Q251-Q299 Flashcards
Which of the following is the below pseudo-code an example of?
IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT
A. Buffer overflow prevention
B. Input validation
C. CSRF prevention
D. Cross-site scripting prevention
B. Input validation
A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?
A. RADIUS B. TACACS+ C. Kerberos D. LDAP
B. TACACS+
Which of the following can use RC4 for encryption? (Select TWO).
A. CHAP B. SSL C. WEP D. AES E. 3DES
B. SSL
C. WEP
Which of the following defines a business goal for system restoration and acceptable data loss? A. MTTR B. MTBF C. RPO D. Warm site
C. RPO
If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing?
A. Transitive trust
B. Public key trust
C. Certificate authority trust
D. Domain level trust
A. Transitive trust
Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
A. Business continuity planning B. Continuity of operations
C. Business impact analysis
D. Succession planning
D. Succession planning
Which of the following allows a company to maintain access to encrypted resources when employee turnover is high? A. Recovery agent B. Certificate authority C. Trust model D. Key escrow
A. Recovery agent
Which of the following devices will help prevent a laptop from being removed from a certain location?
A. Device encryption
B. Cable locks
C. GPS tracking
D. Remote data wipes
B. Cable locks
Which of the following is the MOST secure protocol to transfer files? A. FTP B. FTPS C. SSH D. TELNET
B. FTPS
Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?
A. Signature based IPS B. Signature based IDS C. Application based IPS D. Anomaly based IDS
D. Anomaly based IDS
A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?
A. Command shell restrictions
B. Restricted interface
C. Warning banners
D. Session output pipe to /dev/null
C. Warning banners
Which of the following protocols is used to authenticate the client and server’s digital certificate?
A. PEAP B. DNS C. TLS D. ICMP
C. TLS
Which of the following can be used to mitigate risk if a mobile device is lost?
A. Cable lock
B. Transport encryption C. Voice encryption
D. Strong passwords
D. Strong passwords
Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?
A. Record time offset B. Clean desk policy C. Cloud computing D. Routine log review
B. Clean desk policy
Which of the following is an example of multifactor authentication?
A. Credit card and PIN
B. Username and password C. Password and PIN
D. Fingerprint and retina scan
A. Credit card and PIN
After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?
A. Proper error handling
B. Proper input validation
C. Improper input validation
D. Improper error handling
B. Proper input validation
Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE). A. Spam filter B. Load balancer C. Antivirus D. Proxies E. Firewall F. NIDS G. URL filtering
D. Proxies
E. Firewall
G. URL filtering
Several bins are located throughout a building for secure disposal of sensitive information. Which of the following does this prevent?
A. Dumpster diving B. War driving
C. Tailgating
D. War chalking
A. Dumpster diving
Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?
A. Application design
B. Application security
C. Initial baseline configuration D. Management of interfaces
C. Initial baseline configuration
Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?
A. Acceptable Use Policy
B. Physical security controls C. Technical controls
D. Security awareness training
D. Security awareness training