PT 5
Help!
|
|
||||
---|---|---|---|---|---|
You currently work for a large company and are concerned about ensuring all workstations have a common configuration, do not contain a rogue software installation, and all patches are kept up to date. Of the following, which would be most effective to accomplish this? A. Use VDE B. Implement strong policies C. Use an image for all workstations D. Implement strong patch management | show 🗑
|
||||
Josh, as an administrator for a health care company, is required to support an older, legacy application. He’s concerned about the application having some vulnerabilities that would affect the remainder of the network. Of the following, which option is the most efficient way to mitigate this? A. Use an application container B. Implement SDN C. Run the application on a separate VLAN D. Insist on an updated version of the application | show 🗑
|
||||
Kevin is going over his company’s recertification policy. Which is the best reason to recertify? A. To audit usage B. To enhance onboarding C. To audit permissions D. To manage credentials | show 🗑
|
||||
show | A. Implement a manager
🗑
|
||||
As the security administrator, you advise the web development team to include a CAPTCHA on a webpage where users are able to register for an account. Which control is this referring to? A. Deterrent B. Detective C. Compensating D. Degaussing | show 🗑
|
||||
Lisa manages incident response for a bank. The bank has a website that’s been attacked. The attacker utilized the login screen, and rather than entering proper login credentials, the attacker entered some odd text: ‘ or ‘1’=’1. What is this attack known as? A. Cross-site scripting B. Cross-site request forgery C. SQL injection D. ARP poisoning | show 🗑
|
||||
show | D. DNS poisoning
🗑
|
||||
Steven is looking for a new firewall for his company. He’s concerned about a DoS attack, more specifically, SYN flood. Which of the following is the best option to protect against a SYN flood event? A. Packet filter B. Application gateway C. Bastion D. SPI | show 🗑
|
||||
show | C. COPE and BYOD devices can be used as a USB OTG resource
🗑
|
||||
Which should be required by a company to mitigate the impact of a custom piece of software being installed by a vendor in case the vendor later goes out of business? A. A detailed credit investigation prior to acquisition B. A third-party source code escrow C. Substantial penalties for breach of contract D. Standby contracts with other vendors | show 🗑
|
||||
Of the following, choose a common security issue that is hard to control in large environments when a user has more rights, permissions, and privileges than the job requires. What is described by this scenario? A. Excessive rights B. Excessive access C. Excessive permissions D. Excessive privileges | show 🗑
|
||||
Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool? A. Vulnerability scanner B. Exploit framework C. Metasploit D. Nessus | show 🗑
|
||||
Neil has been tasked with finding an authentication service handled by a third party that would allow users to access multiple websites, as long as the authentication service is supported by the website. What is the best choice? A. OpenID B. Kerberos C. NTLM D. Shibboleth | show 🗑
|
||||
show | C. Turn off unneeded services on all computers
🗑
|
||||
show | D. Identification
🗑
|
||||
show | A. Buffer overflow
🗑
|
||||
Which recovery site is the easiest to test? A. Warm site B. Cold site C. Hot site D. Medium site | show 🗑
|
||||
show | A. False negative
🗑
|
||||
Choose the scenario where using a shared account would pose the least security risk. A. For a group of tech support personnel B. For guest Wi-Fi access C. For students logging in at a university D. For accounts with few privileges | show 🗑
|
||||
show | A. MD5
🗑
|
||||
show | D. DAMP
🗑
|
||||
show | C. HOTP
🗑
|
||||
You’re currently looking for a network authentication method that uses digital certificates and doesn’t require users to remember passwords. Which method is the most beneficial? A. OAuth B. Tokens C. OpenID D. RBAC | show 🗑
|
||||
show | B. EFS
🗑
|
||||
show | D. Transitive trust
🗑
|
||||
show | B. The password length is the most significant problem
🗑
|
||||
show | C. CPU Cache, RAM, Swap, Hard drive
🗑
|
||||
show | A. OWASP
🗑
|
||||
As a network security analyst, you’ve been instructed to bring an affected system back into the company’s environment and verify that it will not lead to another incident. You have tested, monitored, and validated that the system is not currently being compromised. Which process have you completed? A. Lessons learned B. Preparation C. Recovery D. Containment | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
bgray8