Random Flashcards
Which device operates at Layer 2 of the OSI model?
A. Hub
B. Firewall
C. Switch
D. Router
C.
A switch operates at layer 2 (data link layer) of the OSI model.
Which wireless security protocol is also known as the RSN (Robust Security Network), and implements the full 802.11i standard?
A. AES
B. WEP
C. WPA
D. WPA2
D.
WPA2 (Wi-Fi Protected Access 2) is also known as RSN (Robust Security Network) because it fully implements the IEEE 802.11i standard. It uses AES (Advanced Encryption Standard) for strong encryption and provides enhanced security over its predecessor, WPA.
Server A trusts server B. Server B trusts Server C. Server A therefore trusts server C. What term describes this trust relationship?
A. Domain trust
B. Forest trust
C. Non-transitive trust
D. Transitive Trust
D.
A transitive trust means that if Server A trusts Server B, and Server B trusts Server C, then Server A automatically trusts Server C. This type of trust relationship extends trust dynamically through a chain of trusted entities.
What technique will increase the accuracy of fingerprint scanning system?
A. Decrease the amount of minutiae that is verified
B. Increase the amount of minutiae that is verified
C. Lengthen the enrollment time
D. Lower the throughput time
B. Increase the amount of minutiae that is verified
A fingerprint scanning system relies on minutiae points (unique ridge characteristics such as bifurcations and ridge endings) to verify an individual’s identity. Increasing the number of minutiae points analyzed enhances the accuracy by reducing the chances of false positives (incorrect matches) and false negatives (missed matches).
Why Not the Others?
A. Decrease the amount of minutiae that is verified – Reducing minutiae points lowers accuracy and increases the risk of false matches.
C. Lengthen the enrollment time – While proper enrollment is crucial, increasing enrollment time alone doesn’t necessarily improve accuracy.
D. Lower the throughput time – Lowering throughput time (time taken to process a fingerprint) may improve speed, but it does not directly enhance accuracy.
What term describes a holistic approach for determining the effectiveness of access control, and has a broad scope?
A. Security assessment
B. Security audit
C. Penetration test
D. Vulnerability assessment
A. Security Assessment
A security assessment is a holistic approach for evaluating the effectiveness of access control and other security measures. It covers a broad scope, including policies, procedures, technical controls, and compliance with security standards.
You are the CISO of a large bank and have hired a company to provide an overall security assessment, and also provide a penetration test of your organization. Your goal is to determine overall information security effectiveness. You are specifically interested in determining if theft of financial data is possible.
Your bank has recently deployed a custom-developed three-tier web application that allows customers to check balances, make transfers, and deposit checks by taking a photo with their smartphone and then uploading the check image. In addition to a traditional browser interface, your company has developed a smartphone app for both Apple iOS and Android devices.
The contract has been signed, and both scope and rules of engagement have been agreed upon. A 24/7 operational IT contact at the bank has been made available in case of any unexpected developments during the penetration test, including potential accidental disruption of services.
Assuming the penetration test is successful, what is the best way for the penetration testing firm to demonstrate the risk of theft of financial data?
A. Instruct the penetration testing team to conduct a thorough vulnerability assessment of the server containing financial data
B. Instruct the penetration testing team to download financial data, redact it, and report accordingly
C. Instruct the penetration testing team that they may only download financial data via an encrypted and authenticated channel
D. Place a harmless “flag” file in the same location as the financial data, and inform the penetration testing team to download the flag
D. Place a harmless “flag” file in the same location as the financial data, and inform the penetration testing team to download the flag
Explanation:
The best way to demonstrate the risk of theft without violating legal, ethical, or regulatory constraints is to place a harmless “flag” file in the same protected location as the financial data. If the penetration testers can successfully access and exfiltrate the flag file, it proves that an attacker could potentially access financial data, without actually exposing sensitive customer information.
Why Not the Others?
A. Conduct a thorough vulnerability assessment – While a vulnerability assessment helps identify weaknesses, it does not actively demonstrate data theft in the way a penetration test does.
B. Download financial data, redact it, and report accordingly – Downloading actual financial data is unethical, illegal, and violates data privacy regulations (e.g., PCI DSS, GDPR, and GLBA). Even redacted, this poses unnecessary risk.
C. Download financial data via an encrypted and authenticated channel – While encryption and authentication improve security, the act of downloading real financial data is still unethical and legally risky.
What type of backup is obtained during the Response (aka Containment) phase of Incident Response?
A. Incremental
B. Full
C. Differential
D. Binary
D. Binary
During the Response (Containment) phase of Incident Response, a binary backup (forensic backup or bit-by-bit copy) is obtained. This type of backup captures an exact replica of the system, including active files, deleted files, and unallocated space, ensuring that forensic investigators can analyze the system without altering its state.
Adversaries targeting your organization have created a custom maliciously crafted document and emailed it to a user within your organization. Which control is most likely to aid the organization in identifying this targeted attack?
A. Antimalware
B. Next Generation Firewall (NGFW)
C. Sandboxing
D. User and Entity Behavior Analytics (UEBA)
C. Sandboxing
Sandboxing is the best control to identify a custom maliciously crafted document because it executes the file in an isolated environment to analyze its behavior before allowing it to run on the user’s system. If the document attempts malicious actions (e.g., executing macros, dropping malware, or exploiting vulnerabilities), the sandbox will detect and flag it.
Which software design methodology uses paired programmers?
A. Agile
B. Extreme Programming (XP)
C. Sashimi
D. Scrum
B. Extreme Programming (XP)
Explanation:
Extreme Programming (XP) is a software development methodology that emphasizes paired programming, where two developers work together at the same workstation. One writes the code (driver), while the other reviews each line as it’s written (observer or navigator). This technique improves code quality, reduces bugs, and enhances collaboration.
Why Not the Others?
A. Agile – Agile is a broad methodology that includes various frameworks (like XP, Scrum, and Kanban). While XP is part of Agile, Agile itself does not specifically mandate pair programming.
C. Sashimi – A variation of the Waterfall model, where phases slightly overlap. It does not include pair programming.
D. Scrum – A popular Agile framework focused on iterative development with sprints and stand-up meetings, but it does not specifically require paired programming.
Which form of Artificial Intelligence uses a knowledge base and an inference engine?
A. Artificial Neural Network (ANN)
B. Bayesian Filtering
C. Expert System
D. Genetic Algorithm
C. Expert System
Explanation:
An Expert System is a form of Artificial Intelligence (AI) that uses:
A Knowledge Base – A structured database of facts and rules, representing expert knowledge in a particular domain.
An Inference Engine – A reasoning mechanism that applies logical rules to the knowledge base to draw conclusions or solve problems.
Expert systems are commonly used in medical diagnosis, troubleshooting, and decision support systems.
Why Not the Others?
A. Artificial Neural Network (ANN) – Uses layers of neurons to learn patterns from data but does not rely on a predefined knowledge base or inference engine.
B. Bayesian Filtering – Uses probabilistic models (Bayesian probability) to filter data, such as detecting spam emails, but does not use a traditional knowledge base.
D. Genetic Algorithm – Based on evolutionary computation, mimicking natural selection to optimize solutions, but does not use inference engines.
What is an agile method that automates system administration tasks, including server deployment and configuration management?
A. Software Configuration Management (SCM)
B. Security Orchestration, Automation, and Response (SOAR)
C. Continuous Integration and Continuous Delivery (CI/CD)
D. Integrated Development Environment (IDE)
A. Software Configuration Management (SCM)
Explanation:
Software Configuration Management (SCM) is an Agile method that automates system administration tasks, including server deployment, configuration management, and version control. SCM tools, such as Ansible, Puppet, and Chef, help ensure that system configurations are consistent, reproducible, and easily manageable across multiple environments.
Why Not the Others?
B. Security Orchestration, Automation, and Response (SOAR) – SOAR automates security workflows (e.g., incident response, threat intelligence), but it is not focused on server deployment or configuration management.
C. Continuous Integration and Continuous Delivery (CI/CD) – CI/CD focuses on automating software build, testing, and deployment in development pipelines, but it does not handle system administration tasks like server configuration.
D. Integrated Development Environment (IDE) – An IDE is a software suite for writing and debugging code (e.g., VS Code, IntelliJ), but it does not handle system administration or automation.
What type of database language is used to create, modify, and delete tables?
A. Data Definition Language (DDL)
B. Data Manipulation Language (DML)
C. Database Management System (DBMS)
D. Structured Query Language (SQL)
A. Data Definition Language (DDL)
Explanation:
Data Definition Language (DDL) is a type of database language used to create, modify, and delete database structures such as tables, indexes, and schemas. Common DDL commands include:
CREATE – Creates a new table or database object
ALTER – Modifies an existing table (e.g., adding or removing columns)
DROP – Deletes a table or database object
TRUNCATE – Removes all records from a table but keeps its structure
Why Not the Others?
B. Data Manipulation Language (DML) – Used to insert, update, delete, and query data within tables, but it does not modify database structures. Example commands: SELECT, INSERT, UPDATE, DELETE.
C. Database Management System (DBMS) – Refers to the software (e.g., MySQL, PostgreSQL, SQL Server) that manages databases, but it is not a database language itself.
D. Structured Query Language (SQL) – SQL is a broad database language that includes both DDL and DML but is not specifically a type of language.
A database contains an entry with an empty primary key. Which database concept has been violated?
A. Entity Integrity
B. Normalization
C. Referential Integrity
D. Semantic Integrity
A. Entity Integrity
Explanation:
Entity Integrity ensures that every table has a unique and non-null primary key so that each record can be uniquely identified. If a database entry has an empty (NULL) primary key, this rule is violated, as a primary key must always have a value.
Why Not the Others?
B. Normalization – Normalization is a database design process that reduces redundancy and organizes data efficiently. While normalization helps maintain integrity, it does not directly relate to empty primary keys.
C. Referential Integrity – Ensures that foreign keys correctly reference primary keys in other tables. An empty primary key does not directly violate referential integrity, unless it is referenced by a foreign key.
D. Semantic Integrity – Ensures data consistency and logical correctness based on predefined rules (e.g., age cannot be negative). While a NULL primary key is an error, it is more specifically a violation of Entity Integrity.
Which language allows CORBA (Common Object Request Broker Architecture) objects to communicate via a message interface?
A. Distributed Component Object Model (DCOM)
B. Interface Definition Language (IDL)
C. Object Linking and Embedding (OLE)
D. Object Management Guidelines (OMG)
B. Interface Definition Language (IDL)
Explanation:
Interface Definition Language (IDL) is used in CORBA (Common Object Request Broker Architecture) to define the interfaces that objects use to communicate, regardless of programming language or platform. CORBA enables distributed systems to interact seamlessly, and IDL serves as a bridge between different languages (e.g., C++, Java, Python).
Why Not the Others?
A. Distributed Component Object Model (DCOM) – A Microsoft technology for Windows-based distributed computing, but it is not used in CORBA.
C. Object Linking and Embedding (OLE) – A Microsoft framework for embedding and linking documents, unrelated to CORBA messaging.
D. Object Management Guidelines (OMG) – This is incorrect because OMG (Object Management Group) is the organization that developed CORBA, but it is not a language.
