Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- An achievement in providing worldwide Internet security was the signing of certificates
- associated with which of the following protocols?
- A.
- TCP/IP
- B.
- SSL
- C.
- SCP
- D.
- SSH
- A Chief Information Security Officer (CISO) wants to implement two-factor authentication
- within the company. Which of the following would fulfill the CISO’s requirements?
- A.
- Username and password
- B.
- Retina scan and fingerprint scan
- C.
- USB token and PIN
- D.
- Proximity badge and token
- Which of the following can a security administrator implement on mobile devices that will
- help prevent unwanted people from viewing the data if the device is left unattended?
- A.
- Screen lock
- B.
- Voice encryption
- C.
- GPS tracking
- D.
- Device encryption
- Which of the following would a security administrator implement in order to identify a
- problem between two systems that are not communicating properly?
- A.
- Protocol analyzer
- B.
- Baseline report
- C.
- Risk assessment
- D.
- Vulnerability scan
- A security administrator wants to perform routine tests on the network during working hours
- when certain applications are being accessed by the most people. Which of the following
- would allow the security administrator to test the lack of security controls for those
- applications with the least impact to the system?
- A.
- Penetration test
- B.
- Vulnerability scan
- C.
- Load testing
- D.
- Port scanner
- Which of the following should an administrator implement to research current attack
- methodologies?
- A.
- Design reviews
- B.
- Honeypot
- C.
- Vulnerability scanner
- D.
- Code reviews
- Which of the following can be implemented in hardware or software to protect a web server
- from cross-site scripting attacks?
- A.
- Intrusion Detection System
- B.
- Flood Guard Protection
- C.
- Web Application Firewall
- D.
- URL Content Filter
- Computer evidence at a crime scene is documented with a tag stating who had possession
- of the evidence at a given time. Which of the following does this illustrate?
- A.
- System image capture
- B.
- Record time offset
- C.
- Order of volatility
- D.
- Chain of custody
- A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has
- been created for a frequently used application. She notifies the software vendor and asks
- them for remediation steps, but is alarmed to find that no patches are available to mitigate
- this vulnerability. Which of the following BEST describes this exploit?
- A.
- Malicious insider threat
- B.
- Zero-day
- C.
- Client-side attack
- D.
- Malicious add-on
- A security administrator has concerns about new types of media which allow for the mass
- distribution of personal comments to a select group of people. To mitigate the risks involved
- with this media, employees should receive training on which of the following?
- A.
- Peer to Peer
- B.
- Mobile devices
- C.
- Social networking
- D.
- Personally owned devices
- Which of the following preventative controls would be appropriate for responding to a
- directive to reduce the attack surface of a specific host?
- A.
- Installing anti-malware
- B.
- Implementing an IDS
- C.
- Taking a baseline configuration
- D.
- Disabling unnecessary services
- A security manager must remain aware of the security posture of each system. Which of the
- following supports this requirement?
- A.
- Training staff on security policies
- B.
- Establishing baseline reporting
- C.
- Installing anti-malware software
- D.
- Disabling unnecessary accounts/services
- A user attempting to log on to a workstation for the first time is prompted for the following
- information before being granted access: username, password, and a four-digit security pin
- that was mailed to him during account registration. This is an example of which of the
- following?
- A.
- Dual-factor authentication
- B.
- Multifactor authentication
- C.
- Single factor authentication
- D.
- Biometric authentication
- After analyzing and correlating activity from multiple sensors, the security administrator has
- determined that a group of very well organized individuals from an enemy country is
- responsible for various attempts to breach the company network, through the use of very
- sophisticated and targeted attacks. Which of the following is this an example of?
- A.
- Privilege escalation
- B.
- Advanced persistent threat
- C.
- Malicious insider threat
- D.
- Spear phishing
- A merchant acquirer has the need to store credit card numbers in a transactional database
- in a high performance environment. Which of the following BEST protects the credit card
- data?
- A.
- Database field encryption
- B.
- File-level encryption
- C.
- Data loss prevention system
- D.
- Full disk encryption
- Which of the following is BEST used to capture and analyze network traffic between hosts
- on the same network segment?
- A.
- Protocol analyzer
- B.
- Router
- C.
- Firewall
- D.
- HIPS
- After a number of highly publicized and embarrassing customer data leaks as a result of
- social engineering attacks by phone, the Chief Information Officer (CIO) has decided user
- training will reduce the risk of another data leak. Which of the following would be MOST
- effective in reducing data leaks in this situation?
- A.
- Information Security Awareness
- B.
- Social Media and BYOD
- C.
- Data Handling and Disposal
- D.
- Acceptable Use of IT Systems
- Which of the following functions provides an output which cannot be reversed and converts
- data into a string of characters?
- A.
- Hashing
- B.
- Stream ciphers
- C.
- Steganography
- D.
- Block ciphers
- Which of the following is used to verify data integrity?
- A.
- SHA
- B.
- 3DES
- C.
- AES
- D.
- RSA
- Access mechanisms to data on encrypted USB hard drives must be implemented correctly
- otherwise:
- A.
- user accounts may be inadvertently locked out.
- B.
- data on the USB drive could be corrupted.
- C.
- data on the hard drive will be vulnerable to log analysis.
- D.
- the security controls on the USB drive can be bypassed.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement