|
8.1 |
… |
|
Which of the following is the star property of the Bell-LaPadula security model? |
No write down |
|
The Clark-Wilson security model is primarily based on which element? |
Controlled intermediary access application |
|
The Brewer-Nash security model is designed primarily to prevent which activity |
Conflicts of interest |
|
What form of access control is based on job descriptions? |
Role-based access control (RBAC) |
|
Which access control type is used to implement short-term repairs to restore basic functionality following an attack? |
Corrective |
|
Encryption is which type of access control? |
Technical |
|
Audit trails produced by auditing activities are which type of security control? |
Detective |
|
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources? |
DAC |
|
You have implemented and access control method that only allows users who are managers to access specific data. Which type of access control model is used? |
RBAC |
|
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented? |
DAC |
|
A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. |
RSBAC |
|
Which of the following is the term for the process of validating a subject’s identity |
Authentication |
|
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources? |
Authentication and authorization |
|
Which of the following defines an object as an entity in the context of access control? |
Data, applications, systems, networks, and physical space |
|
Which access control model manages rights and permissions based on job description and responsibilities? |
Role-based access control(RBAC) |
|
8.2 |
… |
|
Which of the following is a password that relates to things that people know, such as a mother’s maiden name or the name of a pet? |
Cognitive |
|
What type of password is marygadalittlelamb? |
Pass phrase |
|
Which of the following defines the crossover error rate for evaluating biometric systems? |
The point where the number of false positives matches the number of false negatives in a biometric system. |
|
Which of the following is the most common form of authentication? |
Password |
|
Which of the following is the strongest form of multi-factor authentication? |
A password, a biometric scan, and a token device |
|
Which of the following advantages can single-on (SSO) provide?(select two) |
The elimination of multiple user accounts and passwords for each individual Access to all authorized resources with a single instance of authentication |
|
Which of the following best describes one-factor authentication? |
Multiple authentication credentials may be required, but they are all of the same type |
|
Which of the following are examples of single-on authentication solutions?(select two) |
Kerberos SESAME |
|
Which of the following is an example of a single-on authentication solution? |
Kerberos |
|
What is another term for the type of login credentials provided by a token device? |
One-time password |
|
Which of the following is stronger than any biometric authentication factor? |
Two-factor authentication |
|
Which of the following is not a form of biometric? |
Token device |
|
What is the most important aspect of a biometric device? |
Accuracy |
|
Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon? |
Smart card |
|
8.3 |
… |
|
Which of the following information is typically not included in an access token? |
User account password |
|
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login? |
Access token |
|
Marcus White has just been promoted to a manger. To give him access to the files that he needs, … |
Have Marcus log off and log back in |
|
Which security mechanism uses a unique list that meets the following specification: |
User ACL |
|
Lori Redford, who had been a member of the Project Management group, was recently promoted to manager of the team… |
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions |
|
8.4 |
… |
|
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? |
Client-side scripts |
|
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack? |
Buffer overflow |
|
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information? |
XSS |
|
When you browse to a website, a pop-up window tell you that your computer has been infected with a virus. You click on the window to see what the problem is… |
Drive-by download |
|
Which of the following are subject to SQL injection attacks? |
Database servers |
|
You have a website that accepts input from users for creating costumer accounts. Input on the form is passed to a database server where the user account information is stored. |
SQL injection |
|
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack? |
Buffer overflow |
|
Which type of attack is the act of exploiting a software program’s free acceptance of input in order to execute arbitrary code on a target? |
Buffer overflow |
|
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisement for products that are inappropriate for your family to view. |
Pop-up blocker |
|
While using a Web-based order form an attacker enters an unusually large value in the Quantity field. |
Integer overflow |
|
While using a Web-based game creating using Adobe Flash, a Flash cookie is set on a user’s computer… |
Locally shared object(LSO) exploit |
|
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. A n attacker registers the following domain names: |
Typosquatting |
|
An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application… |
Implementing client-side validation |
|
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. |
Implementing client-side validation Implementing server-side validation |
|
8.5 |
… |
|
Use of which of the following is a possible violation of privacy |
Cookies |
|
Which of the following is not true regarding cookies? |
They operate within a security sandbox |
|
Which of the following is a text file provided by a website to a client that is stored on a user’s hard drive in order to track and record information about the user? |
Cookie |
|
You want to allow e-commerce websites that you visit to keep track of your browsing history for shopping carts and other information,… How should you configure the browser settings? |
Allow first party cookie, but block third-party cookies |
|
What is a cookie? |
a file saved on your hard drive that tracks website preferecnes and use |
|
To help prevent browser attacks, users of public computers should do which of the following? |
Clear the browser cache |
|
You manage several Windows systems. |
Add the URL of the website to the Local intranet zone |
|
You manage several Windows systems. All computers are members of a domain. |
Add the internal website to the Local intranet zone |
|
8.6 |
… |
|
Which of the following enters random data to the input of an application? |
Fuzzing |
|
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data? |
Input validation |
|
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. |
Configuration testing |
|
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. |
Code review |
|
You’ve been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. |
Data is stored in the database in an unencrypted format The database admin user has no password assigned |
|
You’ve been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. |
Disable anonymous access Implement an application-layer protocol to encrypt data prior to saving it in the database |
|
8.7 |
… |
|
Which of the following is an example of a decentralized privilege management solution? |
Workgroup |
|
Which of the following best describes Active Directory? |
A centralized database that contains user account and security information |
|
Active directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. |
Decentralization |
|
8.8 |
… |
|
What should you do to a user account if the user goes on an extended vacation? |
Disable the account |
|
8.9 |
… |
|
One of your users, Karen Scott, has recently married and is now Karen jones….Which of the following commands will accomplish this? |
usermod -I kjones kscott |
|
You have performed an audit and have found and active accoutn for an employee with the username joer. This user no longer works fot he company |
usermod -L joer |
|
An employee named Bob Smith, whose user name is bsmith, has left the company… |
userdel bsmith;rm -rf /home/bsmith userdel -r bsmith |
|
A user with the account name larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage files in the system in the very near future. |
userdel -r larry |
|
In the /etc/shadow file, which character in the password field indicates that a standard user account is locked? |
! |
|
Which of the following utilities could you use to lock a user account? (select two. each answer represents an independent solution.) |
passwd usermod |
|
You suspect that the gshant user account is locked |
passwd -S gshant |
|
8.10 |
… |
|
You are the administrator for a small company. You need to add a new group of users to the system. The group’s name is sales. Which command will accomplish this? |
groupadd sales |
|
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this? |
groupmod -n marketing sales |
|
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use? |
groupdel temp_sales |
|
You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use? |
gpasswd Research |
|
8.11 |
… |
|
What is the effect of the following command? |
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires |
|
Which change option keeps a user from changing their password every two weeks? |
-m 33 |
|
Within the /etc/security/limits.conf file, you notice the following entry: |
Limits the number of logins from the Guest group to three |
|
8.12 |
… |
|
You want to ensure that all users in the Department OU have a common set of network communication security settings applied |
Create a GPO computer policy for the computers in the Development OU |
|
Computer policies include a special category called user rights. |
Identify users who can perform maintenance tasks on computers in an OU |
|
Which statement is true regarding application of GPO settings? |
If a setting is defined in the Local Group Policy on the computer and not defined in the GPO linked to the setting is applied. |
|
You manage an Active Directory domain. All users in the domain are required by a GPO linked to the domain to use passwords with at least eight characters, but you want to ensure that users in the Administrator OU are required to use passwords with at least 10 characters. |
Create a GPO computer policy for the Administrators OU. |
|
You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain. But you want users in the Administrator OU to have a different set of internet options |
Create a GPO policy for the Administrators OU. |
|
8.13 |
… |
|
Which of the following is the single best rule to enforce when designing complex password? |
Longer passwords |
|
For users on your network, you ant to automatically lock user accounts if four incorrect passwords are used within 10 minutes |
Configure account lockout policies in Group Policy |
|
You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days |
Configure account policies in Group Policy |
|
You have hired 10 new temporary workers who will be with the company for 3 months. |
Configure day/time restrictions in the user accounts |
|
You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at leats five days before changing it again. |
Enforce password history Minimum password age |
|
You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent login after three unsuccessful login attempts. |
Minimum password length Account lockout threshold |
|
You have just configured the password policy and set the minimum password age to 10. |
Users cannot change the password for 10 days. |
|
You have implemented account lockout with a clipping level of 4 |
The account will be locked after four incorrect attempts |
|
Which of the following is not an important aspect of password management? |
Enable account lockout |
|
You are teaching new users about security and passwords. |
T1a73gZ9! |
|
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company’s customer database. |
Train sales employees to use their own user accounts to update the customer database delete the account that the sales employees are currently using |
|
8.14 |
… |
|
You manage a single domain named widgets.com |
Implement a granular password policy for the users in the Directors OU. |
|
You manage a single domain named widgets.com |
ADSI Edit |
|
You manage a single domain named widgets.com |
Create a granular password policy. Apply the policy to all users in the Directors OU. |
|
You manage a single domain named widgets.com |
Create a granular policy for Matt. Apply the policy to Matt’s user account. |
|
Which of the following is not true of smart cards? |
Smart card a powered internally by a small battery. |
Share This
Flashcard
