6251808272-176_200

Beschreibung

6251808272-176_200
Not/Applicable
Quiz von Not/Applicable, aktualisiert more than 1 year ago
Not/Applicable
Erstellt von Not/Applicable vor fast 10 Jahre
14
0

Zusammenfassung der Ressource

Frage 1

Frage
A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO).
Antworten
  • FTP service should be disabled
  • HTTPS service should be disabled
  • SSH service should be disabled
  • HTTP service should disabled
  • Telnet service should be disabled

Frage 2

Frage
Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?
Antworten
  • line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password
  • line console 0 password password line vty 0 4 password P@s5W0Rd
  • line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd
  • line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd

Frage 3

Frage
Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that had changed since last night's integrity scan. Which of the following could the technician use to prepare the report? (Select TWO).
Antworten
  • PGP
  • MD5
  • ECC
  • AES
  • Blowfish
  • HMAC

Frage 4

Frage
Ann has read and write access to an employee database, while Joe has only read access. Ann is leaving for a conference. Which of the following types of authorization could be utilized to trigger write access for Joe when Ann is absent?
Antworten
  • Mandatory access control
  • Role-based access control
  • Discretionary access control
  • Rule-based access control

Frage 5

Frage
Human Resources suspects an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?
Antworten
  • Shared accounts should be prohibited.
  • Account lockout should be enabled
  • Privileges should be assigned to groups rather than individuals
  • Time of day restrictions should be in use

Frage 6

Frage
An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes. Which of the following should the administrator implement?
Antworten
  • Snapshots
  • Sandboxing
  • Patch management
  • Intrusion detection system

Frage 7

Frage
An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors' accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?
Antworten
  • Disable unnecessary contractor accounts and inform the auditor of the update.
  • Reset contractor accounts and inform the auditor of the update.
  • Inform the auditor that the accounts belong to the contractors.
  • Delete contractor accounts and inform the auditor of the update.

Frage 8

Frage
Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?
Antworten
  • Hard tokens
  • Fingerprint readers
  • Swipe badge readers
  • Passphrases

Frage 9

Frage
Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?
Antworten
  • Application firewalls
  • Manual updates
  • Firmware version control
  • Encrypted TCP wrappers

Frage 10

Frage
A new intern was assigned to the system engineering department, which consists of the system architect and system software developer's teams. These two teams have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of the following methods should the system administrator implement?
Antworten
  • Group based privileges
  • Generic account prohibition
  • User access review
  • Credential management

Frage 11

Frage
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?
Antworten
  • Mandatory access
  • Rule-based access control
  • Least privilege
  • Job rotation

Frage 12

Frage
A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?
Antworten
  • Clustering
  • Mirrored server
  • RAID
  • Tape backup

Frage 13

Frage
A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. Which of the following is the BEST approach for implementation of the new application on the virtual server?
Antworten
  • Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location.
  • Generate a baseline report detailing all installed applications on the virtualized server after installing the new application.
  • Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location.
  • Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.

Frage 14

Frage
Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?
Antworten
  • Joe's public key
  • Joe's private key
  • Ann's public key
  • Ann's private key

Frage 15

Frage
Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"?
Antworten
  • CRL
  • PKI
  • OCSP
  • RA

Frage 16

Frage
During a recent investigation, an auditor discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse?
Antworten
  • Update anti-virus definitions on SCADA systems
  • Audit accounts on the SCADA systems
  • Install a firewall on the SCADA network
  • Deploy NIPS at the edge of the SCADA network

Frage 17

Frage
A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement?
Antworten
  • WPA2 over EAP-TTLS
  • WPA-PSK
  • WPA2 with WPS
  • WEP over EAP-PEAP

Frage 18

Frage
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement?
Antworten
  • File encryption
  • Printer hardening
  • Clean desk policies
  • Data loss prevention

Frage 19

Frage
The company's sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports. Which of the following controls is preventing them from completing their work?
Antworten
  • Discretionary access control
  • Role-based access control
  • Time of Day access control
  • Mandatory access control

Frage 20

Frage
A security engineer is asked by the company's development team to recommend the most secure method for password storage. Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).
Antworten
  • PBKDF2
  • MD5
  • SHA2
  • Bcrypt
  • AES
  • CHAP

Frage 21

Frage
After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting?
Antworten
  • WPA2-PSK requires a supplicant on the mobile device.
  • Hardware address filtering is blocking the device.
  • TCP/IP Port filtering has been implemented on the SOHO router.
  • IP address filtering has disabled the device from connecting.

Frage 22

Frage
The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior?
Antworten
  • Acceptable use policies
  • Host-based firewalls
  • Content inspection
  • Application whitelisting

Frage 23

Frage
When creating a public / private key pair, for which of the following ciphers would a user need to specify the key strength?
Antworten
  • SHA
  • AES
  • DES
  • RSA

Frage 24

Frage
A company has decided to move large data sets to a cloud provider in order to limit the costs of new infrastructure. Some of the data is sensitive and the Chief Information Officer wants to make sure both parties have a clear understanding of the controls needed to protect the data. Which of the following types of interoperability agreement is this?
Antworten
  • ISA
  • MOU
  • SLA
  • BPA

Frage 25

Frage
Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?
Antworten
  • Trusted OS
  • Host software baselining
  • OS hardening
  • Virtualization
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

10 Lernmethoden
AntonS
Biologie - Vorraussetzungen
Kim-Mai Tran
PuKW STEP 6 (mögliche Prüfungsfragen/Prüfungsvorbereitung)
frau planlos
Hardware- und Gerätetechnik
DFairy
PSYCH
frau planlos
Wortschatz Französisch 3. Gesundheit und Medizin
l_u_n_a_19
WERB Univie (mögliche Fragen)
frau planlos
Mewa WS 18/19
Adrienne Tschaudi
Onlinequiz zu MS-4.2 Kapitel_3_Teil_I
Deborah Büscher
Vetie Gerichtliche Veterinärmedizin
Fioras Hu
Vetie - Lebensmittel 2022
Ann Borg