logo image

Security Test 3

What is the name for a standard or checklist against which systems can be evaluated and audited for their level of security (security posture)?
Baseline
Anti-virus products typically utilize what type of virus scanning analysis?
Static analysis
Mobile devices with global positioning system (GPS) abilities typically make use of:
Location services
Proximity readers utilize a special type of tag that can be affixed to the inside of an ID badge. What is the name for this type of tag?
Radio frequency identification tag
What is the best way to prevent data input by a user from having potentially malicious effects on software?
Escaping user responses
Mobile Device Management systems that allow users to store usernames and passwords within a device are said to be using:
Credential Manegement
Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristics of a virus. Which of the following is the name for this technique?
Heuristic detection
How can an area be made secure from a non-secured area via two interlocking doors to a small room?
Using a man trap
Cipher locks are sometimes combined with what type of sensor which uses infrared beams that are aimed across a doorway?
Tailgate sensors
What type of filtering utilizes an analysis of the content of spam messages in comparison to neutral/non-spam messages in order to make intelligent decisions as to what should be considered spam?
Bayesian filtering
Which of the following can be enabled to prevent a mobile device from being used until a user enters the correct passcode such as a pin or password?
Enable a lock screen
A system such as a printer, smart TV, or HVAC controller typically uses an operating system on what is called a(n):
Embedded system
Which of the following are options of the SD format card families? (Choose three.)
Standard Capacity (SDSC)
High Capacity (SDHC)
Secure Digital Input Output (SDIO)
Which of the following ports can be found in a laptop? (Choose three.)
USB eSATA RJ-45
Simply using a mobile device in a public area can be considered a risk.
True
Mobile devices such as laptops are stolen on average once every 20 seconds
False
DLP agent sensors are installed on each host device and monitor for actions such as printing, copying to a USB flash drive or burning to a CD or DVD.
True
____________ paint is a nontoxic petroleum gel-based paint that is thickly applied and does not harden; thereby, making any coated surface very difficult to climb.
Anti-climb
__________ are portable computing devices that are generally larger than smartphones, smaller than notebooks and focused on ease of use.
Tablets
A ____________ is a matrix or two-dimensional barcode first designed for the automotive industry in Japan.
quick response code
Instead of using a key or entering a code to open a door, a user can use an object such as an ID badge to identify themselves in order to gain access to a secure area. Which of the following describes this type of object?
physical token
Which PIN is considered to be the most commonly used PIN?
1234
Which of the following mobile operating systems require all applications to be reviewed and approved before they can be made available on the public store front?
iOS
Which of the following management systems can help facilitate asset tracking?
Mobile Device Management MDM
Which of the following is a type of computing device that uses a limited version of the Linux operating system and uses a web browser with an integrated medial player?
Web-based
What is the name for a cumulative package of all patches and hotfixes as well as additional features up to a given point?
Service Pack
What term is used to describe the operation of stockrooms where mobile devices are stored prior to their dispersal to employees?
Inventory Control
A QR code can contain which of the following items directly? (Choose three.)
phone number, email address, URL
Which of the following are types of settings that would be included in a Microsoft Windows security template? (Choose three.)
Account policies, user rights, System servicews
Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications and monitoring logs.
True
The Google Android mobile operating system is a proprietary system for use on only approved devices.
False
The Apple _________ operating system, developed by Apple for their mobile devices, is a closed and proprietary architecture.
iOS
A(n) _____________ is a record or list of individuals who have permission to enter a secure area, the time they entered and the time they left the area.
Access List
A _____________ is a document or series of documents that clearly defines the defense mechanisms an organization will employ in order to keep information secure.
Security Policy
An ultrabook is an example of what type of a portable computer?
Subnotebook
What PC Card type is typically used for memory?
Type I
Which of the following is a wearable technology?
Google Glass
How can an administrator manage applications on mobile devices using a technique called “app wrapping”?
mobile application management
What is the maximum effective range of a typical passive RFID tag?
19
The PC Card and CardBus devices are being replaced with which technology?
ExpressCard
What SD card family can be used to transmit pictures over a wireless network to a laptop hard drive or wireless printer?
SDIO
What type of video surveillance is typically used by banks, casinos, airports and military installations and commonly employs guards who actively monitor the surveillance?
CCTV
Which of the following are considered to be basic characteristics of mobile devices? (Choose three.)
small form factor, mobile operating system, data synchronization capabilities
Combination padlocks consist of buttons that must be pushed in the proper sequence in order to be unlocked.
False
DLP agent sensors are unable to read inside compressed files and binary files.
Flase
____________ locks keep a record of when the door was opened and by which code.
Cipher
___________ uses a device’s GPS to define geographical boundaries where an app can be used.
Geo-fencing
Select the tool below that consists of a system of security tools that is used to recognize and identify data that is critical to an organization and ensures that it is protected:
Data loss prevention
Which of the following describes a hand-held mobile device that was intended to replace paper systems and typically included an appointment calendar, an address book, a “to-do” list, a calculator and the ability to record limited notes?
PDA
A spiked collar that extends horizontally for up to 3 feet from the pole is an example of what type of technology?
Anti-climb
Most portable devices and some computer monitors have a special steel bracket security slot built into the case which can be used in conjunction with a:
Cable Lock
An independently rotating large cup affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What the name of this technology?
Roller Barrier
Which of the following are features provided by a typical MDM? (Choose three.)
Rapidly enroll new mobile devices
Discover devices accessing enterprise systems
Selectively erase corporate data while leaving personal data intact
Keyed entry locks are much more difficult to defeat than deadbolt locks.
False
Mobile devices use _________ for storage, which is a nonvolatile solid state electronic storage that can be electrically erased and reused.
flash memory
What type of device is designed to prevent malicious network packets from entering or leaving computers or networks (often referred to as a packet filter)?
Firewall
The CardBus is a 64-bit bus in the PC card form factor.
False
Most DLP systems make use of which of the following methods of security analysis?
Content inspection
____________ security is the physical security that specifically involves protecting the hardware of the host system, particularly portable laptops, netbooks and tablet computers that can easily be stolen.
Hardware
A QR code can store website URLs, plain text, phone numbers, e-mail addresses or virtually an alphanumeric data up to 4296 characters.
True
The action that is taken by a subject over an object is called a(n):
Operation
Select below the access control model that uses access based on a user’s job function within an organization:
Role based access control
What is the name for a predefined framework that can be used for controlling access and is embedded into software and hardware?
Access control Model
What type of attack involves an attacker stealing a file containing password digests and comparing the stolen digests to digests created by the attacker?
Offline Cracker
When using Role Based Access Control (RBAC), permissions are assigned to:
Roles
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
Account expiration
_________ in access control indicates that a condition has not been explicitly met; therefore, access has been rejected.
Implicit deny
Which authentication protocol runs on Microsoft Windows, Apple MAC OS X, and Linux?
Kerberos
Passwords that are transmitted can be captured by what type of software?
Protocol analyzer
A RADIUS authentication server requires that the ________ be authenticated first.
Supplicant
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
ACL
In a UAC prompt, what color is used to indicate the lowest level of risk?
Grey
The use of a single authentication credential that is shared across multiple networks is called:
Identity management
The capability to look up information by name under the X.500 standard is known as a(n) _______ -pages service.
White
A(n) __________ attack begins with the attacker creating encrypted versions of common dictionary words and comparing them against those in a stolen password file.
Dictionary
To prevent one individual from having too much control, employees can __________ job responsibilities within their home department or across positions in other departments.
Rotate
OpenID is an example of a web-based federated identity management (FIM) system.
FIM
Using a rainbow table to crack a password requires three steps: creation of the table, comparing the table to known hash values and decrypting the password.
False
A shield icon warns users if they attempt to access any feature that requires UAC permission.
True
A ___________ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents.
LDAP injection attack
Which of the following is a decentralized open-source FIM that does not require specific software to be installed on the desktop?
OpenID
Which type of one-time password (OTP) changes after a set time period?
Time based one time password TOTP
What is the center of the weakness of passwords?
Human memory
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:
Separation of duties
Which of the following is the version of the X.500 standard that runs on a personal computer over TCP/IP?
LDAP
With the development of IEEE 802.1x port security, the __________ authentication server has seen greater usage.
RADIUS
Which of the following attacks is an attempt to compare a known digest to an unknown digest?
Pre-image attack
A RADIUS __________ is a computer that forwards RADIUS messages among RADIUS clients and RADIUS servers.
Proxy
In the DAC model, __________ can create and access their objects freely.
Owners
Passwords provide strong protection.
False
Which of the following is the name given to an individual who periodically reviews security settings and maintains records of access by users?
Custodian
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
DAP
Which access control model is considered to be the least restrictive?
Discretionary access control
Which authentication factor is based on a unique talent that a user possesses?
What you do
What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?
Brute force
A token __________ is a unique random string of characters that is encrypted to protect the token from being used by unauthorized parties.
Identifier
Authorization and access are viewed as synonymous and in access control they are the same step.
False
A user or process functioning on behalf of the user that attempts to access an object is known as the:
Subject
Which of the following describes the time it takes for a key to be pressed and then released?
Dwell time
Which of the following involves the creation of a large pregenerated data set of candidate digests?
Rainbow tables
Which federated identity management (FIM) relies on token credentials?
OAuth
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
RADIUS
___________ is granting or denying approval to use specific resources.
Access control
The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.
False
The Bell-LaPadula (BLP) model of MAC can be used to prevent subjects from creating a new object or performing specific functions on objects that are at a lower level than their own.
True
A U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is:
Common access card CAC
Which type of biometrics is based on the perception, thought process and understanding of the user
Cognitave biometrics
What access control model below is considered to be the most restrictive access control model and involves assigning access controls to users strictly according to the custodian?
Mandatory access control
A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:
Password
Which hashing algorithm below is used with NTLMv2’s Hashed Message Authentication Code?
MD5
The use of one authentication credential to access multiple accounts or applications is referred to as:
Single sign on
Which of the following is a set of permissions that is attached to an object?
Access control List
What can be used to increase the strength of hashed passwords?
Salt
Geolocation is the identification of the location of a person or object using technology and can be used as part of an authentication method.
True
In the Mandatory Access Control (MAC) model, every subject and object ___________.
Is assigned a label
A list of the available nonkeyboard characters can be seen in Windows by opening which of the following utilities?
charmap.exe
Group policy is a Unix feature that allows for the centralized management and configuration of computers and remote users using Unix Active Directory.
False
A(n) _________ is the person who is responsible for the information, determines the level of security needed for the data and delegates security duties as required.
owner
How is the Security Assertion Markup Language (SAML) used?
Allows secure web domains to exchange user authentication and authorization data
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
Orphaned
In most systems, a user logging in would be asked to _________ herself.
identify
Entires within a Directory Information Base are arranged in a tree structure called the:
DIT
Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users.
Kerberos
Token credentials can be revoked at any time by the user without affecting other token credentials issued to other sites.
True
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
TACACS
The most common type of authentication today is a(n) _________.
Password
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
Rule based access control
Which of the following involves a dictionary attack combined with a brute force attack and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backwards, slightly misspelling words, or including special characters?
Hybrid
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
Authentication request

Need essay sample on "Security Test 3"? We will write a custom essay sample specifically for you for only .90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register
Signup & Access Essays

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy