Securities 2
Complete List of Terms and Definitions for Securities 2
| Terms | Definitions |
|---|---|
| cryptology | research into encryption |
| X.5OO | The international Organization for Standardization (ISO) standard for directory services. |
| Mercury Technical Solutions has declared that all clients must use S/MIME by the end of the year. Which of the following statements is true of the S/MIME security features? Answer a. S/MIME uses asymmetric encryption algorithms for conf | A |
|
Most mission impacting vulnerabilities in a formal risk assessment should be: A. Mitigated B. Accepted C. Avoided D. Ignored |
B. Accepted |
| Which of the following network filtering devices will rely on signature updates to be effective? | NIDS |
| QUESTION NO: 164An administrator notices that former temporary employees accounts are still active on a domain.Which of the following can be implemented to increase security and prevent this from happening?A. Run a last logon script to look for inactive a | Answer: B |
| VulnerabilityExploitThreatRisk | • Vulnerability: a weakness that could allow a system to enter a state not permitted by policy.• Exploit: a mechanism for taking advantage of a vulnerability.• Threat: a circumstance that could allow a vulnerability to be taken advantage of.• Risk: the probability that both a threat and a corresponding vulnerability exist |
| An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements?A. TranspositionB. SubstitutionC. SymmetricD. Asymmetric | C |
| When should a technician perform penetration testing?A. When the technician suspects that weak passwords exist on the networkB. When the technician is trying to guess passwords on a networkC. When the technician has permission from the owner of the networ | C |
| Which of the following encryption schemes is the public key infrastructure based on?A. QuantumB. Elliptical curveC. AsymmetricD. Symmetric | C |
| Which of the following technologies is not directly associated with LAN private wireless networking? Answer a. WAP b. WPA c. 802.11g d. WEP | A |
| Which of the following terms describes the investigation of a filesystem and Registry while searching for proof of past malicious activity? Answer a. Logging b. Incident analysis c. Forensics d. | C |
| etermine the access control model where users are assigned access rights based on their function within the organization?A. This is a feature of Discretionary Access Control (DAC).B. This is a feature of Rule Based Access Control (RBAC).C. This is a | C |
| When assigning permissions, which of the following concepts should be applied to enable a person to perform their job task?A. Rule basedB. Discretionary access control (DAC)C. Least privilegeD. Role based | C |
| confidentiality | Assurance that data remains private and no one sees it except for thoseexpected to see it. |
|
Which of the following signature-based monitoring systems is used to detect and remove known worms and Trojans on a host? A. NIPS B. Antivirus C. Anti-spam D. HIDS |
B. Antivirus |
| Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering? | Piggybacking |
| Zone | Different area for service to different end user |
| eg vigenere cipher | vignere cipher & tableau |
| Which of the following principles should be applied when assigning permissions? | Least privilege |
| on-line ups | An uninterruptible power supply which is always running off its batterywhile the main power runs the battery charger. |
| QUESTION NO: 102A technician is reviewing the logical access control method an organization uses. One of thesenior managers requests that the technician prevent staff members from logging on during nonworkingdays.Which of the following should the technici | Answer: C |
| system events | Operational actions that are performed by the operating system. |
| one-time passwords (OTP) | Dynamic passwords that change frequently. |
| Identify the method that should be used to ensure that the user is able to authenticate to the server and the server to the user?A. You should make use of the Mutual authentication method.B. You should make use of the Biometric authentication method.C | A |
| Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO).A. VLAN segment of the systemsB. Systems clock synchronizationC. Systems capacity and performanceD. External network trafficE. Netwo | B,C |
| Password crackers:A. are sometimes able to crack both passwords and physical tokensB. cannot exploit weaknesses in encryption algorithms.C. cannot be run remotely.D. are sometimes able to crack both Windows and UNIX passwords | D |
| Which of the following is commonly used in a distributed denial of service (DDOS) attack?A. PhishingB. AdwareC. BotnetD. Trojan | C |
|
What type of authentication is depicted below: The authentication process uses a Key Distribution Center (KDC) to orchestrate the entire process. The KDC authenticates the network. Principles can be users, programs, or systems. The KDC provides a ticket |
Kerberos system. |
| backdoor | An opening left in a program application (usually by the developer)that allows additional access to data. Typically, these are created for debugging purposesand aren’t documented. Before the product ships, the back doors are closed; when theyaren’t closed, security loopholes exist. |
|
Purchasing insurance on critical equipment is an example of which of the following types of risk mitigation techniques? A. Risk avoidance B. Risk transfer C. Risk retention D. Risk reduction |
B. Risk transfer |
|
Which of the following encryption technologies is BEST suited for small portable devices such as PDAs and cell phones? A. TKIP B. PGP C. AES192 D. Elliptic curve |
A. TKIP |
|
Which of the following security concepts is supported by HVAC systems? A. Availability B. Integrity C. Confidentiality D. Privacy |
A. Availability |
|
Which of the following methods involves placing plain text data within a picture or document? A. Steganography B. Digital signature C. Transport encryption D. Stream cipher |
A. Steganography |
| Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation? | Multifactor |
| The security of an encryption scheme depends on the secrecy of the: | key |
| Which of the following provides the MOST secure form of encryption? | AES |
| Secret key encyption is also known as | symmetrical |
| E-mail policy | a policy that discusses what’s acceptable when using the company email system |
| Internet Filters | Software that blocks access to specific sites on the Internet. |
| Conduction | Movement of heat through a substance or btw 2 substances in contact w/ each other; fire poker |
| tsp | toe security policy - policy claimed to be in force for given system |
| Which of the following practices is MOST relevant to protecting against operating system security flaws? | Patch management |
| business continuity | the ability of an organization to maintain its operations and services in the face of a disruptive event |
| QUESTION NO: 165Which of the following is the primary security risk with coaxial cable?A. Diffusion of the core light sourceB. Data emanation from the coreC. Crosstalk between the wire pairsD. Refraction of the signal | Answer: B |
| QUESTION NO: 121Which of the following virtual machine components monitors and manages the various virtualinstances?A. VMOSB. VCPUC. HypervisorD. Virtual supervisor | Answer: C |
| QUESTION NO: 170Which of the following is a required privilege that an administrator must have in order to restore apublic/private key set on a certificate authority (CA)?A. Recovery agentB. Registration authorityC. Domain administratorD. Group administra | Answer: A |
| salt | A random sequence of bits input along with the user-created password to protect it from attack. |
| endpoint | The end of the tunnel between VPN devices. |
| Policy is assumed to | • Unambiguously partition system states• Correctly capture security requirements |
| Which of the following would require a pre-sharing of information before a home user could attach to a neighbors wireless adapter?A. Anonymous connections enabledB. SSID broadcasting disabledC. SSID broadcasting enabledD. Encryption disabled | B |
| A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be fol | A |
| Which of the following attacks can be caused by a user being unaware of their physical surroundings? A. ARP poisoning B. Phishing C. Shoulder surfing D. Man-in-the-middle | C |
| Which of the following is the main limitation with biometric devices?A. The false rejection rateB. They are expensive and complexC. They can be easily fooled or bypassedD. The error human factor | B |
| Which of the following is setup within a router?A. ARPB. DMZC. OVALD. DDoS | B |
| When is the correct time to discuss the appropriate use of electronic devices with a new employee?A. At time of hireB. At time of first correspondenceC. At time of departureD. At time of first system login | A |
| The CHAP authentication method does not use username and password combinations but uses a _____ which is stored locally in ____. |
Shared Secret clear text |
| access control | The means of giving or restricting user access to network resources. Accesscontrol is usually accomplished through the use of an access control list (ACL). |
|
Which of the following solutions would an administrator MOST likely perform in order to keep upto- date with various fixes on different applications? A. Service pack installation B. Patch management C. Different security templates D. Browserhot |
B. Patch management |
|
Which of the following security attacks would be MOST likely to occur within the office without the use of technological tools? A. Phishing B. Cold calling C. Shoulder surfing D. SPIM |
C. Shoulder surfing |
|
Which of the following describes a design element that requires unknown computers connecting to the corporate network to be automatically part of a specific VLAN until certain company requirements are met? A. RAS B. NAC C. NAT D. RADIUS |
B. NAC |
| Which of the following describes the process by which a single user name and password can be entered access multiple computer applications | Single sign-on |
| Workstation Domain | This domain refers to any computing device used by end users. This usually means a desktop or laptop that is the main computer for the end user. |
| WBT | Temp measured by a thermometer with a wetted sock covering its bulb as fast moving air passes across it; evaporative cooling; AZ |
| Romans 8:28 | I am assured that all things work together for my good. |
| Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network? | Firewall log |
| QUESTION NO: 190A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?A. FirewallB. Man-in-the-middleC. Proxy serverD. Honeypot | Answer: D |
| dictionary attack | An attack on a password that creates hashes of common dictionary words, and then compares those hashed dictionary words against those in the password file. |
| Ping/ICMPRawSocketHow TCP breaks | Syn - syn/ackcreate packets with false source IPTable of syn/ack (half open connections) full. |
| Which of the following is a way to encrypt session keys using SSL?A. Session keys are sent unencryptedB. Session keys are encrypted using an asymmetric algorithm.C. Session keys are sent in clear text because they are private keysD. Session keys are encry | B |
| Which of the following is the BEST way to reduce the number of accounts a user must maintain?A. KerberosB. CHAPC. SSOD. MD5 | C |
| In the ___ users cannot share resources dynamically | Mandatory Access Control (MAC) |
| Application layer | The seventh layer of the Open Systems Interconnection (OSI) model.This layer deals with how applications access the network and describes application functionality,such as file transfer, messaging, and so on. |
| mantrap | A device, such as a small room, that limits access to one or a few individuals.Mantraps typically use electronic locks and other methods to control access. |
| Minimizing the vulnerabilities of assets and resources is the goal of which security objective? | Integrity.Data integrity is about minimizing vulnerabilities in data and networks. |
|
Which of the following describes a semi-operational site that in the event of a disaster, IT operations can be migrated? A. Hot site B. Warm site C. Mobile site D. Cold site |
B. Warm site |
|
Which of the following is an example of implementing security using the least privilege principle? A. Confidentiality B. Availability C. Integrity D. Non-repudiation |
B. Availability |
|
The president of the company is trying to get to their bank's website, and the browser is displaying that the webpage is being blocked by the system administrator. Which of the following logs would the technician review? A. DNS B. Performance |
D. Content filter |
| A workstation is being used as a zombie set to attack a web server on a certain date. The infected workstation is MOST likely part of a: | DDoS Attack |
|
A URL for an internet site begins with 'https': rather than "http:' which is an indication that the website uses: |
SSL |
| While Jim Jones is surfing, he encounters a pop-up window that prompts the user to download a browser plug-in. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following BEST describes this type of | Software publisher certificates |
| Acceptable use policies (AUPs) | Formal written policies that describe proper and unacceptable behavior when using computer and network systems. For example, an acceptable use policy may set rules on what type of Web site browsing is permitted or if personal e-mails over the Internet are allowed. |
| Shareholder | A person who buys stock in a company (investor). |
| Rule 504 | 1. offering not to exceed $1 mill2. unltd accredited investors3. offering must be a specific property4. every 12 months |
| SEC waiting period | the SEC has 20 days to examine statement, can be much longer because SEC can require amendments that extend it 20 days each time |
| continuous data protection (CPD) | Continuous data backups that can be restored immediately. |
| User Account Control (UAC) | A Microsoft Windows Vista feature that provides enhanced security by prompting the user for permission whenever software is installed. |
| race condition | OS sync used so we know what process is going to use the shared memory first. |
| If a user attempts to go to a website and notices the URL has changed, which of the following attacks is MOST likely the cause?A. DLL injectionB. DDoS attackC. DNS poisoningD. ARP poisoning | C |
| NetWare Link State Protocol (NLSP) | A protocol that gathers routing information basedon the link-state routing method. Its precursor is the Routing Information Protocol (RIP).NLSP is a more efficient routing protocol than RIP. |
| Port Address Translation (PAT) | A means of translating between ports on a public andprivate network. Similar to Network Address Translation (NAT), which translates addressesbetween public and private. |
| You're a security designer planning Role-Based Access Control for an intranet where each user has his or her own workstation. The department in which a user works determines his or her job function. The departments are: Management, Production, Marketing, | Management, production, marketing, and sales. |
|
Which of the following is an important part of disaster recovery training? A. Schemes B. Storage locations C. Chain of custody D. Table top exercises |
D. Table top exercises |
|
A technician completes a WLAN audit and notices that a number of unknown devices are connected. Which of the following can BEST be completed to mitigate the issue? A. Replace the wireless access point B. Replace the firewall C. Change the SSID |
D. Enable MAC filtering |
|
Which of the following is reversible when encrypting data? A. A private key B. A public key C. A hashing algorithm D. A symmetric key |
D. A symmetric key |
| Reusing a ticket, as a replay attack, in Kerberos authentication will not be successful because the tickets: | are time stamped |
| Which of the following access control models uses subjects and object labels? | Mandatory Access Control (MAC) |
| To preserve evidence for later use in court, which of the following needs to be documented? | Chain of custody |
| Rule 506 | 1. more than $5 mill2. 35 or less sophisticated investors3. unltd acc investors4. no general solicitation5. specific, semi-specific, blind pool |
| An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the server’s public IP address is now reported | SMTP open relaying is enabled |
| dwell time | The time it takes for a key to be pressed and then released. |
| Covert channel is a communication channel that can be used for:A. Violating the securityB. Strengthening the security policyC. Hardening the systemD. Protecting the DMZ | ACovert channels: indirect ways for transmitting information with no explicit reading of confidential information. In other words, the communication is out in plain view, but "invisible" to those who don't know how to look for it. This kind of difficulty has induced some researchers to rethink from scratch the whole problem of guaranteeing security in computer systems. Some obscure techniques which can be utilized to create covert channels include hiding messages using the first letters of each word in a longer communication, blinking eyes in "Morse code" during a conversation, etc. Even something as mundane as some of the "signals" used by a baseball team, if non-obvious enough, could be considered a covert channel.Covert channels are not a way to strengthen the security policy of an organization, hardening the system or protecting the DMZ -- they are a security risk, not a security-enhancing technique. |
| The DAC model uses ___ to map a user's to access permissions to a resource. | Access Control Lists (ACLs) |
| To hide the true source of an attack or gain unauthorized access to a system, an attacker spoofs which field in a packet? | Source IP address |
|
The administrator needs to require all users to use complex passwords. Which of the following would be the BEST way to do this? A. Set a local password policy on each workstation and server B. Set a domain password policy C. Set a group policy t |
B. Set a domain password policy |
|
Conducting periodic user rights audits can help an administrator identity: A. new user accounts that have been created. B. users who are concurrently logged in under different accounts. C. unauthorized network services. D. users who can view con |
D. users who can view confidential information. |
| Which of the following steps is MOST often overlooked duringthe auditing process? | Reviewing event logs regularly |
| Solar Heat Gain Coefficient/SHGC | The SHGC is the fraction of incident solar radiation admitted through a window, both directly transmitted, and absorbed and subsequently released inward. SHGC is expressed as a number between 0 and 1. The lower a window's solar heat gain coefficient, the less solar heat it transmits. |
| how to detect torjan being compiled into a program | compare machine code to source code. |
| Dynamic Host Configuration Protocol (DHCP) | A protocol used on a TCP/IP networkto send client configuration data, including IP address, default gateway, subnet mask, andDNS configuration, to clients. DHCP uses a four-step process: Discover, Offer, Request,and Acknowledgement. See also default gateway, Domain Name Service (DNS), TransmissionControl Protocol/Internet Protocol (TCP/IP). |
| What is the primary advantage of asymmetric encryption? | It allows encryption and decryption without the sharing of private keys. |
|
A technician notices that unauthorized users are connecting to a wireless network from outside of the building. Which of the following can BEST be implemented to mitigate this issue? A. Change the SSID B. The wireless router needs to be replaced |
D. The wireless output range can be reduced |
| To keep an 802.11x network from being automatically discovered, a user should: | turn off the SSID broadcast |
| Seasonal Energy Efficiency Ratio/SEER | Current min is 13; ratio of an average heat extraction over energy inputHigh efficiency>15Avg=10 |
| How is session key used in PK | • Encrypt the message with the secret key.• Encrypt the secret key with the recipient’s public key.• Send encrypted message and encrypted key |
| You work as the security administrator at Certkiller .com. You want to ensure that only encrypted passwords are used during authentication. Which authentication protocol should you use?A. PPTP (Point-to-Point Tunneling Protocol)B. SMTP (Simple Mail Tr | DCHAP is commonly used to encrypt passwords. It provides for on-demand authentication within an ongoing data transmission, that is repeated at random intervals during a session. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm. |
|
Which statement correctly describes the difference between a secure cipher and a secure hash? A. A hash can be reversed, a cipher cannot. B. A cipher can be reversed, a hash cannot |
B. A cipher can be reversed, a hash cannot |
| SEC Rule 505 (part of D) | No more than $5 mill within 12 months, no general advertising, no more than 35 unaccredited investors and must give audited f/s to these investors, restricted resale |
| You are the network administrator at Certkiller .com. You discover that your domain name server is resolving the domain name to the wrong IP (Internet Protocol) address and thus misdirecting Internet traffic. You suspect a malicious attack. Which of the f | CSpoofing is when you forge the source address of traffic, so it appears to come from somewhere else, preferably somewhere safe and trustworthy. Web spoofing is a process where someone creates a convincing copy of a legitimate website or a portion of the world wide web, so that when someone enters a site that they think is safe, they end up communicating directly with the hacker. To avoid this you should rely on certificates, IPSEC, and set up a filter to block internet traffic with an internal network address. |
|
Which of the following is true when a user browsing to an HTTPS site receives the message: a Site name mismatch'? A. The certificate CN is different from the site DNS A record. B. The CA DNS name is different from the root certificate CN. C. The |
A. The certificate CN is different from the site DNS A record. |
| SEC v Howey Co.- investment contract | sale of parcels of land in a citrus grove. the investors had an assumption and expectation of receiving a profit w/o any active effort on their part. |
| Which of the following is an inherent flaw of DAC (Discretionary Access Control)?A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.B. DAC (Discretionary Access Control) relies on | AIn a DAC model, network users have some flexibility regarding how information is accessed. This model allows users to dynamically share information with other users. The process allows a more flexible environment, but it increases the risk of unauthorized disclosure of information. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given.Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 440 |
| When a patch is released for a server the administrator should? | Test the patch on a non-production server then install the patch to production. |
|
A technician needs to validate that a sent file has not been modified in any way. A co-worker recommends that a thumbprint be taken before the file is sent. Which of the following should be done? A. Take an AES hash of the file and send the recei |
B. Take a MD5 hash of the file and send the receiver both the hash and the original file in a signed and encrypted email. |
