Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Flooding the frequency of a wireless network is one method attackers use to affect the
network.
Answer:
Security tends to impede functionality.
Answer:
Vulnerability testing typically is not outsourced.
Answer:
CLIs usually are easier to learn than GUIs.
Answer:
You can quickly assess the general security posture of your Windows Vista PC by using
the status check in the Windows Security Center.
Answer:
Using new and proprietary encryption ciphers is a good idea because cryptanalysts will
not know them.
Answer:
DRM usually is difficult to enforce.
Answer:
An internal firewall sits at the boundary between the corporate site and the Internet.
Answer:
When securing application configuration settings, default password settings should not
be changed.
Answer:
Stealing the password file from a computer is safer than attempting to log in remotely.
Answer:
Someone sends you a "game." When you run it, it logs you into an IRS server. This is
hacking.
Answer:
A CSIRT should not include members from the legal department.
Answer:
Nonmobile malware can be on webpages that users download.
Answer:
A false rejection occurs when a person is improperly matched to a template.
Answer:
A socket designates a specific program designated by a port number on a specific
computer's IP address.
Answer:
Most companies are quick to enforce strict data management policies.
Answer:
With CDP, each location backs up the other in real time.
Answer:
Custom programs generally are safe because attackers do not know the code.
Answer:
Operating system account passwords provide limited protection.
Answer:
Ingress ACL rules typically permit a specific type of externally originated connection to
network resources.
Answer:
Detective countermeasures keep attacks from succeeding.
Answer:
SPI firewalls can handle both ICMP and UDP.
Answer:
International laws about cybercrime are fairly uniform.
Answer:
Site-to-site VPNs typically decrypt messages when they arrive from the outside.
Answer:
A LINUX distribution consists only of the LINUX kernel.
Answer:
Differential backups only back up data that has changed since the most recent full
backup.
Answer:
Incremental and full backups must be restored in the order in which they were created.
Answer:
A CSIRT should include members from the public relations department.
Answer:
In a crisis, rigid adherence to plans and processes for recovery is critical.
Answer:
A down side of spam filtering is the deletion of some legitimate messages.
Answer:
Spammers use sticky spam, which presents their message as a graphical image.
Answer:
Policies should specify implementation in detail.
Answer:
Cookies can used to track users at a website.
Answer:
Verification is the process where the verifier determines the identity of the supplicant.
Answer:
Which of the following statements is not an accurate description of MMCs?
A) MMCs are produced by Microsoft.
B) MMCs are located under the Start / Management menu choice.
C) MMCs use GUIs.
D) MMCs are relatively easy to learn to use.
Answer:
With nominal deletion, data is ________.
A) recoverable
B) reusable
C) Both A and B.
D) Neither A nor B.
Answer:
In a relational database, examples of entities include ________.
A) persons
B) things
C) events
D) All of the above
Answer:
In Active Directory, a domain controller contains ________.
A) a RADIUS authentication server program
B) an Active Directory database
C) Both A and B
D) Neither A nor B
Answer:
Repair during ongoing server operation is ________.
A) desirable
B) dangerous
C) Both A and B
D) Neither A nor B
Answer:
Conducting stings on employees ________.
A) raises awareness
B) raises resentment
C) Both A and B
D) Neither A nor B
Answer:
Many e-commerce companies will not ship to certain countries because of a high rate of
consumer fraud. To get around this, attackers use ________.
A) IP address spoofing
B) host name spoofing
C) money mules
D) transshippers
Answer:
________ are prescriptive statements about what companies should do and are put
together by trade associations and government agencies.
A) Best practices
B) Recommended practices
C) Both A and B
D) Neither A nor B
Answer:
________ is the act of passing an incident to the CSIRT or business continuity team.
A) Transference
B) Escalation
C) Delegation
D) Acceleration
Answer:
TCP/IP's internet layer supervisory protocol is ________.
A) DNS
B) DHCP
C) ICMP
D) All of the above.
Answer:
The most widely used form of biometrics is ________.
A) retinal scanning
B) iris scanning
C) fingerprint scanning
D) face recognition
Answer:
Which IPS response to an attack can do the most damage?
A) Dropping packets
B) Limiting suspicious traffic to a certain percentage of the total bandwidth
C) Both A and B do equal amounts of damage
D) Neither A nor B
Answer:
SPI firewalls can conduct ________ inspection.
A) stateful packet
B) static packet filtering
C) Both A and B
D) Neither A nor B
Answer:
A ________ can be used to gather network information or user data.
A) RFMON
B) packet sniffer
C) whaling device
D) None of the above
Answer:
Companies can enforce policies for ________.
A) SSL/TLS
B) IPsec security associations
C) Both A and B
D) Neither A nor B
Answer:
SSL/TLS was developed for ________ VPNs.
A) host-to-host
B) site-to-site
C) Both A and B
D) Neither A nor B
Answer:
Stateful packet inspection firewalls are ________.
A) expensive
B) fairly safe in practice
C) Both A and B
D) Neither A nor B
Answer:
________ is the act of actually stopping an incident's damage.
A) Disconnection
B) Gapping
C) Containment
D) Termination
Answer:
Why is creating firewall policies desirable compared to just creating a list of ACL
rules?
A) Policies are more specific.
B) Policies are easier to understand.
C) Both A and B
D) Neither A nor B
Answer:
Which of the following is not one of the four security levels of incidents?
A) False alarms
B) Minor incidents
C) Virus epidemics
D) Disasters
Answer:
The best way to thwart exhaustive searches by cryptanalysts is ________.
A) to use codes
B) to make the key very long
C) randomize the key thoroughly
D) All of the above
Answer:
Which of the following specifies how to do certification by external parties?
A) COSO
B) CobiT
C) ISO/IEC 27000
D) All of the above have certification by external parties.
Answer:
Replay attacks can be thwarted by using ________.
A) time stamps
B) sequence numbers
C) nonces
D) All of the above.
Answer:
Configuring multiple hard drives as an array within a single system is ________.
A) a common method of increasing reliability
B) a common method of increasing speed
C) Both A and B
D) Neither A nor B
Answer:
To prevent eavesdropping, applications should ________.
A) be updating regularly
B) use electronic signatures
C) use encryption for confidentiality
D) use encryption for authentication
Answer:
Overall for firms, which is more time consuming to patch?
A) Applications
B) Operating systems
C) Both are about equally time consuming to patch
D) None of the above
Answer:
Walkthroughs are ________ table-top exercises.
A) better than
B) just as good as
C) worse than
D) the same thing as
Answer:
RTP stands for ________.
A) Real Transfer Protocol
B) Real Time Protocol
C) Real Transport Protocol
D) None of the above
Answer:
In VoIP, firewalls are a problem because they tend to ________.
A) reduce throughput
B) increase jitter
C) increase latency
D) make traffic unreadable
Answer:
Audits place special attention on ________.
A) compliance avoidance
B) noncompliance
C) memo log files
D) absences from duty
Answer:
