Bonus Flashcards Preview

SP7 - R/Q > Bonus > Flashcards

Flashcards in Bonus Deck (13)
Loading flashcards...
1

1. _________________ employs a digital multicarrier modulation scheme that allows for a more
tightly compacted transmission. The modulated signals are perpendicular and thus do not
cause interference with each other.
A. DSSS
B. OCSP
C. OFDM
D. CCMP

C. OFDM employs a digital multicarrier modulation scheme that allows for a more tightly
compacted transmission. The modulated signals are perpendicular (orthogonal) and thus do
not cause interference with each other.

2

2. What is the IEEE standard for Bluetooth?
A. 802.3
B. 802.11
C. 802.20
D. 802.15

D. IEEE 802.15 is the standard for Bluetooth. IEEE 802.3 defines Ethernet, 802.11 defines
wireless networking, and 802.20 defines LTE.

3

3. What means of transmission involves the use of a discontinuous electrical signal and a state
change or on‐off pulses?
A. Asynchronous communications
B. Digital signals
C. Broadband connections
D. Half‐duplex links

B. Digital signals are a means of transmission that involves the use of a discontinuous
electrical signal and a state change or on‐off pulses. Asynchronous communications, broadband
connections, and half‐duplex links can be digital or analog.

4

4. What technique is the most effective means of protecting against SQL injection attacks?
A. Acceptance testing
B. Code review
C. Firewall rules
D. Input validation

D. Input validation protects against a wide variety of web‐based attacks, including SQL
injection.

5

5. In a relational database, what type of key is used to uniquely identify a record in a table and
can have multiple instances per table?
A. Candidate key
B. Primary key
C. Unique key
D. Foreign key

A. A candidate key is a subset of attributes that can be used to uniquely identify any record
in a table. No two records in the same table will ever contain the same values for all attributes
composing a candidate key. Each table may have one or more candidate keys, which
are chosen from column headings.

6

6. What characteristic of database transactions ensures that transactions are executed in an
“all‐or‐nothing” fashion?
A. Atomicity
B. Consistency
C. Isolation
D. Durability

A. Database transactions must be atomic—that is, they must be an “all‐or‐nothing” affair.
If any part of the transaction fails, the entire transaction must be rolled back as if it never
occurred.

7

7. What type of alternate processing facility contains a full complement of computing equipment
in working order with copies of data ready to go?
A. Hot site
B. Warm site
C. Cold site
D. Cloud site

A. Hot sites are ready to assume full operational capacity at a moment’s notice.

8

8. The absence of which of the following can result in the perception that due care is not being
maintained?
A. Periodic security audits
B. Deployment of all available controls
C. Performance reviews
D. Audit reports for shareholders

A. Failing to perform periodic security audits can result in the perception that due care
is not being maintained. Such audits alert personnel that senior management is practicing
due diligence in maintaining system security. An organization should not indiscriminately
deploy all available controls but should choose the most effective ones based on risks. Performance
reviews are useful managerial practices but not directly related to due care. Audit
reports should not be shared with the public.

9

9. An employee retained access to sensitive data from previous job assignments. Investigators
later caught him selling some of this sensitive data to competitors. What could have prevented
the employee from stealing and selling the secret data?
A. Asset valuation
B. Threat modeling
C. Vulnerability analysis
D. User entitlement audit

D. A user entitlement audit can detect when employees have excessive privileges. Asset
valuation identifies the value of assets. Threat modeling identifies threats to valuable assets.
Vulnerability analysis detects vulnerabilities or weaknesses that can be exploited by threats.

10

10. Which of the following can detect outgoing sensitive data based on specific data patterns?
A. Anti‐malware software
B. Data loss prevention systems
C. Security Information and Event Management systems
D. Intrusion prevention systems

B. Network‐based data loss prevention (DLP) systems can scan outgoing data and look for
specific keywords and/or data patterns. DLP systems can block these outgoing transmissions.
Anti‐malware software detects malware. Security Information and Event Management
(SIEM) provide real‐time analysis of events occurring on systems throughout an
organization but don’t necessarily scan outgoing traffic. Intrusion prevention systems (IPS)
scan incoming traffic to prevent unauthorized intrusions.

11

11. An employee is suspected of embedding classified data within picture files and sending it to
a competitor. If true, what is this employee using to do so?
A. Hashing
B. Sandboxing
C. Steganography
D. Watermarking

C. Steganography is the practice of embedding data within other files so it is possible for
an employee to embed classified data within picture files. Security professionals use hashing
techniques to discover files that have other data embedded within them. Sandboxing runs applications in isolated memory to observe them and detect potential malicious activity.
Watermarking is the process of embedding an image or pattern in paper or a file but is not
done maliciously.

12

12. Which of the following represents a primary benefit of a patch management system?
A. Prevents outages from new attacks
B. Prevents outages from known attacks
C. Provides updates to operating systems and applications
D. Eliminates vulnerabilities

B. A patch management system prevents outages from known attacks by ensuring systems
are patched. Patches aren’t available for new attacks. Patches provide updates to operating
systems and applications. However, the patch management system doesn’t provide the
updates. Ensuring systems are patched reduces vulnerabilities but it does not eliminate vulnerabilities.

13

13. What is the purpose of the Common Vulnerabilities and Exposures (CVE) dictionary?
A. To identify methods of mitigating vulnerabilities
B. To provide a standard convention used to identify vulnerabilities
C. To identify methods of discovering vulnerabilities
D. To provide a standard method of announcing vulnerabilities

B. The Common Vulnerabilities and Exposures dictionary provides a standard convention
used to identify vulnerabilities. The CVE does include information on mitigating and
discovering vulnerabilities, but that isn’t the primary purpose. The CVE doesn’t announce
vulnerabilities.