Security Threats
What is the best countermeasure against social engineering?
Acceptable use policy
User awareness training
Access auditing
Strong passwords
User awareness training
Which of the following security measures is a form of biometrics?
Fingerprint scanner
Chassis intrusion detection
TPM
BIOS password
Fingerprint scanner
Which Internet protocol is used to transmit encrypted data?
DNS
HTTPS
FTP
HTTP
HTTPS
A user has opened a web browser and accessed a website where they are creating an account. The registration page is asking the user for their username (email address) and a password. The user looks at the URL and the protocol being used is HTTP. Which of the following describes how the data will be transmitted from the webpage to the webserver?
WPA2 encryption
Cipher text
Plain text
AES encrypted message
Plain text
Which of the following components of a successful access control framework is the process of proving that you are who you say you are?
Accounting
Access control
Authorization
Authentication
Authentication
Which of the following is a common form of social engineering attack?
Stealing the key card of an employee and using that to enter a secured building.
Using a sniffer to capture network traffic.
Hoax virus information emails.
Distributing false information about your organization's financial status.
Hoax virus information emails.
Which of the following is not a form of biometrics?
Smart card
Face recognition
Retina scan
Fingerprint
Smart card
Which of the following protocols can be enabled so email is encrypted on a mobile device?
IMAP
SMTP
SSL
POP3
SSL
An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client's email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email?
Cipher text
File level encryption
Plain text
Host-based firewall
Cipher text
Which of the following would best prevent an unauthorized person from remotely accessing your computer?
Lockdown device
Anti-spam software
Firewall
Anti-malware software
Firewall
Mark received an email from a software company claiming his account will be disabled soon. The email contains several spelling errors, an attachment, and states he should open the attachment for further instructions. What should Mark do?
Forward the email to a friend and ask for advice.
Open the attachment because he has antivirus software installed.
Delete the email without opening the attachment.
Reply to the sender and ask if the attachment is safe.
Delete the email without opening the attachment.
Your company wants to use multifactor authentication. Which of the following would you most likely suggest?
Token and smartphone
PIN and smart card
Password and passphrase
Fingerprint and retinal scan
PIN and smart card
A technician is tasked to add a valid certificate to a mobile device so that encrypted emails can be opened. Which of the following email protocols is being used?
IMAP
IMEI
POP3
S/MIME
S/MIME
A small business wants to make sure their wireless network is using the strongest encryption to prevent unauthorized access. Which of the following wireless encryption standards should be used?
WPS
WEP
WPA2
WPA
WPA2
Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams are collectively known as _________.
Bloatware
Illegal messages
Spam
Cookies
Spam
Which of the following describes a Man-in-the-Middle attack?
A person over the phone convinces an employee to reveal their logon credentials.
An attacker intercepts communications between two network hosts by impersonating each host.
An IP packet is constructed which is larger than the valid size.
Malicious code is planted on a system where it waits for a triggering event before activating.
An attacker intercepts communications between two network hosts by impersonating each host.
Which of the following access controls gives only backup administrators access to all servers on the network?
Mandatory
Discretionary
Authorization
Role-based
Role-based
While configuring a wireless access point device, a technician is presented with several security mode options. Which of the following options will provide the most secure access?
WPA2 and AES
WPA and AES
WPA2 and TKIP
WPA and TKIP
WEP 128
WPA2 and AES
The CEO of a small business travels extensively and is worried about having the information on their laptop stolen if the laptop is lost or stolen. Which of the following would BEST protect the data from being compromised if the laptop is lost or stolen?
Complex password
Anti-theft lock
Anti-malware
Full disk encryption
Full disk encryption
Why is it better to use a credit card than a debit card for online purchases?
Credit cards keep track of all your transactions
Credit cards have better fraud protection
Credit cards have better interest rates
Debit cards require you to pay additional fees
Credit cards have better fraud protection
You work for a company that offers their services through the Internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial-of-service attack. As a first responder, which of the following is the next BEST step to perform?
Hire a forensic team to gather evidence.
Contain the problem.
Prevent such an incident from occurring again.
Investigate how the attack occurred.
Contain the problem.
Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?
Authentication
Authorization
Non-repudiation
Integrity
Non-repudiation
A technician is tasked to configure a mobile device to connect securely to the company network when the device is used at offsite locations where only internet connectivity is available. Which of the following should the technician configure?
VPN
IMAP
Bluetooth
Hotspot
VPN
Gloria is concerned that her online banking transactions could be intercepted if she uses public WiFi. Which of the following could she use to prevent access to her online transactions?
Mandatory Access Control (MAC)
VPN
Multifactor authentication
Single sign-on
VPN
The password policy below incorporates the following:
Passwords must include at least one capital letter
Passwords must include a mix of letters and numbers
Passwords must be different from the past eight passwords
Passwords must contain at least one non-alphanumeric character
Which of the following password best practices are being used? (Select TWO).
Password length
Password history
Password age
Password lockout
Password complexity
Password expiration
Password history
Password complexity