Ann, a security administrator, has been tasked by the Chief Information Officer (CIO) to have the company’sapplication servers tested using black box methodology.Which of the following BEST describes what Ann has been asked to do? A. Verify the server’s patch level and attempt various knows exploits that might be possible due to missing security updates. […]
Which of the following options would BEST ensure employees are only viewing information associated to the customers they
XYZ Company has a database containing personally identifiable information for all its customers.Which of the following options would BEST ensure employees are only viewing information associated to thecustomers they support? A. Auditing B. Access Control C. Encryption D. Data ownership Explanation:http://searchsecurity.techtarget.com/definition/access-control Show Answer
An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the followingsecurity exposures would this lead to? A. A virus on the administrator’s desktop would be able to sniff the administrator’s username and password. B. Result in an attacker being able to phish the employee’s username and password. […]
Which of the following is the LEAST secure hashing algorithm? A. SHA1 B. RIPEMD C. MD5 D. DES Show Answer
Recently several employees were victims of a phishing email that appeared to originate from the companypresident. The email claimed the employees would be disciplined if they did not click on a malicious link in themessage. Which of the following principles of social engineering made this attack successful? A. Authority B. Spamming C. Social proof D. […]
Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joereceives a response, he is unable to decrypt the response with the same key he used initially. Which of thefollowing would explain the situation? A. An ephemeral key was used for one of the messages B. A stream […]
Which of the following attack types is being carried out where a target is being sent unsolicited messages via Bluetooth?
Which of the following attack types is being carried out where a target is being sent unsolicited messages viaBluetooth? A. War chalking B. Bluejacking C. Bluesnarfing D. Rogue tethering Explanation:Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobilephones, PDAs or laptop computers, sending a vCard which typically contains a […]
Which of the following risk mitigation strategies should have been implemented when the supervisor was demoted?
A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify thecontents of a confidential database, as well as other managerial permissions. On Monday morning, thedatabase administrator reported that log files indicated that several records were missing from the databaseWhich of the following risk mitigation strategies should have been […]
A security technician would like to obscure sensitive data within a file so that it can be transferred withoutcausing suspicion. Which of the following technologies would BEST be suited to accomplish this? A. Transport Encryption B. Stream Encryption C. Digital Signature D. Steganography Explanation:Steganography is the process of hiding a message in another message so […]
A system administrator needs to implement 802.1x whereby when a user logs into the network, theauthentication server communicates to the network switch and assigns the user to the proper VLAN.Which of the following protocols should be used? A. RADIUS B. Kerberos C. LDAP D. MSCHAP Show Answer