Copiar y Editar

Quix2 - 50Q

Descripción

Good Luck! :D
Requiemdust Sheena
Test por Requiemdust Sheena, actualizado hace más de 1 año
Requiemdust Sheena
Creado por Requiemdust Sheena hace más de 4 años
134
0
1

Resumen del Recurso

Pregunta 1

Pregunta
What is the formula used to determine risk?
Respuesta
  • A. Risk = Threat * Vulnerability
  • B. Risk = Threat / Vulnerability
  • C. Risk = Asset * Threat
  • D. Risk = Asset / Threat

Pregunta 2

Pregunta
The following graphic shows the NIST risk management framework with step 4 missing. What is the missing step?
Image:
8 (binary/octet-stream)
Respuesta
  • A. Assess security controls.
  • B. Determine control gaps.
  • C. Remediate control gaps.
  • D. Evaluate user activity.

Pregunta 3

Pregunta
HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?
Respuesta
  • A. Risk mitigation
  • B. Risk acceptance
  • C. Risk transference
  • D. Risk avoidance

Pregunta 4

Pregunta
Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce?
Respuesta
  • A. Availability
  • B. Denial
  • C. Confidentiality
  • D. Integrity

Pregunta 5

Pregunta
Which one of the following components should be included in an organization’s emergency response guidelines?
Respuesta
  • A. List of individuals who should be notified of an emergency incident
  • B. Long-term business continuity protocols
  • C. Activation procedures for the organization’s cold sites
  • D. Contact information for ordering equipment

Pregunta 6

Pregunta
Who is the ideal person to approve an organization’s business continuity plan?
Respuesta
  • A. Chief information officer
  • B. Chief executive officer
  • C. Chief information security officer
  • D. Chief operating officer

Pregunta 7

Pregunta
Which of the following is not one of the European Union’s General Data Protection Regulation (GDPR) principles?
Respuesta
  • A. Information must be processed fairly.
  • B. Information must be deleted within one year of acquisition.
  • C. Information must be maintained securely.
  • D. Information must be accurate.

Pregunta 8

Pregunta
Ben’s company, which is based in the European Union, hires a thirdparty organization that processes data for it. Who has responsibility to protect the privacy of the data and ensure that it isn’t used for anything other than its intended purpose?
Respuesta
  • A. Ben’s company is responsible.
  • B. The third-party data processor is responsible.
  • C. The data controller is responsible.
  • D. Both organizations bear equal responsibility.

Pregunta 9

Pregunta
When a computer is removed from service and disposed of, the process that ensures that all storage media has been removed or destroyed is known as what?
Respuesta
  • A. Sanitization
  • B. Purging
  • C. Destruction
  • D. Declassification

Pregunta 10

Pregunta
Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme?
Respuesta
  • A. 3DES
  • B. AES
  • C. Diffie–Hellman
  • D. Blowfish

Pregunta 11

Pregunta
Susan works in an organization that labels all removable media with the classification level of the data it contains, including public data. Why would Susan’s employer label all media instead of labeling only the media that contains data that could cause harm if it was exposed?
Respuesta
  • A. It is cheaper to order all prelabeled media
  • B. It prevents sensitive media from not being marked by mistake.
  • C. It prevents reuse of public media for sensitive data.
  • D. Labeling all media is required by HIPAA.

Pregunta 12

Pregunta
Data stored in RAM is best characterized as what type of data?
Respuesta
  • A. Data at rest
  • B. Data in use
  • C. Data in transit
  • D. Data at large

Pregunta 13

Pregunta
Rhonda is considering the use of new identification cards for physical access control in her organization. She comes across a military system that uses the card shown here. What type of card is this?
Image:
9 (binary/octet-stream)
Respuesta
  • A. Smart card
  • B. Proximity card
  • C. Magnetic stripe card
  • D. Phase three card

Pregunta 14

Pregunta
Gordon is concerned about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in his facility. What technology would protect against this type of attack?
Respuesta
  • A. TCSEC
  • B. SCSI
  • C. GHOST
  • D. TEMPEST

Pregunta 15

Pregunta
In the diagram shown here of security boundaries within a computer system, what component’s name has been replaced with XXX?
Image:
10 (binary/octet-stream)
Respuesta
  • A. Kernel
  • B. TCB
  • C. Security perimeter
  • D. User execution

Pregunta 16

Pregunta
Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
Respuesta
  • A. MD5
  • B. 3DES
  • C. PGP
  • D. WPA2

Pregunta 17

Pregunta
What action can you take to prevent accidental data disclosure due to wear leveling on an SSD device before reusing the drive?
Respuesta
  • A. Reformatting
  • B. Disk encryption
  • C. Degaussing
  • D. Physical destruction

Pregunta 18

Pregunta
Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
Respuesta
  • A. Chosen ciphertext
  • B. Chosen plaintext
  • C. Known plaintext
  • D. Brute force

Pregunta 19

Pregunta
A hacker recently violated the integrity of data in James’s company by modifying a file using a precise timing attack. The attacker waited until James verified the integrity of a file’s contents using a hash value and then modified the file between the time that James verified the integrity and read the contents of the file. What type of attack took place?
Respuesta
  • A. Social engineering
  • B. TOCTOU
  • C. Data diddling
  • D. Parameter checking

Pregunta 20

Pregunta
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
Respuesta
  • A. X.509
  • B. TLS
  • C. SSL
  • D. 802.1x

Pregunta 21

Pregunta
What is the minimum fence height that makes a fence difficult to climb easily, deterring most intruders?
Respuesta
  • A. 3 feet
  • B. 4 feet
  • C. 5 feet
  • D. 6 feet

Pregunta 22

Pregunta
Johnson Widgets strictly limits access to total sales volume information, classifying it as a competitive secret. However, shipping clerks have unrestricted access to order records to facilitate transaction completion. A shipping clerk recently pulled all of the individual sales records for a quarter and totaled them up to determine the total sales volume. What type of attack occurred?
Respuesta
  • A. Social engineering
  • B. Inference
  • C. Aggregation
  • D. Data diddling

Pregunta 23

Pregunta
What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment?
Respuesta
  • A. Faraday cage
  • B. Copper-infused windows
  • C. Shielded cabling
  • D. White noise

Pregunta 24

Pregunta
In a software as a service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place to protect the application?
Respuesta
  • A. Customer’s security team
  • B. Vendor
  • C. Customer’s networking team
  • D. Customer’s infrastructure management team

Pregunta 25

Pregunta
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. Which one of the following rules is not shown in the rulebase but will be enforced by the firewall?
Image:
11 (binary/octet-stream)
Respuesta
  • A. Stealth
  • B. Implicit deny
  • C. Connection proxy
  • D. Egress filter

Pregunta 26

Pregunta
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What type of server is running at IP address 10.1.0.26?
Image:
11 (binary/octet-stream)
Respuesta
  • A. Email
  • B. Web
  • C. FTP
  • D. Database

Pregunta 27

Pregunta
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. The system at 15.246.10.1 attempts HTTP and HTTPS connections to the web server running at 10.1.0.50. Which one of the following statements is true about that connection?
Image:
11 (binary/octet-stream)
Respuesta
  • A. Both connections will be allowed.
  • B. Both connections will be blocked.
  • C. The HTTP connection will be allowed, and the HTTPS connection will be blocked.
  • D. The HTTP connection will be blocked, and the HTTPS connection will be allowed.

Pregunta 28

Pregunta
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What value should be used to fill in the source port for rule #3?
Image:
11 (binary/octet-stream)
Respuesta
  • A. 25
  • B. 465
  • C. 80
  • D. Any

Pregunta 29

Pregunta
Data streams occur at what three layers of the OSI model?
Respuesta
  • A. Application, Presentation, and Session
  • B. Presentation, Session, and Transport
  • C. Physical, Data Link, and Network
  • D. Data Link, Network, and Transport

Pregunta 30

Pregunta
Chris needs to design a firewall architecture that can support a DMZ, a database, and a private internal network in a secure manner that separates each function. What type of design should he use, and how many firewalls does he need?
Respuesta
  • A. A four-tier firewall design with two firewalls
  • B. A two-tier firewall design with three firewalls
  • C. A three-tier firewall design with at least one firewall
  • D. A single-tier firewall design with three firewalls

Pregunta 31

Pregunta
A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer’s account. What type of biometric factor error occurred?
Respuesta
  • A. A registration error
  • B. A Type 1 error
  • C. A Type 2 error
  • D. A time of use, method of use error

Pregunta 32

Pregunta
What type of access control is typically used by firewalls?
Respuesta
  • A. Discretionary access controls
  • B. Rule-based access controls
  • C. Task-based access control
  • D. Mandatory access controls

Pregunta 33

Pregunta
When you input a user ID and password, you are performing what important identity and access management activity?
Respuesta
  • A. Authorization
  • B. Validation
  • C. Authentication
  • D. Login

Pregunta 34

Pregunta
During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely running on those ports?
Respuesta
  • A. SSH and FTP
  • B. FTP and Telnet
  • C. SMTP and Telnet
  • D. POP3 and SMTP

Pregunta 35

Pregunta
Saria’s team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?
Respuesta
  • A. Crystal box
  • B. Gray box
  • C. White box
  • D. Black box

Pregunta 36

Pregunta
What method is commonly used to assess how well software testing covered the potential uses of an application?
Respuesta
  • A. A test coverage analysis
  • B. A source code review
  • C. A fuzz analysis
  • D. A code review report

Pregunta 37

Pregunta
Testing that is focused on functions that a system should not allow are an example of what type of testing?
Respuesta
  • A. Use case testing
  • B. Manual testing
  • C. Misuse case testing
  • D. Dynamic testing

Pregunta 38

Pregunta
What type of monitoring uses simulated traffic to a website to monitor performance?
Respuesta
  • A. Log analysis
  • B. Synthetic monitoring
  • C. Passive monitoring
  • D. Simulated transaction analysis

Pregunta 39

Pregunta
Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?
Respuesta
  • A. Path disclosure
  • B. Local file inclusion
  • C. Race condition
  • D. Buffer overflow

Pregunta 40

Pregunta
Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using?
Respuesta
  • A. A port scanner
  • B. A service validator
  • C. A vulnerability scanner
  • D. A patch management tool

Pregunta 41

Pregunta
Mark is considering replacing his organization’s customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark’s company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?
Respuesta
  • A. IaaS
  • B. CaaS
  • C. PaaS
  • D. SaaS

Pregunta 42

Pregunta
Which one of the following information sources is useful to security administrators seeking a list of information security vulnerabilities in applications, devices, and operating systems?
Respuesta
  • A. OWASP
  • B. Bugtraq
  • C. Microsoft Security Bulletins
  • D. CVE

Pregunta 43

Pregunta
Which of the following would normally be considered an example of a disaster when performing disaster recovery planning? I. Hacking incident II. Flood III. Fire IV. Terrorism
Respuesta
  • A. II and III only
  • B. I and IV only
  • C. II, III, and IV only
  • D. I, II, III, and IV

Pregunta 44

Pregunta
Glenda would like to conduct a disaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information system activities and as minimal a commitment of time as possible. What type of test should she choose?
Respuesta
  • A. Tabletop exercise
  • B. Parallel test
  • C. Full interruption test
  • D. Checklist review

Pregunta 45

Pregunta
Which one of the following is not an example of a backup tape rotation scheme?
Respuesta
  • A. Grandfather/Father/Son
  • B. Meet in the middle
  • C. Tower of Hanoi
  • D. Six Cartridge Weekly

Pregunta 46

Pregunta
Victor created a database table that contains information on his organization’s employees. The table contains the employee’s user ID, three different telephone number fields (home, work, and mobile), the employee’s office location, and the employee’s job title. There are 16 records in the table. What is the degree of this table?
Respuesta
  • A. 3
  • B. 4
  • C. 6
  • D. 16

Pregunta 47

Pregunta
Carrie is analyzing the application logs for her web-based application and comes across the following string: ../../../../../../../../../etc/passwd What type of attack was likely attempted against Carrie’s application?
Respuesta
  • A. Command injection
  • B. Session hijacking
  • C. Directory traversal
  • D. Brute force

Pregunta 48

Pregunta
When should a design review take place when following an SDLC approach to software development?
Respuesta
  • A. After the code review
  • B. After user acceptance testing
  • C. After the development of functional requirements
  • D. After the completion of unit testing

Pregunta 49

Pregunta
Tracy is preparing to apply a patch to her organization’s enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning?
Respuesta
  • A. Unit testing
  • B. Acceptance testing
  • C. Regression testing
  • D. Vulnerability testing

Pregunta 50

Pregunta
What term is used to describe the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner?
Respuesta
  • A. Validation
  • B. Accreditation
  • C. Confidence interval
  • D. Assurance
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Los reyes católicos: La integración de las coronas
maya velasquez
TEST ESTRUCTURA ATÓMICA
VICTOR MANUEL VITORIA RUIZ
ESTEQUIOMETRIA EN REACCIONES QUIMICAS
mabllynn
Modelos Atómicos
Raúl Fox
Terminología
Jess Chiquin
CIUDADES I...
JL Cadenas
TEORÍA DE LA PERSONALIDAD según Freud
Erika Alexandra 1467
Diferencias entre la Química y Física
maya velasquez
Choose the most suitable future form in each sentence
Margarita Beatriz Vicente Aparicio
TIPOS DE MATRICES
Balta Estevan Herrero
MISILACOS BRAVO SUBNORMAE
Donuts Donettes
Explorar la Librería