Copiar e Editar

Quix2 - 50Q

Descrição

Good Luck! :D
Requiemdust Sheena
Quiz por Requiemdust Sheena, atualizado more than 1 year ago
Requiemdust Sheena
Criado por Requiemdust Sheena mais de 4 anos atrás
135
0
1

Resumo de Recurso

Questão 1

Questão
What is the formula used to determine risk?
Responda
  • A. Risk = Threat * Vulnerability
  • B. Risk = Threat / Vulnerability
  • C. Risk = Asset * Threat
  • D. Risk = Asset / Threat

Questão 2

Questão
The following graphic shows the NIST risk management framework with step 4 missing. What is the missing step?
Image:
8 (binary/octet-stream)
Responda
  • A. Assess security controls.
  • B. Determine control gaps.
  • C. Remediate control gaps.
  • D. Evaluate user activity.

Questão 3

Questão
HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?
Responda
  • A. Risk mitigation
  • B. Risk acceptance
  • C. Risk transference
  • D. Risk avoidance

Questão 4

Questão
Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce?
Responda
  • A. Availability
  • B. Denial
  • C. Confidentiality
  • D. Integrity

Questão 5

Questão
Which one of the following components should be included in an organization’s emergency response guidelines?
Responda
  • A. List of individuals who should be notified of an emergency incident
  • B. Long-term business continuity protocols
  • C. Activation procedures for the organization’s cold sites
  • D. Contact information for ordering equipment

Questão 6

Questão
Who is the ideal person to approve an organization’s business continuity plan?
Responda
  • A. Chief information officer
  • B. Chief executive officer
  • C. Chief information security officer
  • D. Chief operating officer

Questão 7

Questão
Which of the following is not one of the European Union’s General Data Protection Regulation (GDPR) principles?
Responda
  • A. Information must be processed fairly.
  • B. Information must be deleted within one year of acquisition.
  • C. Information must be maintained securely.
  • D. Information must be accurate.

Questão 8

Questão
Ben’s company, which is based in the European Union, hires a thirdparty organization that processes data for it. Who has responsibility to protect the privacy of the data and ensure that it isn’t used for anything other than its intended purpose?
Responda
  • A. Ben’s company is responsible.
  • B. The third-party data processor is responsible.
  • C. The data controller is responsible.
  • D. Both organizations bear equal responsibility.

Questão 9

Questão
When a computer is removed from service and disposed of, the process that ensures that all storage media has been removed or destroyed is known as what?
Responda
  • A. Sanitization
  • B. Purging
  • C. Destruction
  • D. Declassification

Questão 10

Questão
Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme?
Responda
  • A. 3DES
  • B. AES
  • C. Diffie–Hellman
  • D. Blowfish

Questão 11

Questão
Susan works in an organization that labels all removable media with the classification level of the data it contains, including public data. Why would Susan’s employer label all media instead of labeling only the media that contains data that could cause harm if it was exposed?
Responda
  • A. It is cheaper to order all prelabeled media
  • B. It prevents sensitive media from not being marked by mistake.
  • C. It prevents reuse of public media for sensitive data.
  • D. Labeling all media is required by HIPAA.

Questão 12

Questão
Data stored in RAM is best characterized as what type of data?
Responda
  • A. Data at rest
  • B. Data in use
  • C. Data in transit
  • D. Data at large

Questão 13

Questão
Rhonda is considering the use of new identification cards for physical access control in her organization. She comes across a military system that uses the card shown here. What type of card is this?
Image:
9 (binary/octet-stream)
Responda
  • A. Smart card
  • B. Proximity card
  • C. Magnetic stripe card
  • D. Phase three card

Questão 14

Questão
Gordon is concerned about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in his facility. What technology would protect against this type of attack?
Responda
  • A. TCSEC
  • B. SCSI
  • C. GHOST
  • D. TEMPEST

Questão 15

Questão
In the diagram shown here of security boundaries within a computer system, what component’s name has been replaced with XXX?
Image:
10 (binary/octet-stream)
Responda
  • A. Kernel
  • B. TCB
  • C. Security perimeter
  • D. User execution

Questão 16

Questão
Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
Responda
  • A. MD5
  • B. 3DES
  • C. PGP
  • D. WPA2

Questão 17

Questão
What action can you take to prevent accidental data disclosure due to wear leveling on an SSD device before reusing the drive?
Responda
  • A. Reformatting
  • B. Disk encryption
  • C. Degaussing
  • D. Physical destruction

Questão 18

Questão
Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
Responda
  • A. Chosen ciphertext
  • B. Chosen plaintext
  • C. Known plaintext
  • D. Brute force

Questão 19

Questão
A hacker recently violated the integrity of data in James’s company by modifying a file using a precise timing attack. The attacker waited until James verified the integrity of a file’s contents using a hash value and then modified the file between the time that James verified the integrity and read the contents of the file. What type of attack took place?
Responda
  • A. Social engineering
  • B. TOCTOU
  • C. Data diddling
  • D. Parameter checking

Questão 20

Questão
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
Responda
  • A. X.509
  • B. TLS
  • C. SSL
  • D. 802.1x

Questão 21

Questão
What is the minimum fence height that makes a fence difficult to climb easily, deterring most intruders?
Responda
  • A. 3 feet
  • B. 4 feet
  • C. 5 feet
  • D. 6 feet

Questão 22

Questão
Johnson Widgets strictly limits access to total sales volume information, classifying it as a competitive secret. However, shipping clerks have unrestricted access to order records to facilitate transaction completion. A shipping clerk recently pulled all of the individual sales records for a quarter and totaled them up to determine the total sales volume. What type of attack occurred?
Responda
  • A. Social engineering
  • B. Inference
  • C. Aggregation
  • D. Data diddling

Questão 23

Questão
What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment?
Responda
  • A. Faraday cage
  • B. Copper-infused windows
  • C. Shielded cabling
  • D. White noise

Questão 24

Questão
In a software as a service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place to protect the application?
Responda
  • A. Customer’s security team
  • B. Vendor
  • C. Customer’s networking team
  • D. Customer’s infrastructure management team

Questão 25

Questão
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. Which one of the following rules is not shown in the rulebase but will be enforced by the firewall?
Image:
11 (binary/octet-stream)
Responda
  • A. Stealth
  • B. Implicit deny
  • C. Connection proxy
  • D. Egress filter

Questão 26

Questão
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What type of server is running at IP address 10.1.0.26?
Image:
11 (binary/octet-stream)
Responda
  • A. Email
  • B. Web
  • C. FTP
  • D. Database

Questão 27

Questão
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. The system at 15.246.10.1 attempts HTTP and HTTPS connections to the web server running at 10.1.0.50. Which one of the following statements is true about that connection?
Image:
11 (binary/octet-stream)
Responda
  • A. Both connections will be allowed.
  • B. Both connections will be blocked.
  • C. The HTTP connection will be allowed, and the HTTPS connection will be blocked.
  • D. The HTTP connection will be blocked, and the HTTPS connection will be allowed.

Questão 28

Questão
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What value should be used to fill in the source port for rule #3?
Image:
11 (binary/octet-stream)
Responda
  • A. 25
  • B. 465
  • C. 80
  • D. Any

Questão 29

Questão
Data streams occur at what three layers of the OSI model?
Responda
  • A. Application, Presentation, and Session
  • B. Presentation, Session, and Transport
  • C. Physical, Data Link, and Network
  • D. Data Link, Network, and Transport

Questão 30

Questão
Chris needs to design a firewall architecture that can support a DMZ, a database, and a private internal network in a secure manner that separates each function. What type of design should he use, and how many firewalls does he need?
Responda
  • A. A four-tier firewall design with two firewalls
  • B. A two-tier firewall design with three firewalls
  • C. A three-tier firewall design with at least one firewall
  • D. A single-tier firewall design with three firewalls

Questão 31

Questão
A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer’s account. What type of biometric factor error occurred?
Responda
  • A. A registration error
  • B. A Type 1 error
  • C. A Type 2 error
  • D. A time of use, method of use error

Questão 32

Questão
What type of access control is typically used by firewalls?
Responda
  • A. Discretionary access controls
  • B. Rule-based access controls
  • C. Task-based access control
  • D. Mandatory access controls

Questão 33

Questão
When you input a user ID and password, you are performing what important identity and access management activity?
Responda
  • A. Authorization
  • B. Validation
  • C. Authentication
  • D. Login

Questão 34

Questão
During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely running on those ports?
Responda
  • A. SSH and FTP
  • B. FTP and Telnet
  • C. SMTP and Telnet
  • D. POP3 and SMTP

Questão 35

Questão
Saria’s team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?
Responda
  • A. Crystal box
  • B. Gray box
  • C. White box
  • D. Black box

Questão 36

Questão
What method is commonly used to assess how well software testing covered the potential uses of an application?
Responda
  • A. A test coverage analysis
  • B. A source code review
  • C. A fuzz analysis
  • D. A code review report

Questão 37

Questão
Testing that is focused on functions that a system should not allow are an example of what type of testing?
Responda
  • A. Use case testing
  • B. Manual testing
  • C. Misuse case testing
  • D. Dynamic testing

Questão 38

Questão
What type of monitoring uses simulated traffic to a website to monitor performance?
Responda
  • A. Log analysis
  • B. Synthetic monitoring
  • C. Passive monitoring
  • D. Simulated transaction analysis

Questão 39

Questão
Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?
Responda
  • A. Path disclosure
  • B. Local file inclusion
  • C. Race condition
  • D. Buffer overflow

Questão 40

Questão
Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using?
Responda
  • A. A port scanner
  • B. A service validator
  • C. A vulnerability scanner
  • D. A patch management tool

Questão 41

Questão
Mark is considering replacing his organization’s customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark’s company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?
Responda
  • A. IaaS
  • B. CaaS
  • C. PaaS
  • D. SaaS

Questão 42

Questão
Which one of the following information sources is useful to security administrators seeking a list of information security vulnerabilities in applications, devices, and operating systems?
Responda
  • A. OWASP
  • B. Bugtraq
  • C. Microsoft Security Bulletins
  • D. CVE

Questão 43

Questão
Which of the following would normally be considered an example of a disaster when performing disaster recovery planning? I. Hacking incident II. Flood III. Fire IV. Terrorism
Responda
  • A. II and III only
  • B. I and IV only
  • C. II, III, and IV only
  • D. I, II, III, and IV

Questão 44

Questão
Glenda would like to conduct a disaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information system activities and as minimal a commitment of time as possible. What type of test should she choose?
Responda
  • A. Tabletop exercise
  • B. Parallel test
  • C. Full interruption test
  • D. Checklist review

Questão 45

Questão
Which one of the following is not an example of a backup tape rotation scheme?
Responda
  • A. Grandfather/Father/Son
  • B. Meet in the middle
  • C. Tower of Hanoi
  • D. Six Cartridge Weekly

Questão 46

Questão
Victor created a database table that contains information on his organization’s employees. The table contains the employee’s user ID, three different telephone number fields (home, work, and mobile), the employee’s office location, and the employee’s job title. There are 16 records in the table. What is the degree of this table?
Responda
  • A. 3
  • B. 4
  • C. 6
  • D. 16

Questão 47

Questão
Carrie is analyzing the application logs for her web-based application and comes across the following string: ../../../../../../../../../etc/passwd What type of attack was likely attempted against Carrie’s application?
Responda
  • A. Command injection
  • B. Session hijacking
  • C. Directory traversal
  • D. Brute force

Questão 48

Questão
When should a design review take place when following an SDLC approach to software development?
Responda
  • A. After the code review
  • B. After user acceptance testing
  • C. After the development of functional requirements
  • D. After the completion of unit testing

Questão 49

Questão
Tracy is preparing to apply a patch to her organization’s enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning?
Responda
  • A. Unit testing
  • B. Acceptance testing
  • C. Regression testing
  • D. Vulnerability testing

Questão 50

Questão
What term is used to describe the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner?
Responda
  • A. Validation
  • B. Accreditation
  • C. Confidence interval
  • D. Assurance

Quer criar seus próprios Quizzes gratuitos com a GoConqr? Saiba mais.

Semelhante

Alemão Básico
MarisaS
Como Estudar Matemática
Alessandra S.
Apresentação em Inglês
GoConqr suporte .
Tempos Verbais - Português
GoConqr suporte .
Fontes e princípios do direito do trabalho
Natthan Réryson
Mitose
Igor -
Gute Gewohnheiten erfolgreicher Schüler
miminoma
Normas Regulamentadoras de Segurança e Saúde do Trabalho (NR)
Edson Baal
Reading IELTS Vocabulary
Caio Uechi
Tipos: Reprodução
Andrea Barreto M. Da Poça
O Governo-Geral Brasil colônia
jacson luft
Explore a Biblioteca