Question set 2 Flashcards

1
Q

Question 1) Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency? A) Succession planning B) Continuity of operations C) Business impact analysis D) Business continuity planning

A

Correct Answer: A) Succession planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question 2) A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks? A) DDos B) Phishing C) Replay D) Smurf

A

Correct Answer: C) Replay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question 3) A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed? A) The request needs to be sent to the revision management team. B) The request needs to be approved through the incident management process. C) The request needs to be approved through the change management process. D) The request needs to be sent to the enterprise management team.

A

Correct Answer: C) The request needs to be approved through the change management process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question 4) Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords? A) EAP-MD5 B) PEAP-MSCHAPv2 C) WEP D) EAP-TLS

A

Correct Answer: B) PEAP-MSCHAPv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question 5) Rebecca a security analyst is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $350. The likelihood that their database would be breached in the next year is only 8%. Which of the following is the ALE that Rebecca should report to management for a security breach? A) $7500 B) $27500 C) $75000 D) $7000

A

Correct Answer: D) $7000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question 6) Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network? A) NIPS on the network B) HIPS on each virtual machine C) NIDS on the network D) HIDS on each virtual machine

A

Correct Answer: B) HIPS on each virtual machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question 7) An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this? A) Change management B) Change control C) User rights reviews D) Least privilege and job rotations

A

Correct Answer: C) User rights reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question 8) Which of the following is a difference between TFTP and FTP? A) TFTP is slower than FTP B) TFTP utilizes UDP and FTP uses TCP C) TFTP is more secure than FTP D) TFTP utilizes TCP and FTP uses UDP

A

Correct Answer: B) TFTP utilizes UDP and FTP uses TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question 9) A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username password and a client side certificate. Additionally the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system? A) 1 B) 2 C) 3 D) 4

A

Correct Answer: C) 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Question 10) A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts? A) Clustering B) Backout contigency plan C) Load balancing D) High availability

A

Correct Answer: D) High availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Question 11) Tom an individual has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described? A) Pharming B) Vishing C) Tailgating D) Phishing

A

Correct Answer: B) Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Question 12) A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host the program infects the phone’s boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program? A) Worm B) Trojan C) Rootkit D) Zero-day

A

Correct Answer: A) Worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Question 13) A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports? A) SSH B) ICMP C) SNMPv3 D) SNMP

A

Correct Answer: C) SNMPv3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Question 14) Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens? A) Kerberos B) TACACS+ C) Smartcards D) Biometrics

A

Correct Answer: B) TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Question 15) Which of the following should Bill a security administrator perform before a hard drive is analyzed with forensics tools? A) Disconnect system from network B) Interview witnesses C) Identify user habits D) Capture system image

A

Correct Answer: D) Capture system image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Question 16) Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file? A) Brute force B) Password sniffing C) Social engineering D) Cognitive password

A

Correct Answer: A) Brute force

17
Q

Question 17) Which of the following is an example of multifactor authentication? A) Username and Password B) Credit card and PIN C) Fingerprint and Retina scan D) Password and PIN

A

Correct Answer: B) Credit card and PIN

18
Q

Question 18) Which of the following is the MOST secure protocol to transfer files? A) FTP B) TELNET C) FTPS D) SSH

A

Correct Answer: C) FTPS

19
Q

Question 19) An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted? A) Command injection B) SQL injection C) LDAP injection D) XSS

A

Correct Answer: C) LDAP injection

20
Q

Question 20) A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario? A) WPA2 B) WPA C) IPv6 D) IPv4

A

Correct Answer: C) IPv6