I am secure 2 Flashcards

Terms Definitions
In a duct
After implementing file auditing, which of the following logs would show unauthorized usage attempts?
Malware that uses virtualization techniques can be difficult to detect because of which of the following?A. A portion of the malware may have been removed by the IDS.B. The malware may be using a Trojan to infect the system.C. The malware may be imp
Multi Factor authentication scheme that requires validation of at least two of the possible authentication factors. It can be any combination of who you are(Biometrics), what you have(Tokens, Cards, etc), and what you know(Passwords)
An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?
Google phishing
Phishing that involves phishers setting up their own search engines todirect traffic to illegitimate sites.
Organizational law, Must, may, must not.
A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action?A. Shutdown all affected servers until management can benotifieD.B. Visit a search engine and search for a possible patch.C. Wa
Users and computers are generally grouped into domains for security purposes. Which of the following is a common attribute used to determine which domain a user or computer belongs to?A. MAC addressB. LocationC. PasswordD. OS
You have been authorized to purchase a software program that will monitor network traffic and watch for specific patterns that might indicate hacker traffic. What type of program should you purchase? Answer a. Intrusion detection
Identify the different types of certificate-based authentication? (Choose TWO)A. Many-to-one mapping is a type of certificate-based authenticationB. One-to-one mapping is a type of certificate-based authentication.C. One-to-many mapping is a type o
Which of the following organizational documentation describes how tasks or job functions should be conducted?A. StandardsB. GuidelineC. PolicyD. Procedures
Which of the following authentication mechanisms performs better in a secure environment?A. RADIUS because it is a remote access authentication serviceB. TACACS because it encrypts client-server negotiation dialogs.C. RADIUS because it encrypts client-ser
digital signature
An asymmetrically encrypted signature whose sole purpose is toauthenticate the sender.

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?
A. Eavesdropping
B. Process hiding
C. Self-replication
D. Popup displays
C. Self-replication
Sensible Heat
A felt change in temp
polyaplphabetic substitution
different substitutions made for letter depending on where in plaintext it occurs
An administrator suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which of the following logs would be the BEST place to look for information?
Firewall logs
Which of the following algorithms is MOST closely associated with the signing of email messages?
QUESTION NO: 101A technician is rebuilding the infrastructure for an organization. The technician has been taskedwith making sure that the virtualization technology is implemented securely. Which of the followingis a concern when implementing virtualizati
Answer: B
An occurrence within a software system that is communicated to users or other programs outside the operating system.
Lightweight LAP (LEAP)
An authentication protocol developed by Cisco that requires mutual authentication and delivering keys used for encryption.
Inference Solutions
• Inference detection at database design• alter database structure or access controls• Inference detection at query time• by monitoring and altering or rejecting queries• We need an inference detection algorithm • a difficult problem• consider the employee-salary exampleIn
Least privilege is defined as giving access to information:A. based on sense of urgency from managementB. based on tenure at the companyC. needed to complete the taskD. that may be revealed to the publicE. All of the Above
Which of the following requires the server to periodically request authentication from the client?A. EAPB. CHAPC. WPA2D. RAS
Which of the following BEST describes how steganography can be accomplished in graphic files?A. Replacing the most significant byte of each bitB. Replacing the least significant byte of each bitC. Replacing the most significant bit of each byteD.
Which of the following should be considered when executing proper logging procedures? (Select TWO).A. The information that is needed to reconstruct eventsB. The number of disasters that may occur in one yearC. The password requirements for user acco
Which of the following methods will help to identify when unauthorized access has occurred?A. Implement two-factor authenticationB. Implement previous logon notification.C. Implement session termination mechanismD. Implement session lock mechanism
You’re a security consultant for MTS and discussing encryption with a customer. They inform you that their current encryption system requires the use of the same key on both ends of the system. What type of encryption system are they using? Answer
Which of the following allows a technician to correct a specific issue with a solution that has not been fully tested?A. PatchB. HotfixC. Security roll-upD. Service pack
Tokens are physical objects, such as smart cards or ID Badges that store authentication information. tokens can store personal ID numbers(PIN), information about the user, or passwords. Unique token values can be generated by special devices in response to a challenge from an authenticating server or by using independent algorithms.
A message confirming that a data packet was received.Acknowledgment occurs at the Transport layer of the Open Systems Interconnection(OSI) and TCP/IP models.
While reviewing audit trails, an administrator notices that a regular user ran a program that requires administrative privileges. Which term describes what happened?
Privilege escalation

Which of the following technologies is used to verily that a file was not altered?
A. RC5
D. MD5

D. MD5

Which of the following protocols correspond to port 514 by default?
Pretty Good Privacy (PCP) uses PKI Trust Model where no certificate authority (CA) is subordinate to another.  The model with no single trusted root is known as:
Which of the following types of malicious software copies itself by attaching to other porgrams on teh same host computer?
Which of the following trust models would allow each user to create and sign certificates for the people they know?
Which of the following types of cryptography is typically used to provide an integrity check?
Level of motion or agitation of molecules; Celsius=(F-32)/1.8; Fahrenheit=(1.8*C)+32
keyless cipher
encryption algorithm that doesn't need a key
Which of the following type of strategies can be applied to allow a user to enter their username and password once in order to authenticate to multiple systems and applications?
Single sign-on
warm site
A remote site that contains computer equipment but does not havetelecommunication access constantly running.
QUESTION NO: 162Which of the following is a best practice to prevent users from being vulnerable to socialengineering?A. Have a solid acceptable use policy in place with a click through banner.B. Provide thorough and frequent user awareness training.C. Ha
Answer: B
QUESTION NO: 104Which of the following is considered the weakest encryption?A. AESB. DESC. SHAD. RSA
Answer: B
QUESTION NO: 192A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and prints successfully. Which of the following should the administrato
Answer: C
QUESTION NO: 174Which of the following provides the MOST comprehensive redundancy for an entire site with theleast downtime?A. A warm siteB. A cold siteC. A mobile siteD. A hot site
Answer: D
performance baseline
A baseline that is established to create the “norm” of performance.
single sign-on (SS0)
Using one authentication to access multiple accounts or applications.
Daily message digest
Good to proove tampering of evidence
A user reports that a web based application is not working after a browser upgrade. Before the upgrade, a login box would appear on the screen and disappear after login. The login box does not appear after the upgrade. Which of the following BEST describe
Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?A. TeardropB. TCP/IP hijackingC. PhishingD. Replay
What characteristic of TCP/IP (transmission Control Protocol/Internet Protocol) does TCP/IP (transmission Control Protocol/Internet Protocol) session hijacking exploit?A. The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no auth
BTCP/IP's connection orientated nature, and lack of natural security makes it easy to hijack a session by spoofing.
What type of authentication is depicted below:
refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such
Mutual: (two-way authentication)
ping of death
A large Internet Control Message Protocol (ICMP) packet sent to overflowthe remote host’s buffer. A ping of death usually causes the remote host to reboot or hang.

Attackers may be able to remotely destroy critical equipment in the datacenter by gaining control
over which of the following systems?
A. Physical access control
B. Video surveillance
D. Packet sniffer

Which of the following security controls would a company use to verify that their confidential and
proprietary data is not being removed?
A. Man traps
B. Chain of custody
C. Video surveillance
D. Vulnerability scanners
C. Video surveillance

Which of the following uses multiple encryption keys to repeatedly encrypt its output?
A. AES256
D. AES128

Which of the following assessments is directed towards exploiting successive vulnerabilities to
bypass security controls?
A. Vulnerability scanning
B. Penetration testing
C. Port scanning
D. Physical lock testing
B. Penetration testing

Which of the following describes an attack technique by which an intruder gains physical access
by following an authorized user into a facility before the door is closed?
A. Shoulder surfing
B. Tailgating
C. Escalation
D. Impersonation
B. Tailgating

A company sets up wireless access points for visitors to use wireless devices. Which of the
following encryption methods should they implement to provide the highest level of security?
A. SHA-256
Which of the following is used to determine equipment status and modify the configuration or setting of network devices?
Which of the following methods of password guessing typically requires the longest attack time?
Brute force
Personal privacy
In e-commerce, broadly deals with how personal information is handled and what it used for.
bad boy disqualification
1. injunction
2. barred by FINRA
3. criminal convictions
has table of columns:1. timestamp2. key id - last 64 digits of pub key3. public key4. private key5. user id
key legitimacy field
Which of the following is an exploit against a device where only the hardware model and manufacturer are known?
Default passwords
social engineering
An attack that relies on tricking and deception to provide secureinformation.
Non-Discretionary Access Control
Another name for Role Based Access Control.
buffer voerflow runtime def
non executable memory (need special hardware, write stack in NEM)Randomly generated OS libraries (256 configs in windows)Guard pages in memory to crash program.
A password represents: A. Something you have B. Something you know C. Something you are D. All of the Above E. None of the Above
BAuthentication is accomplished through something you know, something you have and/or something you are. The canonical example of something you know is a password or pass phrase. You might type or speak the value. A number of schemes are possible for obtaining what you know. It might be assigned to you, or you may have picked the value yourself. Constraints may exist regarding the form the value can take, or the alphabet from which you are allowed to construct the value might be limited to letters only. If you forget the value, you may not be able to authenticate yourself to the system. Something you have, would be a physical item you possess, such as a smartcard. Something you are, would be a personal characteristic of you, not a piece of information you know.
Which of following can BEST be used to determine the topology of a network and discover unknown devices?A. Vulnerability scannerB. NIPSC. Protocol analyzerD. Network mapper
The combination of a user name and password is one of the most basic authentication schemes. In this type of authentication, a user's credentials are compared against credentials stored in a database.
Presentation layer
The sixth layer of the OSI model; responsible for formatting dataexchange, such as graphic commands, and converting character sets. This layer is alsoresponsible for data compression, data encryption, and data stream redirection. See alsoOpen Systems Interconnection (OSI) model.
access attack
An attack aimed at gaining access to resources.
Which authentication approach is used for Internet connections when a username andpassword are not enough to provide proof of identity?
Multi-factor.When biometrics isn't feasible, but passwords are not enough, multi-factor authenticationcan be used to require two or more forms of authentication.

Which of the following presents the GREATEST security risk to confidentiality of proprietary
corporate data when attackers have physical access to the datacenter?
A. Solid state drives
B. Cell phone cameras
C. USB drives
C. USB drives

Which of the following can be implemented to prevent malicious code from executing?
A. Hardware fire wall
B. Anti-spam software
C. Antivirus software
D. Personal software firewall
C. Antivirus software

If an administrator wanted to be able to identify exactly which Internet sites are being accessed
most frequently, which of the following tools would MOST likely be used?
A. Port scanner
C. Proxy server
D. Firewall
C. Proxy server

A company has remote workers with laptops that house sensitive data. Which of the following can
be implemented to recover the laptops if they are lost?
A. GPS tracking
B. Whole disk encryption
C. Remote sanitation
A. GPS tracking

Which of the following components is MOST integral to HTTPS?
B. Symmetric session keys
C. Diffie-Hellman key exchange
D. Mutual authentication
D. Mutual authentication

Which of the following should a security administrator implement to ensure there are no security
holes in the OS?
A. Encryption protocols
B. Firewall definitions
C. Patch management
D. Virus definitions
C. Patch management
The concept of that a web script is run in its own environment and cannot interfere with any other process is known as a:
Which of the following types of IDS uses known patterns to detect malicious activity?
Signature based
A piece of equipment similar to a hub but can filter traffic. You can set up rules that control what traffic can flow where. Unlike hubs that duplicate the traffic to all ports, a switch typically routes traffic only to the port where the system is connected. This reduces network traffic, thus reducing the chance of someone intercepting the traffic.
investment contract
1. an investment of money
2. in a common enterprise
3. with expectation of profits
4. solely through the efforts of the promoter
SEC Rule 506 (part of D)
Private placement of unlimited securities, up to 35 sophisticated investors and must get audited f/s, no general advertising, restricted resale,
disaster recovery plan (DRP)
A written document that details the process for restoring ITresources following an event that causes a significant disruption in service.
rainbow tables
An attack on a password that uses a large pregenerated data set of hashes from nearly every possible password.
ALE and actual cost
• Probability of risk occurring in one year times economic impact (SLE).•The actual cost is either zero or the full economic impact.• A good ALE depends on good estimates of both probability and cost.• For large numbers (e.g. car insurance) this can be a quite precise actuarial estimate.• ALE can be a range
A CRL contains a list of which of the following type of keys?A. Both public and private keysB. Steganographic keysC. Private keysD. Public keys
Network Interface layer
The lowest level of the TCP/IP suite; it is responsible for placingand removing packets on the physical network.
Secure Sockets Layer (SSL)
A protocol that secures messages by operating between theApplication layer (HTTP) and the Transport layer.
Which of the following is an asymmetric encryption algorithm?
RSA (Rivest Shamir Adelman).

An attacker sends packets to a host in hopes of altering the host's MAC table. Which of the
following is the attacker attempting to do?
A. Port scan
B. Privilege escalation
C. DNS spoofing
D. ARP poisoning
D. ARP poisoning

An administrator is required to keep certain workstations free of malware at all times, but those
workstations need to be able to access any Internet site. Which of the following solutions would be
the BEST choice?
A. Updated antivirus software
A. Updated antivirus software

A port scan of a network identified port 25 open on an internal system. Which of the following
types of traffic is this typically associated with?
A. Web traffic
B. File sharing traffic
C. Mail traffic
D. Network management traffic
C. Mail traffic
Which of the following are components fo host hardening? (select TWO)
1.  Disabling unnecessary services
2.  Applying patches
Intellectual property (IP)
Any product of human intellect that is unique and not obvious with some value in the marketplace.
If a user attempts to go to a website and notices the URL has changed, which of the following attacks is MOST likely the cause?
DNS poisoning
Mandatory Access Control (MAC)
An access control model in which the end user cannot implement, modify, or transfer any controls.
make image copy of disk
references to files are gone, slack space exists that may contain original data, we do this in event of law involvement.
Access control using the ___ model is based on the role or responsibilities users have in the organization to determine access permissions.
RBAC (Role Based Access Control)
What's the first action a system administrator should take in response to suspected criminal activity?
Contact the incident response team

The security administrator wants each user to individually decrypt a message but allow anybody to
encrypt it. Which of the following MUST be implemented to allow this type of authorization?
A. Use of digital certificates
B. Use of public keys onl
D. Use of public and private keys
Which of the following are types of certificate-based authentication? (Select two)
1.  Many-to-one mapping
2.  One-to-one mapping
Server level agreement (SLA)
The portion of a service contract that formally defines the level of service. These agreements are typical in telecommunications contracts for voice and data transmission circuits.
What could potentially eliminate spoofed source address attacks?
Block outgoing traffic that is not on personal network.
denial of service (DoS) attack
A type of attack that prevents any users—even legitimateones—from using a system.
In Microsoft Windows, what security advantage does NTFS offer over the original FAT file system?
Granular control over file and folder permissions through ACLs.

A secure company portal, accessible publicly but only to company employees, frequently fails to
renew its certificates, resulting in expired certificate warnings for users. These failures: (Select
A. Increase resources used by the company's
C. Breed complacency among users for all certificate warnings.
E. Are irritating to the user but the traffic remains encrypted.
A user is assigned access rights based on the function within the organization.  This is a feature of which of the following types of access control models?
Role Based Access Control (RBAC)
Virtual Private Network (VPN)
A VPN is set up between two devices to create an encrypted tunnel. All communications are protected from eavesdropping and considered highly secure.
KVM (keyboard, video mouse) switch
A device that can be used to connect multiple computers to a single monitor, mouse, and keyboard.
With RBAC, roles are:A. Based on labelsB. Based on flowsC. HierarchicalD. All of the AboveE. All equal
CWith RBAC (role-based access control), security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are permitted to users in that role. Roles can be hierarchical. Roles are not all equal. The point of RBAC is that different rules can be assigned different security privileges. Labels (such as secret, top secret, etc.) are more usually associated with MAC (Mandatory Access Control). RBAC roles are not typically determined by information flows.
Which type of physical access barrier was designed to prevent piggybacking?
MantrapA mantrap is a room that's specially designed to prevent piggybacking, where an unauthorized person gains access with the help of an authorized person.

An administrator wants to make sure that all users of a large domain are restricted from installing
software. Which of the following should MOST likely be done?
A. A security policy template is implemented
B. A security IP audit is completed
A. A security policy template is implemented
kerchoff - cryptosys should be secure even if all but key is public
shannon - the enemy knows the system
You work as the security administrator at Certkiller .com. You set permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file is as follows: Owner: Read, Write, Execu
CThe Owner is allowed to: Read, Write, & Execute User A is allowed to: Read, Write, & - Sales is allowed to: Read, -, - Marketing is allowed to: -, Write, - Others are allowed to: Red, Write, - And User B is allowed to do nothing! -,-,-(None)

Which of the following is a reason to use TACACS+ over RADIUS?
A. Combines authentication and authorization
B. Encryption of all data between client and server
C. TACACS+ uses the UDP protocol
D. TACACS+ has less attribute-value pairs
B. Encryption of all data between client and server
Which of the following methods of documenting and storing a password is considered acceptable?
Writing the password on a piece of paper and storing the paper in a locked safe
Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user?A. MACs (Mandatory Access Control)B. RBACs (Role Based Access Control)C. LBACs (List Based Acce
AThe MAC model is a static model that uses a predefined set of access privileges to files on the system. The system administrator establishes these parameters and associates them with an account, files or resources. The MAC model can be very restrictive. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 11

Which of the following may cause a user, connected to a NAC-enabled network, to not be
prompted for credentials?
A. The user's PC is missing the authentication agent.
B. The user's PC is not fully patched.
C. The user's PC is not at the latest s
A. The user's PC is missing the authentication agent.

Which of the following is true about the application of machine virtualization?
A. Some malware is able to detect that they are running in a virtual environment
B. Virtualization hosting possible on one specific OS
C. Machine virtualization is on
A. Some malware is able to detect that they are running in a virtual environment
/ 124

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})


{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online