Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
ITC 191
Week 10 (14.01 - 14.05)
| Question | Answer |
|---|---|
| Which Windows features can you use to encrypt a hard drive volume? | BitLocker |
| You are establishing a new security policy for user authentication and want to implement multi-factor authentication. Which of the following would BEST accomplish this? | Fingerprint and one-time code text message |
| During an airline flight, a laptop user makes last-minute changes to a presentation that contains sensitive company information. Which of the following would make it difficult for other passengers to view this information on the laptop display? | Privacy filter |
| Which of the following are examples of a strong password? | I love the Linux P3ngu!n Tux |
| Which database encryption method can you use to encrypt data at rest? | Transparent data encryption |
| One of the Windows workstations you manage has four user accounts defined on it. Two of the users are Limited users, while the third (your account) is an Administrative user. The fourth account is the Guest user account, which has been enabled to allow ma | Disable the Guest account |
| One of the Windows workstations you manage has three user accounts defined on it. Two of the users are Limited users, while the third (your account) is an Administrative user. Each Limited and Administrative user has been assigned a strong password. Fi | Set a screen saver password; Disable Auotrun on the system |
| You are working at the local hospital in the IT department. You've just received a promotion to junior network technician. Part of your new role involves troubleshooting network communication issues. Which of the following user groups should your account | Network Configuration Operator |
| A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him Administrator privileges. Later, Joe discovers that he has access to the salaries in the payroll database. Which of the following sec | Principle of least privilege |
| You are assisting the security administrator and discover that a user was logged in to their workstation after hours. After further investigation, you discover that the user's account was compromised, and someone used the account to steal sensitive data. | Restrict the user's login times to work hours only |
| As part of the response to a security incident on your company network, you have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up to the | Chain of custody |
| You work for a company that offers their services through the internet. It is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining tha | Secure the affected system |
| A security incident is currently occurring on your company's network. You discover that the attack involves a computer system that is attached to the network. You are unsure what kind of damage is being done to the network systems or data. Which of the | Stop the attack and contain the damage by disconnecting the system from the network |
| Which of the following is an important aspect of evidence gathering in response to a security incident? | Back up all log files and audit trails |
| A security technician is conducting a forensic analysis. Which of the following actions is MOST likely to destroy critical evidence? | Shutting down the system |
| A technician was able to stop a security attack on a user's computer. Which of the following actions should be performed FIRST when conducting the subsequent forensic investigation? | Document what is on the screen |
| Proactive | An organization looks for existing security flaws in their system |
| Active | A network intrusion detection system (IDS) detects malicious traffic |
| Passive | A technician performing maintenance on a computer discover prohibited content; A device or practice helps determine how and why a security incident occurred |
| As the principal of a private school, you have discovered that an office assistant has shared a student's home address with an unauthorized individual. Which of the following regulations is your school in violation of? | FERPA |
| You have accepted a position working in a local hospital's IT department. Which of the following government regulations would be the most important for the hospital to be in compliance with? | HIPPA |
| Which of the following is an example of personal, government-issued information? | Social security number |
| You have five salespeople who work out of your office and who frequently leave their laptops laying on their desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST protect | Use cable locks to chain the laptops to the desk |
| A public library has purchased new laptop computers to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should they use to physically secure the new laptops? | Cable locks |
| You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A reception | Train the receptionist to keep their iPad in a locked drawer when not in use; Diable the network jacks in the reception area |
| A high fence is installed around the property. Security cameras are installed on all buildings. The parking lot has light poles installed in all areas. Vehicles are able to drive straight to the building entrance itself. Which of the following would y | Install bollards |
| Which of the following door locks provides authentication to a specific lock over a Bluetooth connection? | Key fob |
| Which of the following should be installed inside the entrance to the building to prevent weapons or unauthorized equipment being brought into the building? | Magnetometer |
| Which of the following can be paired with a motion sensor to improve security? | Lights |
| While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following security measures | Access control vestibule |
| A high fence is installed around the property. Visitors are able to enter the building and are checked in by a receptionist. Security cameras are installed on all buildings. Server racks are locked and have alarms. Which of the following would you MOS | Place a security guard at the entrance gate with an access list to control who comes on the property |
| All pieces of equipment have cable locks installed. Server racks are locked and have alarms. The WAP for the guest Wi-Fi is located on the receptionist's desk. Biometric locks are installed on high security rooms. Which of the following would you MOST | Install the WAP on the ceiling or inside of a special locked box |
| Which of the following does Windows us to manage and enforce what a user is authorized to access? | Access control list |
| Which of the following BEST describes authorization? | The resources that a user can access |
| Which of the following processes is used to prove a user's identity? | Authentication |
| Which of the following statements is true regarding hard tokens? | Hard tokens provide a higher level of security |
| You have been hired to assess a client's security. During your testing, you discover that users have access to other departments' files. Which of the following should you recommend that the company implement? | Principle of least privilege |
| Your company has recently implemented a BYOD policy. To protect the network, users must install an app on their devices that allows the security administrator to enforce the security policies. Which of the following is this an example of? | Mobile device management |
| Which of the following authentication combinations is an example of multi-factor authentication? | PIN and authentication app |
| Which of the following is an example of a soft token? | Authentication app |
| You are working as a junior network technician at the local hospital. The security administrator has just finished rolling out a new security policy that requires users to log in to workstations using a fingerprint scanner. Which authentication categor | Something you are |
| Which authentication category does a username and password fall under? | Something you know |
| A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the accounting department in the employee's company. She relates that she has forgotten her password and demands that the employee give her | Vishing |
| Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a finan | Phishing |
| At company headquarters, several employees are having issues with their Wi-Fi access suddenly dropping and then reconnecting to the same wireless network. You decide to investigate and determine that someone has set up a rogue access point near company | Evil twin |
| Which type of DoS attack exhausts the target's resources by overloading a specific program or service? | Application layer |
| You have been hired to help assess the security of your client's organization. During your assessment, you have found a rogue wireless access point that is configured to look identical to the legitimate wireless network. Which of the following attacks | Elvi twin attack |
| You have been hired to investigate a recent cybersecurity attack. You have discovered that the attacker was able to send commands to the server using the login fields and steal user credentials from the database. Which of the following attacks was your | SQL injection |
| Which of the following attacks exploits a vulnerability in software that has not been discovered by the developer? | Zero-day attack |
| Which of the following are risks of implementing a BYOD policy? | Number of different devices; Improper diposal; Data leakage |
| Which of the following should you implement to monitor and manage the risks of a BYOD policy? | Mobile device management |
| What do you call a system that has no anti-malware or firewall installed? | Unprotected |
Created by:
rparticka