Term
| An achievement in providing worldwide internet security was the signing of certificates associated with which of the following protocols? |
|
Definition
|
|
Term
| A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO's requirements? |
|
Definition
|
|
Term
| Which of the following can a security administrator implement on a mobile device that will help prevent unwanted people from viewing the data if the device is left unattended? |
|
Definition
|
|
Term
| Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly? |
|
Definition
|
|
Term
| Which of the following can result in significant administrative overhead from incorrect reporting? |
|
Definition
|
|
Term
| A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system? |
|
Definition
|
|
Term
| Which of the following risk concepts requires an organization to determine the number of failures per year? |
|
Definition
|
|
Term
| A system security analyst using and enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique? |
|
Definition
|
|
Term
| Three primary security control types that can be implemented are: |
|
Definition
| Operational, technical and management |
|
|
Term
| The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response. |
|
Definition
|
|
Term
| Which of the following protocols operates at the highest level of the OSI model? |
|
Definition
|
|
Term
| Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed over 10 times, requiring a system reboot to recover with only 10% loss of data or function. which of the following is the ALE of this server? |
|
Definition
|
|
Term
| Which of the following should an administrator implement to research current attack methodologies? |
|
Definition
|
|
Term
| Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks? |
|
Definition
|
|
Term
| Which of the following means of wireless authentication is easily vulnerable to spoofing? |
|
Definition
|
|
Term
| The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: |
|
Definition
Validate and filter input on the server side and client side.
Restrict and sanitize use of special characters in input and URL's |
|
|
Term
| Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following is an authentication method Jane should use? |
|
Definition
|
|
Term
| Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate? |
|
Definition
|
|
Term
| A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department? |
|
Definition
|
|
Term
| Which of the following is being tested when a company's payroll server is powered off for eight hours? |
|
Definition
| Continuity of operations plan |
|
|
Term
| A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. Which of the following BEST describes this exploit? |
|
Definition
|
|
Term
| A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following? |
|
Definition
|
|
Term
| A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks? |
|
Definition
| Application patch management |
|
|
Term
| A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented? |
|
Definition
|
|
Term
| A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure? |
|
Definition
|
|
