general business data bank
The biggest change that has occurred in security over the last 30 years has been the
change in the computing environment from small, tightly contained mainframes to a
highly widespread network of much larger systems.
A successful attack on a network may adversely impact security in all the following ways
A) Loss of confidentiality
B) Loss of integrity
C) Loss of functionality
D) Loss of availability
As the level of sophistication of attacks has increased,
A) The level of knowledge necessary to exploit vulnerabilities has increased
B) The level of knowledge necessary to exploit vulnerabilities has decreased
C) The level of skill necessary to exploit vulnerabilities has increased
D) The amount of exploit software available on the Internet has decreased
The IDS fails to alert on an intruder's ping sweep and port scan. This is a failure of which
element of the operational model of computer security?
___________ places the focus on the security processes and the actual data.
A) Computer security
B) Network security
C) Information assurance
D) Communications security
A company doing business online conducted all financial transactions over the Internet
without any encryption. As a result, customer information such as credit card numbers,
expiration dates, and the security codes found on the back of the credit cards was stolen.
This is a violation of which policy?
A) Due diligence
B) Due process
C) Need to know
D) Acceptable usePoints Earned: 1.0/1.0
_______________ is a set of elements that can lead to the specific identity of a person.
Correct Answer(s): Personally identifiable information (PII)
Which type of backup copies all files, but only since the last full backup?
A(n) _______________ is a special mathematical function that performs a one-way
_______________ is the simple tactic of following closely behind a person who has just
used their own access card or PIN to gain physical access to a room or building.
Which of the following is NOT an example of a poor security practice?
A) The user does not follow established security policies or processes.
B) A result of a lack of security policies, procedures or training within the user's
C) An employee does not allow a person he is talking to, to enter a secured area
behind him before showing proper credentials.
D) An employee creates on good password and then uses it for all accounts.
Leaving sensitive information in a car is appropriate if the doors are locked and the files
are not in plain view.
Cryptography can be used to protect confidentiality and integrity as well be used to
implement nonrepudiation, authentication, key escrow, digital signatures, and digital
The art of secret writing that enables an individual to hide the contents of a message from
all but the intended recipient is called
D) Key management
_______________ puts the plaintext through a simplified cipher to try to deduce what the
key is likely to be in a full version of the cipher.
Correct Answer(s): Linear cryptanalysis
_______________ is the PKI component that accepts a request for a digital certificate
and performs the necessary steps of registering and authenticating the person requesting
What is a certificate repository?
A) A directory that calculates a message digest for the certificate
B) An entity that generates electronic credentials
C) A directory that requires a centralized infrastructure
D) A centralized directory in which the registered certificate is stored
An in-house certificate authority is
A) A CA that is already established and being used by many individuals and
B) A certificate authority that is maintained and controlled by the company that
C) implemented it
D) A CA that provides dedicated services, and possibly equipment, to an
E) A CA that provides more flexibility for companies
The current version of S/MIME is version 2.
What are the SSL and TLS used for?
A) A means of securing application programs on the system
B) To secure communication over the internet
C) A method to change from one form of PKI infrastructure to another
D) A secure way to reduce the amount of SPAM a system receives
The _______________ protocol was introduced by Netscape as a means of providing
secure connections between the client and server for exchanging information.
What kind of copy is a drive image?
A) Bit-by-bit copy
B) File-by-file copy
C) Partition copy
D) A copy of all images on the drive
A mantrap is used to prevent piggybacking.
One drawback to water-based fire suppression systems is that they
A) Can be toxic to humans
B) Can cause more damage to equipment
C) Are the most expensive type of suppression system
D) Are not useful against type A fires
Which of the following is not a private IP address?
Local packet delivery (where packets are delivered on a LAN) uses ________ addresses
to send packets.
LAN and WAN networks can be connected.
_____________ is/are computers in a network that host applications and data for
everyone to share.
A) Linux boxes
Hubs are the most common device used for connecting computers on a local area
Preventing physical access to a server by an unauthorized individual is the
A) Responsibility of the CFO of an organization
B) Primary security concern for a system administrator
C) An organization's least important concern
D) Reason we implement firewalls
Which type of access control would be used to grant permissions based on the duties that
must be performed?
A) Mandatory access control
B) Discretionary access control
C) Role-based access control
D) Rule-based access control
_______________ authentication is a term that describes the use of more than one
authentication mechanism at the same time.
Correct Answer(s): Multifactor
What does SSH stand for?
A) Simple Security Hardware
B) Secure Socket Help
C) Secure Shell
D) Scientifically Secure Hard Drive
A new standard for sending packetized data traffic over radio waves in the unlicensed 2.4
GHz band is
_______________ protocol can support a wide variety of authentication methods and
also fits well into existing authentication systems like RADIUS.
802.1x is not is not compatible with RADIUS or LDAP.