Copiar e Editar

Quix6 - D3 - 50Q

Descrição

Good Luck!
Requiemdust Sheena
Quiz por Requiemdust Sheena, atualizado more than 1 year ago
Requiemdust Sheena
Criado por Requiemdust Sheena aproximadamente 4 anos atrás
175
0
1

Resumo de Recurso

Questão 1

Questão
Grace would like to implement application control technology in her organization. Users often need to install new applications for research and testing purposes, and she does not want to interfere with that process. At the same time, she would like to block the use of known malicious software. What type of application control would be appropriate in this situation?
Responda
  • A. Blacklisting
  • B. Graylisting
  • C. Whitelisting
  • D. Bluelisting

Questão 2

Questão
Warren is designing a physical intrusion detection system for his data center and wants to include technology that issues an alert if the communications lines for the alarm system are unexpectedly cut. What technology would meet this requirement?
Responda
  • A. Heartbeat sensor
  • B. Emanation security
  • C. Motion detector
  • D. Faraday cage

Questão 3

Questão
John and Gary are negotiating a business transaction, and John must demonstrate to Gary that he has access to a system. He engages in an electronic version of the “magic door” scenario shown here. What technique is John using?
Image:
22 (binary/octet-stream)
Responda
  • A. Split-knowledge proof
  • B. Zero-knowledge proof
  • C. Logical proof
  • D. Mathematical proof

Questão 4

Questão
Raj is selecting an encryption algorithm for use in his organization and would like to be able to vary the strength of the encryption with the sensitivity of the information. Which one of the following algorithms allows the use of different key strengths?
Responda
  • A. Blowfish
  • B. DES
  • C. Skipjack
  • D. IDEA

Questão 5

Questão
Referring to the fire triangle shown here, which one of the following suppression materials attacks a fire by removing the fuel source?
Image:
23 (binary/octet-stream)
Responda
  • A. Water
  • B. Soda acid
  • C. Carbon dioxide
  • D. Halon

Questão 6

Questão
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
Responda
  • A. RSA
  • B. DES
  • C. AES
  • D. Blowfish

Questão 7

Questão
Laura is responsible for securing her company’s web-based applications and wishes to conduct an educational program for developers on common web application security vulnerabilities. Where can she turn for a concise listing of the most common web application issues?
Responda
  • A. CVE
  • B. NSA
  • C. OWASP
  • D. CSA

Questão 8

Questão
The Bell-LaPadula and Biba models implement state machines in a fashion that uses what specific state machine model?
Responda
  • A. Information flow
  • B. Noninterference
  • C. Cascading
  • D. Feedback

Questão 9

Questão
The ___________ of a process consist(s) of the limits set on the memory addresses and resources that the process may access.
Responda
  • A. Perimeter
  • B. Confinement limits
  • C. Metes
  • D. Bounds

Questão 10

Questão
What type of motion detector senses changes in the electromagnetic fields in monitored areas?
Responda
  • A. Infrared
  • B. Wave pattern
  • C. Capacitance
  • D. Photoelectric

Questão 11

Questão
Which one of the following fire suppression systems uses a suppressant that is no longer manufactured due to environmental concerns?
Responda
  • A. FM-200
  • B. Argon
  • C. Inergen
  • D. Halon

Questão 12

Questão
Which one of the following statements is correct about the Biba model of access control?
Responda
  • A. It addresses confidentiality and integrity.
  • B. It addresses integrity and availability.
  • C. It prevents covert channel attacks.
  • D. It focuses on protecting objects from integrity threats.

Questão 13

Questão
In Transport Layer Security, what type of key is used to encrypt the actual content of communications between a web server and a client?
Responda
  • A. Ephemeral session key
  • B. Client’s public key
  • C. Server’s public key
  • D. Server’s private key

Questão 14

Questão
Beth would like to include technology in a secure area of her data center to protect against unwanted electromagnetic emanations. What technology would assist her with this goal?
Responda
  • A. Heartbeat sensor
  • B. Faraday cage
  • C. Piggybacking
  • D. WPA2

Questão 15

Questão
In a virtualized computing environment, what component is responsible for enforcing separation between guest machines?
Responda
  • A. Guest operating system
  • B. Hypervisor
  • C. Kernel
  • D. Protection manager

Questão 16

Questão
Rick is an application developer who works primarily in Python. He recently decided to evaluate a new service where he provides his Python code to a vendor who then executes it on their server environment. What type of cloud computing environment is this service?
Responda
  • A. SaaS
  • B. PaaS
  • C. IaaS
  • D. CaaS

Questão 17

Questão
A software company developed two systems that share information. System A provides information to the input of System B, which then reciprocates by providing information back to System A as input. What type of composition theory best describes this practice?
Responda
  • A. Cascading
  • B. Feedback
  • C. Hookup
  • D. Elementary

Questão 18

Questão
Tommy is planning to implement a power conditioning UPS for a rack of servers in his data center. Which one of the following conditions will the UPS be unable to protect against if it persists for an extended period of time?
Responda
  • A. Fault
  • B. Blackout
  • C. Sag
  • D. Noise

Questão 19

Questão
Which one of the following humidity values is within the acceptable range for a data center operation?
Responda
  • A. 0%
  • B. 10%
  • C. 25%
  • D. 40%

Questão 20

Questão
Chris is designing a cryptographic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. How many total keys will they need?
Responda
  • A. 500
  • B. 1,000
  • C. 2,000
  • D. 4,950

Questão 21

Questão
What term is used to describe the formal declaration by a designated approving authority (DAA) that an information technology (IT) system is approved to operate in a specific environment?
Responda
  • A. Certification
  • B. Accreditation
  • C. Evaluation
  • D. Approval

Questão 22

Questão
Object-oriented programming languages use a black box approach to development, where users of an object do not necessarily need to know the object’s implementation details. What term is used to describe this concept?
Responda
  • A. Layering
  • B. Abstraction
  • C. Data hiding
  • D. Process isolation

Questão 23

Questão
Todd wants to add a certificate to a certificate revocation list. What element of the certificate goes on the list?
Responda
  • A. Serial number
  • B. Public key
  • C. Digital signature
  • D. Private key

Questão 24

Questão
Alison is examining a digital certificate presented to her by her bank’s website. Which one of the following requirements is not necessary for her to trust the digital certificate?
Responda
  • A. She knows that the server belongs to the bank.
  • B. She trusts the certificate authority.
  • C. She verifies that the certificate is not listed on a CRL.
  • D. She verifies the digital signature on the certificate.

Questão 25

Questão
Which one of the following is an example of a covert timing channel when used to exfiltrate information from an organization?
Responda
  • A. Sending an electronic mail message
  • B. Posting a file on a peer-to-peer file sharing service
  • C. Typing with the rhythm of Morse code
  • D. Writing data to a shared memory space

Questão 26

Questão
Which one of the following would be a reasonable application for the use of self-signed digital certificates?
Responda
  • A. E-commerce website
  • B. Banking application
  • C. Internal scheduling application
  • D. Customer portal

Questão 27

Questão
Mike has been tasked with preventing an outbreak of malware like Mirai. What type of systems should be protected in his organization?
Responda
  • A. Servers
  • B. SCADA
  • C. Mobile devices
  • D. Internet of Things (IoT) devices

Questão 28

Questão
A component failure in the primary HVAC system leads to a high temperature alarm in the data center that Kim manages. After resolving the issue, what should Kim consider to prevent future issues like this?
Responda
  • A. A closed loop chiller
  • B. Redundant cooling systems
  • C. Swamp coolers
  • D. Relocating the data center to a colder climate

Questão 29

Questão
As part of his team’s forensic investigation process, Matt signs drives and other evidence out of storage before working with them. What type of documentation is he creating?
Responda
  • A. Criminal
  • B. Chain of custody
  • C. Civil
  • D. CYA

Questão 30

Questão
Lauren implements ASLR to help prevent system compromises. What technique has she used to protect her system?
Responda
  • A. Encryption
  • B. Mandatory access control
  • C. Memory address randomization
  • D. Discretionary access control

Questão 31

Questão
During a system audit, Casey notices that the private key for her organization’s web server has been stored in a public Amazon S3 storage bucket for more than a year. What should she do?
Responda
  • A. Remove the key from the bucket
  • B. Notify all customers that their data may have been exposed
  • C. Request a new certificate using a new key
  • D. Nothing, because the private key should be accessible for validation

Questão 32

Questão
Joanna wants to review the status of the industrial control systems her organization uses for building control. What type of systems should she inquire about access to?
Responda
  • A. SCADA
  • B. DSS
  • C. BAS
  • D. ICS-CSS

Questão 33

Questão
After scanning all of the systems on his wireless network, Mike notices that one system is identified as an iOS device running a massively out-of-date version of Apple’s mobile operating system. When he investigates further, he discovers that the device is an original iPad and that it cannot be updated to a current secure version of the operating system. What should Mike recommend?
Responda
  • A. Retire or replace the device
  • B. Isolate the device on a dedicated wireless network
  • C. Install a firewall on the tablet
  • D. Reinstall the OS

Questão 34

Questão
During a third-party vulnerability scan and security test, Danielle’s employer recently discovered that the embedded systems that were installed to manage her company’s new buildings have a severe remote access vulnerability. The manufacturer has gone out of business, and there is no patch or update for the devices. What should Danielle recommend that her employer do about the hundreds of devices that are vulnerable?
Responda
  • A. Identify a replacement device model and replace every device
  • B. Turn off all of the devices
  • C. Move the devices to a secured network segment
  • D. Reverse engineer the devices and build an in-house patch

Questão 35

Questão
Alex’s employer creates most of their work output as PDF files. Alex is concerned about limiting the audience for the PDF files to those individuals who have paid for them. What technology can he use to most effectively control the access to and distribution of these files?
Responda
  • A. EDM
  • B. Encryption
  • C. Digital signatures
  • D. DRM

Questão 36

Questão
Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users’ access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme’s competitors. What security model best fits Matthew’s needs?
Responda
  • A. Clark-Wilson
  • B. Biba
  • C. Bell-LaPadula
  • D. Brewer-Nash

Questão 37

Questão
Referring to the figure shown here, what is the earliest stage of a fire where it is possible to use detection technology to identify it?
Image:
24 (binary/octet-stream)
Responda
  • A. Incipient
  • B. Smoke
  • C. Flame
  • D. Heat

Questão 38

Questão
Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs?
Responda
  • A. CCTV
  • B. IPS
  • C. Turnstiles
  • D. Faraday cages

Questão 39

Questão
Harry would like to retrieve a lost encryption key from a database that uses m of n control, with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?
Responda
  • A. 2
  • B. 4
  • C. 8
  • D. 12

Questão 40

Questão
Fran’s company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering?
Responda
  • A. SaaS
  • B. IaaS
  • C. CaaS
  • D. PaaS

Questão 41

Questão
Bob is a security administrator with the federal government and wishes to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
Responda
  • A. DSA
  • B. HAVAL
  • C. RSA
  • D. ECDSA

Questão 42

Questão
Harry would like to access a document owned by Sally and stored on a file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request?
Responda
  • A. Harry
  • B. Sally
  • C. Server
  • D. Document

Questão 43

Questão
Michael is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?
Responda
  • A. Keep the website offline until the investigation is complete.
  • B. Take the virtualization platform offline as evidence.
  • C. Take a snapshot of the compromised system and use that for the investigation.
  • D. Ignore the incident and focus on quickly restoring the website.

Questão 44

Questão
Helen is a software engineer and is developing code that she would like to restrict to running within an isolated sandbox for security purposes. What software development technique is Helen using?
Responda
  • A. Bounds
  • B. Input validation
  • C. Confinement
  • D. TCB

Questão 45

Questão
What concept describes the degree of confidence that an organization has that its controls satisfy security requirements?
Responda
  • A. Trust
  • B. Credentialing
  • C. Verification
  • D. Assurance

Questão 46

Questão
What type of security vulnerability are developers most likely to introduce into code when they seek to facilitate their own access, for testing purposes, to software they developed?
Responda
  • A. Maintenance hook
  • B. Cross-site scripting
  • C. SQL injection
  • D. Buffer overflow

Questão 47

Questão
In the figure shown here, Sally is blocked from reading the file due to the Biba integrity model. Sally has a Secret security clearance, and the file has a Confidential classification. What principle of the Biba model is being enforced?
Responda
  • A. Simple Security Property
  • B. Simple Integrity Property
  • C. *-Security Property
  • D. *-Integrity Property

Questão 48

Questão
Tom is responsible for maintaining the security of systems used to control industrial processes located within a power plant. What term is used to describe these systems?
Responda
  • A. POWER
  • B. SCADA
  • C. HAVAL
  • D. COBOL

Questão 49

Questão
Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?
Responda
  • A. TCB
  • B. TPM
  • C. NIACAP
  • D. RSA

Questão 50

Questão
Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?
Responda
  • A. MD5
  • B. 3DES
  • C. SHA1
  • D. SHA 256

Quer criar seus próprios Quizzes gratuitos com a GoConqr? Saiba mais.

Semelhante

CINÉTICA QUÍMICA
Yani
Direito Administrativo - Visão Geral
tiago meira de almeida
Vocabulário de Geografia
Alessandra S.
Direito Civil - Personalidade Jurídica
Lucas Ávila
Os processos de gestão de pessoas
brunocmt
Princípios da Administração pública
Jay Benedicto
Mapa Conceitual
ana.gazzola
Geografia - Cartografia
Jessica Caroline de Macedo
Grupos de GoConqr - Guia do usuário
GoConqr suporte .
Questões de Sais Minerais
Camila Carolina
Sistema Único de Saúde
Vanessa Campos
Explore a Biblioteca