Employee badges are encoded with a private encryption key and specific personal information
362. Which of the
following is a hardware based encryption device?
·
A. EFS
B. TrueCrypt
C. TPM
D. SLE
·
TPM (Trusted Platform
Module)
361. Certificates are
used for: (Select TWO)
·
A. Client authentication.
B. WEP encryption.
C. Access control lists.
D. Code signing.
E. Password hashing.
·
Client authentication.
D. Code signing.
360. A security
administrator wants to check user password complexity. Which of the following
is the
BEST tool to use?
·
A. Password history
B. Password logging
C. Password cracker
D. Password hashing
·
C. Password cracker
CompTIA:
An organization hires you to test an application that you have limited
knowledge of. You are given a login to the application but do not have access
to the source code. What type of test are you running?
·
A. White-box
B. Black-box
C. SDLC
D. Graybox
·
D. Graybox
359. Which of the
following can be used by a security administrator to successfully recover a
user's
forgotten password on a password protected file?
·
A. Cognitive password
B. Password sniffing
C. Brute force
D. Social engineering
·
C. Brute force
358. Which of the
following application security testing techniques is implemented when an
automated
system generates random input data?
·
A. Fuzzing
B. XSRF
C. Hardening
D. Input validation
·
Fuzzing
357. Which of the
following devices would MOST likely have a DMZ interface?
·
A. Firewall
B. Switch
C. Load balancer
D. Proxy
·
Firewall
356. Employee badges
are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the
following describes this
access control type?
·
A. Smartcard
B. Token
C. Discretionary access control
D. Mandatory access control
·
Smartcard
355. Which of the
following MUST be updated immediately when an employee is terminated to prevent
unauthorized access?
·
A. Registration
B. CA
C. CRL
D. Recovery agent
·
C. CRL (Certificate
Revocation List)
354. A security
administrator needs to determine which system a particular user is trying to
login to at various times of the day. Which of the following log types would
the administrator check?
·
A. Firewall
B. Application
C. IDS
D. Security
·
D. Security
353. Which of the
following would be used when a higher level of security is desired for
encryption key
storage?
·
A. TACACS+
B. L2TP
C. LDAP
D. TPM
·
D. TPM (Trusted
Platform Module)
352. In regards to
secure coding practices, why is input validation important?
·
A. It mitigates buffer overflow attacks.
B. It makes the code more readable.
C. It provides an application configuration baseline.
D. It meets gray box testing standards.
·
It mitigates buffer
overflow attacks.