Busy. Please wait.
Log in with Clever
or

show password
Forgot Password?

Don't have an account?  Sign up 
Sign up using Clever
or

Username is available taken
show password

Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

PT 5

        Help!  

Question
Answer
You currently work for a large company and are concerned about ensuring all workstations have a common configuration, do not contain a rogue software installation, and all patches are kept up to date. Of the following, which would be most effective to accomplish this? A. Use VDE B. Implement strong policies C. Use an image for all workstations D. Implement strong patch management   show
🗑
Josh, as an administrator for a health care company, is required to support an older, legacy application. He’s concerned about the application having some vulnerabilities that would affect the remainder of the network. Of the following, which option is the most efficient way to mitigate this? A. Use an application container B. Implement SDN C. Run the application on a separate VLAN D. Insist on an updated version of the application   show
🗑
Kevin is going over his company’s recertification policy. Which is the best reason to recertify? A. To audit usage B. To enhance onboarding C. To audit permissions D. To manage credentials   show
🗑
show A. Implement a manager  
🗑
As the security administrator, you advise the web development team to include a CAPTCHA on a webpage where users are able to register for an account. Which control is this referring to? A. Deterrent B. Detective C. Compensating D. Degaussing   show
🗑
Lisa manages incident response for a bank. The bank has a website that’s been attacked. The attacker utilized the login screen, and rather than entering proper login credentials, the attacker entered some odd text: ‘ or ‘1’=’1. What is this attack known as? A. Cross-site scripting B. Cross-site request forgery C. SQL injection D. ARP poisoning   show
🗑
show D. DNS poisoning  
🗑
Steven is looking for a new firewall for his company. He’s concerned about a DoS attack, more specifically, SYN flood. Which of the following is the best option to protect against a SYN flood event? A. Packet filter B. Application gateway C. Bastion D. SPI   show
🗑
show C. COPE and BYOD devices can be used as a USB OTG resource  
🗑
Which should be required by a company to mitigate the impact of a custom piece of software being installed by a vendor in case the vendor later goes out of business? A. A detailed credit investigation prior to acquisition B. A third-party source code escrow C. Substantial penalties for breach of contract D. Standby contracts with other vendors   show
🗑
Of the following, choose a common security issue that is hard to control in large environments when a user has more rights, permissions, and privileges than the job requires. What is described by this scenario? A. Excessive rights B. Excessive access C. Excessive permissions D. Excessive privileges   show
🗑
Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool? A. Vulnerability scanner B. Exploit framework C. Metasploit D. Nessus   show
🗑
Neil has been tasked with finding an authentication service handled by a third party that would allow users to access multiple websites, as long as the authentication service is supported by the website. What is the best choice? A. OpenID B. Kerberos C. NTLM D. Shibboleth   show
🗑
show C. Turn off unneeded services on all computers  
🗑
show D. Identification  
🗑
show A. Buffer overflow  
🗑
Which recovery site is the easiest to test? A. Warm site B. Cold site C. Hot site D. Medium site   show
🗑
show A. False negative  
🗑
Choose the scenario where using a shared account would pose the least security risk. A. For a group of tech support personnel B. For guest Wi-Fi access C. For students logging in at a university D. For accounts with few privileges   show
🗑
show A. MD5  
🗑
show D. DAMP  
🗑
show C. HOTP  
🗑
You’re currently looking for a network authentication method that uses digital certificates and doesn’t require users to remember passwords. Which method is the most beneficial? A. OAuth B. Tokens C. OpenID D. RBAC   show
🗑
show B. EFS  
🗑
show D. Transitive trust  
🗑
show B. The password length is the most significant problem  
🗑
show C. CPU Cache, RAM, Swap, Hard drive  
🗑
show A. OWASP  
🗑
As a network security analyst, you’ve been instructed to bring an affected system back into the company’s environment and verify that it will not lead to another incident. You have tested, monitored, and validated that the system is not currently being compromised. Which process have you completed? A. Lessons learned B. Preparation C. Recovery D. Containment   show
🗑


   

Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
 
To hide a column, click on the column name.
 
To hide the entire table, click on the "Hide All" button.
 
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
 
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.

 
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how
Created by: bgray8