Security+ 501 Test 2 Flashcards
Which of the following can be established in a cloud environment through effective security controls and well-written service-level agreements?
Responsibility and Accountability
Accountability and responsibility can be established through effective security controls and well-written service-level agreements.
Which regulation would guide a healthcare organization to protect the confidentiality of stored patient data adequately?
HIPAA
Which regulation covers the risk management of U.S. Department of Defense systems
RMF (Risk Management Framework)
Which regulations are involved with financial data?
Sarbanes-Oxley and PCI (Payment Card Industry)
What type of system involves the use of a common authentication system and credentials database that multiple entities use and share.
A Federated System
What type of system shows one party trusts another but not the reverse?
One way trust
What type of system shows if entity B trusts entity A and entity C trusts entity B then entity C trusts entity A?
.A transitive Trust
Which of the following are usually annoying advertisements that come in the form of pop-up messages in a user’s browser?
Adware
A (Blank) is a piece of malicious software that must be propagated through a definite user action.
Virus
A (Blank) is a piece of software that seems to be of value to the user, but in reality, is malware.
Trojan
A (Blank) is a script set to execute at a certain time, which is usually created by rogue administrators or disgruntled employees.
Logic Bomb
Which of the following requires team members to go through the motions of fulfilling the responsibilities and conducting the activities required during an actual incident or disaster?
Walkthrough test
A (blank) is the simplest form of test, in which the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans.
Documentation Review
In a (Blank), all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently.
Full-Scale Test
Which is the most common public-private key generation algorithm used in public-key cryptography?
RSA (Rivest-Shamir-Adleman)
(Blank) is a key exchange protocol used in public-key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties.
(ECDH) Elliptic Curve Diffie-Hellman
(blank) is used to generate message digests for plaintext. It is not used in public-key cryptography to exchange keys or establish secure sessions.
SHA-2 (Secure Hashing Algorithm - 2)
What is a logging facility found in UNIX and Linux systems?
Syslog
What type of log management involves collecting logs from across the network into one system and being able to review them as a group.
Centralized
(blank) is a centralized method of obtaining logs and other data from disparate devices across the network.
SIEM (Security Information Event Management)
What type of log management means that logs are managed and reviewed on a host-by-host basis, rather than as a centralized, consolidated group.
Decentralized
What is it called when someone keeps getting new privileges but nothing ever gets turned off?
Privilege Creep
(Blank) means that administrators never give a user account more rights and permissions than is needed for the user to do his or her job.
least privilege
(Blank) indicates the level of errors that the system may generate indicating that unauthorized users are identified and authenticated as valid users in a biometric system.
False acceptance rate
Which of the following is most appropriate if you have limited external public IP addresses available, but a requirement to share those IP addresses with internal hosts that must connect to the public Internet?
NAT firewall
Using network address translation (NAT) in conjunction with a firewall enables you to share one external address with multiple internal hosts that require external addresses for their connectivity.
What type of control assists and mitigates the risk an existing control is unable to mitigate?
Compensating
What type of control is used to correct a condition when there is either no control at all, or the existing control is ineffective.
Corrective
What is the difference between deterrence and preventative controls?
A deterrent control and a preventive control is that it is necessary to have knowledge of the deterrent control for it to work. Users do not need to have knowledge of a preventative control for it to function.
What type of attack attempts to send unsolicited ARP messages to a client to add false entries to its ARP cache?
ARP Poisoning
What type of attack is an attempt to hijack a user’s Web browsing session by stealing cookies or using other network attack methods.
Session Hijacking
What solutions allow applications that users can download, install, and execute to be added to a safe list?
Whitelisting
(Blank) involves an administrator adding undesirable or restricted software or applications to a list on content filtering devices, in group policy, or through some other type of mechanisms. This ensures that users are not allowed to download, install, or execute these particular applications.
Blacklisting
What security controls should be implemented to make sure that users require previous knowledge of the network identifier to join a network?
Disable SSID Broadcasting
broadcasting if you’re not actively broadcasting your network name. When this control is implemented, a user must know the name of the network before he or she can connect to it.
Which of following uses geolocation features to ensure that a mobile device does not leave specific areas of corporate property?
Geofencing
Which type of cloud service is for use by only one organization and is usually hosted by that organization’s infrastructure?
private
What type of cloud service is for use by similar organizations or communities, such as universities or hospitals, that need to share common data.
Community
What type of cloud service is is usually operated by a third-party provider that sells or rents “pieces” of the cloud to different entities, such as small businesses or large corporations.
Public
(Blank) can enable users to perform their work via a browser, from anywhere they have Internet connectivity. This can be configured either to allow a local copy along with the cloud copy of the data, or the data can be edited directly within the cloud.
Cloud Services
(Blank) allows multiple virtual machines to run on the same piece of hardware.
Virtualization
Disabling ________ will help prevent security issues caused by having ping and traceroute enabled.
ICMP
ICMP is the protocol used by the ping and traceroute utilities for network diagnostics, and it should be disabled unless it’s being used for important purposes.
A virtual LAN (VLAN) does NOT offer which of the following security controls?
- Creates Broadcast domains
- Allows different security policies to be applied to different hosts
- Allows physical segmentation of hosts by IP subnet
- Allow logical segmentation of hosts by IP subnet
3.Allows physical segmentation of hosts by IP subnet
VLANS do not physically segment hosts; they logically segment them.
Which of the following processes uses auditing to ensure that users are traced to and held responsible for their actions?
Accountability
(Blank) is the process of controlling access to resources through methods that include permissions, rights, and privileges.
Authorization
(Blank) is the process of validating that a user’s credentials are correct after they have presented them through the identification process.
Authentication
(Blank) is the process of reviewing logs and other audit trails to determine what actions have been performed on systems and data.
Auditing
Which of the following describes a false acceptance rate?
Type II error and when an unauthorized user is validated as authorized
Which of the following technologies enables communication between devices using a beam of light?
Infrared
What is normally the job of a senior leader within the incident response team?
Notifying and coordinating with senior management and law enforcement officials is normally the job of a senior leader within the incident response team.
Which of the following fire suppression chemicals widely replaced halon in data center fire suppression systems?
Fm-200
Which of the following terms describes someone who hacks into systems, with permission of the system’s owner, to discover exploitable vulnerabilities and help secure the system?
White Hat Hacker
Who is someone that uses his or her skills for both good and evil purposes?
Grey Hat Hacker
The United States Department of Defense uses a specific form of personal identification verification (PIV) card called?
CAC (common access control)
(Blank) is an algorithm used to generate one-time passwords
HOTP (HMAC-based one-time password)
Which of the following power devices do you install to enable the constant availability of critical servers during a power outage?
Generators
What is a battery backup used to provide backup power for only a short period of time and are often used to allow a graceful shutdown of less critical systems.
UPS
Containerization is the process of virtualizing which of the following items?
Operating System
Which of the following methods will help improve SNMP security?
Disable ICMP
Which of the following terms describes a security appliance that is usually installed on an individual device, usually as a chip on the system motherboard?
TMP (Trusted Module Platform)
(Blank) is usually a hardware appliance or standalone device used to provide hardware encryption services for specific hosts.
HSM (Hardware Security Module)
Which of the following is a non-secure protocol used to copy files to and from Internet-based hosts?
FTP (File Transfer Protocol)
What is the difference between FTPS and SFTP
FTPS uses SSL and SFTP uses SSH
(Blank) is a secure copy protocol used to copy files securely to and from a networked host, and it uses SSH.
SCP
Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?
Integer Overflow Attack
A (Blank) injection attack targets directory services databases, such as those used in X.500 implementations.
DLL Injection
What type of attack targets non-secure directory structures on the host, such as folder structures.
Directory Traversal
What type of evidence is generally in the form of charts, graphs, or drawings to help non-technical people?
Demonstrative evidence
(Blank) evidence proves innocence.
Exculpatory
(Blank) evidence proves guilt.
Inculpatory
(Blank) evidence directly supports or proves a definitive assertion.
Documentary
Which cryptography concept refers to the requirement for a trusted third party that can hold a special key (in addition to your private and public key pair) that is used to decrypt a stored backup copy of the private key if the original is lost?
Key Escrow
What is the third step in the incident response life cycle?
Containment, eradication, and recovery
Which of the following is an access control model based upon various access control rules that apply to users, objects, and actions?
Rule-Based
Which of the following resides on network devices and filters traffic coming into and out of the device?
Access Control List
Which of the following tools will help you track down a potential backdoor program allowing access into a host on your network?
Protocol Analyzer
Which of the following are used to back up files that have changed since the last full backup of a virtual machine? (Choose two.)
Differential and Incremental
A (Blank) involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.
XML injection attack
You are the security administrator for a small business. You want to provide your users with the ability to encrypt outbound e-mail messages, but the company cannot afford an expensive encryption solution. Which of the following is the best option?
PGP/GPG
Which of the following types of injections use standardized database interfaces to attack a Web application?
SQL Injection
Which attack involves sending specially-crafted traffic to a wireless client and an access point?
Deauthentication Attack
(Blank) involves impersonating a wireless client or access point through either its IP or its MAC address.
Spoofing
Which of the following cryptography types do you use when you want to perform a one-time, single-key, encrypted transaction with another company?
Symmetric
Which of the following forms of authentication uses password hashes and challenge methods to authenticate to the system?
CHAP
The (Blank) is a modern authentication framework that can use various authentication methods. It also does not pass the user name and password information in clear text.
Extensible Authentication Protocol (EAP)
Which of the following is the most comprehensive and expensive form of disaster recovery exercise?
Full Scale
Which mobile device management deployment model uses corporate-owned devices where the corporation dictates the software installation and maintenance actions?
COBO (Company Owned Business Only)
(Blank) is similar to CYOD, but employees are limited to installing only white-listed apps.
Company-issued, personally-enabled (COPE)
(Blank) means the organization retains ownership, but employeess may install personal apps on the device.
Choose your own device (CYOD)
Which of the following is a non-secure client-side e-mail protocol that uses TCP port 110?
POP3
You’ve discovered that a number of systems within your network have become infected with malware; it’s believed that all the affected users visited a common site during the previous week. What type of attack would this likely be?
Watering Hole Attack
Which of the following methods of enhancing security between hosts involves generating and exchanging asymmetric keys within a particular communication session?
Key Exchange
Which of the following is a cryptographic representation of text, but not the text itself? (Choose two.)
Hash and Message Digest
Which of the following is a port-based authentication method?
802.11X
Which of the following is a rogue wireless access point set up to be nearly identical to a legitimate access point?
Evil Twin
Which of the following is used in Windows systems to identify a user account?
SID (Security Identifier)
Which of the following are characteristics of hashing? (Choose all that apply.)
- Hashing can be used to protect data integrity
- Hashes are decrypted using the same algorithm that encrypted them
- Hashes produce fixed-length digests for variable length text
- Hashes are cryptographic representations of plaintext
- Hashing can be used to protect data integrity
- Hashes produce fixed-length digests for variable length text
- Hashes are cryptographic representations of plaintext
Which of the following desired attributes would make an organization most likely to move to a cloud provider?
Availability
Which type of network intrusion detection system uses defined rule sets to determine when attacks may be occurring?
Rule-Based
Which of the following answers best describes the one major advantage of TACACS+ over RADIUS?
TACACS+ encrypts everything
Which of the following devices typically makes requests on behalf of internal clients?
Proxy
Which of the following access control models uses labels and security clearances to grant access to objects?
Mandatory Access Control
If a person does not know a control exists, and this control keeps her from performing a malicious act, what type of control would this be classified as?
Preventative
Which of the following refers to the use of several different factors to authenticate to a system?
Multifactor authentication
Which of the following is a legacy wireless encryption protocol that uses the RC4 streaming protocol?
WEP (Wireless Equalivant Privacy)
Which of the following attacks targets relational databases that reside behind Web applications?
A SQL injection
Before information is converted to an unreadable state using cryptography, in what form is the information?
Plaintext
Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?
Mean time to recovery (MTTR
(Blank) represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component. This is assuming that more than one failure will occur, which means that the component will be repaired, rather than replaced.
Mean time between failures (MTBF)
(blank) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired.
Mean time to failure (MTTF)
The corporate IT manager wants you to implement a process that will allow administrators to restrict users from installing and executing certain applications on their mobile devices. Which of the following meets those goals?
Blacklisting
Which of the following terms describes someone who hacks into a system for malicious purposes, without permission from the system’s owner, and shares the system hacking information with others?
Black Hat Hacker
Which of the following cannot identify patterns alone and requires other data and event sources to identify trends and patterns?
Log Analysis
(Blank) involves looking at data from various sources, including device logs, to identify patterns over a period of time
Trend Analysis
Which of the following terms represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of a component produced by that manufacturer?
Mean time between failures (MTBF)
Which of the following is a software or a hardware appliance responsible for balancing user requests and network traffic among several different physical or virtualized hosts?
Load Balancer
Type the command to create an ACL entry that you would use to create an access rule on your router to prevent any telnet traffic from passing through to the destination network 192.168.21.0.
Deny source all destination 192.168.21.0 tcp port 23
Which of the following methods involves sending individual characters of the key through an algorithm and using a mathematical XOR function to change the output?
Key Streaming
Which of the following is a key negotiation and agreement protocol used in public key cryptography?
DHE (Diffie Hellman Exchange)
(Blank) is a public key cryptography protocol used on small mobile devices because of its low power and computing requirements.
Elliptic curve cryptography (ECC)
Which of the following 802.11 encryption protocols would you implement to provide the strongest encryption for communications across your wireless network?
WPA2
A password is an example of which of the following authentication factors?
Something you know
Which of the following policy settings enforces the use of longer password lengths and character spaces to increase password strength?
Password Complexity
During which type of assessment would penetration testers not have any knowledge about the network, while defenders are aware of their presence? (Choose two.)
Blind Test and Black Box
Which of the following is a variant of a phishing attack that targets a particular type of user and includes specific information?
Spear phishing
Which type of assessment looks at events that could exploit vulnerabilities?
Threat Assesment
A (Blank) looks for weaknesses in systems.
vulnerability assessment
A (Blank) is a combination of assessments and is designed to assess factors, including likelihood and impact that affect an asset.
risk assessment
A (Blank) attempts to exploit actual vulnerabilities found within the systems.
penetration test
In many cases a load balancer uses which of the following on a client’s browser to maintain session affinity?
Cookies
What type of evidence in a computer forensics investigation directly supports a particular assertion?
Documentary evidence
Marisol needs to interconnect multiple VLANs in her production environment. Which of the following network devices would best address this issue?
Layer 3 Switch
A layer 3 switch supports inter VLAN routing to interconnect disparate VLANs.
A (Blank) could interconnect two VLANs, but this would take substantial configuration.
Router
What is a Layer 2 Switch?
A layer 2 switch could interconnect VLAN via trunk ports, but only to interconnect to other layer 2 switches.
Mike has five Linux systems that need access to a shared folder with Windows file server that’s part of an Active (AD) domain. What can he do to give these systems access to the shared resource? (Choose two)
- Install and configure SAMBA on the Linux systems to access the AD
- Create new local users on the domain controller
- Create user groups on all the Linux systems
- Configure access to the resource on the file server
- Install and configure SAMBA on the Linux systems to access the AD
- Configure access to the resource on the file server
