LearnZapp Practice 5 Flashcards
Fire suppression systems are often linked to a detection system. Common detection systems include all of the following except ___________
A. Heat
B. Pressure
C. Flame
D. Smoke
B. Pressure
Explanation:
Pressure detection is not a common detection technology
FM-200 has all the following properties except:
A. It is colorless
B. It leaves a faint chemical residue after use
C. It is liquid when stored
D. It is non conductive
B. It leaves a faint chemical residue after use
Explanation:
One of the properties that makes it desirable for fire suppression in a data center is that FM-200 does not leave a residue
Which of thje following is not a characteristic of a virtual local area network?
A. Broadcast packets sent by a machine inside the VLAN will reach all other machines in that VLAN
B. Broadcast packets sent from outside the VLAN will not reeach other machines outside the VLAN
C. Broadcast packets sent from a machine outside the VLAN will not reach machines inside the VLAN
D. Broadcast packets sent by a machine inside the VLAN will not reach machines outside the VLA N
B. Broadcast packets sent from outside the VLAN will not reeach other machines outside the VLAN
Explanation:
Broadcast packets sent by machines outside the VLAN will reach machines outside ther VLAN that are on the same network/segment
An ________ is a combination of two or more distinct cloud infrastructure that remain unique entities but are bound together by standardize or proprietary technology that enables data and application portability
A. IaaS
B. PaaS
C. Hybrid cloud
D. Private Cloud
C. Hybrid cloud
Explanation:
A hybrid cloud is a combination of two or more disti0nct cloud infrastructures that remain unique entities but are bound together by a standardized or proprietary technology that enables data and application portability
Which of the following aspects of cloud computing can enhance the customers business continuity and disaster recovery efforts?
A. Rapid elasticity
B. Online collaboration
C. Support of common regulatory frameworks
D. Attention to customer service 0
A. Rapid elasticity
Explanation:
Rapid elasticity allows the cloud customer to scale cloud operations as necessary, including during contingency operations; this is useful for BCDR activities
Which of the following data storage types is most associated with SaaS?
A. Content delivery network
B. Databases
C. Volume storage
D. Data warehousing
A. Content delivery network
Explanation:
CDNs are often used in conjunction with SaaS services to deliver high quality data of large sizes (often multimedia)
Which of the following regulatory frameworks is not covered by the CCM?
A. ISACA’s Control Objectives for Information and Related Technologies (COBIT)
B. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
C. The ALL - TRUST framework from the environmental industry
D. FedRAMP
C. The ALL - TRUST framework from the environmental industry
Explanation:
Option C is a nonsense term
RESTful responses can come from the server in _________ or __________ formats
A. Extensible Markup Language (XML), JavaScript Open Notation (JSON)
B. Hypertext Transfer Protocol (HTTP), X.509
C. American Standard Code for Information Interchange (ASCII), text
D. Hypertext Markup Language (HTML), Extensible Markup Language (XML)
A. Extensible Markup Language (XML), JavaScript Open Notation (JSON)
Explanation:
Servers can return REST requests to clients in a number of formats
In a managed cloud services arrangement, who invokes BCDR action?
A. The cloud provider
B. The cloud customer
C. Depends on the contract
D. Any user
C. Depends on the contract
Explanation:
BCDR responsibilities must be negotiated and codified in the contract; initiation could be something performed by provider of customer, depending on the circumstances, so the parties must agree before those circumstances are realized
Because all cloud access is remote access, contact between users and the environment should include all the following except _______
A. Encryption
B. Secure login with complex passwords
C. Once in all on
D. Logging and audits
C. Once in all on
Explanation:
Its preferable to have compartmentalized zones of trust within the production environment and not allow total access with one set of credentials
A cloud data encryption situations where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a:
A. Threat
B. Risk
C. Hybrid cloud deployment model
D. Case of infringing on the rights of the provider
C. Hybrid cloud deployment model
Explanation:
Because the cloud customer will retain ownership of some elements of hardware, software or both at the customers location, client side key management could be considered a hybrid cloud model
When using transparent database encryption, where is the engine deployed?
A. Within the database
B. On the database server
C. At the gateway
D. In the browser
A. Within the database
Explanation:
Transparent database encryption requires the encryption to reside within the database itself `
Bob is staging an attack against Alice’s website, He is able to embed a link on her site that will execute malicious code on a visitors machine if the visitor clicks on the link. This is an example of which type of attack?
A. Cross site scripting
B. Broken authentication/session management
C. Security misconfiguration
D. Insecure cryptographic storage
A. Cross site scripting
Explanation:
This is the definition of cross site scripting
In some jurisdictions, it is mandatory that personnel conducting forensic analysis collection or analysis have a proper __________
A. Training credential
B. License
C. Background check
D. Approved toolset
B. License
Explanation:
There are certain jurisdictions where forensic data/IT analysis requires licenses; it is important for you to determine whether this is the case in your jurisdiction
Who is responsible for performing archiving activities in a managed cloud environment?
A. The cloud customer
B. The cloud provider
C. The customers regulator
D. Depends on the contract
D. Depends on the contract
Explanation:
Many cloud providers will offer archiving services as a feature of the basic cloud services
Because of the nature of the cloud, all access is remote access. One of the preferred technologies employed for secure remote access is ________
A. VPN
B. HTML
C. DEED
D. DNS
A. VPN
Explanation:
VPN creates a trusted path across an untrusted (often public) network.
You are in charge of creating the BCDR plan and procedures for your organization. You decide to have a tabletop test of the BCDR activity. Which of the following will offer the best value during the test?
A. Having all participants conduct their individual activities via remote meeting technology
B. Task a moderator well versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events
C.Provide copies of the BCDR policy to all participants
D. Allow all users in your organization to participate
B. Task a moderator well versed in BCDR actions to supervise and present scenarios to the participants, including randomized special events
Explanation:
A trained and experienced moderator can guide the participants through the activity, enhancing their training and noting pitfalls and areas for improvement
You are the security manager for a software company thats uses PaaS in a public cloud service. Your company’s general counsel informs you that they have received a letter from a former employee who is filing a lawsuit against your company. If you do not take proper steps to retain, capture and deliver pertinent data to the person making the request, the company could be facing legal problems with __________ as a lawsuit as well
A. Spoilation
B. Fraud
C. Jurisdiction
D. Recompositioning
A. Spoilation
Explanation:
Spoilation is the term used to describe the destruction of potential evidence
There are two general types of smoke detectors. One type uses a light source to detect the present of particulate matter resulting from a fire, and the other uses _________
A. Electric pulses
B. Small amounts of radioactive material
C. Fiber optic mechanisms
D. A water pressure plate
B. Small amounts of radioactive material
Explanation:
Ionization based smoke detectors use trace amounts of redionuclide to detect the presence of particulate matter in the detection chamber when smoke particles interrupt the constant electric current
A virtual NIC exists at Layer ________ of the OSI model
A. 2
B. 4
C. 6
D. 8
A. 2
Explanation:
Virtualized NIC is part of the Data Link Layer
Management is interested in adopting an Agile development style. When you explain what impact this will have, you note that _____ may be decreased by this option
A. Speed of development
B. Thoroughness of documentation
C. Availability of prototypes
D. Customer collaboration
B. Thoroughness of documentation
Explanation:
The Agile method reduces the dependence and importance of documentation in favor of functioning software
Event monitoring tools SIEM and SIM can aid in which of the following efforts?
A. Detecting untrained personnel
B. Predicting system outages
C. Sending alerts for conflict of interest
D. Enforcing mandatory vacation
B. Predicting system outages
Explanation:
Event monitoring tools can be used to predict system outages by noting decreases in performance; repeated performance issues can be an indicator a device is failing
While an event monitoring tool might be able to detect a user who continually conducts unproductivity activity or fails to complete certain functions, it is impossible to determine if the source of the problem is lack of training
According to OWASP recommendations, active software security testing should include all of the following except __________
A. Business logic testing
B. Client side testing
C. Intuition testing
D. Information gathering
C. Intuition testing
Explanation:
Intuition testing is not part of the OWASP guide to active security testing.
Data destruction in the cloud is difficult because _________
A. Cloud data doesnt have substance
B. Regulations prevent it
C. The hardware belongs to the provider
D. Most of the data is subterranean
C. The hardware belongs to the provider
Explanation:
The preferred methods of secure sanitization require physical access to the hardware on which the data is stored; in the cloud, this belong to the cloud provider, and the cloud customer will not be allowed to perform destructive procedures