Term
| In biometrics authentication, one way to avoid the potential difficulties associated with having users eventually becoming unrecognizable is to update their template after a successful authentication. This process is called: |
|
Definition
|
|
Term
| During what operation, does a biometric system collect captured biometric data and a claimed identity and determine whether or not the captured biometric data matches the template saved for the identity? |
|
Definition
Answer: None of the above
Error correction
Template adaptation
SAN protocol
Enrollment |
|
|
Term
| Which of the following biometrics methods is the least accurate? |
|
Definition
|
|
Term
| Which of the following method can be used to clone a fingerprint |
|
Definition
Used wine class
Cell phone
Photos
Door knobs
Correct! All of the above |
|
|
Term
| Why password based authentication can be expensive |
|
Definition
| Resetting passwords is an expensive manual process |
|
|
Term
| Which of the following categories does authentication using site key fall under? |
|
Definition
| It is not a full authentication method, but can be used help identify phishing sites |
|
|
Term
One time password authentication can be easily compromised by
Correct! |
|
Definition
|
|
Term
| Security risks to a system that uses two factor authentication based on a text message include: |
|
Definition
The person being authenticated may have misplaced cell phone, someone else can get the message
The cell phone is out of battery
Cell phone OS has a vulnerability that can be exploited by an app to steal text messages
Correct! All of the above (a-c) |
|
|
Term
| A man-in-the middle attack can be successful against the following authentication methods |
|
Definition
One time password
Two factor authentication with a text message
Site key
Correct! All of the above (a-c) |
|
|
Term
| The use of captcha to distinguish a person from a computer program can be easily defeated by |
|
Definition
| Fake web site and man-in-the middle attack |
|
|
Term
| The geographical location of a subject can be revealed by |
|
Definition
Phishing
Clickjacking
Social engineering
Man in the middle attacks
Correct! All of the above |
|
|
Term
| What is the best practice to protect passwords |
|
Definition
| Use a best practice algorithm to hash the password |
|
|
Term
| A false positive for biometric authentication means |
|
Definition
| An angry customer whose account was accessed by an attacker |
|
|
Term
| Which of the following two factor authentication scheme would you recommend |
|
Definition
| User id, password, and one time code |
|
|
Term
| Which of the following is true related to a subject? |
|
Definition
| The subject is always the entity that receives information about or data from an object |
|
|
Term
| What can you use to prevent users from rotating between two passwords? |
|
Definition
|
|
Term
| Which of the following provides authentication based on a physical characteristic of a subject? |
|
Definition
|
|
Term
| What is a mechanical form and can be thought of as physical access to a room with a key? |
|
Definition
|
|
Term
| What is a secure method for authenticating a request for a service in a network? |
|
Definition
|
|
Term
| Which of the following would NOT be an asset that an organization would want to protect with access control? |
|
Definition
Information
Systems
Devices
Facilities
Correct! None of the above |
|
|
Term
| Which of the following is true related to a subject? |
|
Definition
| The subject is always the entity that receives information about or data from an object |
|
|
Term
| Which of the following types of access control uses fences, security policies, security awareness training, and antivirus software to stop an unwanted or unauthorized activity from occurring? |
|
Definition
|
|
Term
| Which of the following BEST describes the primary goal when controlling access to assets? |
|
Definition
| Preserves confidentiality, integrity, and availability of systems and data |
|
|
Term
| A user logs in with a login ID and a password. What is the purpose of the login ID? |
|
Definition
|
|
Term
| Which of the following BEST identifies the benefit of a pass phrase? |
|
Definition
|
|
Term
| Your organization issues devices to employees. These devices generate one-time passwords every 60 seconds. A server hosted within the organization knows what this password is at aby given time. What type of device is this? |
|
Definition
|
|
Term
| Which of the following provides authentication based on a physical characteristic of a subject? |
|
Definition
|
|
Term
| What does the crossover error rate (CER) for a biometric device indicate? |
|
Definition
| It indicates the point where the false rejection rate equals the false acceptance rate |
|
|
Term
| What is the primary purpose of Kerboros? |
|
Definition
|
|
Term
| What could have discovered problems with this user’s account while he was employed? |
|
Definition
|
|
Term
| Which of the following BEST describes the explicit deny principle? |
|
Definition
| All actions that are not expressly allowed are denied |
|
|
Term
| What is the intent of least privileges? |
|
Definition
| Enforce the most restrictive rights required by users to complete assigned tasks |
|
|
Term
| A table includes multiple objects and subjects and it identifies the specific access each subject has to different objects. What is this table? |
|
Definition
|
|
Term
| Who, or what, grants permissions to users in a discretionary access control model? |
|
Definition
|
|
Term
| Which of the following models is also known as an identity-based access control model? |
|
Definition
| Discretionary access control |
|
|
Term
| A central authority determines which files or a user can access. Which of the following best describes this? |
|
Definition
| Nondiscretionary access control |
|
|
Term
| A central authority determines which files a user can access based on organization’s hierarchy. Which of the following best describes this? |
|
Definition
| Role-based access control |
|
|
Term
| Which of the following statements is true related to the role-based access control (RBAC) model? |
|
Definition
| A RBAC model allows users membership in multiple groups |
|
|
Term
| Which of the following is the BEST choice for a role within an organization implementing a RBAC access control model? |
|
Definition
|
|
Term
| Which of the following can help mitigate the success of an online brute-force attack? |
|
Definition
|
|
Term
| Values monitored for unexpected changes to files or configuration items include the following? |
|
Definition
Privileges and security settings
Content
Core attributes and size
Correct! All of the above (a-c) |
|
|
Term
| What phase focuses on attack surface analysis? |
|
Definition
|
|
Term
What describes the product capabilities of gathering, analyzing, and presenting information from network and security devices; identify and access management applications; vulnerability management and policy compliance tools, operating system, database, and application logs; and external threat data?
Correct! |
|
Definition
| Security Information Event Management |
|
|
Term
| What is it called when SIEM/LM tools take event data and turn it into informational charts to assist in seeing patters, or identifying activity that is not forming a standard pattern? |
|
Definition
|
|
Term
| What is the most likely reason for choosing to use HEAD requests instead of GET requests when scanning for the presence of vulnerable web-based applications? |
|
Definition
| Attacker is doing an efficient scan of a large number of hosts looking for meta information on requested resources |
|
|
Term
| What are parts of a time stamp except that |
|
Definition
| Cryptographic hash as a stamp |
|
|
Term
What is the purpose of implementing full-packet capture devices?
Correct! |
|
Definition
| Capture and record all network traffic |
|
|
Term
| What are the exceptions of full packet capture? |
|
Definition
Smart phones
Dumb phones
Encrypted traffic
Storage device and media
Correct! All of the above |
|
|
Term
| A Demyo plug performs the following, |
|
Definition
Provides cell connectivity for an attacker to remotely control the device and performs attacks against devices with wireless communication capabilities
Provides cell connectivity for attackers to remotely control the device and performs attacks against corporate network devices that is plugged into the same electric system as the Demyo plug
Attacks GSM communication systems by hijacking cell tower signals
Correct! None of the above |
|
|
Term
| Enabled promiscuous mode on a network interface is a suspicious event because |
|
Definition
| Computers can read frames intended for other machines or network devices |
|
|
Term
Which devices can locate wireless signals within a certain range, where they can siphon off the data being transmitted over the signals?
Correct! |
|
Definition
|
|
Term
| You can expect to have continued problems maintaining good network security awareness. Keep it simple. You need to draft some policies that define your network and its basic architecture. A good place to start is by asking the following questions, except which one? |
|
Definition
| Will internal users be accessing the network, and if so, how many? |
|
|
Term
| The latest trend to emerge in the network intrusion prevention arena is referred to as: |
|
Definition
| Unified threat management |
|
|
Term
| Which of the following are true: |
|
Definition
| Motive for cyber-attacks can be mainly attributed to financial and political. Attackers are often after the stealing data. |
|
|
Term
| Vulnerability scanning objectives include the following: |
|
Definition
| Assess risk faced components include: network risk, application risk, and host risks |
|
|
Term
| Which of the following is true |
|
Definition
| Audit’s primary objective include: making sure security policies are followed, identify violations and damage after attack, and provide input to recover from attack |
|
|
Term
| When a user is granted access to resources on a computing system, it is of vital importance to establish and verify the identity of the requesting entity. This process sis commonly referred to as: |
|
Definition
|
|
Term
| The login process is a system daemon that is responsible for coordinating authentication and process setup for interactive users. To do this, the login process does the following, except which one? |
|
Definition
| Present the user credential to only one of the configured user databases (typically, these can be files, NIS, kerberros servers, or LDAP directories) for authentication. * |
|
|
Term
| What was introduced to simplify the administration of small groups of computers? |
|
Definition
| Network Information System |
|
|
Term
| The most sensible alternative to the traditional interactive session protocols such as Telnet is the: |
|
Definition
| Secure Shell (SSH) system |
|
|
Term
| What allows for the loading of additional drivers for file systems? |
|
Definition
| File systems in user space |
|
|
Term
| What can be seen as another way to reduce the attack surface area? |
|
Definition
|
|
Term
| Information is vulnerable as it flows across the network, unless it is: |
|
Definition
|
|
Term
| The Unix group mechanism allows for a single user to belong to one or more: |
|
Definition
|
|
Term
| Even after hardening a Unix system with restrictive user permissions and ACLs, it is important to maintain logs of: |
|
Definition
|
|
Term
| An additional source of audit trail data about system activities is the history logs kept by a login shell such as: |
|
Definition
|
|
Term
| What is a mechanical form and can be thought of as physical access to a room with a key? |
|
Definition
|
|
Term
| What might involve confirming the identity of a person or software program? |
|
Definition
|
|
Term
| What requires every device to supply a pre-shared key (PSK) derived from a passphrase? |
|
Definition
|
|
Term
| What is an authentication scheme used by point-to-point protocol (PPP) hosts to authorize the identity of remote users and clients? |
|
Definition
| Challenge-Handshake Authentication Protocol (CHAP) |
|
|
Term
| The following statements about session management are true except this one |
|
Definition
| Session id is stored in a cookie and it is retrieved by the server upon request |
|
|
Term
| The following statements about direct object reference are true except this one |
|
Definition
| Application should encrypt objects so that they cannot be directly accessed |
|
|
Term
| White list based input validation is preferred over black list input validation because |
|
Definition
| It is difficulty to make sure that all bad input are listed |
|
|
Term
| Which of the following about running an application in a sandbox is true? |
|
Definition
| Browsers, virtual machines, and unix jails are all examples of sandboxes to isolate applications from one another so that if one of them is malicious it would not be able to compromise applications running in other sandboxes |
|
|
Term
| Which of the following is true with respect to the “heart bleed” vulnerability in OpenSSL |
|
Definition
| Developers using OpenSSL should have erased memory containing secret information |
|
|
Term
| Which of the following are true about logging |
|
Definition
| Only two of the above are true |
|
|
Term
| Including native library calls, which of the following languages can lead to buffer overflow vulnerabilities? |
|
Definition
|
|
Term
| What programming languages are native libraries for Windows written in? |
|
Definition
|
|
Term
| Which of the following security properties does SQL injection violate |
|
Definition
| Confidentiality, Integrity, and Availability |
|
|
Term
| Which of the following security properties does CSRF violate |
|
Definition
|
|
