practice questions

zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
thought I'd just start a general thread.

here is another


Which is replayed during a WEP attack?

1. initialization vectors
2. preshared keys
3. ticket exchange

Feels like #1 to me.

Comments

  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    security admin wants to keep users from plugging unapproved smartphones into their computers and transfer data.
    which is the best control?

    1. data loss prevention
    2. mobile device management
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Mobile device management controls company phones. Does nothing for unapproved/personal devices (unless people voluntarily submit to BYOD policies, but this is outside the scope of the question). DLP controls movement of data across exfiltration vectors such as cloud, mobile, etc. so this is the answer.
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    there is a remote vulnerbaility affecting all MF printers firmware. how to mitigate it?

    1. create separate printer network
    2. install patches on print server
    3. run a vulnrability scan
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    3 weeks after a programmer was terminated, helpdesk has several calls that computers are being infected with malware.
    upon research it is found that employees downloaded a toolbar. the toolbar downloaded and installed the malicious code. which attack is this?

    1. logic bomb
    2. malicious add-on
    3. XSS


    I am leaning to malicious add-on, but there is a mention of a programmer leaving the company which makes me think logic bomb.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    zackmax wrote: »
    3 weeks after a programmer was terminated, helpdesk has several calls that computers are being infected with malware.
    upon research it is found that employees downloaded a toolbar. the toolbar downloaded and installed the malicious code. which attack is this?

    1. logic bomb
    2. malicious add-on
    3. XSS


    I am leaning to malicious add-on, but there is a mention of a programmer leaving the company which makes me think logic bomb.

    standard malicious add-on. people install random crap from the first google result for "vlc" and click next a bunch of times then act surprised when their stuff starts going wrong
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    zackmax wrote: »
    there is a remote vulnerbaility affecting all MF printers firmware. how to mitigate it?

    1. create separate printer network
    2. install patches on print server
    3. run a vulnrability scan

    assuming there is a patch, patch the printer. VLANing will mitigate too unless people need to access the printer.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    zackmax wrote: »
    thought I'd just start a general thread.

    here is another


    Which is replayed during a WEP attack?

    1. initialization vectors
    2. preshared keys
    3. ticket exchange

    Feels like #1 to me.

    i'm not a wireless pentester, but i think IVs if memory serves ???
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    standard malicious add-on. people install random crap from the first google result for "vlc" and click next a bunch of times then act surprised when their stuff starts going wrong

    things is, it says "print server" not printer. so I think separate network/vlan.
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    what are fast and efficient crypto keys that do not use prime numbers and are usable with Diffie-Hellman ?

    1. quantum key
    2. elliptic curve
    3. symmetric key
    4. assymmetric key
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    to filter client side Java input is to prevent which of the following?

    1. sql injection
    2. watering hole
    3. xss
    4. pharming
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    which is most important layer of security for industrial control and SCADA network?

    1. IPS
    2. automated patch deployment
    3. Anti virus
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    what can be used to quicken and automate certificate revocation?

    1. CRL
    2. OCSP
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    which one of these does both authentication and authorization?

    1. kerberos
    2. ldap
    3. radius
    4. tacacs+
  • CertifiedMonkeyCertifiedMonkey Member Posts: 172 ■■□□□□□□□□
    zackmax wrote: »
    which ONE of these does both authentication and authorization?

    1. kerberos
    2. ldap
    3. radius
    4. tacacs+

    Don't understand this question. TACACS+ and RADIUS provide Authentication, Authorization and Accounting (AAA). Kerberos provides Authentication and Authorization (No Accounting). Can we choose more than one answer or am I missing something here?
  • zackmaxzackmax Member Posts: 61 ■■□□□□□□□□
    yep sorry might be a typo/mistake in that one :)
Sign In or Register to comment.