GCC Class 2 Pretest

  1. What is the access control step that verifies that a user is who he or she claims to be?

    A. Authentication.
  2. What is the security model that determines whether a user can enter a space and obtain secured objects?

    B. Access control.
  3. A user should be aware of which parts of an organization's security policies?
    A. The security policies applicable to the user and the effects of security breaches.
    B. Only the security policies that deal with computers.
    C. Only physical security policies.
    D. Only the user account and password policies.
    A. The security policies applicable to the user and the effects of security breaches.
  4. What is created by a flaw in an application that could be exploited by an external attacker?

    C. Vulnerability.
  5. What type of encryption uses only a single encryption key to both encrypt and decrypt data?
    A. Symmetric encryption.
    B. Asynchronous stream encryption.
    C. Asymmetric encryption.
    D. Hash algorithm.
    A. Symmetric encryption.
  6. On which of the following encryption concepts is PKI based?

    C. Asymmetric encryption.
  7. To ensure that data at rest, data in motion and data in use retain their integrity without unauthorized modification, removal, or corruption, what system should be in place as part of a data security policy?

    D. Data loss prevention.
  8. What is the type of messages that are sent to mobile devices by application publishers to provide information, advertising, or service or product offers?

    A. Push notification.
  9. What term refers to the delivery of applications as a service in which resources, software, and data are available to the application and a host via the Internet?

    D. Cloud computing.
  10. Which of the following best describes the principle of least privilege?

    B. Restrict a user's access privileges to only those needed by the user for a specific function.
  11. What form of security testing attempts to exploit known or identified vulnerabilities?
    A. Penetration testing.
    B. Functional testing.
    C. Gray box testing.
    D. Vulnerability scanning.
    A. Penetration testing.
  12. What is a DoS attack that sends a flood of synchronization (SYN) requests and never sends the final acknowledgment (ACK)?

    D. SYN flood.
Card Set
GCC Class 2 Pretest
GCC Class 2 Pretest