Security+ 501 Test 2 Flashcards

1
Q

Which of the following can be established in a cloud environment through effective security controls and well-written service-level agreements?

A

Responsibility and Accountability

Accountability and responsibility can be established through effective security controls and well-written service-level agreements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which regulation would guide a healthcare organization to protect the confidentiality of stored patient data adequately?

A

HIPAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which regulation covers the risk management of U.S. Department of Defense systems

A

RMF (Risk Management Framework)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which regulations are involved with financial data?

A

Sarbanes-Oxley and PCI (Payment Card Industry)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of system involves the use of a common authentication system and credentials database that multiple entities use and share.

A

A Federated System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of system shows one party trusts another but not the reverse?

A

One way trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of system shows if entity B trusts entity A and entity C trusts entity B then entity C trusts entity A?

A

.A transitive Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following are usually annoying advertisements that come in the form of pop-up messages in a user’s browser?

A

Adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A (Blank) is a piece of malicious software that must be propagated through a definite user action.

A

Virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A (Blank) is a piece of software that seems to be of value to the user, but in reality, is malware.

A

Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A (Blank) is a script set to execute at a certain time, which is usually created by rogue administrators or disgruntled employees.

A

Logic Bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following requires team members to go through the motions of fulfilling the responsibilities and conducting the activities required during an actual incident or disaster?

A

Walkthrough test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A (blank) is the simplest form of test, in which the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans.

A

Documentation Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In a (Blank), all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently.

A

Full-Scale Test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which is the most common public-private key generation algorithm used in public-key cryptography?

A

RSA (Rivest-Shamir-Adleman)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

(Blank) is a key exchange protocol used in public-key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties.

A

(ECDH) Elliptic Curve Diffie-Hellman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

(blank) is used to generate message digests for plaintext. It is not used in public-key cryptography to exchange keys or establish secure sessions.

A

SHA-2 (Secure Hashing Algorithm - 2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a logging facility found in UNIX and Linux systems?

A

Syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of log management involves collecting logs from across the network into one system and being able to review them as a group.

A

Centralized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

(blank) is a centralized method of obtaining logs and other data from disparate devices across the network.

A

SIEM (Security Information Event Management)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of log management means that logs are managed and reviewed on a host-by-host basis, rather than as a centralized, consolidated group.

A

Decentralized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is it called when someone keeps getting new privileges but nothing ever gets turned off?

A

Privilege Creep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

(Blank) means that administrators never give a user account more rights and permissions than is needed for the user to do his or her job.

A

least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

(Blank) indicates the level of errors that the system may generate indicating that unauthorized users are identified and authenticated as valid users in a biometric system.

A

False acceptance rate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is most appropriate if you have limited external public IP addresses available, but a requirement to share those IP addresses with internal hosts that must connect to the public Internet?

A

NAT firewall

Using network address translation (NAT) in conjunction with a firewall enables you to share one external address with multiple internal hosts that require external addresses for their connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What type of control assists and mitigates the risk an existing control is unable to mitigate?

A

Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What type of control is used to correct a condition when there is either no control at all, or the existing control is ineffective.

A

Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the difference between deterrence and preventative controls?

A

A deterrent control and a preventive control is that it is necessary to have knowledge of the deterrent control for it to work. Users do not need to have knowledge of a preventative control for it to function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What type of attack attempts to send unsolicited ARP messages to a client to add false entries to its ARP cache?

A

ARP Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What type of attack is an attempt to hijack a user’s Web browsing session by stealing cookies or using other network attack methods.

A

Session Hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What solutions allow applications that users can download, install, and execute to be added to a safe list?

A

Whitelisting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

(Blank) involves an administrator adding undesirable or restricted software or applications to a list on content filtering devices, in group policy, or through some other type of mechanisms. This ensures that users are not allowed to download, install, or execute these particular applications.

A

Blacklisting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What security controls should be implemented to make sure that users require previous knowledge of the network identifier to join a network?

A

Disable SSID Broadcasting

broadcasting if you’re not actively broadcasting your network name. When this control is implemented, a user must know the name of the network before he or she can connect to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of following uses geolocation features to ensure that a mobile device does not leave specific areas of corporate property?

A

Geofencing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which type of cloud service is for use by only one organization and is usually hosted by that organization’s infrastructure?

A

private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What type of cloud service is for use by similar organizations or communities, such as universities or hospitals, that need to share common data.

A

Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What type of cloud service is is usually operated by a third-party provider that sells or rents “pieces” of the cloud to different entities, such as small businesses or large corporations.

A

Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

(Blank) can enable users to perform their work via a browser, from anywhere they have Internet connectivity. This can be configured either to allow a local copy along with the cloud copy of the data, or the data can be edited directly within the cloud.

A

Cloud Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

(Blank) allows multiple virtual machines to run on the same piece of hardware.

A

Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Disabling ________ will help prevent security issues caused by having ping and traceroute enabled.

A

ICMP

ICMP is the protocol used by the ping and traceroute utilities for network diagnostics, and it should be disabled unless it’s being used for important purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A virtual LAN (VLAN) does NOT offer which of the following security controls?

  1. Creates Broadcast domains
  2. Allows different security policies to be applied to different hosts
  3. Allows physical segmentation of hosts by IP subnet
  4. Allow logical segmentation of hosts by IP subnet
A

3.Allows physical segmentation of hosts by IP subnet

VLANS do not physically segment hosts; they logically segment them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which of the following processes uses auditing to ensure that users are traced to and held responsible for their actions?

A

Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

(Blank) is the process of controlling access to resources through methods that include permissions, rights, and privileges.

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

(Blank) is the process of validating that a user’s credentials are correct after they have presented them through the identification process.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

(Blank) is the process of reviewing logs and other audit trails to determine what actions have been performed on systems and data.

A

Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which of the following describes a false acceptance rate?

A

Type II error and when an unauthorized user is validated as authorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which of the following technologies enables communication between devices using a beam of light?

A

Infrared

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is normally the job of a senior leader within the incident response team?

A

Notifying and coordinating with senior management and law enforcement officials is normally the job of a senior leader within the incident response team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which of the following fire suppression chemicals widely replaced halon in data center fire suppression systems?

A

Fm-200

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which of the following terms describes someone who hacks into systems, with permission of the system’s owner, to discover exploitable vulnerabilities and help secure the system?

A

White Hat Hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Who is someone that uses his or her skills for both good and evil purposes?

A

Grey Hat Hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

The United States Department of Defense uses a specific form of personal identification verification (PIV) card called?

A

CAC (common access control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

(Blank) is an algorithm used to generate one-time passwords

A

HOTP (HMAC-based one-time password)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following power devices do you install to enable the constant availability of critical servers during a power outage?

A

Generators

55
Q

What is a battery backup used to provide backup power for only a short period of time and are often used to allow a graceful shutdown of less critical systems.

A

UPS

56
Q

Containerization is the process of virtualizing which of the following items?

A

Operating System

57
Q

Which of the following methods will help improve SNMP security?

A

Disable ICMP

58
Q

Which of the following terms describes a security appliance that is usually installed on an individual device, usually as a chip on the system motherboard?

A

TMP (Trusted Module Platform)

59
Q

(Blank) is usually a hardware appliance or standalone device used to provide hardware encryption services for specific hosts.

A

HSM (Hardware Security Module)

60
Q

Which of the following is a non-secure protocol used to copy files to and from Internet-based hosts?

A

FTP (File Transfer Protocol)

61
Q

What is the difference between FTPS and SFTP

A

FTPS uses SSL and SFTP uses SSH

62
Q

(Blank) is a secure copy protocol used to copy files securely to and from a networked host, and it uses SSH.

A

SCP

63
Q

Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?

A

Integer Overflow Attack

64
Q

A (Blank) injection attack targets directory services databases, such as those used in X.500 implementations.

A

DLL Injection

65
Q

What type of attack targets non-secure directory structures on the host, such as folder structures.

A

Directory Traversal

66
Q

What type of evidence is generally in the form of charts, graphs, or drawings to help non-technical people?

A

Demonstrative evidence

67
Q

(Blank) evidence proves innocence.

A

Exculpatory

68
Q

(Blank) evidence proves guilt.

A

Inculpatory

69
Q

(Blank) evidence directly supports or proves a definitive assertion.

A

Documentary

70
Q

Which cryptography concept refers to the requirement for a trusted third party that can hold a special key (in addition to your private and public key pair) that is used to decrypt a stored backup copy of the private key if the original is lost?

A

Key Escrow

71
Q

What is the third step in the incident response life cycle?

A

Containment, eradication, and recovery

72
Q

Which of the following is an access control model based upon various access control rules that apply to users, objects, and actions?

A

Rule-Based

73
Q

Which of the following resides on network devices and filters traffic coming into and out of the device?

A

Access Control List

74
Q

Which of the following tools will help you track down a potential backdoor program allowing access into a host on your network?

A

Protocol Analyzer

75
Q

Which of the following are used to back up files that have changed since the last full backup of a virtual machine? (Choose two.)

A

Differential and Incremental

76
Q

A (Blank) involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.

A

XML injection attack

77
Q

You are the security administrator for a small business. You want to provide your users with the ability to encrypt outbound e-mail messages, but the company cannot afford an expensive encryption solution. Which of the following is the best option?

A

PGP/GPG

78
Q

Which of the following types of injections use standardized database interfaces to attack a Web application?

A

SQL Injection

79
Q

Which attack involves sending specially-crafted traffic to a wireless client and an access point?

A

Deauthentication Attack

80
Q

(Blank) involves impersonating a wireless client or access point through either its IP or its MAC address.

A

Spoofing

81
Q

Which of the following cryptography types do you use when you want to perform a one-time, single-key, encrypted transaction with another company?

A

Symmetric

82
Q

Which of the following forms of authentication uses password hashes and challenge methods to authenticate to the system?

A

CHAP

83
Q

The (Blank) is a modern authentication framework that can use various authentication methods. It also does not pass the user name and password information in clear text.

A

Extensible Authentication Protocol (EAP)

84
Q

Which of the following is the most comprehensive and expensive form of disaster recovery exercise?

A

Full Scale

85
Q

Which mobile device management deployment model uses corporate-owned devices where the corporation dictates the software installation and maintenance actions?

A

COBO (Company Owned Business Only)

86
Q

(Blank) is similar to CYOD, but employees are limited to installing only white-listed apps.

A

Company-issued, personally-enabled (COPE)

87
Q

(Blank) means the organization retains ownership, but employeess may install personal apps on the device.

A

Choose your own device (CYOD)

88
Q

Which of the following is a non-secure client-side e-mail protocol that uses TCP port 110?

A

POP3

89
Q

You’ve discovered that a number of systems within your network have become infected with malware; it’s believed that all the affected users visited a common site during the previous week. What type of attack would this likely be?

A

Watering Hole Attack

90
Q

Which of the following methods of enhancing security between hosts involves generating and exchanging asymmetric keys within a particular communication session?

A

Key Exchange

91
Q

Which of the following is a cryptographic representation of text, but not the text itself? (Choose two.)

A

Hash and Message Digest

92
Q

Which of the following is a port-based authentication method?

A

802.11X

93
Q

Which of the following is a rogue wireless access point set up to be nearly identical to a legitimate access point?

A

Evil Twin

94
Q

Which of the following is used in Windows systems to identify a user account?

A

SID (Security Identifier)

95
Q

Which of the following are characteristics of hashing? (Choose all that apply.)

  1. Hashing can be used to protect data integrity
  2. Hashes are decrypted using the same algorithm that encrypted them
  3. Hashes produce fixed-length digests for variable length text
  4. Hashes are cryptographic representations of plaintext
A
  1. Hashing can be used to protect data integrity
  2. Hashes produce fixed-length digests for variable length text
  3. Hashes are cryptographic representations of plaintext
96
Q

Which of the following desired attributes would make an organization most likely to move to a cloud provider?

A

Availability

97
Q

Which type of network intrusion detection system uses defined rule sets to determine when attacks may be occurring?

A

Rule-Based

98
Q

Which of the following answers best describes the one major advantage of TACACS+ over RADIUS?

A

TACACS+ encrypts everything

99
Q

Which of the following devices typically makes requests on behalf of internal clients?

A

Proxy

100
Q

Which of the following access control models uses labels and security clearances to grant access to objects?

A

Mandatory Access Control

101
Q

If a person does not know a control exists, and this control keeps her from performing a malicious act, what type of control would this be classified as?

A

Preventative

102
Q

Which of the following refers to the use of several different factors to authenticate to a system?

A

Multifactor authentication

103
Q

Which of the following is a legacy wireless encryption protocol that uses the RC4 streaming protocol?

A

WEP (Wireless Equalivant Privacy)

104
Q

Which of the following attacks targets relational databases that reside behind Web applications?

A

A SQL injection

105
Q

Before information is converted to an unreadable state using cryptography, in what form is the information?

A

Plaintext

106
Q

Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?

A

Mean time to recovery (MTTR

107
Q

(Blank) represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component. This is assuming that more than one failure will occur, which means that the component will be repaired, rather than replaced.

A

Mean time between failures (MTBF)

108
Q

(blank) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired.

A

Mean time to failure (MTTF)

109
Q

The corporate IT manager wants you to implement a process that will allow administrators to restrict users from installing and executing certain applications on their mobile devices. Which of the following meets those goals?

A

Blacklisting

110
Q

Which of the following terms describes someone who hacks into a system for malicious purposes, without permission from the system’s owner, and shares the system hacking information with others?

A

Black Hat Hacker

111
Q

Which of the following cannot identify patterns alone and requires other data and event sources to identify trends and patterns?

A

Log Analysis

112
Q

(Blank) involves looking at data from various sources, including device logs, to identify patterns over a period of time

A

Trend Analysis

113
Q

Which of the following terms represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of a component produced by that manufacturer?

A

Mean time between failures (MTBF)

114
Q

Which of the following is a software or a hardware appliance responsible for balancing user requests and network traffic among several different physical or virtualized hosts?

A

Load Balancer

115
Q

Type the command to create an ACL entry that you would use to create an access rule on your router to prevent any telnet traffic from passing through to the destination network 192.168.21.0.

A

Deny source all destination 192.168.21.0 tcp port 23

116
Q

Which of the following methods involves sending individual characters of the key through an algorithm and using a mathematical XOR function to change the output?

A

Key Streaming

117
Q

Which of the following is a key negotiation and agreement protocol used in public key cryptography?

A

DHE (Diffie Hellman Exchange)

118
Q

(Blank) is a public key cryptography protocol used on small mobile devices because of its low power and computing requirements.

A

Elliptic curve cryptography (ECC)

119
Q

Which of the following 802.11 encryption protocols would you implement to provide the strongest encryption for communications across your wireless network?

A

WPA2

120
Q

A password is an example of which of the following authentication factors?

A

Something you know

121
Q

Which of the following policy settings enforces the use of longer password lengths and character spaces to increase password strength?

A

Password Complexity

122
Q

During which type of assessment would penetration testers not have any knowledge about the network, while defenders are aware of their presence? (Choose two.)

A

Blind Test and Black Box

123
Q

Which of the following is a variant of a phishing attack that targets a particular type of user and includes specific information?

A

Spear phishing

124
Q

Which type of assessment looks at events that could exploit vulnerabilities?

A

Threat Assesment

125
Q

A (Blank) looks for weaknesses in systems.

A

vulnerability assessment

126
Q

A (Blank) is a combination of assessments and is designed to assess factors, including likelihood and impact that affect an asset.

A

risk assessment

127
Q

A (Blank) attempts to exploit actual vulnerabilities found within the systems.

A

penetration test

128
Q

In many cases a load balancer uses which of the following on a client’s browser to maintain session affinity?

A

Cookies

129
Q

What type of evidence in a computer forensics investigation directly supports a particular assertion?

A

Documentary evidence

130
Q

Marisol needs to interconnect multiple VLANs in her production environment. Which of the following network devices would best address this issue?

A

Layer 3 Switch

A layer 3 switch supports inter VLAN routing to interconnect disparate VLANs.

131
Q

A (Blank) could interconnect two VLANs, but this would take substantial configuration.

A

Router

132
Q

What is a Layer 2 Switch?

A

A layer 2 switch could interconnect VLAN via trunk ports, but only to interconnect to other layer 2 switches.

133
Q

Mike has five Linux systems that need access to a shared folder with Windows file server that’s part of an Active (AD) domain. What can he do to give these systems access to the shared resource? (Choose two)

  1. Install and configure SAMBA on the Linux systems to access the AD
  2. Create new local users on the domain controller
  3. Create user groups on all the Linux systems
  4. Configure access to the resource on the file server
A
  1. Install and configure SAMBA on the Linux systems to access the AD
  2. Configure access to the resource on the file server