1D0-671試験無料問題集（126題）「CIW Web Security Associate 認定」

出題：1

Which step in security policy implementation ensures that security policy will change as technology advances?

A. Log, test and evaluate.

B. Secure each resource and service.

C. Repeat the process and keep current.

D. Publish the security policy.

正解：C 解答を投票する

出題：2

Which of the following is the most likely first step to enable a server to recover from a denial-of- service attack in which all hard disk data is lost?

A. Contact a disk recovery service

B. Enable virtualization

C. Contact the backup service

D. Rebuild your RAID 0 array

正解：C 解答を投票する

出題：3

What distinguishes hash encryption from other forms of encryption?

A. Hash encryption is used for information that you want never to be decrypted or read.

B. Hash encryption is the encryption method of choice when conducting e-commerce transactions.

C. Hash encryption creates a mathematically matched key pair in which one half of the pair encrypts, and the other half decrypts.

D. Hash encryption creates a single key that is used to encrypt and decrypt information.

正解：A 解答を投票する

出題：4

Which of the following is a security principle that allows you to protect your network resources?

A. Provide training for end users and IT workers.

B. Avoid being suspicious of legitimate activity.

C. Realize that some high-end systems should stand alone.

D. Deploy security enforcement only in the largest departments.

正解：A 解答を投票する

出題：5

Which of the following is a common problem with proxy servers?

A. Because proxy servers do not mask network resources, hackers may be able to access all exposed systems.

B. Proxy servers cannot filter out specific application-layer traffic.

C. Proxy servers do not log incoming and outgoing access, so you will not be able to see details of successful and failed connections.

D. Proxy servers may return old cached information.

正解：D 解答を投票する

出題：6

What is the primary strength of symmetric-key encryption?

A. It creates a ash?of a text, enabling data integrity.It creates a ?ash?of a text, enabling data integrity.

B. It can encrypt large amounts of data very quickly.

C. It allows easy and secure exchange of the secret key.

D. It provides non-repudiation services more efficiently than asymmetric-key encryption.

正解：B 解答を投票する

出題：7

Which task should you perform first when considering where to place equipment?

A. Conduct a needs assessment audit.

B. Secure funding.

C. Conduct research to determine the appropriate products for your organization.

D. Consult with management to determine specific needs.

正解：A 解答を投票する

出題：8

When Tripwire discovers that a file or database has been altered, how will it alert you?

A. Via a log file entry only

B. Via a pager configured to receive a special signal

C. Via e-mail or a log file entry

D. Via an e-mail message only

正解：C 解答を投票する

出題：9

Which of the following details should be included in documentation of an attack?

A. An overview of the security policy and suggestions for the next response plan

B. Estimates of how much the attack cost the company, and a list of the applications used by the attacker

C. The time and date of the attack, and the names of employees who were contacted during the response

D. The network resources involved in the attack, and recommendations for thwarting future attacks

正解：C 解答を投票する

出題：10

A disgruntled employee has discovered that the company Web server is not protected against particular buffer overflow vulnerability.
The disgruntled employee has created an application to take advantage of this vulnerability and secretly obtain sensitive data from the Web server's hard disk. This application sends a set of packets to the Web server that causes it to present an unauthenticated terminal with root privileges.
What is the name for this particular type of attack?

A. Trojan

B. Man-in-the-middle attack

C. Zero-day attack

D. Denial of service

正解：C 解答を投票する

1D0-671試験無料問題集「CIW Web Security Associate 認定」