Term
| Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability? |
|
Definition
|
|
Term
| Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach? |
|
Definition
|
|
Term
| Methods to test the responses of software and web applications to unusual or unexpected inputs is known as: |
|
Definition
|
|
Term
| Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall? |
|
Definition
|
|
Term
| Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent? |
|
Definition
|
|
Term
| Which statement is TRUE about the operation of a packet sniffer? |
|
Definition
| The Ethernet card must be placed in promiscuous mode. |
|
|
Term
| Which of the following firewall rules only denies DNS zone transfers? |
|
Definition
|
|
Term
| Which of the following BEST explains the use of an HSM within the company servers? |
|
Definition
| Hardware encryption is faster than software encryption. |
|
|
Term
| Which of the following technologies can store multi-tenant data with different security requirements? |
|
Definition
|
|
Term
| Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement? |
|
Definition
| Matt should implement DLP and encrypt the company database. |
|
|
Term
| Which of the following types of encryption will help in protecting files on a PED? |
|
Definition
|
|
Term
| Which of the following does full disk encryption prevent? |
|
Definition
|
|
Term
| Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company’s password policy. Which of the following should Pete do NEXT? |
|
Definition
| Tell the application development manager to code the application to adhere to the company’s password policy. |
|
|
Term
| Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning? |
|
Definition
| A recent security breach in which passwords were cracked. |
|
|
Term
| Which of the following presents the STRONGEST access control? |
|
Definition
|
|
Term
| Which of the following encompasses application patch management? |
|
Definition
|
|
Term
| Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? |
|
Definition
|
|
Term
| Which of the following is the LEAST volatile when performing incident response procedures? |
|
Definition
|
|
Term
| Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct? |
|
Definition
|
|
Term
| The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following? |
|
Definition
| Cognitive passwords attacks |
|
|
Term
| Pete’s corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent? |
|
Definition
|
|
Term
| Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address? |
|
Definition
|
|
Term
| Which of the following can be implemented with multiple bit strength? |
|
Definition
|
|
Term
| Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? |
|
Definition
| Protection against malware introduced by banner ads |
|
|
Term
| Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete’s BEST option? |
|
Definition
| Use hardware already at an offsite location and configure it to be quickly utilized. |
|
|
