






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive set of multiple-choice questions covering key concepts in computer security and access control. It explores various authentication methods, access control models, security monitoring techniques, and cryptography principles. The questions are designed to assess understanding of topics such as password security, multi-factor authentication, access control policies, auditing, encryption algorithms, and digital certificates. This resource is valuable for students studying network security and related disciplines.
Typology: Exams
1 / 12
This page cannot be seen from the preview
Don't miss anything!







Which of the following would fall into the category of something the user is? A. Password B. Thumbprint C. Smartcard D. Signature - correct answer Thumbprint Which of the following is described as "when a person's identity is confirmed or verified through the use of a specific system"? - correct answer Authentication You are installing a video monitoring system for your organization. You do not want any outside people to view the video. What is the best solution? - correct answer CCTV In an 802.1X connection, the authenticator is software running on a workstation. - correct answer False Authentication is when a person's identity is confirmed through the use of a specific system. - correct answer True Which port does terminal services use? - correct answer 3389 Identity proofing is an initial validation of an identity. - correct answer True
Multifactor authentication is when a user can log in once and gain access to multiple systems. - correct answer False Which of the following is the most secure? A. CHAP B. MS-CHAP C. PAP D. MS-CHAP2 - correct answer MS-CHAP Which of the following authentication methods is used more commonly on UNIX networks? - correct answer TACACS A smart card is an example of something a user knows. - correct answer False Cisco created a proprietary version of EAP called LEAP. - correct answer True Authorization is when a person is in a state of being identified. - correct answer False Which of the following is when two or more types of authentication are used when dealing with access control? - correct answer Multifactor Authentication An older type of door access system might use a proximity sensor. - correct answer True Which of the following are commonly used in VPN tunneling protocols? (Select the two best answers.) - correct answer 1.L2TP
Which of the following keeps every user in a standard user mode instead of as an administrator, even if the user is a member of the administrators group? - correct answer User account control Of the following, what are two good ways to protect the computer? (Select the two best answers.) - correct answer --Rename and password protect the administrator account. -Verify that the guest account is disabled. In a discretionary access control model, who is in charge of setting permissions to a resource? - correct answer Owner of resource Maximum and minimum password age" is part of which of the following - correct answer Password policy Which of the following is an access control policy determined by a computer system and not by a user or owner? - correct answer MAC DAC is an access control policy generally determined by the owner. - correct answer True If a child folder is inheriting its permissions from a parent folder, it could be said that the parent is propagating those permissions to the child. - correct answer True If you move a folder to a different location on the same volume, that folder will lose its permissions. - correct answer False Lattice-based access control is an example of role-based access control. - correct answer False Which of the following access control policies is based on sets of permissions involved in an operation? - correct answer RBAC Which of the following should be included in a password to make it complex? (Select the three best answers.) - correct answer Special characters
Uppercase letters Numbers What key combination helps to secure the logon process? - correct answer Ctrl+Alt+Del To change permissions on a file in Linux, you would use the chmod commands. - correct answer True Active Directory Users and Computers can be used to add organizational units to a domain. - correct answer True Full control is a type of NTFS permission that might be enabled within an access control list. - correct answer True In a signature-based monitoring environment, network traffic is analyzed for predetermined attack patterns. - correct answer True You are setting up auditing on a Windows XP Professional computer. If set up properly, which log should have entries? - correct answer Security Log Which of the following is not part of the three-step auditing process? - correct answer Evaluating the system log By default Wireshark is nonpromiscuous. - correct answer False Behavior-based monitoring establishes a performance baseline based on a set of normal network traffic evaluations. - correct answer False A broadcast storm is when the TCP/IP handshake has been compromised. - correct answer False
Which of the following is not an example of a default hidden share? - correct answer Security$ Baselining is the process of measuring changes in networking - correct answer True A key is an essential piece of information that determines the output of a cipher. - correct answer True Which of the following are asymmetric encryption algorithms? - correct answer -RSA -Diffie- Hellman Which of the following is a common standard used today and relies on a 256-bit block size? - correct answer AES Which of the following employs a 160-bit hash? - correct answer SHA- Cryptography is the practice of hiding information. - correct answer True Which of the following is based off of the MD5 hash? - correct answer NTLM Steganography uses a certificate authority to manage keys. - correct answer False Public keys are known only to specific users who keep the key secret. - correct answer False DES is a commonly used block cipher. - correct answer False Public key cryptography uses asymmetric keys alone or in addition to symmetric keys. - correct answer True
Which of the following types of encryption can encrypt plaintext with a secret random key that is the same length as the plaintext? - correct answer One-time pad Encryption is a type of cipher. - correct answer False Which of the following is the newest and strongest Windows hash? - correct answer NTLM Which of the following encryption algorithms is based on the structure of an elliptic curve? - correct answer ECC Symmetric key algorithms require a secure initial exchange of one or more secret keys - correct answer True A stream cipher is a type of algorithm that encrypts a group of bits collectively as blocks. - correct answer False Which of the following is a stream cipher? - correct answer RC 4 A summary of a file or message best describes which of the following? - correct answer Hash Within the birthday paradox, what is the probability that 2 people have the same birth date within a group of 23 people? - correct answer 50 Which of the following is used to secure L2TP sessions? - correct answer IPsec If a key pair is generated at a local computer, it is considered to be de-centralized - correct answer True Certificates are digitally signed electronic documents that bind a private key with a user identity. - correct answer False Most PKIs use a web of trust model. - correct answer False
Which of the following is not a category of disaster? - correct answer Pretexting Which of the following backup schemes could be described as using a daily, weekly, and monthly set of tapes? - correct answer Grandfather-father-son Which of the following backs up only the contents of a folder that have changed since the last full backup? - correct answer Differential backup Which of the following is a near duplicate of the original site of the organization? - correct answer Hot site A UPS combines the functionality of a surge suppressor and a battery backup. - correct answer True RAID 0+1 combines the advantages of RAID 0 and RAID 1. - correct answer True A blackout is when a total loss of power for a prolonged period occurs. - correct answer True RAID 1 is known as striping with parity. - correct answer False Which of the following can be described as striping with parity? - correct answer Raid 5 Failure resistant disk systems protect against data loss due to disk failure. An example of this would be RAID 1 mirroring. - correct answer True A portable gas engine generator is the best solution for a company that wants a permanently installed generator. - correct answer False Which of the following is also known as "high-availability clusters"? - correct answer Failover clusters
Redundant power supplies can help in the case of a brownout. - correct answer False A surge is a short transient in the voltage that can be due to a short circuit or power outage. - correct answer False Shielded twisted-pair cable is an example of a Faraday cage. - correct answer False FM200 systems use a clean agent fire extinguishant. - correct answer True A class D fire extinguisher should be used in a chemical laboratory. - correct answer True Social engineering is the act of manipulating users into revealing confidential information. - correct answer True A CO2 fire extinguisher displaces oxygen needed for fire to burn. - correct answer True Which of the following types of policies defined the rules that restrict how a computer or other system may be used by an employee? - correct answer Acceptable use Which of the following data sensitivity classifications is often broken into sections on a need-to-know basis? - correct answer Top secret information A fire extinguisher denoted by a green triangle should be used for ash fires. - correct answer True Fire class K extinguishers should be used for electrical fires. - correct answer False In a standard incident response process, which of the following steps happens after investigation? - correct answer Eradication Which of the following is when a thief attempts to take responsibility for shipment by redirecting it to another location? - correct answer Diversion theft