Security + Practice

Question

Which of the following BEST describes both change and incident management?

Answer 1

Incident management is not a valid term in IT, however change management is

Answer 2

Change management is not a valid term in IT, however incident management is

Answer 3

Incident management and change management are interchangeable terms meaning the same thing

Answer 4

Incident management is for unexpected consequences, change management is for planned work

Answer 5

Disablement

Answer 6

Expiration

Answer 7

Password complexity

Answer 8

First name and home address

Answer 9

Social security number

Answer 10

Date of birth

Answer 11

Full name, date of birth and address

Answer 12

Encryption is preserved in full disk encryption when a file is copied from one media to another

Answer 13

Encryption is preserved in single file encryption when a file is copied from one media to another

Answer 14

Single file encryption provides better security when decrypting single files than full disk encryption when properly implemented and used

Answer 15

Full disk encryption provides better security when decrypting single files than single file encryption when properly implemented and used

Answer 16

Windows Vista

Answer 17

Conflicts with vulnerability scans impede patch effectiveness

Answer 18

Distributed updates may fail to apply or may not be active until a reboot

Answer 19

Vendor patches are released too frequently consuming excessive network bandwidth

Answer 20

It is resource intensive to test all patches

Answer 21

Malicious insider

Answer 22

PII requires public access but must be flagged as confidential

Answer 23

PII data breaches are always the result of negligent staff and punishable by law

Answer 24

PII must be handled properly in order to minimize security breaches and mishandling

Answer 25

PII must be stored in an encrypted fashion and only printed on shared printers

Answer 26

Job rotation

Answer 27

Incident response

Answer 28

Least privilege

Answer 29

On-going security

Answer 30

null password can be changed by all users on a network

Answer 31

a null password is a successful anonymous bind

Answer 32

null passwords can only be changed by the administrator

Answer 33

LDAP passwords are one-way encrypted

Answer 34

Social engineering

Answer 35

Remote access

Answer 36

Vulnerability scan

Answer 37

Trojan horse

Answer 38

encrypted networks and system logging

Answer 39

full disk encryption and central password management

Answer 40

vendor provided software update systems

Answer 41

centrally managed update services and access controls

Answer 42

Undocumented networks might not be protected and can be used to support insider attacks

Answer 43

Documenting a network hinders production because it is time consuming and ties up critical resources

Answer 44

Documented networks provide a visual representation of the network for an attacker to exploit

Answer 45

Undocumented networks ensure the confidentiality and secrecy of the network topology

Answer 46

Privacy screens

Answer 47

Screen locks

Answer 48

USB encryption

Answer 49

Data loss prevention

Answer 50

The attacker attempts to have the receiving server run a payload using programming commonly found on web servers

Answer 51

The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage

Answer 52

The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information

Answer 53

The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload

Answer 54

Employee productivity in a hot datacenter

Answer 55

Premature failure of components

Answer 56

Decreased number of systems in the datacenter

Answer 57

Increased utility costs

Answer 58

Metasploit

Answer 59

Vulnerability scanner

Answer 60

Steganography

Answer 61

Port scanner

Answer 62

Confidentiality of the data

Answer 63

Key loggers

Answer 64

Theft of the data

Answer 65

Disclosure of the data

Answer 66

passwordpassword

Answer 67

1024-15000

Answer 68

Bluesnarfing

Answer 69

Smurf attack

Answer 70

Session hijacking

Answer 71

Bluejacking

Answer 72

Session hijacking

Answer 73

Smurf attack

Answer 74

Bluejacking

Answer 75

Bluesnarfing

Answer 76

Virtualization

Answer 77

Port security

Answer 78

Remote access

Answer 79

Identification

Answer 80

Authentication

Answer 81

Authorization

Answer 82

private keys

Answer 83

public keys

Answer 84

root certificates

Answer 85

valid certificates

Answer 86

Vulnerability scanner

Answer 87

Hardware lock

Answer 88

Logic bomb

Answer 89

Trojan horse

Answer 90

Admitted to a network through NAC

Answer 91

That has been authenticated on the network

Answer 92

Implementing patch management

Answer 93

With enhanced security features

Answer 94

Tailgating

Answer 95

Dumpster diving

Answer 96

Social engineering

Answer 97

Zero-day attack

Answer 98

Vulnerability that is present in already released software but unknown to the software developer

Answer 99

Patched software coding errors

Answer 100

Well known vulnerabilities

Answer 101

New accounts

Answer 102

Gaining unauthorized access to restricted areas by following another person

Answer 103

Looking over someone's shoulder in order to get information

Answer 104

Manipulating a user into disclosing confidential information

Answer 105

Scanning for unsecured wireless networks while driving in a car

Answer 106

Diffie-Hellman

Answer 107

Recovery Time Objective (RTO)

Answer 108

Maximum Tolerable Period of Disruption (MTPOD)

Answer 109

Meantime Between Failures (MTBF)

Answer 110

Meantime To Restore (MTTR)

Answer 111

Data loss prevention

Answer 112

Acceptable use policy

Answer 113

Audit policy

Answer 114

Privacy policy

Answer 115

EMI shielding

Answer 116

Faraday cage

Answer 117

User account policy

Answer 118

Clean desk policy

Answer 119

Data labeling policy

Answer 120

Password complexity

Answer 121

Information classification

Answer 122

Evidence timeline

Answer 123

Data handling chain

Answer 124

Chain of custody

Answer 125

Trojan horse

Answer 126

Host-to-host

Answer 127

Load balancing

Answer 128

Remote sanitation

Answer 129

Encryption and passwords

Answer 130

Voice encryption

Answer 131

Quality of Service (QoS)

Answer 132

Conduct surveys and rank the results.

Answer 133

Perform routine user permission reviews.

Answer 134

Implement periodic vulnerability scanning.

Answer 135

Disable user accounts that have not been used within the last two weeks.

Answer 136

Hardware security module

Answer 137

Hardened network firewall

Answer 138

Solid state disk drive

Answer 139

Hardened host firewall

Answer 140

It mitigates buffer overflow attacks.

Answer 141

It makes the code more readable.

Answer 142

It provides an application configuration baseline.

Answer 143

It meets gray box testing standards.

Answer 144

Application

Answer 145

Registration

Answer 146

Recovery agent

Answer 147

Discretionary access control

Answer 148

Mandatory access control

Answer 149

Load balancer

Answer 150

Input validation

Answer 151

Cognitive password

Answer 152

Password sniffing

Answer 153

Brute force

Answer 154

Social engineering

Answer 155

Password history

Answer 156

Password logging

Answer 157

Password cracker

Answer 158

Password hashing

Answer 159

Client authentication.

Answer 160

WEP encryption.

Answer 161

Access control lists.

Answer 162

Code signing.

Answer 163

Password hashing.

Answer 164

Eliminating cross-site scripting vulnerabilities

Answer 165

Installing an IDS to monitor network traffic

Answer 166

Validating user input in web applications

Answer 167

Placing a firewall between the Internet and database servers

Answer 168

Mime-encoding

Answer 169

Anonymous email accounts

Answer 170

Signs and verifies all infrastructure messages

Answer 171

Issues and signs all private keys

Answer 172

Publishes key escrow lists to CRLs

Answer 173

Issues and signs all root certificates

Answer 174

Malicious code on the local system

Answer 175

Shoulder surfing

Answer 176

Brute force certificate cracking

Answer 177

Distributed dictionary attacks

Answer 178

More experienced employees from less experienced employees

Answer 179

Changes to program code and the ability to deploy to production

Answer 180

Upper level management users from standard development employees

Answer 181

The network access layer from the application access layer

Answer 182

The request needs to be sent to the incident management team.

Answer 183

The request needs to be approved through the incident management process.

Answer 184

The request needs to be approved through the change management process.

Answer 185

The request needs to be sent to the change management team.

	Erstellt von Elise Berg vor etwa 10 Jahre

Nächster

Security + Practice

Beschreibung

Zusammenfassung der Ressource

Frage 1

Frage 2

Frage 3

Frage 4

Frage 5

Frage 6

Frage 7

Frage 8

Frage 9

Frage 10

Frage 11

Frage 12

Frage 13

Frage 14

Frage 15

Frage 16

Frage 17

Frage 18

Frage 19

Frage 20

Frage 21

Frage 22

Frage 23

Frage 24

Frage 25

Frage 26

Frage 27

Frage 28

Frage 29

Frage 30

Frage 31

Frage 32

Frage 33

Frage 34

Frage 35

Frage 36

Frage 37

Frage 38

Frage 39

Frage 40

Frage 41

Frage 42

Frage 43

Frage 44

Frage 45

Frage 46

Frage 47

Frage 48

Frage 49

Frage 50

Frage 51

Frage 52

Frage 53

Frage 54

Frage 55

Frage 56

Frage 57

Frage 58

Frage 59

Frage 60

Frage 61

Frage 62

Frage 63

Frage 64

Frage 65

Frage 66

Frage 67

Frage 68

Frage 69

Frage 70

Frage 71

Frage 72

Frage 73

Frage 74

Frage 75

ähnlicher Inhalt