Term
1. Your company is implementing a BYOD policy so that employees can begin using their own mobile device for work. Which of the following is generally a component of a BYOD policy?
a) Training provision
b) Insurance on devices
c) Device replacement or upgrade
d) Scope of control |
|
Definition
|
|
Term
2. What is password aging?
a) The practice of requiring users to change their passwords after certain amount of time has passed.
b) The practice of encrypting passwords so that they can remain valid longer
c) The practice of testing passwords to see if it is possible crack them
d) The practice of ensuring that passwords include non-standard characters (e.g., %, &, !) |
|
Definition
| a) The practice of requiring users to change their passwords after certain amount of time has passed. |
|
|
Term
3. Which of the following is a benefit of a virtual local area network (VLAN)?
a) A VLAN can be used in place of a firewall to monitor transmissions from the internet to the internal LAN.
b) A VLAN can be used to ensure that e-mail messages have been encrypted when they are sent out to the Internet.
c) A VLAN organizes hosts according to job function and department membership, rather than location.
d) A VLAN ensures that only authenticated wireless clients can access the LAN. |
|
Definition
| c) A VLAN organizes hosts according to job function and department membership, rather than location. |
|
|
Term
4. which encryption type uses one key to encrypt and decrypt information?
a) Hash encryption
b) One-way encryption
c) Asymmetric-key encryption
d) Symmetric-key encryption |
|
Definition
| d) Symmetric-key encryption |
|
|
Term
5. Todd works for a small manufacturing company. To reduce IT manufacture costs, the company has very little IT equipment on site and uses cloud-based services extensively. Last year, the company suffered a failure that resulted in significant down time and data loss. Management has decided to implement continuous data protection (CDP). Which type of CDP best fits this company's situation?
a) Local systems solution
b) Recovery time objective (RTO)
c) Cloud-only solution
d) Service-level agreement (SLA) |
|
Definition
|
|
Term
6. Professor P at your small technical college is a proponent of emerging technologies and practices. As an experiment, he decides to administer your class's final exam using a Bring Your Own Device (BY0D) policy. He directs the students in the class to bring their own mobile devices to the classroom, where they will connect to the college's Wi-Fi for network access. When the college's IT manager finds out about this, he is furious Why?
a) Because the students are unable to back up their user files containing their final exams
b) Because the student devices are more susceptible to malware that can infect the network
c) Because student devices can access and send unsecured data
d) Because the students are unable to share files during the final exam |
|
Definition
| c) Because student devices can access and send unsecured data |
|
|
Term
7. On Tuesday. you notice that your computer is acting strangely. Sounds play unexpectedly the hard-drive light flashes constantly, and the monitor turns off suddenly. The computer also sometimes reboots itself without warning. You inspect your system and notice that several ports are open. What is most likely the cause of your computers symptoms?
a) The computer is experiencing a denial-of-service attack.
b) The computer has been infected with an illicit server.
c) The computer has been spoofed by an attacker.
d) The computer is experiencing a social-engineering attack. |
|
Definition
| b) The computer has been infected with an illicit server. |
|
|
Term
8. BroCo develops its own database applications. BroCo is considering migrating to cloud services to accumulate the company's growth. What strategy should BroCo use to ensure continuous data protection if it begins using cloud services?
a) Virtual systems solution
b) Local systems solution
c) Multiple cloud-service providers
d) Cloud-only solution |
|
Definition
|
|
Term
9. Security attacks can vary greatly. Which type of attack involves a host, program or application pretending it is another entity on a network?
a) Social engineering
b) Man in the middle
c) Spoofing
d) Back door |
|
Definition
|
|
Term
10. You are a small-business owner and would like to encourage employees to bring their own devices (BYOD) to work.
Why would you implement an acceptable use policy?
a) To help reduce the security risks associated with a BYOD implementation
b) To specify the device maintenance procedures that the company will provide
c) To ensure proper end-user licensing of all company software on the mobile devices
d) To help pay for new hardware and software required with a BYOD implementation |
|
Definition
| a) To help reduce the security risks associated with a BYOD implementation |
|
|
Term
11. A hacker has impersonated an IT department employee in your company, and tricked a user into revealing his username and password. What type of attack is this?
a) Trojan
b) Social engineering
c) Back door
d) Man in the middle |
|
Definition
|
|
Term
12. Which authentication tool disables accounts after a specified number of invalid passwords have been entered?
a) Account lockout
b) Account reset
c) Password aging
d) Password integrity |
|
Definition
|
|
Term
13. Glenn wants to implement a Bring Your Own Device (BYOD) policy in his company in order to save on employee equipment costs He researches the idea to anticipate any problems. Which of the following is a disadvantage of implementing a BYOD policy that Glenn should consider?
a) Stifling innovation by limiting the tools that employees can use
b) Configuring the corporate e-mail server to work with mobile devices
c) Controlling access to company data if a device is stolen or lost
d) Providing training for employees on how to use their mobile device with company software |
|
Definition
| c) Controlling access to company data if a device is stolen or lost |
|
|
Term
14. Your company uses a cloud-based services to host company data. What strategies should your company make sure to include in its disaster recovery plan?
a) Use a single well-established cloud service provider
b) Divide your data and software services among multiple cloud service providers
c) Ensure that there is an exclusive contract with the cloud sell:ice provider
d) Create redundancy and use multiple cloud service providers |
|
Definition
| d) Create redundancy and use multiple cloud service providers |
|
|
Term
15. One of the five main security threats commonly associated with cloud based services is:
a) hypervisor vulnerabilities.
b) phishing.
c) man-in-the-middle attack.
d) back-door attack. |
|
Definition
| a) hypervisor vulnerabilities. |
|
|
Term
16. You used SSL/TLS to encrypt a transmission between your system and a server. Which condition would invalidate this session?
a) If the server's private key was made public
b) If the server's public key was given to a hacker
c) If the certificate expiration date became known to the public
d) If the name of the signing certificate authority (CA) became known to a hacker |
|
Definition
| a) If the server's private key was made public |
|
|
Term
17. Which standard does a certificate authority (CA) use to format a digital certificate?
a) X.509
b) X.25
c) HTML
d) XHTML |
|
Definition
|
|
Term
18. When individuals want to communicate securely over long distances they generally use programs that combine the available encryption schemes. One such program uses symmetric-key encryption to scramble the original message you want to send. Then, it uses asymmetric-key encryption to encrypt only the symmetric key you just used. Finally, it uses hash encryption to "sign" the message and ensure that no one can tamper with it. Which program is this?
a) Kerberos
b) Rijndael
c) Triple Data Encryption Standard (Triple DES)
d) Pretty Good Privacy (PGP) |
|
Definition
| d) Pretty Good Privacy (PGP) |
|
|
Term
19. You need to specify a protocol for your virtual Private Network (VPN). Which protocol is supported by most vendors?
a) Layer 2 Tunneling Protocol (L2TP)
b) IP security (IPsec)
c) Point-to-Point Tunneling Protocol (PPTP)
d) X.500 |
|
Definition
| a) Layer 2 Tunneling Protocol (L2TP) |
|
|
Term
20. Your company is growing, so management is in the process of purchasing new computers. hiring new employees. contracting some cloud-based software services, and updating company policies Which of the following should be included as part of a disaster recovery plan for companies that use cloud-based services?
a) Inventory of services not dependent on the cloud provider
b) Ma!ware and anti-virus software updates
c) Service-level agreement with a cloud-provider
d) Acceptable use policy |
|
Definition
| c) Service-level agreement with a cloud-provider |
|
|
Term
21. Your system is the victim of a virus. You have an anti-virus program installed and you have verified that it was running. How could a virus have successfully attacked this system?
a) The operating system is always vulnerable to viruses.
b) The anti-virus program was not updated.
c) The anti-virus program discovered the virus six months ago but the current update ignores older viruses.
d) The "virus" is actually a worm. |
|
Definition
| b) The anti-virus program was not updated. |
|
|
Term
22. You are implementing a BYOD policy that determines which company resources can be accessed by personal devices, including rules regarding authentication and how the resources will be accessed Specifically. You want to prohibit the storage of password and application data on personal mobile devices What type of BYOD policy are you implementing?
a) Support
b) Acceptable use
c) Device scope
d) Scope of control |
|
Definition
|
|
Term
23. You need to determine whether a digital certificate is valid. Which of the following allows you to do this?
a) A certificate server
b) A certificate revocation list (CRL)
c) A directory server
d) A certificate authority (CA) |
|
Definition
| b) A certificate revocation list (CRL) |
|
|
Term
24. You need a redundant source of clean power in case of a power outage. Which of the following will fulfill your needs?
a) An uninterruptible power supply (UPS)
b) A surge protector
c) A remote access server (RAS)
d) A gas-powered generator |
|
Definition
| a) An uninterruptible power supply (UPS) |
|
|
Term
25. Which of the following is a symmetric-key algorithm used in many applications to encrypt data?
a) MD5
b) DSA
c) AES
d) RSA |
|
Definition
|
|
Term
26. Which choice best describes a denial-of-service (DOS) attack?
a) An attacker is able to control a system's services
b) An attacker identifies services on the network
c) An attacker defeats system security to control serices
d) An attacker is able to crash a computer or service |
|
Definition
| d) An attacker is able to crash a computer or service |
|
|
Term
27. You are the IT administrator for a midsize company. Over the past few months some employees have been using their personal mobile devices and smartphones for work. Executive management has noticed a reduction in costs for employee equipment because of this So now management is discussing whether the company should stop providing its employees with company phones and instead require all employees to use their personal smartphones for work
Management asks you for your opinion You think its an interesting idea, but what would you need to do to address the most significant security vulnerability?
a) Develop an app that will push security updates to the employees various mobile OS devices
b) Require that all employees switch to the company's mobile service provider to ensure that security policies are enforced
c) Develop a company policy that specifies acceptable use. ensuring that security measures are in place for employees' mobile devices
d) Develop a company policy that requires employees to keep their phones updated to the latest technology |
|
Definition
| c) Develop a company policy that specifies acceptable use. ensuring that security measures are in place for employees' mobile devices |
|
|
Term
28. You used SHA2 to create a 512-bit fingerprint You will use this fingerprint to ensure that data has not changed during transit Which type of encryption have you used?
a) One-way encryption
b) Symmetric-key encryption
c) Asymmetric-key encryption
d) Hash encryption |
|
Definition
|
|
Term
29. You have been informed that data has retained its integrity during transmission across the Internet. Which statement best describes the concept of data integrity?
a) Data remains secret during transit or storage.
b) Data remains unchanged during transit or storage.
c) Data remains authenticated during transit or storage.
d) Data remains hashed during transit or storage. |
|
Definition
| b) Data remains unchanged during transit or storage. |
|
|
Term
30. Which choice best describes an extranet?
a) A security zone that is closed off to all end users, except for IT department members
b) A security zone that is closed off to all but employees and select external partners
c) A security zone created by a switch
d) A security zone that is closed off to all but company employees |
|
Definition
| b) A security zone that is closed off to all but employees and select external partners |
|
|
Term
31. UltraCredit Company is considering using a cloud service from CloudSource Inc. to support UltraCredit's expanding needs. However, UltraCredit's managers are concerned about security. Which of the following should UltraCredit request in order to protect its data from security threats?
a) For CloudSource Inc. to update its operating systems with the most recent security patches.
b) For UltraCredit staff to manage the servers at CloudSource Inc.
c) For UltraCredit to perform background checks on the staff at CloudSource Inc.
d) For CloudSource Inc. to run multiple hypervisors |
|
Definition
| c) For UltraCredit to perform background checks on the staff at CloudSource Inc. |
|
|
