Which authentication factor is based on a unique talent that a user possesses?
A) What you have
B) What you are
C) What you do
D) What you know
C) What you do
What is the current version of TACACS?
A) XTACACS
B) TACACS+
C) TACACS v9
D) TRACACS
B) TACACS+
<EOCMULT_first>At what point in a vulnerability assessment would an attack tree be utilized?
A) <EOCMULTA_first>Vulnerability appraisal
B) <EOCMULTA>Risk assessment
C) Risk mitigation
D) Threat evaluation
D) Threat evaluation
Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?
A) Disaster recovery planning
B) IT contingency planning
C) Business impact analysis planning
D) Risk IT planning
B) IT contingency planning
<EOCMULT_first>Which of the following threats would be classified as the actions of a hactivist?
A) <EOCMULTA_first>External threat
B) <EOCMULTA>Internal threat
C) Environmental threat
D) Compliance threat
A) <EOCMULTA_first>External threat
Which of these is NOT a characteristic of a weak password?
A) A common dictionary word
B) A long password
C) Using personal information
D) Using a predictable sequence of characters
B) A long password
How is the Security Assertion Markup Language (SAML) used?
A) It allows secure web domains to exchange user authentication and authorization data.
B) It is a backup to a RADIUS server.
C) It is an authenticator in IEEE 802.1x.
D) It is no longer used because it has been replaced by LDAP.
A) It allows secure web domains to exchange user authentication and authorization data.
Which of the following is NOT true about privacy?
A) Today, individuals can achieve any level of privacy that is desired.
B) Privacy is difficult due to the volume of data silently accumulated by technology.
C) Privacy is freedom from attention, observation, or interference based on your decision.
D) Privacy is the right to be left alone to the degree that you choose.
A) Today, individuals can achieve any level of privacy that is desired.
Dilma has been tasked with creating a list of potential employees to serve in an upcoming tabletop exercise. Which employees will be on her list?
A) All employees
B) Individuals on a decision-making level
C) Full-time employees
D) Only IT managers
B) Individuals on a decision-making level
Which of these is NOT a response to risk?
A) mitigation
B) transference
C) resistance
D) avoidance
C) resistance
Each of the following accounts should be prohibited EXCEPT:
A) Shared accounts
B) Generic accounts
C) Privileged accounts
D) Guest accounts
Ilya has been asked
C) Privileged accounts
A RADIUS authentication server requires the ________ to be authenticated first.
A) authenticator
B) user
C) authentication server
D) supplicant
D) supplicant
Which of the following is NOT a risk associated with the use of private data?
A) Individual inconveniences and identity theft
B) Associations with groups
C) Statistical inferences
D) Devices being infected with malware
D) Devices being infected with malware
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?
A) MTTR
B) MTBR
C) MTBF
D) MTTI
A) MTTR
Angela was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the follow would she NOT list in her report?
A) Legal authorization
B) Indemnification
C) Limit retaliation
D) Access to resources
D) Access to resources
Mike has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?
A) OAuth
B) Open ID Connect
C) Shibboleth
D) NTLM
A) OAuth
Which of the following is NOT true regarding how an enterprise should handle an orphaned or dormant account?
A) A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization.
B) Access should be ended as soon as the employee is no longer part of the organization.
C) Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.
D) All orphaned and dormant accounts should be deleted immediately whenever they are discovered.
D) All orphaned and dormant accounts should be deleted immediately whenever they are discovered.
Which of the following is NOT an issue raised regarding how private data is gathered and used?
A) The data is gathered and kept in secret.
B) By law, all encrypted data must contain a “backdoor” entry point.
C) Informed consent is usually missing or is misunderstood.
D) The accuracy of the data cannot be verified.
B) By law, all encrypted data must contain a “backdoor” entry point.
Which of the following is NOT a category of fire suppression systems?
A) Water sprinkler system
B) Wet chemical system
C) Clean agent system
D) Dry chemical system
B) Wet chemical system
Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites?
A) operational
B) managerial
C) technical
D) strategic
C) technical
How is key stretching effective in resisting password attacks?
A) It takes more time to generate candidate password digests.
B) It requires the use of GPUs.
C) It does not require the use of salts.
D) The license fees are very expensive to purchase and use it.
A) It takes more time to generate candidate password digests.
With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage?
A) RADIUS
B) Lite RDAP
C) DAP
D) RDAP
A) RADIUS
Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm?
A) Vulnerability assessment
B) Penetration test
C) Vulnerability scan
D) Risk appraisal
A) Vulnerability assessment
Which of the following is NOT required for a fire to occur?
A) A chemical reaction that is the fire itself
B) A type of fuel or combustible material
C) A spark to start the process
D) Sufficient oxygen to sustain the combustion
C) A spark to start the process
Which of the following approaches to risk calculation typically assigns a numeric value (1‒10) or label (High, Medium, or Low) represents a risk?
A) Quantitative risk calculation
B) Qualitative risk calculation
C) Rule-based risk calculation
D) Policy-based risk calculation
A) Quantitative risk calculation