156-110 Online Practice Questions and Answers

A(n) ________________ is a one-way mathematical function that maps variable values into smaller values of a fixed length.

A. Symmetric key

B. Algorithm

C. Back door

D. Hash function

E. Integrity

Which of the following is the MOST important consideration, when developing security- awareness training materials?

A. Training material should be accessible and attractive.

B. Delivery mechanisms should allow easy development of additional materials, to complement core material.

C. Security-awareness training materials should never contradict an organizational security policy.

D. Appropriate language should be used to facilitate localization, should training materials require translation.

E. Written documentation should be archived, in case of disaster.

Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?

A. Private data must remain internal to an organization.

B. Data must be consistent between ROBO sites and headquarters.

C. Users must be educated about appropriate security policies.

D. Improvised solutions must provide the level of protection required.

E. Data must remain available to all remote offices.

____________________ are the people who consume, manipulate, and produce information assets.

A. Information asset owners

B. Business-unit owners

C. Audit-control groups

D. Information custodians

E. Functional users

Enterprise employees working remotely require access to data at an organization's headquarters. Which of the following is the BEST method to transfer this data?

A. Standard e-mail

B. Faxed information

C. Dial-in access behind the enterprise firewall

D. Virtual private network

E. CD-ROMs shipped with updated versions of the data

Which of the following is the BEST method for managing users in an enterprise?

A. Enter user data in a spreadsheet.

B. Implement centralized access control.

C. Deploy Kerberos.

D. Place them in a centralized Lightweight Directory Access Protocol.

E. Use a Domain Name System.

A security administrator implements Secure Configuration Verification (SCV), because SCV: (Choose THREE.)

A. Does not enable the administrator to monitor the configuration of remote computers.

B. Can block connectivity for machines that do not comply with the organization's security policy.

C. Enables the administrator to monitor the configuration of remote computers.

D. Prevents attackers from penetrating headquarters' Security Gateway.

E. Confirms that a remote configuration complies with the organization's security policy.

Which of the following is an example of a simple, physical-access control?

A. Lock

B. Access control list

C. Background check

D. Token

E. Firewall

You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?

A. Run the sample exploit against a test server.

B. Run the sample exploit against a production server.

C. Apply the patch to all production servers.

D. Test the patch on a production server.

E. Test the patch on a non-production server.

A(n) _______________ is an abstract machine, which mediates all access subjects have to objects.

A. ACL

B. Reference monitor

C. State machine

D. TCB

E. Router