3ed 5 Flashcards

following access control
Terms Definitions
Return
In a plenum
Tombstone Ad
Announces the participating underwriters and number of securities and their price, must state that it is not an offer to sell or solicit offers
Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO).A. Need to prevent access to a file or folderB. Need to know which files have been accessedC. Need to know who is logging on t
B,C
Assigning proper security permissions to files and folders is the primary method of mitigating which of the following?A. HijackingB. Policy subversionC. TrojanD. DoS
C
breakable
(encrytpion algorithm) if, given enough time/data, an analyst can recover plaintext
pedagogical
An instructional approach for teaching children.
Kerberos
An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
Steganography could be used by attackers toA. encrypt and conceal messages in microdotsB. decrypt data stored in unused disk spacEC. encrypt and decrypt messages in graphicsD. hide and conceal messages in WAV files
D
Which of the following intrusion detection technologies work by monitoring the file structure of a system to determine whether any system files were deleted or modified by an attacker ?A. Log file monitor (LFM)B. System integrity verifier (SIV)C. Ho
B
During the implementation of LDAP, which of the following will typically be changed within the organizations software programs?A. IP addressesB. Authentication credentialsC. Non-repudiation policyD. Network protocol
B
Identify the techniques apart from bribery and forgery that attackers use to socially engineer people? (Choose TWO)A. Flattery is a most common method.B. Dumpster diving is a most common method.C. Phreaking is a most common method.D. Assuming a po
A,D
____ best describes a MAC model.
Lattice terminology

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. Eavesdropping
B. Process hiding
C. Self-replication
D. Popup displays
C. Self-replication
Non-repudiation is enforced by which of the following?
key exchange
Executive
A senior business leader accountable for approving security policy implementation, driving the security message within an organization, and ensuring that policies are given appropriate priority
NCSC
NATIONal computer security center - founded by nsa in 82 to evaluate security of products
How many keys are utilized with asymmetric cryptography?
Two
A small call center business decided to install an email system to facilitate communications in the office. As part of the upgrade the vendor offered to supply antimalware software for a cost of $5,000 per year. The IT manager read there was a 90% chance
$2,290
QUESTION NO: 142An administrator is implementing a public website and they want all client connections to the server to be encrypted via their web browser. Which of the following should be implemented?A. SSLB. SHA-1C. BlowfishD. 3DES
Answer: A
Inheritance
The process by which permissions given to a higher level “parent” that are passed down to a lower level “child.”
Windows Live ID
A Microsoft product originally designed as a single sign on (SSO) for Web commerce.
Goals of InfoSec
Prevention• Prevent attackers from violating security policyDetection• Detect attackers’ violation of security policyRdR Response and Recovery• Stop attack, assess and repair damage• Continue to function correctly even if attack succeeds• Return system to a state consistent with policy
An administrator has developed an OS install that will implement the tightest security controls possible. In order to quickly replicate these controls on all systems, which of the following should be established?A. Take screen shots of the configuration
B
Which of the following describes a static NAT?A. A static NAT uses a one to many mapping.B. A static NAT uses a many to one mapping.C. A static NAT uses a many to many mapping.D. A static NAT uses a one to one mapping.
D
In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone?A. Smart cardB. Defense-in-depthC. MantrapD. DMZ
C
A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?A. Access logsB. Performance logC. Firewall logsD. Antivirus logs
A
Which of the following practices is MOST relevant to protecting against operating system security flaws?A. Network intrusion detectionB. Patch managementC. Firewall configurationD. Antivirus selection
B
Which of the following is a publication of inactivated user certificates?A. Certificate revocation listB. Certificate suspensionC. Recovery agentD. Certificate authority
A
Which of the following algorithms is MOST closely associated with the signing of email messages?A. MD5B. TKIPC. PGPD. SHA-1
C
Which of the following types of network cables is less secure than coaxial cabling?(A) Twisted-pair cables(B) Fiber optic cable(C) All of the above
A
Which of the following security zones is closest to the internal network of the company, and can also be considered as being internal to the company ?(A) Internet(B) Intranet(C) Extranet(D) Perimeter network
B
DNS server
Any server that performs address resolution from a DNS fully qualifieddomain name (FQDN) to an IP address. See also Domain Name Service (DNS), InternetProtocol (IP)
Which of the following protocols lets you create a Virtual Private Network (VPN) between a corporate network and a remote office?
IPSec

A vulnerability assessment was conducted against a network. One of the findings indicated an outdated
version of software. This is an example of weak:
 
A. security policies.
B. patch management.
C. acceptable use policies.
D. configuration basel
B. patch management.

Which of the following asymmetric algorithms was designed to provide both encryption and digital
signatures?
 
A. Diffie-Hellman
B. DSA

C. SHA
D. RSA
D. RSA

Which of the following concepts addresses the threat of data being modified without authorization?
 
A. Integrity
B. Key management
C. Availability
D. Non-repudiation
A. Integrity
Which of the following types of malicious software travles across computer networks without requiring a user to distribute the software?
Worm
Which of the following remote access processes is BEST described as matching user supplied credentials with those previously stored on a host server?
Authentication
An enclosure that prevents radio frequency signals from emaneting out of a controlled environment is BEST described as which of the following?
Faraday cage
Users are reporting that when attempting to access the companys web page on the Internet, the user is rerouted to a protest webpage.  This is MOST likely:
DNS poisoning
Two-factor authentication
Requires end users to authenticate their identity using at least two of three different types of credentials. The three most commonly accepted types of credentials are something you know, something you have, and something you are.
Transmission
Heat is lost through walls, ceiling, etc.
malleable
encyption algo is if transformation on cipher produced meaningful changes on plaintext
Which of the following would be the MOST secure choice to implement for authenticating remote connections?
RADIUS
Telecommunications Electronics Material Protected from Emanating SpuriousTransmissions (TEMPEST)
A classified U.S. government standard intended to preventattackers from picking up stray RFI and EMI signals from government buildings
QUESTION NO: 107Which of the following statements BEST describes the implicit deny concept?A. Blocks everything and only allows privileges based on job descriptionB. Blocks everything and only allows explicitly granted permissionsC. Blocks everything and
Answer: B
QUESTION NO: 151Which of the following type of fire suppression tools would cause the MOST damage to electricalequipment?A. WaterB. Carbon DioxideC. HalonD. Foam
Answer: A
QUESTION NO: 171Which of the following algorithms have the smallest key space?A. IDEAB. SHA-1C. AESD. DES
Answer: D
discovery
Part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can request documents and evidence.
site-to-site VPN
A virtual private network in which multiple sites can connect to other sites over the Internet.
SLE
• The single loss exposure (SLE) of an adverse event is the cost incurred if the event takes place.• It may be a range. Example: the SLE of an tbil k(fth l) automobile wreck (for the car only) may range from a coupe of thousand dollars to a “totaled” car, the entire cost.
A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrator check FIRST?A.
C
What should the minimum length of a password be to deter dictionary password cracks?A. 6 charactersB. 8 charactersC. 10 charactersD. 12 charactersE. 16 characters
B
Which of the following type of attacks requires an attacker to sniff the network?A. Man-in-the-MiddleB. DDoS attackC. MAC floodingD. DNS poisoning
A
Which of the following is an exploit against a device where only the hardware model and manufacturer are known?A. Replay attackB. Denial of service (DoS)C. Privilege escalationD. Default passwords
D
Which of the following is the best defense against man in the middle attacks?A. A firewallB. Strong encryptionC. Strong passwordsD. Strong authentication
B
MTS is in the process of implementing PKI and is looking for help from someone—not to issue certificates, but to serve as a middleman in the process. Which term describes the organization that can assist in the PKI certificate process? Answer
C
You have a new website that utilizes Active Server Pages using XML. A portion of the site requires PKI. What protocol can you use to allow XML to access PKI? Answer a. ISAKMP b. XKMS c. SSL/TLS d. P
B
All of the following are where backup tapes should be kept EXCEPT:A. near a fiber optic cable entrance.B. near a shared LCD screenC. near a power line.D. near a high end server.
C
____ consists of the rules for controlling the methods and conditions of access to your system.
Access control
best practices
A set of rules governing basic operations.
To access a workstation, a user inserts a smart card containing a public encryption key. Then she types a password or PIN. The workstation decrypts the password or PIN using its private key. If everything looks good, the user is logged on to the workstati
Multifactor authentication

Which of the following can ensure the integrity of email?
 
A. MD5
B. NTLM
C. Blowfish
D. LANMAN
A. MD5

Which of the following tools provides the MOST comprehensive view of the network's security?
 
A. Vulnerability assessment
B. Network anomaly detection
C. Penetration test
D. Network mapping program
C. Penetration test

When examining HTTP server logs the security administrator notices that the company's online
store crashes after a particular search string is executed by a single external user. Which of the
following BEST describes this type of attack?
 
A. Spim
C. Spoofing
Which of the following security types would require the use of certificates to verily a user'sidentity?A. ForensicsB. CRLC. PKID. Kerberos
C. PKI

Which of the following solutions would a company be MOST likely to choose if they wanted to
conserve rack space in the data center and also be able to manage various resources on the
servers?
 
A. Install a manageable, centralized power and cooling
B. Server virtualization
In a classified environment, a clearance into a Top Secret compartment only allows access to certain information within that compartment.  This is known as:
need to know
Which of the following is MOST often used to allow a client or partner access to a network?
Extranet
Evangelist
is a person with enthusiasm for a cause or project. An evangelist often gains acceptance for a project from a wide audience.
IT policy framework
A logical structure that is established to organize policy documentation into groupings and categories that make it easier for employees to find and understand the contents of various policy documents. Policy frameworks can also be used to help in the planning and development of the policies for an organization.
belief logics
allow short abstract proofs but may miss some important flaws
Which of the following risks would be reduced by implementing screen filters?
Shoulder surfing
server cluster
A combination of two or more servers that are interconnected toappear as one.
operation
An action that is taken by the subject over an object.
Database Integrity Items
• Attribute integrity: Each field (attribute) The database designer describes what is required for consistency. The DBMS enforces those rules.contains valid data.• Entity integrity: Rows are unique; no part of primary key is null• Referential integrity: Connections among tables are consistent.
Risk managment 3 stages
• Risk management: process of identifying and controlling risks facing an organization• Risk identification: process of examining an organization’s current information organization s current information technology security situation• Risk control: applying controls to reduce risks to an organizations data and information systems
t has come to your attention that the telephone account for the employees in your department is extremely high. You check the print out and discover that 4,500 text messages is sent daily to random numbers. What is the best option to stop this excessive t
D
A popular topic in the media has been the recovery of sensitive data from computers that have been thrown away or donated to charity by companies. What security policy should be designed to cover this possibility? Answer a. Disposal/dest
A
New Technology LAN Manager (NTLM)
The protocol that Microsoft Windows–basedoperating systems use for authentication with remote access protocols.
Link Control Protocol (LCP)
The protocol used to establish, configure, and test the linkbetween a client and PPP host.
X.509 requires CAs to provide data structure that lists certificates that have been revoked before their expiration date. What is the name of that data structure?
Certificate Revocation List

Which of the following has been implemented if several unsuccessful login attempts were made in
a short period of time denying access to the user account, and after two hours the account
becomes active?
 
A. Account lockout
B. Password expiration
A. Account lockout

Which of the following is BEST used for providing protection against power fluctuation?
 
A. Generator
B. Voltmeter
C. UPS
D. Redundant servers
C. UPS

The success of a user security education and awareness plan is largely dependent on support
from:
 
A. contractors.
B. project management.
C. human resources.
D. senior management.
D. senior management.

Employees are allowed access to webmail while on the company network. The employees use
this ability to upload attachments and send email from their corporate accounts to their webmail.
Which of the following would BEST mitigate this risk?
 
A. Cle
C. Data Leak Prevention

Which of the following should be disabled to help prevent boot sector viruses from launching when
a computer boots?
 
A. Hard drive
B. USB
C. SNMP
D. DMZ
A. Hard drive
Which of the following would be achieved by using encryption? (Select THREE)
1.  Non-repudiation
 
2.  Confidentiality
 
3.  Integridty
Malicious code that enters a computer by means of a freely distributed game that is intentionally installed and played is known as:
a Trojan Horse
A user has received an email from a mortagage company asking for personal information including bank account numbers.  This would BEST be described as:
phishing
Patch management
Refers to making sure that devices on the network, such as workstations and servers, have current patches from the vendor. It’s particularly important to apply security patches in a timely way to address known vulnerabilities.
Heat Capacity/C
Amt of heat required to change the temp of a specific volume of a substance 1 degree; Btu/(ft3*F)
SEC regulation A
Exempts securities issues of up to $5 million within a 12 month period from registration (not exempt from antifraud), can include no more than $1.5 mill offered by all selling holders, must file an offering circular with the SEC but not entire registration statement, no restriction on resale
asymmetric server cluster
a technology in which a standby server exists only to take over for another server in the event of its failure
physical access log
A record or list of individuals who entered a secure area, the time that they entered, and the time they left the area.
Terminal Access Control Access Control System (TACACS+)
An industry standard protocol specification that forwards username and password information to a centralized server.
A smartcard represents:A. Something you areB. Something you knowC. Something you haveD. All of the AboveE. None of the Above
CAuthentication is accomplished through something you know, something you have and/or something you are. One form of authentication requires possession of something ("something you have") such as a key, a smart card, a disk, or some other device. Whatever form it takes, the authenticating item should be difficult to duplicate and may require synchronization with systems other than the one to which you are requesting access. Highly secure environments may require you to satisfy multiple authentication criteria to guarantee authenticity.Something you know, would be a piece of data known only to you, such as a password. Something you are, would be a physical characteristic of you, like your fingerprint.
Network File System (NFS)
A protocol that enables users to access files on remotecomputers as if the files were local.
Data Link layer
The second layer of the Open Systems Interconnection (OSI) model. Itdescribes the physical topology of a network.
A system administrator reports that upon deleting a terminated employee's files, other fileson the system started disappearing on their own. The system administrator has beenvictimized by which type of malware?
Logic bomb.Programs relating to employees that do bad things on schedule, or in response to some otherevent, are usually Logic bombs.

Which of the following should a technician deploy to detect malicious changes to the system and
configuration?
 
A. Pop-up blocker
B. File integrity checker
C. Anti-spyware
D. Firewall
B. File integrity checker
Which of the following access control models refers to assigning sensitivity labels to the user and the data?
Mandatory Access Control (MAC)
Payment Card Industry Data Security Standard (PCI DSS)
A worldwide information security standard that describes how to protect credit card information. If you accept Visa, MasterCard, or American Express, you are required to follow PCI DSS.
assoc w/ each public key in useres key ring, indicates extent to which pgp trusts this is a valid public key for this user
fibs 140-2
time of day restrictions
Limitations placed on when a user can log on to a system.
mysql escape string and unicode checking
used to prevent mysql executioncan't convert ascii chars for sql injection because they are detected.
Discretionary Access Control (DAC)
In DAC, access to each object is controlled on a customized basis based on a users identity. Objects are controlled with an Access Control List(ACL) of subjects who are allowed to access the object.
Crime scene technicians and investigators keep a log of everything that happens to a piece of evidence from the moment it is discovered. What is this log called?
Chain of custody.The chain of custody details everything that happens to a piece of evidence from the time it's found to its presentation in court.

Which of the following is MOST likely the reason why a security administrator would run a Nessus
report on an important server?
 
A. To analyze packets and frames
B. To report on the performance of the system
C. To scan for vulnerabilities
D. To
C. To scan for vulnerabilities
A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN.  Which of the following actions should the administrator take FIRST?
Disconnect the network cable
Which of the following would be MOST important when designing a security awareness program?
Conducting user training sessions
disk to disk (d2d)
Backing up to a magnetic disk, such as a large hard drive or RAIDconfiguration.
In the Lattice Based Access Control model, controls are applied to:A. ObjectsB. ScriptsC. FactorsD. ModelsE. Both A and B
AInformation flow is clearly central to confidentiality but to some extent it also applies to integrity. The basic work in this area was done around 1970 and was driven mostly by the defense sector. Information flow in computer systems is concerned with flow from one security class (also called security label) to another. These controls are applied to objects. An object is a container of information; an object can be a directory or file.Controls are part of the Lattice Based Access Control (Mandatory Access Control) model, not applied to the model. Factors and scripts are not involved in the model.
Which is an example of biometric authentication?
Retinal scan.Biometrics is based on biological features that are unique to each person, like fingerprints,handprints, voice patterns, and blood vessels in the retina.

Biometrics is an example of which of the following type of user authentication?
 

A. Something the user is
B. Something the user has
C. Something the user does
D. Something the user knows
A. Something the user is

The administrator needs to set permissions for the new print server for a company comprised of
320 people in 18 departments. Each department has its own set of printers. Which of the following
options is the BEST way to do this?
 
A. Place all the
C. Place all the people into departmental groups. Assign printer access by matching group to
department.
Which of the following would be an example of a hardware device where keys can be stored?  (select TWO)
1.  Smart card
 
2.  PCMCIA card
Which of the following can be used as a means for dual-factor authentication?
Iris scan and proximity card
Which of the following attacks can be mitigated against by implementing the following ingress/egress traffic filtering? * Any packet coming into the network must not have a source address of the internal network. * Any packet coming into the network must
BBy having strict addressing filters; an administrator prevents a spoofed address from gaining access.
When is a privileged user account most vulnerable to misuse?
When the account holder's employment is terminated.

Patches and updates should be applied to production systems:
 
A. After vetting in a test environment that mirrors the production environment.
B. As soon as the vendor tests and makes the patch available.
C. After baselines of the affected systems
A. After vetting in a test environment that mirrors the production environment.
What are the requirements to access classified information?
Proper clearance and a need to know.
What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server? A. RADIUS B. PPTP C. L2TP D. IPSec E. None of the Above
aRADIUS is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server, which desires to authenticate its links and a shared Authentication Server. RADIUS uses a centralized database for simplified management. RADIUS is a standard published in RFC2138 as mentioned above.The other protocols listed are network communication protocols, not authentication protocols responsible for carrying traffic between a NAS and an Authentication Server.

The benefit of using software whole disk encryption is:
 
A. the data can be retrieved easier if the disk is damaged
B. the disk's MBR is encrypted as well.
C. unauthorized disk access is logged in a separate bit.
D. the entire file system is encr
D. the entire file system is encrypted in case of theft.
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack
CA good hashing algorithm should not produce the same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, it is referred to as a collision. If an attacker finds an instance of a collision, he has more information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way hash function is called the birthday attack. If an attacker has one hash value and wants to find a message that hashes to the same hash value, this process could take him years. However, if he just wants to find any two messages with the same hashing value, it could take him only a couple hours.

Why is an ad-hoc network a security risk?
 
A. An ad-hoc network allows access to another computer at the same level of the logged in user,
compromising information.
B. An ad-hoc network allows access to the nearest access point which may allow a d
A. An ad-hoc network allows access to another computer at the same level of the logged in user,
compromising information.
What do you call a file that keeps a record of successful logins, failed login attempts, fileactivities, and the like?
Audit trail.Audit trails keep track of who did what and when.
/ 127
Term:
Definition:
Definition:

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})

{[comment.username]}

{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online