Practice C-D

Question 1

the National Fire Protection Association (NFPA) recommends that computer facilities be able to withstand ___ minutes of exposure to fire

Answer 1

60

Question 2

the difference between a dry pipe and deluge sprinkler system is that in a deluge system the pipes are ___

Answer 2

always open

Question 3

a change management process is most likely to interface with a configuration management process during the ___ phase

Answer 3

documentation

Question 4

___ is a buffer overflow protection that forces an application to fail immediately if a pointer is freed incorrectly

Answer 4

Heap Metadata Protection

Question 5

rights grant users the ability to perform specific actions (login, print, backup, etc.), while permissions grant ___

Answer 5

levels of access to specific objects (read, write to, execute)

Question 6

one improvement from WEP to WPA is the addition of ___ to protect against man in the middle attacks

Answer 6

Message Integrity Check (MIC)

Question 7

a security policy should be no more than ___ pages long

Answer 7

2-3

Question 8

the ___ was created by the National Institute of Standards and Technology for the testing and certification of forensics equipment

Answer 8

Computer Forensics Tool Testing (CFTT)

Question 9

smart card attacks fall into 4 categories:

Answer 9

• Fault analysis (usually by denying full power);
• Power differential (directly connecting to pins and analyzing fluctuations);
• Timing attacks (analyzing time for cryptographic functions);
• Emanation attacks

Question 10

wireless clients on a LAN typically operate in ___ mode, which allows them to communicate with other clients through a Access Point

Answer 10

Infrastructure (or Master)

Question 11

wireless printers are sometimes configured in ___ mode to allow direct communication without an access point

Answer 11

Ad Hoc (or Peer to Peer)

Question 12

wireless devices that are designed to communicate only with an Access Point are configured in ___ mode

Answer 12

Client (or Managed)

Question 13

___ programming languages restrict the ways data can be used to protect against attacks using memory pointers and arrays

Answer 13

type safe

Question 14

the linux file ___ contains secure user information and is only accessible by root

Answer 14

/etc/shadow

Question 15

stateful firewalls operate between OSI levels ___ and ___. They only allow traffic into a network if ___

Answer 15

Network; Transport; it is in response to a corresponding request sent out from that network

Question 16

while most cross site scripting attacks are typically mitigated through input validation and sanitization, cross-site request forgery (XSRF) attacks can be better mitigated through 3 controls:

Answer 16

CAPTHCHA;
two-factor authorization;
adding a nonce to website requests

Question 17

___ (CSMA/CA or CMSA/CD) sends a jam signal to indicate that two devices are attempting to send simultaneously

Answer 17

CMSA/CD

Question 18

___ (CSMA/CA or CMSA/CD) requires that the receiving device send acknowledgments

Answer 18

CSMA/CA

Question 19

___ can be used to encrypt cardholder data from the moment a card is swiped until it reaches the payment processor

Answer 19

P2PE (Point to Point Encryption)

Question 20

in ___ processes are assigned to time slots to access system resources in order to isolate and protect them

Answer 20

time multiplexing

Question 21

for memory protection, ___ copies an entire process to a secondary memory location (i.e. disk)

Answer 21

swapping

Question 22

in a ___ attack an IP packet is sent with the same source and destination address and port

Answer 22

LAN Denial (LAND)

Question 23

in web authentication using social media accounts for SSO, ___ is typically used for authentication and ___ for authorization

Answer 23

OpenID Connect; OAuth 2.0

Question 24

Microsoft requires the following 3 buffer overflow prevention measures for software vendors: ___ and recommends but does not require ___

Answer 24

Data Execution Prevention (DEP);
Heap Metadata Protection;
Address Space Layout Randomization (ASLR);
Pointer Encoding

Question 25

___ is a client based technology that primarily uses a digital certificate as a security control

Answer 25

Active X

Question 26

in pipelining, and second instruction is fetched while the first instruction is ___

Answer 26

decoded

Question 27

___ is an aggregated threat-modeling methodology developed by Microsoft

Answer 27

STRIDE

Question 28

___ is a risk-based threat-modeling methodology with seven stages

Answer 28

PASTA

Question 29

___ is a classification used to rank threats numerically

Answer 29

DREAD

Question 30

___ is a layer 2 LAN technology using primary and secondary nodes. Instead of using CSMA/CD, primary nodes poll secondary nodes to allow them to transmit data with permission

Answer 30

Synchronous Data Link Control (SDLC)

Question 31

SDLC was succeeded by HDLC, which supports ___ and ___

Answer 31

flow control; error correction

Question 32

___ is a type of RAM that uses flip flops, and ___ uses capacitors, requires constant refreshing and is slower and cheaper

Answer 32

SRAM; DRAM

Question 33

RSA has built-in protection against ___ attacks

Answer 33

replay

Question 34

the IPv6 loopback address is ___

Answer 34

::1

Question 35

because of Meet in the Middle attacks, the effective security of 3DES is ___ bits

Answer 35

112

Question 36

the EU-US Safe Harbor framework was replaced by the ___

Answer 36

EU-US Privacy Shield Framework

Question 37

___ is a memory protection technique that maps hardware memory addresses to applications, allowing different applications to access library objects at the same memory location rather than loading their own copy

Answer 37

virtual memory

Question 38

Carrier-sense multiple access with collision detection (CSMA/CD) was only used in networks with ___

Answer 38

half-duplex Ethernet connections

Question 39

CHAP uses a ___-way handshake and also ___ to protect authentication

Answer 39

3; periodically reauthenticates

Question 40

the vulnerability of Telnet is that is sends ___ in clear text

Answer 40

all data

Question 41

the Ethernet Cyclic Frame Check (CFC) field contains a ___

Answer 41

4 byte cyclic redundancy check value

Question 42

___ is an attack that tricks a browser by inputting hexadecimal data which references resources normally protected by directory traversal checks

Answer 42

double encoding

Question 43

Single Loss Expectancy = ___ x ___

Answer 43

Asset Value (AV); Exposure Factor (EF)

Question 44

the difference between Point to Point Encryption (P2PE) and End to End Encryption (E2EE) for credit card data is that with E2EE ___

Answer 44

the cardholder data is stored unencrypted before being sent to the payment processor, so merchants can do key management

Question 45

in an evacuation, the ___ is responsible for making sure everyone exits the building safely, and the ___ is responsible for making sure everyone arrives at the designated meeting point

Answer 45

safety warden; meeting point leader

Question 46

IP address ranges that can be used for LAN’s and the internet are defined in the document RFC ___

Answer 46

1918