Quix12 - 50Q

NIST SP800-53 discusses a set of security controls as what type of security tool?

Ed has been tasked with identifying a service that will provide a lowlatency, high-performance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer’s customers around the world can access their content quickly, easily, and reliably?

Which one of the following is not a function of a forensic disk controller?

Mike is building a fault-tolerant server and wishes to implement RAID 1. How many physical disks are required to build this solution?

Which Kerberos service generates a new ticket and session keys and sends them to the client?

Communication systems that rely on start and stop flags or bits to manage data transmission are known as what type of communication?

What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders?

Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?

Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes?

Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?

Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible?

Which one of the following is not a mode of operation for the Data Encryption Standard?

Tom is tuning his security monitoring tools in an attempt to reduce the number of alerts received by administrators without missing important security events. He decides to configure the system to only report failed login attempts if there are five failed attempts to access the same account within a one-hour period of time. What term best describes the technique that Tom is using?

Sally has been tasked with deploying an authentication, authorization, and accounting server for wireless network services in her organization and needs to avoid using proprietary technology. What technology should she select?

An accounting clerk for Christopher’s Cheesecakes does not have access to the salary information for individual employees but wanted to know the salary of a new hire. He pulled total payroll expenses for the pay period before the new person was hired and then pulled the same expenses for the following pay period. He computed the difference between those two amounts to determine the individual’s salary. What type of attack occurred?

Alice would like to have read permissions on an object and knows that Bob already has those rights and would like to give them to herself. Which one of the rules in the Take-Grant protection model would allow her to complete this operation if the relationship exists between Alice and Bob?

During a log review, Danielle discovers a series of logs that show login failures: Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaae What type of attack has Danielle discovered?

What property of a relational database ensures that two executing transactions do not affect each other by storing interim results in the database?

Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with?

Which of the following is an industry standard for data security?

Which of the following sequences properly describes the TCP threeway handshake?

Which one of the following technologies is not normally a capability of mobile device management (MDM) solutions?

Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?

Gina recently took the CISSP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 code of ethics is most directly violated in this situation?

Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified?

Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation?

Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusually high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place?

In the database table shown here, which column would be the best candidate for a primary key?

Jesse is looking at the /etc/passwd file on a system configured to use shadowed passwords. What should she expect to see in the password field of this file?

Bob is configuring egress filtering on his network, examining traffic destined for the Internet. His organization uses the public address range 12.8.195.0/24. Packets with which one of the following destination addresses should Bob permit to leave the network?

How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys?

What problem drives the recommendation to physically destroy SSD drives to prevent data leaks when they are retired?

GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy?

How should samples be generated when assessing account management practices?

The EU-U.S. Privacy Shield Framework relies on seven principles. Which of the following correctly lists all seven?

SYN floods rely on implementations of what protocol to cause denial of service conditions?

What type of log is shown in the figure?

What principle states that an individual should make every effort to complete his or her responsibilities in an accurate and timely manner?

When an attacker calls an organization’s help desk and persuades them to reset a password for them due to the help desk employee’s trust and willingness to help, what type of attack succeeded?

When a user attempts to log into their online account, Google sends a text message with a code to their cell phone. What type of verification is this?

What mathematical operation, when substituted for the blank lines shown here, would make the equations correct?

The organization that Ben works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. If availability of authentication services is the organization’s biggest priority, what type of identity platform should Ben recommend?

The organization that Ben works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. If Ben needs to share identity information with the business partner shown, what should he investigate?

The organization that Ben works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. What technology is likely to be involved when Ben’s organization needs to provide authentication and authorization assertions to their cloud e-commerce application?

Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables. Which one of the following techniques is specifically designed to frustrate the use of rainbow tables?

Which one of the following is a single system designed to attract attackers because it seemingly contains sensitive information or other attractive resources?

When evaluating biometric devices, what is another term used to describe the equal error rate?

Cable modems, ISDN, and DSL are all examples of what type of technology?

Sean suspects that an individual in his company is smuggling out secret information despite his company’s careful use of data loss prevention systems. He discovers that the suspect is posting photos, including the one shown here, to public Internet message boards. What type of technique may the individuals be using to hide messages inside this image?

Roger is concerned that a third-party firm hired to develop code for an internal application will embed a backdoor in the code. The developer retains rights to the intellectual property and will only deliver the software in its final form. Which one of the following languages would be least susceptible to this type of attack because it would provide Roger with code that is human-readable in its final form?