SophiaPretty
$14/per page/Negotiable
1. When assigning permissions to users, which principle should you adhere to?
A. Eminent domain
B. Least privilege
C. Manifest destiny
D. Risk deterrence
2. You have taken out an insurance policy on your data/systems to share some of the risk with another entity. What type of risk strategy is this?
A. transformation
B. Conveyance
C. Transference
D. Devolution
3. Separation of duties polices are designed to reduce the risk of what?
A. Breach of confidentiality
B. Burn
C. Turnover
D. Fraud
4. In order to run “sniffer” software properly, the NIC in the computer running the software must be set to:
A. 10/100 Mode
B. Promiscuous Mode
C. Link Mode
D. Ethernet listening mode
5. Which port should be closed on systems to prevent the unauthorized running of programs?
A. 80
B. 111
C. 120
D. 157
6. Servers or computers that have two NIC cards, each connected to separate networks, are known as what type of computers?
A. Routed
B. Dual-homed
C. Firewalled
D. Protected
7. A firewall operating as a ___________________ firewall will pass or block packets based on their application or TCP port number.
A. Packet filter
B. Proxy
C. Stateful inspection
D. dual-homed
8. Which of the following is NOT a routing protocol?
A. RIP
B. BGP
C. OSPF
D. ICMP
9. If you wanted to connect two networks securely over the Internet, what type of technology could you use?
A. Repeater
B. Bridge
C. VPN
D. Telnet
10. Which access control model is a static model that uses predefined access privileges for resources that are assigned by the administrator?
A. RBAC
B. MAC
C. DAC
D. CAC
11. Which authentication method uses a Key Distribution Center (KCD)?
A. CHAP
B. Login & Authentication
C. Identification and Authentication
D. Kerberos
12. Which remote access protocol, implemented almost exclusively by Cisco, is a central server providing remote access usernames that dial-up users can use for authentication.
A. VPN
B. SLIP
C. RADIUS
D. TACACS+
13. Which of the following Evaluation Assurance Levels (EAL) specifies that the user wants assurance that the system will operate correctly, but threats to security are not viewed as serious?
A. EAL 7
B. EAL 5
C. EAL 3
D. EAL 1
.
14. Whether or not your server operating system can force the change of a password is considered what kind of a security issue?
A. Management
B. Operational
C. Physical
D. Organizational
15. Wireless Ethernet conforms to which IEEE standard?
A. IEEE 1394
B. IEEE 802.2
C. IEEE 802.10
D. IEEE 802.11
16. ___________________ is the security layer for wireless 802.11 connections using WAP.
A. WEP
B. WIP
C. WTLS
D. WAS
17. Which type of attack is one in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit?
A. NRZ
B. Faulty access point
C. Ordinal data
D. Evil twin
18. Which of the following is NOT one of the three cloud service models recognized by the NIST?
A. IaaS
B. SaaS
C. PaaS
D. XaaS
19. Which of the following is NOT one of the cloud delivery models recognized by NIST?
A. Hybrid
B. Community
C. Unlisted
D. Private
20. Which of the following will NOT contribute to network hardening?
A. Installing new anti-virus software on workstations
B. Updating network switch firmware to newest versions
C. Putting passwords on all remote-configurable network hardware
D. Locking down all unused ports on the firewall
21. Individuals who specialize in the breaking of codes are known as ___________________.
A. Cryptographers
B. Cryptanalysts
C. Cryptationists
D. Cryptosteganogrphers
22. What kind of cryptographic method replaces one character with another from a “match-up list” to produce the cipher text? The decoder wheels kids get in cereal boxes often make this kind of cryptography.
A. Substitution cipher
B. Transposition cipher
C. Steganographic cipher
D. Watermark cipher
23. Which method of code breaking tries every possible combination of characters in an attempt to “guess” the password or key?
A. Mathematical
B. Brute Force
C. Frequency Analysis
D. Algorithm Errors
24. Which encryption algorithm is based on Rijndael?
A. AES
B. DES
C. RC
D. CAST
25. Which encryption algorithm uses a 40 to 128-bit key and is used on many products from Microsoft and IBM?
A. AES
B. DES
C. RC
D. CAST
26. Which of the following is NOT an asymmetric encryption algorithm?
A. RSA
B. 3DES
C. ECC
D. Diffie-Hellman
27. How does a user obtain a Message Authentication Code (MAC)?
A. It is assigned by the encryption software manufacturer.
B. It is applied for from a third party organization
C. It is specified by the user before the encryption software runs.
D. It is derived from the message itself using an algorithm.
28. Which U.S. government agency publishes lists of known vulnerabilities in operating systems?
A. FBI
B. ABA
C. NSA
D. NIST
29. Which document is used to propose a new standard?
A. RFP
B. RFC
C. RMA
D. PFD
30. Which PKCS standard is the standard for password-based cryptography?
A. PKCS #1
B. PKCS #3
C. PKCS #5
D. PKCS #7
31. Which encryption/security measure, originally developed by Netscape, is used to establish a secure, lower-layer communication connection between two TCP/IP-based machines?
A. PKCS
B. SSL
C. TTS
D. Telnet
32. Which security standard is used to encrypt e-mails?
A. SSL
B. S/MIME
C. TTS
D. PKI
33. Which “X.” standard defines certificate formats and fields for public keys?
A. X.300
B. X. 305
C. X. 500
D. X. 509
34. Which of the following is another name for a “tree” trust model?
A. Level
B. Ranked
C. Hierarchical
D. Graded
35. A certificate authority (CA) is an organization that is responsible for doing which three of the following with certificates (choose three)?
A. Issuing
B. Revoking
C. Promoting
D. Distributing
36. Which of the following is not a component of Public Key Infrastructure (PKI)?
A. CA
B. XA
C. RA
D. RSA
37. Which of the following is an attack where a program or service is placed on a server to bypass normal security procedures?
A. DoS
B. Replay
C. Social Engineering
D. Back Door
38. The area of an application that is available to users (those who are authenticated as well as those who are not) is known as its:
A. ring of trust
B. attack surface
C. public persona
D. personal space
39. On the outer edge of physical security is the first barrier to entry. This barrier is known as a(n) ___________________.
A. Blockade
B. Door
C. Perimeter
D. Stop
40. A ___________________is the term for an area in a building where access is individually monitored and controlled.
A. Secured Room
B. Security Zone
C. Man Trap
D. Network perimeter
41. A ___________________ is used to provide EMI & RFI shielding for an entire room of computer or electronic equipment (also used to prevent eavesdropping).
A. Cone of silence
B. Room shield
C. Smart shield
D. Faraday cage
42. An End User License Agreement (EULA) for software would be considered what classification of information?
A. Private
B. Restricted
C. Public
D. Limited Distribution
43. Which type of policy determines if information is secret, top-secret, or public?
A. Information retention policies
B. Information destruction policies
C. Information classification policies
D. Information Security policies
44. “Full disclosure testing” is more often known as which of the following?
A. Gray box
B. Red box
C. White box
D. Black box
45. ___________________ is the first step in the incident response cycle.
A. Investigating the incident
B. Incident identification
C. Documenting the response
D. Repairing the damage
46. A major organization in the tracking and reporting of common computer and network security problems is ___________________.
A.SETI
B. IEEE
C. NCSA
D. CERT
47. The ___________________ method of backup keeps all data that has ever been on the system, regardless of its value.
A. Full backup
B. Full archival
C. Complete backup
D. Complete archival
48. You require your ISP to keep your Internet connection up 99.999% of the time. In which document would this condition be placed?
A. Backup plan
B. Service level agreement
C. Disaster recovery plan.
D. Corporate minutes
49. The process for establishing boundaries for information sharing is known as ___________________.
A. Establishment
B. Share-level boundaries
C. Privatization
D. Compartmentalization
50. Leaving a client’s files on your desk where the cleaning staff could see and browse through them is a violation of what type of policies?
A. Collusion
B. Due Care
C. Compartmentalization
D. Physical Access Control
Attachments: