Pre_Assessment Flashcards
A military installation is evaluating backup solutions for its critical data. This installation operates in a harsh environment that is subjected to heat, humidity, and magnetic fields.
Which physical media should be selected to ensure the integrity of backups is preserved given these harsh operating conditions?
Tape media Optical media Hard drives Flash drives
Opting for flash drives as a backup solution, especially for a military installation operating in harsh conditions, can be justified by several compelling advantages that flash drives offer in terms of durability, portability, and performance.
A university research group wants to collect data on animals that are native to southern Arizona, which is a hot, dry region. They plan to camp in tents for the summer at the edge of a national park and to use optical media to backup photos and research notes.
Which physical or environmental factor may damage their optical media?
Humidity Temperature Magnetic fields Electric shocks
The physical or environmental factor that may damage their optical media in southern Arizona, known for its hot, dry region, is Temperature. High temperatures can warp or otherwise damage optical media such as CDs, DVDs, or Blu-ray discs, affecting the data stored on them.
A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code.
Which type of cryptographic tool should the company use to protect the integrity of its open source applications?
Asymmetric cryptography Block cipher Hash functions Symmetric cryptography
To protect the integrity of its open source applications and ensure that the code has not been tampered with, the company should use Hash functions. Hash functions generate a unique, fixed-size string (hash) from data (in this case, the source code). When users download the application, they can compute the hash of the downloaded code and compare it to the hash provided by the company.
Spear phishing attack
A spear phishing attack is a highly targeted type of phishing scam that aims to steal sensitive information or infect the target’s computer system with malware. Unlike broad phishing campaigns that target large groups of people with a generic message, spear phishing is meticulously crafted to target a specific individual, organization, or business.
While visiting a country in the European Union, an American purchases an expensive bottle of perfume with a credit card.
What does the European Union Directive 95/46/EC regulation safeguard for the purchaser?
Computer fraud and abuse Personally identifiable information Unfair trade practices Right to return goods
The European Union Directive 95/46/EC, often referred to as the Data Protection Directive, safeguards the Personally Identifiable Information (PII) of individuals within the EU.
A company’s website policy states that ”To gain access to the corporate website, each employee must provide a valid user name and password, and then answer one of six security questions accurately.”
Which type of security does the policy address?
Operations
Application
Human element
Physical
Interpret the company’s policy as part of its operational security measures. Operational security (OpSec) encompasses the practices and decisions that manage and protect data assets, focusing on the procedures for handling and accessing data to prevent unauthorized access and ensure confidentiality.
A company wants to update its access control policy. The company wants to prevent hourly employees from logging in to company computers after business hours.
Which type of access control policy should be implemented?
Attribute-based
Mandatory
Discretionary
Physical
The company should implement an Attribute-based Access Control (ABAC) policy. ABAC uses policies that evaluate attributes (or characteristics) of user requests, which can include user attributes (like employee status or role), action attributes (like read or write), and environmental attributes (like time of day).
ICMP
ICMP, or Internet Control Message Protocol, is a network layer protocol used within the Internet Protocol Suite, as defined by RFC 792. It is primarily used by network devices, like routers and switches, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached.
A small IT firm is required to authenticate remote customers who access the firm’s network.
Which protection technique should the IT firm employ to satisfy this requirement?
RAID File encryption Certificates Data encryption
Certificates, specifically digital certificates in the context of IT security, are used to authenticate the identities of users, devices, or servers over a network.
MD5 (Message Digest Algorithm 5)
used for what?
Type: Hash function.
Use: MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value, typically rendered as a 32-character hexadecimal number. It’s used for creating a digital signature for a block of data, offering a way to verify data integrity. However, MD5 is not suitable for encryption or ensuring confidentiality since it’s a one-way function that does not involve keys. It’s considered to be vulnerable and not secure against collision attacks, where two different inputs produce the same output hash.
A company developing and distributing open source applications realizes that attackers are copying the publicly available, open source code and inserting malware into the code.
Which type of cryptographic tool should the company use to protect the integrity of its open source applications?
Asymmetric cryptography Block cipher Hash functions Symmetric cryptography
Hash functions generate a unique, fixed-size string (hash) from data (in this case, the source code). When users download the application, they can compute the hash of the downloaded code and compare it to the hash provided by the company.
What is an example of symmetric key encryption?
AES RSA MD5 ECC
AES (Advanced Encryption Standard). In symmetric key encryption, the same key is used for both encryption and decryption of data.
A military installation is evaluating backup solutions for its critical data. This installation operates in a harsh environment that is subjected to heat, humidity, and magnetic fields.
Which physical media should be selected to ensure the integrity of backups is preserved given these harsh operating conditions?
Tape media Optical media Hard drives Flash drives
Flash drives, also known as USB drives or thumb drives, are based on solid-state technology, which means they have no moving parts. This intrinsic characteristic makes them more durable and reliable than traditional hard drives, which can suffer from mechanical failures. Solid-state technology ensures that flash drives are less susceptible to physical damage from shocks, vibrations, and drops—a crucial advantage in harsh military environments.
While visiting a country in the European Union, an American purchases an expensive bottle of perfume with a credit card.
What does the European Union Directive 95/46/EC regulation safeguard for the purchaser?
Computer fraud and abuse Personally identifiable information Unfair trade practices Right to return good
The European Union Directive 95/46/EC, often referred to as the Data Protection Directive, safeguards the Personally Identifiable Information (PII) of individuals within the EU. This directive was aimed at protecting individuals’ privacy and personal data by regulating the processing of personal data within the European Union. It set the framework for EU member states to protect individuals’ privacy and personal data against misuse or unauthorized access.
