1. What is WAP?
A lightweight protocol designed for mobile devices
2. Which encryption method is based on the idea of two keys, one that is public and one
that is private?
Asymmetric encryption
3. A Class 3 certificate is generally used to verify an individual’s identity through e-mail.
False
4. Which term describes a computer language invented by Sun Microsystems as an
alternative to Microsoft’s development languages?
Java
5. What is a key item to consider when designing incident response procedures?
To design the incident response procedures to include appropriate business personnel
6. Which term refers to ensuring proper procedures are followed when modifying the IT
infrastructure?
Change management
7. Which term refers to a unique alphanumeric identifier for a user of a computer system?
Username
8. E-mail hoaxes are similar to chain letters in promising a reward.
False
9. In a UNIX operating system, which runlevel reboots the machine?
6
10. Which protocol involves a two-way handshake in which the username and password are
sent across the link in cleartext?
PAP
11. DNS __________ is a variant of a larger attack class referred to as DNS spoofing, in
which an attacker changes a DNS record through any of a multitude of means.
Poisoning
12. Public keys are components of digital certificates.
True
13. Which law makes it a crime to knowingly access a computer that is either considered a
government computer or used in interstate commerce, or to use a computer in a crime
that is interstate in nature?
Computer Fraud and Abuse Act
, 14. What makes the one-time pad “perfect” is the size of the key.
True
15. PKI can be used as a measure to trust individuals we do not know.
True
16. Which access control type would you use to grant permissions based on the sensitivity
of the information contained in the objects?
Mandatory access control
17. Sensors are devices that capture data and act upon it.
True
18. Permissions can be applied to specific users or groups to control that user’s or group’s
ability to vie, modify, access, use, or delete resources such as folders and file.
True
19. Which document outlines what the loss of any critical functions will mean to the
organization?
Business impact analysis (BIA)
20. Which statement describes an example of a poor security practice?
An employee creates a good password and then uses it for all accounts.
21. Which RAID configuration, known as mirrored disks, copies the data from one disk onto
two or more disks?
RAID 1
22. The basis for authentication in a Kerberos environment is the ticket.
True
23. True zero-day vulnerabilities are used often and quickly because once used, they will be
patched.
False
24. Which RAID configuration is known as bit-level error-correcting code and not
typically used, as it stripes data across the drives at the bit level as opposed to
the block level?
A lightweight protocol designed for mobile devices
2. Which encryption method is based on the idea of two keys, one that is public and one
that is private?
Asymmetric encryption
3. A Class 3 certificate is generally used to verify an individual’s identity through e-mail.
False
4. Which term describes a computer language invented by Sun Microsystems as an
alternative to Microsoft’s development languages?
Java
5. What is a key item to consider when designing incident response procedures?
To design the incident response procedures to include appropriate business personnel
6. Which term refers to ensuring proper procedures are followed when modifying the IT
infrastructure?
Change management
7. Which term refers to a unique alphanumeric identifier for a user of a computer system?
Username
8. E-mail hoaxes are similar to chain letters in promising a reward.
False
9. In a UNIX operating system, which runlevel reboots the machine?
6
10. Which protocol involves a two-way handshake in which the username and password are
sent across the link in cleartext?
PAP
11. DNS __________ is a variant of a larger attack class referred to as DNS spoofing, in
which an attacker changes a DNS record through any of a multitude of means.
Poisoning
12. Public keys are components of digital certificates.
True
13. Which law makes it a crime to knowingly access a computer that is either considered a
government computer or used in interstate commerce, or to use a computer in a crime
that is interstate in nature?
Computer Fraud and Abuse Act
, 14. What makes the one-time pad “perfect” is the size of the key.
True
15. PKI can be used as a measure to trust individuals we do not know.
True
16. Which access control type would you use to grant permissions based on the sensitivity
of the information contained in the objects?
Mandatory access control
17. Sensors are devices that capture data and act upon it.
True
18. Permissions can be applied to specific users or groups to control that user’s or group’s
ability to vie, modify, access, use, or delete resources such as folders and file.
True
19. Which document outlines what the loss of any critical functions will mean to the
organization?
Business impact analysis (BIA)
20. Which statement describes an example of a poor security practice?
An employee creates a good password and then uses it for all accounts.
21. Which RAID configuration, known as mirrored disks, copies the data from one disk onto
two or more disks?
RAID 1
22. The basis for authentication in a Kerberos environment is the ticket.
True
23. True zero-day vulnerabilities are used often and quickly because once used, they will be
patched.
False
24. Which RAID configuration is known as bit-level error-correcting code and not
typically used, as it stripes data across the drives at the bit level as opposed to
the block level?
