Practice Resource Flashcards 2

Question 1

Risk strategy when you take no action?

Answer 1

Risk acceptance.

Question 2

How an administrator can access a vpn?

Answer 2

Jump server.

Question 3

What looks at payment terms, resolution mechanisms, confidentially clauses, and liability protections?

Answer 3

Master service agreement
MSA

Question 4

What signifies that an organization will acknowledge its responsibilities and will adhere to the prescribed regulations?

Answer 4

Attestation

Question 5

How to find what websites someone had visited?

Answer 5

Dns log files

Question 6

What attack uses a tar.gz file extension?

Answer 6

Remote access Trojan
RAT

Question 7

How could you recover old data from an encrypted smart card?

Answer 7

Key escrow will have an old copy of the private keys

Question 8

What agreement type is measured in metrics?

Answer 8

Service level agreement
SLA
What services will be rendered and level of performance

Question 9

What is a CSP?
How can a CSP load balancer data?

Answer 9

Content security policy-securiy feature of browsers that helps to prevent attacks like XSS by controlling the sources from which content can be loaded.
Geographical dispersion

Question 10

What is pci dss?

What would happen if a financial institution failed a PCI DSS inspection?

Answer 10

Payment card industry data security standard

Regulators fine.

Question 11

What framework examines the adversary, capabilities, infrastructure, and victim in an attack?

Answer 11

Diamond model of intrusion analysis

Question 12

What works on a Rewards basis?

Answer 12

Bug bounty

Question 13

Javascript extension?

Answer 13

.js

Question 14

What authentication model uses tokens?

Answer 14

Kerberos

Question 15

What is kerberos?

Answer 15

Provides a standardized way to verify a user’s or hosts identity over a untrusted network.

Used by windows, linux

Developed by MIT

Question 16

What system would prevent a PII error?

What is PII?

Answer 16

Data loss prevention DLP
Personally identifiable info

Question 17

What authentication model is 3rd party to 3rd party?

Answer 17

Federation

Question 18

What attack uses a .ryk file extension?

Answer 18

Ransomware(RUYK)

Question 19

How to check the reliability of a system?

Answer 19

Mean time between failure MTBF

Question 20

What authentication model uses extended attributes?

Answer 20

Federated services

Question 21

What is the file extension and format of a private key?

Answer 21

P12 format
.pfx extension

Question 22

What authentication system reduces the number of times you need to authenticate?

Answer 22

Single sign on SSO

Question 23

What is file extension and format of public key?

Answer 23

.cer
P7B format

Question 24

What authentication model prevents a hash attack?

Answer 24

Kerberos

Question 25

What authentication model prevents replay attacks and how?

Answer 25

Kerberos Using usn and time stamps

Question 26

What authentication method does Iaas, PaaS, SaaS use?

Answer 26

Federation, model used by cloud.

Question 27

What authentication model uses cookies?

Answer 27

Federated

Question 28

What authentication model uses tokens?

Answer 28

OAuth 2.0

Question 29

What authentication model supports OpenID Connect?

Answer 29

OAuth

Question 30

What type of virus evades anti-virus, nids, nips, or siem?

Answer 30

Zero day attack

Question 31

What is 0Auth2?

Answer 31

Open authorization Allows a website or app to access resources on another web app or website on behalf of a user.