C845 Practice 4
QUESTIONS AND VERIFIED
CORRECT ANSWERS
GRADED A+ LATEST 100%
GUARANTEED PASS
A rainbow table attack - CORRECT ANSWER-During a penetration test, Chris recovers a file
containing hashed passwords for the system he is attempting to access.
What type of attack is most likely to succeed against the hashed passwords?
A brute-force attack
A pass-the-hash attack
A rainbow table attack
A salt recovery attack
Blacklist - CORRECT ANSWER-Kay is selecting an application management approach for her
organization.
Employees need the flexibility to install software on their systems, but Kay wants to prevent
them from installing certain prohibited packages. What type of approach should she use?
Antivirus
Whitelist
Blacklist
,Heuristic
Separation of duties - CORRECT ANSWER-Owen recently designed a security access control
structure that prevents a single user from simultaneously holding the role required to create a
new vendor and the role required to issue a check.
What principle is Owen enforcing?
Two-person control
Least privilege
Separation of duties
Job rotation
Private IP addresses - CORRECT ANSWER-IP addresses like 10.10.10.10 and 172.19.24.21 are
both examples of what type of IP address?
Public IP addresses
Prohibited IP addresses
Private IP addresses
Class B IP ranges
SaaS - CORRECT ANSWER-Fran's company is considering purchasing a web-based email service
from a vendor and eliminating its own email server environment as a cost-saving measure.
What type of cloud computing environment is Fran's company considering?
SaaS
IaaS
CaaS
, PaaS
Authentication Header - CORRECT ANSWER-Which component of IPsec provides authentication,
integrity, and nonrepudiation?
L2TP
Encapsulating Security Payload
Encryption Security Header
Authentication Header
Need to know - CORRECT ANSWER-Alex's job requires him to see protected health information
(PHI) to ensure proper treatment of patients. His access to their medical records does not
provide access to patient addresses or billing information.
What access control concept best describes this control?
Separation of duties
Constrained interfaces
Context-dependent control
Need to know
Operational investigation - CORRECT ANSWER-Which one of the following investigation types
has the loosest standards for collecting and preserving information?
Civil investigation
Operational investigation
Criminal investigation
Regulatory investigation
QUESTIONS AND VERIFIED
CORRECT ANSWERS
GRADED A+ LATEST 100%
GUARANTEED PASS
A rainbow table attack - CORRECT ANSWER-During a penetration test, Chris recovers a file
containing hashed passwords for the system he is attempting to access.
What type of attack is most likely to succeed against the hashed passwords?
A brute-force attack
A pass-the-hash attack
A rainbow table attack
A salt recovery attack
Blacklist - CORRECT ANSWER-Kay is selecting an application management approach for her
organization.
Employees need the flexibility to install software on their systems, but Kay wants to prevent
them from installing certain prohibited packages. What type of approach should she use?
Antivirus
Whitelist
Blacklist
,Heuristic
Separation of duties - CORRECT ANSWER-Owen recently designed a security access control
structure that prevents a single user from simultaneously holding the role required to create a
new vendor and the role required to issue a check.
What principle is Owen enforcing?
Two-person control
Least privilege
Separation of duties
Job rotation
Private IP addresses - CORRECT ANSWER-IP addresses like 10.10.10.10 and 172.19.24.21 are
both examples of what type of IP address?
Public IP addresses
Prohibited IP addresses
Private IP addresses
Class B IP ranges
SaaS - CORRECT ANSWER-Fran's company is considering purchasing a web-based email service
from a vendor and eliminating its own email server environment as a cost-saving measure.
What type of cloud computing environment is Fran's company considering?
SaaS
IaaS
CaaS
, PaaS
Authentication Header - CORRECT ANSWER-Which component of IPsec provides authentication,
integrity, and nonrepudiation?
L2TP
Encapsulating Security Payload
Encryption Security Header
Authentication Header
Need to know - CORRECT ANSWER-Alex's job requires him to see protected health information
(PHI) to ensure proper treatment of patients. His access to their medical records does not
provide access to patient addresses or billing information.
What access control concept best describes this control?
Separation of duties
Constrained interfaces
Context-dependent control
Need to know
Operational investigation - CORRECT ANSWER-Which one of the following investigation types
has the loosest standards for collecting and preserving information?
Civil investigation
Operational investigation
Criminal investigation
Regulatory investigation
