SYO-501 Flashcards
Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:
A. Adware
B. Malware
C. Ransomware
D. Spyware
B. Malware
Which of the following answers refers to malicious software performing unwanted and harmful actions in disguise of a legitimate and useful program?
A. Trojan horse
B. Spyware
C. Logic bomb
D. Adware
A. Trojan horse
What is adware?
A. Unsolicited or undesired electronic messages
B. Malicious programs that sends copies of itself to other computers on the network
C. Software that displays advertisements
D. Malicious software that collects information about users without their knowledge
C. Software that displays advertisements
A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:
A. Backdoor
B. Botnet
C. Rootkit
D. Armored virus
C. Rootkit
Which type of Trojan enables unauthorized remote access to a compromised system?
A. pcap
B. RAT
C. MaaS
D. pfSense
B. RAT
Which of the following answers refers to an undocumented way of gaining access to a program, online service, or an entire computer system?
A. Tailgaiting
B. Rootkit
C. Trojan horse
D. Backdoor
D. Backdoor
Phishing scams targeting selected individuals/groups of users are referred to as:
A. Vishing
B. Spear phishing
C. MITM attack
D. Whaling
B. Spear phishing
What is tailgating?
A. Looking over someone’s shoulder to get information
B. Scanning for unsecured wireless networks while driving in a car
C. Manipulating a user into disclosing confidential information
D. Gaining unauthorized access to restricted areas by following another person
D. Gaining unauthorized access to restricted areas by following another person
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:
A. Vishing
B. Impersonation
C. Virus hoax
D. Phishing
C. Virus hoax
Which of the following attacks uses multiple compromised computer systems against its target?
A. Spear phishing
B. DoS
C. Watering hole attack
D. DDos
D. DDos
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:
A. IV attach
B. SQL Injection
C. Buffer overflow
D. Fuzz test
B. Buffer overflow
Zero-day attack exploits:
A. New accounts
B. Patched software
C. Vulnerability that is present in already released software but unknown to the software developer
D. Well known vulnerability
C. Vulnerability that is present in already released software but unknown to the software developer
A replay attach occurs when an attacker intercepts user credentials and tries to use this information later for gaining unauthorized access to resources on a network.
A. True
B. False
A. True
URL hijacking is also referred to as:
A. Session hijacking
B. Sandboxing
C. Typo Squatting
D. Shoulder surfing
C. Typo squatting
Which of the following terms refers to a rogue AP?
A. Computer worm
B. Backdoor
C. Evil twin
D. Trojan horse
C. Evil twin
Which of the following technologies simplifies configuration of new wireless networks by providing non-technical users with a capability to easily configure network security settings and a add new devices to an existing network?
A. WPA
B. WPS
C. WEP
D. WAP
B. WPS
The practice of sending unsolicited messages over Bluetooth is known as:
A. Bluejacking
B. Vishing
C. Bluesnarfing
D. Phishing
A. Bluejacking
Gaining unauthorized access to a Bluetooth device is referred to as:
A. Xmas attack
B. Bluesnarfing
C. Bluejacking
D. Pharming
B. Bluesnarfing
Which of the terms listed below is used to describe an unskilled individual exploiting computer security loopholes with the use of code and software written by someone else?
A. Script kiddies
B. Black hat hacker
C. Hactivist
D. White hat hacker
A. Script kiddies
Which of the following facilitate(s) privilege escalation attacks? (select all the apply)
A. System/application vulnerability B. Distributed Denial of Service (DDoS) C. Social engineering techniques D. Attribute-Based Acccess Control (ABAC) E. System/application misconfiguration
A. System/application vulnerability
C. Social engineering techniques
E. System/application misconfiguration
A penetration test conducted with the use of prior knowledge on how the system that is to be tested works is known as:
A. White hat
B. Sandbox
C. White box
D. Black box
C. White box
Penetration testing: (select all that apply)
A. Bypasses security controls B. Only identifies lack of security controls C. Actively tests security controls D. Exploits vulnerabilities D. Passively tests security controls
A. Bypasses security controls
C. Actively tests security controls
D. Exploits vulnerabilities
An antivirus software identifying non-malicious code as a virus due to faulty virus signature file is an example of:
A. Fault tolerance
B. False positive error
C. Incident isolation
D. False negative
B. False positive error
Which of the terms listed below refers to a situation where no alarm is raised when an attack has taken place?
A. False negative
B. True positive
C. False positive
D. True negative
A. False negative
Which of the following answers refers to a set of rules that specify which users or system processes are granted access to objects as well as what operation are allowed on a given object?
A. CRL
B. NAT
C. BCP
D. ACL
D. ACL
Which IPsec mode provides whole packet encryptions?
A. Tunnel
B. Payload
C. Transport
D. Host-to-host
A. Tunnel
Which type of IDS relies on known attack patterns in order to detect an intrusion?
A. Behavior-based
B. Heuristic/behavioral
C. Signature-based
D. AD-IDS
C. Signature-based
A protocol that provides protection against switching loops is called:
A. UTP
B. SSH
C. STP
D. HMAC
C. STP
Disabling SSID broadcast:
A. Is one of the measures used for securing networks
B. Makes a WLAN harder to discover
C. Blocks access to WAP
D. Prevents wireless clients from accessing the network
B. Makes a WLAN harder to discover
A network access control method whereby the 48-bit address assigned to each network card is used to determine access to the network is known as:
A. EMI shielding
B. Hardware lock
C. MAC filter
D. Quality of Service (QoS)
C. MAC filter
Which of the acronyms listed below refers to a technology that allows for real-time analysis of security alerts generated by network hardware and applications?
A. LACP
B. DSCP
C. SIEM
D. LWAPP
C. SIEM
A software or hardware based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of a corporate network are referred to as:
A. AUP
B DLP
C. UAT
D. LTO
B. DLP (Data Loss Prevention)
Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as Pre-admission NAC where a host must, for example, be virus free or have patches applied before it can be allowed to connect to the network, and/or Post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.
A. True
B. False
A. True
Which of the following tools would be used to check the contents of an IP packet?
A. Protocol analyzer
B. Secure Shell (SSH)
C. SNMP agent
D. Port scanner
A. Protocol analyzer
What is the most effective way for permanent removal of data stored on magnetic drive?
A. Quick format
B. Recycle bin
C. Degaussing
D. Low-level format
C. Degaussing
Steganography allows for:
A. Checking data integrity
B. Calculating hash values
C. Hiding data within another piece of data
D. Data encryption
C. Hiding data within another piece of data
A monitored host of network specifically designed to detect unauthorized access attempts is known as:
A. Botnet
B. Rogue access point
C. Honeypot
D. Flood guard
C. Honeypot
The practice of connecting to an open port on a remote server to gather more information about the service running on that port is referred to as:
A. Bluejacking
B. Banner grabbing
C. Session hijacking
D. eDiscovery
B. Banner grabbing
What is the name of a command-line utility used for checking the reachability of a remote host?
A. tracert
B. ping
C. nslookup
D. netstat
B. ping
Windows command-line utility for displaying intermediary points on the packet route is called:
A. ping
B. netstat
C. ipconfig
D. tracert
D. tracert
Which of the terms listed below refers to a security solution implemented on an individual computer host monitoring that specific system for malicious or policy violations?
A. NIPS
B. Control filter
C. Firewall
D. HIDS
D. HIDS
Which of the following acronyms refers to a network solution combining the functionality of a firewall with additional safeguards such as URL filtering, content inspection, or malware inspection?
A. MTU
B. STP
C. UTM
D. XML
C. UTM (Unified Threat Management)
An operating system security feature that ensures safe memory usage by applications is known as:
A. DEP
B. DLP
C. DSU
D. DRP
A. DEP (Data Execution Prevention)
Which of the terms listed below refers to a mobile device’s capability to share its Internet connection with other devices?
A. Pairing
B. Clustering
C. Tethering
D. Bonding
C. Tethering
Which of the following acronyms refers to a policy of permitting employees to bring personally owned mobile devices and to use those devices for accessing privileged company information and applications?
A. BSOD
B. BYOD
C. JBOD
D. BYOB
B. BYOD
What is the name of a secure replacement for Telnet?
A. ICMP
B. FTP
C. IPv6
D. SSH
D. SSH
A type of protocol used in network management systems to monitor network-attached devices is known as:
A. SIP
B. SNMP
C. NetBIOS
D. RTP
B. SNMP
Which version(s) of the SNMP protocol offer(s) only authentication based on community strings sent in unencrypted form? (Select all that apply)
A. SNMPv1
B. SNMPv2
C. SNMPv3
D. SNMPv4
A. SNMPv1
B. SNMPv2
A lightly protected subnet consisting of publicly available servers placed on the outside of the company’s firewall is known as:
A. VPN
B. Access Point (AP)
C. VLAN
D. DMZ
D. DMZ
Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device?
A. NAC
B. ACL
C. NAT
D. DMZ
C. NAT (Network address translation)
A logical grouping of computers that may be physically located on different parts of a LAN is called Virtual Local Area Network (VLAN)
A. True
B. False
A. True
In computer networks, a computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as:
A. Load balancer
B. Web server
C. VPN concentrator
D. Proxy server
D. Proxy server
What is the name of a technology that allows for storing passwords, certificates, or encryption keys in a hardware chip?
A. Encrypting File System (EFS)
B. Triple Digital Encryption Standard (3DES)
C. Trusted Platform Module (TPM)
D. Advanced Encryption Standard (AES)
C. Trusted Platform Module (TPM)
Which of the answers listed below refers to a firmware interface designed as a replacement for BIOS?
A. UEFI
B. ACPI
C. CMOS
D. USMT
A. UEFI
One of the measures used in OS hardening includes unnecessary ports and services.
A. True
B. False
A. True
The term trusted OS refers to an operating system:
A. Admitted to a network through NAC
B. Implementing patch management
C. That has been authenticated on the network
D. With enhanced security features
D. With enhanced security features
An MS Windows account that enables users to have temporary access to a computer without the capability to install software or hardware, change settings, or create a user password is called:
A. Guest account
B. Temporary account
C. Standard account
D. Managed user account
A. Guest account
Which of the answers listed below refers to a control system providing the capability for real-time monitoring and gathering information related to industrial equipment?
A. OVAL
B. SCADA
C. TACACS
D. SCAP
B. SCADA (Supervisory Control and Data Acquisition)
Which of the following solutions is used for controlling temperatures and humidity?
A. Faraday cage
B. UART
C. EMI shielding
D. HVAC
D. HVAC
The practice of finding vulnerabilities in an application by feeding it incorrect input is referred to as:
A. Patching
B. Exception handling
C. Application hardening
D. Fuzzing
D. Fuzzing
A software application used to manage multiple guest operating systems on a single host system is called:
A. ICS server
B. Hypervisor
C. UC server
D. Virtual switch
B. Hypervisor
A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer’s own computer is known as:
A. Thick client
B. SaaS
C. Virtualization
D. IaaS
B. SaaS
In which of the cloud computing infrastructure types, clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment?
A. Iaas
B. SaaS
C. P2P
D. PaaS
A. IaaS
Which of the following cloud services would provide the best solution for a web developer intending to create a web app?
A. SaaS
B. API
C. PaaS
D. IaaS
C. PaaS
Which of the security controls listed below is used to prevent tailgating?
A. Hardware locks
B. Mantraps
C. Video Surveillance
D. EMI shielding
B. Mantraps
A set of physical characteristics of the human body that can be used for identification and access control purposes is known as:
A. Biometrics
B. PII
C. Physical Token
D. ID
A. Biometrics
Solutions providing the AAA functionality include: (Select all that apply):
A. MSCHAP
B. RADIUS
C. PPTP
D. TACACS+
B. RADIUS
D. TACACS+
AAA= Authentication, Authorization, Accounting
Which of the following is an example of a multifactor authentication?
A. Password and biometric scan
B. User name and PIN
C. Smart card and identification badge
D. Iris and fingerprint scan
A. Password and biometric scan
An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login at only one of the components is known as:
A. SSO
B. SSH
C. SSL
D. SLA
A. SSO
An access control model in which every resource has a sensitivity label matching clearance level assigned to a user is called:
A. RBAC
B. DAC
C. HMAC
D. MAC
D. MAC
A type of access control in computer security where every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object is known as:
A. MAC
B. ABAC
C. DAC
D. RBAC
C. DAC (Discretionary Access Control)
Which of the following is an example of a biometric authentication?
A. Password
B. Smart card
C. Fingerprint scanner
D. User name
C. Fingerprint scanner
Which of the following answers refers to a key document governing the relationship between two business organizations?
A. ISA
B. SLA
C. MoU
D. BPA
D. BPA (Business Partners Agreeement)
An agreement between a service provider and the user(s) defining the nature, availability, quality, and scope of the service to be provided is known as:
A. BPA
B. MoU
C. SLA
D. ISA
C. SLA
Which of the following answers refers to an agreement established between an organization that own and operate connected IT systems to document the technical requirements of the interconnection?
A. ISA
B. SLA
C. MoU
D. BPA
A. ISA (Interconnection Security Agreement)
A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission is called:
A. BPA
B. MoU
C. SLA
D. ISA
B. MoU
One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company.
A. True
B. False
A. True
Which of the answers listed below refers to a concept of having more than one person required to complete a given task?
A. Acceptable use policy
B. Job rotation
C. Multifactor authentication
D. Separation of duties
D. Separation of duties
A sticky note with a password kept on sight in user’s cubicle would be a violation of which of the following policies?
A. Data labeling policy
B. Clean desk policy
C. User account policy
D. Password complexity
B. Clean desk policy
Which of the following acronyms refers to a set of rules enforced in a network that restrict the use to which the network may be put?
A. OEM
B. AUP
C. UAT
D. ARO
B. AUP (Acceptable Use Policy)
A maximum acceptable period of time within which a system must be restored after failure is referred to as:
A. Recovery Time Objective (RTO)
B. Mean Time To Restore (MTTR)
C. Maximum Tolerable Period of Disruption (MTPOD)
D. Mean Time Between Failures (MTBF)
A. Recovery Time Objective (RTO)
Which of the terms listed below is used to describe the loss of value to an asset based on a single security incident?
A. SLE
B. ARO
C. ALE
D. SLA
A. SLE (Single Loss Expectancy)
A type of risk assessment formula defining probable financial loss due to a risk over a one-year period is known as:
A. ARO
B. ALE
C. SLE
D. BPA
B. ALE (Annual Loss Expectancy)
In quantitative risk assessment, this formula is used for estimating the likelihood of occurrence of a future threat.
A. ALE
B. SLA
C. ARO
D. SLE
C. ARO (Annualized Rate of Occurrence)
Contracting out a specialized technical component when the company’s employees lack the necessary skills is an example of:
A. Risk deterrence
B. Risk avoidance
C. Risk acceptance
D. Risk transference
D. Risk transference
Disabling certain system functions of shutting down the system when risks are identified is an example of:
A. Risk acceptance
B. Risk avoidance
C. Risk transference
D. Risk deterence
B. Risk avoidance
In forensics procedures, a sequence of steps in which different types of evidence should be collected is known as:
A. Order of volatility
B. Layered security
C. Chain of custody
D. Transitive access
A. Order of volatility
In incident response procedures a process that ensures proper handling of collected evidence is called:
A. Intrusion detection/notification
B. Chain of custody
C. MSDS documentation
D. Equipment grounding
B. Chain of custody
Which of the following backup site types allows for fastest disaster recovery?
A. Cold site
B. Hot site
C. Warm site
D. Cross-site
B. Hot site
A cold site is the most expensive type of backup site for an organization to operate.
A. True
B. False
B. False
Restoring data from an incremental backup requires: (select 2 answers)
A. Copy of the last incremental backup
B. All copies of differential backups made since the last full backup
C. Copy of the last differential backup
D. All copies of incremental backups made sine the last full backup
E. Copy of the last full backup
D. All copies of incremental backups made since the last full back up
E. Copy of the last full backup
In computer security, the term dumpster diving is used to describe a practice of sifting through trash for discarded documents containing sensitive data.
Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and also mitigates the risk of social engineering attacks.
A. True
B. False
A. True
Any type of information pertaining to an individual that can be used to uniquely identify that individual is known as:
A. PIN
B. PII
C. ID
D. Password
B. PII
What are the features of Elliptic Curve Cryptography (ECC)? (Select 2 answers)
A. Asymmetric encryption B. Shared key C. Suitable for small wireless devices D. High processing power requirements E. Symmetric encryption
A. Asymmetric encryption
C. Suitable for small wireless devices
Advanced Encryption Standard (AES): (Select all that apply)
A. Is a symmetric encryption algorithm B. Uses 128, 192 and 256-bit keys C. Is an asymmetric encryption algorithm D. Uses block cipher algorithm E. Requires multiple passes to encrypt data
A. Is a symmetric encryption algorithm
B. Uses 128, 192, 256-bit algorithm
D. Uses block cipher algorithm
Which of the following wireless encryption schemes offers the highest level of protection?
A. WEP
B. WPA2
C. WAP
D. WPA
B. WPA2
AES-based encryption mode implemented in WPA2 is known as:
A. CCMP
B. 3DES
C. TKIP
D. HMAC
CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol)
Which of the answers listed below refers to a security solution allowing administrators to block Internet access for users until they perform required action?
A. Access logs
B. Mantrap
C. Post-admission NAC
D. Captive portal
D. Captive portal
Which of the following solutions would be the fastest in validating digital certificates?
A. IPX
B. OCSP
C. CRL
D. OSPF
B. OCSP (Online Certificate Status Protocol)
What is the name of a storage solution used to retain copies of private encryption keys?
A. Trusted OS
B. Key escrow
C. Proxy
D. Recovery agent
B. Key escrow
