Security + Module 3 & 4 Exam

A system such as a printer, smart TV, or HVAC controller, typically uses an operating system on what is called a ________

How can an area be made secure from a non-secured area via two interlocking doors to a small room?

Proximity reader utilize a special type of tag that can be affixed to the inside of an ID badge. What is the name for this type of tag?

XSS attacks occur when an attacker takes advantage of web applications that accept user input without validating it and then present it back to the user. T/F

What type of video surveillance is typically used by banks, casinos, airports, and military instillations, and commonly employs guards who actively monitor the surveillance?

An independently rotating large up of affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What is the name for this technology?

SQL injection statement example below that could be used to find specific user

Stands for secured Query Language. It is used to communicate with a database. It is the standard language for relational database management systems.

What type of filtering utilizes an analysis of the content of spam messages in comparison to actual / non-spam messages in order to make intelligent decisions as to what should be considered spam

Keyed entry locks are much more difficult to defeat than deadbolt locks. T/F

How can an attacker substitute a DNS address so tat a computer is automatically redirected to another device?

Domain Name System whose main job is to translate domain names to IP addresses

Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristic of a virus. What is the name for this technique.

What language is designed to display data with a primary focus on how the data looks?

What is not one of the types of settings that would be included in a Microsoft Windows security template?

Most DLP systems make use of what method of security analysis?

Digital Light Processing

Subtypes of security controls, classified as a deterrent, preventive, detective, compensations, or corrective.

A paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area.

Spam filtering software that analyzed every word in an email and determines how frequently a word occurs in order to determine if it is spam

A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program

An attack that uses the user's web browser setting to impersonate the user

a nonrelational database that is better tuned for accessing large data sets

Large-scale, industrial control systems

A structure designed to block the passage of traffic

What language is used for the transport and storage of data, with the focus on what the data is?

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

The exchange of information among DNS servers regarding configured zones is known as:

Securing the host involves protecting the physical device itself, securing the operating system software on the system, using security-based software applications, and monitoring logs

SQL injection statement that can be used to erase an entire database table?

Anti-virus products typically utilize what type of virus scanning analysis?

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Attacks that take place against web based services are considered to be what type of attack?

Most portable devices, and some computer monitors, have a special steel bracket security slot built into the case, which can be used in conjunction with a:

DLP agent sensors are installed on each host device, and monitor for actions such as printing, copying to a USB flash drive, and burning to a CD or DVD.

What is the best way to prevent data input by a user from having potentially malicious effects on software?

What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?

ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies: T/F

String of characters that can be used to traverse up on dictionary level from the root directory:

Which type of attack below is similar to a passive man-in-the-middle attack?

Default root directory of the Microsoft Internet Information Services (IIS) Web server is located in which directory?

Because the XSS is a widely known attack, the number of Web sites that are vulnerable are very small T/F

What is the name for a standard or checklist against which system can be evaluated and audited for their level of security (security posture)?