Copy and Edit

Quix2 - 50Q

Description

Good Luck! :D
Requiemdust Sheena
Quiz by Requiemdust Sheena, updated more than 1 year ago
Requiemdust Sheena
Created by Requiemdust Sheena over 4 years ago
134
0
1

Resource summary

Question 1

Question
What is the formula used to determine risk?
Answer
  • A. Risk = Threat * Vulnerability
  • B. Risk = Threat / Vulnerability
  • C. Risk = Asset * Threat
  • D. Risk = Asset / Threat

Question 2

Question
The following graphic shows the NIST risk management framework with step 4 missing. What is the missing step?
Image:
8 (binary/octet-stream)
Answer
  • A. Assess security controls.
  • B. Determine control gaps.
  • C. Remediate control gaps.
  • D. Evaluate user activity.

Question 3

Question
HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?
Answer
  • A. Risk mitigation
  • B. Risk acceptance
  • C. Risk transference
  • D. Risk avoidance

Question 4

Question
Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce?
Answer
  • A. Availability
  • B. Denial
  • C. Confidentiality
  • D. Integrity

Question 5

Question
Which one of the following components should be included in an organization’s emergency response guidelines?
Answer
  • A. List of individuals who should be notified of an emergency incident
  • B. Long-term business continuity protocols
  • C. Activation procedures for the organization’s cold sites
  • D. Contact information for ordering equipment

Question 6

Question
Who is the ideal person to approve an organization’s business continuity plan?
Answer
  • A. Chief information officer
  • B. Chief executive officer
  • C. Chief information security officer
  • D. Chief operating officer

Question 7

Question
Which of the following is not one of the European Union’s General Data Protection Regulation (GDPR) principles?
Answer
  • A. Information must be processed fairly.
  • B. Information must be deleted within one year of acquisition.
  • C. Information must be maintained securely.
  • D. Information must be accurate.

Question 8

Question
Ben’s company, which is based in the European Union, hires a thirdparty organization that processes data for it. Who has responsibility to protect the privacy of the data and ensure that it isn’t used for anything other than its intended purpose?
Answer
  • A. Ben’s company is responsible.
  • B. The third-party data processor is responsible.
  • C. The data controller is responsible.
  • D. Both organizations bear equal responsibility.

Question 9

Question
When a computer is removed from service and disposed of, the process that ensures that all storage media has been removed or destroyed is known as what?
Answer
  • A. Sanitization
  • B. Purging
  • C. Destruction
  • D. Declassification

Question 10

Question
Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme?
Answer
  • A. 3DES
  • B. AES
  • C. Diffie–Hellman
  • D. Blowfish

Question 11

Question
Susan works in an organization that labels all removable media with the classification level of the data it contains, including public data. Why would Susan’s employer label all media instead of labeling only the media that contains data that could cause harm if it was exposed?
Answer
  • A. It is cheaper to order all prelabeled media
  • B. It prevents sensitive media from not being marked by mistake.
  • C. It prevents reuse of public media for sensitive data.
  • D. Labeling all media is required by HIPAA.

Question 12

Question
Data stored in RAM is best characterized as what type of data?
Answer
  • A. Data at rest
  • B. Data in use
  • C. Data in transit
  • D. Data at large

Question 13

Question
Rhonda is considering the use of new identification cards for physical access control in her organization. She comes across a military system that uses the card shown here. What type of card is this?
Image:
9 (binary/octet-stream)
Answer
  • A. Smart card
  • B. Proximity card
  • C. Magnetic stripe card
  • D. Phase three card

Question 14

Question
Gordon is concerned about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in his facility. What technology would protect against this type of attack?
Answer
  • A. TCSEC
  • B. SCSI
  • C. GHOST
  • D. TEMPEST

Question 15

Question
In the diagram shown here of security boundaries within a computer system, what component’s name has been replaced with XXX?
Image:
10 (binary/octet-stream)
Answer
  • A. Kernel
  • B. TCB
  • C. Security perimeter
  • D. User execution

Question 16

Question
Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
Answer
  • A. MD5
  • B. 3DES
  • C. PGP
  • D. WPA2

Question 17

Question
What action can you take to prevent accidental data disclosure due to wear leveling on an SSD device before reusing the drive?
Answer
  • A. Reformatting
  • B. Disk encryption
  • C. Degaussing
  • D. Physical destruction

Question 18

Question
Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
Answer
  • A. Chosen ciphertext
  • B. Chosen plaintext
  • C. Known plaintext
  • D. Brute force

Question 19

Question
A hacker recently violated the integrity of data in James’s company by modifying a file using a precise timing attack. The attacker waited until James verified the integrity of a file’s contents using a hash value and then modified the file between the time that James verified the integrity and read the contents of the file. What type of attack took place?
Answer
  • A. Social engineering
  • B. TOCTOU
  • C. Data diddling
  • D. Parameter checking

Question 20

Question
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
Answer
  • A. X.509
  • B. TLS
  • C. SSL
  • D. 802.1x

Question 21

Question
What is the minimum fence height that makes a fence difficult to climb easily, deterring most intruders?
Answer
  • A. 3 feet
  • B. 4 feet
  • C. 5 feet
  • D. 6 feet

Question 22

Question
Johnson Widgets strictly limits access to total sales volume information, classifying it as a competitive secret. However, shipping clerks have unrestricted access to order records to facilitate transaction completion. A shipping clerk recently pulled all of the individual sales records for a quarter and totaled them up to determine the total sales volume. What type of attack occurred?
Answer
  • A. Social engineering
  • B. Inference
  • C. Aggregation
  • D. Data diddling

Question 23

Question
What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment?
Answer
  • A. Faraday cage
  • B. Copper-infused windows
  • C. Shielded cabling
  • D. White noise

Question 24

Question
In a software as a service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place to protect the application?
Answer
  • A. Customer’s security team
  • B. Vendor
  • C. Customer’s networking team
  • D. Customer’s infrastructure management team

Question 25

Question
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. Which one of the following rules is not shown in the rulebase but will be enforced by the firewall?
Image:
11 (binary/octet-stream)
Answer
  • A. Stealth
  • B. Implicit deny
  • C. Connection proxy
  • D. Egress filter

Question 26

Question
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What type of server is running at IP address 10.1.0.26?
Image:
11 (binary/octet-stream)
Answer
  • A. Email
  • B. Web
  • C. FTP
  • D. Database

Question 27

Question
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. The system at 15.246.10.1 attempts HTTP and HTTPS connections to the web server running at 10.1.0.50. Which one of the following statements is true about that connection?
Image:
11 (binary/octet-stream)
Answer
  • A. Both connections will be allowed.
  • B. Both connections will be blocked.
  • C. The HTTP connection will be allowed, and the HTTPS connection will be blocked.
  • D. The HTTP connection will be blocked, and the HTTPS connection will be allowed.

Question 28

Question
The source ports have been omitted from the figure, but you may assume that they are specified correctly for the purposes of answering questions. What value should be used to fill in the source port for rule #3?
Image:
11 (binary/octet-stream)
Answer
  • A. 25
  • B. 465
  • C. 80
  • D. Any

Question 29

Question
Data streams occur at what three layers of the OSI model?
Answer
  • A. Application, Presentation, and Session
  • B. Presentation, Session, and Transport
  • C. Physical, Data Link, and Network
  • D. Data Link, Network, and Transport

Question 30

Question
Chris needs to design a firewall architecture that can support a DMZ, a database, and a private internal network in a secure manner that separates each function. What type of design should he use, and how many firewalls does he need?
Answer
  • A. A four-tier firewall design with two firewalls
  • B. A two-tier firewall design with three firewalls
  • C. A three-tier firewall design with at least one firewall
  • D. A single-tier firewall design with three firewalls

Question 31

Question
A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer’s account. What type of biometric factor error occurred?
Answer
  • A. A registration error
  • B. A Type 1 error
  • C. A Type 2 error
  • D. A time of use, method of use error

Question 32

Question
What type of access control is typically used by firewalls?
Answer
  • A. Discretionary access controls
  • B. Rule-based access controls
  • C. Task-based access control
  • D. Mandatory access controls

Question 33

Question
When you input a user ID and password, you are performing what important identity and access management activity?
Answer
  • A. Authorization
  • B. Validation
  • C. Authentication
  • D. Login

Question 34

Question
During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely running on those ports?
Answer
  • A. SSH and FTP
  • B. FTP and Telnet
  • C. SMTP and Telnet
  • D. POP3 and SMTP

Question 35

Question
Saria’s team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?
Answer
  • A. Crystal box
  • B. Gray box
  • C. White box
  • D. Black box

Question 36

Question
What method is commonly used to assess how well software testing covered the potential uses of an application?
Answer
  • A. A test coverage analysis
  • B. A source code review
  • C. A fuzz analysis
  • D. A code review report

Question 37

Question
Testing that is focused on functions that a system should not allow are an example of what type of testing?
Answer
  • A. Use case testing
  • B. Manual testing
  • C. Misuse case testing
  • D. Dynamic testing

Question 38

Question
What type of monitoring uses simulated traffic to a website to monitor performance?
Answer
  • A. Log analysis
  • B. Synthetic monitoring
  • C. Passive monitoring
  • D. Simulated transaction analysis

Question 39

Question
Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?
Answer
  • A. Path disclosure
  • B. Local file inclusion
  • C. Race condition
  • D. Buffer overflow

Question 40

Question
Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using?
Answer
  • A. A port scanner
  • B. A service validator
  • C. A vulnerability scanner
  • D. A patch management tool

Question 41

Question
Mark is considering replacing his organization’s customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark’s company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?
Answer
  • A. IaaS
  • B. CaaS
  • C. PaaS
  • D. SaaS

Question 42

Question
Which one of the following information sources is useful to security administrators seeking a list of information security vulnerabilities in applications, devices, and operating systems?
Answer
  • A. OWASP
  • B. Bugtraq
  • C. Microsoft Security Bulletins
  • D. CVE

Question 43

Question
Which of the following would normally be considered an example of a disaster when performing disaster recovery planning? I. Hacking incident II. Flood III. Fire IV. Terrorism
Answer
  • A. II and III only
  • B. I and IV only
  • C. II, III, and IV only
  • D. I, II, III, and IV

Question 44

Question
Glenda would like to conduct a disaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information system activities and as minimal a commitment of time as possible. What type of test should she choose?
Answer
  • A. Tabletop exercise
  • B. Parallel test
  • C. Full interruption test
  • D. Checklist review

Question 45

Question
Which one of the following is not an example of a backup tape rotation scheme?
Answer
  • A. Grandfather/Father/Son
  • B. Meet in the middle
  • C. Tower of Hanoi
  • D. Six Cartridge Weekly

Question 46

Question
Victor created a database table that contains information on his organization’s employees. The table contains the employee’s user ID, three different telephone number fields (home, work, and mobile), the employee’s office location, and the employee’s job title. There are 16 records in the table. What is the degree of this table?
Answer
  • A. 3
  • B. 4
  • C. 6
  • D. 16

Question 47

Question
Carrie is analyzing the application logs for her web-based application and comes across the following string: ../../../../../../../../../etc/passwd What type of attack was likely attempted against Carrie’s application?
Answer
  • A. Command injection
  • B. Session hijacking
  • C. Directory traversal
  • D. Brute force

Question 48

Question
When should a design review take place when following an SDLC approach to software development?
Answer
  • A. After the code review
  • B. After user acceptance testing
  • C. After the development of functional requirements
  • D. After the completion of unit testing

Question 49

Question
Tracy is preparing to apply a patch to her organization’s enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning?
Answer
  • A. Unit testing
  • B. Acceptance testing
  • C. Regression testing
  • D. Vulnerability testing

Question 50

Question
What term is used to describe the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner?
Answer
  • A. Validation
  • B. Accreditation
  • C. Confidence interval
  • D. Assurance
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

English Language
livbennett
GCSE Chemistry C1 - Carbon Chemistry ATOMS, MOLECULES AND COMPOUNDS (Easy)
T W
GCSE Maths Notes: Averages
Andrea Leyden
Common Irish Words
silviaod119
Chemistry C1
Chloe Winn
The Anatomy of the Heart
Shannan Muskopf
Of Mice & Men Themes - Key essay points
Lilac Potato
OCR AS CHEMISTRY A DEFINITIONS
awesome.lois
Flame tests
Joshua Rees
I wish I..
Cristina Cabal
General Pathoanatomy Final MCQs (301-400)- 3rd Year- PMU
Med Student
Browse Library