Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IST 266 > Test 4 > Flashcards

Test 4 Flashcards

1
Q

What is the current version of TACACS?
a. XTACACS
b. TACACS+
c. TACACS v9
d. TRACACS

A

b. TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How is the Security Assertion Markup Language (SAML) used?

A

It allows secure web domains to exchange user authentication and authorization data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A RADIUS authentication server requires the ________ to be authenticated first.

A

d. supplicant (device/user seeking connection)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is NOT true regarding how an enterprise should handle an orphaned or dormant account?
a. A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization.
b. Access should be ended as soon as the employee is no longer part of the organization.
c. Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.
d. All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

A

d. All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage?
a. RADIUS
b. Lite RDAP
c. DAP
d. RDAP

A

a. RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is NOT part of the AAA framework?
a. Authentication
b. Access
c. Authorization
d. Accounting

A

B. access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the version of the X.500 standard that runs on a personal computer over TCP/IP?

A

c. LDAP (Lightweight directory access protocol)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?

A

Custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which access control model is the most restrictive?
a. DAC
b. MAC
c. Role-Based Access Control
d. Rule-Based Access Control

A

b. MAC (creator and management)

DAC (allows an individual complete control over any objects they own along with the programs associated with those objects.)
Role-Based Access Control (Roles have certain permissions)
Rule-Based Access Control (Users given specific permissions)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of access control model uses predefined rules that makes it flexible?
a. ABAC
b. DAC
c. MAC
d. Rule-Based Access Control

A

a. ABAC (attribute-based access control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which can be used to establish geographical boundaries where a mobile device can and cannot be used?
a. Location-based policies
b. Restricted access control policies
c. Geolocation policies
d. Mobile device policies

A

a. location-based policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which statement about Rule-Based Access Control is true?
a. It requires that a custodian set all rules.
b. It is considered obsolete today.
c. It dynamically assigns roles to subjects based on rules.
d. It is considered a real-world approach by linking a user’s job function with security.

A

c. It dynamically assigns roles to subjects based on rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following would NOT be considered as part of a clean desk policy?
a. Do not share passwords with other employees.
b. Lock computer workstations when leaving the office.
c. Place laptops in a locked filing cabinet.
d. Keep mass storage devices locked in a drawer when not in use.

A

a. do not share passwords with other employess

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of these is a set of permissions that is attached to an object?
a. Access control list (ACL)
b. Subject Access Entity (SAE)
c. Object modifier
d. Security entry designator

A

a. Access control list (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which Microsoft Windows feature provides group-based access control for centralized management and configuration of computers and remote users who are using Active Directory?
a. Windows Registry Settings
b. AD Management Services (ADMS)
c. Group Policy
d. Resource Allocation Entities

A

c. Group Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can be used to provide both file system security and database security?
a. RBASEs
b. LDAPs
c. CHAPs
d. ACLs

A

d. ACLs (access-control lists)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the least restrictive access control model?
a. DAC
b. ABAC
c. MAC
d. Rule-Based Access Control

A

a. DAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the secure version of LDAP?
a. LDAPS
b. Secure DAP
c. X.500
d. 802.1x

A

a. LDAPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is the Microsoft version of EAP?
a. EAP-MS
b. MS-CHAP
c. PAP-MICROSOFT
d. AD-EAP

A

b. MS-CHAP

EAS is used on encrypted networks to provide a secure way to send identifying information to provide network authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following involves rights given to access specific resources?
a. Identification
b. Access
c. Authorization
d. Accounting

A

b. access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

At what point in a vulnerability assessment would an attack tree be utilized?
a. Vulnerability appraisal
b. Risk assessment
c. Risk mitigation
d. Threat evaluation

A

d. Threat evaluation

Atack trees are conceptual diagrams showing how an asset, or target, might be attacked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following is NOT true about privacy?
a. Today, individuals can achieve any level of privacy that is desired.
b. Privacy is difficult due to the volume of data silently accumulated by technology.
c. Privacy is freedom from attention, observation, or interference based on your decision.
d. Privacy is the right to be left alone to the degree that you choose.

A

a. Today, individuals can achieve any level of privacy that is desired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is NOT true about privacy?
a. Today, individuals can achieve any level of privacy that is desired.
b. Privacy is difficult due to the volume of data silently accumulated by technology.
c. Privacy is freedom from attention, observation, or interference based on your decision.
d. Privacy is the right to be left alone to the degree that you choose.

A

a. Today, individuals can achieve any level of privacy that is desired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following is NOT true about privacy?
a. Today, individuals can achieve any level of privacy that is desired.
b. Privacy is difficult due to the volume of data silently accumulated by technology.
c. Privacy is freedom from attention, observation, or interference based on your decision.
d. Privacy is the right to be left alone to the degree that you choose.

A

a. Today, individuals can achieve any level of privacy that is desired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is NOT a risk associated with the use of private data?
a. Individual inconveniences and identity theft
b. Associations with groups
c. Statistical inferences
d. Devices being infected with malware

A

d. Devices being infected with malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is NOT an issue raised regarding how private data is gathered and used?
a. The data is gathered and kept in secret.
b. By law, all encrypted data must contain a “backdoor” entry point.
c. Informed consent is usually missing or is misunderstood.
d. The accuracy of the data cannot be verified.

A

b. By law, all encrypted data must contain a “backdoor” entry point.

27
Q

Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm?
a. Vulnerability assessment
b. Penetration test
c. Vulnerability scan
d. Risk appraisal

A

a. Vulnerability assessment

28
Q

Which of these should NOT be classified as an asset?
a. Business partners
b. Buildings
c. Employee databases
d. Accounts payable

A

d. Accounts payable

29
Q

Which of the following command-line tools tests a connection between two network devices?
a. Netstat
b. Ping
c. Nslookup
d. Ifconfig

A

b. ping

30
Q

Which statement regarding vulnerability appraisal is NOT true?
a. Vulnerability appraisal is always the easiest and quickest step.
b. Every asset must be viewed in light of each threat.
c. Each threat could reveal multiple vulnerabilities.
d. Each vulnerability should be cataloged

A

a. Vulnerability appraisal is always the easiest and quickest step

31
Q

Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur?
a. Vulnerability prototyping
b. Risk assessment
c. Attack assessment
d. Threat modeling

A

d. threat modeling

32
Q

Which of the following tools is a Linux command-line protocol analyzer?
a. Wireshark
b. Tcpdump
c. IP
d. Arp

A

b. tcp dump

33
Q

Which of the following is a command-line alternative to Nmap?
a. Netcat
b. Statnet
c. Mapper
d. Netstat

A

a. netcat
nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses

34
Q

Which of these is NOT a state of a port that can be returned by a port scanner?
a. Open
b. Busy
c. Blocked
d. Closed

A

b. busy

35
Q

Which of the following data sensitivity labels is the highest level of data sensitivity?
a. Ultra
b. Confidential
c. Private
d. Secret

A

b. confidential

36
Q

Which of the following data sensitivity labels has the lowest level of data sensitivity?
a. Unrestricted
b. Public
c. Free
d. Open

A

b. public

37
Q

Which of the following is NOT a function of a vulnerability scanner?
a. Detects which ports are served and which ports are browsed for each individual system
b. Alerts users when a new patch cannot be found
c. Maintains a log of all interactive network sessions
d. Detects when an application is compromised

A

b. Alerts users when a new patch cannot be found

38
Q

Which of the following must be kept secure as mandated by HIPAA?
a. PII
b. PHI
c. PHIL
d. PLILP

A

b. PHI (protected health information)

39
Q

Which statement regarding a honeypot is NOT true?
a. It is typically located in an area with limited security.
b. It is intentionally configured with security vulnerabilities.
c. It cannot be part of a honeynet.
d. It can direct an attacker’s attention away from legitimate servers.

A

c. It cannot be part of a honeynet.

40
Q

Which of the following sends “probes” to network devices and examines the responses to evaluate whether a specific device needs remediation?
a. Active scanner
b. Probe scanner
c. Passive scanner
d. Remote scanner

A

a. active scanner

41
Q

If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique?
a. Black box
b. White box
c. Gray box
d. Blue box

A

b. white box

42
Q

If a software application aborts and leaves the program open, which control structure is it using?
a. Fail-safe
b. Fail-secure
c. Fail-open
d. Fail-right

A

c. fail-open

43
Q

Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?
a. Disaster recovery planning
b. IT contingency planning
c. Business impact analysis planning
d. Risk IT planning

A

b. IT contingency planning

44
Q

Dilma has been asked with creating a list of potential employees serve in an upcoming tabletop exercise. Which employees will be on her list?
a. All employees
b. Individuals on a decision-making level
c. Full-time employees
d. Only IT managers

A

b. individuals on a decision-making level

45
Q

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?
a. MTTR
b. MTBR
c. MTBF
d. MTTI

A

a. MTTR (mean-time-to-repair)

46
Q

Which of the following is NOT a category of fire suppression systems?
a. Water sprinkler system
b. Wet chemical system
c. Clean agent system
d. Dry chemical system

A

b. Wet chemical system

47
Q

Which of the following is NOT a category of fire suppression systems?
a. Water sprinkler system
b. Wet chemical system
c. Clean agent system
d. Dry chemical system

A

b. wet chemical sytem

48
Q

Which of these is NOT required for a fire to occur?
a. A chemical reaction that is the fire itself
b. A type of fuel or combustible material
c. A spark to start the process
d. Sufficient oxygen to sustain the combustion

A

c. a spark to start the process

49
Q

An electrical fire like that would be found in a computer data center is known as what type of fire?
a. Class A
b. Class B
c. Class C
d. Class D

A

c. Class c

Class A regular fire
Class b liquid/gas fire
class d metallic fires

50
Q

Which level of RAID uses disk mirroring and is considered fault-tolerant?
a. Level 1
b. Level 2
c. Level 3
d. Level 4

A

a. Level 1

RAID 0 striping
raid 5 distributed parity
raid 6 dual parity
raid 10 striping mirriors

51
Q

What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time?
a. Time Offset
b. Civil time
c. Daylight savings time
d. Greenwich Mean Time (GMT)

A

a. Time Offset

52
Q

What does the abbreviation RAID represent?
a. Redundant Array of IDE Drives
b. Resilient Architecture for Interdependent Discs
c. Redundant Array of Independent Drives
d. Resistant Architecture of Inter-Related Data Storage

A

c. Redundant Array of Independent Drives

53
Q

Which of these is an example of a nested RAID?
a. Level 1-0
b. Level 0-1
c. Level 0+1
d. Level 0/1

A

c. Level 0+1

54
Q

A(n) ________ is always running off its battery while the main power runs the battery charger.
a. Secure UPS
b. Backup UPS
c. Off-line UPS
d. On-line UPS

A

d. On-line UPS

55
Q

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?
a. Cold site
b. Warm site
c. Hot site
d. Replicated site

A

c. Hot site

Cold site has necessary electrical and physical components of a facility, but does not have the computer equipment in place.

Warm site has some equipment

56
Q

Which of the following can a UPS NOT perform?
a. Prevent certain applications from launching that will consume too much power
b. Disconnect users and shut down the server
c. Prevent any new users from logging on
d. Notify all users that they must finish their work immediately and log off

A

a. Prevent certain applications from launching that will consume too much power

57
Q

Which of these is NOT a characteristic of a disaster recovery plan (DRP)?
a. It is updated regularly.
b. It is a private document used only by top-level administrators for planning.
c. It is written.
d. It is detailed.

A

b. It is a private document used only by top-level administrators for planning.

58
Q

What does an incremental backup do?
a. Copies all files changed since the last full or incremental backup
b. Copies selected files
c. Copies all files
d. Copies all files since the last full backup

A

a. Copies all files changed since the last full or incremental backup

59
Q

Which question is NOT a basic question to be asked regarding creating a data backup?
a. What media should be used?
b. How long will it take to finish the backup?
c. Where should the backup be stored?
d. What information should be backed up?

A

b. How long will it take to finish the backup?

60
Q

The chain of ________ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.
a. Forensics
b. Evidence
c. Custody
d. Control

A

c. custody

61
Q

What is the maximum length of time that an organization can tolerate between data backups?

A

Recovery point objective (RPO)

62
Q

When an unauthorized event occurs, what is the first duty of the computer forensics response team?
a. To log off from the server
b. To secure the crime scene
c. To back up the hard drive
d. To reboot the system

A

b. to secure the crime scene

63
Q

Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement.

A

d. After-action report

IST 266 (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions