Kopieren und bearbeiten

Quix2 - 50Q

Beschreibung

Good Luck! :D
Requiemdust Sheena
Quiz von Requiemdust Sheena, aktualisiert more than 1 year ago
Requiemdust Sheena
Erstellt von Requiemdust Sheena vor mehr als 4 Jahre
134
0
1

Zusammenfassung der Ressource

Frage 1

Frage
What is the formula used to determine risk?
Antworten
  • A. Risk = Threat * Vulnerability
  • B. Risk = Threat / Vulnerability
  • C. Risk = Asset * Threat
  • D. Risk = Asset / Threat

Frage 2

Frage
The following graphic shows the NIST risk management framework with step 4 missing. What is the missing step?
Image:
8 (binary/octet-stream)
Antworten
  • A. Assess security controls.
  • B. Determine control gaps.
  • C. Remediate control gaps.
  • D. Evaluate user activity.

Frage 3

Frage
HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?
Antworten
  • A. Risk mitigation
  • B. Risk acceptance
  • C. Risk transference
  • D. Risk avoidance

Frage 4

Frage
Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce?
Antworten
  • A. Availability
  • B. Denial
  • C. Confidentiality
  • D. Integrity

Frage 5

Frage
Which one of the following components should be included in an organization’s emergency response guidelines?
Antworten
  • A. List of individuals who should be notified of an emergency incident
  • B. Long-term business continuity protocols
  • C. Activation procedures for the organization’s cold sites
  • D. Contact information for ordering equipment

Frage 6

Frage
Who is the ideal person to approve an organization’s business continuity plan?
Antworten
  • A. Chief information officer
  • B. Chief executive officer
  • C. Chief information security officer
  • D. Chief operating officer

Frage 7

Frage
Which of the following is not one of the European Union’s General Data Protection Regulation (GDPR) principles?
Antworten
  • A. Information must be processed fairly.
  • B. Information must be deleted within one year of acquisition.
  • C. Information must be maintained securely.
  • D. Information must be accurate.

Frage 8

Frage
Ben’s company, which is based in the European Union, hires a thirdparty organization that processes data for it. Who has responsibility to protect the privacy of the data and ensure that it isn’t used for anything other than its intended purpose?
Antworten
  • A. Ben’s company is responsible.
  • B. The third-party data processor is responsible.
  • C. The data controller is responsible.
  • D. Both organizations bear equal responsibility.

Frage 9

Frage
When a computer is removed from service and disposed of, the process that ensures that all storage media has been removed or destroyed is known as what?
Antworten
  • A. Sanitization
  • B. Purging
  • C. Destruction
  • D. Declassification

Frage 10

Frage
Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme?
Antworten
  • A. 3DES
  • B. AES
  • C. Diffie–Hellman
  • D. Blowfish

Frage 11

Frage
Susan works in an organization that labels all removable media with the classification level of the data it contains, including public data. Why would Susan’s employer label all media instead of labeling only the media that contains data that could cause harm if it was exposed?
Antworten
  • A. It is cheaper to order all prelabeled media
  • B. It prevents sensitive media from not being marked by mistake.
  • C. It prevents reuse of public media for sensitive data.
  • D. Labeling all media is required by HIPAA.

Frage 12

Frage
Data stored in RAM is best characterized as what type of data?
Antworten
  • A. Data at rest
  • B. Data in use
  • C. Data in transit
  • D. Data at large

Frage 13

Frage
Rhonda is considering the use of new identification cards for physical access control in her organization. She comes across a military system that uses the card shown here. What type of card is this?
Image:
9 (binary/octet-stream)
Antworten
  • A. Smart card
  • B. Proximity card
  • C. Magnetic stripe card
  • D. Phase three card

Frage 14

Frage
Gordon is concerned about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in his facility. What technology would protect against this type of attack?
Antworten
  • A. TCSEC
  • B. SCSI
  • C. GHOST
  • D. TEMPEST

Frage 15

Frage
In the diagram shown here of security boundaries within a computer system, what component’s name has been replaced with XXX?
Image:
10 (binary/octet-stream)
Antworten
  • A. Kernel
  • B. TCB
  • C. Security perimeter
  • D. User execution

Frage 16

Frage
Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
Antworten
  • A. MD5
  • B. 3DES
  • C. PGP
  • D. WPA2

Frage 17

Frage
What action can you take to prevent accidental data disclosure due to wear leveling on an SSD device before reusing the drive?
Antworten
  • A. Reformatting
  • B. Disk encryption
  • C. Degaussing
  • D. Physical destruction

Frage 18

Frage
Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
Antworten
  • A. Chosen ciphertext
  • B. Chosen plaintext
  • C. Known plaintext
  • D. Brute force

Frage 19

Frage
A hacker recently violated the integrity of data in James’s company by modifying a file using a precise timing attack. The attacker waited until James verified the integrity of a file’s contents using a hash value and then modified the file between the time that James verified the integrity and read the contents of the file. What type of attack took place?
Antworten
  • A. Social engineering
  • B. TOCTOU
  • C. Data diddling
  • D. Parameter checking

Frage 20

Frage
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
Antworten
  • A. X.509
  • B. TLS
  • C. SSL
  • D. 802.1x

Frage 21

Frage
What is the minimum fence height that makes a fence difficult to climb easily, deterring most intruders?
Antworten
  • A. 3 feet
  • B. 4 feet
  • C. 5 feet
  • D. 6 feet

Frage 22

Frage
Johnson Widgets strictly limits access to total sales volume information, classifying it as a competitive secret. However, shipping clerks have unrestricted access to order records to facilitate transaction completion. A shipping clerk recently pulled all of the individual sales records for a quarter and totaled them up to determine the total sales volume. What type of attack occurred?
Antworten
  • A. Social engineering
  • B. Inference
  • C. Aggregation
  • D. Data diddling

Frage 23

Frage
What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment?
Antworten
  • A. Faraday cage
  • B. Copper-infused windows
  • C. Shielded cabling
  • D. White noise

Frage 24

Frage
In a software as a service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place to protect the application?
Antworten
  • A. Customer’s security team
  • B. Vendor
  • C. Customer’s networking team
  • D. Customer’s infrastructure management team

Frage 25

Frage
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. Which one of the following rules is not shown in the rulebase but will be enforced by the firewall?
Image:
11 (binary/octet-stream)
Antworten
  • A. Stealth
  • B. Implicit deny
  • C. Connection proxy
  • D. Egress filter

Frage 26

Frage
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What type of server is running at IP address 10.1.0.26?
Image:
11 (binary/octet-stream)
Antworten
  • A. Email
  • B. Web
  • C. FTP
  • D. Database

Frage 27

Frage
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. The system at 15.246.10.1 attempts HTTP and HTTPS connections to the web server running at 10.1.0.50. Which one of the following statements is true about that connection?
Image:
11 (binary/octet-stream)
Antworten
  • A. Both connections will be allowed.
  • B. Both connections will be blocked.
  • C. The HTTP connection will be allowed, and the HTTPS connection will be blocked.
  • D. The HTTP connection will be blocked, and the HTTPS connection will be allowed.

Frage 28

Frage
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What value should be used to fill in the source port for rule #3?
Image:
11 (binary/octet-stream)
Antworten
  • A. 25
  • B. 465
  • C. 80
  • D. Any

Frage 29

Frage
Data streams occur at what three layers of the OSI model?
Antworten
  • A. Application, Presentation, and Session
  • B. Presentation, Session, and Transport
  • C. Physical, Data Link, and Network
  • D. Data Link, Network, and Transport

Frage 30

Frage
Chris needs to design a firewall architecture that can support a DMZ, a database, and a private internal network in a secure manner that separates each function. What type of design should he use, and how many firewalls does he need?
Antworten
  • A. A four-tier firewall design with two firewalls
  • B. A two-tier firewall design with three firewalls
  • C. A three-tier firewall design with at least one firewall
  • D. A single-tier firewall design with three firewalls

Frage 31

Frage
A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer’s account. What type of biometric factor error occurred?
Antworten
  • A. A registration error
  • B. A Type 1 error
  • C. A Type 2 error
  • D. A time of use, method of use error

Frage 32

Frage
What type of access control is typically used by firewalls?
Antworten
  • A. Discretionary access controls
  • B. Rule-based access controls
  • C. Task-based access control
  • D. Mandatory access controls

Frage 33

Frage
When you input a user ID and password, you are performing what important identity and access management activity?
Antworten
  • A. Authorization
  • B. Validation
  • C. Authentication
  • D. Login

Frage 34

Frage
During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely running on those ports?
Antworten
  • A. SSH and FTP
  • B. FTP and Telnet
  • C. SMTP and Telnet
  • D. POP3 and SMTP

Frage 35

Frage
Saria’s team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?
Antworten
  • A. Crystal box
  • B. Gray box
  • C. White box
  • D. Black box

Frage 36

Frage
What method is commonly used to assess how well software testing covered the potential uses of an application?
Antworten
  • A. A test coverage analysis
  • B. A source code review
  • C. A fuzz analysis
  • D. A code review report

Frage 37

Frage
Testing that is focused on functions that a system should not allow are an example of what type of testing?
Antworten
  • A. Use case testing
  • B. Manual testing
  • C. Misuse case testing
  • D. Dynamic testing

Frage 38

Frage
What type of monitoring uses simulated traffic to a website to monitor performance?
Antworten
  • A. Log analysis
  • B. Synthetic monitoring
  • C. Passive monitoring
  • D. Simulated transaction analysis

Frage 39

Frage
Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?
Antworten
  • A. Path disclosure
  • B. Local file inclusion
  • C. Race condition
  • D. Buffer overflow

Frage 40

Frage
Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using?
Antworten
  • A. A port scanner
  • B. A service validator
  • C. A vulnerability scanner
  • D. A patch management tool

Frage 41

Frage
Mark is considering replacing his organization’s customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark’s company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?
Antworten
  • A. IaaS
  • B. CaaS
  • C. PaaS
  • D. SaaS

Frage 42

Frage
Which one of the following information sources is useful to security administrators seeking a list of information security vulnerabilities in applications, devices, and operating systems?
Antworten
  • A. OWASP
  • B. Bugtraq
  • C. Microsoft Security Bulletins
  • D. CVE

Frage 43

Frage
Which of the following would normally be considered an example of a disaster when performing disaster recovery planning? I. Hacking incident II. Flood III. Fire IV. Terrorism
Antworten
  • A. II and III only
  • B. I and IV only
  • C. II, III, and IV only
  • D. I, II, III, and IV

Frage 44

Frage
Glenda would like to conduct a disaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information system activities and as minimal a commitment of time as possible. What type of test should she choose?
Antworten
  • A. Tabletop exercise
  • B. Parallel test
  • C. Full interruption test
  • D. Checklist review

Frage 45

Frage
Which one of the following is not an example of a backup tape rotation scheme?
Antworten
  • A. Grandfather/Father/Son
  • B. Meet in the middle
  • C. Tower of Hanoi
  • D. Six Cartridge Weekly

Frage 46

Frage
Victor created a database table that contains information on his organization’s employees. The table contains the employee’s user ID, three different telephone number fields (home, work, and mobile), the employee’s office location, and the employee’s job title. There are 16 records in the table. What is the degree of this table?
Antworten
  • A. 3
  • B. 4
  • C. 6
  • D. 16

Frage 47

Frage
Carrie is analyzing the application logs for her web-based application and comes across the following string: ../../../../../../../../../etc/passwd What type of attack was likely attempted against Carrie’s application?
Antworten
  • A. Command injection
  • B. Session hijacking
  • C. Directory traversal
  • D. Brute force

Frage 48

Frage
When should a design review take place when following an SDLC approach to software development?
Antworten
  • A. After the code review
  • B. After user acceptance testing
  • C. After the development of functional requirements
  • D. After the completion of unit testing

Frage 49

Frage
Tracy is preparing to apply a patch to her organization’s enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning?
Antworten
  • A. Unit testing
  • B. Acceptance testing
  • C. Regression testing
  • D. Vulnerability testing

Frage 50

Frage
What term is used to describe the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner?
Antworten
  • A. Validation
  • B. Accreditation
  • C. Confidence interval
  • D. Assurance
Zusammenfassung anzeigen Zusammenfassung ausblenden

Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.

ähnlicher Inhalt

Imperialismus
sandya.zimmerman
04_Kommanditgesellschaft
Stefan Kurtenbach
IKA-Theoriefragen Serie 02 (15 Fragen)
IKA ON ICT GmbH
Nathan der Weise - Zusammenfassung
Laura Overhoff
40.1 Bildungswissenschaft
Yvonne Heitland
KFOR Univie (mögliche Prüfungsfragen)
frau planlos
Vetie - Histo & Embryo II 2017
Fioras Hu
Algebra 1-16
Christoph Affolter
Veti Pharma
Anna Leps
Vetie-Chirurgie 2017
Ju Pi
Vetie Fleisch 2021
Mascha K.
Bibliothek durchsuchen