Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
12 Cards in this Set
- Front
- Back
|
Which of the following choices is the most reliable method of destroying data on a CD? A. Degaussing B. Physical destruction C. Deleting D. Overwriting |
Physical destruction is the most reliable method of destroying data on any media, including a CD. Degaussing won't affect a CD. Deleting rarely deletes the data. Overwriting might destroy the data depending on the method used, but it isn't as reliable as physical destruction. |
|
|
What means of risk response transfers the burden of risk to another entity? A. Mitigation B. Assignment C. Tolerance D. Rejection |
Risk assignment or transferring risk is the placement of the cost of loss a risk represents onto another entity or organization. Purchasing insurance and outsourcing are common forms of assigning or transferring risk. |
|
|
What programming language(s) can be used to develop ActiveX controls for use on an Internet site? A. Visual Basic B. C C. Java D. All of the above |
Answer: D Microsoft's ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets. |
|
|
Which of the following is not a valid security measure to protect against brute-force and dictionary attacks? A. Enforce strong passwords through a security policy. B. Maintain strict control over physical access. C. Require all users to log in remotely. D. Use two-factor authentication. |
Answer: C Requiring users to log in remotely does not protect against password attacks such as brute-force or dictionary attacks. Strong password policies, physical access control, and two-factor authentication all improve the protection against brute-force and dictionary password attacks. |
|
|
What form of password attack utilizes a preassembled lexicon of terms and their permutations? A. Rainbow tables B. Dictionary word list C. Brute force D. Educated guess |
Answer: B Dictionary word lists are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts |
|
|
When an organization is attempting to identify risks, what should they identify first? A. Assets B. Threats C. Vulnerabilities D. Public attacks |
Answer: A An organization must first identify the value of assets when identifying risks so that they can focus on the potential risks for their most valuable assets. They can then identify threats and vulnerabilities related to these assets. Public attacks can be evaluated to determine if they present a risk to the organization, but this should not be the first step. |
|
|
Which of the following are goals of the Identification phase of incident response? (Choose all that apply.) A. Restoration of normal activity B. Incorporation of lessons learned C. Notification of appropriate personnel D. Identification of incidents |
Answer: C;D The two goals of the identification phase are identifying incidents and notifying the appropriate personnel. |
|
|
Which federal government agency is responsible for ensuring the security of government computer systems that are used to process sensitive and/or classified information? A. National Security Agency B. Federal Bureau of Investigation C. National Institute of Standards and Technology D. Secret Service |
Answer: A The National Security Agency is responsible for managing the security of computer systems that process sensitive and/or classified information. The security of all other federal government systems is entrusted to the National Institute of Standards and Technology |
|
|
Which one of the following business impact assessment variables represents the dollar value of each organizational resource? A. AV B. SLE C. ARO D. MTD |
Answer: A The asset value (AV) is a monetary measure of an asset's worth to the organization. |
|
|
The __________ model focuses on preventing interference in support of integrity. This model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited. A. Biba B. Take grant C. Goguen−Meseguer D. Sutherland |
Answer: D The Sutherland model focuses on preventing interference in support of integrity. This model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited. |
|
|
What are the well-known ports? A. 0 to 1,023 B. 80, 135, 110, 25 C. 0 to 65, 536 D. 32,000 to 65,536 |
Answer: A Ports 0 to 1,023 are the well-known ports. |
|
|
12.The security role of ________________ is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management. A. Data custodian B. Data owner C. Auditor D. InfoSec officer |
Answer: A The security role of data custodian is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management. |
