Which of the following should risk assessments be based upon as a best practice?
A quantitative measurement of risk and impact and asset value
An
... [Show More] absolute measurement of threats
A qualitative measurement of risk and impact
A survey of annual loss and potential threats and asset value
A quantitative measurement of risk and impact and asset value
Which of the following will not reduce EMI?
Humidity control
Physical shielding
Overhauling worn motors
Physical location
Humidity control
Which of the following mobile deployment models is the most security minded, where the organization purchases the device and personal use is prohibited?
Corporate owned, personally enabled
Choose your own device
Corporate owned
Bring your own, corporate managed
Corporate owned
Which of the following is an example of restricting access to files based on the identity of the user or group?
Mandatory Access Control
Discretionary Access Control
Certificate Revocation List
Public Key Infrastructure
Discretionary Access Control
The primary purpose of a load balancer is to:
Perform packet filtering
Block blacklisted content or web pages for a firewall
Expand servers and resources when needed
Capture packets for monitoring and analyzing
Expand servers and resources when needed
A conceptual framework that describes the functions of a networking or telecommunication system
Open Systems Interconnection (OSI) model
At which OSI model layer does the encryption and decryption of data for secure transmission occur?
Layer 6 - Presentation Layer
Which layer of the TCP/IP model is equivalent to the Session, Presentation, and Application layers of the OSI model?
Physical
Network
Transport
Application
D. Application
The MOST secured hashing algorithm is which of the following?
CHAP
MD5
SHA 1
LANMAN
MD5
Which of the following is NOT a Bluetooth threat?
Bluejacking
Smurf attack
Discovery mode
Bluesnarfing
Smurf attack
The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Thursday afternoon. How many tapes will the technician need to restore the data on the file server for Friday morning?
Four
Three
Two
One
Four
Which of the following creates separate logical networks?
Subnetting
NAC
NAT
DMZ
Subnetting
Which of the following describes a tool used by organizations to verify whether or not a staff member has been participating in malicious activity?
Implicit deny
Time of day restrictions
Mandatory vacations
Implicit allow
Mandatory vacations
A new wireless network is being implemented by a technician for an organization. All of the following wireless vulnerabilities should be considered by the technician EXCEPT:
Weak encryption
Rogue access points
SSID broadcasts
802.11 mode
802.11 mode
Which of the following roles is responsible for implementing security controls for access, storage, and transmission of data?
Data owner
Data steward
Data custodian
Data technician
Data custodian
A technique utilized by hackers to identify unsecured wireless network locations to other hackers is which of the following?
War chalking
Bluesnarfing
War driving
War dialing
War chalking
With Virtual Desktop Infrastructure, VDI, application deployment model, user applications and data are stored:
On a VM installed on the physical device
On a remote server
In the user's iCloud account
On the user's desktop workstation
On a remote server
Which type of intrusion detection may terminate processes or redirect traffic upon detection of a possible intrusion?
Active
Passive
Adaptive
Redirective
Active
Which of the following is responsible for the amount of residual risk?
The security officer of an organization
The DRP coordinator
Senior management
The security technician
Senior management
Someone that is dumpster diving would be MOST interested in which of the following?
List of expired usernames
Receipts from the supply store
User education manual
Business card of computer contractor
Business card of computer contractor
Which of the following is described as a practice where a variety of tools and applications are used to automatically detect, and alert, to suspected security concerns?
Continuous monitoring
Automated monitoring
Continuous validation
Secure automation
Continuous monitoring
A design flaw in a new application was discovered by a software manufacturer. Company management decided to continue manufacturing the product with the flaw rather than recalling the software. Which of the following risk management strategies was adopted?
Risk acceptance
Risk mitigation
Risk transfer
Risk avoidance
Risk acceptance
Which of the following is a reason to use a Faraday cage?
To mitigate data emanation
To find rogue access points
To allow wireless usage
To minimize weak encryption
To mitigate data emanation
A possible security risk associated with mobile devices is which of the following?
Bluesnarfing
Domain kiting
Cross site scripting
Input validation
Bluesnarfing
New weapon research and development programs would MOST likely be classified as:
Top Secret
Confidential
For Official Use Only
Internal
Top Secret
An area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure is which of the following?
DMZ
NAT
VPN
VLAN
DMZ
When would it be appropriate to use time of day restrictions on an account?
As an added security measure when employees work set schedules
To eliminate attack attempts of the network during peak hours
In order to ensure false positives are not received during baseline testing
To ensure the DMZ is not overloaded during server maintenance
As an added security measure when employees work set schedules
Which of the following is a true statement concerning NIDS?
A NIDS prevents certain types of traffic from entering a network.
A NIDS is installed on the proxy server.
A NIDS monitors and analyzes network traffic for possible intrusions.
A NIDS is normally installed on the email server.
A NIDS monitors and analyzes network traffic for possible intrusions.
Which of the following mobile device deployment models permits users to choose the device that the organization will purchase for them?
VDI
BYOD
CYOD
COPE
CYOD
The IP address and MAC address of a rogue device within the local network might best be revealed by which of the following logs?
Antivirus
Security
DHCP
DNS
C. DHCP
Which of the following provides the MOST comprehensive redundancy with the least amount of downtime for an entire site?
Mobile site
Hot site
Cold site
Warm site
Hot site
Implementing screen filters would reduce which of the following risks?
Phishing
Man in the middle attacks
Shoulder surfing
Replay attacks
Shoulder surfing
Which of the following encryption algorithms relies on the inability to factor large prime numbers?
SHA 1
Elliptic curve
AES256
RSA
RSA [Show Less]