Copiar y Editar

Quix15 - 125Q

Descripción

Good Luck!
Requiemdust Sheena
Test por Requiemdust Sheena, actualizado hace más de 1 año
Requiemdust Sheena
Creado por Requiemdust Sheena hace casi 4 años
582
0
1

Resumen del Recurso

Pregunta 1

Pregunta
Fred’s data role requires him to maintain system security plans and to ensure that system users and support staff get the training they need about security practices and acceptable use. What is the role that Fred is most likely to hold in the organization?
Respuesta
  • A. Data owner
  • B. System owner
  • C. User
  • D. Custodian

Pregunta 2

Pregunta
Sally is using IPsec’s ESP component in transport mode. What important information should she be aware of about transport mode?
Respuesta
  • A. Transport mode provides full encryption of the entire IP packet.
  • B. Transport mode adds a new, unencrypted header to ensure that packets reach their destination.
  • C. Transport mode does not encrypt the header of the packet.
  • D. Transport mode provides no encryption; only tunnel mode provides encryption.

Pregunta 3

Pregunta
Which one of the following is not a key process area for the Repeatable phase of the Software Capability Maturity Model (SWCMM)?
Respuesta
  • A. Software Project Planning
  • B. Software Quality Management
  • C. Software Project Tracking
  • D. Software Subcontract Management

Pregunta 4

Pregunta
Ben wants to provide predictive information about his organization’s risk exposure in an automated way as part of an ongoing organizational risk management plan. What should he use to do this?
Respuesta
  • A. KRIs
  • B. Quantitative risk assessments
  • C. KPIs
  • D. Penetration tests

Pregunta 5

Pregunta
In the image shown here, what does system B send to system A at step 2 of the three-way TCP handshake?
Image:
66 (binary/octet-stream)
Respuesta
  • A. SYN
  • B. ACK
  • C. FIN/ACK
  • D. SYN/ACK

Pregunta 6

Pregunta
Chris is conducting reconnaissance on a remote target and discovers that pings are allowed through his target’s border firewall. What can he learn by using ping to probe the remote network?
Respuesta
  • A. Which systems respond to ping, a rough network topology, and potentially the location of additional firewalls
  • B. A list of all of the systems behind the target’s firewall
  • C. The hostnames and time to live (TTL) for each pingable system, and the ICMP types allowed through the firewall
  • D. Router advertisements, echo request responses, and potentially which hosts are tarpitted

Pregunta 7

Pregunta
What access management concept defines what rights or privileges a user has?
Respuesta
  • A. Identification
  • B. Accountability
  • C. Authorization
  • D. Authentication

Pregunta 8

Pregunta
Which one of the following is not a classification level commonly found in commercial data classification schemes?
Respuesta
  • A. Secret
  • B. Sensitive
  • C. Confidential
  • D. Public

Pregunta 9

Pregunta
Files, databases, computers, programs, processes, devices, and media are all examples of what?
Respuesta
  • A. Subjects
  • B. Objects
  • C. File stores
  • D. Users

Pregunta 10

Pregunta
Danielle is testing tax software, and part of her testing process requires her to input a variety of actual tax forms to verify that the software produces the right answers. What type of testing is Danielle performing?
Respuesta
  • A. Use case testing
  • B. Dynamic testing
  • C. Fuzzing
  • D. Misuse testing

Pregunta 11

Pregunta
After 10 years working in her organization, Cassandra is moving into her fourth role, this time as a manager in the accounting department. What issue is likely to show up during an account review if her organization does not have strong account maintenance practices?
Respuesta
  • A. An issue with least privilege
  • B. Privilege creep
  • C. Account creep
  • D. Account termination

Pregunta 12

Pregunta
IP addresses like 10.10.10.10 and 172.19.24.21 are both examples of what type of IP address?
Respuesta
  • A. Public IP addresses
  • B. Prohibited IP addresses
  • C. Private IP addresses
  • D. Class B IP ranges

Pregunta 13

Pregunta
What flaw is a concern with preset questions for cognitive passwords?
Respuesta
  • A. It prevents the use of tokens.
  • B. The question’s answer may be easy to find on the Internet.
  • C. Cognitive passwords require users to think to answer the question, and not all users may be able to solve the problems presented.
  • D. Cognitive passwords don’t support long passwords.

Pregunta 14

Pregunta
Megan needs to create a forensic copy of a hard drive that will be used in an investigation. Which of the following tools is best suited to her work?
Respuesta
  • A. xcopy
  • B. dd
  • C. DBAN
  • D. ImageMagik

Pregunta 15

Pregunta
Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use?
Respuesta
  • A. Antivirus
  • B. Whitelist
  • C. Blacklist
  • D. Heuristic

Pregunta 16

Pregunta
Data relating to the past, present, or future payment for the provision of healthcare to an individual is what type of data per HIPAA?
Respuesta
  • A. PCI
  • B. Personal billing data
  • C. PHI
  • D. Personally identifiable information (PII)

Pregunta 17

Pregunta
Yagis, panel, cantennas, and parabolic antennas are all examples of what type of antenna?
Respuesta
  • A. Omnidirectional
  • B. Rubber duck or base antenna
  • C. Signal boosting
  • D. Directional

Pregunta 18

Pregunta
While traveling, James is held at knifepoint and forced to log into his laptop. What is this called?
Respuesta
  • A. Duress
  • B. Antisocial engineering
  • C. Distress
  • D. Knifepoint hacking

Pregunta 19

Pregunta
What is the minimum number of people who should be trained on any specific business continuity plan implementation task?
Respuesta
  • A. 1
  • B. 2
  • C. 3
  • D. 5

Pregunta 20

Pregunta
Cameron is responsible for backing up his company’s primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p.m. and incremental backups on other days of the week at that same time. How many files will be copied in Wednesday’s backup?
Image:
67 (binary/octet-stream)
Respuesta
  • A. 1
  • B. 2
  • C. 5
  • D. 6

Pregunta 21

Pregunta
Susan uses a span port to monitor traffic to her production website and uses a monitoring tool to identify performance issues in real time. What type of monitoring is she conducting?
Respuesta
  • A. Passive monitoring
  • B. Active monitoring
  • C. Synthetic monitoring
  • D. Signature-based monitoring

Pregunta 22

Pregunta
The type of access granted to an object and the actions that you can take on or with the object are examples of what?
Respuesta
  • A. Permissions
  • B. Rights
  • C. Privileges
  • D. Roles

Pregunta 23

Pregunta
Which one of the following would be considered an example of infrastructure as a service cloud computing?
Respuesta
  • A. Payroll system managed by a vendor and delivered over the web
  • B. Application platform managed by a vendor that runs customer code
  • C. Servers provisioned by customers on a vendor-managed virtualization platform
  • D. Web-based email service provided by a vendor

Pregunta 24

Pregunta
Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million. After consulting with actuaries, data center managers, and fire subject matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years. Based on the information in this scenario, what is the exposure factor for the effect of a fire on the Roscommon Agricultural Products data center?
Respuesta
  • A. 7.5%
  • B. 15.0%
  • C. 27.5%
  • D. 37.5%

Pregunta 25

Pregunta
Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million. After consulting with actuaries, data center managers, and fire subject matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years. Based on the information in this scenario, what is the annualized rate of occurrence for a fire at the Roscommon Agricultural Products data center?
Respuesta
  • A. 0.002
  • B. 0.005
  • C. 0.02
  • D. 0.05

Pregunta 26

Pregunta
Darcy is an information security risk analyst for Roscommon Agricultural Products. She is currently trying to decide whether the company should purchase an upgraded fire suppression system for their primary data center. The data center facility has a replacement cost of $2 million. After consulting with actuaries, data center managers, and fire subject matter experts, Darcy determined that a typical fire would likely require the replacement of all equipment inside the building but not cause significant structural damage. Together, they estimated that recovering from the fire would cost $750,000. They also determined that the company can expect a fire of this magnitude once every 50 years. Based on the information in this scenario, what is the annualized loss expectancy for a fire at the Roscommon Agricultural Products data center?
Respuesta
  • A. $15,000
  • B. $25,000
  • C. $75,000
  • D. $750,000

Pregunta 27

Pregunta
Two TCP header flags are rarely used. Which two are you unlikely to see in use in a modern network?
Respuesta
  • A. CWR and ECE
  • B. URG and FIN
  • C. ECE and RST
  • D. CWR and URG

Pregunta 28

Pregunta
Mike wants to ensure that third-party users of his service’s API can be tracked to prevent abuse of the API. What should he implement to help with this?
Respuesta
  • A. Session IDs
  • B. An API firewall
  • C. API keys
  • D. An API buffer

Pregunta 29

Pregunta
Fran is a web developer who works for an online retailer. Her boss asked her to create a way that customers can easily integrate themselves with Fran’s company’s site. They need to be able to check inventory in real time, place orders, and check order status programmatically without having to access the web page. What can Fran create to most directly facilitate this interaction?
Respuesta
  • A. API
  • B. Web scraper
  • C. Data dictionary
  • D. Call center

Pregunta 30

Pregunta
What type of power issue occurs when a facility experiences a momentary loss of power?
Respuesta
  • A. Fault
  • B. Blackout
  • C. Sag
  • D. Brownout

Pregunta 31

Pregunta
Lauren’s team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features like logging and password rotation occur?
Respuesta
  • A. A credential management system
  • B. A strong password policy
  • C. Separation of duties
  • D. Single sign-on

Pregunta 32

Pregunta
Ed’s Windows system can’t connect to the network and ipconfig shows the following: What has occurred on the system?
Image:
68 (binary/octet-stream)
Respuesta
  • A. The system has been assigned an invalid IP address by its DHCP server.
  • B. The system has a manually assigned IP address.
  • C. The system has failed to get a DHCP address and has assigned itself an address.
  • D. The subnet mask is set incorrectly and the system cannot communicate with the gateway.

Pregunta 33

Pregunta
What term is commonly used to describe initial creation of a user account in the provisioning process?
Respuesta
  • A. Enrollment
  • B. Clearance verification
  • C. Background checks
  • D. Initialization

Pregunta 34

Pregunta
What type of forensic investigation typically has the highest evidentiary standards?
Respuesta
  • A. Administrative
  • B. Criminal
  • C. Civil
  • D. Industry

Pregunta 35

Pregunta
There is a significant conflict between the drive for profit and the security requirements that Olivia’s organization has standardized. Olivia’s role means that decreased usability and loss of profit due to her staff’s inability to use the system is her major concern. What is the most likely role that Olivia plays in her organization?
Respuesta
  • A. Business manager
  • B. Information security analyst
  • C. Data processor
  • D. Mission owner

Pregunta 36

Pregunta
Tom believes that a customer of his Internet service provider has been exploiting a vulnerability in his system to read the email messages of other customers. If true, what law did the customer most likely violate?
Respuesta
  • A. ECPA
  • B. CALEA
  • C. HITECH
  • D. Privacy Act

Pregunta 37

Pregunta
In the ring protection model shown here, what ring contains user programs and applications?
Image:
69 (binary/octet-stream)
Respuesta
  • A. Ring 0
  • B. Ring 1
  • C. Ring 2
  • D. Ring 3

Pregunta 38

Pregunta
Metrics like the attack vector, complexity, exploit maturity, and how much user interaction is required are all found in what scoring system?
Respuesta
  • A. CVE
  • B. CVSS
  • C. CNA
  • D. NVD

Pregunta 39

Pregunta
In which of the following circumstances does an individual not have a reasonable expectation of privacy?
Respuesta
  • A. Placing a telephone call on your cell phone
  • B. Sending a letter through the US mail
  • C. Sending an email at work
  • D. Retrieving your personal voicemail

Pregunta 40

Pregunta
During which of the following disaster recovery tests does the team sit together and discuss the response to a scenario but not actually activate any disaster recovery controls?
Respuesta
  • A. Checklist review
  • B. Full interruption test
  • C. Parallel test
  • D. Tabletop exercise

Pregunta 41

Pregunta
Susan wants to integrate her website to allow users to use accounts from sites like Google. What technology should she adopt?
Respuesta
  • A. Kerberos
  • B. LDAP
  • C. OpenID
  • D. SESAME

Pregunta 42

Pregunta
Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing?
Respuesta
  • A. Risk mitigation
  • B. Risk transference
  • C. Risk avoidance
  • D. Risk acceptance

Pregunta 43

Pregunta
What root security issue causes the following issues? Cross-site scripting SQL injection Buffer overflows Cross-site request forgery
Respuesta
  • A. Lack of API security
  • B. Improper error handling
  • C. Improper or missing input validation
  • D. Source code design issues

Pregunta 44

Pregunta
Jack’s organization is a multinational nonprofit that has small offices in many developing countries throughout the world. They need to implement an access control system that allows flexibility and that can work despite poor Internet connectivity at their locations. What is the best type of access control design for Jack’s organization?
Respuesta
  • A. Centralized access control
  • B. Mandatory access control
  • C. Decentralized access control
  • D. Rule-based access control

Pregunta 45

Pregunta
What US government classification label is applied to information that, if disclosed, could cause serious damage to national security and also requires that the damage that would be caused is able to be described or identified by the classification authority?
Respuesta
  • A. Classified
  • B. Secret
  • C. Confidential
  • D. Top Secret

Pregunta 46

Pregunta
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When the certificate authority (CA) created Renee’s digital certificate, what key was contained within the body of the certificate?
Respuesta
  • A. Renee’s public key
  • B. Renee’s private key
  • C. CA’s public key
  • D. CA’s private key

Pregunta 47

Pregunta
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When the certificate authority created Renee’s digital certificate, what key did it use to digitally sign the completed certificate?
Respuesta
  • A. Renee’s public key
  • B. Renee’s private key
  • C. CA’s public key
  • D. CA’s private key

Pregunta 48

Pregunta
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When Mike receives Renee’s digital certificate, what key does he use to verify the authenticity of the certificate?
Respuesta
  • A. Renee’s public key
  • B. Renee’s private key
  • C. CA’s public key
  • D. CA’s private key

Pregunta 49

Pregunta
Mike and Renee would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Mike would like to send Renee a private message using the information gained during this exchange. What key should he use to encrypt the message?
Respuesta
  • A. Renee’s public key
  • B. Renee’s private key
  • C. CA’s public key
  • D. CA’s private key

Pregunta 50

Pregunta
Which one of the following tools may be used to directly violate the confidentiality of communications on an unencrypted VoIP network?
Respuesta
  • A. Nmap
  • B. Nessus
  • C. Wireshark
  • D. Nikto

Pregunta 51

Pregunta
How does single sign-on increase security?
Respuesta
  • A. It decreases the number of accounts required for a subject.
  • B. It helps decrease the likelihood that users will write down their passwords.
  • C. It provides logging for each system that it is connected to.
  • D. It provides better encryption for authentication data.

Pregunta 52

Pregunta
Which one of the following cryptographic algorithms supports the goal of nonrepudiation?
Respuesta
  • A. Blowfish
  • B. DES
  • C. AES
  • D. RSA

Pregunta 53

Pregunta
Microsoft’s STRIDE threat assessment framework uses six categories for threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. If a penetration tester is able to modify audit logs, what STRIDE categories best describe this issue?
Respuesta
  • A. Tampering and information disclosure
  • B. Elevation of privilege and tampering
  • C. Repudiation and denial of service
  • D. Repudiation and tampering

Pregunta 54

Pregunta
RIP, OSPF, and BGP are all examples of protocols associated with what type of network device?
Respuesta
  • A. Switches
  • B. Bridges
  • C. Routers
  • D. Gateways

Pregunta 55

Pregunta
AES-based CCMP and 802.1x replaced what security protocol that was designed as part of WPA to help fix the significant security issues found in WEP?
Respuesta
  • A. TLS
  • B. TKIP
  • C. EAP
  • D. PEAP

Pregunta 56

Pregunta
The government agency that Ben works at installed a new access control system. The system uses information such as Ben’s identity, department, normal working hours, job category, and location to make authorization. What type of access control system did Ben’s employer adopt?
Respuesta
  • A. Role-based access control
  • B. Attribute-based access control
  • C. Administrative access control
  • D. System discretionary access control

Pregunta 57

Pregunta
The Low Orbit Ion Cannon (LOIC) attack tool used by Anonymous leverages a multitude of home PCs to attack its chosen targets. This is an example of what type of network attack?
Respuesta
  • A. DDoS
  • B. Ionization
  • C. Zombie horde
  • D. Teardrop

Pregunta 58

Pregunta
Andrew believes that a digital certificate belonging to his organization was compromised and would like to add it to a Certificate Revocation List. Who must add the certificate to the CRL?
Respuesta
  • A. Andrew
  • B. The root authority for the top-level domain
  • C. The CA that issued the certificate
  • D. The revocation authority for the top-level domain

Pregunta 59

Pregunta
Amanda is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move records of transactions from the primary site to a backup site on an hourly basis. What type of database recovery technique is the consultant describing?
Respuesta
  • A. Electronic vaulting
  • B. Transaction logging
  • C. Remote mirroring
  • D. Remote journaling

Pregunta 60

Pregunta
A process on a system needs access to a file that is currently in use by another process. What state will the process scheduler place this process in until the file becomes available?
Respuesta
  • A. Running
  • B. Ready
  • C. Waiting
  • D. Stopped

Pregunta 61

Pregunta
Which one of the following investigation types has the loosest standards for the collection and preservation of information?
Respuesta
  • A. Civil investigation
  • B. Operational investigation
  • C. Criminal investigation
  • D. Regulatory investigation

Pregunta 62

Pregunta
Sue was required to sign an NDA when she took a job at her new company. Why did the company require her to sign it?
Respuesta
  • A. To protect the confidentiality of their data
  • B. To ensure that Sue did not delete their data
  • C. To prevent Sue from directly competing with them in the future
  • D. To require Sue to ensure the availability for their data as part of her job

Pregunta 63

Pregunta
Susan is concerned about the FAR associated with her biometric technology. What is the best method to deal with the FAR?
Respuesta
  • A. Adjust the CER.
  • B. Change the sensitivity of the system to lower the FRR.
  • C. Add a second factor.
  • D. Replace the biometric system.

Pregunta 64

Pregunta
What type of virus is characterized by the use of two or more different propagation mechanisms to improve its likelihood of spreading between systems?
Respuesta
  • A. Stealth virus
  • B. Polymorphic virus
  • C. Multipartite virus
  • D. Encrypted virus

Pregunta 65

Pregunta
Which of the following is not a code review process?
Respuesta
  • A. Email pass-around
  • B. Over the shoulder
  • C. Pair programming
  • D. IDE forcing

Pregunta 66

Pregunta
Which one of the following attack types depends on precise timing?
Respuesta
  • A. TOCTOU
  • B. SQL injection
  • C. Pass the hash
  • D. Cross-site scripting

Pregunta 67

Pregunta
What process adds a header and a footer to data received at each layer of the OSI model?
Respuesta
  • A. Attribution
  • B. Encapsulation
  • C. TCP wrapping
  • D. Data hiding

Pregunta 68

Pregunta
Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values?
Respuesta
  • A. Using the MD5 hashing algorithm
  • B. Using the SHA-1 hashing algorithm
  • C. Salting
  • D. Double-hashing

Pregunta 69

Pregunta
Jim starts a new job as a system engineer, and his boss provides him with a document entitled “Forensic Response Guidelines.” Which one of the following statements is not true?
Respuesta
  • A. Jim must comply with the information in this document.
  • B. The document contains information about forensic examinations.
  • C. Jim should read the document thoroughly.
  • D. The document is likely based on industry best practices.

Pregunta 70

Pregunta
Which one of the following tools is most often used for identification purposes and is not suitable for use as an authenticator?
Respuesta
  • A. Password
  • B. Retinal scan
  • C. Username
  • D. Token

Pregunta 71

Pregunta
Ben needs to verify that the most recent patch for his organization’s critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this?
Respuesta
  • A. Unit testing
  • B. White box
  • C. Regression testing
  • D. Black box

Pregunta 72

Pregunta
Tamara recently decided to purchase cyber-liability insurance to cover her company’s costs in the event of a data breach. What risk management strategy is she pursuing?
Respuesta
  • A. Risk acceptance
  • B. Risk mitigation
  • C. Risk transference
  • D. Risk avoidance

Pregunta 73

Pregunta
Which of the following is not one of the four canons of the (ISC)2 code of ethics?
Respuesta
  • A. Avoid conflicts of interest that may jeopardize impartiality.
  • B. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • C. Act honorably, honestly, justly, responsibly, and legally.
  • D. Provide diligent and competent service to principals.

Pregunta 74

Pregunta
Jim wants to allow a partner organization’s Active Directory forest (B) to access his domain forest’s (A)’s resources but doesn’t want to allow users in his domain to access B’s resources. He also does not want the trust to flow upward through the domain tree as it is formed. What should he do?
Respuesta
  • A. Set up a two-way transitive trust.
  • B. Set up a one-way transitive trust.
  • C. Set up a one-way nontransitive trust.
  • D. Set up a two-way nontransitive trust.

Pregunta 75

Pregunta
Susan’s team is performing code analysis by manually reviewing the code for flaws. What type of analysis are they performing?
Respuesta
  • A. Gray box
  • B. Static
  • C. Dynamic
  • D. Fuzzing

Pregunta 76

Pregunta
The IP address 201.19.7.45 is what type of address?
Respuesta
  • A. A public IP address
  • B. An RFC 1918 address
  • C. An APIPA address
  • D. A loopback address

Pregunta 77

Pregunta
Sam is a security risk analyst for an insurance company. He is currently examining a scenario where a hacker might use a SQL injection attack to deface a web server due to a missing patch in the company’s web application. In this scenario, what is the vulnerability?
Respuesta
  • A. Unpatched web application
  • B. Web defacement
  • C. Hacker
  • D. Operating system

Pregunta 78

Pregunta
Which one of the following categories of secure data removal techniques would include degaussing?
Respuesta
  • A. Clear
  • B. Shrink
  • C. Purge
  • D. Destroy

Pregunta 79

Pregunta
What type of alternate processing facility includes all of the hardware and data necessary to restore operations in a matter of minutes or seconds?
Respuesta
  • A. Hot site
  • B. Warm site
  • C. Cold site
  • D. Mobile site

Pregunta 80

Pregunta
What UDP port is typically used by the syslog service?
Respuesta
  • A. 443
  • B. 514
  • C. 515
  • D. 445

Pregunta 81

Pregunta
Fred finds a packet that his protocol analyzer shows with both PSH and URG set. What type of packet is he looking at, and what do the flags mean?
Respuesta
  • A. A UDP packet; PSH and URG are used to indicate that the data should be sent at high speed
  • B. A TCP packet; PSH and URG are used to clear the buffer and indicate that the data is urgent
  • C. A TCP packet; PSH and URG are used to preset the header and indicate that the speed of the network is unregulated
  • D. A UDP packet; PSH and URG are used to indicate that the UDP buffer should be cleared and that the data is urgent

Pregunta 82

Pregunta
What code review process is shown here?
Image:
70 (binary/octet-stream)
Respuesta
  • A. Static inspection
  • B. Fagan inspection
  • C. Dynamic inspection
  • D. Interface testing

Pregunta 83

Pregunta
During a log review, Karen discovers that the system she needs to gather logs from has the log setting shown here. What problem is Karen likely to encounter?
Image:
71 (binary/octet-stream)
Respuesta
  • A. Too much log data will be stored on the system.
  • B. The system is automatically purging archived logs.
  • C. The logs will not contain the information needed.
  • D. The logs will only contain the most recent 20 MB of log data.

Pregunta 84

Pregunta
While investigating a widespread distributed denial of service attack, Matt types in the IP address of one of the attacking systems into his browser and sees the following page. What type of devices is the botnet likely composed of?
Image:
72 (binary/octet-stream)
Respuesta
  • A. SCADA
  • B. Cloud infrastructure
  • C. Web servers
  • D. IoT

Pregunta 85

Pregunta
Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when an intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action. What stage of the incident response process is Alejandro currently conducting?
Respuesta
  • A. Detection
  • B. Response
  • C. Recovery
  • D. Mitigation

Pregunta 86

Pregunta
Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when an intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action. If Alejandro’s initial investigation determines that a security incident is likely taking place, what should be his next step?
Respuesta
  • A. Investigate the root cause.
  • B. File a written report.
  • C. Activate the incident response team.
  • D. Attempt to restore the system to normal operations.

Pregunta 87

Pregunta
Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when an intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action. As the incident response progresses, during which stage should the team conduct a root cause analysis?
Respuesta
  • A. Response
  • B. Reporting
  • C. Remediation
  • D. Lessons Learned

Pregunta 88

Pregunta
Barry recently received a message from Melody that Melody encrypted using symmetric cryptography. What key should Barry use to decrypt the message?
Respuesta
  • A. Barry’s public key
  • B. Barry’s private key
  • C. Melody’s public key
  • D. Shared secret key

Pregunta 89

Pregunta
After you do automated functional testing with 100 percent coverage of an application, what type of error is most likely to remain?
Respuesta
  • A. Business logic errors
  • B. Input validation errors
  • C. Runtime errors
  • D. Error handling errors

Pregunta 90

Pregunta
During what phase of the incident response process would security professionals analyze the process itself to determine whether any improvements are warranted?
Respuesta
  • A. Lessons Learned
  • B. Remediation
  • C. Recovery
  • D. Reporting

Pregunta 91

Pregunta
What law prevents the removal of protection mechanisms placed on a copyrighted work by the copyright holder?
Respuesta
  • A. HIPAA
  • B. DMCA
  • C. GLBA
  • D. ECPA

Pregunta 92

Pregunta
Linda is selecting a disaster recovery facility for her organization, and she wishes to retain independence from other organizations as much as possible. She would like to choose a facility that balances cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose?
Respuesta
  • A. Cold site
  • B. Warm site
  • C. Mutual assistance agreement
  • D. Hot site

Pregunta 93

Pregunta
Purchasing insurance is a form of what type of risk response?
Respuesta
  • A. Transfer
  • B. Avoid
  • C. Mitigate
  • D. Accept

Pregunta 94

Pregunta
What type of penetration testing provides detail on the scope of a penetration test—including items like what systems would be targeted—but does not provide full visibility into the configuration or other details of the systems or networks the penetration tester must test?
Respuesta
  • A. Crystal box
  • B. White box
  • C. Black box
  • D. Gray box

Pregunta 95

Pregunta
Test coverage is computed using which of the following formulas?
Respuesta
  • A. Number of use cases tested/total number of use cases
  • B. Number of lines of code tested/total number of lines of code
  • C. Number of functions tested/total number of functions
  • D. Number of conditional branches tested/Total number of testable branches

Pregunta 96

Pregunta
TCP and UDP both operate at what layer of the OSI model?
Respuesta
  • A. Layer 2
  • B. Layer 3
  • C. Layer 4
  • D. Layer 5

Pregunta 97

Pregunta
Which one of the following goals of physical security environments occurs first in the functional order of controls?
Respuesta
  • A. Delay
  • B. Detection
  • C. Deterrence
  • D. Denial

Pregunta 98

Pregunta
In what type of trusted recovery process is the system able to recover without administrator intervention but the system may suffer some loss of data?
Respuesta
  • A. Automated recovery
  • B. Manual recovery
  • C. Automated recovery without undue data loss
  • D. Function recovery

Pregunta 99

Pregunta
Skip needs to transfer files from his PC to a remote server. What protocol should he use instead of FTP?
Respuesta
  • A. SCP
  • B. SSH
  • C. HTTP
  • D. Telnet

Pregunta 100

Pregunta
Ben’s New York–based commercial web service collects personal information from California residents. What does the California Online Privacy Protection Act require Ben to do to be compliant?
Respuesta
  • A. Ben must encrypt all personal data he receives.
  • B. Ben must comply with the EU GDPR.
  • C. Ben must have a conspicuously posted privacy policy on his site.
  • D. Ben must provide notice and choice for users of his website.

Pregunta 101

Pregunta
What process is used to verify that a dial-up user is connecting from the phone number they are preauthorized to use in a way that avoids spoofing?
Respuesta
  • A. CallerID
  • B. Callback
  • C. CHAP
  • D. PPP

Pregunta 102

Pregunta
The Meltdown bug announced in early 2018 exposed kernel data to user application space. What two rings are these referred to as for x86 PCs?
Respuesta
  • A. Rings 0 and 1
  • B. Rings 1 and 2
  • C. Rings 1 and 3
  • D. Rings 0 and 3

Pregunta 103

Pregunta
What advantage do iris scans have over most other types of biometric factors?
Respuesta
  • A. Iris scanners are harder to deceive.
  • B. Irises don’t change as much as other factors.
  • C. Iris scanners are cheaper than other factors.
  • D. Iris scans cannot be easily replicated.

Pregunta 104

Pregunta
Alex would like to ask all of his staff to sign an agreement that they will not share his organization’s intellectual property with unauthorized individuals. What type of agreement should Alex ask employees to sign?
Respuesta
  • A. SLA
  • B. NDA
  • C. OLA
  • D. DLP

Pregunta 105

Pregunta
Matthew, Richard, and Christopher would like to exchange messages with each other using symmetric cryptography. They want to ensure that each individual can privately send a message to another individual without the third person being able to read the message. How many keys do they need?
Respuesta
  • A. 1
  • B. 2
  • C. 3
  • D. 6

Pregunta 106

Pregunta
Which one of the following is not an example of criminal law?
Respuesta
  • A. Gramm-Leach-Bliley Act
  • B. Computer Fraud and Abuse Act
  • C. Electronic Communications Privacy Act
  • D. Identity Theft and Assumption Deterrence Act

Pregunta 107

Pregunta
What is the best way to ensure email confidentiality in motion?
Respuesta
  • A. Use TLS between the client and server.
  • B. Use SSL between the client and server.
  • C. Encrypt the email content.
  • D. Use a digital signature.

Pregunta 108

Pregunta
Brenda is analyzing the web server logs after a successful compromise of her organization’s web-based order processing application. She finds an entry in the log file showing that a user entered the following information as his last name when placing an order: Smith’;DROP TABLE orders;-- What type of attack was attempted?
Respuesta
  • A. Buffer overflow
  • B. Cross-site scripting
  • C. Cross-site request forgery
  • D. SQL injection

Pregunta 109

Pregunta
What type of policy describes how long data is kept before destruction?
Respuesta
  • A. Classification
  • B. Audit
  • C. Record retention
  • D. Availability

Pregunta 110

Pregunta
What is the goal of the BCP process?
Respuesta
  • A. RTO < MTD
  • B. MTD < RTO
  • C. RPO < MTD
  • D. MTD < RPO

Pregunta 111

Pregunta
During which phase of the incident response process would administrators design new security controls intended to prevent a recurrence of the incident?
Respuesta
  • A. Reporting
  • B. Recovery
  • C. Remediation
  • D. Lessons Learned

Pregunta 112

Pregunta
Bethany received an email from one of her colleagues with an unusual attachment named smime.p7s. She does not recognize the attachment and is unsure what to do. What is the most likely scenario?
Respuesta
  • A. This is an encrypted email message.
  • B. This is a phishing attack.
  • C. This is embedded malware.
  • D. This is a spoofing attack.

Pregunta 113

Pregunta
Kim is the database security administrator for Aircraft Systems, Inc. (ASI). ASI is a military contractor engaged in the design and analysis of aircraft avionics systems and regularly handles classified information on behalf of the government and other government contractors. Kim is concerned about ensuring the security of information stored in ASI databases. Kim’s database is a multilevel security database, and different ASI employees have different security clearances. The database contains information on the location of military aircraft containing ASI systems to allow ASI staff to monitor those systems. Kim learned that the military is planning a classified mission that involves some ASI aircraft. She is concerned that employees not cleared for the mission may learn of it by noticing the movement of many aircraft to the region. Individual employees are cleared to know about the movement of an individual aircraft, but they are not cleared to know about the overall mission. What type of attack is Kim concerned about?
Respuesta
  • A. Aggregation
  • B. SQL injection
  • C. Inference
  • D. Multilevel security

Pregunta 114

Pregunta
Kim is the database security administrator for Aircraft Systems, Inc. (ASI). ASI is a military contractor engaged in the design and analysis of aircraft avionics systems and regularly handles classified information on behalf of the government and other government contractors. Kim is concerned about ensuring the security of information stored in ASI databases. Kim’s database is a multilevel security database, and different ASI employees have different security clearances. The database contains information on the location of military aircraft containing ASI systems to allow ASI staff to monitor those systems. What technique can Kim employ to prevent employees not cleared for the mission from learning the true location of the aircraft?
Respuesta
  • A. Input validation
  • B. Polyinstantiation
  • C. Parameterization
  • D. Server-side validation

Pregunta 115

Pregunta
Kim is the database security administrator for Aircraft Systems, Inc. (ASI). ASI is a military contractor engaged in the design and analysis of aircraft avionics systems and regularly handles classified information on behalf of the government and other government contractors. Kim is concerned about ensuring the security of information stored in ASI databases. Kim’s database is a multilevel security database, and different ASI employees have different security clearances. The database contains information on the location of military aircraft containing ASI systems to allow ASI staff to monitor those systems. Kim’s database uniquely identifies aircraft by using their tail number. Which one of the following terms would not necessarily accurately describe the tail number?
Respuesta
  • A. Database field
  • B. Foreign key
  • C. Primary key
  • D. Candidate key

Pregunta 116

Pregunta
Kim is the database security administrator for Aircraft Systems, Inc. (ASI). ASI is a military contractor engaged in the design and analysis of aircraft avionics systems and regularly handles classified information on behalf of the government and other government contractors. Kim is concerned about ensuring the security of information stored in ASI databases. Kim’s database is a multilevel security database, and different ASI employees have different security clearances. The database contains information on the location of military aircraft containing ASI systems to allow ASI staff to monitor those systems. Kim would like to create a key that enforces referential integrity for the database. What type of key does she need to create?
Respuesta
  • A. Primary key
  • B. Foreign key
  • C. Candidate key
  • D. Master key

Pregunta 117

Pregunta
Doug is choosing a software development life-cycle model for use in a project he is leading to develop a new business application. He has very clearly defined requirements and would like to choose an approach that places an early emphasis on developing comprehensive documentation. He does not have a need for the production of rapid prototypes or iterative improvement. Which model is most appropriate for this scenario?
Respuesta
  • A. Agile
  • B. Waterfall
  • C. Spiral
  • D. DevOps

Pregunta 118

Pregunta
What should be true for salts used in password hashes?
Respuesta
  • A. A single salt should be set so passwords can be de-hashed as needed.
  • B. A single salt should be used so the original salt can be used to check passwords against their hash.
  • C. Unique salts should be stored for each user.
  • D. Unique salts should be created every time a user logs in.

Pregunta 119

Pregunta
Which individual bears the ultimate responsibility for data protection tasks?
Respuesta
  • A. Data owner
  • B. Data custodian
  • C. User
  • D. Auditor

Pregunta 120

Pregunta
What type of assessment methods are associated with mechanisms and activities based on the recommendations of NIST SP800-53A, the Guide for Assessing Security Controls in Federal Information Systems?
Respuesta
  • A. Examine and interview
  • B. Test and assess
  • C. Test and interview
  • D. Examine and test

Pregunta 121

Pregunta
Which one of the following controls would be most effective in detecting zero-day attack attempts?
Respuesta
  • A. Signature-based intrusion detection
  • B. Anomaly-based intrusion detection
  • C. Strong patch management
  • D. Full-disk encryption

Pregunta 122

Pregunta
The ability to store and generate passwords, provide logging and auditing capabilities, and allow password check-in and check-out are all features of what type of system?
Respuesta
  • A. AAA
  • B. Credential management
  • C. Two-factor authentication
  • D. Kerberos

Pregunta 123

Pregunta
Which one of the following components should be included in an organization’s emergency response guidelines?
Respuesta
  • A. Secondary response procedures for first responders
  • B. Long-term business continuity protocols
  • C. Activation procedures for the organization’s cold sites
  • D. Contact information for ordering equipment

Pregunta 124

Pregunta
When Jim enters his organization’s data center, he has to use a smart card and code to enter and is allowed through one set of doors. The first set of doors closes, and he must then use his card again to get through a second set, which locks behind him. What type of control is this, and what is it called?
Respuesta
  • A. A physical control; a one-way trapdoor
  • B. A logical control; a dual-swipe authorization
  • C. A directive control; a one-way access corridor
  • D. A preventive access control; a mantrap

Pregunta 125

Pregunta
What security control may be used to implement a concept known as two-person control?
Respuesta
  • A. Mandatory vacation
  • B. Separation of duties
  • C. Least privilege
  • D. Defense in depth
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Apuntes para Aprender Inglés
maya velasquez
Brainstorming con Mapas Mentales
Diego Santos
Cuadernillo del ICFES Saber 11 - 2014
D. Valenzuela
Test ICFES Inglés Parte 1
colrobomoyp
Linea de tiempo PLANEACION ESTRATEGICA
Tactica Artico
EDAD DE LOS METALES
Roberto Vicente Rodriguez Blanco
Ropa de invierno en ingles.
Danna Catalia Salamanca
Herencia Genética básica
Catalina Ramos
ESTRUCTURA DEL ESTADO COLOMBIANO
eduardo cuellar
Crisis del Antiguo Régimen
Claudia Romero
Membrana Plasmatica
Gisela Asendra Menitofe
Explorar la Librería