Which of the following statements is true regarding guest users who require a higher degree of access? - Answer These guest users can be issued local, self-signed certificates that expire on a specific date and limit the guest's access.
Much of the policy revealed in the "Password must meet c...
Final Exam Questions And Already
Passed Answers.
Which of the following statements is true regarding guest users who require a higher degree of access? -
Answer These guest users can be issued local, self-signed certificates that expire on a specific date and
limit the guest's access.
Much of the policy revealed in the "Password must meet complexity requirements" window: - Answer
ignores password security minimum requirements.(wrong)
The Microsoft Security Baseline Analyzer is: - Answer available free of charge.
Which of the following tools can be used to ensure a newly installed system meets or exceeds the
organization's baseline security standard prior to deployment and can also help enforce patch
management and change control policies? - Answer Microsoft Security Baseline Analyzer
Which of the following provides IT and communications support to the White House, Secretary of
Defense, and all military sectors that contribute to the defense of the United States of America? -
Answer Defense Information Systems Agency (DISA)
Alison retrieved data from a company database containing personal information on customers. When
she looks at the Social Security number (SSN) field, she sees values that look like this: "XXX-XX-9142."
What has happened to these records? - Answer Masking
Which element is not a core component of the ISO 27002 standard? - Answer Cryptography
Jiang is pursuing a career in information security. He wants to eventually achieve the (ISC)2 Certified
Information Systems Security Professional (CISSP) certification but does not have the required
experience. If he passes the CISSP exam now, which credential will Jiang get? - Answer Associate of
(ISC)2
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y.
What is Alan's relationship with Bank Y? - Answer Customer
,Which of the following is not an objective of cryptanalysis, the process of breaking codes? - Answer
Encrypt the plaintext of a target message
Alison is a security professional. A user reports that, after opening an email attachment, every document
he saves is in a template format and other Microsoft Word documents will not open. After investigating
the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as
well as many Word files. What type of virus is the most likely cause? - Answer Macro virus
Lincoln is a network security specialist. He is updating the password policy for his company's computing
infrastructure. His primary method of improving password policy involves lowering the chance that an
attacker can compromise and use the password before it expires. What does he do? - Answer Requires
all passwords to contain at least eight alphanumeric characters
Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a
hard drive? - Answer Real
Security controls place limits on activities that might pose a risk to an organization. Ricky, a security
engineer for his company, is performing a review and measurement of all controls to capture changes to
any environment component. What is this called? - Answer Monitoring
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and
ticket-granting servers (TGSs)? - Answer Kerberos
What is the least likely goal of an information security awareness program? - Answer Punish users who
violate policy
What is an example of two-factor authentication (2FA)? - Answer Smart card and personal
identification number (PIN)
A company's IT manager has advised the business's executives to use a method of decentralized access
control rather than centralized to avoid creating a single point of failure. She selects a common protocol
that hashes passwords with a one-time challenge number to defeat eavesdropping-based replay attacks.
What is this protocol? - Answer Challenge-Handshake Authentication Protocol (CHAP)
, Which data source comes first in the order of volatility when conducting a forensic investigation? -
Answer Random access memory (RAM)
Tonya would like to protect her users and the network when users browse to known dangerous sites. She
plans to maintain a list of those sites and drop messages from those websites. What type of approach is
Tonya advocating? - Answer Blacklisting
Which of the following is a digital forensics specialist least likely to need in-depth knowledge of? -
Answer Mainframes
Rylie is a newly hired cybersecurity expert for a government agency. Rylie used to work in the private
sector. She has discovered that, whereas private sector companies often had confusing hierarchies for
data classification, the government's classifications are well known and standardized. As part of her
training, she is researching data that requires special authorization beyond normal classification. What is
this type of data called? - Answer Compartmentalized
Which security model does not protect the integrity of information? - Answer Bell-LaPadula
Which type of password attack is used on weak passwords and compares a hashed value of the
passwords to the system password file to find a match? - Answer Dictionary attack
Biyu is a network administrator. She is developing the compliance aspect of her company's security
policy. Currently, she is focused on the records of actions that the organization's operating system or
application software creates. What aspect of compliance is Biyu focusing on? - Answer Event logs
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type
of Trojan. What tool will Karen use for this purpose? - Answer Remote Access Tool (RAT)
Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is
the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that
involves multiplicative inverses that these ciphers use? - Answer Field theory
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TestSolver9. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.09. You're not tied to anything after your purchase.
