practice questions

zackmaxzackmax Posts: 61Member ■■□□□□□□□□
thought I'd just start a general thread.

here is another


Which is replayed during a WEP attack?

1. initialization vectors
2. preshared keys
3. ticket exchange

Feels like #1 to me.

Comments

  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    security admin wants to keep users from plugging unapproved smartphones into their computers and transfer data.
    which is the best control?

    1. data loss prevention
    2. mobile device management
  • cyberguyprcyberguypr Senior Member Posts: 6,751Mod Mod
    Mobile device management controls company phones. Does nothing for unapproved/personal devices (unless people voluntarily submit to BYOD policies, but this is outside the scope of the question). DLP controls movement of data across exfiltration vectors such as cloud, mobile, etc. so this is the answer.
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    there is a remote vulnerbaility affecting all MF printers firmware. how to mitigate it?

    1. create separate printer network
    2. install patches on print server
    3. run a vulnrability scan
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    3 weeks after a programmer was terminated, helpdesk has several calls that computers are being infected with malware.
    upon research it is found that employees downloaded a toolbar. the toolbar downloaded and installed the malicious code. which attack is this?

    1. logic bomb
    2. malicious add-on
    3. XSS


    I am leaning to malicious add-on, but there is a mention of a programmer leaving the company which makes me think logic bomb.
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    zackmax wrote: »
    3 weeks after a programmer was terminated, helpdesk has several calls that computers are being infected with malware.
    upon research it is found that employees downloaded a toolbar. the toolbar downloaded and installed the malicious code. which attack is this?

    1. logic bomb
    2. malicious add-on
    3. XSS


    I am leaning to malicious add-on, but there is a mention of a programmer leaving the company which makes me think logic bomb.

    standard malicious add-on. people install random crap from the first google result for "vlc" and click next a bunch of times then act surprised when their stuff starts going wrong
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    zackmax wrote: »
    there is a remote vulnerbaility affecting all MF printers firmware. how to mitigate it?

    1. create separate printer network
    2. install patches on print server
    3. run a vulnrability scan

    assuming there is a patch, patch the printer. VLANing will mitigate too unless people need to access the printer.
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    zackmax wrote: »
    thought I'd just start a general thread.

    here is another


    Which is replayed during a WEP attack?

    1. initialization vectors
    2. preshared keys
    3. ticket exchange

    Feels like #1 to me.

    i'm not a wireless pentester, but i think IVs if memory serves ???
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    standard malicious add-on. people install random crap from the first google result for "vlc" and click next a bunch of times then act surprised when their stuff starts going wrong

    things is, it says "print server" not printer. so I think separate network/vlan.
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    what are fast and efficient crypto keys that do not use prime numbers and are usable with Diffie-Hellman ?

    1. quantum key
    2. elliptic curve
    3. symmetric key
    4. assymmetric key
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    to filter client side Java input is to prevent which of the following?

    1. sql injection
    2. watering hole
    3. xss
    4. pharming
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    which is most important layer of security for industrial control and SCADA network?

    1. IPS
    2. automated patch deployment
    3. Anti virus
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    what can be used to quicken and automate certificate revocation?

    1. CRL
    2. OCSP
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    which one of these does both authentication and authorization?

    1. kerberos
    2. ldap
    3. radius
    4. tacacs+
  • CertifiedMonkeyCertifiedMonkey Posts: 172Member ■■□□□□□□□□
    zackmax wrote: »
    which ONE of these does both authentication and authorization?

    1. kerberos
    2. ldap
    3. radius
    4. tacacs+

    Don't understand this question. TACACS+ and RADIUS provide Authentication, Authorization and Accounting (AAA). Kerberos provides Authentication and Authorization (No Accounting). Can we choose more than one answer or am I missing something here?
  • zackmaxzackmax Posts: 61Member ■■□□□□□□□□
    yep sorry might be a typo/mistake in that one :)
Sign In or Register to comment.