.png){kind=logo}
1
WELL DETAILED ANSWERS|LATEST
PASS An organization's acceptable use policy (UAP) for remote employees classifies connecting unapproved devices to the organization's network or other IT resources as unacceptable.Which area of security is directly mitigated by the organization's policy on unapproved devices? - ANSWER Human element security
An organization sees an increase in recent operating system vulnerabilities. To address these vulnerabilities, the organization modifies its patching procedures to install critical security patches within 10 days of release. Which defense in depth layer does the new policy address? - ANSWER Host
Which access control model is concerned with confidentiality? - ANSWER Bell- LaPadula
The IT department is updating its policies and procedures to ensure that critical functions continue to operate during an expected hurricane. Which policies and procedures are being updated? - ANSWER Business continuity plan
A user runs an application that has been infected with malware that is less than 24 hours old. The malware then infects the operating system. Which safeguard should be implemented to prevent this type of attack? - ANSWER Limit user account privileges
A user runs an application that has been infected with malware. This malware then performs a brute force attack on the built-in administrator account on Windows systems. The malware successfully cracks the password, and is used to compromise other systems in the environment. Which safeguard should be implemented to prevent this type of attack? - ANSWER Modify the default user accounts
- / 2
2
Which security tool can evaluate web applications for cross-site scripting (XSS) vulnerabilities on a Linux web server? - ANSWER Nikto
A company has files stored on a server that are critical to the organization's viability. The administrator has assigned the appropriate permissions to the files. How should the administrator provide additional confidentiality protection for the files at rest? - ANSWER File encryption
In order to continue processing credit card payments, a retail store arranges for an external auditor to perform regular external and internal scans. What regulation are they addressing?
- ANSWER PCI-DSS
A bank website accepts online loan applications. It requires applicants to review and sign a disclosure document explaining the organization's information sharing practices. Which federal law protects consumer's financial information? - ANSWER GLBA
Which technology is considered private key cryptography? - ANSWER Symmetric key
An organization employs a VPN to safeguard its information. Which security principle is protected by a VPN? - ANSWER Data in motion
A company has had several successful denial of service (DoS) attacks on its email server.Which security principle is being attacked? - ANSWER Availability
A student throws out a printed copy of a computer program that she was working on.Another student picks the program out of the trash. Which leg of the CIA triad has been targeted? - ANSWER Confidentiality
Which component of the CIA triad is impacted if an attacker runs a sniffer? - ANSWER Confidentiality
- / 2
.png)