SEC+ Revision Questions Introduction to Security Termonology Flashcards
Your company issues smartphones to employees for business use. Corporate policy dictates that all data stored on smartphones must be encrypted. To which fundamental security concept does this apply?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
Confidentiality
You are the network administrator for your company. Your manager has asked you to evaluate cloud backup solutions for remote branch offices. To which fundamental security concept does this apply?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
Availability
Your company requires all desktop computers to run a malware detection program twice daily. You configure your network so that only the specific digital version of the executable program that you specify is allowed to run. To which fundamental security concept does this apply?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
Integrity
You store personal documents and spreadsheets with a cloud provider. You would like your data to be available only to people having a special unlock key. What should you apply to your documents and spreadsheets?
A. File permissions
B. File hashing
C. File backup
D. File encryption
File encryption
You would like to send a confidential message to a family member through e-mail, but you have no way of encrypting the message. What alternative method would allow you to achieve your goal?
A. PKI
B. File hashing
C. Steganography
D. File permissions
Steganography
A corporate security policy emphasizes data confidentiality, and you must configure computing devices accordingly. What should you do? (Choose two.)
A. Install smartcard readers so users can identify themselves before sending important e-mail messages.
B. Enforce SD card encryption on smartphones issued to employees.
C. Configure a server failover cluster to ensure sensitive documents are always available.
D. Set file and folder permissions to control user file access.
Enforce SD card encryption on smartphones issued to employees
Set file and folder permissions to control user file access
Michel, an IT security expert, grants permissions to folders on a file server to allow Marketing users to modify Marketing documents. Which information security goal has been satisfied?
A. Confidentiality
B. Integrity
C. Availability
D. Safety
Confidentiality
You need to implement a solution that ensures data stored on a USB removable drive has not been tampered with. What should you implement?
A. File encryption
B. Steganography
C. File backup
D. File hashing
File hashing
Ana must send an important e-mail message to Glen, the director of Human Resources (HR). Corporate policy states that messages to HR must be digitally signed. Which of the following statements is correct?
A. Ana’s public key is used to create the digital signature.
B. Ana’s public key is used to verify the digital signature.
C. Glen’s private key is used to create the digital signature.
D. Glen’s private key is used to verify the digital signature.
Ana’s public key is used to verify the digital signature.
John is issuing a digital certificate for Carolyn’s computer. What can the certificate be used for? (Choose two.)
A. Setting permissions on sensitive files
B. Encrypting sensitive files
C. Verifying the computer’s identity to secure servers
D. Sending encrypted e-mail messages
Encrypting sensitive files
Verifying the computer’s identity to secure servers
Every month, Gene downloads and tests the latest software patches before applying them to production smart phones. To which security goal does this example apply?
A. Confidentiality
B. Integrity
C. Availability
D. Safety
Availability
You are evaluating public cloud-based e-mail hosting solutions. All vendors state that multiple servers are always running to ensure available mailboxes. What is this an example of?
A. Clustering
B. Steganography
C. Digital mailbox signatures
D. Mailbox duplicity
Clustering
Your network allows only trusted scripts to run on managed devices. You write a script that must run on all managed devices. What must you do? Place the following correct steps in proper order. (Choose three.)
A. Obtain a trusted digital certificate and install it on your computer.
B. Export the private key from your digital certificate to all managed devices.
C. Create the script.
D. Digitally sign the script.
Obtain a trusted digital certificate and install it on your computer.
Create the script.
Digitally sign the script.
Which of the following is depicted in Figure 2-1?
A. Authentication
B. Authorization
C. Nonrepudiation
D. Identification
Identification
You are the server administrator for your company. You are configuring disk storage as shown in Figure 2-2. To which of the following security controls does your disk configuration apply?
A. Nonrepudiation
B. Clustering
C. Fault tolerance
D. Hashing
Fault tolerance
- You would like to track the modification of sensitive trade secret files. What should you implement?
A. Auditing
B. Encryption
C. File hashing
D. Disk mirroring
Auditing
- Which party determines how data labels are assigned?
A. Custodian
B. Owner
C. Server administrator
D. Human Resources department
Owner
Which of the following organizes the appropriate identification methods from least secure to most secure?
A. Smartcard, retinal scan, password
B. Retinal scan, password, smartcard
C. Username and password, smartcard, retinal scan
D. ACL, username and password, retinal scan
Username and password, smartcard, retinal scan
You are explaining how the corporate file auditing policy will work to a new IT employee. Place the following items in the correct order: C ,B ,A , and D .
A. A user opens a file, modifies the contents, and then saves the file.
B. A server validates a correct username and password combination.
C. A user provides a username and password at a logon screen.
D. The file activity generated by the user is logged.
A user provides a username and password at a logon screen.
A server validates a correct username and password combination.
A user opens a file, modifies the contents, and then saves the file.
The file activity generated by the user is logged.
(c, b, a, d)
Your manager has asked you to implement a solution that will prevent users from viewing inappropriate websites. Which solution should you employ?
A. Router ACLs
B. Web site permissions
C. Proxy server
D. Digital certificates
Proxy server
Trinity uses her building access card to enter a work facility after hours. She has access to only the second floor. What is this an example of?
A. Authorization
B. Authentication
C. Accountability
D. Confidentiality
Authorization
Sean is capturing Wi-Fi network traffic using a packet analyzer and is able to read the contents of network transmissions. What can be done to keep network transmissions private?
A. Install digital certificates on each transmitting device.
B. Set a strong administrator password for the Wi-Fi router.
C. Use smartcard authentication.
D. Encrypt the Wi-Fi traffic.
Encrypt the Wi-Fi traffic.
Which security mechanisms can be used for the purpose of nonrepudiation? (Choose two.)
A. Encryption
B. Clustering
C. Auditing
D. Digital signatures
Auditing
Digital signatures
You are the network administrator for a pharmaceutical firm. Last month, the company hired a third party to conduct a security audit. From the audit findings, you learn that customers’ confidential medical data is not properly secured. Which security concept has been ignored in this case?
A. Due diligence
B. Due care
C. Due process
D. Separation of duties
Due care
Which of the following are the best examples of the Custodian security role? (Choose three.)
A. Human Resources department employee
B. Server backup operator
C. CEO
D. Law enforcement employee responsible for signing out evidence
E. Sales executive
Human Resources department employee
Server backup operator
Law enforcement employee responsible for signing out evidence
Franco, an accountant, accesses a shared network folder containing travel expense documents to which he has read and write access. What is this an example of?
A. Privilege escalation
B. Due care
C. Authorization
D. Authentication
Authorization
A large corporation requires new employees to present a driver’s license and passport to a security officer before receiving a company-issued laptop. Which security principle does this map to?
A. Authorization
B. Confidentiality
C. Identification
D. Custodian
Identification
Choose the best example of authentication from the following:
A. Each morning a network administrator visits various websites looking for the newest Windows Server vulnerabilities.
B. Before two systems communicate with one another across a network, they exchange PKI certificates to ensure they share a common ancestor.
C. A file server has two power supplies in case one fails.
D. An application has some unintended behavior that could allow a malicious user to write to the Windows registry.
Before two systems communicate with one another across a network, they exchange PKI certificates to ensure they share a common ancestor.
Raylee is the new network administrator for a legal firm. She studies the existing file server folder structures and permissions and quickly realizes the previous administrator did not properly secure legal documents in these folders. She sets the appropriate file and folder permissions to ensure only the appropriate users can access the data, based on corporate policy. What security role has Raylee undertaken?
A. Custodian
B. Data owner
C. User
D. Power user
Custodian
From the following list, which best describes authentication?
A. Logging in to a TFTP server with a username and password
B. Using a username, password, and token card to connect to the corporate VPN
C. Checking corporate webmail on a secured website at http://owa.acme.com after supplying credentials
D. Copying files from a server to a USB flash drive
Using a username, password, and token card to connect to the corporate VPN
While experimenting with various server network configurations, you discover an unknown weakness in the server operating system that could allow a remote attacker to connect to the server with administrative privileges. What have you discovered?
A. Exploit
B. Bug
C. Vulnerability
D. Denial of service
Vulnerability
Sean is a security consultant and has been hired to perform a network penetration test against his client’s network. Sean’s role is best described as:
A. White-hat hacker
B. Black-hat hacker
C. Gray-hat hacker
D. Purple-hat hacker
White-hat hacker
Which of the following are classified as availability solutions? (Choose two.)
A. Auditing
B. RAID
C. File server backups
D. Smartcard authentication
RAID
File server backups
You are reviewing document security on your private cloud document server. You notice employees in the Sales department have been given full permissions to all project documents. Sales personnel should have only read permissions to all project documents. Which security principle has been violated?
A. Separation of duties
B. Least privilege
C. Job rotation
D. Integrity
Least privilege
