Академический Документы
Профессиональный Документы
Культура Документы
D. Unavoidable
First responders are principally involved in which phase of an incident response plan?
A. Detection
B. Eradication
C. Recovery
D. Follow-Up
Separating responsibilities or duties in a fashion designed to reduce the possibility of employee
fraud or theft cannot prevent such action if employee:
A. Knowledge of the safeguards exists
B. Collusion exists
C. Lack of training exists
D. Irresponsibility exists
An evidence collection sheet is designed to assist an investigator in:
A. Establishing and maintaining the chain of custody
B. Understanding the nature of the crime
C. Tracking activities for subsequent billing purposes
D. Enabling law enforcement to understand the nature of the evidence
An administrator is attempting to prevent a hacker from using a rainbow table to crack hashed
passwords. What can the administrator do to make it too time consuming to use a rainbow table?
A. Compress the hashes
B. Make the passwords more difficult
C. Salt the hashes
D. Message filtering
When securing data in transit by using hashing and encryption, how does the function of hashing
differ from the function of encryption?
A. Encryption algorithms provide message integrity by generating a message digest
that can be used to detect message modification while hashing algorithms provide
confidentiality by using asymmetric and/or symmetric methods.
B. Hashing algorithms provide message integrity by generating a message digest that
can be used to encrypt and decrypt message while encryption algorithms provide
confidentiality by detecting message modification.
C. Encryption algorithms provide message integrity while hashing algorithms provide
confidentiality by using asymmetric and/or symmetric methods.
D. Hashing algorithms provide message integrity by generating a message digest that
can be used to detect message modification while encryption algorithms provide
confidentiality by using asymmetric and/or symmetric methods.
What security term describes the weakness of an asset that can be exploited?
A. Vulnerability
B. Threat
C. Threat agent
D. Countermeasure
When conducting a quantitative risk assessment, how should the total risk of an asset be defined
mathematically?
A. Total threat, divided by Total vulnerability, multiplied by Total asset value
B. Total threat, multiplied by Total vulnerability, multiplied by Total asset value
C. Total threat, multiplied by Total vulnerability, divided by Total asset value
D. Total threat, multiplied by Total vulnerability in addition to Total asset value
Which of the following biometric methods is considered the most accurate?
A. Fingerprint
B. Palm scan
C. Iris scan
D. Voice recognition
Which one of the following packet filtering methods is an accurate description of its function?
A. Filtering by ICMP message type uses TCP or UDP port numbers to filter SMTP
and POP email messages and DNS requests.
B. Filtering by ACK flag uses the ACK bit or ACK flag in a TCP packet to examine
both the contents of packets and headers for signs that they are legitimate.
C. Filtering by TCP or UDP port number admits or denies ICMP packets based on
message types.
D. Filtering suspicious inbound packets denies a packet that arrived at the firewall
from the external network but contains an IP address that is inside the network.
What protocol is used to monitor large numbers of systems and devices for operational issues?
A. File Transfer Protocol (FTP)
B. Simple Mail Transfer Protocol (SMTP)
C. Simple Network Management Protocol (SNMP)
D. Hyper Text Transfer Protocol (HTTP)
When planning a security program for an organization, what is the major objective of security
awareness and training ?
A. Helps the organization employees to be more security conscious
B. Helps the organization security polices to be more easily understood
C. Helps the organization to meet internal security objective and
regulatory compliance
D. Helps the organization create more effective security policies
The Domain Name System (DNS) works through a set of servers beginning with the:
A. Local servers
B. Root servers
C. Primary name servers
Creating or issuing secure identities should include three key aspects. The three aspects include
all of the following EXCEPT:
A. Uniqueness
B. Nondescriptive
C. Issuance
D. Descriptive