Website Sample Questions Flashcards
Which of the following BEST describes both change and incident management?
A. Incident management is not a valid term in IT, however change management is
B. Change management is not a valid term in IT, however incident management is
C. Incident management and change management are interchangeable terms meaning the same thing
D. Incident management is for unexpected consequences, change management is for planned work
D. Incident management is for unexpected consequences, change management is for planned work
Which of the following account policy controls requires a user to enter a 15 character alpha-numerical password?
A. Disablement
B. Length
C. Expiration
D. Password complexity
D. Password complexity
Which of the following types would be considered personally identifiable information?
A. First name and home address
B. Social security number
C. Date of birth
D. Full name, date of birth and address
D. Full name, date of birth and address
Which of the following is the benefit of single file versus full disk encryption?
A. Encryption is preserved in full disk encryption when a file is copied from one media to another
B. Encryption is preserved in single file encryption when a file is copied from one media to another
C. Single file encryption provides better security when decrypting single files than full disk encryption when properly implemented and used
D. Full disk encryption provides better security when decrypting single files than full disk encryption when properly implemented and used
B. Encryption is preserved in single file encryption when a file is copied from one media to another
Which of the following is another name for a CAC?
A. Token
B. RFID
C. MAC
D. PIV
D. PIV
CAC - Common Access Card
PIV - Personal Identity Verification
MAC - Mandatory Access Control, Media Access Control, Message Authentication Code
Which of the following systems offers Trusted OS capabilities by default?
A. Window Vista
B. Windows 7
C. SE Linux
D. Backtrack
C. SE Linux
Which of the following describes a common operational problem when using patch management software that results in a false sense of security?
A. Conflicts with vulnerability scans impede patch effectiveness
B. Distributed updates may fail to apply or may not be active until a reboot
C. Vendor patches are released too frequently, consuming excessive network bandwidth
D. It is resource intensive to test all patches
B. Distributed updates may fail to apply or may not be active until a reboot
Which of the following is BEST identified as an attacker who has or is about to use a logic bomb?
A. Grey hat
B. Malicious insider
C. White hat
D. Black box
B. Malicious insider
Which of the following is the BEST choice in regards to training staff members on dealing with PII?
A. PII requires public access but must be flagged as confidential
B. PII data breaches are always the result of negligent staff and punishable by law
C. PII must be handled properly in order to minimize security breaches and mishandling
D. PII must be stored in an encrypted fashion and only printed on shared printers
C. PII must be handled properly in order to minimize security breaches and mishandling
Which of the following processes are used to avoid employee exhaustion and implement a system of checks and balances?
A. Job rotation
B. Incident response
C. Least privilege
D. On-going security
A. Job rotation
When designing secure LDAP compliant applications, null passwords should NOT be allowed because:
A. a null password can be changed by all users on a network
B. a null password is a successful anonymous bind
C. null passwords can only be changed by the administrator
D. LDAP passwords are one-way encrypted
B. a null password is a successful anonymous bind
A security administrator visits a remote data center dressed as a delivery person. Which of the following is MOST likely being conducted?
A. Social engineering
B. Remote access
C. Vulnerability scan
D. Trojan horse
A. Social engineering
Mobile devices used in the enterprise should be administered using:
A. encrypted networks and system logging
B. full disk encryption and central password management
C. vendor provided software update systems
D. centrally managed update services and access controls
D. centrally managed update services and access controls
The Chief Information Officer (CIO) wants to implement widespread network and hardware changes within the organization. The CIO has adopted an aggressive deployment schedule and does not want to bother with documentation, because it will slow down the deployment. Which of the following are the risks associated with not documenting the changes?
A. Undocumented networks might not be protected and can be used to support insider attacks
B. Documenting a network hinders production because it is time consuming and ties up critical resources
C. Documented networks provide a visual representation of the network for an attacker to exploit
D. Undocumented networks ensure the confidentiality and secrecy of the network topology
A. Undocumented networks might not be protected and can be used to support insider attacks
Which of the following could mitigate shoulder surfing?
A. Privacy screens
B. Hashing
C. Man traps
D. Screen locks
A. Privacy screens