Level Up 1 Flashcards
(20 cards)
Why is geolocation important for authentication?
A It helps determine if an authentication attempt is coming from an expected location
B It helps provide fault tolerance in case the authentication mechanism fails
C It helps calculate the best route for data to take when sending a response back to the requestor
D It helps prioritize the order in which authentication requests are processed
A It helps determine if an authentication attempt is coming from an expected location
A mobile device manufacturer is creating new prototypes and wants to ensure that the devices are not taken off-premises. Which method to secure the devices would alert administrators if a device leaves the building?
A
Geofencing
B
Obfuscation
C
Tokenization
D
Encryption
A
Geofencing
An administrator is making plans for how to protect data as users are working on it at their workstations. What BEST describes the state of data that they are trying to protect?
A
Data in use
B
Data in transit
C
Data in storage
D
Data at rest
A
Data in use
For regulatory reasons, a company needs to limit access to a portion of its website to only visitors located in the European Union. What method of restricting access to data should they use in this situation?
A
Obfuscation
B
Geographic restrictions
C
Segmentation
D
Encryption
B
Geographic restrictions
An organization wants to send a large amount of data from one location to another over the internet. They want to ensure that the data cannot be read by unauthorized people during this process.
What state of data should a security control protect in this situation?
A
Data at rest
B
Data in transit
C
Data in use
D
Data in process
B
Data in transit
An organization has several users who do not necessarily need to be in the office and wants to allow them remote access to the company network. Which of the following is used to create a secure connection between a client computer and a remote network over an insecure medium?
A
VPN
B
DHCP
C
NAC
D
STP
A
VPN
A government agency is modernizing its server environment and moving toward a cloud methodology. They currently have a front end for citizens to access and log into for additional resources, and they also maintain a secure backend that stores PII and other sensitive information. They are going forward with a public section and a dedicated, reserved (private) section of the cloud services.
What type of cloud is being used by this agency?
A
Public
B
Hybrid
C
Private
D
Community
B
Hybrid
A security analysis firm is interested in tracking down a group of government state-level hackers. This group of hackers only targets large corporations that work on government projects and wouldn’t likely go after one honeypot.
What is used when a single honeypot isn’t enough to trap a hacker?
A
Honeynet
B
Botnet
C
System on a chip
D
Wireless access point
A
Honeynet
An iris scan is an example of which of the following types of locks?
A
Physical
B
Cable
C
Biometric
You’re on the right track
D
Cipher
C
Biometric
A lead administrator is explaining the concepts of network protection to an executive in HR. The executive asks how the network is protected when it is connected to the internet, where unknown attackers can reach.
What is used in the network perimeter to protect the internal network from attackers?
A
Switch
B
Router
C
Firewall
D
Patch panel
C
Firewall
A financial services company is in the process of responding to an incident. They are currently putting the affected system back to normal operations and connecting it to the corporate network.
Which step of the incident response process are they in?
A
Containment
B
Recovery
C
Lessons learned
D
Eradication
B
Recovery
An attacker is examining a company they will potentially attack. They are looking at the company’s social media and website in order to create a profile of the CEO. They were able to derive the CEO’s email address, as well as potential subordinates.
Of the following, which did the attacker use in this attack?
A
Vulnerability scan
B
ISAC
C
IoCs
D
Open-source intelligence
D
Open-source intelligence
You are working remotely at a local coffee shop and go to log in to the wireless network. You are presented with a new web browser window that has just popped open, prompting you to accept an agreement before signing on to the free Wi-Fi.
What technology have you just encountered?
A
Jammer
B
Captive portal
C
Deauther
D
Sandbox
B
Captive portal
An insurance agency has many traveling salespeople who carry sensitive information on their laptops. The company is concerned that if a traveling salesperson’s username and password were compromised, an attacker would be able to gain access to the network.
What is a security measure they can use to protect the network if a hacker gets access to a username and password?
A
WEP
B
Key stretching
C
Single sign-on
D
Multifactor authentication
D
Multifactor authentication
Acme Inc. needs an extremely secure authentication method for access to its data center. They want a method that uses an individual’s unique physical characteristics that are very hard to replicate.
Which security method could they try that uses authentication based on physical characteristics?
A
TOTP
B
Mantraps
C
HOTP
D
Biometrics
D
Biometrics
What should be a requirement when having users create passwords?
A
Hints
B
Dictionary words
C
Complexity
D
Blank characters
C
Complexity
Before creating an investment account for a new customer, a bank asks for their social security number. What is the bank doing?
A
User behavior analytics
B
Biometrics
C
Identity proofing
You’re on the right track
D
Open authorization
C
Identity proofing
An administrator is reviewing account policies. They want to be sure that all users’ passwords are changed every month. Which criteria should they set to accomplish this?
A
Length
B
Complexity
C
Expiration
D
Reuse
C
Expiration
Which activity involves actively probing systems to discover vulnerabilities?
A
Alerting
B
Scanning
C
Reporting
D
Log aggregation
B
Scanning
What does a firewall use to permit or deny actions?
A
EDR
B
Honeypots
C
Access lists
D
FIM
C
Access lists
