Practice Test 2 Flashcards
Which of the following is most appropriate if you have limited external public IP addresses available, but a requirement to share those IP addresses with internal hosts that must connect to the public Internet?
A) DMZ
B) Router
C) DHCP server
D) NAT with a firewall
D) NAT with a firewall
Using network address translation (NAT) in conjunction with a firewall enables you to share one external address with multiple internal hosts that require external addresses for their connectivity.A DMZ can contain servers behind a firewall, allowing public access, but it does not inherently offer NAT services. DHCP is used to allocate internal IP addresses, and a router still requires NAT to perform address translation.
Which of the following are usually annoying advertisements that come in the form of pop-up messages in a user’s browser?
A) Trojan
B) Adware
C) Logic bomb
D) Virus
B) Adware
Adware is the usually annoying advertisements that come in the form of pop-up messages in a user?s browser.A virus is a piece of malicious software that must be propagated through a definite user action. A Trojan is a piece of software that seems to be of value to the user, but in reality is malware. A logic bomb is a script set to execute at a certain time, which is usually created by rogue administrators or disgruntled employees.
Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?
A) SQL injection attack
B) LDAP injection attack
C) Directory traversal attack
D) Integer overflow attack
D) Integer overflow attack
An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.A SQL injection attack targets relational databases that reside behind Web applications. An LDAP injection attack targets directory services databases, such as those used in X.500 implementations. A directory traversal attack targets non-secure directory structures on the host, such as folder structures.
Which of the following desired attributes would make an organization most likely to move to a cloud provider?
A) Accountability
B) Responsibility
C) Availability
D) Control
C) Availability
Availability is the most likely attribute gained through potential redundancy and continuity of operations planning that?s (hopefully) inherent within the cloud environment. Cloud computing usually increases availability of data for users, since it is typically built on highly available, redundant infrastructures.Accountability and responsibility can be established through effective security controls and well-written service-level agreements. Users lose a large measure of control by moving to the cloud.
Which of the following terms describes someone who hacks into systems, with permission of the system?s owner, to discover exploitable vulnerabilities and help secure the system?
A) Black box tester
B) White hat hacker
C) Black hat hacker
D) Gray hat hacker
B) White hat hacker
White hat hackers use their skills to assist in securing systems. They are usually penetration testing professionals or ethical hackers.A gray hat hacker uses his or her skills for both good and evil purposes. A black box tester tests a system without any prior knowledge of the network or infrastructure. A black hat hacker uses his or her skills for malicious purposes.
Which of following uses geolocation features to ensure that a mobile device does not leave specific areas of corporate property?
A) Geofencing
B) Geolocation
C) Geotagging
D) Remote management
A) Geofencing
Geofencing is the use of geolocation features to ensure that a mobile device does not leave specific areas of corporate property.Remote management is the overall process of remotely managing and monitoring mobile devices that are used to connect to the corporate infrastructure. Geolocation is the use of a device?s GPS features to determine device location, locate points of interest, and find other useful information. Geotagging is the practice of marking media files, such as pictures and video, with relevant information such as geographic location (using the GPS features of the mobile device) and time. This information can be used by security professionals to track where and how a mobile device has been used.
A virtual LAN (VLAN) does NOT offer which of the following security controls?
A) Allows different security policies to be applied to different hosts
B) Allows physical segmentation of hosts by IP subnet
C) Creates broadcast domains
D) Allows logical segmentation of hosts by IP subnet
B) Allows physical segmentation of hosts by IP subnet
VLANS do not physically segment hosts; they logically segment them. VLANs break up broadcast domains from a single large one into smaller, logically separated ones. VLANS allow different segments to receive different security policies.
Which of the following regulations would guide a healthcare organization to protect the confidentiality of stored patient data adequately?
A) RMF
B) HIPAA
C) Sarbanes-Oxley
D) PCI
B) HIPAA
HIPAA regulates the protection of patient data in the healthcare and health insurance industry.RMF covers the risk management of U.S. Department of Defense systems; Sarbanes-Oxley and PCI are involved with financial data.
Which attack involves sending specially-crafted traffic to a wireless client and an access point?
A) Initialization vector attack
B) Spoofing attack
C) Deauthentication attack
D) Replay attack
C) Deauthentication attack
A deauthentication attack involves sending specially crafted traffic to a wireless client and an access point, in the hopes of causing them to deauthenticate with each other and disconnect.A spoofing attack involves impersonating a wireless client or access point through either its IP or its MAC address. A replay attack involves the reuse of intercepted non-secure credentials to gain access to a system or network. Initialization vector (IV) attacks involve attempting to break WEP keys by targeting their weak IVs.
Which of the following attacks targets relational databases that reside behind Web applications?
A) Directory traversal attack
B) Integer overflow attack
C) SQL injection attack
D) LDAP injection attack
C) SQL injection attack
A SQL injection attack targets relational databases that reside behind Web applications.An LDAP injection attack targets directory services databases, such as those used in X.500 implementations. A directory traversal attack targets non-secure directory structures on the host, such as folder structures. An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.
Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?
A) Mean time to recovery
B) Mean time to failure
C) Mean time between failures
D) Mean time to replace
A) Mean time to recovery
Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from failure.Mean time between failures (MTBF) represents the manufacturer?s best guess (based on historical data) regarding how much time will pass between major failures of that component. This is assuming that more than one failure will occur, which means that the component will be repaired, rather than replaced. The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired. Mean time to replace is not a valid term.
Which of the following processes uses auditing to ensure that users are traced to and held responsible for their actions?
A) Authentication
B) Authorization
C) Auditing
D) Accountability
D) Accountability
Accountability uses auditing to ensure that users are traced to and held responsible for their actions.Authorization is the process of controlling access to resources through methods that include permissions, rights, and privileges. Authentication is the process of validating that a user?s credentials are authentic, after they have presented them through the identification process. Auditing is the process of reviewing logs and other audit trails to determine what actions have been performed on systems and data.
Which of the following is an access control model based upon various access control rules that apply to users, objects, and actions?
A) Metadata table
B) Rule-based access control
C) Access control list
D) Access approval list
B) Rule-based access control
Rule-based access control is an access control model based upon various access control rules that apply to users, objects, and actions.An access control list (ACL) is a physical or logical list that details specific access levels individuals have to access objects. It is also used on network devices to determine which traffic from various users can enter and exit network devices and access internal hosts. Access approval lists and metadata tables are distractors and are not valid terms.
Scott is an outside specialist hired to audit a small, but suddenly fast-growing company. While performing a user audit, Scott notices that one user, Bradley, a sales intern who has worked for this company intermittently for three years, has the following permissions on the network:Member of Sales groupMember of Printer Administrators groupUser name/password on primary company Internet gatewayMember of Domain Admins for the company Active DirectoryShocked, Scott asks around the office how this intern has this level of access? It seems Bradley has substantial tech skills and the IT department gave him access to printers, gateway, and domain controllers so that he “could help with different problems” over the years. This is a classic example of which of the following?
A) Authentication failure
B) Privilege creep
C) Least privilege
D) False acceptance rate (FAR)
B) Privilege creep
Privilege creep. Bradley keeps getting new privileges, yet nothing is turned off.Authentication failure implies something has gone wrong. There has been no failure in authentication. The principle of least privilege means that administrators never give a user account more rights and permissions than is needed for the user to do his or her job. False acceptance rate indicates the level of errors that the system may generate indicating that unauthorized users are identified and authenticated as valid users in a biometric system.
In many cases a load balancer uses which of the following on a client’s browser to maintain session affinity?
A) Session lock
B) Cookies
C) TLS
D) Client-based code
B) Cookies
Cookies are saved and used by load balancers to maintain a connection between a specfic client and a specfic server, i.e. session affinity.TLS is an encryption method and session lock is an imaginary term. Client-based code could be used, but is not common.
Which of the following devices typically makes requests on behalf of internal clients?
A) Switch
B) Proxy
C) Firewall
D) Router
B) Proxy
A proxy is typically not used as a traffic-filtering device based upon port or protocol, but it makes requests on behalf of internal clients.A firewall is a more complex device, most often seen placed behind the border router. A switch does not filter traffic based upon port or protocol, since it works at a lower level in the OSI model. A router should be used as a first-level filtering device, because it has the ability to filter on basic characteristics of traffic such as port and protocol.
Which of the following 802.11 encryption protocols would you implement to provide the strongest encryption for communications across your wireless network?
A) WPA2
B) WPA
C) WEP
D) HTTPS
A) WPA2
WPA2 (Wi-Fi Protected Access version 2) currently provides the strongest available encryption for wireless networks.WPA and WEP are weaker protocols. HTTPS is a secure protocol for connecting on the Web, but not within your own network.
For which of the following should employees receive training to establish how to handle end-of-life and unnecessary data?
A) Clean desk policies
B) Information classification
C) Data disposal
D) Protection of personally identifiable information (PII) on social media
C) Data disposal
Data disposal guidelines explain how different classifications of data should be properly disposed of to ensure that data is not later pieced together or recovered and exploited.Clean desk policies often dictate how sensitive information should be stored after hours and while uncleared visitors are near the area. Protection of personally identifiable information on social media would be part of an organization?s social media policy. An organization?s information classification policy not only outlines what level of security protections certain data receives, but it also serves to instruct employees on how to treat sensitive data.
Which cryptography concept refers to the requirement for a trusted third party that can hold a special key (in addition to your private and public key pair) that is used to decrypt a stored backup copy of the private key if the original is lost?
A) CRL
B) Key escrow
C) Registrar
D) Certificate authority
B) Key escrow
Key escrow involves a third party that holds a special third key in addition to your private and public key pair.A CRL (certificate revocation list) is not valid in this scenario, as certificate authorities and registrars are used during the certificate life cycle to publish digital certificates.
Which of the following types of injections use standardized database interfaces to attack a Web application?
A) SQL injection
B) Relational injection
C) Hierarchical injection
D) MySQL injection
A) SQL injection
SQL injections inesrt unaticipated SQL commands to try to break the application. MySQL is one of many forms of SQL tools. Relational injection and Hierachal injection are nonsense terms.
Which of the following is used in Windows systems to identify a user account?
A) Security identifier (SID)
B) Access control entry (ACE)
C) Group identifier (GID)
D) User identifier (UID)
A) Security identifier (SID)
A security identifier (SID) is an unique number assigned to each individual user account. It?s never used, even when an account is deleted and re-created.Both a UID and GID refer to unique numbers in Linux and UNIX-based systems that identify users and groups. An access control entry (ACE) is a unique entry in an access control list (ACL) that describes a user?s permissions for accessing objects.
Which of the following security controls should be implemented to make sure that users require previous knowledge of the network identifier to join a network?
A) Change the transmitting frequencies
B) Disable SSID broadcasting
C) Add a VLAN
D) Use MAC address filtering
B) Disable SSID broadcasting
Disable Service Set Identifier (SSID) broadcasting if you?re not actively broadcasting your network name. When this control is implemented, a user must know the name of the network before he or she can connect to it.None of these options will control access with regard to the SSID.
Which of the following is a cryptographic representation of text, but not the text itself? (Choose two.)
A) Message digest
B) Plaintext
C) Ciphertext
D) Hash
A) Message digest
D) Hash
A hash or message digest is a cryptographic representation of variable length text, but it is not the text itself.Plaintext is unencrypted text. Ciphertext is a result of the encryption process and is encrypted text.
What type of evidence in a computer forensics investigation directly supports a particular assertion?
A) Inculpatory evidence
B) Demonstrative evidence
C) Documentary evidence
D) Exculpatory evidence
C) Documentary evidence
Documentary evidence directly supports or proves a definitive assertion.Exculpatory evidence proves innocence. Inculpatory evidence proves guilt. Demonstrative evidence, which can be in the form of charts, graphs, drawings, and so forth, is used to help nontechnical people, such as the members of a jury, understand an event.