N2K - Quiz - General Security Concepts Flashcards

1
Q

When planning physical security, which type of sensor would be appropriate to detect a person’s body heat when the person enters a controlled space such as a server room?

A)Pressure sensor
B)Infrared sensor
C)Microwave sensor
D)Ultrasonic sensor

A

Infrared Sensor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which technique can tip off an investigator that data files have been altered from a previous version?

A)Salting
B)Sandboxing
C)Hashing
D)Nonce

A

Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are a cybersecurity advisor for your organization. In a recent audit conducted by an external party, it was found that your organization lacks a process to track and manage assets and their relation to one another.

To remediate the finding, you have been asked to suggest a solution. What should you suggest?

A)Maintain an Excel file for all the IT assets and resources.
B)Implement a change management process
C)Implement a release management process.
D)Implement a configuration management process.

A

Implement a configuration management process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of deception and disruption technology contains decoy data that the attacker exfiltrates from the system?
A)Honeynet
B)Honeypot
C)Honeyfile
D)Honeytoken

A

Honeytoken

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An accounting job role requires separation of duties to reduce the risk of fraud, with tasks spread across two employees. Due to a staffing shortage, you only have one person available to perform all of the tasks. You ask your business’s bank to start sending you weekly statements instead of monthly, and to create an automated email that will alert you if a withdrawal above a certain threshold is made.

Which type or category of control did you implement? Choose the BEST answer.

A)Managerial category
B)Operational category
C)Deterrent type
D)Preventative type
E)Compensating type

A

Compensating Type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which concepts are associated with the zero-trust data plane? (Select two.)

A)Implicit trust zones
B)Policy administrator
C)Subject/system
D)Policy-driven access control

A

Implicit trust zones
Subject/System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What concept is demonstrated by representing a credit card number as --**-1234?

A)Tokenization
B)Steganography
C)Hashing
D)Data masking

A

Data Masking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which element is created to ensure that your company is able to resume operation after unplanned downtime in a timely manner?

A)disaster recovery plan
B)business impact analysis (BIA)
C)vulnerability analysis
D)business continuity plan

A

Disaster Recovery Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following encryption tools is also known as a trusted execution environment (TEE)?

A)HSM
B)Key management system
C)TPM
D)Secure enclave

A

Secure Enclave

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following options could be affected during the course of the change management process and should be considered in the impact analysis? (Choose as many as apply.)

A)Restricted activities
B)Stakeholder interests
C)Service restart
D)Allow lists/deny lists
E)Dependencies

A

Restricted activities
Service restart
Allow lists/deny lists
Dependencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a physical barrier that acts as the first line of defense against an intruder?

A)a fence
B)an access control vestibule
C)a turnstile
D)a lock
E)a bollard

A

A Fence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When connecting to a website using SSL/TLS, the client browser uses the root CA’s public key to decrypt the digital signature of each certificate until finally verifying the identity associated with the website’s certificate. Which term or phrase describes this public key infrastructure (PKI) concept?

A)Certificate revocation
B)Certificate chaining
C)Key escrow
D)Key pairing

A

Certificate Chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following encryption levels offers the most granular control?

A)Partition
B)Record
C)Database
D)Volume

A

Record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Management wants you to provide full disk encryption for several of your organization’s computers. You purchase specialized chips that will be plugged into the computers’ motherboards to provide the encryption. Which security protocol, practice, or mechanism does this represent?

A)TPM
B)PAP
C)GPG
D)TwoFish
E)RipeMD

A

TPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which concepts are associated with the Zero Trust control plane? (Select two.)

A)Threat scope reduction
B)Implicit trust zones
C)Adaptive identity
D)Policy enforcement point

A

Threat Scope Reduction
Adaptive Identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your client operates a 24-hour call center. Several different employees may log in to the same workstation in the course of a week. Machine (computer) certificates are currently used, but they do not provide sufficient security safeguards because more than one employee logs in to each machine. You need to ensure that each employee has their own credentials. What should you implement?

A)Wildcard certificate
B)Domain validation
C)User certificate
D)Self-signed certificate

A

User Certificate

17
Q

Which of the following security concepts identifies one or more weaknesses in an organization’s security operations when compared against a standard?

A)Threat scope reduction
B)Bollards
C)Gap analysis
D)Risk assessment

A

Gap Analysis

18
Q

Which of the following describes a recurring period when patches and configuration changes are performed?

A)Maintenance exclusion
B)Escalation
C)Service level objectives
D)Maintenance window

A

Maintenance Window

19
Q

Which practice helps ensure that users are running the most currently updated application?

A)Updating policies/procedures
B)Updating diagrams
C)Implementing managerial controls
D)Using version control

A

Using Version Control

20
Q

Which type of controls are an example of a detective control? Choose three.

A)log files
B)closed-circuit television (CCTV)
C)firewalls
D)fences
E)lighting
F)IR sensors

A

Log Files
CCTV
IR Sensors

21
Q

You have been promoted to security administrator. Recently, management implemented a security policy that states that symmetric cryptography must be used. However, your research indicates the asymmetric cryptography is a better choice for your organization. Which statement is true of symmetric cryptography?

A)Symmetric cryptography is faster than asymmetric cryptography.
B)Symmetric cryptography uses different keys to encrypt and decrypt messages.
C)Symmetric cryptography provides better security compared to asymmetric cryptography.
D)Symmetric cryptography does not require a secure mechanism to properly deliver keys.

A

Symmetric cryptography is faster than asymmetric cryptography.

22
Q

Which of the following security control types includes acceptable use policies, handbooks, and posted warning signs?

A)Detective controls
B)Compensating controls
C)Directive controls
D)Preventive controls

A

Directive Controls

23
Q

You are designing an access control system for a new company. The company has asked that you ensure that users are authenticated with a central server. In addition, users should only have access to the files they need to perform their jobs. When implementing access control, what is the appropriate order?

A)identification, authorization, authentication
B)authentication, identification, authorization
C)identification, authentication, authorization
D)authentication, authorization, identification

A

Identification, Authentication, Authorization

24
Q

Which of the following network architecture concepts consists of a policy engine, a policy administrator, and a policy enforcement point?

A)Secure Access Service Edge
B)Cloud
C)Zero-trust
D)Hybrid

A

Zero-Trust

25
Q

Which of the following is difficult when used with symmetric key encryption, but much easier with asymmetric key encryption?

A)Key exchange
B)Hardware security module
C)Key length
D)Algorithms

A

Key Exchange

26
Q

Which of the following is an independent third party which provides validation services to assure that a digital certificate is genuine?

A)Certificate signing request
B)OCSP
C)Root of trust
D)Certificate authority

A

Certificate authority

27
Q

Company management has discovered that systems administrators have made critical changes to operational policies and procedures without management’s consent or knowledge. To keep this from happening again, which change management component should be implemented?

A)Ownership
B)Approval process
C)Test results
D)Stakeholders

A

Approval Process

28
Q

You have found that your system for validating keys has a latency period of 24-48 hours. As a result, a key that had been breached was accepted. You want to provide a real-time solution that will reduce this latency period. Which technology should you implement?

A)OCSP
B)OID
C)CSR
D)CRL

A

OCSP

29
Q

Which of the following are accomplished through identity validation? (Select two.)

A)Authenticating systems
B)Authenticating people
C)Gap analysis
D)Authorization models

A

Authenticating systems
Authenticating people

30
Q

When implementing a security solution for mobile devices, which two common use cases are of primary concern? (Choose two.)

A)Lower power devices
B)Obfuscation
C)Authentication
D)Non-repudiation
E)Low latency

A

Lower power devices
Low latency