Quix12 - 50Q

Descrição

Good Luck!
Requiemdust Sheena
Quiz por Requiemdust Sheena, atualizado more than 1 year ago
Requiemdust Sheena
Criado por Requiemdust Sheena mais de 4 anos atrás
275
0

Resumo de Recurso

Questão 1

Questão
NIST SP800-53 discusses a set of security controls as what type of security tool?
Responda
  • A. A configuration list
  • B. A threat management strategy
  • C. A baseline
  • D. The CIS standard

Questão 2

Questão
Ed has been tasked with identifying a service that will provide a lowlatency, high-performance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer’s customers around the world can access their content quickly, easily, and reliably?
Responda
  • A. A hot site
  • B. A CDN
  • C. Redundant servers
  • D. A P2P CDN

Questão 3

Questão
Which one of the following is not a function of a forensic disk controller?
Responda
  • A. Preventing the modification of data on a storage device
  • B. Returning data requested from the device
  • C. Reporting errors sent by the device to the forensic host
  • D. Blocking read commands sent to the device

Questão 4

Questão
Mike is building a fault-tolerant server and wishes to implement RAID 1. How many physical disks are required to build this solution?
Responda
  • A. 1
  • B. 2
  • C. 3
  • D. 5

Questão 5

Questão
Which Kerberos service generates a new ticket and session keys and sends them to the client?
Responda
  • A. KDC
  • B. TGT
  • C. AS
  • D. TGS

Questão 6

Questão
Communication systems that rely on start and stop flags or bits to manage data transmission are known as what type of communication?
Responda
  • A. Analog
  • B. Digital
  • C. Synchronous
  • D. Asynchronous

Questão 7

Questão
What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders?
Responda
  • A. Infrared
  • B. Heat-based
  • C. Wave pattern
  • D. Capacitance

Questão 8

Questão
Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?
Responda
  • A. A static packet filtering firewall
  • B. An application-level gateway firewall
  • C. A stateful packet inspection firewall
  • D. A circuit-level gateway firewall

Questão 9

Questão
Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes?
Responda
  • A. WPA2 PSK
  • B. A captive portal
  • C. Require customers to use a publicly posted password like “BensCoffee.”
  • D. Port security

Questão 10

Questão
Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?
Responda
  • A. Run WPA2 on the same SSID.
  • B. Set up a separate SSID using WPA2.
  • C. Run the open network in Enterprise mode.
  • D. Set up a separate wireless network using WEP.

Questão 11

Questão
Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible?
Responda
  • A. The password is shared by all users, making traffic vulnerable.
  • B. A malicious user has installed a Trojan on the router.
  • C. A user has ARP spoofed the router, making all traffic broadcast to all users.
  • D. Open networks are unencrypted, making traffic easily sniffable.

Questão 12

Questão
Which one of the following is not a mode of operation for the Data Encryption Standard?
Responda
  • A. CBC
  • B. CFB
  • C. OFB
  • D. AES

Questão 13

Questão
Tom is tuning his security monitoring tools in an attempt to reduce the number of alerts received by administrators without missing important security events. He decides to configure the system to only report failed login attempts if there are five failed attempts to access the same account within a one-hour period of time. What term best describes the technique that Tom is using?
Responda
  • A. Thresholding
  • B. Sampling
  • C. Account lockout
  • D. Clipping

Questão 14

Questão
Sally has been tasked with deploying an authentication, authorization, and accounting server for wireless network services in her organization and needs to avoid using proprietary technology. What technology should she select?
Responda
  • A. OAuth
  • B. RADIUS
  • C. XTACACS
  • D. TACACS+

Questão 15

Questão
An accounting clerk for Christopher’s Cheesecakes does not have access to the salary information for individual employees but wanted to know the salary of a new hire. He pulled total payroll expenses for the pay period before the new person was hired and then pulled the same expenses for the following pay period. He computed the difference between those two amounts to determine the individual’s salary. What type of attack occurred?
Responda
  • A. Aggregation
  • B. Data diddling
  • C. Inference
  • D. Social engineering

Questão 16

Questão
Alice would like to have read permissions on an object and knows that Bob already has those rights and would like to give them to herself. Which one of the rules in the Take-Grant protection model would allow her to complete this operation if the relationship exists between Alice and Bob?
Responda
  • A. Take rule
  • B. Grant rule
  • C. Create rule
  • D. Remote rule

Questão 17

Questão
During a log review, Danielle discovers a series of logs that show login failures: Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaae What type of attack has Danielle discovered?
Responda
  • A. A pass-the-hash attack
  • B. A brute-force attack
  • C. A man-in-the-middle attack
  • D. A dictionary attack

Questão 18

Questão
What property of a relational database ensures that two executing transactions do not affect each other by storing interim results in the database?
Responda
  • A. Atomicity
  • B. Isolation
  • C. Consistency
  • D. Durability

Questão 19

Questão
Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with?
Responda
  • A. Virus
  • B. Worm
  • C. Trojan horse
  • D. Logic bomb

Questão 20

Questão
Which of the following is an industry standard for data security?
Responda
  • A. FERPA
  • B. HIPAA
  • C. SOX
  • D. PCI DSS

Questão 21

Questão
Which of the following sequences properly describes the TCP threeway handshake?
Responda
  • A. SYN, ACK, SYN/ACK
  • B. PSH, RST, ACK
  • C. SYN, SYN/ACK, ACK
  • D. SYN, RST, FIN

Questão 22

Questão
Which one of the following technologies is not normally a capability of mobile device management (MDM) solutions?
Responda
  • A. Remotely wiping the contents of a mobile device
  • B. Assuming control of a nonregistered BYOD mobile device
  • C. Enforcing the use of device encryption
  • D. Managing device backups

Questão 23

Questão
Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?
Responda
  • A. Identity as a service
  • B. Employee ID as a service
  • C. Intrusion detection as a service
  • D. OAuth

Questão 24

Questão
Gina recently took the CISSP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 code of ethics is most directly violated in this situation?
Responda
  • A. Advance and protect the profession.
  • B. Act honorably, honestly, justly, responsibly, and legally.
  • C. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • D. Provide diligent and competent service to principals.

Questão 25

Questão
Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified?
Responda
  • A. ALE
  • B. ARO
  • C. SLE
  • D. EF

Questão 26

Questão
Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation?
Responda
  • A. Blacklisting
  • B. Graylisting
  • C. Whitelisting
  • D. Bluelisting

Questão 27

Questão
Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusually high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place?
Responda
  • A. Denial of service
  • B. Reconaissance
  • C. Compromise
  • D. Malicious insider

Questão 28

Questão
In the database table shown here, which column would be the best candidate for a primary key?
Responda
  • A. Company ID
  • B. Company Name
  • C. ZIP Code
  • D. Sales Rep

Questão 29

Questão
Jesse is looking at the /etc/passwd file on a system configured to use shadowed passwords. What should she expect to see in the password field of this file?
Responda
  • A. Plaintext passwords
  • B. Encrypted passwords
  • C. Hashed passwords
  • D. x

Questão 30

Questão
Bob is configuring egress filtering on his network, examining traffic destined for the Internet. His organization uses the public address range 12.8.195.0/24. Packets with which one of the following destination addresses should Bob permit to leave the network?
Responda
  • A. 12.8.195.15
  • B. 10.8.15.9
  • C. 192.168.109.55
  • D. 129.53.44.124

Questão 31

Questão
How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys?
Responda
  • A. 12
  • B. 16
  • C. 32
  • D. 64

Questão 32

Questão
What problem drives the recommendation to physically destroy SSD drives to prevent data leaks when they are retired?
Responda
  • A. Degaussing only partially wipes the data on SSDs.
  • B. SSDs don’t have data remanence.
  • C. SSDs are unable to perform a zero fill.
  • D. The built-in erase commands are not completely effective on some SSDs.

Questão 33

Questão
GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy?
Responda
  • A. Encrypting the files
  • B. Deleting the files
  • C. Purchasing cyber-liability insurance
  • D. Taking no action

Questão 34

Questão
How should samples be generated when assessing account management practices?
Responda
  • A. They should be generated by administrators.
  • B. The last 180 days of accounts should be validated.
  • C. Sampling should be conducted randomly.
  • D. Sampling is not effective, and all accounts should be audited.

Questão 35

Questão
The EU-U.S. Privacy Shield Framework relies on seven principles. Which of the following correctly lists all seven?
Responda
  • A. Awareness, selection, control, security, data integrity, access, recourse and enforcement
  • B. Notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse and enforcement
  • C. Privacy, security, control, notification, data integrity and purpose, access, enforcement
  • D. Submission, editing, updates, confidential, integrity, security, access

Questão 36

Questão
SYN floods rely on implementations of what protocol to cause denial of service conditions?
Responda
  • A. IGMP
  • B. UDP
  • C. TCP
  • D. ICMP

Questão 37

Questão
What type of log is shown in the figure?
Responda
  • A. Firewall log
  • B. Change log
  • C. Application log
  • D. System log

Questão 38

Questão
What principle states that an individual should make every effort to complete his or her responsibilities in an accurate and timely manner?
Responda
  • A. Least privilege
  • B. Separation of duties
  • C. Due care
  • D. Due diligence

Questão 39

Questão
When an attacker calls an organization’s help desk and persuades them to reset a password for them due to the help desk employee’s trust and willingness to help, what type of attack succeeded?
Responda
  • A. A human Trojan
  • B. Social engineering
  • C. Phishing
  • D. Whaling

Questão 40

Questão
When a user attempts to log into their online account, Google sends a text message with a code to their cell phone. What type of verification is this?
Responda
  • A. Knowledge-based authentication
  • B. Dynamic knowledge–based authentication
  • C. Out-of-band identity proofing
  • D. Risk-based identity proofing

Questão 41

Questão
What mathematical operation, when substituted for the blank lines shown here, would make the equations correct?
Responda
  • A. MOD
  • B. XOR
  • C. NAND
  • D. DIV

Questão 42

Questão
The organization that Ben works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. If availability of authentication services is the organization’s biggest priority, what type of identity platform should Ben recommend?
Responda
  • A. Onsite
  • B. Cloud based
  • C. Hybrid
  • D. Outsourced

Questão 43

Questão
The organization that Ben works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. If Ben needs to share identity information with the business partner shown, what should he investigate?
Responda
  • A. Single sign-on
  • B. Multifactor authentication
  • C. Federation
  • D. IDaaS

Questão 44

Questão
The organization that Ben works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 350-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. Ben has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Using the logical diagram shown here, answer the following questions about the identity recommendations Ben should make. What technology is likely to be involved when Ben’s organization needs to provide authentication and authorization assertions to their cloud e-commerce application?
Responda
  • A. Active Directory
  • B. SAML
  • C. RADIUS
  • D. SPML

Questão 45

Questão
Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables. Which one of the following techniques is specifically designed to frustrate the use of rainbow tables?
Responda
  • A. Password expiration policies
  • B. Salting
  • C. User education
  • D. Password complexity policies

Questão 46

Questão
Which one of the following is a single system designed to attract attackers because it seemingly contains sensitive information or other attractive resources?
Responda
  • A. Honeynet
  • B. Darknet
  • C. Honeypot
  • D. Pseudoflaw

Questão 47

Questão
When evaluating biometric devices, what is another term used to describe the equal error rate?
Responda
  • A. FAR
  • B. FRR
  • C. CER
  • D. EER

Questão 48

Questão
Cable modems, ISDN, and DSL are all examples of what type of technology?
Responda
  • A. Baseband
  • B. Broadband
  • C. Digital
  • D. Broadcast

Questão 49

Questão
Sean suspects that an individual in his company is smuggling out secret information despite his company’s careful use of data loss prevention systems. He discovers that the suspect is posting photos, including the one shown here, to public Internet message boards. What type of technique may the individuals be using to hide messages inside this image?
Responda
  • A. Watermarking
  • B. VPN
  • C. Steganography
  • D. Covert timing channel

Questão 50

Questão
Roger is concerned that a third-party firm hired to develop code for an internal application will embed a backdoor in the code. The developer retains rights to the intellectual property and will only deliver the software in its final form. Which one of the following languages would be least susceptible to this type of attack because it would provide Roger with code that is human-readable in its final form?
Responda
  • A. JavaScript
  • B. C
  • C. C++
  • D. Java

Semelhante

Orgão Coração Humano
Alessandra S.
história do brasil -periodo colonial
Day Almeida
Plano de Estudos com Mapas Mentais
Alessandra S.
NOÇÕES DE INFORMÁTICA
Viviana Veloso
Questionário - Tabela Periódica dos Elementos
corinasaldanha
Mapa Mental - Algoritmos e Programação
Marcos Santos2025
Nomenclatura de cadeias carbônicas com Grupos Funcionais
Laura Santiago
Normas Regulamentadoras de Segurança e Saúde do Trabalho (NR)
Edson Baal
Certo e Errado - Língua Portuguesa
Sérgio Britto
CONSTITUIÇÃO
Mateus de Souza
ACA - PARTE 1
Carlos Henrique Lima