the following can be implemented with multiple bit strength?A. AESB. DESC. SHA-1D. MD5E. MD4

A

A. AES - Advanced Encryption Standard

36
Q

QUESTION 35Pete, the system administrator, has instituted a policy banning personal digital music and video players from the company premises. Which of the following would be the BEST reason for such a policy?A. The company would be legally liable for any personal device that is lost on its premises.B. It is difficult to verify ownership of offline device’s digital rights management and ownership.C. The media players may act as distractions during work hours and adversely affect user productivity.D. If connected to a computer, unknown malware may be introduced into the environment.

A

D. If connected to a computer, unknown malware may be introduced into the environment.

37
Q

QUESTION 36Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete’s BEST option?A. Use hardware already at an offsite location and configure it to be quickly utilized.B. Move the servers and data to another part of the company’s main campus from the server room.C. Retain data back-ups on the main campus and establish redundant servers in a virtual environment.D. Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy.

A

A. Use hardware already at an offsite location and configure it to be quickly utilized.

38
Q

QUESTION 37Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?A. PAP, MSCHAPv2B. CHAP, PAPC. MSCHAPv2, NTLMv2D. NTLM, NTLMv2

A

A. PAP, MSCHAPv2Password Authentication Protocol , Microsoft Challenge-Handshake Authentication Protocolv2

39
Q

QUESTION 38Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?A. Authentication serverB. Server certificateC. Key lengthD. EAP method

A

C. Key length

40
Q

QUESTION 39Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?A. EAP-MD5B. WEPC. PEAP-MSCHAPv2D. EAP-TLS

A

C. PEAP-MSCHAPv2 (Protected Extensible Authentication Protocol - Microsoft Challenge-Handshake Authentication Protocolv2)

41
Q

QUESTION 40A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?A. DMZB. Cloud computingC. VLAND. Virtualization

A

A. DMZ - Demilitarized Zone Protocol

42
Q

QUESTION 41Layer 7 devices used to prevent specific types of html tags are called:A. firewalls.B. content filters.C. routers.D. NIDS.

A

B. content filters.

43
Q

QUESTION 42Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?A. Attributes basedB. Implicit denyC. Role basedD. Rule based

A

A. Attributes based

44
Q

QUESTION 43Which of the following network architecture concepts is used to securely isolate at the boundary between networks?A. VLANB. SubnettingC. DMZD. NAT

A

C. DMZ - Demilitarized Zone Protocol

45
Q

QUESTION 44In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?A. Security control frameworksB. Best practiceC. Access control methodologiesD. Compliance activity

A

B. Best practice

46
Q

QUESTION 45Which of the following devices is typically used to provide protection at the edge of the network attack surface?A. FirewallB. RouterC. SwitchD. VPN concentrator

A

A. Firewall

47
Q

QUESTION 46A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?A. ICMPB. BGPC. NetBIOSD. DNS

A

C. NetBIOS 137,138,139

48
Q

QUESTION 47A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?A. The network uses the subnet of 255.255.255.128.B. The switch has several VLANs configured on it.C. The sub-interfaces are configured for VoIP traffic.D. The sub-interfaces each implement quality of service.

A

B. The switch has several VLANs configured on it.

49
Q

QUESTION 48Digital Signatures provide which of the following?A. ConfidentialityB. AuthorizationC. IntegrityD. AuthenticationE. Availability

A

C. Integrity

50
Q

QUESTION 49– Exhibit —- Exhibit –Use the exhibit button to show a video of an attack. Which of the following BEST describes the type ofattack that is occurring?A. Smurf AttackB. Man in the middleC. BackdoorD. ReplayE. Spear PhishingF. Xmas AttackG. Blue JackingH. Ping of Death

A

UNK-May be A. Smurf Attack

51
Q

QUESTION 50Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site?A. Internet content filterB. FirewallC. Proxy serverD. Protocol analyzer

A

A. Internet content filter

52
Q

QUESTION 51An administrator might choose to implement a honeypot in order to:A. provide load balancing for network switches.B. distract potential intruders away from critical systems.C. establish a redundant server in case of a disaster.D. monitor any incoming connections from the Internet.

A

B. distract potential intruders away from critical systems.

53
Q

QUESTION 52How often, at a MINIMUM, should Sara, an administrator, review the accesses and right of the users on her system?A. AnnuallyB. Immediately after an employee is terminatedC. Every five yearsD. Every time they patch the server

A

A. Annually

54
Q

QUESTION 53A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:A. logic bombB. backdoorC. adware applicationD. rootkit

A

B. backdoor

55
Q

QUESTION 55Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).
A. RC4 B. 3DES C. AES D. MD5 E. PGP F. Blowfish

A

B. 3DES - Triple Data Encryption Standard
C. AES - Advanced Encryption Standard
F. Blowfish - Blowfish encryption algorithm

56
Q

QUESTION 54Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?A. TACACSB. XTACACSC. RADIUSD. TACACS+

A

D. TACACS+ - Terminal Access Controller Access-Control System Plus 49

57
Q

UDP Ports

A

22 - SSH and SCP
49 - TACACS authentication service
53 - DNS name queries Domain Name Service
69 - TFTP Trivial File Transfer Protocol
80 - HTTP (used for the World Wide Web)
137 - NetBIOS name
143 - IMAP Internet Message Access Protocol
161 - SNMP Simple Network Message Protocol
389 - LDAP

58
Q

QUESTION 55Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).A. RC4B. 3DESC. AESD. MD5E. PGPF. Blowfish

A

B. 3DES - Triple Data Encryption Standard C. AES - Advanced Encryption StandardF. Blowfish - Blowfish encryption algorithm

myexam (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions