Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

PT 10

Practice Test 10

QuestionAnswer
FTP 20,21
SSH 22
SFTP 22
SCP 22
TELNET 23
SMTP 25
TACACS 49
A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as: A. DLL injection B. Buffer overflow C. Memory leak D. Integer overflow B. Buffer overflow
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as: A. DLL B. ISO C. EXE D. INI A. DLL
A cryptographic standard for digital signatures is known as: A. DSA B. PFS C. DES D. RSA A. DSA
Which of the EAP methods listed below relies on client-side and server-side certificates to perform authentication? A. EAP-TLS B. PEAP C. EAP-TTLS D. EAP-FAST A. EAP-TLS
Which of the answers listed below refers to a solution designed to strengthen the security of session keys? A. ECB B. PFS C. EFS D. PFX B. PFS
Which of the answers listed below refer to obfuscation methods? (Select 3 answers) A. Encryption B. Steganography C. XOR cipher D. Password salting E. ROT13 C. XOR cipher E. ROT13
A digital certificate which allows multiple domains to be protected by a single certificate is known as: A. Extended Validation (EV) certificate B. Wildcard certificate C. Subject Alternative Name (SAN) certificate D. Root signing certificate C. Subject Alternative Name (SAN) certificate
hich of the following best describes a biometric false acceptance rate (FAR)? A. Failure to identify a biometric image B. Access allowed to an unauthorized user C. Rejection of an authorized user D. The point at which acceptances and rejections are equal B. Access allowed to an unauthorized user
A situation where cryptographic hash function produces two different digests for the same data input is referred to as hash collision. A. FALSE B. TRUE A. FALSE
Cross-site request forgery (CSRF/XSRis a security exploit that allows for infecting a website with malicious code. The malicious code, often in the form of JavaScript, can then be sent to the unsuspecting user and executed via the user’s web browser application. A. FALSE B. TRUE A. FALSE
Which of the following protocols allow(s) for secure file transfer? (Select all that apply) A. FTPS B. TFTP C. FTP D. SFTP E. SCP A. FTPS D. SFTP E. SCP
After feeding an input form field with incorrect data, a hacker gets access to debugger info providing extensive description of the error. This situation is an example of: A. Fuzz testing B. Improper input handling C. Brute-force attack D. Improper error handling D. Improper error handling
Which of the following terms is used to describe a type of penetration test in which the person conducting the test has a limited access to information on the internal workings of the targeted system? A. Fuzz testing B. Gray-box testing C. White-box testing D. Black-box testing B. Gray-box testing
Which of the terms listed below refer(s) to software/hardware driver manipulation technique(s) that might be used to enable malware injection? (Select all that apply) A. Fuzz testing B. Shimming C. Sideloading D. Sandboxing E. Refactoring B. Shimming E. Refactoring
What is the name of a Linux command-line utility that can be used to display TCP/IP configuration settings? A. ifconfig B. netstat C. nslookup D. ipconfig A. ifconfig
Which of the following terms describes an attempt to read a variable that stores a null value? A. Integer overflow B. Pointer dereference C. Buffer overflow D. Memory leak B. Pointer dereference
The arp command can be used to perform what kind of resolution? A. IP to FQDN B. MAC to IP C. IP to MAC D. FQDN to IP C. IP to MAC
Which one of the following best provides an example of detective controls versus prevention controls? A. IPS/camera versus IDS/guard B. IDS/camera versus IPS/guard C. IPS versus guard D. IDS/IPS versus camera/guard B. IDS/camera versus IPS/guard
Which of the acronyms listed below refers to a cryptographic attack where the attacker has access to both the plaintext and its encrypted version? A. KPA B. POODLE C. KEK D. CSRF A. KPA
Port 1701 is used by: A. L2TP B. RADIUS C. PPTP D. SMTPS A. L2TP
IP spoofing and MAC spoofing rely on falsifying what type of address? A. Loopback address B. Destination address C. Source address D. Broadcast address C. Source address
Which of the following are hashing algorithms? (Select all that apply) A. MD5 B. RIPEMD C. Bcrypt D. HMAC E. SHA A. MD5 B. RIPEMD D. HMAC E. SHA
Which of the following authentication protocols offer(s) countermeasures against replay attacks? (Select all that apply) A. MPLS B. IPsec C. CHAP D. Kerberos E. PAP B. IPsec C. CHAP D. Kerberos
Which of the following allows for checking digital certificate revocation status without contacting Certificate Authority (CA)? A. OCSP stapling B. Certificate Revocation List (CRL) C. Sideloading D. Certificate Signing Request (CSR) . OCSP stapling
Which digital certificate formats are commonly used to store private keys? (Select 2 answers) A. P7B B. PFX C. CER D. P12 B. PFX D. P12
Penetration testing: (Select all that apply) A. Passively tests security controls B. Exploits vulnerabilities C. Actively tests security controls D. Bypasses security controls E. Only identifies lack of security controls B. Exploits vulnerabilities C. Actively tests security controls D. Bypasses security controls
ulnerability scanning: (Select all that apply) A. Passively tests security controls B. Actively tests security controls C. Identifies lack of security controls D. Identifies common misconfigurations E. Exploits vulnerabilities A. Passively tests security controls D. Identifies common misconfigurations
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Select two.) A. Password complexity B. Password history C. Password length D. Password lockout E. Password expiration A. Password complexity B. Password history
A security protocol designed to strengthen existing WEP implementations without requiring the replacement of legacy hardware is known as: A. PEAP B. TKIP C. CCMP D. WPA2 B. TKIP
Created by: bgray8
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards