Security Administration Flashcards

1
Q

John is looking for a solution for his company that will give the company the most control over mobile devices, while still having the employees purchase their own devices. Which of the following solutions should he select?

BYOD

COPE

CYOD

A

CYOD

CYOD has employees select from a list of approved devices. COPE has the company buy the devices, and BYOD provides very little control. BBBA is not a term used in this context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Employees in your company are provided smartphones by the company. Which of the following best describes this?

BYOD

CYOD

COPE

A

COPE

Company Owned and Provided Device describes company provided smartphones. The other acronyms/answers refer to alternative approaches to mobile devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following would be most effective in preventing a thief from using a mobile device stolen from your company?

GPS tracking

WPA2

Geofencing

A

Geofencing

Geofencing prevents a device from working outside a geographic area. WPA2 is a wireless security technology. Company-Owned and -Provided Equipment has the company buying mobile devices, and geotracking simply locates the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ahmed is a network administrator for an insurance company. He is concerned about users storing company data on their smartphones to exfiltrate that data. Which of the following best describes this?

BYOD

Bluejacking

USB OTG

A

USB OTG

USB OTG is the use of portable devices as USB. Bring Your Own Device is simply a method for allowing employees to bring their own devices into the company network. Bluejacking is a Bluetooth attack. Choose Your Own Device allows employees to select a device from a pre-approved list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Using Bluetooth to extract data from a victim’s phone is best described as which of the following?

Bluesnarfing

Bluejacking

CYOD

A

Bluesnarfing

Bluesnarfing extracts data via Bluetooth. Bluejacking simply sends messages to the device. Choose Your Own Device allows employees to select a device from a pre-approved list. Jailbreaking refers to gaining root or admin access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What principle is most important in setting up network accounts?

Least privileges

Password expiration

Separation of duties

A

Least privileges

Least privileges is the most critical principle in account management. The other options are all important, but not as critical as least privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tom is responsible for account management in his company. For user John Smith who is an administrator, which of the following would be the best name for him to choose?

Admin001

Ajsmith

jsmith

A

jsmith

This is the only name choice that does not give any hint as to the role of that user. The others all reveal, or suggest, the user’s role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Juanita is responsible for setting up network accounts for her company. She wants to establish an account for the SQL Server service. Which of the following would be the best type of account for her to use?

A user/service account

Domain admin account

Guest account

A

A user/service account

All services should be assigned a service account. The other options are not secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following fully implements the 802.11 i security standards?

WEP

WPA

WPA2

A

WPA2

WPA2 fully implements 802.11i, while WEP and WPA do not. WAP is Wireless Access Point, and it is not a security mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following would be best at preventing a thief from accessing the data on a stolen phone?

Geotagging

Remote wipe

Geofencing

A

Remote wipe

Remote wiping allows you to remove all data from a stolen phone. Geotagging would merely allow you to locate the phone. Geofencing would prevent the phone from working, but not prevent access of the data. Segmentation is used to separate user data from company data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Janet is a network administrator for a small company. Users have been reporting that personal data is being stolen when using the wireless network. They all insist that they only connect to the corporate wireless access point. Reviewing the logs for the WAP shows that these users have not connected to it. Which of the following could best explain this situation?

Bluesnarfing

Rouge access point

Jamming

A

Rouge access point

This is a classic example of a rogue access point. None of the other attacks would explain this scenario

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You find that users on your network are getting dropped from the wireless connection. When you check the logs for the wireless access point, you find that a deauthentication packet has been sent to the WAP from the users’ IP addresses. What seems to be happening here?

Bluejacking

Session hijacking

Disassociation attack

A

Disassociation attack

This is a disassociation attack. Bluesnarfing and bluejacking are Bluetooth attacks. The question does not describe session hijacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the primary weakness of infrared communications?

Line of sight

Low bandwidth

Poor authentication

A

Line of sight

Line of sight is the primary weakness of infrared communications. All of the other answers are not true. Infrared connections can support each of these

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which wireless technology uses TKIP?

WEP

WPA

WPA2

A

WPA

WPA uses Temporal Key Integrity Protocol (TKIP), while WEP and WPA2 do not. WAP is a wireless access point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which acronym describes devices provided by the company?

BYOD

COPE

CYOD

CYOP

A

COPE

BYOD, or Bring Your Own Device, as well as CYOD, or Choose Your Own Device, are both employee-owned equipment. CYOP is not a real acronym for portable devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly