Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Firewall appliances need little or no hardening before they are installed.
Answer:
File/directory data backup copies data, programs, configurations, and registry settings.
Answer:
Different honest people can make different ethical decisions in a given situation.
Answer:
Programmers can trust user input if the person is strongly authenticated.
Answer:
Attackers cannot use IP address spoofing in port scanning attack packets.
Answer:
PEAP is a popular extended EAP protocol.
Answer:
Money mules transfer stolen money for criminals and take a small percentage for
themselves.
Answer:
Employees pose an increased risk to organizations as they ofter have access to sensitive
parts of systems.
Answer:
The terms octet and byte mean the same thing.
Answer:
Spreadsheets are rarely the subject of compliance regulations.
Answer:
A border firewall sits at the boundary between the corporate site and the external
Internet.
Answer:
You accidentally find someone's password and use it to get into a system. This is
hacking.
Answer:
PKI uses circles of trust.
Answer:
File/directory backup is slower and takes up more storage space than image backup.
Answer:
Signaling is the carriage of voice between two parties.
Answer:
Losing an encryption key is not a serious danger.
Answer:
An attack that comes before fixes are released is called a vulnerability attack.
Answer:
In public key encryption for authentication, the verifier decrypts the ciphertext with the
verifier's public key.
Answer:
Identity management is really just another form of risk management.
Answer:
CDP is inexpensive to use.
Answer:
In UNIX, the Execute permission gives the permission to make changes.
Answer:
A Microsoft Windows Service Pack is a group of vulnerability fixes and sometimes
functionality improvements.
Answer:
A company should decide upon a single security baseline for use with its client PCs.
Answer:
Incident response is defined as reacting to incidents impromptu.
Answer:
To take advantage of user typing errors, attackers register site names that are similar to
those of legitimate domain names.
Answer:
With Active-X controls, active scripting is enabled by default.
Answer:
Responding to risk through risk avoidance is likely to be acceptable to other units of the
firm.
Answer:
WEP encrypts each frame with a per-frame key that consists of the shared RC4 key plus
a 24-bit initialization vector that is different for each frame.
Answer:
Technology is the most effective method of avoiding problems during the legal
discovery process.
Answer:
In the long term, backup media should be stored at a different site.
Answer:
Validation can protect against SQL injection attacks.
Answer:
Which of the following is not one of the rules for working in secure areas?
A) Unsupervised work in secure areas should be avoided.
B) When no one is in a secure area, it should be locked and verified periodically.
C) No one should be allowed to work in secure areas for more than four hours in a row.
D) Electronic devices that can record or copy mass amounts of information should be
forbidden in secure areas.
Answer:
CAs distribute public keys ________.
A) in digital certificates
B) only in ways using encryption for confidentiality
C) Both A and B
D) Neither A nor B
Answer:
Another name for RAID 5 is ________.
A) Mirroring
B) Distributed Parity
C) Striping
D) None of the above.
Answer:
Two-factor authentication can be defeated if ________.
A) the user's computer is compromised
B) the attacker uses a man-in-the-middle attack
C) Both A and B
D) Neither A nor B
Answer:
________ is a generic term for "evil software."
A) Virus
B) Worm
C) Malware
D) Threat
Answer:
The authenticator is the ________.
A) workgroup switch
B) central authentication server
C) client
D) None of the above
Answer:
Traditional hackers are motivated by ________.
A) thrill
B) validation of power
C) doing damage as a by-product
D) All of the above
Answer:
Static packet filtering is sometimes used ________.
A) as a secondary filtering mechanism on an application proxy firewall
B) on border routers
C) Both A and B
D) Neither A nor B
Answer:
DNSSEC ________.
A) is still under development
B) is widely used
C) is no longer used
D) There is no such thing as DNSSEC.
Answer:
Companies transmit over the wireless LANs because WLANs ________.
A) are inexpensive
B) are secure
C) Both A and B
D) Neither A nor B
Answer:
Which of the following statements accurately describes fingerprint recognition?
A) Fingerprint recognition scanners are very expensive.
B) Fingerprint recognition is easily deceived.
C) Fingerprint recognition is rarely used.
D) All of the above
Answer:
________ is the process of assessing the identity of each individual claiming to have
permission to use a resource.
A) Authorizations
B) Authentication
C) Accuracy
D) Auditing
Answer:
Evil twin access point attacks are most common in ________.
A) secure WLANs
B) public hotspots
C) wired connected networks
D) None of the above
Answer:
In 802.11i pre-shared key mode, the initial key is generated ________.
A) automatically
B) from a passphrase
C) from a password
D) None of the above. There is no initial key in 802.11i pre-shared key mode.
Answer:
________ is the security guarantee that people who intercept messages cannot read
them.
A) Integrity
B) Availability
C) Confidentiality
D) Encryption
Answer:
Example of DBMSs include ________.
A) MySQL, Oracle
B) IBM DB2, Microsoft SQL Server
C) A only
D) Both A and B
Answer:
The process of keeping a backup copy of each file being worked on by backing it up
every few minutes is called ________.
A) file backup
B) file/folder backup
C) image backup
D) shadowing
Answer:
Electronic signatures usually provide ________.
A) message-by-message authentication
B) message integrity
C) Both A and B
D) Neither A nor B
Answer:
________ is efficient enough in processing power and RAM requirements to be used on
small devices, such as PDAs and cell phones.
A) 3DES
B) AES
C) Both A and B
D) Neither A nor B
Answer:
________ is concerned with the restarting of the day-to-day revenue generating
operations of the firm.
A) Business continuity planning
B) IT disaster recovery
C) Both A and B
D) Neither A nor B
Answer:
________ are proofs of identity.
A) Certifications
B) Credentials
C) Cartes
D) Verifications
Answer:
Most central authentication servers are governed by the ________ standard.
A) EAP
B) RADIUS
C) IPsec
D) 802.1X
Answer:
Which is not one of the three UNIX permissions?
A) Read
B) Write
C) List folder contents
D) Execute
Answer:
Public key encryption is ________.
A) complex
B) slow
C) expensive
D) All of the above
Answer:
The worst problem with classic risk analysis is that ________.
A) protections often protect multiple resources
B) resources often are protected by multiple resources
C) we cannot estimate the annualized rate of occurrence
D) costs and benefits are not the same each year
Answer:
________ allows a response team to determine an incident's damage potential and to
gather information needed to begin containment and recovery.
A) Detection
B) Analysis
C) Both A and B
D) Neither A nor B
Answer:
Most traditional external attackers were heavily motivated by ________.
A) the thrill of breaking in
B) making money through crime
C) Both A and B
D) Neither A nor B
Answer:
In MS-CHAP, the ________ creates the response message.
A) supplicant
B) verifier
C) Both A and B
D) Neither A nor B
Answer:
Which of the following can be a type of spyware?
A) A cookie
B) A keystroke logger
C) Both A and B
D) Neither A nor B
Answer:
Antivirus servers can look for ________.
A) viruses
B) worms
C) Trojan horses
D) All of the above
Answer:
Fingerprint recognition should be used as a security measure for access to ________.
A) a non-essential supply cabinet
B) a notebook containing sensitive information
C) Both A and B
D) Neither A nor B
Answer:
Which of the following is a benefit of using a central authentication server in 802.1X?
A) Reduced cost
B) Consistency in authentication
C) Immediacy in access control changes
D) All of the above
Answer:
JavaScript is a scripted form of Java.
Answer:
RTP adds ________ to UDP.
A) security
B) sequence numbers
C) Both A and B
D) Neither A nor B
Answer:
