1 / 31

Chapter One: Mastering the Basics of Security

Chapter One: Mastering the Basics of Security. McKinley Cybersecurity Team. Question 1.

lavonn
Télécharger la présentation

Chapter One: Mastering the Basics of Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter One: Mastering the Basics of Security McKinley Cybersecurity Team

  2. Question 1 As requested by your manager you purchase two servers to participate in a server cluster so that if one server fails, the other server will take over the workload. Which of the following goals of security has been met?A. Confidentiality B. Accountability C. Integrity D. Availability

  3. Question 2 You have protected the contents of a highly sensitive file by encrypting the data using Windows EFS. Which of the following goals of security has been satisfied? • Confidentiality • Accountability • Integrity • Availability

  4. Question 3 You have managed the file permissions on a file so that unauthorized persons cannot make modifications to the file. What goal of security has been met? • Confidentiality • Accountability • Integrity • Availability

  5. Question 4 You have configured your network so that each person on the network must provide a username and password to gain access. Presenting a username is an example of what? • Authentication • Identification • Authorization • Confidentiality

  6. Question 5 You have configured the permissions on the accounting folder so that the Accounting group can create, modify, and delete content in the folder; the Managers group can read the contents of the folder; and all other users have been denied access. This is an example of which of the following? • Authentication • Identification • Authorization • Confidentiality

  7. Question 6 Which of the following are considered biometrics? (Select all that apply) • Username and password • Smartcard • PIN number • Fingerprint • Retina scan

  8. Question 7 Before an individual is authorized to access resources on the network, they are first ________ with the network. • Authenticated • Identified • Authorized • Encrypted

  9. Question 8 You want to ensure that data is only viewable by authorized users. What security principle are you trying to enforce? • Confidentiality • Integrity • Availability • Authentication

  10. Question 9 Of the following choices, what is the best way to protect the confidentiality of data? • Authentication • Encryption • Hashing • Checksums

  11. Question 10 An organization hosts several bays of servers used to support a large online ecommerce business. Which one of the following choices would increase the availability of this datacenter? • Encryption • Hashing • Generators • Integrity

  12. Question 11 You are planning to host a free online forum for users to share IT security-related information with each other. Any user can anonymously view data. Users can post messages after logging in but you do not want users to be able to modify other users’ posts. What levels of confidentiality, integrity & availability should you seek? • Low C, low I and low A • Medium C, low I and high A • High C, low I and low A • Low C, medium I and medium A

  13. Question 12 You are reviewing a firewall's ACL (Access Control List) and see the following statement: Drop All. What security principle does this enforce? • Least privilege • Integrity • Availability • Implicit Deny

  14. Question 13 What is the purpose of risk mitigation? • Reduce the chances that a threat will exploit a vulnerability • Reduce the chances that a vulnerability will exploit a threat • Eliminate risk • Eliminate threats

  15. Question 14 Your organization is addressing single points of failure (SPOF) as potential risks to security. What are they addressing? • Confidentiality • Integrity • Availability • Authentication

  16. Question 15 An organization hosts several bays of servers used to support a large online eCommerce business. They want to ensure that customer data hosted within the data center is protected and they implement several access controls including an HVAC (Heating/Ventilation/Air Conditioning) system. What does the HVAC system protect? • Access • Availability • Confidentiality • Integrity

  17. Question 16 A database administrator is tasked with increasing the retail prices of all products in a database by 10%. The administrator writes a script performing a bulk update of the database and executes it. However, all retail prices are doubled increased by 100% instead of 10%). What has been lost? • Confidentiality • Integrity • Hashing • Authentication

  18. Question 17 Your security administrator has told you that he’s implementing a new security policy that includes two-factor authentication. What is two-factor authentication? • Your authentication must contain two pieces of information. • Your password must contain at least two types of characters, such as upper-case characters, lower-case characters, numbers, and non-alphanumeric characters. • Before you can access a resource, you must login correctly twice in a row. • Your password is encrypted twice before it is stored on an authentication server.

  19. Question 18 The network security team at your organization is enhancing your login process through the use of two-factor authentication. Which of these methods would NOT be an example of two-factor authentication? • Fingerprint scanner • Smart card • Pseudo-random token generator • Extended-length passwords that include special characters

  20. Question 19 What is completed when a user’s password has been verified? • Identification • Authentication • Authorization • Access Verification

  21. Question 20 Which of the following formulas represent the complexity of a password policy that requires users to use only upper and lower case letters with a length of eight characters? • 52^8 • 26^8 • 8^52 • 8^26

  22. Question 21 Of the following choices, what password has a dissimilar key space that the others? • Secru1tyIsFun • Passw0rd • ILOve$ecurity • 4uBetutaOn

  23. Question 22 Robert lets you know that he is using his username as his password since it’s easy to remember. You decide to inform the user that this isn’t a secure password. What explanation would you include? • The password wouldn’t meet account lockout requirements • The password is too hard to remember • The password is not long enough • The password is not complex

  24. Question 23 Your organization has implemented a self-service password reset system. What does this provide? • Password policy • Certificate reset • Password recovery • Previous logon notification

  25. Question 24 A user issued a token with a number displayed in an LCD. What does this provide? • A rolling password for one-time use • Multifactor authentication • CAC • PIV

  26. Question 25 Which of the following includes a photo and can be used as identification? (Choose all that apply) • CAC • MAC • DAC • PIV

  27. Question 26 Which of the following is an example of multifactor authentication? • Smart card and token • Smart card and PIN • Thumbprint and voice recognition • Password and PIN

  28. Question 27 What is used for authentication in a Microsoft Active Directory domain? • RADIUS • TACACS+ • Kerberos • NIDS

  29. Question 28 Which of the following best describes the purpose of LDAP? • A central point for user management • Biometric authentication • Prevent loss of confidentiality • Prevent loss of integrity

  30. Question 29 A federated user database is used to provide central authentication via a web portal. What service does this database provide? • SSO • Multifactor authentication • CAC • DAC

  31. Question 30 Which of the following AAA protocols uses multiple challenges and responses? • CHAPS • RADIUS • XTACACS • TACACS+

More Related