1
Q
What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?
ping sweep
DoS
spoof
DDoS
A
DDoS
Explanation: DDoS is is an attack that involves multiple systems. DoS involves only a single attack system.
2
Q
What does the term vulnerability mean?
a known target or victim machine
a weakness that makes a target susceptible to an attack
a potential threat that a hacker creates
a computer that contains sensitive information
a method of attack to exploit a target
A
a weakness that makes a target susceptible to an attack
Explanation: A vulnerability is not a threat, but it is a weakness that makes the PC or the software a target for attacks.
3
Q
What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?
Protect and Defend
Securely Provision
Oversight and Development
Analyze
A
Analyze
Explanation: The “Analyze” category of the workforce framework includes specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness.
4
Q
Thwarting cyber criminals includes which of the following? (Choose two.)
hiring hackers
shutting down the network
sharing cyber Intelligence information
establishing early warning systems
changing operating systems
A
sharing cyber Intelligence information
establishing early warning systems
Explanation: Organization can join efforts to thwart cyber crime by establishing early warning systems and sharing cyber intelligence.
5
Q
What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?
DDoS
exhaustion
APT
algorithm
A
algorithm
Explanation: Algorithm attacks can force computers to use memory or overwork the CPU.
6
Q
Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.)
food
rock
medical
flight
game
education
employment
A
medical
education
employment
Explanation: Employment, medical, and education records are important to protect because they contain personal information.
7
Q
What name is given to a amateur hacker?
script kiddie
blue team
red hat
black hat
A
script kiddie
Explanation: Script kiddies is a term used to describe inexperienced hackers.
8
Q
What name is given to hackers who hack for a cause?
white hat
hactivist
hacker
blue hat
A
hacktivist
Explanation: The term is used to describe gray hackers who rally and protect for a cause.
9
Q
What does the term BYOD represent?
bring your own decision
bring your own disaster
buy your own disaster
bring your own device
A
bring your own device
Explanation: The term bring-your-own-device is used to describe mobile devices such as iPhones, smartphones, tablets, and other devices
10
Q
What is an example of an Internet data domain?
Palo Alto
Cisco
Juniper
Linkedin
A
Linkedin
Explanation: A data domain is a repository for data.
11
Q
What does the acronym IoE represent?
Insight into Everything
Internet of Everything
Intelligence on Everything
Internet of Everyday
Explanation: Internet of Everything is the term used for Internet-connected devices
A
Internet of Everything
Explanation: Internet of Everything is the term used for Internet-connected devices
12
Q
A
13
Q
What is identified by the first dimension of the cybersecurity cube?
tools
knowledge
goals
safeguards
rules
A
goals
Explanation: The first dimension of the cybersecurity sorcery cube identifies the goals or security principles required to protect the cyber world.
14
Q
What are three types of sensitive information? (Choose three.)
declassified
public
PII
business
published
classified
A
PII
business
classified
Explanation: Sensitive information is information that would otherwise cause harm to a company or individual if publicly disclosed.
15
Q
What are two common hash functions? (Choose two.)
Blowfish
SHA
MD5
ECC
RC4
RSA
A
SHA
MD5
Explanation: SHA and MD5 use use complex mathematical algorithms to compute hash values.
16
Q
What service determines which resources a user can access along with the operations that a user can perform?
authentication
biometric
authorization
accounting
token
A
authorization
Explanation: Authorization determines whether a user has certain access privileges.
17
Q
What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?
authentication
confidentiality
nonrepudiation
privacy
integrity
A
privacy
Explanation: Privacy laws control appropriate use of data and access to data.
18
Q
What three design principles help to ensure high availability? (Choose three.)
detect failures as they occur
eliminate single points of failure
check for data consistency
use encryption
provide for reliable crossover
ensure confidentiality
A
detect failures as they occur
eliminate single points of failure
provide for reliable crossover
Explanation: High availability systems typically include these three design principles.
19
Q
For the purpose of authentication, what three methods are used to verify identity? (Choose three.)
where you are
something you are
something you know
something you do
something you have
A
something you are
something you know
something you have
Explanation: The forms of authentication are something you know, have , or are.
20
Q
What two methods help to ensure system availability? (Choose two.)
integrity checking
system backups
up-to-date operating systems
system resiliency
fire extinguishers
equipment maintenance
A
up-to-date operating systems
equipment maintenance
21
Q
What name is given to a storage device connected to a network?
NAS
SAN
RAID
Cloud
DAS
A
NASExplanation: NAS refers to a storage device connected to a network that allows storage and retrieval of data from a centralized location by authorized network users.
22
Q
What are two methods that ensure confidentiality? (Choose two.)
authorization
availability
nonrepudiation
authentication
integrity
encryption
A
authentication
encryption
Explanation: Confidentiality means viewing of information only for those who need to know. This can be accomplished by encrypting data and authenticating users who request access.
23
Q
What is a secure virtual network called that uses the public network?
MPLS
IDS
Firewall
NAC
IPS
VPN
A
VPN
Explanation: The term VPN describes a virtual network that uses encryption to protect data when traveling across Internet media.
24
Q
What mechanism can organizations use to prevent accidental changes by authorized users?
SHA-1
backups
version control
hashing
encryption
A
version control
Explanation: Version control ensures that two users cannot update the same object.
25
What is a method of sending information from one device to another using removable media?
wired
infrared
LAN
packet
wireless
sneaker net
sneaker net
Explanation: Sneaker net refers to hand delivering the removable data.
26
What are the three foundational principles of the cybersecurity domain? (Choose three.)
policy
integrity
availability
confidentiality
security
encryption
integrity
availability
confidentiality
Explanation: Three foundational security principles are confidentiality, integrity and availability.
27
Which two methods help to ensure data integrity? (Choose two.)
data consistency checks
privacy
hashing
availability
authorization
repudiation
data consistency checks
hashing
Explanation: Data integrity systems include one of the two data integrity methods.
28
What three tasks are accomplished by a comprehensive security policy? (Choose three.)
useful for management
defines legal consequences of violations
is not legally binding
gives security staff the backing of management
vagueness
sets rules for expected behavior
defines legal consequences of violations
gives security staff the backing of management
sets rules for expected behavior
Explanation: The security policy of an organization accomplishes several tasks:
It demonstrates the commitment to security by an organization.
It sets the rules for expected behavior.
It ensures consistency in system operations, and software and hardware acquisition use and maintenance.
It defines the legal consequences of violations.
It gives security staff the backing of management.
29
What principle prevents the disclosure of information to unauthorized people, resources, and processes?
integrity
confidentiality
nonrepudiation
accounting
availability
confidentiality
Explanation: The security principle of confidentiality refers to the prevention of the disclosure of information to unauthorized people, resources, and processes.
30
What are the three states of data? (Choose three.)
suspended
in-cloud
at rest
in-transit
in-process
encrypted
at rest
in-transit
in-process
Explanation: The protection of the cyber world requires cybersecurity professionals to account for the safeguarding of data in-transit, in-cloud, and at rest.
31
What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?
deletion
modification
dissemination
corruption
backup
integrity
modification
Explanation: Modification involves changes to the original data and not complete deletion of the data.
32
What are three access control security services? (Choose three.)
access
authentication
repudiation
authorization
accounting
availability
authentication
authorization
accounting
Explanation: This question refers to AAA authentication, authorization, and accountability.
33
What three methods help to ensure system availability? (Choose three.)
system backups
system resiliency
equipment maintenance
fire extinguishers
up-to-date operating systems
integrity checking
system backups
equipment maintenance
up-to-date operating systems
Explanation: Methods used to ensure high availability include system redundancy, system backups, increased system resiliency, equipment maintenance, operating system and software updates and patches, and proactive plans for swift recovery from unforeseen disasters.
34
35
What are two common indicators of spam mail? (Choose two.)
The email is from a friend.
The email has no subject line.
The email has keywords in it.
The email has misspelled words or punctuation errors or both.
The email is from your supervisor.
The email has an attachment that is a receipt for a recent purchase.
The email has no subject line.
The email has misspelled words or punctuation errors or both.
Explanation: Spam is a common method of advertising through the use of unsolicited email and may contain malware.
36
What is the term used to describe an email that is targeting a specific person employed at a financial institution?
spyware
target phishing
spear phishing
spam
vishing
spear phishing
Explanation: Spear phishing is a phishing attack customized to reach a specific person or target.
37
Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?
grayware
spam
smishing
impersonation
smishing
Explanation: Smishing is also known as SMS phishing and is used to send deceptive text messages to trick a user into calling a phone number or visiting a specific website.
38
What does a rootkit modify?
Microsoft Word
programs
screen savers
operating system
Notepad
operating system
Explanation: A rootkit commonly modifies an operating system to create a backdoor to bypass normal authentication mechanisms.
39
What is the name given to a program or program code that bypasses normal authentication?
virus
worm
Trojan
backdoor
ransomware
backdoor
Explanation: A backdoor is a program or program code implemented by a criminal to bypass the normal authentication that is used to access a system.
40
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
a type of worm
a type of logic bomb
a type of ransomware
a type of virus
a type of ransomware
Explanation: Ransomware commonly encrypts data on a computer and makes the data unavailable until the computer user pays a specific sum of money.
41
What is the difference between a virus and a worm?
Viruses self-replicate but worms do not.
Worms require a host file but viruses do not.
Worms self-replicate but viruses do not.
Viruses hide in legitimate programs but worms do not.
Worms self-replicate but viruses do not.
Explanation: Worms are able to self-replicate and exploit vulnerabilities on computer networks without user participation.
42
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
Trojan
vishing
phishing
backdoor
social engineering
phishing
Explanation: Phishing is used by malicious parties who create fraudulent messages that attempt to trick a user into either sharing sensitive information or installing malware.
43
What are two ways to protect a computer from malware? (Choose two.)
Empty the browser cache.
Use antivirus software.
Delete unused software.
Keep software up to date.
Defragment the hard disk.
Use antivirus software.
Keep software up to date.
Explanation: At a minimum, a computer should use antivirus software and have all software up to date to defend against malware.
44
What occurs on a computer when data goes beyond the limits of a buffer?
an SQL injection
cross-site scripting
a buffer overflow
a system exception
a buffer overflow
Explanation: A buffer overflow occurs by changing data beyond the boundaries of a buffer and can lead to a system crash, data compromise, or cause escalation of privileges.
45
An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?
RF jamming
bluesnarfing
smishing
bluejacking
bluesnarfing
Explanation: Blusnarfing is the copying of user information through unauthorized Bluetooth transmissions.
46
A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?
phishing
virus
adware
spyware
spyware
Explanation: Spyware is software that tracks the activity of a user and obtains information about that user.
47
What is the meaning of the term logic bomb?
a malicious worm
a malicious program that uses a trigger to awaken the malicious code
a malicious virus
a malicious program that hides itself in a legitimate program
a malicious program that uses a trigger to awaken the malicious code
Explanation: A logic bomb remains inactive until a trigger event occurs. Once activated, a logic bomb runs malicious code that causes harm to a computer.
48
What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)
intimidation
honesty
urgency
compassion
integrity
intimidation
urgency
Explanation: Social engineering tactics include the following:
Authority, Intimidation, Consensus/Social Proof, Scarcity, Urgency, Familiarity/Liking, Trust
49
What is the name for the type of software that generates revenue by generating annoying pop-ups?
pop-ups
adware
spyware
trackers
adware
Explanation: Adware is a type of malware that displays pop-ups on a computer to generate revenue for the creator of the malware.
50
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?
buffer overflow
Cross-site scripting
SQL injection
XML injection
Cross-site scripting
Explanation: Cross-site scripting (XSS) allows criminals to inject scripts that contain malicious code into web applications.
51
Which two reasons describe why WEP is a weak protocol? (Choose two.)
WEP uses the same encryption features as Bluetooth.
The key is static and repeats on a congested network.
The default settings cannot be modified.
Everyone on the network uses a different key.
The key is transmitted in clear text.
The key is static and repeats on a congested network.
The key is transmitted in clear text.
Explanation: The initialization vector (IV) of WEP is as follows:
Is a 24-bit field, which is too small
Is cleartext and readable
Is static and causes identical key streams to repeat on a busy network
52
What type of attack targets an SQL database using the input field of a user?
buffer overflow
XML injection
Cross-site scripting
SQL injection
SQL injection
Explanation: A criminal can insert a malicious SQL statement in an entry field on a website where the system does not filter the user input correctly.
53
54
Which asymmetric algorithm provides an electronic key exchange method to share the secret key?
RSA
Diffie-Hellman
WEP
DES
hashing
Diffie-Hellman
Explanation: Diffie-Hellman provides an electronic exchange method to share a secret key and is used by multiple secure protocols.
55
What encryption algorithm uses one key to encrypt data and a different key to decrypt data?
transposition
symmetric
asymmetric
one-time pad
asymmetric
Explanation: Asymmetric encryption uses one key to encrypt data and a different key to decrypt data.
56
What type of cipher encrypts plaintext one byte or one bit at a time?
block
stream
hash
enigma
elliptical
stream
Explanation: Stream ciphers encrypt plaintext one byte or one bit at a time, and can be much faster than block ciphers.
57
What cryptographic algorithm is used by the NSA and includes the use of elliptical curves for digital signature generation and key exchange?
ECC
RSA
AES
El-Gamal
IDEA
ECC
Explanation: Elliptic curve cryptography (ECC) uses elliptic curves as part of the algorithm for digital signature generation and key exchange.
58
What is the term used to describe the science of making and breaking secret codes?
factorization
cryptology
impersonation
spoofing
jamming
cryptology
Explanation: Cryptology is the science of making and breaking codes to make sure that cyber criminals cannot easily compromise protected information.
59
Which three processes are examples of logical access controls? (Choose three.)
intrusion detection system (IDS) to watch for suspicious network activity
firewalls to monitor traffic
guards to monitor security screens
fences to protect the perimeter of a building
swipe cards to allow access to a restricted area
biometrics to validate physical characteristics
intrusion detection system (IDS) to watch for suspicious network activity
firewalls to monitor traffic
biometrics to validate physical characteristics
Explanation: Logical access controls includes but is not limited to the following:
Encryption
Smart cards
Passwords
Biometrics
Access Control Lists (ACLs)
Protocols
Firewalls
Intrusion Detection Systems (IDS)
60
What term is used to describe concealing data in another file such as a graphic, audio, or other text file?
masking
hiding
obfuscation
steganography
steganography
Explanation: Steganography conceals data in a file such as a graphic, audio, or other text file and is used to prevent extra attention to the encrypted data because the data is not easily viewed.
61
What are three examples of administrative access controls? (Choose three.)
policies and procedures
encryption
background checks
hiring practices
intrusion detection system (IDS)
guard dogs
policies and procedures
background checks
hiring practices
Explanation: Administrative access controls are defined by organizations to implement and enforce all aspects of controlling unauthorized access and include the following:
Policies
Procedures
Hiring practices
Background checks
Data classification
Security training
Reviews
62
Which three protocols use asymmetric key algorithms? (Choose three.)
Secure File Transfer Protocol (SFTP)
Telnet
Pretty Good Privacy (PGP)
Secure Shell (SSH)
Advanced Encryption Standard (AES)
Secure Sockets Layer (SSL)
Pretty Good Privacy (PGP)
Secure Shell (SSH)
Secure Sockets Layer (SSL)
Explanation: Four protocols use asymmetric key algorithms:
Internet Key Exchange (IKE)
Secure Socket Layer (SSL)
Secure Shell (SSH)
Pretty Good Privacy (PGP)
63
A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?
masking
deterrent
detective
preventive
deterrent
Explanation: Deterrents are implemented to discourage or mitigate an action or the behavior of a malicious person.
64
Which term describes the technology that protects software from unauthorized access or modification?
copyright
watermarking
access control
trademark
watermarking
Explanation: Software watermarking inserts a secret message into the program as proof of ownership and protects software from unauthorized access or modification.
65
What encryption algorithm uses the same pre-shared key to encrypt and decrypt data?
hash
asymmetric
one-time pad
symmetric
symmetric
Explanation: Symmetric encryption algorithms use the same pre-shared key to encrypt and decrypt data.
66
Which two terms are used to describe cipher keys? (Choose two.)
key space
key randomness
keylogging
key length
key space
key length
67
Match the multifactor authentication type with its corresponding description
something you know
something you are
something you have
a password
a fingerprint scan
a security key fob
something you know - a password
something you are - a fingerprint scan
something you have - a security key fob
Explanation: Multi-factor authentication uses a minimum of two methods of verification and can include the following:
Something you have
Something you know
Something you are
68
What is the name of the method in which letters are rearranged to create the ciphertext?
substitution
transposition
one-time pad
enigma
transposition
Explanation: Ciphertext can be created by using the following:
Transposition – letters are rearranged
Substitution – letters are replaced
One-time pad – plaintext combined with a secret key creates a new character, which then combines with the plaintext to produce ciphertext
69
Which 128-bit block cipher encryption algorithm does the US government use to protect classified information?
Vignere
AES
Caesar
3DES
Skipjack
AES
Explanation: The Advanced Encryption Standard (AES) is used to protect classified information by the U.S. government and is a strong algorithm that uses longer key lengths.
70
Match the description with the correct term.
Creating a message that says one thing but means something else to a specific audience
Making a message confusing so it is harder to understand
Hiding data within an audio file
Discovering that hidden information exists within a graphic file
Social steganography
Obfuscation
Steganography
Steganalysis
Explanation: Place the options in the following order:
Creating a message that says one thing but means something else to a specific audience- Social steganography
Making a message confusing so it is harder to understand - Obfuscation
Hiding data within an audio file - Steganography
Discovering that hidden information exists within a graphic file - Steganalysis
71
What term is used to describe the technology that replaces sensitive information with a nonsensitive version?
blanking
whiteout
masking
retracting
hiding
masking
Explanation: Data masking replaces sensitive information with nonsensitive information. After replacement, the nonsensitive version looks and acts like the original.
72
Which type of cipher is able to encrypt a fixed-length block of plaintext into a 128-bit block of ciphertext at any one time?
transform
stream
hash
symmetric
block
block
Explanation: Block ciphers transform a fixed-length block of plaintext into a block of ciphertext. To decrypt the ciphertext, the same secret key to encrypt is used in reverse.
73
Which three devices represent examples of physical access controls? (Choose three.)
locks
routers
swipe cards
firewalls
servers
video cameras
locks
swipe cards
video cameras
Explanation: Physical access controls include but are not limited to the following:
Guards, Fences, Motion detectors, Laptop locks, Locked doors, Swipe cards, Guard dogs, Video cameras, Mantraps, Alarms
74
75
Identify three situations in which the hashing function can be applied. (Choose three.)
DES
PKI
PPoE
IPsec
CHAP
WPA
PKI
IPsec
CHAP
Explanation: Three situations where a hash function could be used are as follows:
When IPsec is being used
When routing authentication is enabled
In challenge responses within protocols such as PPP CHAP
Within digitally signed contracts and PKI certificates
76
A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?
Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.
Turn off antivirus on all the computers.
Distribute the program on a thumb drive.
Encrypt the program and require a password after it is downloaded.
Install the program on individual computers.
Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.
Explanation: Hashing is a method to ensure integrity and ensures that the data is not changed.
77
A recent email sent throughout the company stated that there would be a change in security policy. The security officer who was presumed to have sent the message stated the message was not sent from the security office and the company may be a victim of a spoofed email. What could have been added to the message to ensure the message actually came from the person?
non-repudiation
digital signature
asymmetric key
hashing
digital signature
Explanation: Digital signatures ensures non-repudiation or the ability not to deny that a specific person sent a message.
78
What are three NIST-approved digital signature algorithms? (Choose three.)
DSA
ECDSA
SHA256
MD5
RSA
SHA1
DSA
ECDSA
RSA
Explanation: NIST chooses approved algorithms based on public key techniques and ECC. The digital signature algorithms approved are DSA, RSA, and ECDSA.
79
Alice and Bob use the same password to login into the company network. This means both would have the exact same hash for their passwords. What could be implemented to prevent both password hashes from being the same?
peppering
pseudo-random generator
salting
RSA
salting
Explanation: A password is stored as a combination of both a hash and a salt.
80
What is the step by step process for creating a digital signature?
Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.
Create a message digest; encrypt the digest with the public key of the sender; and bundle the message, encrypted digest, and public key together to sign the document.
Create a message; encrypt the message with a MD5 hash; and send the bundle with a public key.
Create a SHA-1 hash; encrypt the hash with the private key of the sender; and bundle the message, encrypted hash, and public key together to signed document.
Explanation: In order to create a digital signature, the following steps must be taken:
Create a message digest; encrypt the digest with the private key of the sender; and bundle the message, encrypted digest, and public key together in order to sign the document.
1. The message and message digest are created.
2. The digest and private key are encrypted.
3. The message, encrypted message digest, and public key are bundled to create the signed document.
81
What is a strength of using a hashing function?
It is a one-way function and not reversible.
Two different files can be created that have the same output.
It has a variable length output.
It is not commonly used in security.
It can take only a fixed length message.
It is a one-way function and not reversible.
Explanation: Understanding the properties of a hash function shows its applicability such as one-way function, arbitrary input length, and fixed output.
82
What are three type of attacks that are preventable through the use of salting? (Choose three.)
rainbow tables
social engineering
lookup tables
guessing
phishing
reverse lookup tables
shoulder surfing
rainbow tables
lookup tables
reverse lookup tables
Explanation: Salting makes precomputed tables ineffective because of the random string that is used.
83
A user has been asked to implement IPsec for inbound external connections. The user plans to use SHA-1 as part of the implementation. The user wants to ensure the integrity and authenticity of the connection. What security tool can the user use?
HMAC
SHA256
ISAKMP
MD5
HMAC
Explanation: HMAC provides the additional feature of a secret key to ensure integrity and authentication.
84
A user downloads an updated driver for a video card from a website. A warning message pops up saying the driver is not approved. What does this piece of software lack?
digital signature
valid ID
source code
code recognition
digital signature
Explanation: Code signing is a method of verifying code integrity
85
What is the purpose of CSPRNG?
to secure a web site
to generate salt
to process hash lookups
to prevent a computer from being a zombie
to generate salt
Explanation: Salting prevents someone from using a dictionary attack to guess a password. Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is one way (and the best way) to generate salt.
86
A recent breach at a company was traced to the ability of a hacker to access the corporate database through the company website by using malformed data in the login form. What is the problem with the company website?
poor input validation
weak encryption
bad usernames
lack of operating system patching
poor input validation
Explanation: The ability to pass malformed data through a website is a form of poor input validation.
87
What are three validation criteria used for a validation rule? (Choose three.)
encryption
size
range
key
type
format
size
range
format
Explanation: Criteria used in a validation rule include format, consistency, range, and check digit.
88
A user is instructed by a boss to find a better method to secure passwords in transit. The user has researched several means to do so and has settled on using HMAC. What are the key elements needed to implement HMAC?
symmetric key and asymmetric key
message digest and asymmetric key
IPsec and checksum
secret key and message digest
secret key and message digest
Explanation: HMAC implementation is a secret key added to a hash.
89
Which method tries all possible passwords until a match is found?
rainbow tables
cryptographic
cloud
birthday
brute force
dictionary
brute force
Explanation: Two common methods of cracking hashes are dictionary and brute force. Given time, the brute force method will always crack a password.
90
What is the standard for a public key infrastructure to manage digital certificates?
503
PKI
509
NIST-SP800
509
Explanation: The x.509 standard is for a PKI infrastructure and x.500 if for directory structures.
91
A user is evaluating the security infrastructure of a company and notices that some authentication systems are not using best practices when it comes to storing passwords. The user is able to crack passwords very fast and access sensitive data. The user wants to present a recommendation to the company on the proper implementation of salting to avoid password cracking techniques. What are three best practices in implementing salting? (Choose three.)
A salt should not be reused.
A salt must be unique.
The same salt should be used for each password.
A salt should be unique for each password.
Salts are not an effective best practice.
Salts should be short.
A salt should not be reused.
A salt must be unique.
A salt should be unique for each password.
Explanation: Salting needs to be unique and not reused. Doing the opposite will cause passwords to be cracked easily.
92
A user is the database administrator for a company. The user has been asked to implement an integrity rule that states every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not null. Which integrity requirement is the user implementing?
domain integrity
entity integrity
anomaly integrity
referential integrity
entity integrity
Explanation: There are three major database integrity requirements: entity, referential, and domain integrity.
93
An investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?
The investigator found a USB drive and was able to make a copy of it.
An exact copy cannot be made of a device.
The data is all there.
The data in the image is an exact copy and nothing has been altered by the process.
The data in the image is an exact copy and nothing has been altered by the process.
Explanation: A hash function ensures the integrity of a program, file, or device.
94
A user is connecting to an e-commerce server to buy some widgets for a company. The user connects to the site and notices there is no lock in the browser security status bar. The site does prompt for a username and password and the user is able to log in. What is the danger in proceeding with this transaction?
The certificate from the site has expired, but is still secure.
The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.
Ad blocker software is preventing the security bar from working properly, and thus there is no danger with the transaction.
The user is using the wrong browser to perform the transaction.
The site is not using a digital certificate to secure the transaction, with the result that everything is in the clear.
Explanation: The lock in the browser window ensures a secure connection is being established and is not blocked by browser add-ons.
95
96
A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?
exposure factor
hardware
quantitative
qualitative
quantitative
Explanation: Physical items can be assigned a value for quantitative analysis.
97
A user is evaluating the network infrastructure of a company. The user noted many redundant systems and devices in place, but no overall evaluation of the network. In a report, the user emphasized the methods and configurations needed as a whole to make the network fault tolerant. What is the type of design the user is stressing?
comprehensive
spanning tree
resilient
availability
resilient
Explanation: In order to deploy a resilient design, it is critical to understand the needs of a business and then incorporate redundancy to address those needs.
98
A user has completed a six month project to identify all data locations and catalog the location. The next step is to classify the data and produce some criteria on data sensitivity. Which two steps can the user take to classify the data? (Choose two.)
Treat all the data the same.
Determine how often data is backed up.
Determine the user of the data.
Establish the owner of the data.
Identify sensitivity of the data.
Determine permissions for the data.
Establish the owner of the data.
Identify sensitivity of the data.
Explanation: Categorizing data is a process of determining first who owns the data then determining the sensitivity of the data.
99
A user needs to add redundancy to the routers in a company. What are the three options the user can use? (Choose three.)
VRRP
IPFIX
STP
RAID
HSRP
GLBP
VRRP
HSRP
GLBP
Explanation: Three protocols that provide default gateway redundancy include VRRP, GLBP, and HSRP.
100
A user is asked to evaluate the data center to improve availability for customers. The user notices that there is only one ISP connection, some of the equipment is out of warranty, there are no spare parts, and no one was monitoring the UPS which was tripped twice in one month. Which three deficiencies in high availability has the user identified? (Choose three.)
single points of failure
failure to detect errors as they occur
failure to prevent security incidents
failure to protect against poor maintenance
failure to design for reliability
failure to identify management issues
single points of failure
failure to detect errors as they occur
failure to design for reliability
Explanation: A data center needs to be designed from the outset for high availability with no single points of failure.
101
A company is concerned with traffic that flows through the network. There is a concern that there may be malware that exists that is not being blocked or eradicated by antivirus. What technology can be put in place to detect potential malware traffic on the network?
NAC
IPS
IDS
firewall
IDS
Explanation: A passive system that can analyze traffic is needed to detect malware on the network and send alerts.
102
A user is a consultant who is hired to prepare a report to Congress as to which industries should be required to maintain five nine availability. Which three industries should the user include in a report? (Choose three.)
finance
food service
healthcare
education
retail
public safety
finance
healthcare
public safety
Explanation: Industries that are critical to everyday life like financial, healthcare, and public safety should have systems that are available 99.999% of the time (the five nines principle).
103
A security breach has happened at a major corporation. The incident team has responded and executed their incident response plan. During which phase are lessons learned applied?
analyze
recovery
detection
post-incident
preparation
containment
post-incident
Explanation: One of the key aspects of an incident response plan is to look at how monitoring can be improved and management can help minimize the impact on business. This usually occurs after the incident has been handled.
104
A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing?
layered
attack based
structured
risk based
layered
Explanation: Using different defenses at various points of the network creates a layered approach.
105
The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?
avoidance
mitigation
transference
reduction
transference
Explanation: Buying insurance transfers the risk to a third party.
106
A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement?
0
1+0
1
5
5
Explanation: RAID 5 striping with parity would be the best choice.
107
A team has been asked to create an incident response plan for security incidents. In what phase of an incident response plan does the team get management approval of the plan?
containment
preparation
post-incident
recovery
analysis
detection
preparation
Explanation: When creating an incident plan for an organization, the team will require management buy-in of the plan during the initial planning phase.
108
A user was hired as the new security officer. One of the first projects was to take inventory of the company assets and create a comprehensive database. Which three pieces of information would the user want to capture in an asset database? (Choose three.)
users
hardware network devices
groups
workstations
passwords
operating systems
hardware network devices
workstations
operating systems
Explanation: Assets include all hardware devices and their operating systems.
109
A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.)
Who is responsible for the process
What is the process?
Does the process require approval?
How long does the process take?
Where does the individual perform the process?
Can the individual perform the process?
Who is responsible for the process
What is the process?
Where does the individual perform the process?
Explanation: Disaster recovery plans are made based on the criticality of a service or process. Answers to questions of who, what, where, and why are necessary for a plan to be successful.
110
A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform?
subjective
opinion
qualitative
objective
qualitative
Explanation: Two approaches to risk analysis are quantitative and qualitative. Qualitative analysis is based on opinions and scenarios.
111
A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best?
offsite backup
RAID
UPS
tape backup
RAID
Explanation: Fault tolerance is addressing a single point of failure, in this case the hard drives.
112
A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure, but wants to prevent Layer 2 looping. What would the user implement in the network?
VRRP
GLBP
HSRP
Spanning Tree Protocol
Spanning Tree Protocol
Explanation: Loops and duplicate frames cause poor performance in a switched network. The Spanning Tree Protocol (STP) provides a loop-free path through the switch network.
113
114
The company has many users who telecommute. A solution needs to be found so a secure communication channel can be established between the remote location of users and the company. What is a good solution for this situation?
VPN
T1
modem
fiber
PPP
VPN
Explanation: When a VPN is used, a user can be at any remote location such as home or a hotel. The VPN solution is flexible in that public lines can be used to securely connect to a company.
115
Why should WEP not be used in wireless networks today?
its age
its lack of encryption
easily crackable
its use of clear text passwords
its lack of support
easily crackable
Explanation: Despite improvements, WEP is still vulnerable to various security issues including the ability to be cracked.
116
A user makes a request to implement a patch management service for a company. As part of the requisition the user needs to provide justification for the request. What three reasons can the user use to justify the request? (Choose three.)
the likelihood of storage savings
the ability to obtain reports on systems
the need for systems be directly connected to the Internet
no opportunities for users to circumvent updates
the ability of users to select updates
the ability to control when updates occur
the ability to obtain reports on systems
no opportunities for users to circumvent updates
the ability to control when updates occur
Explanation: A patch management service can provide greater control over the update process by an administrator. It eliminates the need for user intervention.
117
A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?
user error
rogue access point
weak password
password policy
user laptop
rogue access point
Explanation: Man-in-the-middle attacks are a threat that results in lost credentials and data. These type of attacks can occur for different reasons including traffic sniffing.
118
The manager of a department suspects someone is trying to break into computers at night. You are asked to find out if this is the case. What logging would you enable?
audit
syslog
operating system
Windows
audit
Explanation: Audit logs can track user authentication attempts on workstations and can reveal if any attempts at break-in were made.
119
The manager of desktop support wants to minimize downtime for workstations that crash or have other software-related issues. What are three advantages of using disk cloning? (Choose three.)
easier to deploy new computers within the organization
can provide a full system backup
ensures system compatibility
ensures a clean imaged machine
cuts down on number of staff needed
creates greater diversity
easier to deploy new computers within the organization
can provide a full system backup
ensures a clean imaged machine
Explanation: Disk cloning can be an efficient way to maintain a baseline for workstations and servers. It is not a cost cutting method.
120
An intern has started working in the support group. One duty is to set local policy for passwords on the workstations. What tool would be best to use?
password policy
secpol.msc
account policy
system administration
msc
secpol.msc
Explanation: Local policies are not group policies and only work on the local machine. Local policies can, however, be overridden if the machine is part of a Windows domain.
121
What is the difference between an HIDS and a firewall?
A firewall allows and denies traffic based on rules and an HIDS monitors network traffic.
An HIDS works like an IPS, whereas a firewall just monitors traffic.
A firewall performs packet filtering and therefore is limited in effectiveness, whereas an HIDS blocks intrusions.
An HIDS blocks intrusions, whereas a firewall filters them.
An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.
An HIDS monitors operating systems on host computers and processes file system activity. Firewalls allow or deny traffic between the computer and other systems.
Explanation: In order to monitor local activity an HIDS should be implemented. Network activity monitors are concerned with traffic and not operating system activity.
122
A user is asked to analyze the current state of a computer operating system. What should the user compare the current operating system against to identify potential vulnerabilities?
a whitelist
a pentest
a vulnerability scan
a blacklist
a baseline
a baseline
Explanation: A baseline allows a user to perform a comparison of how a system is performing. The user can then compare the result to baseline expectations. This process allows the user to identify potential vulnerabilities.
123
After a security audit for an organization, multiple accounts were found to have privileged access to systems and devices. Which three best practices for securing privileged accounts should be included in the audit report? (Choose three.)
Secure password storage.
Enforce the principle of least privilege.
Only the CIO should have privileged access.
No one should have privileged access.
Only managers should have privileged access.
Reduce the number of privileged accounts.
Secure password storage.
Enforce the principle of least privilege.
Reduce the number of privileged accounts.
Explanation: Best practices entail giving the user only what is needed to do the job. Any additional privileges should be tracked and audited.
124
A user is proposing the purchase of a patch management solution for a company. The user wants to give reasons why the company should spend money on a solution. What benefits does patch management provide? (Choose three.)
Patches can be written quickly.
Administrators can approve or deny patches.
Patches can be chosen by the user.
Updates cannot be circumvented.
Computers require a connection to the Internet to receive patches.
Updates can be forced on systems immediately.
Administrators can approve or deny patches.
Updates cannot be circumvented.
Updates can be forced on systems immediately.
Explanation: A centralized patch management system can speed up deployment of patches and automate the process. Other good reasons to using an automated patch update service include the following:
Administrators control the update process.
Reports are generated.
Updates are provided from a local server.
Users cannot circumvent the update process.
125
A user calls the help desk complaining that an application was installed on the computer and the application cannot connect to the Internet. There are no antivirus warnings and the user can browse the Internet. What is the most likely cause of the problem?
permissions
corrupt application
need for a system reboot
computer firewall
computer firewall
Explanation: When troubleshooting a user problem, look for some common issues that would prevent a user from performing a function.
126
Companies may have different operation centers that handle different issues with the IT operations. If an issue is related to network infrastructure, what operation center would be responsible?
HVAC
NOC
SOC
HR
NOCExplanation: Operation centers support different areas of the operation including the network and security. Each one focuses on particular parts of the IT structure. The center that supports security would be the SOC.
127
Why is WPA2 better than WPA?
reduced keyspace
reduced processing time
supports TKIP
mandatory use of AES algorithms
mandatory use of AES algorithms
Explanation: A good way to remember wireless security standards is to consider how they evolved from WEP to WPA, then to WPA2. Each evolution increased security measures.
128
A company wants to implement biometric access to its data center. The company is concerned with people being able to circumvent the system by being falsely accepted as legitimate users. What type of error is false acceptance?
Type I
TypeII
false rejection
CER
TypeII
Explanation: There are two types of errors that biometrics can have: false acceptance and false rejection. False acceptance is a Type II error. The two types can intersect at a point called the crossover error rate.
129
An administrator of a small data center wants a flexible, secure method of remotely connecting to servers.Which protocol would be best to use?
Remote Desktop
Telnet
Secure Copy
Secure Shell
Secure Shell
Explanation: Because hackers sniffing traffic can read clear text passwords, any connection needs to be encrypted. Additionally, a solution should not be operating system-dependent.
130
Which service will resolve a specific web address into an IP address of the destination web server?
DHCP
ICMP
DNS
NTP
DNS
Explanation: DNS resolves a website address to the actual IP address of that destination.
131
Which three items are malware? (Choose three.)
virus
attachments
keylogger
email
Trojan horse
Apt
virus
keylogger
Trojan horse
Explanation: Email could be used to deliver malware, but email by itself is not malware. Apt is used to install or remove software within a Linux operating system. Attachments could contain malware, but not always.
132
A new PC is taken out of the box, started up and connected to the Internet. Patches were downloaded and installed. Antivirus was updated. In order to further harden the operating system what can be done?
Turn off the firewall.
Install a hardware firewall.
Give the computer a nonroutable address.
Remove the administrator account.
Disconnect the computer from the network.
Remove unnecessary programs and services.
Remove unnecessary programs and services.
Explanation: When hardening an operating system, patching and antivirus are part of the process. Many extra components are added by the manufacturer that are not necessarily needed.
133
The CIO wants to secure data on company laptops by implementing file encryption. The technician determines the best method is to encrypt each hard drive using Windows BitLocker. Which two things are needed to implement this solution? (Choose two.)
password management
EFS
backup
at least two volumes
USB stick
TPM
at least two volumes
TPM
Explanation: Windows provides a method to encrypt files, folders, or entire hard drives depending on need. However, certain BIOS settings and configurations are necessary to implement encryption on an entire hard disk.
134
What are three types of power issues that a technician should be concerned about? (Choose three.)
flicker
fuzzing
brownout
blackout
spark
spike
brownout
blackout
spike
Explanation: Power issues include increases, decreases, or sudden changes in power and include the following:
Spike, Surge, Fault, Blackout, Sag/dip, Brownout, Inrush Current
135
136
If a person knowingly accesses a government computer without permission, what federal act laws would the person be subject to?
SOX
ECPA
CFAA
GLBA
CFAA
Explanation: The Computer Fraud and Abuse Act (CFAA) provides the foundation for US laws criminalizing unauthorized access to computer systems.
137
Unauthorized visitors have entered a company office and are walking around the building. What two measures can be implemented to prevent unauthorized visitor access to the building? (Choose two.)
Lock cabinets.
Conduct security awareness training regularly.
Prohibit exiting the building during working hours.
Establish policies and procedures for guests visiting the building.
Conduct security awareness training regularly.
Establish policies and procedures for guests visiting the building.
Explanation: Any unauthorized individual that accesses a facility may pose a potential threat. Common measures to increase physical security include the following:
Implement access control and closed-circuit TV (CCTV) coverage at all entrances.
Establish policies and procedures for guests visiting the facility.
Test building security using physical means to covertly gain access.
Implement badge encryption for entry access.
Conduct security awareness training regularly.
Implement an asset tagging system.
138
An auditor is asked to assess the LAN of a company for potential threats. What are three potential threats the auditor may point out? (Choose three.)
unlocked access to network equipment
a misconfigured firewall
the acceptable use policy
unauthorized port scanning and network probing
complex passwords
locked systems
unlocked access to network equipment
a misconfigured firewall
unauthorized port scanning and network probing
Explanation: The LAN can have many endpoint devices connected. Analyzing both the network devices and the endpoints connected is important in determining threats.
139
A company has had several incidents involving users downloading unauthorized software, using unauthorized websites, and using personal USB devices. The CIO wants to put in place a scheme to manage the user threats. What three things might be put in place to manage the threats? (Choose three.)
Provide security awareness training.
Disable CD and USB access.
Implement disciplinary action.
Monitor all activity by the users.
Change to thin clients.
Use content filtering.
Provide security awareness training.
Disable CD and USB access.
Use content filtering.
Explanation: Users may be unaware of their actions if not educated in the reasons why their actions can cause a problem with the computer. By implementing several technical and nontechnical practices, the threat can be reduced.
140
As part of HR policy in a company, an individual may opt-out of having information shared with any third party other than the employer. Which law protects the privacy of personal shared information?
PCI
FIRPA
SOX
GLBA
GLBA
Explanation: The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out methods to restrict information sharing with third-party firms.
141
What can be used to rate threats by an impact score to emphasize important vulnerabilities?
ACSC
ISC
NVD
CERT
NVD
Explanation: The National Vulnerability Database (NVD) is used to assess the impact of vulnerabilities and can assist an organization in ranking the severity of vulnerabilities found within a network.
142
A breach occurs in a company that processes credit card information. Which industry specific law governs credit card data protection?
SOX
ECPA
GLBA
PCI DSS
PCI DSS
Explanation: The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as merchants and banks exchange transactions.
143
Why is Kali Linux a popular choice in testing the network security of an organization?
It can be used to test weaknesses by using only malicious software.
It can be used to intercept and log network traffic.
It is an open source Linux security distribution and contains over 300 tools.
It is a network scanning tool that prioritizes security risks.
It is an open source Linux security distribution and contains over 300 tools.
Explanation: Kali is an open source Linux security distribution that is commonly used by IT professionals to test the security of networks.
144
A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software?
PaaS
RaaS
SaaS
IaaS
SaaS
Explanation: Software as a service (SaaS) provides access to software that is centrally hosted and accessed by users via a web browser on the cloud.
145
A security professional is asked to perform an analysis of the current state of a company network. What tool would the security professional use to scan the network only for security risks?
malware
pentest
packet analyzer
vulnerability scanner
vulnerability scanner
Explanation: Vulnerability scanners are commonly used to scan for the following vulnerabilities:
Use of default passwords or common passwords, Missing patches, Open ports, Misconfiguration of operating systems and software, Active IP addresses
146
A consultant is hired to make recommendations on managing device threats in a company. What are three general recommendations that can be made? (Choose three.)
Enable automated antivirus scans.
Remove content filtering.
Enforce strict HR policies.
Disable administrative rights for users.
Enable media devices.
Enable screen lockout.
Enable automated antivirus scans.
Disable administrative rights for users.
Enable screen lockout.
Explanation: Workstations can be hardened by removing unnecessary permissions, automating processes, and turning on security features.
147
What three services does CERT provide? (Choose three.)
develop tools, products, and methods to conduct forensic examinations
enforce software standards
develop tools, products, and methods to analyze vulnerabilities
resolve software vulnerabilities
develop attack tools
create malware tools
develop tools, products, and methods to conduct forensic examinations
develop tools, products, and methods to analyze vulnerabilities
resolve software vulnerabilities
develop attack tools
Explanation: CERT provides multiple services, including:
helps to resolve software vulnerabilities
develops tools, products, and methods to conduct forensic examinations
develops tools, products, and methods to analyze vulnerabilities
develops tools, products, and methods to monitor large networks
helps organizations determine how effective their security-related practices are
148
What are two items that can be found on the Internet Storm Center website? (Choose two.)
current laws
InfoSec reports
InfoSec job postings
historical information
InfoSec reports
InfoSec job postings
Explanation: The Internet Storm Center website has a daily InfoSec blog, InfoSec tools, and news among other InfoSec information.
149
An organization has implemented a private cloud infrastructure. The security administrator is asked to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.)
Disable firewalls.
Hire a consultant.
Disable ping, probing, and port scanning.
Grant administrative rights.
Test inbound and outbound traffic.
Update devices with security fixes and patches.
Disable ping, probing, and port scanning.
Test inbound and outbound traffic.
Update devices with security fixes and patches.
Explanation: Organizations can manage threats to the private cloud using the following methods:
Disable ping, probing, and port scanning.
Implement intrusion detection and prevention systems.
Monitor inbound IP traffic anomalies.
Update devices with security fixes and patches.
Conduct penetration tests post configuration.
Test inbound and outbound traffic.
Implement a data classification standard.
Implement file transfer monitoring and scanning for unknown file type.
150
A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?
HIPPA
CIPA
FERPA
COPPA
FERPA
Explanation: The Family Education Records and Privacy Act (FERPA) prohibits the improper disclosure of personal education records.
151
What are the three broad categories for information security positions? (Choose three.)
seekers
doers
builders
creators
monitors
definers
builders
monitors
definers
Explanation: Information security positions can be categorized as::
definers
builders
monitors
152
What are three disclosure exemptions that pertain to the FOIA? (Choose three.)
information specifically non-exempt by statue
confidential business information
public information from financial institutions
law enforcement records that implicate one of a set of enumerated concerns
non-geological information regarding wells
national security and foreign policy information
confidential business information
law enforcement records that implicate one of a set of enumerated concerns
national security and foreign policy information
Explanation: The nine Freedom of Information Act (FOIA) exemptions include the following:
1. National security and foreign policy information
2. Internal personnel rules and practices of an agency
3. Information specifically exempted by statute
4. Confidential business information
5. Inter- or intra-agency communication subject to deliberative process, litigation, and other privileges
6. Information that, if disclosed, would constitute a clearly unwarranted invasion of personal privacy
7. Law enforcement records that implicate one of a set of enumerated concerns
8. Agency information from financial institutions
9. Geological and geophysical information concerning wells
153
As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?
cloud providers
potential gain
partnerships
laws governing the data
potential bonus
laws governing the data
Explanation: Ethics in the security profession are extremely important because of the sensitivity of the data and assets. Compliance to government and state requirements is needed in order to make good judgments.
154
What are two potential threats to applications? (Choose two.)
unauthorized access
data loss
power interruptions
social engineering
unauthorized access
data loss
Explanation: Threats to applications can include the following:
Unauthorized access to data centers, computer rooms, and wiring closets
Server downtime for maintenance purposes
Network operating system software vulnerability
Unauthorized access to systems
Data loss
Downtime of IT systems for an extended period
Client/server or web application development vulnerabilities
4th yeear
flashcards
Decks in class (6)
# Cards
