Question 1

0 out of 2 points

Match the following terms to the appropriate definitions.

Question

A framework for managing all of the entities involved in creating, storing, distributing, and
revoking digital certificates
A trusted third-party agency that is responsible for issuing digital certificates
A trust model with one CA that acts as a facilitator to interconnect all other CAs
A technology used to associate a user's identity to a public key, in which the user's public key is
digitally signed by trusted third party.
A trust model in which two individuals trust each other because each individually trusts a third
party.
The type of trust relationship that can exist between individuals or entities.
A publicly accessible centralized directory of digital certificates that can be used to view the status
of a digital certificate
A process in which keys are managed by a third party, such as a trusted CA
Symmetric keys to encrypt and decrypt information exchanged during a handshake session
between a web browser and web server
A trust model that has multiple CAs that sign digital certificates

Question 2
2 out of 2 points

Question

In software development, the process of defining a collection of hardware and sfotware

components along with their interfaces in order to create the framework for software development.
The code that can be executed by unauthorized users in a software program
A comparison of the present state of a system to its baseline.
An agreement through which parties in a relationship can reach an understanding of their
relationships and responsibilities.
A penetration test where some limited information has been provided to the tester.
Disabling unused application/service ports to reduce the number of threat vectors.
In software development, presenting the code to multiple reviewers in order to reach agreement
about its security.
A computer typically located in an area with limited security and loaded with software and data
files that appear to be authentic, but are actually imitations of real data files, to trick attackers into
revealing their attack techniques.
The start-up relationship agreement between parties.
The termination of an agreement between parties.

Question 3
2 out of 2 points

What can be used to increase the strength of hashed passwords?

Question 4
2 out of 2 points

What is the center of the weakness of passwords?

Question 5
2 out of 2 points

A secret combination of letters, numbers, and/or characters that only the user should have knowledge
of, is known as a:

Question 6
2 out of 2 points

A list of the available nonkeyboard characters can be seen in Windows by opening what utility?

Question 7
2 out of 2 points

What can be enabled to prevent a mobile device from being used until a user enters the correct
passcode, such as a pin or password?

Question 8
0 out of 2 points

Select below the type of computing device that uses a limited version of the Linux operating system
and uses a web browser with an integrated media player:

Question 9
0 out of 2 points

Which of the following selections is not one of the features provided by a typical MDM?

Question 10
0 out of 2 points

Select below the item that is not considered to be a basic characteristic of mobile devices:

Question 11
0 out of 2 points

In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is
being written in what option below?

Question 12
0 out of 2 points

The goal of what type of threat evaluation is to better understand who the attackers are, why they
attack, and what types of attacks might occur?

Question 13
2 out of 2 points

During a vulnerability assessment, what type of software can be used to search a system for port
vulnerabilities?

Question 14
2 out of 2 points

What is the end result of a penetration test?

Question 15
0 out of 2 points

Which encryption protocol below is used in the WPA2 standard?

Question 16
0 out of 2 points

Slave devices that are connected to a piconet and are sending transmissions are known as what?

Question 17
0 out of 2 points

A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device
using a Bluetooth connection, is known as?

Question 18
0 out of 2 points

Which option below is responsible for the issuing of EAP request packets?

Question 19
0 out of 2 points

Choose the SQL injection statement example below that could be used to find specific users:

Question 20
2 out of 2 points

Select below the term that is used to describe a trusted third-party agency that is responsible for
issuing digital certificates:

Question 21
2 out of 2 points

What type of theft involves stealing another persons personal information, such as a Social Security
number, and then using the information to impersonate the victim, generally for financial gain?

Question 22
2 out of 2 points

How can an attacker substitute a DNS address so that a computer is automatically redirected to
another device?

Question 23
0 out of 2 points

Which SQL injection statement example below could be used to discover the name of the table?

Question 24
0 out of 2 points

What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?

Question 25
0 out of 2 points

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system
for matching computer names and numbers using this service:

Question 26
2 out of 2 points

What is the name of the open source asymmetric cryptography system that runs on Windows, UNIX,
and Linux systems, and is compatible with PGP?

Question 27
2 out of 2 points

In what kind of attack can attackers make use of hundreds of thousands of computers under their
control in an attack against a single server or network?

Question 28
0 out of 2 points

What type of monitoring compares network traffic, activities, transactions, or behavior against a
database of known attack patterns?

Question 29
0 out of 2 points

What is the name for an instruction that interrupts a program being executed and requests a service
from the operating system?

Question 30
0 out of 2 points

A framework for all of the entities involved in digital certificates for digital certificate management
is known as:

Question 31
2 out of 2 points

Select below the information protection item that ensures that information is correct and that no
unauthorized person or malicious software has altered that data.

Question 32
0 out of 2 points

What is the best way to prevent data input by a user from having potentially malicious effects on
software?

Question 33
2 out of 2 points

Instead of trying to make a match, modern AV techniques are beginning to use a type of detection
that attempts to identify the characteristics of a virus. What is the name for this technique?

Question 34
2 out of 2 points

What type of attack is targeted against a smaller group of specific individuals, such as the major
executives working for a manufacturing company?

Question 35
0 out of 2 points

What is the term used for a device that requests permission from an authenticator to join a network?

Question 36
2 out of 2 points

What MAC limiting configuration setting allows for MAC addresses to be automatically learned and
stored along with any addresses that were learned prior to using the configuration setting?

Question 37
2 out of 2 points

At what level of the OSI model does the IP protocol function?

Question 38
0 out of 2 points

What transport protocol is used by Windows operating systems to allow applications on separate
computers to communicate over a LAN?

Question 39
2 out of 2 points

When using Role Based Access Control (RBAC), permissions are assigned to:

Question 40
2 out of 2 points

What kind of attack allows for the construction of LDAP statements based on user input statements,
which can then be used to access the LDAP database or modify the database's information?

Question 41
0 out of 2 points

Entries within a Directory Information Base are arranged in a tree structure called the:

Question 42
0 out of 2 points

A user or a process functioning on behalf of the user that attempts to access an object is known as
the:

Question 43
2 out of 2 points

A written document that states how an organization plans to protect the company's information
technology assets is a:

Question 44
0 out of 2 points

Policies that include statements regarding how an employee's information technology resources will
be addressed are part of a:

Question 45
2 out of 2 points

Websites that group individuals and organizations into clusters or groups based on some sort of
affiliation are considered to be what type of websites?

Question 46
2 out of 2 points

What type of learner tends to sit in the middle of the class and learns best through lectures and
discussions?

Question 47
2 out of 2 points

According to the Federal Bureau of Investigation (FBI), what percentage of crime committed today
leaves behind digital evidence that can be retrieved via computer forensics?

Question 48
2 out of 2 points

A location that has all the equipment installed but does not have active Internet or
telecommunications facilities, and does not have current backups of data, is an example of a:

Question 49
2 out of 2 points

Using technology to search for computer evidence of a crime in order to retrieve information, even if
it has been altered or erased, that can be used in pursuit of an attacker or criminal is an example of:

Question 50
0 out of 2 points

The process of identifying exposure to threats, creating preventive and recovery procedures, and then
testing them to determine if they are sufficient, is known as: