Security Threats
What is the best countermeasure against social engineering?
a. User awareness training
b. Access auditing
User awareness training
Which of the following security measures is a form of biometrics?
a. BIOS password
b. Fingerprint scanner
Fingerprint scanner
A technician assists Joe, an employee in the Sales department, who needs access to the client database by granting Joe administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
a. Multifactor authentication
b. Principle of least privilege
Principle of least privilege
Which Internet protocol is used to transmit encrypted data?
a. HTTP
b. HTTPS
HTTPS
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
a. Zombie/botnet
b. Man-in-the-middle
Zombie/botnet
Which of the following is a common form of social engineering attack?
a. Hoax virus information emails.
b. Stealing the key card of an employee and using that to enter a secured building.
Hoax virus information emails.
What do biometrics use to perform authentication of identity?
a. Knowledge of passwords
b. Biological attributes
Biological attributes
Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open the file but, after making changes, can't save the file. Which of the following digital security methods is MOST likely preventing this?
a. Directory permission
b. Data loss prevention
Directory permission
Which of the following protocols can be enabled so email is encrypted on a mobile device?
a. SSL
b. IMAP
SSL
An attacker intercepts communications between two network hosts by impersonating each host.
a. Wiretapping
b. Power outage
Power outage
Which of the following describes a Man-in-the-Middle attack?
a. An attacker intercepts communications between two network hosts by impersonating each host.
b. An IP packet is constructed which is larger than the valid size.
An attacker intercepts communications between two network hosts by impersonating each host.
Which of the following is not a form of biometrics?
a. Retina scan
b. Smart card
Smart card
Which of the following access controls gives only backup administrators access to all servers on the network?
a. Discretionary
b. Role-based
Role-based
A technician is tasked to add a valid certificate to a mobile device so that encrypted emails can be opened.
Which of the following email protocols is being used?
a. S/MIME
b. IMEI
S/MIME
A user has opened a web browser and accessed a website where they are creating an account. The registration page is asking the user for their username (email address) and a password. The user looks at the URL and the protocol being used is HTTP. Which of the following describes how the data will be transmitted from the webpage to the webserver?
a. Plain text
b. Cipher text
Plain text
In which of the following situations should you expect total privacy?
a. Financial transactions
b. Social networking
Financial transactions
After entering a user ID and password, an online banking user must enter a PIN that was sent as a text message to the user's mobile phone. Which of the following digital security methods is being used?
a.
b. DLP
Multifactor authentication
If a malicious user gains access to the system, which component of the framework lets administrators know how they gained access and what exactly they did?
a. Accounting
b. Access control
Accounting
While configuring a wireless access point device, a technician is presented with several security mode options. Which of the following options will provide the most secure access?
a. WPA and AES
b. WPA2 and AES
WPA2 and AES
An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client's email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email?
a. Plain text
b. Cipher text
Cipher text
In which of the following should you expect some privacy?
a. Personally identifiable information entered into a human resource database
b. Sharing a photo through a mobile phone app
Personally identifiable information entered into a human resource database
Your company wants to use multifactor authentication. Which of the following would you most likely suggest?
a. Token and smartphone
b. PIN and smart card
PIN and smart card
Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?
a. Authentication
b. Non-repudiation
Non-repudiation
A technician is tasked to configure a mobile device to connect securely to the company network when the device is used at offsite locations where only internet connectivity is available. Which of the following should the technician configure?
a. Bluetooth
b. VPN
VPN
A small business wants to make sure their wireless network is using the strongest encryption to prevent unauthorized access. Which of the following wireless encryption standards should be used?
a. WEP
b. WPA2
WPA2