Chapter 7, Chapter 8
Which type of RFID tag can send a signal over a long distance?
Active
A private key has been stolen. Which action should you take to deal with this crisis?
Add the digital certificate to the CRL
You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from using the access point (AP) configuration utility?
Change the administrative password on the AP.
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.)
Check the MAC addresses of devices connected to your wired //Conduct a site survey.
When two different messages produce the same hash value, what has occurred?
Collision
You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?
Confidentiality
You are replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network has multiple wireless access points, and you want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)
Configure devices to run in infrastructure mode Install a RADIUS server and use 802.1x authentication
You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?
Configure the connection with a pre-shared key and AES encryption.
Which of the following functions are performed by a TPM?
Create a hash of system components
Hashing algorithms are used to perform which of the following activities?
Create a message digest.
Which of the following is a direct integrity protection?
Digital signature
Which EAP implementation is MOST secure?
EAP-TLS
Which of the following security solutions would prevent a user from reading a file that she did not create?
EFS
Which type of interference is caused by motors, heavy machinery, and fluorescent lights?
EMI
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?
Enable the TPM in the BIOS.
Which class of wireless access point (WAP) has everything necessary to manage clients and broadcast a network already built into its functionality?
FAT
Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?
GPG
What is the main function of a TPM hardware chip?
Generate and store cryptographic keys
Which of the following is used to verify that a downloaded file has not been altered?
Hash
A birthday attack focuses on which of the following?
Hashing algorithms
Which of the following is generated after a site survey and shows the Wi-Fi signal strength throughout the building?
Heat map
Which type of attack is WEP extremely vulnerable to?
IV attack
To obtain a digital certificate and participate in a public key infrastructure (PKI), what must be submitted and where?
Identifying data and a certification request to the registration authority (RA)
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.)
If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state. By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?
Implement BitLocker with a TPM.
You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network's signal. Which type of attack are you most likely experiencing?
Jamming
You are concerned that if a private key is lost, all documents encrypted with your private key will be inaccessible. Which service should you use to solve this problem?
Key escrow
Which of the following are true of Triple DES (3DES)?
Key length is 168 bits
Which of the following do switches and wireless access points use to control access through a device?
MAC address filtering
Which of the following is the weakest hashing algorithm?
MD5
The IT manager has tasked you with installing the new wireless LAN controller (WLC). Where should you install the controller?
Network closet
Cryptographic systems provide which of the following security services? (Select two.)
Non reputation/ confidentiality
When a sender encrypts a message using their own private key, which security service is being provided to the recipient?
Non-repudiation
Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message and then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. Which protection does the private key-signing activity of this process provide?
Non-repudiation
You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?
On a RADIUS server
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments?
Online Certificate Status Protocol
You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. Which type of wireless antenna should you use on each side of the link? (Select two.)
Parabolic/High-gain
Which of the following types of site surveys should be performed first?
Passive
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?
Private keys
Which of the following algorithms are used in symmetric encryption? (Select two.)
Blowfish/3DES
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Bluejacking
Which of the following can be classified as a stream cipher?
RC4
Which of the following algorithms are used in asymmetric encryption? (Select two.)
RSA/Dillie Hellman
An attacker is attempting to crack a system's password by matching the password hash to a hash in a large table of hashes he or she has. Which type of attack is the attacker using?
Rainbow
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this?
Rogue access point
In the certificate authority trust model known as a hierarchy, where does trust start?
Root CA
Which of the following does not or cannot produce a hash value of 128 bits?
SHA-1
Which type of wireless access point is generally used in a residential setting?
SOHO
Which of the following is used on a wireless network to identify the network name?
SSID
You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the access point (AP). Which of the following values uniquely identifies the network AP?
SSID
What is the process of adding random characters at the beginning or end of a password to generate a completely different hash called?
Salting
Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?
Sam public key
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?
Sender's public key
An SSL client has determined that the certificate authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity?
The CA's public key must validate the CA's digital signature on the server certificate.
Which of the following database encryption methods encrypts the entire database and all backups?
Transparent Data Encryption (TDE)
When a cryptographic system is used to protect data confidentiality, what actually takes place?
Unauthorized users are prevented from viewing or accessing the resource.
Which of the following items are contained in a digital certificate? (Select two.)
Validity period/Public key
Which of the following best describes Bluesnarfing?
Viewing calendar, emails, and messages on a mobile device without authorization
You need to implement a solution to manage multiple access points in your organization. Which of the following would you most likely use?
WLS
You need to add security for your wireless network, and you would like to use the most secure method. Which method should you implement?
WPA2
Which of the following devices would you use to perform a site survey?
Wi-Fi analyzer
Which of the following is responsible for broadcasting information and data over radio waves?
Wireless access point
Which standard is most widely used for certificates?
X.509
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file?
Your copy is the same as the copy posted on the website.
What is the most obvious means of providing non-repudiation in a cryptography system?
digital signature
An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device. Which type of attack is being executed?
relay
You need to configure a wireless network using WPA2-Enterprise. Which of the following components should be part of your design? (Select two.)
802.1x//AES encryption
Which of the following best describes an evil twin?
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
A PKI is an implementation for managing which type of encryption?
Asymmetric
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?
Bitlocker
Which of the following encryption mechanisms offers the least security because of weak keys?
DES
Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted?
DRA
Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt?
Dictionary attack
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, he or she should not be allowed to access the internet. What should you do?
Implement a captive portal
You have downloaded a file from the internet. You generate a hash and check it against the original file's hash to ensure the file has not been changed. Which information security goal is this an example of?
Integrity
Which term means a cryptography mechanism that hides secret communications within various forms of data?
Steganography
Which form of cryptography is best suited for bulk encryption because it is so fast?
Symmetric key cryptography
You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file's encryption?
The file is unencrypted when moved.
Which of the following would require that a certificate be placed on the CRL?
The private key is compromised.