100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
TESTOUT SECURITY PRO CHAPTER 1 -5 $14.99   Add to cart

Exam (elaborations)

TESTOUT SECURITY PRO CHAPTER 1 -5

 4 views  0 purchase
  • Course
  • TestOut
  • Institution
  • TestOut

TESTOUT SECURITY PRO CHAPTER 1 -5

Preview 4 out of 53  pages

  • November 5, 2024
  • 53
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • TestOut
  • TestOut
avatar-seller
GEEKA
TESTOUT SECURITY PRO CHAPTER 1 -5

Section 1.1.4
A user copies files from her desktop computer to a USB flash device and puts the
device into her pocket. Which of the following security risks is most pressing?
Confidentiality


Which of the following BEST describes a cyber terrorist?
Disrupts network-dependent institutions
Your computer system is a participant in an asymmetric cryptography system. You've
created a message to send to another user. Before transmission, you hash the
message and encrypt the hash using your private key. You then attach this encrypted
hash to your message as a digital signature before sending it to the other user.
In this example, which protection does the hashing activity provide?
Integrity


Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs.
Which of the following could an employee also be known as?
Internal threat
By definition, which security concept uses the ability to prove that a sender undeniably
sent an encrypted message?
Non-repudiation
Which of the following includes all hardware and software necessary to secure data,
such as firewalls and antivirus software?
Physical security
Which of the following are often identified as the three main goals of security? (Select
three.)
Availability

Confidentiality

,Integrity
Which of the following is the correct definition of a threat?
Any potential danger to the confidentiality, integrity, or availability of information or
systems
Which of the following is an example of a vulnerability?
Misconfigured server
1.2.4
1.2.4
The Application layer of the security model includes which of the following? (Select two.)
Web application security

User management
When training your employees on how to identify various attacks, which of the following
policies should you be sure to have and enforce? (Select two.)
Clean desk policies

Password policies
Which of the following reduces the risk of a threat agent being able to exploit a
vulnerability?
Countermeasures
Which of the following items would be implemented at the Data layer of the security
model?
Cryptography
Which of the following items would you secure in the Perimeter layer of the security
model?
Firewalls
Which of the following is the single greatest threat to network security?
Employees
Which of the following is a security approach that combines multiple security controls
and defenses?
Layered security

,Which of the following items would be implemented at the Network layer of the security
model?
Penetration testing
Which of the following is one of the MOST common attacks on employees?
Phishing attack
The Policies, Procedures, and Awareness layer of the security model includes which of
the following? (Select two.)
Employee onboarding

User Education
2.1.6
2.1.6
An employee stealing company data could be an example of which kind of threat actor?
Internal threat


Which of the following is the BEST definition of the term hacker?
A general term used to describe any individual who uses their technical knowledge to
gain unauthorized access to an organization.
Which of the following threat actors seeks to defame, shed light on, or cripple an
organization or government?
Hacktivist
The IT manager in your organization proposes taking steps to deflect a potential threat
actor. The proposal includes the following:
Create and follow onboarding and off-boarding procedures.
Employ the principal of least privilege.
Have appropriate physical security controls in place.
Which type of threat actor do these steps guard against?
Insider
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie
attacks often seek to exploit well-known vulnerabilities in systems.
What is the BEST defense against script kiddie attacks?
Keep systems up to date and use standard security practices.

, A hacker scans hundreds of IP addresses randomly on the internet until they find an
exploitable target. What kind of attack is this?
Opportunistic attack
Match the general attack strategy on the left with the appropriate description on the
right. (Each attack strategy may be used once, more than once, or not all.)
Stealing information.
Exploitation

Preparing a computer to perform additional tasks in the attack.
Staging

Crashing systems.
Exploitation

Gathering system hardware information.
Reconnaissance

Penetrating system defenses to gain unauthorized access.
Breaching

Configuring additional rights to do more than breach the system.
Escalating privileges
Match the general defense methodology on the left with the appropriate description on
the right. (Each methodology may be used once, more than once, or not all.)
The constant change in personal habits and passwords to prevent anticipated events
and exploitation.
Randomness

Diversifying layers of defense.
Variety

Giving users only the access they need to do their job and nothing more.
Principle of least privilege

Implementing multiple security measures to protect the same asset.
Layering

Eliminating single points of failure.
Layering

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.99
  • (0)
  Add to cart