Security Pro Chapter 1-3

Exit

Question 1 of 1

  Time Left


0 [{"id":435511,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:44:45","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following reduce the risk of a threat agent being able to exploit a vulnerability?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":45,"explanation":"A countermeasure is a means of mitigating potential risk. Countermeasures reduce the risk of a threat agent being able to exploit a vulnerability. An appropriate countermeasure: \u2022 Must provide a security solution to an identified problem - Should not depend on secrecy - Must be testable and verifiable - Must provide uniform or consistent protection for all assets and users - Should be independent of other safeguards - Should require minimal human intervention - Should be tamper-proof - Should have overrides and fail-safe defaults","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435513,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:46:17","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":47,"explanation":"Layered security, sometimes called defense in depth security, is a security approach that combines multiple security controls and defenses to create a cumulative effect. Perimeter security includes firewalls using ACLs and securing the wireless network. Network security includes the installation and configuration of switches and routers, implementation of VLANs, penetration testing, and the utilization of virtualization. A countermeasure is a means of mitigating the potential risk. Countermeasures reduce the risk of a threat agent exploiting a vulnerability.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437052,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-18 14:34:50","updated_at":"2018-05-13 22:06:06","questionName":"Match each Interoperability Agreement document on the left with the appropriate description on\r\nthe right. Each document may be used once, more than once, or not at all.","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":55,"explanation":"There are several key documents that may be included within an Interoperability Agreement (IA)\r\nthat you should be familiar with:\r\n\u2022 A Service Level Agreement (SLA) specifies exactly which services will be performed by the\r\nthird party and what level of performance they guarantee. An SLA may also provide warranties,\r\nspecify disaster recovery procedures, define how disputes will be managed, and specify when\r\nthe agreement will be terminated.\r\n\u2022 A Blanket Purchase Order (BPO) is an agreement with a third-party vendor to provide services\r\non an ongoing basis. BPOs are typically negotiated to take advantage of a preset discounted\r\npricing structure.\r\n\u2022 A Memorandum of Understanding (MOU) is a very important document that provides a brief\r\nsummary of which party in the relationship is responsible for performing specific tasks. In\r\nessence, the MOU specifies who is going to do what and when.\r\n\u2022 An Interconnection Security Agreement (ISA) documents how the information systems of each\r\nparty in the relationship will be connected and share data.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437050,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-18 14:33:21","updated_at":"2018-05-13 22:06:06","questionName":"Match each Interoperability Agreement document on the left with the appropriate description on\r\nthe right. Each document may be used once, more than once, or not at all.","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":51,"explanation":"There are several key documents that may be included within an Interoperability Agreement (IA)\r\nthat you should be familiar with:\r\n\u2022 A Service Level Agreement (SLA) specifies exactly which services will be performed by the\r\nthird party and what level of performance they guarantee. An SLA may also provide warranties,\r\nspecify disaster recovery procedures, define how disputes will be managed, and specify when\r\nthe agreement will be terminated.\r\n\u2022 A Blanket Purchase Order (BPO) is an agreement with a third-party vendor to provide services\r\non an ongoing basis. BPOs are typically negotiated to take advantage of a preset discounted\r\npricing structure.\r\n\u2022 A Memorandum of Understanding (MOU) is a very important document that provides a brief\r\nsummary of which party in the relationship is responsible for performing specific tasks. In\r\nessence, the MOU specifies who is going to do what and when.\r\n\u2022 An Interconnection Security Agreement (ISA) documents how the information systems of each\r\nparty in the relationship will be connected and share data.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435770,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:43:59","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following accurately describes what a protocol analyzer is used for? (Select two.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":50,"explanation":"A protocol analyzer is a passive device that copies frames and allows you to view frame contents, but does not allow you to capture, modify, and retransmit frames (activities that are used to perform an attack). A load tester simulates a load on a server or service. For example, the load tester might simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. A throughput tester measures the amount of data that can be transferred through a network or processed by a device.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435514,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:47:31","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is the single greatest threat to network security?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":49,"explanation":"Employees are the single greatest threat to network security. Therefore, user education is very important. \u2022 Employees need to be aware that they are the primary targets in most attacks. \u2022 Phishing attacks are one of the most common attacks directed toward employees. \u2022 Employees should be able to identify attacks by email, instant messages, downloads, and websites. \u2022 Effective password policies should be enforced, and passwords should not be written down. \u2022 Employees should be able to identify both internal and external threats. \u2022 Employees need to be aware of the company's security policies.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435767,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:32:49","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following encryption methods combines a random value with plain text to produce cipher text?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":46,"explanation":"A one-time pad is a cryptography method in which plain text is converted to binary and combined with a string of randomly generated binary numbers, which is called the pad . A one-time pad is a form of substitution. A transposition cipher , or anagram , changes the position of characters in the plain text message. Steganography is a cryptography method that uses digital pictures, video clips, or audio clips to hide a message or some type of data. Steganography tools encode the message into the Least Significant Bit (LSB) of the binary coding. Elliptic curve cryptography (ECC) is an approach to cryptography that uses a finite set of values within an elliptic curve (an algebraic set of numbers).","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435518,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:57:18","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is an example of privilege escalation?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":58,"explanation":"Creeping privileges occur when a user's job position changes and they are granted a new set of access privileges for their new work tasks, but their previous access privileges are not removed. As a result, the user accumulates privileges over time that are not necessary for their current work tasks. This is a form of privilege escalation. Principle of least privilege and separation of duties are countermeasures against privilege escalation. Mandatory vacations are used to perform peer reviews, which requires cross-trained personnel and help detect mistakes and fraud.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437053,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:36:21","updated_at":"2018-05-13 22:06:06","questionName":"Your organization entered into an Interoperability Agreement (IA) with another organization a year\r\nago. As a part of this agreement, a federated trust was established between your domain and the\r\npartner domain.\r\nThe partnership has been in the ongoing operations phase for almost nine months now. As a\r\nsecurity administrator, which tasks should you complete during this phase? (Select two.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":57,"explanation":"During the ongoing operations phase of the relationship, you should:\r\n\u2022 Regularly verify compliance with the IA documents\r\n\u2022 Conduct periodic vulnerability assessments to verify that the network interconnections created\r\nby the relationship have not exposed or created security weaknesses\r\nDuring the onboarding phase of the relationship, you should attend to BPO and draft the MOU.\r\nDisabling user and group accounts should take place during the off-boarding phase.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435769,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:42:27","updated_at":"2018-05-13 22:06:06","questionName":"You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":48,"explanation":"Configure the network interface to use promiscuous mode. By default, a NIC will only accept frames addressed to itself. To enable the packet sniffer to capture frames sent to other devices, configure the NIC in promiscuous mode (sometimes called p-mode). In p-mode, the NIC will process every frame it sees.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435516,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-16 15:52:50","updated_at":"2018-05-14 02:04:25","questionName":"Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.)","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":54,"explanation":"Layered Security includes the following layers: \u2022 Policies, Procedures, and Awareness: Includes user education, manageable network plans, and how to manage employee onboarding and off-boarding. \u2022 Perimeter: Includes firewalls using ACLs and securing the wireless network. \u2022 Host: Includes log management, OS hardening, patch management and implementation, auditing, malware, and password attacks. \u2022 Data: Includes storing data properly, destroying data, classifying data, cryptography, and securing data transmissions.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435515,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-16 15:50:13","updated_at":"2018-05-14 02:01:45","questionName":"Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.)","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":52,"explanation":"Layered Security includes the following layers: \u2022 Physical: Includes fences, door locks, mantraps, turnstiles, device locks, server cages, cameras, motion detectors, and environmental controls. \u2022 Network: Includes the installation and configuration of switches and routers, implementation of VLANs, penetration testing, and the utilization of virtualization. \u2022 Host: Includes each individual workstation, laptop, and mobile device. \u2022 Application: Includes authentication and authorization, user management, group policies, and web application security.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435517,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:54:42","updated_at":"2018-05-13 22:06:06","questionName":"Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":56,"explanation":"Sanitize media that will be reused in a different security context. Sanitization is the process of cleaning a device by having all data remnants removed. Sanitization is necessary because deleting, overwriting, and reformatting does not remove all data remnants, even when performed multiple times. Formatting is typically sufficient for media that will be reused within the same security context. Destroy media that has reached the end of its useful lifetime.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435771,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:45:09","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":53,"explanation":"A load tester simulates a load on a server or service. For example, the load tester might simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. Use a load tester to make sure that a system has sufficient capacity for expected loads. Load testers can even estimate failure points, where the load is more than the system can handle.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435774,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-17 01:48:33","updated_at":"2018-05-13 22:06:06","questionName":"You want to examine the data on your network to find out if any of the following are happening: \u2022 Users are connecting to unauthorized websites - Cleartext passwords are allowed by protocols or services - Unencrypted traffic that contains sensitive data is on the network. Which of the following tools would you use?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":59,"explanation":"A protocol analyzer is a special type of packet sniffer that captures transmitted frames. A protocol analyzer is a passive device that copies frames and allows you to view frame contents, but does not allow you to capture, modify, and retransmit frames (activities that are used to perform an attack). A protocol analyzer can be used to check network traffic for many issues, including: \u2022 Identifying users that are connecting to unauthorized websites \u2022 Discovering cleartext passwords allowed by protocols or services \u2022 Identifying unencrypted traffic that includes sensitive data","question_score_id":null,"lang":null,"questionAudioPath":null}]
435511
0
120
block

Which of the following reduce the risk of a threat agent being able to exploit a vulnerability?

Select the correct answer(s).  

(0/0)












435513
0
120
none
437052
0
1200
none
437050
0
1200
none
435770
0
120
none
435514
0
120
none
435767
0
120
none
435518
0
120
none
437053
0
120
none
435769
0
120
none
435516
0
1200
none
435515
0
1200
none
435517
0
120
none
435771
0
120
none
435774
0
120
none