Security 2

27 Questions | Total Attempts: 229

SettingsSettingsSettings
Please wait...
Security 2

Security


Questions and Answers
  • 1. 
    Which of the following security threats does shredding mitigate?       
    • A. 

      Dumpster Diving

    • B. 

      Shoulder Surfing

    • C. 

      Tailgating

  • 2. 
    A thumbprint scanner is used to test which of the following aspects of human authentication?       
    • A. 

      Something a User Did

    • B. 

      Something a User has

    • C. 

      Something a User is

  • 3. 
    Which of the following protocols requires the use of a CA based authentication process?       
    • A. 

      MD5

    • B. 

      PEAP=TLS

    • C. 

      FTPS Implicit

  • 4. 
    A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?       
    • A. 

      Change the server's SSL key and add the previous key to the CRL.

    • B. 

      Install a host-based firewall.

    • C. 

      Add input validation to forms.

  • 5. 
    Which of the following PKI implementation element is responsible for verifying the authenticity of certificate contents?       
    • A. 

      CRL

    • B. 

      Key Escrow

    • C. 

      CA

  • 6. 
    TWhich of the following malware types is an antivirus scanner MOST unlikely to discover? (Select TWO).        
    • A. 

      Trojan

    • B. 

      Pharming

    • C. 

      Virus

    • D. 

      Logic Bomb

  • 7. 
    The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO).        
    • A. 

      Whaling

    • B. 

      Dumpster Diving

    • C. 

      Shoulder Surfing

    • D. 

      Tailgating

  • 8. 
    A security administrator has discovered through a password auditing software that most passwords can be discovered by cracking the first seven characters and then cracking the second part of the password. Which of the following is in use by the company?       
    • A. 

      LANMAN

    • B. 

      MD5

    • C. 

      WEP

  • 9. 
    Which of the following devices would be installed on a single computer to prevent intrusion?       
    • A. 

      Host intrusion detection

    • B. 

      Network firewall

    • C. 

      Host based firewall

  • 10. 
    Which of the following BEST describes the proper method and reason to implement port security?       
    • A. 

      Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.

    • B. 

      Apply a security control which ties specific networks to end-device IP addresses and prevents new devices from being connected to the network.

    • C. 

      Apply a security control which ties specific ports to end-device MAC addresses and prevents all devices from being connected to the network.

  • 11. 
    A security administrator with full administrative rights on the network is forced to change roles on a quarterly basis with another security administrator. Which of the following describes this form of access control?       
    • A. 

      Job rotation

    • B. 

      Separation of duties

    • C. 

      Mandatory vacation

  • 12. 
    Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?       
    • A. 

      Document scan results for the change control board.

    • B. 

      Organize data based on severity and asset value.

    • C. 

      Examine the vulnerability data using a network analyzer.

  • 13. 
    Which of the following must a security administrator do when the private key of a web server has been compromised by an intruder?       
    • A. 

      Submit the public key to the CRL.

    • B. 

      Use the recovery agent to revoke the key.

    • C. 

      Submit the private key to the CRL.

  • 14. 
    Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?       
    • A. 

      Password complexity

    • B. 

      Phishing Techniques

    • C. 

      Handling PII

  • 15. 
    MAC filtering is a form of which of the following?       
    • A. 

      Virtualization

    • B. 

      Network Access Control

    • C. 

      VPN

  • 16. 
    Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?      
    • A. 

      Protocol Analyzer

    • B. 

      Port Scanner

    • C. 

      Honeypot

  • 17. 
    Which of the following file transfer protocols is an extension of SSH 
    • A. 

      FTP

    • B. 

      TFTP

    • C. 

      SFTP

  • 18. 
    A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel?       
    • A. 

      RTP

    • B. 

      SNMP

    • C. 

      IPSec

  • 19. 
    Which of the following cloud computing concepts is BEST described as providing an easy-to-configure OS and on-demand computing for customers?      
    • A. 

      Platform as a service

    • B. 

      Software as a service

    • C. 

      Infrastructure as a service

  • 20. 
    During the analysis of malicious code, a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?       
    • A. 

      Buffer overflow

    • B. 

      XML injection

    • C. 

      SML injection

  • 21. 
    Which of the following concepts ensures that the data is only viewable to authorized users?       
    • A. 

      Availability

    • B. 

      Integrity

    • C. 

      Confidentiality

  • 22. 
    NTLM is an improved and substantially backwards compatible replacement for which of the following?    
    • A. 

      3DES

    • B. 

      LANMAN

    • C. 

      PGP

  • 23. 
    A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?       
    • A. 

      Antivirus Software

    • B. 

      ACLs

    • C. 

      NIDS

  • 24. 
    Which of the following should be enabled to ensure only certain wireless clients can access the network?       
    • A. 

      SSID

    • B. 

      DHCP

    • C. 

      Mac filtering

  • 25. 
    Which of the following is MOST likely to be the last rule contained on any firewall?       
    • A. 

      IP allow any

    • B. 

      Implicit deny

    • C. 

      Separation on Duties