Practice Questions 133-144 Flashcards
Your company's web site experiences a large number of client requests during certain times a year. Which could your company add to ensure the websites availability during these times? A. Fail-open cluster B. Certificates C. Web application firewall D. Load balancing
Load balancing shifts the load among multiple and can increase the site’s availability by adding additional nodes when necessary.
Which is the LOWEST cost solution for fault tolerance? A. load balancing B. Round-robin scheduling C.RAID D. Warm site
RAID subsystem is a relatively low cost solution for fault tolerance for disk.
Employees access a secure area by entering a cipher code, but his code does not identify individually. After a recent security incident, management has decided to implement a key card system that will identify individuals who enter and ext this secure area. However the installation might take six months or longer. Which of the following can the organization install immediately to identify individuals who enter or exit the. secure area. A. Mantrap B. Access list C. CCTV Bollards
Closed circuit television (CCTV) or a similar surveillance camera can monitor the entrance and record who enters and exits the area.
An organization has decided to increase the amount of customers data maintains and use it for targeted sales. The privacy officer has determined that this data is PII. Which type of assessment should be completed to ensure the organization is complying with applicable laws and regulations related to this data? A. Privacy impact assessment B. Privacy threshold assessment C. Threat assessment D. Supply chain assessment
Privacy impact assessment attempts to identify potential risks related to Personally Identifiable Information (PII) and ensure the organization is complying with applicable laws and regulation.
A security technician runs an automated script every night designated to detect changes in files. Of the following, what are MOST LIKELY protocols used in this script? A. PGP and SHA B. ECC and HMAC C. AES and Twofish D. SHA and HMAC
Secure Hash Algorithm (SHA) and Hash based Message Authentication Code (HMAC) can detect changes in files or verify the files have not lost integrity.
An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. Which is the BEST solution? A. SHA B. Blowfish C. ECC D. Bcrypt
Bcrypt is a key stretching technique designed to protect against brute force and rainbow table attacks and is the best choice.
Which of the following cryptography concepts indicate that cipher text is significantly different than plaintext after it has been encrypted? A. Diffusion B.Obfuscation C. Collision D. Confusion
Confusion means the ciphertext is simnifically different than the plaintext.
Your organization is investigating possible methods of sharing encryption keys over a public network. Which is the BEST choice? A. CRL B. PBKDF2 C. Hashing D. ECDHE
Elliptic Curve Diffie -Hellman (ECDHE) allows entities to negotiate encryption keys securely over a public network.
An application developer is working on the cryptographic elements of an application. She need to implement an encryption algorithm that provides both confidentiality and data authenticity. Which cipher mode is supports these goals? A. CTM B. CBC C. ECB D. GCM
Galois/Counter Mode combines Counter mode with hashing techniques to provide both confidentiality and data authenticity.
An organization hosts several web servers in a web farm used for e-commerce, Due to recent attacks, management id conceded that attackers might try to redirect web site traffic, allowing the attackers to impersonate their e-commere site. Which method will address this issue? A. Stapling B. Perfect forward secrecy C. Pinning D. Key stretching
Public key pinning provides clients with a list of public key hashes that clients can use to detect web site impersonations attempts.
Users within an organization frequently access public web servers using HTTPS. Management wants to ensure that users can verify that certificates are valid even if the public CAs are temporarily unavailable. Which should be implemented to meet this need? A. OCSP B. CRL C. Private CA D.CSR
A certificate revocation list (CRL) can meet this need because CRLs are cached. If a CA is unavailable the cache can be used as long as the cache time has not expired.
A security auditor discovered that several employees int he Accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to print and sign checks. Which security policy does this describe?
Separation of duties principle prevents any single person from performing multiple job functions that might allow the person to commit fraud.
