Securities Flashcards

security administrator
Terms Definitions
Notable Events
Notable Events
personal cards
Windows Cardspace general-purpose information cards.
You’re frantically trying to ascertain the current level of security of your network after a suspected incident. You call the main office and tell them that you need a key sent immediately using a method other than the encryption process. What is this
PKI provides non-repudiation by prividing third-party assurance of certificate:
Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack?
QUESTION NO: 150Antivirus software products detect malware by comparing the characteristics of known instancesagainst which of the following type of file sets?A. SignatureB. TextC. NIDS signatureD. Dynamic Library
Answer: A
Types of Assurance
• Specification assurance• Requirements analysis• Statement of desired functionality• Design assurance• How system will meet specification•Implementation assurance• Programs/systems carry out the design• A system does what is was designed to do…• and nothing else!
A new Internet content filtering device installed in a large financial institution allows IT administrators to log in and manage the device, but not the content filtering policy. Only the IT security operation staff can modify policies on the Internet fi
An organization is installing new servers into their infrastructure. A technician is responsible for making sure that all new servers meet security requirements for uptime. In which of the following is the availability requirements identified?A. Service l
From a statistical standpoint, which of the following entities poses the greatest threat to network security? Answer a. External hackers b. Internal threats c. External crackers d. Social engineeri
Which of the following improves security in a wireless system?A. IP spoofingB. MAC filteringC. SSID spoofingD. Closed network
anonymous authentication
Authentication that doesn’t require a user to provide a username,password, or any other identification before accessing resources.
Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture?
Most current encryption schemes are based on:
sophisticated investor
non-accredited investor with knowledge and experience or a purchaser representative
product for managinc user access privaleges stored in directory services - eal2
Which of the following describes the process of securely removing information from media (e.g. hard drive) for future use?
computer forensics
Using technology to search for computer evidence of a crime.
QUESTION NO: 112A technician suspects that a piece of malware is consuming too many CPU cycles and slowingdown a system. Which of the following will help determine the amount of CPU cycles that arebeing consumed?A. Install HIDS to determine the CPU usage.
Answer: B
usage auditing
The process of examining which subjects are accessing specific objects and how frequently.
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
The Microsoft implementation of CHAP.
Which of the following BEST describes the term war driving?A. Driving from point to point with a laptop and an antenna to find unsecured wireless accesspoints.B. Driving from point to point with a wireless scanner to read other users emails through th
Which of the following might an attacker resort to in order to recover discarded company documents?A. PhishingB. Insider theftC. Dumpster divingD. Shoulder surfing
After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?A. Accept the riskB. Mitigate
Which of the following allows a technician to view the security permissions of a file?A. The access control listB. The security baselineC. The data emanationD. The local security template
Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?A. Remote access user connecting via SSL VPNB. Office laptop connected to the enterprise LANC. Remote access user connecting via corporate dial-
Which of the following will you consider as clear-text protocols? (Choose all that apply)A. TelnetB. POPC. FTPD. SSHE. All of the Above
An administrator has been asked to encrypt credit card data. Which of the following algorithms would be the MOST secure with the least CPU utilization?A. 3DESB. AESC. SHA-1D. MD5
An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of the email, the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which
The MAC model is a ___ model and as a result it can be very ___.
birthday attack
A probability method of finding collision in hash functions.

Which of the following logical access control methods would a security administrator need to
modify in order to control network traffic passing through a router to a different network?

A.Configuring VLAN 1
C. Logical tokens

D.Role-based a

Which of the following protocols uses UDP port 69 by default?
A. Kerberos

Which of the following forensic artifacts is MOST volatile?
B. Filesystem
C. Random access memory
D. Network topology
B. Filesystem

Monitoring a computer's logs and critical files is part of the functionality of a
C. firewall.
D. honeypot.
Which of the following describes the validation of a message's origin?
A host-based active IDS should be placed on a:
Which of the following types of network monitoring activities would be used to obtain plain text user names an passwords?
Which of the following provides the MOST secure form of encryption?
Connects local area networks (LANs) or a LAN and a wide area network (WAN).
The act of ensuring that information has not been improperly changed.
Energy transmitted across a space or void by electromagnetic waves; coal in a grill; baked potato in aluminum foil; warm beer in freezer
Romans 8:1-2
I am free from condemnation (to disapprove of strongly, or to declare guilty).
Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network?
DHCP logs
clean agent systems
a stationary fire suppression system that does not harm people, documents, or electrical equipment
QUESTION NO: 140A user is attempting to receive digitally signed and encrypted email messages from a remoteoffice.Which of the following protocols does the system need to support?A. SMTPB. S/MIMEC. ISAKMPD. IPSec
Answer: B
QUESTION NO: 184Which of the following would use a group of bots to stop a web server from accepting newrequests?A. DoSB. DDoSC. MACD. ARP
Answer: B
QUESTION NO: 138Which of the following is the primary purpose of a CA?A. LANMAN validationB. Encrypt dataC. Kerberos authenticationD. Issue private/public keys
Answer: D
QUESTION NO: 180Which of the following uses a key ring?A. AESB. DESC. PGPD. RSA
Answer: C
access control
The process by which resources are granted or denied.
Windows CardSpace
A feature of Windows intended to provide users with control of their digital identities while helping to maintain privacy.
• Mechanisms put into place to allow or disallow object access• Any potential barrier to unauthorized access• Controls are organized into different categories• Common categories• Administrative (enforce security policy through procedures, rules)• Logical/Technical (implement object access restrictions)• Physical (limit physical access to hardware)
A technician suspects that one of the network cards on the internal LAN is causing a broadcast storm. Which of the following would BEST diagnose which NIC is causing this problem?A. The NIDS log fileB. A protocol analyzerC. The local security log fileD. T
What is used to verify the equipment status and modify the configuration or settings of network gadgets?A. This can be accomplished by using SNMP.B. This can be accomplished by using SMTP.C. This can be accomplished by using CHAP.D. This can be ac
Which of the following is the LEAST intrusive way of checking the environment for known softwareflaws?A. Protocol analyzerB. Vulnerability scannerC. Port scannerD. Penetration test
Which of the following BEST applies to steganography?A. Algorithms are not used to encryptdatA.B. Algorithms are used to encryptdatA.C. Keys are used to encryptdatA.D. Keys are concealed in thedatA.
Which of the following is placed in promiscuous mode, in line with the data flow, to allow a NIDS to monitor the traffic?A. ConsoleB. SensorC. FilterD. Appliance
Which of the following is a security risk when using peer-to-peer software?A. CookiesB. Multiple streamsC. Data leakageD. Licensing
A company runs a backup after each shift and the main concern is how quickly the backups are completed between shifts. Recovery time should be kept to a minimum. The administrator decides that backing up all the data that has changed during the last shift
What type of authentication is depicted below:
If your token does not grant you access to certain information, that information will either not be displayed or your access will be denied.
The authentication system creates a token every time a user or a s
Security Token system.
Using ingress filtering on a perimeter router to block packets with local network IP addresses protects against which type
IP spoofing

A security administrator has reports of an employee writing harassing letters on a workstation, but
every time the security administrator gets on the workstation there is no evidence of the letters.
Which of the following techniques will allow the sec
B. Memory forensics

Which of the following has the capability to perform onboard cryptographic functions?
A. Smartcard
C. RFID badge
D. Proximity badge
A. Smartcard

Which of the following stores information with a trusted agent to decrypt data at a later date, even
if the user destroys the key?
A. Key registration
B. Recovery agent
C. Key escrow
D. Public trust model
C. Key escrow

Which of the following risk mitigation strategies would ensure that the proper configurations are
applied to a system?
A. Incident management
B. Applicationfuzzing
C. Change management
D. Tailgating
A. Incident management

Which of the following can cause data leakage from web based applications?
A. Device encryption
B. Poor error handling
C. Application hardening

Which of the following is an authentication method that uses symmetric key encryption and a key
distribution center?
A. Kerberos
C. 802.1x
A. Kerberos

Which of the following is an advanced security tool used by security administrators to divert
malicious attacks to a harmless area of the network?
A. Firewall
B. TCP/IP hijacking
C. Proxy server
D. Honeypot
D. Honeypot
A company has implemented a policy stating that users will only receive access to the systems needed to perform their job duties.  This is an example of:
least privilege
Data classification
Level of protection based on data type.
Rule 508
the offering is okay, if it's insignificant to the offering as a whole and you acted in good faith, and you acted reasonably
SEC Rule 240
Exempts securities issues of up to $100,000 within 12 month period, cannot be more than 100 holders of securities and no solicitation to general public, must file short form with SEC
QUESTION NO: 156A user was trying to update an open file but when they tried to access the file they were denied. Which of the following would explain why the user could not access the file?A. Audit only accessB. Execute only accessC. Rights are not set c
Answer: C
brute force attack
An attack on a password that repeatedly tries to re-create it through a random combination of characters.
prevent DDOS
Block all ports not needed, ICMP and ECHO...turn off and block. (Defense in depth)
Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points? A. Rogue access points B. War driving C. Weak encryption D. Session hijacking
In order to shut down the main power to your building, two people must enter a password known only to them. Requiring two people to perform a sensitive task such as this is known as ___________________ ? Answer a. Separation of duties/
In the MAC model, all objects are given security labels known as ___ and are classified accordingly. Then all users are given specific ____ as to what they are allowed to access.
sensitivity labels
security clearances
companion virus
A virus that creates a new program that runs in place of an expectedprogram of the same name
Which type of firewall is able to detect and drop rogue packets that are not part of an established TCP connection?
Stateful inspection

On network devices where strong passwords cannot be enforced, the risk of weak passwords is
BEST mitigated through the use of which of the following?
A. Limited logon attempts
B. Removing default accounts
C. Reverse proxies
D. Input validation
A. Limited logon attempts

A user reports that after opening an email from someone they knew, their computer is now
displaying unwanted images. Which of the following software can the technician MOST likely
install on the computer to mitigate this threat?
A. Anti-spam
B. Antivirus

Which of the following will allow a technician to restrict access to one folder within a shared folder?
B. IPSec

A technician needs to setup a secure room to enable a private VTC system. Which of the following
should be installed to prevent devices from listening to the VTC?
A. Shielding
D. MD5 hashing
A. Shielding

An attacker use an account that allows read-only access to the firewall for checking logs and
configuration files to gain access to an account that gives full control over firewall configuration.
This type of attack is best known as:
A. Exploitin
B. Privilege escalation

Which of the following audit types would a security administrator perform on the network to ensure
each workstation is standardized?
A. Group policy
B. Domain wide password policy
C. Storage and retention policy
D. User access and rights
A. Group policy
A remote user has a laptop computer and wants to connect to a wireless network in a hotel.  Which of the following should be implemented to protect the laptop computer when connecting to the hotel network:
Personal firewall
Which of the following is a common type of attack on web servers?
Buffer overflow
Which of the following would be the MOST common method for attackers to spoof email?
open relays
Information Technology and Infrastructure Library (ITIL)
A framework that contains a comprehensive list of concepts, practices, and processes for managing IT services.
Security policies
A set of policies that establish how an organization secures its facilities and IT infrastructure. Can also address how the organization meets regulatory requirements.
lsyn flooding
type of dos where server waits for attacker to complete handshake and uses up all system resources in that state
SEC Rule 415 (Shelf Registration)
Registration of securities that are registered for an offering to be made continuous (employee stock plans) or on a delayed basis, a post-effective amendment to reg. statement must be made to reflect facts and shares outstanding and unsold
Service Level Agreement (SLA)
A service contract between a vendor and a client.
IM (LAN Manager) hash
A legacy format for storing Windows passwords that is considered very weak.
logs handlesd how
written to one time write media and stored in internal centeral log server
Social Engineering Attacks
A social engineering attack is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. Social engineering is often a precursor to another type of attack. Attacks can come ina variety of methods: in person, through email, or over the phone
NetWare Directory Services (NDS)
A directory management service used to manage allof the resources in a network. In later versions, the acronym was changed to Novell DirectoryServices, and the service is now known as eDirectory. NDS provides a database of all of thenetwork objects or resources.
A need to know policy is based on which security principle?
Least privilege

Which of the following is a reason why wireless access points should not be placed near a
building's perimeter?

A. Rouge access points
B. Vampire taps
C. Port scanning
D. War driving
D. War driving

In order for an organization to be successful in preventing fraud from occurring by a disgruntled
employee, which of the following best practices should MOST likely be in place?
A. Job rotation
B. Least privilege
C. Separation of duties
D. Acce
D. Access controls
In a certificate hierarchy, the ultimate authority is called the:
Root Certifying Authority (Root CA)
Constant Air Volume/CAV
Air is constantly supplied at the same volume flow rate (CFM), temp of air is changed in coils; less energy efficient than VAV systems
Which of the following is a security threat when a new network device is configured for first time installation?
Use of default passwords
Lightweight Directory Access Protocol (LDAP)
A simpler subset of the Directory Access Protocol,
The majority of commercial intrusion detection systems are:A. Host-basedB. Identity-basedC. Signature-basedD. Network-based
DThe majority of commercial intrusion detection systems are network-based. These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts. Historically, IDS started out as host-based, which is the other major type of IDS. Identity-based and signature-based are not types of IDS.
Only the owner of the resource is responsible for access privileges in the _____ access control model
DAC (Discretionary Access Control)
Which technology can make wireless network security equivalent to a wired network's security?
WEP (Wired Equivalence Privacy) makes wireless networks as secure as wired networks.

Which of the following is a best practice when securing a switch from physical access?
A. Disable unnecessary accounts
B. Print baseline configuration
C. Enable access lists
D. Disable unused ports
D. Disable unused ports
Audit record storage capacity must be large enough to ensure that:
the storage is not exceeded
A task-based control model is an example of which of the following?
Role Based Access Control (RBAC)
risk capital test- alternative to investment contract
(golf course to be developed)1. investor invests money2. with the hope of some return3. in an enterprise over which the investor has no significant control
The MD5 hash code is 128 bits; SHA is 160.MD5 vulnerable to colission attack
Open Systems Interconnection (OSI) model
A model defined by the ISO to categorizethe process of communication between computers in terms of seven layers. The seven layersare Application, Presentation, Session, Transport, Network, Data Link, and Physical. Seealso International Organization for Standardization (ISO).
What is the primary advantage of asymmetric encryption?
It allows encryption and decryption without the sharing of private keys.

An employee is not able to receive email from a specific user at a different organization; however,
they can receive emails from other users. Which of the following would the administrator MOST
likely check to resolve the user's issue?
A. Browser
D. The local firewall settings
Which of the following is a critical element in private key technology?
keeping the key a secret
integration- prevent a sponsor from avoiding registration by breaking one single lg offering into several sm offerings
1. single plan of financing2. same class of securities3. offerings are made at/ab the same time4. same type of consideration is to be received5. offerings are for the same general purpose
an option for limiting risk to DOS and avoid filling up conn table
Rate limit TCP/UDP/ICMP requestsSyn cookie uses senquenc # to validate communicationShorten timeouts when close to fullDrop random or selected connectionsDon't accept broadcast packets on incoming address (blcoked at edge router)Block services not used.Use puzzles to validate human/machine interaction.
Which of the following can distribute itself without using a host file?A. Virus.B. Trojan horse.C. Logic bomb.D. Worm.
DWorms are dangerous because they can enter a system by exploiting a 'hole' in an operating system. They don't' need a host file, and they don't need any user intervention to replicate by themselves. Some infamous worms were: Morris, Badtrans, Nimda, and Code Red.

A file has been compromised with corrupt data and might have additional information embedded
within it. Which of the following actions should a security administrator follow in order to ensure
data integrity of the file on that host?
A. Disable t
B. Perform proper forensics on the file with documentation along the way.
Which of the following are important for password management? (select TWO)
1.  Changing the password often and not reusing the same password.
2.  Using three of the four character sets
Which of the following BEST describes a private key in regards to asymmetric encryption?
The key owner has exclusive access to the private key.
Man In The Middle Attack
A man in the middle attack is a type of software attack where an attacker inserts himself between two hosts to gain access to their data transmissions. The attacker captures and reads each packet, responds to it, and forwards it to the intended host, so that both the sender and receiver believe that they are communicating directly with each other. This deception allows attackers to manipulate the communication rather than just observe it passively.

Several PCs are running extremely slow all of a sudden. Users of the PCs report that they do a lot
of web browsing and explain that a disgruntled employee from their department was recently fired.
The security administrator observes that all of the PC
D. The PCs are being used in a botnet
SEC v. Glenn Turner- through the essential & managerial efforts of others
as long as someone other than the investor makes the essential managerial efforts that will ultimately determine the failure/success of an enterprise, an investment contract may still exist even if the investor is active in the enterprise and isn't depending solely on the efforts of others for profits
Which of the following is the best defense against a man in the middle attack?A. Virtual LAN (Local Area Network)B. GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within-Internet Protocol Encapsulation Protocol)C. PKI (Public Key
CPKI is a two-key system. Messages are encrypted with a public key. Messages are decrypted with a private key. If you want to send an encrypted message to someone, you would request their public key. You would encrypt the message using their public key and send it to them. They would then use their private key to decrypt the message. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 331
Which of the following would be BEST to do when network file sharing is needed? (Select TWO)
1.  Place the share on a different volume then the operating system
2.  Set a disk quota

Which of the following methods is a best practice for granting access to resources?
A. Add ACLs to computers; add computers to groups.
B. Add ACLs to users; add users to groups.
C. Add users to ACLs; add computers to groups.
D. Add groups to ACL
D. Add groups to ACLs; add users and computers to groups.
/ 130

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})


{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online