Security

1.

1 point

A firewall is classified as a ______ control.

Physical

Administrative

Site

Technical

Employee

2.

1 point

You receive a few packets but no connection gets established. When you look at the logs, you notice you received a few SYN packets, immediately followed by RST packets, but no ACK packets. Which of the following is the most likely cause?

Xmas scan from Nmap

Hacker trying to identify the service running on a port

TCP SYN scan from Nmap

TCP/IP stack has failed

None of the above

3.

1 point

Which of the following security concepts limits a user's rights to the lowest possible level needed to perform his tasks?

Universal participation

Need to know

Diversity of defense

Limited account

Least privilege

4.

1 point

ten million dollar test centre in flood zone. Flood would destroy 90%. Floods occur once a decade. What is SLE from a flood?

$100,000

Ninety thousand dollars

Nine million dollars

Ten million dollars

$900,000

5.

1 point

The ICMP protocol is specifically designed to:

Control traffic flow across networks

Track end-to-end connectivity

Check & report on network error conditions

Generate networking stats

6.

1 point

In security environments, Authentication means

Tracking what users are doing while accessing the systems

Using your identity to assign access rights

Supplying your identity

Confirming your identity with an element unique to the person

7.

1 point

What is the most common type of computer crime seen by security professionals?

Insider attack

Denial of service

Password sniffing

Laptop theft

Malware infection

8.

1 point

A ____ spreads from computer to computer but unlike other malware, it has the ability to travel and replicate itself without any user intervention.

trojan

rootkit

virus

worm

none of the above

9.

1 point

The TCP/IP 3-way handshake for session initiation requires the use of which 2 TCP flags?

ACK

SEQ

SYN

RST

FIN

10.

1 point

Which of the following is not a characteristic of defence in depth?

The weakest links can be augmented so that single points of failure can be eliminated

Protection mechanisms are deployed at multiple locations

IDS or IPS is not required

Security mechanisms do not depend on each other

Security mechanisms back each other up.

11.

1 point

You make mistakes. Mistakes cost co workers 30 minutes to fix they are paid $20/hour. If you make 10 mistakes/day and work 250 days a year whats is ALE to your company as result of your errors?

$5,000

$20,000

$500

$25,000

$100,000

12.

1 point

An interruptible power supply (UPS) is classified as a _____ control.

Resource

Physical

Auxiliary

Administrative

Technical

13.

1 point

In risk assessment which of the following estimates the frequency of an even?

ALE

EF

ARO

AV

SLE

14.

1 point

Microsoft’s Security Compliance Manager tool contains security baselines for applications such as Microsoft Office and Internet Explorer.

True

False

15.

1 point

Which of the following is an example of e-mail phishing?

Someone uses your e-mail address when sending out spam

A link to a site about "free" phones

An e-mail from your ISP asking for your password

An e-mail about products for "male unsufficiency

None of the aobve

16.

1 point

In risk assessment which of the following represents the expected loss from a single occurrence of a threat exploring a vulnerability?

ALE

ARO

AV

SLE

EF

17.

1 point

Which of the following software tools includes baseline templates derived from Microsoft’s security guide recommendations and industry best practices?

MBSA (Baseline Security Analyzer)

SCM (Security Compliance Manager)

SCA (Security Configuration and Analysis)

All of the above

None of the above

18.

1 point

In terms of security, social engineering is considered to be a form of:

Cracking

Non-technical hacking

Illegal information warfare activity

Technical hacking

All of the Above

19.

1 point

Which of the following tools will help you confirm which services are running on a port?

Snort

Nessus

Tcpdump

Ping

20.

1 point

An unethical hacker is also referred to s a ____.

Black hat

White hat

Blue hat

Hacktivist

Script kiddy

21.

1 point

______ is the principle that you can never reduce a risk to zero

Diminishing risk

Planned risk

Residual risk

Minimal risk

Zero risk

22.

1 point

Which of the following software tools can be used to configure system security?

MBSA (Baseline Security Analyzer)

SCM (Security Compliance Manager)

SCA (Security Configuration and Analysis)

All of these.

None of these.

23.

1 point

Which of the following software tools can determine if any security updates or service packs are missing from a Windows operating system?

MBSA (Baseline Security Analyzer)

SCM (Security Compliance Manager)

SCA (Security Configuration and Analysis)

All of the above

None of the above

24.

1 point

The loss or omission of one of the goals of security is known as:

A vulnerability

A compromise

A turkey

A risk

A threat

25.

1 point

_____ controls are largely policies and procedures.

Academic

Technical

Administrative

Audit

Physical

26.

1 point

A _____________ defines a set of basic security objectives which must be met by any given service or system.

security baseline

compliance manager

configuration manager

configuration template

None of the above

27.

1 point

Over time, the amount of knowledge required to hack into computer systems has ____.

not changed

slowly increased

dropped to zero

decreased

rapidly increased

28.

1 point

Which of the following is not a criterion used to classify data?

Copyright

Value

Useful life

Personal association

Age

29.

1 point

In risk assessment, an estimate of the degree of destruction that will occur is called the:

Exposure factor

Single loss expectancy

Annualized loss expectancy

Asset value

Annualized rate of occurance

30.

1 point

What are the three primary objectives of security?

Integrity, Confidentiality, and Antireplay functionality

Integrity, Confidentiality, and Availability

Integrity, Authentication, and Confidentiality

Integrity, Availability, and Antireplay functionality

Confidentiality, Availability, and Authentication

31.

1 point

From the perspective of risk management, security can be defines as:

Securing the company so that security incidents don't cost the organization a lot

Protecting the organization's assets

Reducing the risks to the organization and its assets to an acceptable level

None of the above

All of the above

32.

1 point

Which of the following is not an advantage of defence in depth?

Effective against malicious insiders

Redundancy

Protects against single points of failure

Ease of configuration

Resists all classes of attack

33.

1 point

A phreaker is a _____

bug tester

hacker with questionable ethics

hacker of telecommunication systems

hacker with a political agenda

hacker with little skill

34.

1 point

Packet sniffing is considered to be a form of:

Countermeasure

Denial of Service

Active reconnaissance

Preliminary reconnaissance

Passive reconnaissance

35.

1 point

What do you call an attack in which the attacker sends a continuous stream of packets from different sources toward the same destination?

Smurf attack

Denial-of-service attack

Ping of death

Classification attack

Distributed denial-of-service attack

36.

1 point

Which one of the tool's below can be used as an effective vulnerability scanner?

Nmap

Tcpdump

Nessus

Wireshark

Snort

37.

1 point

Microsoft’s Baseline Security Analyzer does not support Windows 8.

True

False

38.

1 point

A typical Man-in-the-Middle attack attempts to exploit a ____ between computers.

Session captures

Trust relationship

UDP packets

Connection control flags

TCP/IP shutdown session

39.

1 point

If you document that there is a risk but you take no action to mitigate that risk you are:

Accepting the risk

Ignoring the risk

Avoiding risk

Transferring risk

Engaging in risk assurance

40.

1 point

Which of the following is not a technical policy?

End-user policy

VPN access policy

Network policy

Email policy

Wireless policy

41.

1 point

Which if the following does a designer not need to care about when designing network security?

Associated risk of the threats

Cost / Benefit analysis

Impact on hackers of introducing new security policy

Threats that could compromise security

The Cost to implement security measures