Practice Questions Flashcards

1
Q

The Bell and Lapaluda Access Control model is a form of:
- MAC
- DAC
- RBAC
- ABAC

A

MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In which cloud model does the cloud customer have LESS responsibility over the infrastructure?

  • PaaS
  • FaaS
  • IaaS
  • SaaS
A

SaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of these tools is commonly used to crack passwords?

  • Wireshark
  • John The Ripper
  • NSlookup
  • Burp Suite
A

John The Ripper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of attack will most effectively provide privileged access (root access in Unix/Linux platforms) to a computer while hiding its presence?

  • Phishing
  • Rootkits
  • Cross-Site Scripting
  • Trojans
A

Rootkits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which devices would be more effective in detecting an intrusion into a network?

  • Routers
  • Firewalls
  • HIDS
  • NIDS
A

NIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of these would be the best option if a network administrator needs to control access to a network?

  • NAC
  • IDS
  • HIDS
  • SIEM
A

NAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In which of the following phases of an Incident Recovery Plan are incident responses prioritized?

  • Post-incident Activity
  • Contentment, Eradication and Recovery
  • Detection and Analysis
  • Preparation
A

Detection and Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following are NOT types of security controls?

  • Storage Controls
  • System-specific controls
  • Hybrid controls
  • Common controls
A

Storage Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

According to the canon “Provide diligent and competent service to principals”, (ISC)² professionals are to:

  • Promote the understanding and acceptance of prudent information security measures
  • Avoid apparent or actual conflicts of interest
  • Take care not to tarnish the reputation of other professionals through malice or indifference
  • Treat all members fairly and when resolving conflicts consider public safety and duties to principals, individuals and the profession in that order
A

Avoid apparent or actual conflicts of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is NOT a protocol of the OSI Level 3?

  • IP
  • ICMP
  • SNMP
  • IGMP
A

SNMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a public IP?

  • 10.221.123.1
  • 192.168.123.1
  • 13.16.123.1
  • 172.16.123.1
A

13.16.123.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which port is used to secure communication over the web (HTTPS)?

  • 443
  • 69
  • 25
  • 80
A

443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The SMTP protocol operates at OSI Level:

  • 3
  • 25
  • 23
  • 7
A

7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The address 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a is an:

  • MAC address
  • Web address
  • IPv4 address
  • IPv6 address
A

IPv6 address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of these is NOT a change management component?

  • RFC
  • Approval
  • Governance
  • Rollback
A

Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of these is the PRIMARY objective of a Disaster Recovery Plan?

  • Restore company operation to the last-known reliable operation state
  • Outline a safe escape procedure for the organization’s personnel
  • Communicate to the responsible entities the damage caused to operations in the event of a disaster
  • Maintain crucial company operations in the event of a disaster
A
  • Restore company operation to the last-known reliable operation state
17
Q

What is an effective way of hardening a system?

  • Run a vulnerability scan
  • Patch the system
  • Have an IDS in place
  • Create a DMZ for web application services
A

Patch the system

18
Q

Which access control model can grant access to a given object based on complex rules?

  • MAC
  • DAC
  • ABAC
  • RBAC
A

ABAC

19
Q

What type of security control is the biometric reader that grants access to the data center building?

  • Physical control
  • authorization control
  • administrative control
  • Technical control
A

Physical Control