Terms in this set (68)Of the following email security measures, which item would have the greatest impact on phishing emails? A.Email encryption D. Spam filter Explanation You have been tasked with finding a standard for your company in order to implement consistent information security management systems. You're looking for a standard that is international. Which of the following is the best option? A.ISO 27002 A. ISO 27002 Explanation During a penetration test, you were given a login name with minimal access and attempted to gain administrative access with this account. What is this called? A.Privilege escalation A. Privilege escalation Explanation
Marsha is supposed to be receiving a document from Laura and wants to be able to identify that the document came from her. What should Laura use to make a digital signature on the document? A.TKIP D. Private key Explanation Of the listed principles, which one is typically included in a BPA? A.Clear statements that detail customers and service provider's expectation C. Profit sharing/losses and the addition/subtraction of a partner Explanation Trent noticed that a web application used by his company doesn't handle multithreading properly. This could allow an attacker to exploit this vulnerability and crash the server. What type of error was discovered? A.Buffer overflow C. Race conditions Explanation Josh is designing a new network infrastructure that will allow unauthenticated users to connect from the Internet and access certain areas. The goal is to protect everything internal while still providing outside access. Josh decided to put the web server on a separate subnet that's open to public contact. What is this subnet called? A.Guest network B. DMZ Explanation Jason is worried about an email he received from a coworker. He's concerned about the validity of the email because the coworker denies sending it. How can he prove the origin of the email? A.Symmetric alogorithm B. Digital signature Explanation Josh works for a company that has branch offices that connect back to the main office via a VPN. Josh recently noticed the key used on the VPN has been compromised. What should be done to ensure it isn't compromised in the future? A.Enable perfect forward secrecy at the main office and branch office ends of the VPN A. Enable perfect forward secrecy at the main office branch office ends of the VPN Explanation Steven is a network administrator for an insurance company. His company employs quite a few traveling salespeople. Steven is concerned about confidential data on their laptops. Which method is the best way to address this? A.FDE A. FDE Explanation Peter is trying to block unauthorized access to desktop computers inside the company network. He's configured the OS to lock after 5 minutes of inactivity. What type of security control has been implemented? A.Preventative A. preventative Explanation In your network, there are over 150 computers. You need to determine which ones are secure and which ones are not secure. Which of the following tools would best meet your needs for the assessment? A.Vulnerability scanner A. Vulnerability scanner Explanation You work for Macy's. The web server certificate has been revoked and you have some customers receiving errors when they connect to the website. What is the corrective action you must take? A.Renew the certificate D. generate a new key paid and a new certificate Explanation East Central uses its own internal certificate server for all internal encryption, however, their CA only publishes a CRL once a week. Does this pose a danger? If so, what danger does it pose? A.Yes, this means a revoked certificate can be used for up to seven days A. Yes this means a revoked certificate can be used for up to seven days. Explanation Which of the following is describing malware that will be executed and begin some malicious activity when a particular condition is met? A.Boot sector virus B. Logic bomb Explanation Matt just became the new security officer for a university. He's concerned that student workers who work late could try to log in with faculty credentials. Which of the following is the most beneficial for preventing these actions? A.Time of day restricitions A. Time of day restrictions Explanation Ron is analyzing what he thinks is a malware outbreak on his network. Several users have reported that their machines are behaving strangely. The behavior seems to be occurring sporadically and there is no pattern. What is most likely the cause of the issue? A.APT C. Sparse infector virus Explanation Josh is thinking of using voice recognition as part of his access control strategy. Choose one weakness with voice recognition. A.Peoples voices change B. System requires training Explanation Paula is responsible for setting up a kiosk computer that will stay in the lobby of her company. It should be accessible for visitors to locate employee offices, obtain the guest WiFi password, and collect general public information from the company. What is the most important thing to consider before configuring this system? A.Using a strong administrator password B. Limiting functionality to only whats needed Explanation Lamar manages the account management for his company. He's worried about hacking tools that use rainbow tables. Which of the following is the most beneficial for mitigating this threat? A.Password complexity D. password length Explanation Liz is responsible for incident response at her company. One of her jobs is to attempt to attribute attacks to a specific type of attacker. Which of the following is not an attribute that would be considered in attributing the attack? A.Level of sophistication D. Amount of data stolen Explanation Jacob is in charge of network security for an e-commerce company. He wants to ensure that best practices are being used for the website that his company hosts. Which of the following is the best option to consider? A.OWASP A. OWASP Explanation Mark is working to set up remote access for the salespeople in his company. Which protocol is most suited for this? A.RADIUS A. RADIUS Explanation Scott manages WiFi security for his company. His main worry is that there are many other offices in the building that could easily attempt to breach their WiFi from one of these locations. Of the options below, which technique works best to address these concerns? A.Using thin WAP's D. WAP placement Explanation Margo works for a medium-sized company and is responsible for its cyber security. The company has a large number of salespeople who are required to travel for work. The company has been using ABAC for access control and recent there have been a number of logins being rejected incorrectly. What might be causing this issue? A.Geographic locations A. Geographic locations Explanation What type of attack exists when an attacker tries to find an input value that will produce the same hash as a password? A. Rainbow table D. Collision attack Explanation You've been tasked with identifying which risks to mitigate based on cost. What is this an example of? A.Quanatative risk assessment A. Quantitative risk assessment Explanation Nicholas is looking for an authentication method that supports one-time passwords and works with the Initiative for Open Authentication. For this, the user will need unlimited time to use their password. Which of the following is the most beneficial? A.CHAP C. HOTP
Explanation Of the following, which best describes software that provides an attacker with remote access to a victim machine, but it's wrapped with a legitimate program in an attempt to trick the victim into installing the application? A.RAT A. RAT Explanation Of the listed principles, which could be found in a DRP? A.Single point of failure B. Prioritized list of critical systems Explanation Of the listed encryption algorithms, which one is the weakest? A.Blowfish C. DES Explanation Randi is concerned about unauthorized users connecting to company routers and she wants to prevent spoofing. What is the most essential antispoofing technique for routers? A.ACL A.ACL Explanation You have configured a nonproduction network to try to observe hacker techniques. This network is to be used as a target, so it can monitor network attacks. What type of network is this called? A.Active detection D. Honeynet Explanation You have been presented with the task of implementing a solution that ensures data stored on a removable USB drive hasn't been tampered with or changed. Which should be implemented? A.key escrow D. File hashing Explanation Which of the following would not be able to detect a security breach or malicious action that was committed by an internal employee? A.Job rotation C. Nondisclousre agreements (signed by the employees) Explanation Of the following, which describes a zero-day vulnerability? A.A vulnerability that has been known to the vendor for
zero days A. A vulnerability that has been known to the vendor for zero days Explanation Which method below was used as a native default for older versions of Microsoft Windows? A.PAP D. NTLM Explanation Of the following, which is commonly used in a DDoS attack? A.Phishing C.Botnet Explanation Which one uses two mathematically-related keys to secure the data during transmission? A.Twofish D. RSA Explanation An accounting employee changes roles with other accounting employees every few months. What is this called? A.Seperation of duties C. Job rotation Explanation Josh noticed that an attacker is trying to get network passwords by using a software that attempts a number of passwords from a list of common passwords. What type of attack is this called? A.Dictionary A. Dictionary Explanation As a security officer, you are concerned about data loss prevention (DLP). You have limited the use of USBs as well as all other portable media, you use an IDS to look for large volumes of outbound data, and a guard search all bags and people before they leave the building. What is a key step in the DLP that you have missed? A.Portable devices B. Email Explanation Laura is responsible for security on the new e-commerce server. She would like to verify that online transactions are secure. What technology should she use? A.L2TP D. TLS Explanation What is the purpose of screen locks on mobile devices? A.To encrypt the device B. To limit access to the device Explanation Lance is the network administrator for a small college that has recently implemented a simple NIDS. However, the NIDS seems to catch only well-known attacks. What technology seems to be missing? A.Heuristic scanning A. Heurisitc scanning Explanation What is a smurf attack? A Smurf attack occurs when an attacker sends a ping to a subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing power. This image is a graphical depiction of this type of attack. Which of the following types of attacks occurs when an attacker attempts to obtain personal or private information through domain spoofing or by poisoning a DNS server? A.Pharming A. Pharming Explanation Dion Training has recently opened an Internet café for students to use during their lunch break. Unfortunately, Dion Training doesn't have any wireless networks in their building, so they have placed three laptops in the Internet café. What protection should be installed to best prevent the laptops from being stolen? A.Proximity badge C. Cable locks Explanation Of the following, which would allow a user permission to install only certain programs on a company-owned mobile device? A.Whitelisting A. Whitelisting Explanation Kevin, the helpdesk manager, calls stating that there has been an increase in calls from users who are stating that their computers are infected with malware. Which of the following steps should be taken first? A.Containment D. Identifications Explanation Cierra is the CISO for her company. She's working to mitigate the danger of computer viruses in her network. Which administrative control can be implemented to assist with this goal? A.Implement host-based antimalware B. Implement policies regarding email attachments and file downloads Explanation Ashley was asked to implement a secure protocol to use during file transfers that use digital certificates. What protocol would be the best option? A.FTP C. FTPS Explanation You are a network security administrator for a bank and you have noticed that an attacker has exploited a flaw in OpenSSL and forced connections to move to a weak cipher which the attacker can breach. What type of attack is this? A.Disassociaition attack B. Downgrade attack Explanation Alissa manages the network for her company, a health club chain. She's working to find a communication technology option that uses low power and can spend long periods in sleep modes. What technology would be the best fit? A.WiFi D. ANT Explanation What type of attack uses a second WAP with the same SSID as a legitimate AP in an attempt to get user information via connecting to the hackers WAP? A.Evil twin A. Evil twin Explanation You've noticed someone has been rummaging through your company's trash bins for documents, diagrams, and other sensitive information that has been thrown out. What is this known as? A.Dumpster diving A. Dumpster diving Explanation Which of the following types of firewalls will examine the context of each packet it encounters? A.Packet filtering firewall B. Stateful packet filtering firewall Explanation Frank is concerned about an attacker enumerating his entire network. What protocol could help mitigate this issue? A.HTTPS D. LDAPS Explanation Of the following, which is the correct term that is used to describe a virus that can infect both the program files and the boot sectors? A.Polymorphic B. Multipartite Explanation John works on database server security for his company. He is concerned about preventing unauthorized access to the databases. Which of the following is the most appropriate for him to implement? A.ABAC D. DAMP Explanation Which of the following best describes what mobile content management (MCM) on a mobile device is used for? A.Limiting how much content can be stored on a device B. Limiting the type of content that can be accessed on the device Explanation You're looking to begin accepting electronic orders from a vendor and you want to ensure that people who aren't authorized cannot send orders. Your manager wants a solution that allows the opportunity to provide nonrepudiation. Which of the following would meet the specified requirements? A.Digital signatures A. Digital signatures Explanation Of the following examples, which is an example of a custodian security
role? A. Human resources employee Explanation You are the security administrator for a large company where occasionally, a user needs to access certain resources that the user doesn't have permission to access. Which method would be the most beneficial? A.Mandatory Access control D. Rule-based Access control Explanation Derrick is implementing virtualized systems in his network. He's currently using a Type I hypervisor. What operating system should be on the machines in order for him to install the hypervisor? A.None A. None When using a NIDS or NIPS in your organization, what are your two biggest concerns? A.Cost and false positives B. False positives and false negatives Explanation Lonnie has been assigned the task of choosing a backup communication method for his company in the case of a disaster that disrupts normal communication. Which option provides the most reliability? A.Cellular C. SATCOM Explanation You're currently looking for a network authentication method that uses digital certificates and doesn't require users to remember passwords. Which method is the most beneficial? A.OAuth B.Tokens Explanation Sets found in the same folderSecurity+ Practice Exam 125 terms Keegzzz5 Security+ Practice Exam 169 terms Keegzzz5 Security+ Practice Exam #269 terms Keegzzz5 Security+ Practice Exam 370 terms Keegzzz5 Other sets by this creatorPentest+ Jason Dions Practice Questions18 terms Keegzzz5 Sybex Practice Exam Chapter 6 Practice Exam 251 terms Keegzzz5 Sybex Pratice Questions Domain 5 Chapter 585 terms Keegzzz5 Sybex Practice Exam Book Chapter 4216 terms Keegzzz5 Verified questions
SOCIOLOGY Some people believe that in the future the nuclear family will be a reality for only a minority of Americans. Do you agree or disagree? Explain. Verified answer
SOCIOLOGY When "bill o'reilly" asked "dr. susan van etten" if she had ever been to alaska, he engaged in a(n)? Verified answer
SOCIOLOGY Explain why such reforms as open classrooms and integrative learning are characterized as more democratic than the traditional or bureaucratic approach. Verified answer SOCIOLOGY What was Weber’s contribution to the sociological study or religion? Verified answer Recommended textbook solutions
Social Psychology10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson 525 solutions Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions
Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions
Information Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions Other Quizlet setsMiddle East Section 5 Quiz #218 terms aeg129 Earth 101 Midterm 2 (Quizes 7-14)80 terms cheyanne_g ÄI2 Journalistisia asiatekstejä36 terms Testeri17 Spanish practice11 terms lassik23 Related questionsQUESTION Systems of democracy based on parliamentary institutions, coupled to the free-market system in the area of economic production. 7 answers QUESTION Is dumpster diving passive or active reconnaissance? 2 answers QUESTION the collective history of the building from pre-emergence to the preset and all stories associated with it 5 answers QUESTION agreements made between professional teams and local television stations and regional sport networks 3 answers What type of attack is a precursor to the collision attack?Preimage attacks are related to collision attacks, but they involve trying to find messages that result in specific hashes.
What is a collision attack in cyber security?February 2020) In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. This is in contrast to a preimage attack where a specific target hash value is specified.
What does collision attack mean?Definition. A collision attack finds two identical values among elements that are chosen according to some distribution on a finite set S. In cryptography, one typically assumes that the objects are chosen according to a uniform distribution.
What is collision attack in MD5?They are: Collision attack: Finding two different messages that gives the same hash value Preimage attack: Finding a message that maps to a given hash value Second Preimage attack: Finding another message that hashes to the same value as the given message [26].
|