In-Class Quizzes

Beschreibung

Quizes about CASP examS
Mohamed Fnayou
Quiz von Mohamed Fnayou, aktualisiert more than 1 year ago
Mohamed Fnayou
Erstellt von Mohamed Fnayou vor etwa 8 Jahre
81
1

Zusammenfassung der Ressource

Frage 1

Frage
You are moving to a new location and have been asked to assess the security additions required in the new location. Which of the following concerns could be addressed with a mantrap?
Antworten
  • need to log all visitors
  • prevention of tailgating
  • dim lighting in the parking lot
  • contractors connecting to open ports

Frage 2

Frage
You work for a cable company that utilizes VLANs in its internal network and provides customers with connections between locations. If the company were to offer MPLS, what additional service would the company be able to offer customers that it currently cannot offer?
Antworten
  • metro Ethernet
  • establishment of VLANs between sites
  • cable TV and Internet service
  • transport encryption

Frage 3

Frage
What port number does HTTPS use?
Antworten
  • 80
  • 23
  • 443
  • 69

Frage 4

Frage
Network access control (NAC) is a service that goes beyond authentication of the user and includes an examination of the state of the computer?
Antworten
  • True
  • False

Frage 5

Frage
RAID 3 requires at least three drives, writes the data across all drives, and then writes parity information across all drives as well, so there is no single point of failure?
Antworten
  • True
  • False

Frage 6

Frage
Your company, a healthcare provider, is considering outsourcing its messaging system to a managed service provider. The proposal presented makes no mention of a DLP functionality. If this is not present, which of the following are you in danger of experiencing?
Antworten
  • poor messaging performance Correct!
  • loss of PII
  • open email relay
  • unauthenticated sessions

Frage 7

Frage
Your organization recently deployed a standard operating system image to all desktop systems and is now scanning the computers weekly against a security baseline. Which of the following cannot be learned by scanning against the baseline?
Antworten
  • whether security settings have been changed
  • whether user data has been deleted
  • whether security policies have been disabled
  • whether antimalware software has been removed

Frage 8

Frage
Input validation is a technique used to prevent which of the following application attacks?
Antworten
  • A. memory leaks
  • B. privilege escalation
  • C. improper error handling
  • D. SQL injection

Frage 9

Frage
One of the disadvantages when using sandboxing is the incompatibility issues with the many different types of applications and other utilities?
Antworten
  • True
  • False

Frage 10

Frage
Bluesnarfing is when an unsolicited message is sent to a Bluetooth-enabled device, often for the purpose of adding a business card to the victim’s contact list?
Antworten
  • True
  • False

Frage 11

Frage
The following code is an example of what type of attack? #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); }
Antworten
  • SQL injection
  • buffer overflow
  • cross-site scripting
  • integer overflow

Frage 12

Frage
In the following raw HTTP request, which part is problematic? GET /disp_reports.php?SectionEntered=57&GroupEntered=- 1&report_type=alerts&to_date=01- 01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10- 2010&TypesEntered=1 HTTP/1.1 Host: test.example.net Accept: */* Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001;
Antworten
  • A. Host: test.example.net
  • B. Connection: close
  • C. Run&UserEntered=dsmith&SessionID=5f04189
  • D. Accept: */*

Frage 13

Frage
You have been asked to improve the quality of the code produced by the software development team, so you are creating a secure coding standard document. Which of the following is NOT a topic that should be covered in the document?
Antworten
  • A. error handling
  • B. input validation
  • C. memory use and reuse
  • D. performance metrics

Frage 14

Frage
The WASC is the organization that maintains a list of top 10 attacks on an ongoing basis?
Antworten
  • True
  • False

Frage 15

Frage
Fuzzing is used for testing how an application reacts when injecting invalid or unexpected inputs?
Antworten
  • True
  • False

Frage 16

Frage
Companies A and B are merging, with the security administrator for Company A becoming head of IT. In which of the following scenarios would the first step be to perform a vulnerability assessment of Company B’s network?
Antworten
  • A. The two networks must be joined.
  • B. An application used by Company B must be integrated by Company A.
  • C. The two networks have overlapping IP address ranges.
  • D. An attack is under way in Company A’s network.

Frage 17

Frage
Company E has a contract with a smaller company. The smaller company provides security at a high-security location. Company E discovers that the smaller company has subcontracted some of the functions. What is the minimum step that Company E must take in reaction to this situation? A. Do nothing. It is shielded from liability. B. Execute a new contract that includes the subcontractor. C. Require the security contractor to execute a service agreement with the subcontractor. D. Fire the security consulting company.
Antworten
  • A
  • B
  • C
  • D

Frage 18

Frage
Which of the following refers to responsibilities that an organization has due to partnerships with other organizations and customers? A. Due process B. Downstream liability C. Due diligence D. Indirect costs
Antworten
  • A
  • B
  • C
  • D

Frage 19

Frage
Generally speaking, an increase in security measures in a network is accompanied by an increase in performance?
Antworten
  • True
  • False

Frage 20

Frage
Due care is when an organization understands the security risks it faces and has taken reasonable measures to meet those risks?
Antworten
  • True
  • False

Frage 21

Frage
Your organization has recently implemented several new security policies in response to a recent risk analysis. One of the new policies states that controls must be configured to protect files from unauthorized or accidental deletion. Which aspect of security does this new policy address? A. confidentiality B. integrity C. availability D. authorization
Antworten
  • A
  • B
  • C
  • D

Frage 22

Frage
Your company completes a risk analysis. After the analysis, management requests that you deploy security controls that will mitigate any of the identified risks. What is risk mitigation? A. risk that is left over after safeguards have been implemented B. terminating the activity that causes a risk or choosing an alternative that is not as risky C. passing the risk on to a third party D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level
Antworten
  • A
  • B
  • C
  • D

Frage 23

Frage
An organization has a research server farm with a value of $12,000. The exposure factor for a complete power failure is 10%. The annualized rate of occurrence that this will occur is 5%. What is the ALE for this event? A. $1,200 B. $12,000 C. $60 D. $600
Antworten
  • A
  • B
  • C
  • D

Frage 24

Frage
You have been asked to document the different threats to an internal file server. As part of that documentation, you need to include the monetary impact of each threat occurrence. You should determine the SLE for each threat occurrence?
Antworten
  • True
  • False

Frage 25

Frage
Standards often include step-by-step lists on how polices, guidelines, and procedures are implemented?
Antworten
  • True
  • False

Frage 26

Frage
Your company recently had a third party review all internal procedures. As a result of this review, the third party made several recommendations for procedural changes. One of the recommendations is that critical financial transactions should be split between two independent parties. Of which principle is this an example? A. job rotation B. separation of duties C. least privilege D. mandatory vacation
Antworten
  • A
  • B
  • C
  • D

Frage 27

Frage
As part of the process of conducting a business impact analysis (BIA), you perform the MTD, MTTR, and MTBF calculations. Which step of the BIA are you performing? A. Identify critical processes and resources. B. Identify resource requirements. C. Identify outage impacts, and estimate downtime. D. Identify recovery priorities.
Antworten
  • A
  • B
  • C
  • D

Frage 28

Frage
Which of the following describes the average amount of time it will take to get a device fixed and back online? A. MTBF B. MTTR C. RTO D. RPO
Antworten
  • A
  • B
  • C
  • D

Frage 29

Frage
To identify vulnerabilities and threats is the first step of a risk assessment?
Antworten
  • True
  • False

Frage 30

Frage
Several invalid password attempts for multiple users is considered an incident?
Antworten
  • True
  • False

Frage 31

Frage
The company you work for has implemented the following security controls: ■ All workstations have the latest patches and antivirus. ■ All sensitive data is encrypted in transit. ■ Dual-factor user authentication is used. ■ A firewall at the edge of the network is implemented. What is missing from this security posture? A. no local encryption B. weak user authentication C. insufficient edge control D. exposure to viruses
Antworten
  • A
  • B
  • C
  • D

Frage 32

Frage
If you implement FCoE in your storage network, which of the following security issues should concern you? A. a breach of the Fibre Channel network B. a breach of the Ethernet network C. the use of iSCSI commands D. the inability to use encryption
Antworten
  • A
  • B
  • C
  • D

Frage 33

Frage
Placing older data on low-cost, low-performance storage while keeping more active data on faster storage systems is called what? A. multipathing B. tiering C. consolidating D. masking
Antworten
  • A
  • B
  • C
  • D

Frage 34

Frage
A community cloud is a solution owned and managed by one company solely for that company’s use?
Antworten
  • True
  • False

Frage 35

Frage
Synchronous replication provides near-real-time replication but uses more bandwidth and cannot tolerate latency?
Antworten
  • True
  • False
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

The SAT Math test essentials list
lizcortland
How to improve your SAT math score
Brad Hegarty
Common Technology Terms
Julio Aldine Branch-HCPL
Project Communications Management
farzanajeffri
Network Protocols
Shannon Anderson-Rush
Abstraction
Shannon Anderson-Rush
Computing
Kwame Oteng-Adusei
HTTPS explained with Carrier Pigeons
Shannon Anderson-Rush
Introduction to the Internet
Shannon Anderson-Rush
Construcción de software
CRHISTIAN SUAREZ
Historical Development of Computer Languages
Shannon Anderson-Rush