1. A Bluetooth piconet is an example of what type of network topology?   ad hoc topology
2. A client PC on your company’s network is attempting to browse to a vendor’s web page on the Internet, but the computer goes to a malicious web page instead. What two utilities can you use to verify that the DNS records are correct for the web page?   nslookup, dig
3. By creating a starting point for comparison purposes in order to apply targets and goals to measure success, what are you doing?  Establishing a baseline
4. How does a distributed denial of service attack differ from a regular denial of service attack?  DDoS attacks utilize many computers for making bogus requests, instead of just one.
5. In what type of security policy might you define the required minimal security configuration for servers on the network?  server security policy
6. Of the two encryption modes supported by IPsec, what mode is more secure, and why?  Tunnel mode, because the header and data portion of the packet are encrypted.
7. Per your company’s data destruction policy, you have been tasked with the destruction of data on a magnetic hard drive. The policy employed by your company specifies that you must destroy the drive by reducing or eliminating the magnetic fields present in the drive. What method should you use?  You should perform a degaussing procedure on the drive.
8. Providing the minimum amount of privileges necessary to perform a job or function is known as what security principle?  least privilege
9. What are the two different types of one-time password that can be created?  HMAC based one-time password (HOTP) & time-based one time password (TOTP)
10. What are two items that are specifically part of the Secure DevOps methodology?  security automation, continuous integration
11. What block cipher mode of operation involves each ciphertext block being fed back into the encryption process to encrypt the next plaintext block?  Cipher Block Chaining (CBC
12. What DNS vulnerability can be specifically addressed by utilizing Domain Name System Security Extensions (DNSSEC)   DNS poisoning
13. What does a component’s mean time between failures (MTBF) value determine?  It refers to the average amount of time until a component fails and cannot be repaired.
14. What encryption protocol is used for the WPA2 wireless standard?   Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
15. What feature of a mobile device management system could be used to restrict the use of an application containing confidential data to only a specific geographical area?   Geofencing
16. What is NOT an advantage of using job rotation in a complex business environment?  It reduces job training costs by ensuring everyone knows how to do everyone else’s job.
17. What is the most secure form of IEEE 802.1x authentication?   certificate based
18. What statement accurately defines what a race condition is and how it might affect a computer?  A race condition occurs when concurrent threads of execution access a shared resource simultaneously, producing unintended consequences.
19. What statement correctly defines what a rainbow table is in relation to password attacks?  A rainbow table is a compressed representation of cleartext passwords that are related and organized in a sequence.
20. What statement describes the Privacy Enhancement Mail (PEM) X.509 format?  It is designed to provide confidentiality and integrity to emails utilizing DER encoding
21. What two statements describe methods that can be employed by armored viruses in order to avoid detection?  Armored viruses can use encrypted code pieces to assemble itself with the help of an infected program. & Armored viruses may mutate or change their code on the fly to avoid detection.
22. What type of cryptography provides security comparable to asymmetric encryption with significantly reduced computational power and with smaller key sizes?  elliptic curve cryptography
23. What type of malware specializes in avoiding detection by accessing lower layers of the operating system or by using undocumented functions to make alterations?  Rootkit
24. When dealing with the preservation of evidence, who should be responsible for processing the evidence?   Properly trained computer evidence specialists.
25. When deploying sensors, collectors, and filters, where should they be placed in the network? They should be placed where the stream of data is largest.
26. When using application-based firewalls, what is NOT capable of being used to identify an application being used?  IP addresses
27. When using OAuth, how are a user’s username and password received by a third party server.  The username and password are replaced by a an authentication token, which is then used to gain access to the third party server.
28. When you are configuring password policy settings in Group Policy, what is the recommended setting for password reuse?   24 new passwords must be used before a reused password.
29. You are speaking to your CIO, and she has instructed you to ensure that the network is “five nines” in percentage of availability. What is the total yearly downtime  5.26 minutes
30. You have been tasked with responding to a security incident involving the compromise of a manager’s documents. You and your team have determined that the attacker involved copied files via a Bluetooth connection with the manager’s unprotected cell phone. What kind of attack was this?   bluesnarfing attack

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG