156-110 Online Practice Questions and Answers

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?

A. On-line training

B. Formal classroom training

C. Train-the-mentor training

D. Alternating-facilitator training

E. Self-paced training

Why should the number of services on a server be limited to required services?

A. Every open service represents a potential vulnerability.

B. Closed systems require special connectivity services.

C. Running extra services makes machines more efficient.

D. All services are inherently stable and secure.

E. Additional services make machines more secure.

If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization's e-mail policy?

A. Technologies and methods used to monitor and enforce the organization's policies

B. Senior management and business-unit owner responsibilities and delegation options

C. Clear, legally defensible definition of what constitutes a business record

D. Consequences for violation of the organization's acceptable-use policy

E. No expectation of privacy for e-mail communications, using the organization's resources

Which of the following is the BEST method for managing users in an enterprise?

A. Enter user data in a spreadsheet.

B. Implement centralized access control.

C. Deploy Kerberos.

D. Place them in a centralized Lightweight Directory Access Protocol.

E. Use a Domain Name System.

How is bogus information disseminated?

A. Adversaries sort through trash to find information.

B. Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ other methods, such as social engineering, to discover the cause of the noise.

C. Adversaries use movement patterns as indicators of activity.

D. Adversaries take advantage of a person's trust and goodwill.

E. Seemingly, unimportant pieces of data may yield enough information to an adversary, for him to disseminate incorrect information and sound authoritative.

Which of the following are enterprise administrative controls? (Choose TWO.)

A. Network access control

B. Facility access control

C. Password authentication

D. Background checks

E. Employee handbooks

Which of the following statements about encryption's benefits is false? Encryption can: (Choose TWO.)

A. significantly reduce the chance information will be modified by unauthorized entities.

B. only be used to protect data in transit. Encryption provides no protection to stored data.

C. allow private information to be sent over public networks, in relative safety.

D. significantly reduce the chance information will be viewed by unauthorized entities.

E. prevent information from being destroyed by malicious entities, while in transit.

A(n) _______ is the first step for determining which technical information assets should be protected.

A. Network diagram

B. Business Impact Analysis

C. Office floor plan

D. Firewall

E. Intrusion detection system

Which types of security solutions should a home user deploy? (Choose TWO.)

A. Managed Security Gateway

B. Access control lists on a router

C. Personal firewall

D. Network intrusion-detection system

E. Anti-virus software

You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?

A. Run the sample exploit against a test server.

B. Run the sample exploit against a production server.

C. Apply the patch to all production servers.

D. Test the patch on a production server.

E. Test the patch on a non-production server.