Plus cards Flashcards

IP address
Terms Definitions
Action Items
Action Items
Assurance that individuals control htdt ll td b tth dh what data are collected about them and how those data are used and disclosed
Which of the following statements best describes CHAP?s authentication procedure? Answer a. The client sends an encrypted password. The server sends an encrypted challenge to the client. If both work, the server processes the repl
The Diffie-Hellman encryption algorithm relies on which of the following?
Key exchange
All of the following provide confidentiality protection as part of the underlying protocol EXCEPT:
audit re
ords Operating system logs that contain only security event information.
Stalling's List
• Disclosure (failure of confidentiality)• Deception (failure of origin integrity)• Disruption (failure of availability)•Usurpation (this one is more a mechanism p(than a consequence; usurpation will lead to one or more of the consequences above.
Which authentication will provide a username, a password and undergo a thumb print scan to access a workstation?A. The Biometric authentication best illustrates this scenario.B. The Kerberos authentication best illustrates this scenario.C. The Mutua
Which of the following options represents the correct order of a complete incident response cycle? Answer a. Identifying, investigating, documenting, repairing, and adjusting procedures b. Identifying, investigating,
Which of the following practices should be implemented to harden workstations and servers?A. Log on only as the administratorB. Install only needed softwareC. Check the logs regularly.D. Report all security incidents.
What is another word for tunneling? Answer a. Bandwidth throttling b. Encapsulation c. Transport mode d. Encryption
An administrator wants to replace telnet with a more secure protocol to manage a network device.Which of the following should be implemented on the network?A. SMTPB. SNMPC. SFTPD. SSH
An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?A. NIPSB. HoneypotC. DMZD. NIDS
Also known as Triple Digital Encryption Standard (DES). A block cipher algorithmused for encryption.
The IPSec Security Association is managed by:
Which of the following freeware forensic tools are used to capture packet traffic from a network?
Temperature of the mixture of air
ione time pad
also called vernam cipher
An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which
backup generator
a separate generator powered by diesel, natural gas or propane gas to generate electricity
QUESTION NO: 154While conducting a review of the system logs, a user had attempted to log onto the network over250 times. Which of the following type of attacks is MOST likely occurring?A. Brute forceB. PhishingC. SpammingD. DNS spoofing
Answer: A
performance monitors
Hardware or software through which data is accumulated on the normal operations of the systems and networks.
flight time
The time it takes between keystrokes.
What authentication model uses a smart card and a User ID/Password for accessing network resources?A. You should identify the Biometric authentication model.B. You should identify the Multifactor authentication model.C. You should identify the Mutua
A server or application that accepts more input than the server or application is expecting is known as:A. It is known as a Denial of service (DoS).B. It is known as a Buffer overflow.C. It is known as a Brute force.D. It is known as a Syntax erro
Which of the following if disabled will MOST likely reduce, but not eliminate the risk of VLAN jumping?A. LAN managerB. ARP cachingC. DTP on all portsD. TACACS
When installing and securing a new system for a home user which of the following are best practices? (Select THREE). A. Use a strong firewall. B. Block inbound access to port 80 C. Apply all system patches D. Use input validation E. Install remote control
Setting a baseline is required in which of the following? (Select TWO).A. Anomaly-based monitoringB. NIDSC. Signature-based monitoringD. NIPSE. Behavior-based monitoring
Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?A. A vulnerability scannerB. Security baselinesC. A port scannerD. Group policy
Which of the following describes the difference between a secure cipher and a secure hash?A. A hash produces a variable output for any input size, a cipher does not.B. A cipher produces the same size output for any input size, a hash does not.C. A cipher
Which of the following will propagate itself without any user interaction?A. WormB. RootkitC. TrojanD. Virus
Which of the following protocols did Microsoft develop for use in VPNs?(Choose all that apply)A. PPTPB. IPSECC. OSPFD. L2TPE. None of the Above
____ defines the methods for setting the rules for establishing the methods of authentication of the service or user requesting access to the system or resources.
Authentication header
A header used to provide connectionless integrity and dataorigin authentication for IP datagrams and to provide protection against replays.

A security administrator wants to detect and prevent attacks at the network perimeter. Which of
the following security devices should be installed to address this concern?


Which of the following system security threats negatively affects confidentiality?
A. Spam
B. Adware
C. Spyware
D. Worm
C. Spyware

Which of the following control systems is used to maintain proper environmental conditions in a
B. Bollards
D. Mantrap
During a live response to an unauthorized access, a forensics specialist executes a command on the computer being investigated.  Which of the following commands would be used to display the current network connections on the local computer?
Which of the following BEST describes an attempt to transfer DNS zone data?
An authentication system where a unique username and password is used to access multiple systems within an organization is an example of which of the following?
Single sign-on
The act of managing implementation and compliance with organizational policies.
An established and proven norm or method. This can be a procedural standard or a technical standard implemented organization-wide.
Movement of heat by the actual movement of the heated fluid; spin the beer in ice bucket; baseboard heat; oven
Hebrews 4:16
I can find mercy (reframing from harming offender), and grace (goodwill or favor) in time of need.
An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet?
water sprinkler system
A stationary fire suppression system that sprays a room withpressurized water.
QUESTION NO: 187Which of the following media is the LEAST likely to be successfully tapped into?A. Unshielded twisted pair cableB. Coaxial cableC. Fiber optic cableD. Shielded twisted pair cable
Answer: C
QUESTION NO: 149Which of the following is done to ensure appropriate personnel have access to systems andnetworks? (Select TWO).A. Conduct periodic penetration testing assessments.B. Conduct periodic personnel employment verifications.C. Conduct rights re
Answer: B,C
QUESTION NO: 133A user has decided that they do not want an internal LAN segment to use public IP addresses.The user wants to translate them as private IP addresses to a pool of public IP addresses toidentify them on the Internet. Which of the following d
Answer: B
QUESTION NO: 177When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?A. An incorrect VLANB. SSID broadcastingC. A repeaterD. A vampire tap
Answer: D
passive RFID tags
Radio frequency identification tags do not have their own power supply.
VPN concentrator
A device that aggregates hundreds or thousands of multiple connections.
Vimercati's List
• Reliable input• Support for fine and coarse specifications• Least privilege•Separation of duties p• Dual control • Open and closed policies• Combination of policies: conflict resolution• Administrative mechanisms
Which of the following threats is the MOST difficult to detect and hides itself from the operating system? A. Rootkit B. Adware C. Spyware D. Spam
It has come to your attention that numerous e-mails are received from an ex employee. You need to determine whether the e-mails originated internally?A. This can be accomplished by viewing the from line of the e-mails.B. This can be accomplished by re
During a web session, a user transfers answers to a form page on which private information will be required. On this page, what protocol is responsible for the secure session? Answer a. SSL/TLS b. IPSec c. ISAKM
The act of tracking resource usage by users.
What is the most common method of authentication in computer networks?

An attacker captures valid wireless traffic in hopes of transmitting it repeatedly to generate enough
traffic to discover the encryption key. Which of the following is the attacker MOST likely using?
A. War driving
B. Replay attack
C. Bluejackin
B. Replay attack

Cell phones with network access and the ability to store data files are susceptible to which of the
following risks?
A. Viruses
B. Input validation errors
C. Logic bombs
D. SMTP open relays
A. Viruses

A system administrator sees a firewall rule that applies to Which of the following IP
address ranges are encompassed by this rule?


Which of the following contains a list of certificates that are compromised and invalid?
Which of the following methods of password guessing typically requires the longest attack time?
Brute Force
A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties.  This is an example of:
least privilege
A credential that has been digitally signed by a trusted authority is known as:
a certificate
A digitial signature is used for:
Integrity and non-repudiation
Privacy policy
Places importance on privacy in the business and discusses the regulatory landscape and government mandates. This policy often talks about physical security and the importance of "locking up" sensitive information.
series 39
needed to run a securities' brokerage firm
Registration Statement includes
info about planned offering, name of officers and salaries, audited f/s, how company will use the proceeds of sale, description of pending lawsuits, the prospectus, risks involved
Which of the following is the BEST way to reduce the number of accounts a user must maintain?
QUESTION NO: 122A smurf attack is an example of which of the following threats?A. ARP PoisoningB. DoSC. TCP/IP HijackingD. Man-in-the-middle
Answer: B
Group Policy Objects (GPOs)
The location where Group Policy settings are stored.
Preventative measures for DDoS
Pre arranged contacts and upstream traffic filteringAnalyze traffic with wireshark on edge routerIDS to find anomoly
A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user w
____ can be intercepted and are the least secure form of authentication.
Usernames and passwords
authenticating the evidence
Verifying that the logs and other resources collected arelegitimate. This technique can be useful in verifying that an attack has occurred.
Upon receiving a digitally signed document, what does the recipient use to verify the sender's signature?
The sender's public key.

The firewall administrator sees an outbound connection on IP port 50 and UDP port 500. Which of
the following is the cause?
A. IPSec VPN connection
B. SSH tunneling
C. Certificate revocation list look-up
D. Incorrect DNS setup
A. IPSec VPN connection

Which of the following can use a trust system where public keys are stored in an online directory?

Which of the following tools will detect protocols that are in use?
A. Spoofing
B. Port scanner
C. Proxy server
B. Port scanner

Which of the following would an auditor use to determine if an application is sending credentials in
clear text?
A. Vulnerability scanner
B. Protocol analyzer
C. Rainbow table
D. Port scanner
B. Protocol analyzer
Time stamps of audit records for multiple systems are BEST generated using which of the following types of system clocks? (select TWO)
1.  Synchronized
2.  Internal
Which of the following describes an authorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware?
A man-in-the-middle attack
Information systems security management life cycle
The five-phase management process of controlling the planning, implementation, evaluation, and maintenance of information systems security.
common criteria table
has assumptions threats as rows, and checks on those threats as columns
Securities that are exempt from registration
Commercial paper, government, bank, nonprofit, savings and loans, common carriers, insurance, annuity and endowment policies, issues for bankruptcy reorganization
acceptable use policy (AUP)
A policy that defines the actions users may perform while accessing systems and networking equipment.
rack-mounted servers
Servers that are stored in a rack and can be stacked with up to 50 other servers in a closely confined area.
Computationally secureKirkoff's principal
• We must assume the algorithm is known. (Kerckhoffs’ Principle.)• A cryptosystem that is breakable may require considerable effort. That is known as being “computationally secure.
Mandatory Access Control (MAC)
In MAC access is controlled by comparing an object's security designation and a user's clearance.
access point
The point at which access to a network is accomplished. This term isoften used in relation to a wireless access point (WAP).
Web browsers contain a trust list of trusted root CAs. Which technical term below refers to that internal trust list?
Embedded root certificates

Which of the following should a technician run to find user accounts that can be easily
C. John the Ripper
D. Nessus
C. John the Ripper

Which of the following would be used to observe a runaway process?
A. Application log
B. Performance baseline
C. Performance monitor
D. Protocol analyzer
C. Performance monitor
The largest benifit gained by internally authorized security scanning would be:
finding vulnerabilities before the attackers do
SEC v. Edwards- payphones
an investment promising a fixed rate of return can be an investment contract and thus a security
recovery point objective (RPO)
he maximum length of time that an organization cantolerate between backups.
RADIUS (Remote Authentication Dial in User Service)
An authentication server for high volume service control applications.
You work as the security administrator at Certkiller .com. Certkiller has a RBAC (Role Based Access Control) compliant system for which you are planning the security implementation. There are three types of resources including files, printers, and mailbox
BEach distinct department (sales, marketing, management, and production) has their own role in the company, which probably includes using the: filer server, print server, and mail server. So it would be wise to create roles for each department.
annual loss expectancy (ALE)
A calculation that is used to identify risks and calculate theexpected loss each year.
When a Web browser connects to a Web server that's secured with SSL, what does the server present to the browser?
A digital certificate

Which of the following should a web application programmer implement to avoid SQL injection
A. Encryption and hashing
B. Session cookie handling
C. Authentication and authorization
D. Proper input validation
D. Proper input validation
A security system that uses labels to Identify objects and requires formal authorization to use is BEST described as:
Mandatory Access Control (MAC)
While reviewing the running services on a production server, an unknown service is observed.  Which of the following actions should be taken?
Investigate the service and determine whether the service is necessary.
Whaat is OPSEC?
a program within the unit to deny a potential enemy information on the Brigades intentions, plans and operations.
Preventing password attacks
• Hide one of a, f, or c Prevents obvious attack from above Example: Unix/Linux shadow password filehides c’s• Block access to all l  L or result of l(a) ( ) Prevents attacker from knowing if guess succeeded Example: preventing any logins to an account from a network Prevents knowing results of l (or accessing l) Not always practical
Media Access Control (MAC)
A sublayer of the Data Link layer of the Open SystemsInterconnection (OSI) model that controls the way multiple devices use the same mediachannel. It controls which devices can transmit and when they can transmit.
What do you call an area of a network that's designed to provide services to the general public?
DMZ (demilitarized zone).

Which of the following security precautions needs to be implemented when securing a wireless
network? (Select THREE)
A. Enable data encryption on all wireless transmissions using WPA2.
B. Enable the lowest power setting necessary to broadcast to the
A. Enable data encryption on all wireless transmissions using WPA2.
D. Enable data encryption on all wireless transmissions using WEP.
E. Authentication should take place using a pre-shared key (PSK) of no more than six characters.
Shopmart issues Certificates as a Local Registration Authority and user report that emails sent outside Shopmart can not be validated by teh recipients.  Which of the following actions should be taken?
Turn off the digital signatures on emails going out of Shopmart
Why is challaenge and password used and how often are the changed?
To identify unknown personnel, they are changed every 24 hours.
Firewalls do not hlep in this secnario
laptop is taken home, infected, then returned to office enviro
Which of the following services should be logged for security purpose? A. bootp B. tftp C. sunrpc D. All of the Above E. No Answer is Correct
D Requests for the following services should be logged on all systems: systat, bootp, tftp, sunrpc, snmp, snmp-trap, nfs. This list is rather UNIX-centric, nevertheless, it's possible for many of those services to be running on Windows as well (if you're running them, log them!).

Which of the following BEST describes how the mandatory access control (MAC) method works?
A. It is an access policy based on a set of rules.
B. It is an access policy based on the role that the user has in an organization.
C. It is an access pol
D. It is an access policy that restricts access to objects based on security clearance.
Which of the following is the primary method of performing network hardening?
Disable any unnecessary ports and services
“A computer is secure if you can depend on it and its software to behave as you expect.”A system that does what it is intended to do d hi l and nothing else.“The protection afforded to an automated information system in order to attain the objective
– Garfinkle and Spafford – Charles Pfleeger–NIST
honeypot (also known as Honey pot)
A bogus system set up to attract and slow down ahacker. A honeypot can also be used to learn of the hacking techniques and methods thathackers employ.

Which of the following is a reason to perform a penetration test?
A. To passively test security controls within the enterprise
B. To provide training to white hat attackers
C. To identify all vulnerabilities and weaknesses within the enterprise
C. To identify all vulnerabilities and weaknesses within the enterprise
Reves v Ernst & Young- definition of a security
encompasses almost any instrument that might be sold as an investment, like notes. any purchase of RE, that doesn't involve the direct purchase of a deeded interest in an entire prop, by 1 individ buyer...
DDoS (Distributed Denial of Service Attack)
A DDoS attack is a type of DoS atack that uses multiple computers on disparate networks to launch the attack from many simultaneous sources. The attacker introduces unauthorized software called a zombie or drone that directs the computers to launch the attack.
A manager reports that users are receiving multiple emails from the account of a user who no longer works for the company.  Which of the following would be the BEST way to determine whether the emails originated internally?
Look at the source IP address in the SMTP header of the emails.
Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication?
A user must trust the public key that is received
/ 123

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})


{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online