Security + Practice

Question

Which of the following BEST describes both change and incident management?

Answer 1

Incident management is not a valid term in IT, however change management is

Answer 2

Change management is not a valid term in IT, however incident management is

Answer 3

Incident management and change management are interchangeable terms meaning the same thing

Answer 4

Incident management is for unexpected consequences, change management is for planned work

Answer 5

Disablement

Answer 6

Expiration

Answer 7

Password complexity

Answer 8

First name and home address

Answer 9

Social security number

Answer 10

Date of birth

Answer 11

Full name, date of birth and address

Answer 12

Encryption is preserved in full disk encryption when a file is copied from one media to another

Answer 13

Encryption is preserved in single file encryption when a file is copied from one media to another

Answer 14

Single file encryption provides better security when decrypting single files than full disk encryption when properly implemented and used

Answer 15

Full disk encryption provides better security when decrypting single files than single file encryption when properly implemented and used

Answer 16

Windows Vista

Answer 17

Conflicts with vulnerability scans impede patch effectiveness

Answer 18

Distributed updates may fail to apply or may not be active until a reboot

Answer 19

Vendor patches are released too frequently consuming excessive network bandwidth

Answer 20

It is resource intensive to test all patches

Answer 21

Malicious insider

Answer 22

PII requires public access but must be flagged as confidential

Answer 23

PII data breaches are always the result of negligent staff and punishable by law

Answer 24

PII must be handled properly in order to minimize security breaches and mishandling

Answer 25

PII must be stored in an encrypted fashion and only printed on shared printers

Answer 26

Job rotation

Answer 27

Incident response

Answer 28

Least privilege

Answer 29

On-going security

Answer 30

null password can be changed by all users on a network

Answer 31

a null password is a successful anonymous bind

Answer 32

null passwords can only be changed by the administrator

Answer 33

LDAP passwords are one-way encrypted

Answer 34

Social engineering

Answer 35

Remote access

Answer 36

Vulnerability scan

Answer 37

Trojan horse

Answer 38

encrypted networks and system logging

Answer 39

full disk encryption and central password management

Answer 40

vendor provided software update systems

Answer 41

centrally managed update services and access controls

Answer 42

Undocumented networks might not be protected and can be used to support insider attacks

Answer 43

Documenting a network hinders production because it is time consuming and ties up critical resources

Answer 44

Documented networks provide a visual representation of the network for an attacker to exploit

Answer 45

Undocumented networks ensure the confidentiality and secrecy of the network topology

Answer 46

Privacy screens

Answer 47

Screen locks

Answer 48

USB encryption

Answer 49

Data loss prevention

Answer 50

The attacker attempts to have the receiving server run a payload using programming commonly found on web servers

Answer 51

The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage

Answer 52

The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information

Answer 53

The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload

Answer 54

Employee productivity in a hot datacenter

Answer 55

Premature failure of components

Answer 56

Decreased number of systems in the datacenter

Answer 57

Increased utility costs

Answer 58

Metasploit

Answer 59

Vulnerability scanner

Answer 60

Steganography

Answer 61

Port scanner

Answer 62

Confidentiality of the data

Answer 63

Key loggers

Answer 64

Theft of the data

Answer 65

Disclosure of the data

Answer 66

passwordpassword

Answer 67

1024-15000

Answer 68

Bluesnarfing

Answer 69

Smurf attack

Answer 70

Session hijacking

Answer 71

Bluejacking

Answer 72

Session hijacking

Answer 73

Smurf attack

Answer 74

Bluejacking

Answer 75

Bluesnarfing

Answer 76

Virtualization

Answer 77

Port security

Answer 78

Remote access

Answer 79

Identification

Answer 80

Authentication

Answer 81

Authorization

Answer 82

private keys

Answer 83

public keys

Answer 84

root certificates

Answer 85

valid certificates

Answer 86

Vulnerability scanner

Answer 87

Hardware lock

Answer 88

Logic bomb

Answer 89

Trojan horse

Answer 90

Admitted to a network through NAC

Answer 91

That has been authenticated on the network

Answer 92

Implementing patch management

Answer 93

With enhanced security features

Answer 94

Tailgating

Answer 95

Dumpster diving

Answer 96

Social engineering

Answer 97

Zero-day attack

Answer 98

Vulnerability that is present in already released software but unknown to the software developer

Answer 99

Patched software coding errors

Answer 100

Well known vulnerabilities

Answer 101

New accounts

Answer 102

Gaining unauthorized access to restricted areas by following another person

Answer 103

Looking over someone's shoulder in order to get information

Answer 104

Manipulating a user into disclosing confidential information

Answer 105

Scanning for unsecured wireless networks while driving in a car

Answer 106

Diffie-Hellman

Answer 107

Recovery Time Objective (RTO)

Answer 108

Maximum Tolerable Period of Disruption (MTPOD)

Answer 109

Meantime Between Failures (MTBF)

Answer 110

Meantime To Restore (MTTR)

Answer 111

Data loss prevention

Answer 112

Acceptable use policy

Answer 113

Audit policy

Answer 114

Privacy policy

Answer 115

EMI shielding

Answer 116

Faraday cage

Answer 117

User account policy

Answer 118

Clean desk policy

Answer 119

Data labeling policy

Answer 120

Password complexity

Answer 121

Information classification

Answer 122

Evidence timeline

Answer 123

Data handling chain

Answer 124

Chain of custody

Answer 125

Trojan horse

Answer 126

Host-to-host

Answer 127

Load balancing

Answer 128

Remote sanitation

Answer 129

Encryption and passwords

Answer 130

Voice encryption

Answer 131

Quality of Service (QoS)

Answer 132

Conduct surveys and rank the results.

Answer 133

Perform routine user permission reviews.

Answer 134

Implement periodic vulnerability scanning.

Answer 135

Disable user accounts that have not been used within the last two weeks.

Answer 136

Hardware security module

Answer 137

Hardened network firewall

Answer 138

Solid state disk drive

Answer 139

Hardened host firewall

Answer 140

It mitigates buffer overflow attacks.

Answer 141

It makes the code more readable.

Answer 142

It provides an application configuration baseline.

Answer 143

It meets gray box testing standards.

Answer 144

Application

Answer 145

Registration

Answer 146

Recovery agent

Answer 147

Discretionary access control

Answer 148

Mandatory access control

Answer 149

Load balancer

Answer 150

Input validation

Answer 151

Cognitive password

Answer 152

Password sniffing

Answer 153

Brute force

Answer 154

Social engineering

Answer 155

Password history

Answer 156

Password logging

Answer 157

Password cracker

Answer 158

Password hashing

Answer 159

Client authentication.

Answer 160

WEP encryption.

Answer 161

Access control lists.

Answer 162

Code signing.

Answer 163

Password hashing.

Answer 164

Eliminating cross-site scripting vulnerabilities

Answer 165

Installing an IDS to monitor network traffic

Answer 166

Validating user input in web applications

Answer 167

Placing a firewall between the Internet and database servers

Answer 168

Mime-encoding

Answer 169

Anonymous email accounts

Answer 170

Signs and verifies all infrastructure messages

Answer 171

Issues and signs all private keys

Answer 172

Publishes key escrow lists to CRLs

Answer 173

Issues and signs all root certificates

Answer 174

Malicious code on the local system

Answer 175

Shoulder surfing

Answer 176

Brute force certificate cracking

Answer 177

Distributed dictionary attacks

Answer 178

More experienced employees from less experienced employees

Answer 179

Changes to program code and the ability to deploy to production

Answer 180

Upper level management users from standard development employees

Answer 181

The network access layer from the application access layer

Answer 182

The request needs to be sent to the incident management team.

Answer 183

The request needs to be approved through the incident management process.

Answer 184

The request needs to be approved through the change management process.

Answer 185

The request needs to be sent to the change management team.

	Creado por Elise Berg hace más de 10 años

Siguiente

Security + Practice

Descripción

Resumen del Recurso

Pregunta 1

Pregunta 2

Pregunta 3

Pregunta 4

Pregunta 5

Pregunta 6

Pregunta 7

Pregunta 8

Pregunta 9

Pregunta 10

Pregunta 11

Pregunta 12

Pregunta 13

Pregunta 14

Pregunta 15

Pregunta 16

Pregunta 17

Pregunta 18

Pregunta 19

Pregunta 20

Pregunta 21

Pregunta 22

Pregunta 23

Pregunta 24

Pregunta 25

Pregunta 26

Pregunta 27

Pregunta 28

Pregunta 29

Pregunta 30

Pregunta 31

Pregunta 32

Pregunta 33

Pregunta 34

Pregunta 35

Pregunta 36

Pregunta 37

Pregunta 38

Pregunta 39

Pregunta 40

Pregunta 41

Pregunta 42

Pregunta 43

Pregunta 44

Pregunta 45

Pregunta 46

Pregunta 47

Pregunta 48

Pregunta 49

Pregunta 50

Pregunta 51

Pregunta 52

Pregunta 53

Pregunta 54

Pregunta 55

Pregunta 56

Pregunta 57

Pregunta 58

Pregunta 59

Pregunta 60

Pregunta 61

Pregunta 62

Pregunta 63

Pregunta 64

Pregunta 65

Pregunta 66

Pregunta 67

Pregunta 68

Pregunta 69

Pregunta 70

Pregunta 71

Pregunta 72

Pregunta 73

Pregunta 74

Pregunta 75

Similar