Term
| Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process? |
|
Definition
|
|
Term
| Which of the following is the BEST approach to perform risk mitigation of user access control rights? |
|
Definition
| Perform routine user permission reviews. |
|
|
Term
| Which of the following devices is BEST suited for servers that need to store private keys? |
|
Definition
|
|
Term
| All of the following are valid cryptographic hash functions EXCEPT: |
|
Definition
|
|
Term
| In regards to secure coding practices, why is input validation important? |
|
Definition
| It mitigates buffer overflow attacks. |
|
|
Term
| Which of the following would be used when a higher level of security is desired for encryption key storage? |
|
Definition
|
|
Term
| A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check? |
|
Definition
|
|
Term
| Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access? |
|
Definition
|
|
Term
| Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type? |
|
Definition
|
|
Term
| Which of the following devices would MOST likely have a DMZ interface? |
|
Definition
|
|
Term
| Which of the following application security testing techniques is implemented when an automated system generates random input data? |
|
Definition
|
|
Term
| Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file? |
|
Definition
|
|
Term
| A security administrator wants to check user password complexity. Which of the following is the BEST tool to use? |
|
Definition
|
|
Term
| Certificates are used for: |
|
Definition
Client authentication
Code signing |
|
|
Term
| Which of the following is a hardware based encryption device? |
|
Definition
|
|
Term
| Which of the following BEST describes a protective countermeasure for SQL injection? |
|
Definition
| Validating user input in web applications |
|
|
Term
| Which of the following MOST interferes with network-based detection techniques? |
|
Definition
|
|
Term
| A certificate authority takes which of the following actions in PKI? |
|
Definition
| Issues and signs all root certificates |
|
|
Term
| Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks? |
|
Definition
| Malicious code on the local system |
|
|
Term
| Separation of duties is often implemented between developers and administrators in order to separate which of the following? |
|
Definition
| Changes to program code and the ability to deploy to production |
|
|
Term
| A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed? |
|
Definition
| The request needs to be approved through the change management process. |
|
|
Term
| Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described? |
|
Definition
|
|
Term
| A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company? |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware? |
|
Definition
|
|
