Security Pro Chapter 1-3

Exit

Question 1 of 1

  Time Left


0 [{"id":435499,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:08:32","updated_at":"2018-05-13 22:06:06","questionName":"A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":35,"explanation":"Because script kiddies lack knowledge and sophistication, their attacks often seek to exploit well- known vulnerabilities in systems. As such, defending against script kiddies involves keeping systems up-to-date and using standard security practices. Having appropriate physical security controls in place is one of the steps that can be used to protect insider threat actors. Implementing email filtering systems and proper securing and storing data backups are two of the steps that can be used to protect against organized crime threat actors. Because nation states use so many different attack vectors and unknown exploits, defending against them involves building a comprehensive security approach that uses all aspects of threat prevention and protection.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437025,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-18 14:18:36","updated_at":"2018-05-13 22:06:06","questionName":"Match the employment process on the left with the task that should occur during each process on\r\nthe right. Each process may be used once, more than once, or not at all.","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":30,"explanation":"During the pre-employment process, you need to determine whether an individual is a valid\r\nsecurity risk by performing tasks such as the following:\r\n-Verify the prospective employee's job history\r\n-Obtain a credit history (if appropriate)\r\nDuring the employment phase, you need to ensure employees are made aware of security issues.\r\nSome of the measures you can implement include the following:\r\n\u2022 Make employees aware of the standards, procedures, and baselines that apply to the\r\nemployee's specific job. This is referred to as role-based training .\r\n\u2022 Make employees aware of what constitutes sensitive information and steps that should be\r\ntaken to protect it.\r\nThe termination process identifies the tasks an organization takes when an employee voluntarily or\r\ninvoluntarily leaves the organization. Be sure to complete the following:\r\n\u2022 Remind the employee of any agreements related to non-disclosure and non-compete.\r\n\u2022 Disable the employee's accounts, including physical access, electronic access, and telephone\r\naccess.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437032,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:21:46","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following mobile device security considerations disables the ability to use the device\r\nafter a short period of inactivity?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":34,"explanation":"A lockout (or screen lock) disables the ability to use the device after a short period of inactivity.\r\nThe correct password or personal identification number (PIN) unlocks the device.\r\nRemote wipe, also known as sanitization , remotely clears specific, sensitive data on the mobile\r\ndevice. This task is also useful if you are assigning the device to another user or after multiple\r\nincorrect password or PIN entries. Data encryption also ensures data confidentiality on the device.\r\nVoice encryption (on mobile phones) ensures data confidentiality during transit. Global Positioning\r\nSystem (GPS) tracking can assist in a device's recovery by displaying its current location. The\r\nTrusted Platform Module (TPM) is a hardware chip on the motherboard that can generate and store\r\ncryptographic keys to check the integrity of startup files and components.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437045,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:29:23","updated_at":"2018-05-13 22:06:06","questionName":"Your organization has recently purchased 20 tablet devices for the Human Resource department to\r\nuse for training sessions.\r\nYou are concerned that these devices could represent a security risk to your network and want to\r\nstrengthen their security profile as much as possible.\r\nWhich actions should you take? (Select two. Each response is a separate solution.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":43,"explanation":"When deploying new mobile devices, there are many things you should do to increase their overall\r\nsecurity, including the following:\r\n\u2022 Enable device encryption. Data encryption ensures data confidentiality on the device.\r\n\u2022 Segment personal data from organizational data on mobile devices. This storage strategy\r\nallows encryption to be applied only to sensitive organizational data on the device. It also allows\r\nonly organizational data to be removed during a remote wipe, preserving personal data.\r\nMobile devices can't be joined to a domain, so there is no way to apply Group Policy settings from\r\na GPO to them. Most directory services, such as OpenLDAP, do not support mobile devices, so it\r\nprobably isn't possible to install the new tablets in your organization's directory services tree.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437029,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:19:37","updated_at":"2018-05-13 22:06:06","questionName":"A smart phone was lost at the airport. There is no way to recover the device. Which if the\r\nfollowing will ensure data confidentiality on the device?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":31,"explanation":"Remote wipe, also known as sanitization , remotely clears specific, sensitive data on the mobile\r\ndevice. This ensures that whoever has the device cannot see the sensitive data. This task is also\r\nuseful if you are assigning the device to another user, or after multiple incorrect entries of the\r\npassword or PIN. Data encryption also ensures data confidentiality on the device. Voice encryption\r\n(on mobile phones) ensures data confidentiality during transit.\r\nGlobal Positioning System (GPS) tracking can assist in the recovery of the device by displaying its\r\ncurrent location. A lockout (or screen lock) disables the device's interface after a short period of\r\ninactivity. The correct password or personal identification number (PIN) unlocks the device. The\r\ntrusted platform module (TPM) is a hardware chip on the motherboard that can generate and store\r\ncryptographic keys to check the integrity of startup files and components.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435496,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-16 15:07:12","updated_at":"2018-05-14 01:57:11","questionName":"Match the general defense methodology on the left with the appropriate description on the right. ","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":33,"explanation":"General defense methodologies include the following items: \u2022 Layering : implementing multiple security measures to protect the same asset. Defense in depth or security in depth is the premise that no single layer is completely effective in securing the assets. The most secure system\/network has many layers of security and eliminates single points of failure. \u2022 Principle of least privilege : users or groups are given only the access they need to do their job and nothing more. When assigning privileges, be aware that it is often easier to give a user more access when they need it than to take away privileges that have already been granted. \u2022 Variety : defensive layers should have variety and be diverse; implementing multiple layers of the exact same defense does not provide adequate strength against attacks. \u2022 Randomness : the constant change in personal habits and passwords to prevent anticipated events and exploitation. \u2022 Simplicity : security measures should provide protection, but not be so complex that you do not understand and use them.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435759,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:27:05","updated_at":"2018-05-13 22:06:06","questionName":"When a cryptographic system is used to protect the data confidentiality, what actually takes place?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":38,"explanation":"Confidentiality is the protection of disclosure to unauthorized users. Restricting data from being transmitted is an access control issue. Protecting data from corruption or change is to protect integrity. Providing access to data as needed is protecting availability.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437043,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:27:35","updated_at":"2018-05-13 22:06:06","questionName":"Over the last several years, the use of mobile devices within your organization has increased\r\ndramatically.\r\nUnfortunately, many department heads circumvented your information systems procurement\r\npolicies and directly purchased tablets and smartphones for their employees without authorization.\r\nAs a result, there is a proliferation of devices within your organization without accountability.\r\nYou need to get things under control and begin tracking your organization's devices.\r\nHow should you do this?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":42,"explanation":"Because mobile devices are not tied to a physical location, asset tracking and inventory control are\r\nvery important. At a minimum, you should track the following for each device owned by your\r\norganization:\r\n-The make and model number of the device\r\n-The device serial number\r\n-The operating system version number\r\n-The date the device was purchased and the vendor it was purchased from\r\n-The end-of-warranty date for the device\r\n-The vendor providing support for the device\r\n\u2022 The employee the device has been issued to\r\nTo accomplish this goal, you should implement a mobile endpoint management (MEM) solution to\r\nautomate asset tracking and inventory control processes.\r\nA mobile device management (MDM) solution is a valuable administration tool, but devices have to\r\nbe enrolled in the service before they can be managed. Until an accurate device inventory is\r\navailable, this won't be possible. Mobile devices can't be joined to a Windows domain; therefore\r\nyou can't use Group Policy to apply security settings.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437038,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-18 14:23:57","updated_at":"2018-05-13 22:06:06","questionName":"Most mobile device management (MDM) systems can be configured to track the physical location\r\nof enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the\r\nright, from most accurate to least accurate.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":37,"explanation":"Most mobile device management (MDM) solutions can leverage the following technologies on\r\nenrolled mobile devices to track their physical location:\r\n\u2022 The Global Position System (GPS) can track the location of GPS-enabled devices to within a\r\nmeter.\r\n\u2022 Wi-Fi triangulation can track the location of devices in heavily-populated urban areas to within\r\na few meters, depending on the number of networks in range and the accuracy of their signal\r\nstrength data.\r\n\u2022 Cell phone tower triangulation can track the location of devices to within a kilometer,\r\ndepending on the signal strength and number of cell towers within range.\r\n\u2022 IP address resolution is much less accurate than the other options, tracking the location of\r\ndevices to within roughly 20 kilometers.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435761,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:28:07","updated_at":"2018-05-13 22:06:06","questionName":"Which type of cipher changes the position of the characters in a plain text message?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":39,"explanation":"A transposition cipher changes the position of characters in the plain text message. It is also referred to as an anagram . A substitution cipher replaces one set of characters with symbols or another character set. A block cipher takes a fixed-length number of bits, or block, and encrypts them all at once. A stream cipher creates a sequence of bits that are used as the key.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435501,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:10:11","updated_at":"2018-05-13 22:06:06","questionName":"The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: \u2022 Create and follow onboarding and off-boarding procedures \u2022 Employ the principal of least privilege \u2022 Have appropriate physical security controls in place Which type of threat actor do these steps guard against?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":36,"explanation":"Because insiders are one of the most dangerous and overlooked threats to an organization, you need to take the appropriate steps to protect against them. \u2022 Require mandatory vacations - Create and follow onboarding and off-boarding procedures - Employ the principal of least privilege - Have appropriate physical security controls in place","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435763,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:30:49","updated_at":"2018-05-13 22:06:06","questionName":"Which is the cryptography mechanism that hides secret communications within various forms of data?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":41,"explanation":"Steganography is the cryptography mechanism that hides secret communications within various forms of data. Codes and signals are pre-arranged meanings behind words, phrases, images, etc. Codes and signals are not usually considered a form of steganography, since the communication is not imbedded in the code or signal, but have a pre-established meaning. Polyinstantiation is a database security feature that allows duplicate objects to exist at different levels of security.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435762,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:29:45","updated_at":"2018-05-13 22:06:06","questionName":"In a cryptographic system, what properties should the initialization vector have? (Select two.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":40,"explanation":"For security, the initialization vector should be large and unpredictable . When the initialization vector is large and unpredictable, an encryption algorithm can generate secure keys or encrypt data that is difficult to decrypt. If the initialization vector is short, predictable, or uniform, the generated keys may not be secure, allowing attackers to decrypt data easily.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437030,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:20:44","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following are not reasons to remote wipe a mobile device?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":32,"explanation":"Device inactivity is not a reason to remotely wipe a mobile device.\r\nRemote wipe, also known as sanitization , remotely clears specific, sensitive data on stolen,\r\nmisplaced, or lost mobile devices. This ensures that whoever has the device cannot see the\r\nsensitive data. This task is also useful if you are assigning the device to another user, or after\r\nmultiple incorrect password or PIN entries.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435766,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:31:48","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is not a valid example of steganography?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":44,"explanation":"Encrypting a data file with an encryption key is encryption, not steganography. Digital watermarking, microdots, and hiding text messages within graphical images are all examples of steganography.","question_score_id":null,"lang":null,"questionAudioPath":null}]
435499
0
120
block

A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks?

Select the correct answer(s).  

(0/0)














437025
0
1200
none
437032
0
120
none
437045
0
120
none
437029
0
120
none
435496
0
1200
none
435759
0
120
none
437043
0
120
none
437038
0
120
none
435761
0
120
none
435501
0
120
none
435763
0
120
none
435762
0
120
none
437030
0
120
none
435766
0
120
none