CompTIA Security+ 501
Which of the following BEST describes a demilitarized zone? A. A buffer zone between protected and unprotected networks. B. A network where all servers exist and are monitored. C. A sterile, isolated network segment with access lists. D. A private network that is protected by a firewall and a VLAN.
A. A buffer zone between protected and unprotected networks.
Which of the following is an example of multifactor authentication? A. Credit card and PIN B. Username and password C. Password and PIN D. Fingerprint and retina scan
A. Credit card and PIN ("Something you have"/"Something you know")
Which of the following is a security risk regarding the use of public P2P as a method of collaboration? A. Data integrity is susceptible to being compromised. B. Monitoring data changes induces a higher cost. C. Users are not responsible for data usage tracking. D. Limiting the amount of necessary space for data storage.
A. Data integrity is susceptible to being compromised.
Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company's rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with? A. Data ownership B. Device access control C. Support ownership D. Acceptable use
A. Data ownership
Peter a company's new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Peter recommend to remediate these issues? A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company's servers B. Ensure the vulnerability scanner is configured to authenticate with a privileged account C. Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers D. Ensure the vulnerability scanner is conducting antivirus scanning
A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company's servers
What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)? A. Enticement B. Entrapment C. Deceit D. Sting
A. Enticement
Which of the following is an application security coding problem? A. Error and exception handling B. Patch management C. Application hardening D. Application fuzzing
A. Error and exception handling
Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database? A. Event B. SQL_LOG C. Security D. Access
A. Event
Which of the following fire suppression systems is MOST likely used in a datacenter? A. FM-200 B. Dry-pipe C. Wet-pipe D. Vacuum
A. FM-200 (gas that displaces oxygen in a room to extinguish the fire)
Which of the following application security testing techniques is implemented when an automated system generates random input data? A. Fuzzing B. XSRF C. Hardening D. Input validation
A. Fuzzing
Peter, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct? A. Gray Box Testing B. Black Box Testing C. Business Impact Analysis D. White Box Testing
A. Gray Box Testing
What is a system that is intended or designed to be broken into by an attacker? A. Honeypot B. Honeybucket C. Decoy D. Spoofing system
A. Honeypot
Configuring the mode, encryption methods, and security associations are part of which of the following? A. IPSec B. Full disk encryption C. 802.1x D. PKI
A. IPSec
Emily, a security administrator, is noticing a slow down in the wireless network response. Emily launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway? A. IV attack B. Interference C. Blue jacking D. Packet sniffing
A. Initialization Vector (IV) attack
Which of the following is an attack designed to activate based on time? A. Logic Bomb B. Backdoor C. Trojan D. Rootkit
A. Logic Bomb
Which of the following is synonymous with a server's certificate? A. Public key B. CRL C. Private key D. Recovery agent
A. Public key
Which of the following authentication protocols makes use of UDP for its services? A. RADIUS B. TACACS+ C. LDAP D. XTACACS
A. RADIUS
Which of the following attacks impact the availability of a system? (Select TWO). A. Smurf B. Phishing C. Spim D. DDoS E. Spoofing
A. Smurf (System swamped with replies to ICMP echo or Ping) D. Distributed Denial of Service (DDoS)
Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this? A. Structured walkthrough B. Full Interruption test C. Checklist test D. Tabletop exercise
A. Structured walkthrough
A password history value of three means which of the following? A. Three different passwords are used before one can be reused. B. A password cannot be reused once changed for three years. C. After three hours a password must be re-entered to continue. D. The server stores passwords in the database for three days.
A. Three different passwords are used before one can be reused.
Which of the following security concepts can prevent a user from logging on from home during the weekends? A. Time of day restrictions B. Multifactor authentication C. Implicit deny D. Common access card
A. Time of day restrictions
Which of the following is the MOST likely cause of users being unable to verify a single user's email signature and that user being unable to decrypt sent messages? A. Unmatched key pairs B. Corrupt key escrow C. Weak public key D. Weak private key
A. Unmatched key pairs
An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this? A. User rights reviews B. Least privilege and job rotation C. Change management D. Change Control
A. User rights reviews
Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles? A. User rights reviews B. Incident management C. Risk based controls D. Annual loss expectancy
A. User rights reviews
Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate? A. War dialing B. War chalking C. War driving D. Bluesnarfing
A. War dialing
Which of the following would MOST likely involve GPS? A. Wardriving B. Protocol analyzer C. Replay attack D. WPS attack
A. Wardriving
The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail. Which of the following BEST describes this attack? A. Whaling B. Vishing C. Spear phishing D. Impersonation
A. Whaling
Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails? A. Whaling B. Impersonation C. Privilege escalation D. Spear phishing
A. Whaling (Targeted at executives)
Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway? A. Wireless jamming B. Evil twin C. Rogue AP D. Packet sniffing
A. Wireless jamming
Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO). A. 110 B. 137 C. 139 D. 143 E. 161 F. 443
B. 137 C. 139
Which of the following is the default port for TFTP? A. 20 B. 69 C. 21 D. 68
B. 69 (TFTP uses UDP port 69)
In PKI, a key pair consists of: (Select TWO). A. A key ring B. A public key C. A private key D. Key escrow E. A passphrase
B. A public key C. A private key
Which the following flags are used to establish a TCP connection? (Select TWO). A. PSH B. ACK C. SYN D. URG E. FIN
B. ACK C. SYN (Three-Step Handshake)
During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed? A. Account recovery B. Account disablement C. Account lockouts D. Account expiration
B. Account disablement
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization? A. Supervisor B. Administrator C. Root D. Director
B. Administrator
Which of the following risk concepts requires an organization to determine the number of failures per year? A. SLE B. ALE C. MTBF D. Quantitative analysis
B. Annual Loss Expectancy (ALE)
Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO). A. DAC B. ALE C. SLE D. ARO E. ROI
B. Annual Loss Expectancy (ALE) C. Single Loss Expectancy (SLE)
Which of the following is the MOST important step for preserving evidence during forensic procedures? A. Involve law enforcement B. Chain of custody C. Record the time of the incident D. Report within one hour of discovery
B. Chain of custody
Which of the following would Peter, a security administrator, do to limit a wireless signal from penetrating the exterior walls? A. Implement TKIP encryption B. Consider antenna placement C. Disable the SSID broadcast D. Disable WPA
B. Consider antenna placement
Layer 7 devices used to prevent specific types of html tags are called: A. Firewalls B. Content filters C. Routers D. NIDS
B. Content filters
Which of the following techniques enables a highly secured organization to assess security weaknesses in real time? A. Access control lists B. Continuous monitoring C. Video surveillance D. Baseline reporting
B. Continuous monitoring
Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website? A. Protocol analyzer B. Load balancer C. VPN concentrator D. Web security gateway
B. Load balancer
A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe? A. Fencing B. Mantrap C. A guard D. Video surveillance
B. Mantrap
An administrator is looking to implement a security device which will be able to not only detect network intrusions at the organization level, but help defend against them as well. Which of the following is being described here? A. NIDS B. NIPS C. HIPS D. HIDS
B. Network-based Intrusion Prevention System (NIPS)
Which of the following practices is used to mitigate a known security vulnerability? A. Application fuzzing B. Patch management C. Password cracking D. Auditing security logs
B. Patch management
Which of the following assessments would Peter, the security administrator, use to actively test that an application's security controls are in place? A. Code review B. Penetration test C. Protocol analyzer D. Vulnerability scan
B. Penetration test
Which of the following network design elements allows for many internal devices to share one public IP address? A. DNAT B. PAT C. DNS D. DMZ
B. Port Address Translation (PAT)
Which of the following ciphers would be BEST used to encrypt streaming video? A. RSA B. RC4 C. SHA1 D. 3DES
B. RC4
Which of the following protocols is the security administrator observing in this packet capture? 12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK A. HTTPS B. RDP C. HTTP D. SFTP
B. Remote Desktop Protocol (RDP)
Identifying residual risk is MOST important to which of the following concepts? A. Risk deterrence B. Risk acceptance C. Risk mitigation D. Risk avoidance
B. Risk acceptance
Which of the following is where an unauthorized device is found allowing access to a network? A. Bluesnarfing B. Rogue access point C. Honeypot D. IV attack
B. Rogue access point
On a train, an individual is watching a proprietary video on Peter's laptop without his knowledge. Which of the following does this describe? A. Tailgating B. Shoulder surfing C. Interference D. Illegal downloading
B. Shoulder surfing
Which of the following is replayed during wireless authentication to exploit a weak key infrastructure? A. Preshared keys B. Ticket exchange C. Initialization vectors D. Certificate exchange
B. Ticket exchange
A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend? A. CHAP B. TOTP C. HOTP D. PAP
B. Time-based One-Time Password (TOTP)
A security administrator develops a web page and limits input into the fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the following attacks? A. Spoofing B. XSS C. Fuzzing D. Pharming
B. XSS
Which of the following can only be mitigated through the use of technical controls rather that user security training? A. Shoulder surfing B. Zero-day C. Vishing D. Trojans
B. Zero-day
A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the: A. badge reader was improperly installed. B. system was designed to fail open for life-safety. C. system was installed in a fail closed configuration. D. system used magnetic locks and the locks became demagnetized.
B. system was designed to fail open for life-safety.
A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company? A. $7,000 B. $10,000 C. $17,500 D. $35,000
C. $17,500 Annual Loss Expectancy (ALE) = Single Loss Expectance (SLE) * Annual Rate of Occurrence (ARO) SLE = Asset Value (AV) * Exposure Factor (EF)
Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO). A. 10.4.4.125 B. 10.4.4.158 C. 10.4.4.165 D. 10.4.4.189 E. 10.4.4.199
C. 10.4.4.165 D. 10.4.4.189
An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised? A. A password that has not changed in 180 days B. A single account shared by multiple users C. A user account with administrative rights D. An account that has not been logged into since creation
C. A user account with administrative rights
The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity? A. Application hardening B. Application firewall review C. Application change management D. Application patch management
C. Application change management
The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud? A. HPM technology B. Full disk encryption C. DLP policy D. TPM technology
C. Data Loss Prevention (DLP) policy
An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future? A. Business continuity planning B. Quantitative assessment C. Data classification D. Qualitative assessment
C. Data classification
Which of the following is the primary security concern when deploying a mobile device on a network? A. Strong authentication B. Interoperability C. Data security D. Cloud storage technique
C. Data security
An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used? A. WEP B. LEAP C. EAP-TLS D. TKIP
C. EAP-TLS
Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability? A. Twofish B. Diffie-Hellman C. ECC D. RSA
C. Elliptic Curve Cryptography (ECC)
A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this? A. External penetration test B. Internal vulnerability scan C. External vulnerability scan D. Internal penetration test
C. External vulnerability scan
A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal? A. Visitor logs B. Firewall C. Hardware locks D. Environmental monitoring
C. Hardware locks
Digital Signatures provide which of the following? A. Confidentiality B. Authorization C. Integrity D. Authentication E. Availability
C. Integrity
A periodic update that corrects problems in one version of a product is called a A. Hotfix B. Overhaul C. Service pack D. Security update
C. Service pack
To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A. Management B. Administrative C. Technical D. Operational
C. Technical
Which statement is TRUE about the operation of a packet sniffer? A. It can only have one interface on a management network. B. They are required for firewall operation and stateful inspection. C. The Ethernet card must be placed in promiscuous mode. D. It must be placed on a single virtual LAN interface.
C. The Ethernet card must be placed in promiscuous mode.
A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request? A. Enforce Kerberos B. Deploy smart cards C. Time of day restrictions D. Access control lists
C. Time of day restrictions
Which of the following BEST represents the goal of a vulnerability assessment? A. To test how a system reacts to known threats B. To reduce the likelihood of exploitation C. To determine the system's security posture D. To analyze risk mitigation strategies
C. To determine the system's security posture
Which of the following protocols is used to authenticate the client and server's digital certificate? A. PEAP B. DNS C. TLS D. ICMP
C. Transport Layer Security (TLS)
An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft? A. Implement full disk encryption B. Store on encrypted removable media C. Utilize a hardware security module D. Store on web proxy file system
C. Utilize a hardware security module (HSM)
A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another? A. Implement a virtual firewall B. Install HIPS on each VM C. Virtual switches with VLANs D. Develop a patch management guide
C. Virtual switches with VLANs
A security administrator discovered that all communication over the company's encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee's credentials. Which of the following technology is MOST likely in use on the company's wireless? A. WPA with TKIP B. VPN over open wireless C. WEP128-PSK D. WPA2-Enterprise
C. WEP128-PSK (WEP uses static encryption keys)
A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this? A. Command shell restrictions B. Restricted interface C. Warning banners D. Session output pipe to /dev/null
C. Warning banners
To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended? A. SHA B. MD5 C. Blowfish D. AES
D. Advanced Encryption Standard (AES)
Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms? A. Signature based IPS B. Signature based IDS C. Application based IPS D. Anomaly based IDS
D. Anomaly based IDS
Which of the following is a vulnerability associated with disabling pop-up blockers? A. An alert message from the administrator may not be visible B. A form submitted by the user may not open C. The help window may not be displayed D. Another browser instance may execute malicious code
D. Another browser instance may execute malicious code
Which of the following will allow Peter, a security analyst, to trigger a security alert because of a tracking cookie? A. Network based firewall B. Anti-spam software C. Host based firewall D. Anti-spyware software
D. Anti-spyware software
A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again? A. Application configuration baselines B. Application hardening C. Application access controls D. Application patch management
D. Application patch management
After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future? A. Fencing B. Proximity readers C. Video surveillance D. Bollards
D. Bollards
Which of the following technologies can store multi-tenant data with different security requirements? A. Data loss prevention B. Trusted platform module C. Hard drive encryption D. Cloud computing
D. Cloud computing
Which of the following design components is used to isolate network devices such as web servers? A. VLAN B. VPN C. NAT D. DMZ
D. Demilitarized Zone (DMZ)
Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective? A. CHAP B. SAML C. Kerberos D. Diameter
D. Diameter (Replaced RADIUS for Authentication, Authorization, and Accounting)
Which of the following would an attacker use to penetrate and capture additional traffic prior to performing an IV attack? A. DNS poisoning B. DDoS C. Replay attack D. Dictionary attacks
D. Dictionary attacks
Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A? A. Steganography B. Hashing C. Encryption D. Digital Signatures
D. Digital Signatures
Peter Has read and write access to his own home directory. Peter and Ann are collaborating on a project, and Peter would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect? A. Role-based access control B. Rule-based access control C. Mandatory access control D. Discretionary access control
D. Discretionary access control (DAC)
Environmental control measures include which of the following? A. Access list B. Lighting C. Motion detection D. EMI shielding
D. EMI shielding
Which of the following should be considered to mitigate data theft when using CAT5 wiring? A. CCTV B. Environmental monitoring C. Multimode fiber D. EMI shielding
D. Electromagnetic Interference (EMI) shielding
An administrator has two servers and wants them to communicate with each other using a secure algorithm. Which of the following choose to provide both CRC integrity checks and RCA encryption? A. NTLM B. RSA C. CHAP D. ECDHE
D. Elliptic-Curve Diffie-Hellman Encryption (ECDHE) (provides both CRC integrity checks and RCA encryption)
Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future? A. Application firewalls B. Manual updates C. Firmware version control D. Encrypted TCP wrappers
D. Encrypted TCP wrappers
Which of the following file systems is from Microsoft and was included with their earliest operating systems? A. NTFS B. UFS C. MTFS D. FAT
D. File Allocation Table (FAT) (Used in Microsoft's Disk Operating System (DOS) that uses disk storage drives)
Which of the following security concepts identifies input variables which are then used to perform boundary testing? A. Application baseline B. Application hardening C. Secure coding D. Fuzzing
D. Fuzzing
Which of the following can Peter, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network? A. Security logs B. Protocol analyzer C. Audit logs D. Honeypot
D. Honeypot
Which of the following is the MOST specific plan for various problems that can arise within a system? A. Business Continuity Plan B. Continuity of Operation Plan C. Disaster Recovery Plan D. IT Contingency Plan
D. IT Contingency Plan
Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network? A. Rogue access point B. Zero day attack C. Packet sniffing D. LDAP injection
D. LDAP injection
The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this? A. Disable the SSID broadcasting B. Configure the access points so that MAC filtering is not used C. Implement WEP encryption on the access points D. Lower the power for office coverage only
D. Lower the power for office coverage only
Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company? A. Privacy Policy B. Least Privilege C. Acceptable Use D. Mandatory Vacations
D. Mandatory Vacations
When designing a corporate NAC solution, which of the following is the MOST relevant integration issue? A. Infrastructure time sync B. End user mobility C. 802.1X supplicant compatibility D. Network Latency E. Network Zoning
D. Network Latency
Which of the following is an authentication service that uses UDP as a transport medium? A. TACACS+ B. LDAP C. Kerberos D. RADIUS
D. RADIUS
A company hosts its public websites internally. The administrator would like to make some changes to the architecture. The three goals are: 1. reduce the number of public IP addresses in use by the web servers 2. drive all the web traffic through a central point of control 3. mitigate automated attacks that are based on IP address scanning Which of the following would meet all three goals? A. Firewall B. Load balancer C. URL filter D. Reverse proxy
D. Reverse proxy (Bottlenecks data through a server)
When creating a public / private key pair, for which of the following ciphers would a user need to specify the key strength? A. SHA B. AES C. DES D. RSA
D. Rivest-Shamir-Adelman (RSA) (Uses a minimum key length of 2048 bits)
Attempting to inject 50 alphanumeric key strokes including spaces into an application input field that only expects four alpha characters in considered which of the following attacks? A. XML injection B. Buffer overflow C. LDAP Injection D. SQL injection
D. SQL injection
A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO). A. RDP B. SNMP C. FTP D. SCP E. SSH
D. Secure Copy Protocol (SCP) E. Secure Shell (SSH)
By default, which of the following uses TCP port 22? (Select THREE). A. FTPS B. STELNET C. TLS D. SCP E. SSL F. HTTPS G. SSH H. SFTP
D. Secure Copy Protocol (SCP) G. Secure Shell (SSH) H. Secure File Transfer Protocol (SFTP)
After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described? A. Trusted OS B. Mandatory access control C. Separation of duties D. Single sign-on
D. Single sign-on
Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks? A. NAT B. Virtualization C. NAC D. Subnetting
D. Subnetting
A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented? A. WPA2-CCMP with 802.1X B. WPA2-PSK C. WPA2-CCMP D. WPA2-Enterprise
D. WPA2-Enterprise (WPA2-802.1X)
After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings? A. IV attack B. War dialing C. Rogue access points D. War chalking
D. War chalking
Which of the following is the BEST concept to maintain required but non-critical server availability? A. SaaS site B. Cold site C. Hot site D. Warm site
D. Warm site
Which of the following is true about PKI? (Select TWO). A. When encrypting a message with the public key, only the public key can decrypt it. B. When encrypting a message with the private key, only the private key can decrypt it. C. When encrypting a message with the public key, only the CA can decrypt it. D. When encrypting a message with the public key, only the private key can decrypt it. E. When encrypting a message with the private key, only the public key can decrypt it.
D. When encrypting a message with the public key, only the private key can decrypt it. E. When encrypting a message with the private key, only the public key can decrypt it.
Which of the following would provide the STRONGEST encryption? A. Random one-time pad B. DES with a 56-bit key C. AES with a 256-bit key D. RSA with a 1024-bit key
A. Random one-time pad
Using proximity card readers instead of the traditional key punch doors would help to mitigate: A. Impersonation B. Tailgating C. Dumpster diving D. Shoulder surfing
D. Shoulder surfing
Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following? A. Clustering B. RAID C. Load balancing D. Virtualization
A. Clustering
The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor's server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO). A. URL filtering B. Role-based access controls C. MAC filtering D. Port Security E. Firewall rules
A. URL filtering E. Firewall rules
Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions? A. Unexpected input B. Invalid output C. Parameterized input D. Valid output
A. Unexpected input
A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place? A. War chalking B. Bluejacking C. War driving D. Bluesnarfing
B. Bluejacking
Data execution prevention is a feature in most operating systems intended to protect against which type of attack? A. Cross-site scripting B. Buffer overflow C. Header manipulation D. SQL injection
B. Buffer overflow
Which of the following application attacks is used to gain access to SEH? A. Cookie stealing B. Buffer overflow C. Directory traversal D. XML injection
B. Buffer overflow
While opening an email attachment, Peter, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks? A. Cross-site scripting B. Buffer overflow C. Header manipulation D. Directory traversal
B. Buffer overflow
Which of the following was launched against a company based on the following IDS log? 122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET /index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A AAA HTTP/1.1″ 200 2731 "http://www.company.com/cgibin/ forum/commentary.pl/noframes/read/209″ "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)" A. SQL injection B. Buffer overflow attack C. XSS attack D. Online password crack
B. Buffer overflow attack
Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties? A. LDAP B. SAML C. TACACS+ D. Kerberos
B. Security Assertion Markup Language (SAML)
Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO). A. Spoofing B. Man-in-the-middle C. Dictionary D. Brute force E. Privilege escalation
C. Dictionary D. Brute force
A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address: A. Integrity of downloaded software. B. Availability of the FTP site. C. Confidentiality of downloaded software. D. Integrity of the server logs.
A. Integrity of downloaded software.
Which of the following provides the LEAST availability? A. RAID 0 B. RAID 1 C. RAID 3 D. RAID 5
A. RAID 0 (Disk Striping)
Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability? A. Email Encryption B. Steganography C. Non Repudiation D. Access Control
C. Non Repudiation
A software developer utilizes cryptographic functions to generate codes that verify message integrity. Due to the nature if the data that is being sent back and forth from the client application to the server, the developer would like to change the cryptographic function to one that verities both authentication and message integrity. Which of the following algorithms should the software developer utilize? A. HMAC B. SHA C. Two Fish D. RIPEMD
D. (RACE Integrity Primitives Evaluation Message Digest) RIPEMD
A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements? A. OCSP B. PKI C. CA D. CRL
D. Certificate Revocation List (CRL)
Public key certificates and keys that are compromised or were issued fraudulently are listed on which of the following? A. PKI B. ACL C. CA D. CRL
D. Certificate Revocation List (CRL)
Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate? A. System image capture B. Record time offset C. Order of volatility D. Chain of custody
D. Chain of custody
XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement? A. Social media policy B. Data retention policy C. CCTV policy D. Clean desk policy
D. Clean desk policy
Which of the following technologies was developed to allow companies to use less-expensive storage while still maintaining the speed and redundancy required in a business environment? A. RAID B. Tape Backup C. Load Balancing D. Clustering
D. Clustering
A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator's concerns? A. Install a mobile application that tracks read and write functions on the device. B. Create a company policy prohibiting the use of mobile devices for personal use. C. Enable GPS functionality to track the location of the mobile devices. D. Configure the devices so that removable media use is disabled.
D. Configure the devices so that removable media use is disabled.
A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented? A. SHA-256 B. AES C. Diffie-Hellman D. 3DES
C. Diffie-Hellman
Which of the following best practices makes a wireless network more difficult to find? A. Implement MAC filtering B. UseWPA2-PSK C. Disable SSID broadcast D. Power down unused WAPs
C. Disable SSID broadcast
An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted? A. SQL injection B. Cross-site scripting C. Command injection D. LDAP injection
D. LDAP injection
A network administrator has recently updated their network devices to ensure redundancy is in place so that: A. switches can redistribute routes across the network. B. environmental monitoring can be performed. C. single points of failure are removed. D. hot and cold aisles are functioning.
C. single points of failure are removed.
Which of the following types of trust models is used by a PKI? A. Transitive B. Open source C. Decentralized D. Centralized
D. Centralized
Methods to test the responses of software and web applications to unusual or unexpected inputs are known as: A. Brute force. B. HTML encoding. C. Web crawling. D. Fuzzing.
D. Fuzzing.
Which of the following is BEST carried out immediately after a security breach is discovered? A. Risk transference B. Access control revalidation C. Change management D. Incident management
D. Incident management
A CRL is comprised of. A. Malicious IP addresses. B. Trusted CA's. C. Untrusted private keys. D. Public keys.
D. Public keys.
Full disk encryption is MOST effective against which of the following threats? A. Denial of service by data destruction B. Eavesdropping emanations C. Malicious code D. Theft of hardware
D. Theft of hardware
Ann has recently transferred from the payroll department to engineering. While browsing file shares, Ann notices she can access the payroll status and pay rates of her new coworkers. Which of the following could prevent this scenario from occurring? A. Credential management B. Continuous monitoring C. Separation of duties D. User access reviews
D. User access reviews
Which of the following can be performed when an element of the company policy cannot be enforced by technical means? A. Develop a set of standards B. Separation of duties C. Develop a privacy policy D. User training
D. User training
Which of the following BEST describes part of the PKI process? A. User1 decrypts data with User2's private key B. User1 hashes data with User2's public key C. User1 hashes data with User2's private key D. User1 encrypts data with User2's public key
D. User1 encrypts data with User2's public key
According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this? A. NIDS B. DMZ C. NAT D. VLAN
D. Virtual Local Area Network (VLAN)
Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of misconfigurations or faults? A. VLAN B. Protocol security C. Port security D. VSAN
D. Virtual Storage Area Network (VSAN)
Which of the following solutions provides the most flexibility when testing new security controls prior to implementation? A. Trusted OS B. Host software baselining C. OS hardening D. Virtualization
D. Virtualization
A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing? A. Black box B. Penetration C. Gray box D. White box
D. White box
Which of the following ports should be used by a system administrator to securely manage a remote server? A. 22 B. 69 C. 137 D. 445
A. 22 (Secure Shell (SSH))
A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO). A. 22 B. 135 C. 137 D. 143 E. 443 F. 3389
A. 22 (Secure Shell (SSH)) F. 3389 (Remote Desktop Protocol (RDP))
Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks? A. 802.1x B. Data encryption C. Password strength D. BGP
A. 802.1x (IEEE 802.1x / Dot1x)
A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network? A. A CRL B. Make the RA available C. A verification authority D. A redundant CA
A. A Certificate Revocation List (CRL)
A new security policy being implemented requires all email within the organization be digitally signed by the author using PGP. Which of the following would needs to be created for each user? A. A certificate authority B. A key escrow C. A trusted key D. A public and private key
A. A certificate authority
Emily, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning? A. A recent security breach in which passwords were cracked. B. Implementation of configuration management processes. C. Enforcement of password complexity requirements. D. Implementation of account lockout procedures.
A. A recent security breach in which passwords were cracked.
Peter, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Peter insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company's information systems? A. Acceptable Use Policy B. Privacy Policy C. Security Policy D. Human Resource Policy
A. Acceptable Use Policy
A company is starting to allow employees to use their own personal without centralized management. Employees must contract IT to have their devices configured to use corporate email; access is also available to the corporate cloud-based services. Which of the following is the BEST policy to implement under these circumstances? A. Acceptable use policy B. Security policy C. Group policy D. Business Agreement policy
A. Acceptable use policy
The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced? A. Acceptable use policy B. Telecommuting policy C. Data ownership policy D. Non disclosure policy
A. Acceptable use policy
Peter, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO). A. Acceptable use policy B. Risk acceptance policy C. Privacy policy D. Email policy E. Security policy
A. Acceptable use policy C. Privacy policy
Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee's credential? A. Account expiration B. Password complexity C. Account lockout D. Dual factor authentication
A. Account expiration
A security administrator must implement all requirements in the following corporate policy: Passwords shall be protected against offline password brute force attacks. Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE). A. Account lockout B. Account expiration C. Screen locks D. Password complexity E. Minimum password lifetime F. Minimum password length
A. Account lockout D. Password complexity F. Minimum password length
Which of the following can be implemented with multiple bit strength? A. AES B. DES C. SHA-1 D. MD5 E. MD4
A. Advanced Encryption Standard (AES)
In order to enter a high-security datacenter, users are required to speak the password into a voice recognition system. Ann a member if the sales department over hears the password and upon speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center? A. An authentication factor B. Discretionary access C. Time of day restrictions D. Least privilege restrictions
A. An authentication factor ("Something You Know"/"Something You Are")
How often, at a MINIMUM, should Emily, an administrator, review the accesses and rights of the users on her system? A. Annually B. Immediately after an employee is terminated C. Every five years D. Every time they patch the server
A. Annually
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO). A. Antenna placement B. Interference C. Use WEP D. Single Sign on E. Disable the SSID F. Power levels
A. Antenna placement F. Power levels
A network administrator noticed various chain messages have been received by the company. Which of the following security controls would need to be implemented to mitigate this issue? A. Anti-spam B. Antivirus C. Host-based firewalls D. Anti-spyware
A. Anti-spam
A security administrator wants to deploy security controls to mitigate the threat of company employees' personal information being captured online. Which of the following would BEST serve this purpose? A. Anti-spyware B. Antivirus C. Host-based firewall D. Web content filter
A. Anti-spyware
Which of the following is an example of a false positive? A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow.
A. Anti-virus identifies a benign application as malware.
A user attempts to install new and relatively unknown software recommended by a colleague. The user is unable to install the program, despite having successfully installed other programs previously. Which of the following is MOST likely the cause for the user's inability to complete the installation? A. Application black listing B. Network Intrusion Prevention System C. Group policy D. Application white listing
A. Application black listing
A security administrator is investigating a recent server breach. The breach occurred as a result of a zero-day attack against a user program running on the server. Which of the following logs should the administrator search for information regarding the breach? A. Application log B. Setup log C. Authentication log D. System log
A. Application log
Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab? A. Armored virus B. Polymorphic malware C. Logic bomb D. Rootkit
A. Armored virus
The Chief Risk Officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Select TWO) A. Asset tracking B. Screen-locks C. GEO-Tracking D. Device encryption
A. Asset tracking D. Device encryption
A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution? A. Attach cable locks to each laptop B. Require each customer to sign an AUP C. Install a GPS tracking device onto each laptop D. Install security cameras within the perimeter of the café
A. Attach cable locks to each laptop
Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function? A. Attributes based B. Implicit deny C. Role based D. Rule based
A. Attributes based
A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information? A. Automatically encrypt impacted outgoing emails B. Automatically encrypt impacted incoming emails C. Monitor impacted outgoing emails D. Prevent impacted outgoing emails
A. Automatically encrypt impacted outgoing emails
A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following? A. Availability B. Integrity C. Confidentiality D. Fire suppression
A. Availability (Environmental Support)
The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank's certificates are still valid? A. Bank's CRL B. Bank's private key C. Bank's key escrow D. Bank's recovery agent
A. Bank's CRL
A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services? A. Bind server B. Apache server C. Exchange server D. RADIUS server
A. Berkeley Internet Name Domain (BIND) server (BIND is the most widely used DNS server)
The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing? A. Black box B. Penetration C. Gray box D. White box
A. Black box
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as: A. Black box testing B. White box testing C. Black hat testing D. Gray box testing
A. Black box testing
A network stream needs to be encrypted. Emily, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Emily selected? A. Block cipher B. Stream cipher C. CRC D. Hashing algorithm
A. Block cipher
A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred? A. Buffer overflow B. Cross-site scripting C. XML injection D. SQL injection
A. Buffer overflow
In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives? A. Business Impact Analysis B. IT Contingency Plan C. Disaster Recovery Plan D. Continuity of Operations
A. Business Impact Analysis (BIA)
An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA? A. CSR B. Recovery agent C. Private key D. CRL
A. Certificate Signing Request (CSR)
The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved? A. Chain of custody B. System image C. Take hashes D. Order of volatility
A. Chain of custody
Which of the following is described as an attack against an application using a malicious file? A. Client side attack B. Spam C. Impersonation attack D. Phishing attack
A. Client side attack
The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available? A. Cloud computing B. Full disk encryption C. Data Loss Prevention D. HSM
A. Cloud computing
An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented? A. Cluster tip wiping B. Individual file encryption C. Full disk encryption D. Storage retention
A. Cluster tip wiping
Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE). A. Confidentiality B. Availability C. Integrity D. Authorization E. Authentication F. Continuity
A. Confidentiality B. Availability C. Integrity
Which of the following encompasses application patch management? A. Configuration management B. Policy management C. Cross-site request forgery D. Fuzzing
A. Configuration management
Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router's logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer's reports? A. Configure the router so that wireless access is based upon the connecting device's hardware address. B. Modify the connection's encryption method so that it is using WEP instead of WPA2. C. Implement connections via secure tunnel with additional software on the developer's computers. D. Configure the router so that its name is not visible to devices scanning for wireless networks.
A. Configure the router so that wireless access is based upon the connecting device's hardware address.
In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered? A. Continuous security monitoring B. Baseline configuration and host hardening C. Service Level Agreement (SLA) monitoring D. Security alerting and trending
A. Continuous security monitoring
Peter, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Peter recommend? A. Create a VLAN for the SCADA B. Enable PKI for the MainFrame C. Implement patch management D. Implement stronger WPA2 Wireless
A. Create a VLAN for the Supervisory Control And Data Acquisition (SCADA)
An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives? A. DLP B. Asset tracking C. HSM D. Access control
A. Data Loss Prevention (DLP)
Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network? A. DLP B. CRL C. TPM D. HSM
A. Data Loss Prevention (DLP)
Various employees have lost valuable customer data due to hard drives failing in company provided laptops. It has been discovered that the hard drives used in one model of laptops provided by the company has been recalled by the manufactory, The help desk is only able to replace the hard drives after they fail because there is no centralized records of the model of laptop given to each specific user. Which of the following could have prevented this situation from occurring? A. Data backups B. Asset tracking C. Support ownership D. BYOD policies
A. Data backups
Which of the following helps to apply the proper security controls to information? A. Data classification B. Deduplication C. Clean desk policy D. Encryption
A. Data classification
An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system? A. Data encryption B. Patching the system C. Digital signatures D. File hashing
A. Data encryption
End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer: A. Date of birth. B. First and last name. C. Phone number. D. Employer name.
A. Date of birth.
A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended? A. DMZ B. Cloud computing C. VLAN D. Virtualization
A. Demilitarized Zone (DMZ)
When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator's request? A. DMZ B. Cloud services C. Virtualization D. Sandboxing
A. Demilitarized Zone (DMZ)
A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO). A. Detect security incidents B. Reduce attack surface of systems C. Implement monitoring controls D. Hardening network devices E. Prevent unauthorized access
A. Detect security incidents C. Implement monitoring controls
Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO). A. Disable the USB root hub within the OS. B. Install anti-virus software on the USB drives. C. Disable USB within the workstations BIOS. D. Apply the concept of least privilege to USB devices. E. Run spyware detection against all workstations.
A. Disable the USB root hub within the OS. C. Disable USB within the workstations BIOS.
Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Select TWO). A. Full device encryption B. Screen locks C. GPS D. Asset tracking E. Inventory control
A. Full device encryption B. Screen locks
A way to assure data at-rest is secure even in the event of loss or theft is to use: A. Full device encryption. B. Special permissions on the file system. C. Trusted Platform Module integration. D. Access Control Lists.
A. Full device encryption.
A network security engineer notices unusual traffic on the network from a single IP attempting to access systems on port 23. Port 23 is not used anywhere on the network. Which of the following should the engineer do to harden the network from this type of intrusion in the future? A. Disable unnecessary services on servers B. Disable unused accounts on servers and network devices C. Implement password requirements on servers and network devices D. Enable auditing on event logs
A. Disable unnecessary services on servers
How must user accounts for exiting employees be handled? A. Disabled, regardless of the circumstances B. Disabled if the employee has been terminated C. Deleted, regardless of the circumstances D. Deleted if the employee has been terminated
A. Disabled, regardless of the circumstances
A security architect wishes to implement a wireless network with connectivity to the company's internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation? A. Disabling SSID broadcasting B. Implementing WPA2 - TKIP C. Implementing WPA2 - CCMP D. Filtering test workstations by MAC address
A. Disabling SSID broadcasting
Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft? A. Disk encryption B. Encryption policy C. Solid state drive D. Mobile device policy
A. Disk encryption
We have a legit bank web site and a hacker bank web site. The hacker has a laptop connected to the network. The hacker is redirecting bank web site users to the hacker bank web site instead of the legit bank web site. Which of the following BEST describes the type of attack that is occurring? (Select TWO). A. DNS spoofing B. Man-in-the-middle C. Backdoor D. Replay E. ARP attack F. Spear phishing G. Xmas attack
A. Domain Name System (DNS) spoofing E. Address Resolution Protocol (ARP) attack
Several bins are located throughout a building for secure disposal of sensitive information. Which of the following does this prevent? A. Dumpster diving B. War driving C. Tailgating D. War chalking
A. Dumpster diving
Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information? A. Employ encryption on all outbound emails containing confidential information. B. Employ exact data matching and prevent inbound emails with Data Loss Prevention. C. Employ hashing on all outbound emails containing confidential information. D. Employ exact data matching and encrypt inbound e-mails with Data Loss Prevention.
A. Employ encryption on all outbound emails containing confidential information.
Users are trying to communicate with a network but are unable to do so. A network administrator sees connection attempts on port 20 from outside IP addresses that are being blocked. How can the administrator resolve this? A. Enable stateful FTP on the firewall B. Enable inbound SSH connections C. Enable NETBIOS connections in the firewall D. Enable HTTPS on port 20
A. Enable stateful FTP on the firewall
After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: MACSSIDENCRYPTIONPOWERBEACONS 00:10:A1:36:12:CCMYCORPWPA2 CCMP601202 00:10:A1:49:FC:37MYCORPWPA2 CCMP709102 FB:90:11:42:FA:99MYCORPWPA2 CCMP403031 00:10:A1:AA:BB:CCMYCORPWPA2 CCMP552021 00:10:A1:FA:B1:07MYCORPWPA2 CCMP306044 Given that the corporate wireless network has been standardized, which of the following attacks is underway? A. Evil twin B. IV attack C. Rogue AP D. DDoS
A. Evil twin
A team of firewall administrators have access to a `master password list' containing service account passwords. Which of the following BEST protects the master password list? A. File encryption B. Password hashing C. USB encryption D. Full disk encryption
A. File encryption
The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO). A. Fire- or water-proof safe. B. Department door locks. C. Proximity card. D. 24-hour security guard. E. Locking cabinets and drawers.
A. Fire- or water-proof safe. E. Locking cabinets and drawers.
Which of the following devices is MOST likely being used when processing the following? 1 PERMIT IP ANY ANY EQ 80 2 DENY IP ANY ANY A. Firewall B. NIPS C. Load balancer D. URL filter
A. Firewall
Which of the following devices would MOST likely have a DMZ interface? A. Firewall B. Switch C. Load balancer D. Proxy
A. Firewall
Mandatory vacations are a security control which can be used to uncover which of the following? A. Fraud committed by a system administrator B. Poor password security among users C. The need for additional security staff D. Software vulnerabilities in vendor code
A. Fraud committed by a system administrator
An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. Which of the following strategies would the administrator MOST likely implement? A. Full backups on the weekend and incremental during the week B. Full backups on the weekend and full backups every day C. Incremental backups on the weekend and differential backups every day D. Differential backups on the weekend and full backups every day
A. Full backups on the weekend and incremental during the week
A security administrator wants to deploy a physical security control to limit an individual's access into a sensitive area. Which of the following should be implemented? A. Guards B. CCTV C. Bollards D. Spike strip
A. Guards
Users in the HR department were recently informed that they need to implement a user training and awareness program which is tailored to their department. Which of the following types of training would be the MOST appropriate for this department? A. Handling PII B. Risk mitigation C. Input validation D. Hashing
A. Handling Personally Identifiable Information (PII)
Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration? A. Hard drive encryption B. Infrastructure as a service C. Software based encryption D. Data loss prevention
A. Hard drive encryption
Which of the following devices is BEST suited for servers that need to store private keys? A. Hardware security module B. Hardened network firewall C. Solid state disk drive D. Hardened host firewall
A. Hardware security module (HSM)
Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program? A. Hashing B. Key escrow C. Non-repudiation D. Steganography
A. Hashing
Which of the following functions provides an output which cannot be reversed and converts data into a string of characters? A. Hashing B. Stream ciphers C. Steganography D. Block ciphers
A. Hashing
A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts? A. High availability B. Load balancing C. Backout contingency plan D. Clustering
A. High availability
Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime. Which of the following BEST describes the type of system Ann is installing? A. High availability B. Clustered C. RAID D. Load balanced
A. High availability
Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection? A. Honeynet B. Vulnerability scanner C. Port scanner D. Protocol analyzer
A. Honeynet
Peter, a network security engineer, has visibility to network traffic through network monitoring tools. However, he's concerned that a disgruntled employee may be targeting a server containing the company's financial records. Which of the following security mechanism would be MOST appropriate to confirm Peter's suspicion? A. HIDS B. HIPS C. NIPS D. NIDS
A. Host-based Intrusion Detection System (HIDS)
Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? A. HIPS B. NIDS C. HIDS D. NIPS
A. Host-based Intrusion Prevention System (HIPS)
Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network? A. HIPS on each virtual machine B. NIPS on the network C. NIDS on the network D. HIDS on each virtual machine
A. Host-based Intrusion Prevention System (HIPS) on each virtual machine
Each server on a subnet is configured to only allow SSH access from the administrator's workstation. Which of the following BEST describes this implementation? A. Host-based firewalls B. Network firewalls C. Network proxy D. Host intrusion prevention
A. Host-based firewalls
The datacenter design team is implementing a system which requires all servers installed in racks to face in a predetermined direction. An infrared camera will be used to verify that servers are properly racked. Which of the following datacenter elements is being designed? A. Hot and cold aisles B. Humidity control C. HVAC system D. EMI shielding
A. Hot and cold aisles
A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure? A. IPsec B. SFTP C. BGP D. PPTP
A. IPsec (Used in conjunction with Layer 2 Tunneling Protocol (L2TP))
A company's legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO). A. IPv6 B. SFTP C. IPSec D. SSH E. IPv4
A. IPv6 C. IPSec (Component of IPv6 that operates at Layer 3, while Telnet operates at Layer 7)
A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address? A. Identification B. Authorization C. Access control D. Authentication
A. Identification
A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed? A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls. B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities. C. Exploit security controls to determine vulnerabilities and misconfigurations. D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.
A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts? A. Implement Group Policy to add the account to the users group on the hosts B. Add the account to the Domain Administrator group C. Add the account to the Users group on the hosts D. Implement Group Policy to add the account to the Power Users group on the hosts.
A. Implement Group Policy to add the account to the users group on the hosts
Which of the following allows Peter, a security technician, to provide the MOST secure wireless implementation? A. Implement WPA B. Disable SSID C. Adjust antenna placement D. Implement WEP
A. Implement WPA
The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information? A. Implement a honeynet B. Perform a penetration test C. Examine firewall logs D. Deploy an IDS
A. Implement a honeynet
In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time? A. Import the recipient's public key B. Import the recipient's private key C. Export the sender's private key D. Export the sender's public key
A. Import the recipient's public key
Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO). A. Increase password complexity B. Deploy an IDS to capture suspicious logins C. Implement password history D. Implement monitoring of logins E. Implement password expiration F. Increase password length
A. Increase password complexity F. Increase password length
An IT director is looking to reduce the footprint of their company's server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement? A. Infrastructure as a Service B. Storage as a Service C. Platform as a Service D. Software as a Service
A. Infrastructure as a Service (IaaS)
Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system? A. Input validation B. Network intrusion detection system C. Anomaly-based HIDS D. Peer review
A. Input validation
Which of the following is a common coding error in which boundary checking is not performed? A. Input validation B. Fuzzing C. Secure coding D. Cross-site scripting
A. Input validation
An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts? A. Integrity B. Availability C. Confidentiality D. Remediation
A. Integrity
After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices? A. ICMP is being blocked B. SSH is not enabled C. DNS settings are wrong D. SNMP is not configured properly
A. Internet Control Message Protocol (ICMP) is being blocked (associated with Ping and IP operations)
In regards to secure coding practices, why is input validation important? A. It mitigates buffer overflow attacks. B. It makes the code more readable. C. It provides an application configuration baseline. D. It meets gray box testing standards.
A. It mitigates buffer overflow attacks.
Which of the following is true about the CRL? A. It should be kept public B. It signs other keys C. It must be kept secret D. It must be encrypted
A. It should be kept public
In order to prevent and detect fraud, which of the following should be implemented? A. Job rotation B. Risk analysis C. Incident management D. Employee evaluations
A. Job rotation
An information bank has been established to store contacts, phone numbers and other records. An application running on UNIX would like to connect to this index server using port 88. Which of the following authentication services would this use this port by default? A. Kerberos B. TACACS+ C. Radius D. LDAP
A. Kerberos
Which of the following types of authentication packages user credentials in a ticket? A. Kerberos B. LDAP C. TACACS+ D. RADIUS
A. Kerberos
Jane, a security administrator, has been tasked with explaining authentication services to the company's management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company's environment? A. Kerberos B. Least privilege C. TACACS+ D. LDAP
A. Kerberos (uses active directory)
The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own? A. LDAP B. SAML C. TACACS D. RADIUS
A. Lightweight Directory Access Protocol (LDAP)
Which of the following is a best practice for error and exception handling? A. Log detailed exception but display generic error message B. Display detailed exception but log generic error message C. Log and display detailed error and exception messages D. Do not log or display error or exception messages
A. Log detailed exception but display generic error message
One month after a software developer was terminated the helpdesk started receiving calls that several employees' computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place? A. Logic bomb B. Cross-site scripting C. SQL injection D. Malicious add-on
A. Logic bomb
Which of the following means of wireless authentication is easily vulnerable to spoofing? A. MAC Filtering B. WPA - LEAP C. WPA - PEAP D. Enabled SSID
A. MAC Filtering
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks? A. Malicious code on the local system B. Shoulder surfing C. Brute force certificate cracking D. Distributed dictionary attacks
A. Malicious code on the local system
Which of the following presents the STRONGEST access control? A. MAC B. TACACS C. DAC D. RBAC
A. Mandatory Access Control (MAC)
A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented? A. Mandatory access control B. Discretionary access control C. Rule based access control D. Role based access control
A. Mandatory access control
Which of the following access controls enforces permissions based on data labeling at specific levels? A. Mandatory access control B. Separation of duties access control C. Discretionary access control D. Role based access control
A. Mandatory access control
Peter is the accounts payable agent for ABC Company. Peter has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts? A. Mandatory vacation B. Job rotation C. Separation of duties D. Replacement
A. Mandatory vacation
Which of the following types of encryption will help in protecting files on a PED? A. Mobile device encryption B. Transport layer encryption C. Encrypted hidden container D. Database encryption
A. Mobile device encryption
Which of the following protocols is used by IPv6 for MAC address resolution? A. NDP B. ARP C. DNS D. NCP
A. Neighbor Discovery Protocol (NDP)
A company is concerned that a compromised certificate may result in a man-in-the-middle attack against backend financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which of the following technologies provides the FASTEST revocation capability? A. Online Certificate Status Protocol (OCSP) B. Public Key Cryptography (PKI) C. Certificate Revocation Lists (CRL) D. Intermediate Certificate Authority (CA)
A. Online Certificate Status Protocol (OCSP) (Successor to Certificate Revocation List (CRL). Allows for update of a single certificate instead of whole list)
A program displays: ERROR: this program has caught an exception and will now terminate. Which of the following is MOST likely accomplished by the program's behavior? A. Operating system's integrity is maintained B. Program's availability is maintained C. Operating system's scalability is maintained D. User's confidentiality is maintained
A. Operating system's integrity is maintained
Peter, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to? A. PAP, MSCHAPv2 B. CHAP, PAP C. MSCHAPv2, NTLMv2 D. NTLM, NTLMv2
A. PAP, MSCHAPv2
An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO). A. Password Complexity B. Password Expiration C. Password Age D. Password Length E. Password History
A. Password Complexity D. Password Length
A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO). A. Password age B. Password hashing C. Password complexity D. Password history E. Password length
A. Password age D. Password history
When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann's workstation. Which of the following could have prevented this from happening? A. Password complexity policy B. User access reviews C. Shared account prohibition policy D. User assigned permissions policy
A. Password complexity policy
A network administrator, Peter, arrives at his new job to find that none of the users have changed their network passwords since they were initially hired. Peter wants to have everyone change their passwords immediately. Which of the following policies should be enforced to initiate a password change? A. Password expiration B. Password reuse C. Password recovery D. Password disablement
A. Password expiration
An organizations' security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue? A. Password history B. Password complexity C. Password length D. Password expiration
A. Password history
A security engineer is asked by the company's development team to recommend the most secure method for password storage. Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO). A. PBKDF2 B. MD5 C. SHA2 D. Bcrypt E. AES F. CHAP
A. Password-Based Key Derivation Function 2 (PBKDF2) D. Bcrypt (Based on Blowfish)
A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people's first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data? A. PII B. PCI C. Low D. Public
A. Personally Identifiable Information (PII)
Which of the following policies is implemented in order to minimize data loss or theft? A. PII handling B. Password policy C. Chain of custody D. Zero day exploits
A. Personally Identifiable Information (PII) handling
Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point? A. Placement of antenna B. Disabling the SSID C. Implementing WPA2 D. Enabling the MAC filtering
A. Placement of antenna
Emily, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Emily configure? A. PAT B. NAP C. DNAT D. NAC
A. Port Address Translation (PAT)
Which of the following is the BEST reason for placing a password lock on a mobile device? A. Prevents an unauthorized user from accessing owner's data B. Enables remote wipe capabilities C. Stops an unauthorized user from using the device again D. Prevents an unauthorized user from making phone calls
A. Prevents an unauthorized user from accessing owner's data
When using PGP, which of the following should the end user protect from compromise? (Select TWO). A. Private key B. CRL details C. Public key D. Key password E. Key escrow F. Recovery agent
A. Private key D. Key password
Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly? A. Protocol analyzer B. Baseline report C. Risk assessment D. Vulnerability scan
A. Protocol analyzer (Captures network data between applications)
Which of the following relies on the use of shared secrets to protect communication? A. RADIUS B. Kerberos C. PKI D. LDAP
A. RADIUS
Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company's new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors. Ann knows she needs a method of secure centralized access to the company's network resources. Which of the following is the BEST service for Ann to implement? A. RADIUS B. LDAP C. SAML D. TACACS+
A. RADIUS (Designed to implement Authentication, Authorization, and Accounting (AAA))
A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented? A. RC4 B. AES C. MD5 D. TKIP
A. RC4 (Uses key sizes between 40 and 2048 bits)
After working on his doctoral dissertation for two years, Peter, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with? A. Ransomware B. Trojan C. Backdoor D. Armored virus
A. Ransomware
CompTIA Security+ Question B-80 After a security incident involving a physical asset, which of the following should be done at the beginning? A. Record every person who was in possession of assets, continuing post-incident. B. Create working images of data in the following order: hard drive then RAM. C. Back up storage devices so work can be performed on the devices immediately. D. Write a report detailing the incident and mitigation suggestions.
A. Record every person who was in possession of assets, continuing post-incident.
After encrypting all laptop hard drives, an executive officer's laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data. Which of the following can be used to decrypt the information for retrieval? A. Recovery agent B. Private key C. Trust models D. Public key
A. Recovery agent
Which of the following allows a company to maintain access to encrypted resources when employee turnover is high? A. Recovery agent B. Certificate authority C. Trust model D. Key escrow
A. Recovery agent
After reviewing the firewall logs of her organization's wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue? A. Reduce the power level of the AP on the network segment B. Implement MAC filtering on the AP of the affected segment C. Perform a site survey to see what has changed on the segment D. Change the WPA2 encryption key of the AP in the affected segment
A. Reduce the power level of the AP on the network segment
Which of the following attacks involves the use of previously captured network traffic? A. Replay B. Smurf C. Vishing D. DDoS
A. Replay
A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks? A. Replay B. DDoS C. Smurf D. Ping of Death
A. Replay (Playback Attacks)
An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution? A. Require IPSec with AH between the servers B. Require the message-authenticator attribute for each message C. Use MSCHAPv2 with MPPE instead of PAP D. Require a long and complex shared secret for the servers
A. Require IPSec with Authentication Header (AH) between the servers
A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal? A. Require different account passwords through a policy B. Require shorter password expiration for non-privileged accounts C. Require shorter password expiration for privileged accounts D. Require a greater password length for privileged accounts
A. Require different account passwords through a policy
Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it? A. Retention of user keys B. Increased logging on access attempts C. Retention of user directories and files D. Access to quarantined files
A. Retention of user keys
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews? A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively. C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced. D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user's digital certificate. Which of the following will help resolve the issue? (Select TWO). A. Revoke the digital certificate B. Mark the key as private and import it C. Restore the certificate using a CRL D. Issue a new digital certificate E. Restore the certificate using a recovery agent
A. Revoke the digital certificate D. Issue a new digital certificate
A company that has a mandatory vacation policy has implemented which of the following controls? A. Risk control B. Privacy control C. Technical control D. Physical control
A. Risk control
Which of the following uses both a public and private key? A. RSA B. AES C. MD5 D. SHA
A. Rivest-Shamir-Adelman (RSA)
A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following: SSIDStateChannelLevel Computer AreUs1connected170dbm Computer AreUs2connected580dbm Computer AreUs3connected375dbm Computer AreUs4connected695dbm Which of the following is this an example of? A. Rogue access point B. Near field communication C. Jamming D. Packet sniffing
A. Rogue access point
A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use? A. Role-based privileges B. Credential management C. User assigned privileges D. User access
A. Role-based privileges
Which of the following is used to certify intermediate authorities in a large PKI deployment? A. Root CA B. Recovery agent C. Root user D. Key escrow
A. Root CA
After an audit, it was discovered that an account was not disabled in a timely manner after an employee has departed from the organization. Which of the following did the organization fail to properly implement? A. Routine account audits B. Account management processes C. Change management processes D. User rights and permission reviews
A. Routine account audits
Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees? A. Routine audits B. Account expirations C. Risk assessments D. Change management
A. Routine audits
Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event? A. Routine log audits B. Job rotation C. Risk likelihood assessment D. Separation of duties
A. Routine log audits
A network engineer is configuring a VPN tunnel connecting a company's network to a business partner. Which of the following protocols should be used for key exchange? A. SHA-1 B. RC4 C. Blowfish D. Diffie-Hellman
A. SHA-1
Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server? A. SQL Injection B. Theft of the physical database server C. Cookies D. Cross-site scripting
A. SQL Injection
A security administrator looking through IDS logs notices the following entry: (where [email protected] and passwd= 'or 1==1') Which of the following attacks had the administrator discovered? A. SQL injection B. XML injection C. Cross-site script D. Header manipulation
A. SQL injection
An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points? A. SSID broadcast B. MAC filter C. WPA2 D. Antenna placement
A. SSID broadcast
An employee in the accounting department recently received a phishing email that instructed them to click a link in the email to view an important message from the IRS which threatened penalties if a response was not received by the end of the business day. The employee clicked on the link and the machine was infected with malware. Which of the following principles BEST describes why this social engineering ploy was successful? A. Scarcity B. Familiarity C. Social proof D. Urgency
A. Scarcity
Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of. A. Scarcity B. Familiarity C. Intimidation D. Trust
A. Scarcity
Which of the following is used to verify data integrity? A. SHA B. 3DES C. AES D. RSA
A. Secure Hash Algorithm (SHA)
Which of the following uses port 22 by default? (Select THREE). A. SSH B. SSL C. TLS D. SFTP E. SCP F. FTPS G. SMTP H. SNMP
A. Secure Shell (SSH) D. Secure File Transfer Protocol (SFTP) (encrypted with SSH) E. Secure Copy Protocol (SCP) (encrypted with SSH)
During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO). A. SSL 1.0 B. RC4 C. SSL 3.0 D. AES E. DES F. TLS 1.0
A. Secure Sockets Layer 1.0 (SSL 1.0) F. Transport Layer Security 1.0 (TLS 1.0) (Both are outdated and have security flaws)
The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is: A. Security awareness training. B. BYOD security training. C. Role-based security training. D. Legal compliance training.
A. Security awareness training.
One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do? A. Segment the network B. Use 802.1X C. Deploy a proxy sever D. Configure ACLs E. Write an acceptable use policy
A. Segment the network
Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO). A. Separation of duties B. Job rotation C. Mandatory vacation D. Time of day restrictions E. Least privilege
A. Separation of duties E. Least privilege
Human Resources suspect an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place? A. Shared accounts should be prohibited. B. Account lockout should be enabled C. Privileges should be assigned to groups rather than individuals D. Time of day restrictions should be in use
A. Shared accounts should be prohibited.
An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place? A. Shoulder surfing B. Dumpster diving C. Whaling attack D. Vishing attack
A. Shoulder surfing
The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed? A. Signature Based IDS B. Heuristic IDS C. Behavior Based IDS D. Anomaly Based IDS
A. Signature Based IDS
A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons? A. SNMPv3 B. TFTP C. SSH D. TLS
A. Simple Network Message Protocol V3 (SNMPv3)
The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords. The company currently stores passwords as SHA hashes. Which of the following can the CTO implement requiring the LEAST change to existing systems? A. Smart cards B. TOTP C. Key stretching D. Asymmetric keys
A. Smart cards
Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser
A. Sniffer
The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO's direction but has mandated that key authentication systems be run within the organization's network. Which of the following would BEST meet the CIO and CRO's requirements? A. Software as a Service B. Infrastructure as a Service C. Platform as a Service D. Hosted virtualization service
A. Software as a Service (SaaS)
A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Which of the following will BEST mitigate the risk if implemented on the switches? A. Spanning tree B. Flood guards C. Access control lists D. Syn flood
A. Spanning tree
An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims. This describes which of the following? A. Spear phishing B. Phishing C. Smurf attack D. Vishing
A. Spear phishing
A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network? A. Spoof the MAC address of an observed wireless network client B. Ping the access point to discover the SSID of the network C. Perform a dictionary attack on the access point to enumerate the WEP key D. Capture client to access point disassociation packets to replay on the local PC's loopback
A. Spoof the MAC address of an observed wireless network client
A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange? A. Symmetric B. Session-based C. Hashing D. Asymmetric
A. Symmetric
Which of the following secure file transfer methods uses port 22 by default? A. FTPS B. SFTP C. SSL D. S/MIME
B. SSH File Transfer Protocol (SFTP) (SSH uses TCP Port 22)
In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO). A. Take hashes B. Begin the chain of custody paperwork C. Take screen shots D. Capture the system image E. Decompile suspicious files
A. Take hashes D. Capture the system image
Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens? A. TACACS+ B. Smartcards C. Biometrics D. Kerberos
A. Terminal Access Controller Access-Control System+ (TACACS+)
An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation? A. Testing controls B. Risk assessment C. Signed AUP D. Routine audits
A. Testing controls
A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take? A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues. B. Obtain the vendor's email and phone number and call them back after identifying the number of systems affected by the patch. C. Give the caller the database version and patch level so that they can receive help applying the patch. D. Call the police to report the contact about the database systems, and then check system logs for attack attempts.
A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.
Peter, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity's of Peter's certificate? (Select TWO). A. The CA's public key B. Peter's private key C. Ann's public key D. The CA's private key E. Peter's public key F. Ann's private key
A. The CA's public key E. Peter's public key
Which of the following is an example of a false negative? A. The IDS does not identify a buffer overflow. B. Anti-virus identifies a benign application as malware. C. Anti-virus protection interferes with the normal operation of an application. D. A user account is locked out after the user mistypes the password too many times.
A. The IDS does not identify a buffer overflow. (An issue occurred, it did not catch it)
A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue? A. The SSID broadcast is disabled. B. The company is using the wrong antenna type. C. The MAC filtering is disabled on the access point. D. The company is not using strong enough encryption
A. The SSID broadcast is disabled.
Which of the following BEST describes a SQL Injection attack? A. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information. B. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers. C. The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage. D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload.
A. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information.
Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason? A. The company wireless is using a MAC filter. B. The company wireless has SSID broadcast disabled. C. The company wireless is using WEP. D. The company wireless is using WPA2.
A. The company wireless is using a MAC filter.
The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? A. The risks associated with the large capacity of USB drives and their concealable nature B. The security costs associated with securing the USB drives over time C. The cost associated with distributing a large volume of the USB pens D. The security risks associated with combining USB drives and cell phones on a network
A. The risks associated with the large capacity of USB drives and their concealable nature
An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this? A. TOTP B. Smart card C. CHAP D. HOTP
A. Time-based One-Time Password (TOTP)
Why would a technician use a password cracker? A. To look for weak passwords on the network B. To change a user's passwords when they leave the company C. To enforce password complexity requirements D. To change users passwords if they have forgotten them
A. To look for weak passwords on the network
Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure? A. Trust Model B. Recovery Agent C. Public Key D. Private Key
A. Trust Model
A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements? A. Trust model B. Key escrow C. OCSP D. PKI
A. Trust model (Online CA as Root CA)
Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops? A. TPM B. HSM C. CPU D. FPU
A. Trusted Platform Module (TPM)
Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts? A. Two factor authentication B. Identification and authorization C. Single sign-on D. Single factor authentication
A. Two factor authentication ("Something you are" / "Something you know")
A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack? A. Typo squatting B. Session hijacking C. Cross-site scripting D. Spear phishing
A. Typo squatting
An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal? A. Unified Threat Management B. Virtual Private Network C. Single sign on D. Role-based management
A. Unified Threat Management
An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal? A. Unified Threat Management B. Virtual Private Network C. Single sign on D. Role-based management
A. Unified Threat Management
Peter, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Peter's BEST option? A. Use hardware already at an offsite location and configure it to be quickly utilized. B. Move the servers and data to another part of the company's main campus from the server room. C. Retain data back-ups on the main campus and establish redundant servers in a virtual environment. D. Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy.
A. Use hardware already at an offsite location and configure it to be quickly utilized. (Warm Site)
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes? A. User rights and permissions review B. Configuration management C. Incident management D. Implement security controls on Layer 3 devices
A. User rights and permissions review
The systems administrator wishes to implement a hardware-based encryption method that could also be used to sign code. They can achieve this by: A. Utilizing the already present TPM. B. Configuring secure application sandboxes. C. Enforcing whole disk encryption. D. Moving data and applications into the cloud.
A. Utilizing the already present Trusted Platform Module (TPM).
Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO). A. Virtual switch B. NAT C. System partitioning D. Access-list E. Disable spanning tree F. VLAN
A. Virtual switch F. Virtual Local Area Network (VLAN)
Peter, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system. Which of the following does he need to estimate NEXT in order to complete his risk calculations? A. Vulnerabilities B. Risk C. Likelihood D. Threats
A. Vulnerabilities (Risk Assessment analyzes Threats, Vulnerabilities, and Impacts)
Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform? A. Vulnerability assessment B. Black box testing C. White box testing D. Penetration testing
A. Vulnerability assessment
An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform? A. Vulnerability scan B. Risk assessment C. Virus scan D. Network sniffer
A. Vulnerability scan
Which of the following tests a number of security controls in the least invasive manner? A. Vulnerability scan B. Threat assessment C. Penetration test D. Ping sweep
A. Vulnerability scan
Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following? A. Vulnerability scanning B. SQL injection C. Penetration testing D. Antivirus update
A. Vulnerability scanning
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN? A. WPA2 CCMP B. WPA C. WPA with MAC filtering D. WPA2 TKIP
A. WPA2 CCMP
Configuring key/value pairs on a RADIUS server is associated with deploying which of the following? A. WPA2-Enterprise wireless network B. DNS secondary zones C. Digital certificates D. Intrusion detection system
A. WPA2-Enterprise wireless network
Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO). A. WPA2-PSK B. WPA - EAP - TLS C. WPA2-CCMP D. WPA -CCMP E. WPA - LEAP F. WEP
A. WPA2-PSK F. WEP
Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? A. WAF B. NIDS C. Routers D. Switches
A. Web Application Firewall (WAF)
Which of the following would prevent a user from installing a program on a company-owned mobile device? A. White-listing B. Access control lists C. Geotagging D. Remote wipe
A. White-listing
A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server? A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected? A. Write-once drives B. Database encryption C. Continuous monitoring D. Role-based access controls
A. Write-once drives
Which of the following may cause Jane, the security administrator, to seek an ACL work around? A. Zero day exploit B. Dumpster diving C. Virus outbreak D. Tailgating
A. Zero day exploit
Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources? A. Zero-day B. LDAP injection C. XML injection D. Directory traversal
A. Zero-day
The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which of the following has happened on the workstation? A. Zero-day attack B. Known malware infection C. Session hijacking D. Cookie stealing
A. Zero-day attack
A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the: A. attack surface. B. application hardening effectiveness. C. application baseline. D. OS hardening effectiveness.
A. attack surface.
The security administrator is analyzing a user's history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user's history log shows evidence that the user attempted to escape the rootjail? A. cd ../../../../bin/bash B. whoami C. ls /root D. sudo -u root
A. cd ../../../../bin/bash
An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this? A. certificate, private key, and intermediate certificate chain B. certificate, intermediate certificate chain, and root certificate C. certificate, root certificate, and certificate signing request D. certificate, public key, and certificate signing request
A. certificate, private key, and intermediate certificate chain
A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of: A. escalation and notification. B. first responder. C. incident identification. D. incident mitigation.
A. escalation and notification.
Input validation is an important security defense because it: A. rejects bad or malformed data. B. enables verbose error reporting. C. protects misconfigured web servers. D. prevents denial of service attacks.
A. rejects bad or malformed data.
The common method of breaking larger network address space into smaller networks is known as: A. subnetting. B. phishing. C. virtualization. D. packet filtering.
A. subnetting.
Which of the following should an administrator implement to research current attack methodologies? A. Design reviews B. Honeypot C. Vulnerability scanner D. Code reviews
B. Honeypot
Peter, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server? A. $500 B. $5,000 C. $25,000 D. $50,000
B. $5,000 ALE = SLE * ARO SLE = AV * EF
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default? A. 20 B. 21 C. 22 D. 23
B. 21
An employee needs to connect to a server using a secure protocol on the default port. Which of the following ports should be used? A. 21 B. 22 C. 80 D. 110
B. 22
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR). A. 21 B. 22 C. 23 D. 69 E. 3389 F. SSH G. Terminal services H. Rlogin I. Rsync J. Telnet
B. 22 (Used by SSH) C. 23 (Used by Telnet) F. SSH J. Telnet
After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall? A. 25 B. 68 C. 80 D. 443
B. 68 (Dynamic Host Configuration Protocol (DHCP) assigns IP using this port)
The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task? A. A security group B. A group policy C. Key escrow D. Certificate revocation
B. A group policy
A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure. Which of the following should the engineer choose to meet these requirements? A. A mirrored striped array with parity B. A mirrored mirror array C. A striped array D. A striped array with parity
B. A mirrored mirror array
A security analyst noticed a colleague typing the following command: `Telnet some-host 443' Which of the following was the colleague performing? A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. D. A mistaken port being entered because telnet servers typically do not listen on port 443.
B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.
ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left? A. Annual account review B. Account expiration policy C. Account lockout policy D. Account disablement
B. Account expiration policy
A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting? A. DoS B. Account lockout C. Password recovery D. Password complexity
B. Account lockout
Peter, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario? A. Application Firewall B. Anomaly Based IDS C. Proxy Firewall D. Signature IDS
B. Anomaly Based Intrusion Detection System (IDS)
The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO). A. Device encryption B. Antivirus C. Privacy screen D. Cable locks E. Remote wipe
B. Antivirus D. Cable locks
It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue? A. Device encryption B. Application control C. Content filtering D. Screen-locks
B. Application control
Which of the following would Jane, an administrator, use to detect an unknown security vulnerability? A. Patch management B. Application fuzzing C. ID badge D. Application configuration baseline
B. Application fuzzing
A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an: A. Logic bomb. B. Backdoor. C. Adware application. D. Rootkit.
B. Backdoor.
A new security analyst is given the task of determining whether any of the company's servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers? A. Passive scanning B. Banner grabbing C. Protocol analysis D. Penetration testing
B. Banner grabbing
In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified? A. Security control frameworks B. Best practice C. Access control methodologies D. Compliance activity
B. Best practice
The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the following is the team performing? A. Grey box testing B. Black box testing C. Penetration testing D. White box testing
B. Black box testing
A network consists of various remote sites that connect back to two main locations. Peter, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal? A. Block port 23 on the L2 switch at each remote site B. Block port 23 on the network firewall C. Block port 25 on the L2 switch at each remote site D. Block port 25 on the network firewall
B. Block port 23 on the network firewall
A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed? A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS
B. Blocked: FTP (Port 21), TFTP (Port 69), HTTP (Port 80), NetBIOS (Ports 137-139); Allowed: SFTP (Port 22), SSH (Port 22), SCP (Port 22), HTTPS (Port 443)
Emily, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong encryption with the FASTEST speed? A. 3DES B. Blowfish C. Serpent D. AES256
B. Blowfish
Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption? A. AES B. Blowfish C. RC5 D. 3DES
B. Blowfish (Key size between 32-bits and 448-bits)
Which of the following describes how Emily, an attacker, can send unwanted advertisements to a mobile device? A. Man-in-the-middle B. Bluejacking C. Bluesnarfing D. Packet sniffing
B. Bluejacking
Peter, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware? A. Viruses are a subset of botnets which are used as part of SYN attacks. B. Botnets are a subset of malware which are used as part of DDoS attacks. C. Viruses are a class of malware which create hidden openings within an OS. D. Botnets are used within DR to ensure network uptime and viruses are not.
B. Botnets are a subset of malware which are used as part of DDoS attacks.
A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place? A. NIDS B. CCTV C. Firewall D. NIPS
B. CCTV (to mitigate risk of overnight system admins)
Which of the following devices will help prevent a laptop from being removed from a certain location? A. Device encryption B. Cable locks C. GPS tracking D. Remote data wipes
B. Cable locks
A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO). A. Patch Audit Policy B. Change Control Policy C. Incident Management Policy D. Regression Testing Policy E. Escalation Policy F. Application Audit Policy
B. Change Control Policy D. Regression Testing Policy (Backout in the event of a bad install)
A systems administrator has made several unauthorized changes to the server cluster that resulted in a major outage. This event has been brought to the attention of the Chief Information Office (CIO) and he has requested immediately implement a risk mitigation strategy to prevent this type of event from reoccurring. Which of the following would be the BEST risk mitigation strategy to implement in order to meet this request? A. Asset Management B. Change Management C. Configuration Management D. Incident Management
B. Change Management
Separation of duties is often implemented between developers and administrators in order to separate which of the following? A. More experienced employees from less experienced employees B. Changes to program code and the ability to deploy to production C. Upper level management users from standard development employees D. The network access layer from the application access layer
B. Changes to program code and the ability to deploy to production
Which of the following security concepts would Emily, the security administrator, use to mitigate the risk of data loss? A. Record time offset B. Clean desk policy C. Cloud computing D. Routine log review
B. Clean desk policy
Which of the following does full disk encryption prevent? A. Client side attacks B. Clear text access C. Database theft D. Network-based attacks
B. Clear text access
A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire? A. The certificate will be added to the Certificate Revocation List (CRL). B. Clients will be notified that the certificate is invalid. C. The ecommerce site will not function until the certificate is renewed. D. The ecommerce site will no longer use encryption.
B. Clients will be notified that the certificate is invalid.
Which of the following can Peter, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program? A. RAID B. Clustering C. Redundancy D. Virtualization
B. Clustering
A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data? A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443. B. Configure a proxy server to log all traffic destined for ports 80 and 443. C. Configure a switch to log all traffic destined for ports 80 and 443. D. Configure a NIDS to log all traffic destined for ports 80 and 443.
B. Configure a proxy server to log all traffic destined for ports 80 and 443.
An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue? A. WEP B. CCMP C. TKIP D. RC4
B. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Peter, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic? A. Connect the WAP to a different switch. B. Create a voice VLAN. C. Create a DMZ. D. Set the switch ports to 802.1q mode.
B. Create a voice VLAN. (Separation of Voice and Data)
A company hired Peter, an accountant. The IT administrator will need to create a new account for Peter. The company uses groups for ease of management and administration of user accounts. Peter will need network access to all directories, folders and files within the accounting department. Which of the following configurations will meet the requirements? A. Create a user account and assign the user account to the accounting group. B. Create an account with role-based access control for accounting. C. Create a user account with password reset and notify Peter of the account creation. D. Create two accounts: a user account and an account with full network administration rights.
B. Create an account with role-based access control for accounting. (Since he needs increased access to accounting, not regular access)
A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred? A. Brute force password attack B. Cross-site request forgery C. Cross-site scripting D. Fuzzing
B. Cross-site request forgery
Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following? A. Evil twin B. DNS poisoning C. Vishing D. Session hijacking
B. DNS poisoning
Which of the following are restricted to 64-bit block sizes? (Select TWO). A. PGP B. DES C. AES256 D. RSA E. 3DES F. AES
B. Data Encryption Standard (DES) E. Triple Data Encryption Standard (3DES) (Same as DES, but repeated 3 times)
Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns? A. Hardware integrity B. Data confidentiality C. Availability of servers D. Integrity of data
B. Data confidentiality
Allowing unauthorized removable devices to connect to computers increases the risk of which of the following? A. Data leakage prevention B. Data exfiltration C. Data classification D. Data deduplication
B. Data exfiltration
Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE). A. Authentication B. Data leakage C. Compliance D. Malware E. Non-repudiation F. Network loading
B. Data leakage C. Compliance D. Malware
Public keys are used for which of the following? A. Decrypting wireless messages B. Decrypting the hash of an electronic signature C. Bulk encryption of IP based email traffic D. Encrypting web browser traffic
B. Decrypting the hash of an electronic signature
A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link? A. Baseline reporting B. Design review C. Code review D. SLA reporting
B. Design review
Which of the following is an important step in the initial stages of deploying a host-based firewall? A. Selecting identification versus authentication B. Determining the list of exceptions C. Choosing an encryption algorithm D. Setting time of day restrictions
B. Determining the list of exceptions
Matt, an administrator, is concerned about the wireless network being discovered by war driving. Which of the following can be done to mitigate this? A. Enforce a policy for all users to authentic through a biometric device. B. Disable all SSID broadcasting. C. Ensure all access points are running the latest firmware. D. Move all access points into public access areas.
B. Disable all SSID broadcasting.
A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO). A. Deploy a honeypot B. Disable unnecessary services C. Change default passwords D. Implement an application firewall E. Penetration testing
B. Disable unnecessary services C. Change default passwords
Which of the following will help prevent smurf attacks? A. Allowing necessary UDP packets in and out of the network B. Disabling directed broadcast on border routers C. Disabling unused services on the gateway firewall D. Flash the BIOS with the latest firmware
B. Disabling directed broadcast on border routers
A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this goal? A. Monitoring event logs daily B. Disabling unnecessary services C. Deploying a content filter on the network D. Deploy an IDS on the network
B. Disabling unnecessary services (Reduces Attack Surface)
After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service? A. Succession planning B. Disaster recovery plan C. Information security plan D. Business impact analysis
B. Disaster recovery plan
During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic? A. FTP B. DNS C. Email D. NetBIOS
B. Domain Name System (DNS)
Physical documents must be incinerated after a set retention period is reached. Which of the following attacks does this action remediate? A. Shoulder Surfing B. Dumpster Diving C. Phishing D. Impersonation
B. Dumpster Diving
Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks? A. Shoulder surfing B. Dumpster diving C. Tailgating D. Spoofing
B. Dumpster diving
When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation? A. Humidity sensors B. EMI shielding C. Channel interference D. Cable kinking
B. EMI shielding
A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior? A. Assign users passwords based upon job role. B. Enforce a minimum password age policy. C. Prevent users from choosing their own passwords. D. Increase the password expiration time frame.
B. Enforce a minimum password age policy.
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk? A. Implement privacy policies B. Enforce mandatory vacations C. Implement a security policy D. Enforce time of day restrictions
B. Enforce mandatory vacations
When implementing fire suppression controls in a datacenter it is important to: A. Select a fire suppression system which protects equipment but may harm technicians. B. Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers. C. Integrate maintenance procedures to include regularly discharging the system. D. Use a system with audible alarms to ensure technicians have 20 minutes to evacuate.
B. Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers.
Which of the following tools will allow a technician to detect security-related TCP connection anomalies? A. Logical token B. Performance monitor C. Public key infrastructure D. Trusted platform module
B. Performance monitor
A security manager must remain aware of the security posture of each system. Which of the following supports this requirement? A. Training staff on security policies B. Establishing baseline reporting C. Installing anti-malware software D. Disabling unnecessary accounts/services
B. Establishing baseline reporting
Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users? A. IV attack B. Evil twin C. War driving D. Rogue access point
B. Evil twin
A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution? A. Driving a van full of Micro SD cards from data center to data center to transfer data B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server
B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN
A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause? A. Application hardening B. False positive C. Baseline code review D. False negative
B. False positive
Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards? A. Hard tokens B. Fingerprint readers C. Swipe badge readers D. Passphrases
B. Fingerprint readers ("Something you are")
The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information? A. Business Impact Analysis B. First Responder C. Damage and Loss Control D. Contingency Planning
B. First Responder (Damage/Loss Control, Recovery, Reporting, etc.)
A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task? A. Secure coding B. Fuzzing C. Exception handling D. Input validation
B. Fuzzing
An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks? A. XSRF Attacks B. Fuzzing C. Input Validations D. SQL Injections
B. Fuzzing (providing invalid data inputs to monitor for crashes/leaks)
The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand? A. Warm site implementation for the datacenter B. Geographically disparate site redundant datacenter C. Localized clustering of the datacenter D. Cold site implementation for the datacenter
B. Geographically disparate site redundant datacenter
After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting? A. WPA2-PSK requires a supplicant on the mobile device. B. Hardware address filtering is blocking the device. C. TCP/IP Port filtering has been implemented on the SOHO router. D. IP address filtering has disabled the device from connecting.
B. Hardware address filtering is blocking the device. (Blocking MAC Addresses)
Peter must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following will Peter need to use to BEST accomplish the objective? A. A pre-shared private key B. His private key C. Ann's public key D. His public key
B. His private key
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company? A. Vulnerability scanner B. Honeynet C. Protocol analyzer D. Port scanner
B. Honeynet (collection of honeypots)
A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal? A. Penetration testing B. Honeynets C. Vulnerability scanning D. Baseline reporting
B. Honeynets
A security administrator wants to block unauthorized access to a web server using a locally installed software program. Which of the following should the administrator deploy? A. NIDS B. HIPS C. NIPS D. HIDS
B. Host-based Intrusion Prevention System (HIPS)
Which of the following protocols encapsulates an IP packet with an additional IP header? A. SFTP B. IPSec C. HTTPS D. SSL
B. IPSec
Which of the following is the difference between identification and authentication of a user? A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system. B. Identification tells who the user is and authentication proves it. C. Identification proves who the user is and authentication is used to keep the users data secure. D. Identification proves who the user is and authentication tells the user what they are allowed to do.
B. Identification tells who the user is and authentication proves it.
Peter's corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent? A. Collusion B. Impersonation C. Pharming D. Transitive Access
B. Impersonation
Which of the following is considered a risk management BEST practice of succession planning? A. Reducing risk of critical information being known to an individual person who may leave the organization B. Implementing company-wide disaster recovery and business continuity plans C. Providing career advancement opportunities to junior staff which reduces the possibility of insider threats D. Considering departmental risk management practices in place of company-wide practices
B. Implementing company-wide disaster recovery and business continuity plans
The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder? A. Remove the staff group from the payroll folder B. Implicit deny on the payroll folder for the staff group C. Implicit deny on the payroll folder for the managers group D. Remove inheritance from the payroll folder
B. Implicit deny on the payroll folder for the staff group
The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring? A. Unannounced audit response B. Incident response process C. Business continuity planning D. Unified threat management E. Disaster recovery process
B. Incident response process
A system administrator has been instructed by the head of security to protect their data at-rest. Which of the following would provide the strongest protection? A. Prohibiting removable media B. Incorporating a full-disk encryption system C. Biometric controls on data center entry points D. A host-based intrusion detection system
B. Incorporating a full-disk encryption system
When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability? A. Deploying identical application firewalls at the border B. Incorporating diversity into redundant design C. Enforcing application white lists on the support workstations D. Ensuring the systems' anti-virus definitions are up-to-date
B. Incorporating diversity into redundant design
Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following? A. Output sanitization B. Input validation C. Application hardening D. Fuzzing
B. Input validation
Peter, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Peter with detecting this activity? A. Place a full-time guard at the entrance to confirm user identity. B. Install a camera and DVR at the entrance to monitor access. C. Revoke all proximity badge access to make users justify access. D. Install a motion detector near the entrance.
B. Install a camera and DVR at the entrance to monitor access.
An administrator has concerns regarding the company's server rooms Proximity badge readers were installed, but it is discovered this is not preventing unapproved personnel from tailgating into these area. Which of the following would BEST address this concern? A. Replace proximity readers with turn0based key locks B. Install man-traps at each restricted area entrance C. Configure alarms to alert security when the areas are accessed D. Install monitoring cameras at each entrance
B. Install man-traps at each restricted area entrance
Digital signatures are used for ensuring which of the following items? (Select TWO). A. Confidentiality B. Integrity C. Non-Repudiation D. Availability E. Algorithm strength
B. Integrity C. Non-Repudiation
Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO). A. Steganography images B. Internal memory C. Master boot records D. Removable memory cards E. Public keys
B. Internal memory D. Removable memory cards
Which of the following concepts is a term that directly relates to customer privacy considerations? A. Data handling policies B. Personally identifiable information C. Information classification D. Clean desk policies
B. Personally identifiable information (PII)
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability? A. Host-based firewall B. IDS C. IPS D. Honeypot
B. Intrusion Detection System (IDS)
Which of the following security architecture elements also has sniffer functionality? (Select TWO). A. HSM B. IPS C. SSL accelerator D. WAP E. IDS
B. Intrusion Protection System (IPS) E. Intrusion Detection System (IDS)
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented? A. Mandatory vacations B. Job rotation C. Least privilege D. Separation of duties
B. Job rotation
Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented? A. Least privilege B. Job rotation C. Mandatory vacations D. Separation of duties
B. Job rotation
Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network? A. Cross-platform compatibility issues between personal devices and server-based applications B. Lack of controls in place to ensure that the devices have the latest system patches and signature files C. Non-corporate devices are more difficult to locate when a user is terminated D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets
B. Lack of controls in place to ensure that the devices have the latest system patches and signature files
Which of the following is an authentication method that can be secured by using SSL? A. RADIUS B. LDAP C. TACACS+ D. Kerberos
B. Lightweight Directory Access Protocol (LDAP)
Peter, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using? A. SAML B. LDAP C. iSCSI D. Two-factor authentication
B. Lightweight Directory Access Protocol (LDAP) (An example of single sign-on )
Which of the following provides the BEST application availability and is easily expanded as demand grows? A. Server virtualization B. Load balancing C. Active-Passive Cluster D. RAID 6
B. Load balancing
Which of the following technologies uses multiple devices to share work? A. Switching B. Load balancing C. RAID D. VPN concentrator
B. Load balancing
Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO). A. Rootkit B. Logic Bomb C. Botnet D. Backdoor E. Spyware
B. Logic Bomb D. Backdoor
Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company? A. Rootkit B. Logic bomb C. Worm D. Botnet
B. Logic bomb (malicious code triggered when specific conditions are met)
Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card? A. WEP B. MAC filtering C. Disabled SSID broadcast D. TKIP
B. MAC filtering
Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels? A. Role Based Access Controls B. Mandatory Access Controls C. Discretionary Access Controls D. Access Control List
B. Mandatory Access Controls
A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage? A. Biometrics B. Mandatory access control C. Single sign-on D. Role-based access control
B. Mandatory access control
Peter, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection? A. Sign in and sign out logs B. Mantrap C. Video surveillance D. HVAC
B. Mantrap
During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? A. Conditional rules under which certain systems may be accessed B. Matrix of job titles with required access privileges C. Clearance levels of all company personnel D. Normal hours of business operation
B. Matrix of job titles with required access privileges
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement? A. Matt should implement access control lists and turn on EFS. B. Matt should implement DLP and encrypt the company database. C. Matt should install Truecrypt and encrypt the company server. D. Matt should install TPMs and encrypt the company database.
B. Matt should implement Data Loss Prevention (DLP) and encrypt the company database.
Peter, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Peter had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that had changed since last night's integrity scan. Which of the following could the technician use to prepare the report? (Select TWO). A. PGP B. MD5 C. ECC D. AES E. Blowfish F. HMAC
B. Message Digest Algorithm 5 (MD5) F. Hash-based Message Authentication Code (HMAC)
A recent review of accounts on various systems has found that after employees' passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO). A. Reverse encryption B. Minimum password age C. Password complexity D. Account lockouts E. Password history F. Password expiration
B. Minimum password age E. Password history
A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement? A. SaaS B. MaaS C. IaaS D. PaaS
B. Monitoring as a Service (MaaS)
Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into? A. IaaS B. MaaS C. SaaS D. PaaS
B. Monitoring as a Service (MaaS)
A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal? A. NIDS B. NAC C. DLP D. DMZ E. Port Security
B. Network Access Control (NAC)
An encrypted message is sent using PKI from Emily, a client, to a customer. Emily claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender? A. CRL B. Non-repudiation C. Trust models D. Recovery agents
B. Non-repudiation
Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by? A. Key escrow B. Non-repudiation C. Multifactor authentication D. Hashing
B. Non-repudiation
A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices? A. Black listing applications B. Operating System hardening C. Mandatory Access Control D. Patch Management
B. Operating System hardening
A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option? A. PGP, because it employs a web-of-trust that is the most trusted form of PKI. B. PGP, because it is simple to incorporate into a small environment. C. X.509, because it uses a hierarchical design that is the most trusted form of PKI. D. X.509, because it is simple to incorporate into a small environment.
B. PGP, because it is simple to incorporate into a small environment.
Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the office. Which of the following describes the type of attack that was occurring? A. Spear phishing B. Packet sniffing C. Impersonation D. MAC flooding
B. Packet sniffing (Hardware)
Connections using point-to-point protocol authenticate using which of the following? (Select TWO). A. RIPEMD B. PAP C. CHAP D. RC4 E. Kerberos
B. Password Authenticated Protocol (PAP) C. Challenge-Handshake Authentication Protocol (CHAP) (Uses Three-Way Handshake)
An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal? A. Add reverse encryption B. Password complexity C. Increase password length D. Allow single sign on
B. Password complexity
An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO). A. Length of password B. Password history C. Minimum password age D. Password expiration E. Password complexity F. Non-dictionary words
B. Password history C. Minimum password age
A new client application developer wants to ensure that the encrypted passwords that are stored in their database are secure from cracking attempts. To implement this, the developer implements a function on the client application that hashes passwords thousands of times prior to being sent to the database. Which of the following did the developer MOST likely implement? A. RIPEMD B. PBKDF2 C. HMAC D. ECDHE
B. Password-Based Key Derivation Function 2 (PBKDF2)
Which of the following is BEST utilized to actively test security controls on a particular system? A. Port scanning B. Penetration test C. Vulnerability scanning D. Grey/Gray box
B. Penetration test
Which of the following is the BEST approach to perform risk mitigation of user access control rights? A. Conduct surveys and rank the results. B. Perform routine user permission reviews. C. Implement periodic vulnerability scanning. D. Disable user accounts that have not been used within the last two weeks.
B. Perform routine user permission reviews.
A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles? A. Leverage role-based access controls. B. Perform user group clean-up. C. Verify smart card access controls. D. Verify SHA-256 for password hashes.
B. Perform user group clean-up.
Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives? A. Degaussing B. Physical Destruction C. Lock up hard drives in a secure safe D. Wipe
B. Physical Destruction
During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware? A. Lessons Learned B. Preparation C. Eradication D. Identification
B. Preparation
After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen: `Please only use letters and numbers on these fields' Which of the following is this an example of? A. Proper error handling B. Proper input validation C. Improper input validation D. Improper error handling
B. Proper input validation
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer
B. Protocol analyzer
Which of the following BEST allows Peter, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes? A. Switches B. Protocol analyzers C. Routers D. Web security gateways
B. Protocol analyzers
In order to use a two-way trust model the security administrator MUST implement which of the following? A. DAC B. PKI C. HTTPS D. TPM
B. Public Key Infrastructure (PKI)
A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform? A. Remove all previous smart card certificates from the local certificate store. B. Publish the new certificates to the global address list. C. Make the certificates available to the operating system. D. Recover the previous smart card certificates.
B. Publish the new certificates to the global address list.
All of the following are valid cryptographic hash functions EXCEPT: A. RIPEMD. B. RC4. C. SHA-512. D. MD4.
B. RC4. (Used in WEP/WPA Encryption)
Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following? A. Sender's private key B. Recipient's public key C. Sender's public key D. Recipient's private key
B. Recipient's public key
One of the senior managers at a company called the help desk to report to report a problem. The manager could no longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and the laptop restored from a backup. The help desk informed the manager that the recommended solution was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the help desk use to avoid losing the data on the laptop? A. Public key B. Recovery agent C. Registration details D. Trust Model
B. Recovery agent
A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen? A. Application control B. Remote wiping C. GPS D. Screen-locks
B. Remote wiping
Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server? A. Common access card B. Role based access control C. Discretionary access control D. Mandatory access control
B. Role based access control
Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised? A. Least privilege B. Sandboxing C. Black box D. Application hardening
B. Sandboxing
A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet? A. SCP B. SSH C. SFTP D. SSL
B. Secure Shell (SSH)
A security analyst needs to logon to the console to perform maintenance on a remote server. Which of the following protocols would provide secure access? A. SCP B. SSH C. SFTP D. HTTPS
B. Secure Shell (SSH)
Which of the following protocols provides transport security for virtual terminal emulation? A. TLS B. SSH C. SCP D. S/MIME
B. Secure Shell (SSH) (tunneling protocol)
Which of the following MOST interferes with network-based detection techniques? A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts
B. Secure Sockets Layer (SSL)
Which of the following can use RC4 for encryption? (Select TWO). A. CHAP B. SSL C. WEP D. AES E. 3DES
B. Secure Sockets Layer (SSL) C. Wired Equivalent Protocol (WEP)
The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future? A. Job rotation B. Separation of duties C. Mandatory Vacations D. Least Privilege
B. Separation of duties
One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring? A. Set up a protocol analyzer B. Set up a performance baseline C. Review the systems monitor on a monthly basis D. Review the performance monitor on a monthly basis
B. Set up a performance baseline
A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports? A. SNMP B. SNMPv3 C. ICMP D. SSH
B. Simple Network Management Protocol V3 (SNMPv3)
Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device? A. SMTP B. SNMPv3 C. IPSec D. SNMP
B. Simple Network Management Protocol V3 (SNMPv3)
In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise. Which of the following is MOST important to the security manager? A. Impact B. SLE C. ALE D. ARO
B. Single Loss Expectancy (SLE) SLE = AV * EF
A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following? A. Multifactor authentication B. Single factor authentication C. Separation of duties D. Identification
B. Single factor authentication
An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of the following attacks does this prevent? A. Pharming B. Smurf C. Replay D. Xmas
B. Smurf
A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download? A. Backdoor B. Spyware C. Logic bomb D. DDoS E. Smurf
B. Spyware
Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? A. Packet Filter Firewall B. Stateful Firewall C. Proxy Firewall D. Application Firewall
B. Stateful Firewall
The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur? A. EMI emanations B. Static electricity C. Condensation D. Dry-pipe fire suppression
B. Static electricity
A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match. Which of the following describes how the employee is leaking these secrets? A. Social engineering B. Steganography C. Hashing D. Digital signatures
B. Steganography
Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image? A. Transport encryption B. Steganography C. Hashing D. Digital signature
B. Steganography
Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following? A. Fault tolerance B. Succession planning C. Business continuity testing D. Recovery point objectives
B. Succession planning
Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate? A. Taking screenshots B. System image capture C. Chain of custody D. Order of volatility
B. System image capture
Peter, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host? A. TCP port 443 and IP protocol 46 B. TCP port 80 and TCP port 443 C. TCP port 80 and ICMP D. TCP port 443 and SNMP
B. TCP port 80 (HTTP) and TCP port 443 (HTTPS)
At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe? A. Shoulder surfing B. Tailgating C. Whaling D. Impersonation
B. Tailgating
Peter, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Peter do NEXT? A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant. B. Tell the application development manager to code the application to adhere to the company's password policy. C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented. D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.
B. Tell the application development manager to code the application to adhere to the company's password policy.
Which of the following authentication services should be replaced with a more secure alternative? A. RADIUS B. TACACS C. TACACS+ D. XTACACS
B. Terminal Access Controller Access-Control System (TACACS) (Replaced by TACACS+)
A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted? A. RADIUS B. TACACS+ C. Kerberos D. LDAP
B. Terminal Access Controller Access-Control System + (TACACS+)
The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment? A. The administrator will need to deploy load balancing and clustering. B. The administrator may spend more on licensing but less on hardware and equipment. C. The administrator will not be able to add a test virtual environment in the data center. D. Servers will encounter latency and lowered throughput issues.
B. The administrator may spend more on licensing but less on hardware and equipment.
The fundamental information security principals include confidentiality, availability and which of the following? A. The ability to secure data against unauthorized disclosure to external sources B. The capacity of a system to resist unauthorized changes to stored information C. The confidence with which a system can attest to the identity of a user D. The characteristic of a system to provide uninterrupted service to authorized users
B. The capacity of a system to resist unauthorized changes to stored information
The security administrator installed a newly generated SSL certificate onto the company web server. Due to a misconfiguration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised? A. The file containing the recovery agent's keys. B. The file containing the public key. C. The file containing the private key. D. The file containing the server's encrypted passwords.
B. The file containing the public key.
Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test? A. The security company is provided with all network ranges, security devices in place, and logical maps of the network. B. The security company is provided with no information about the corporate network or physical locations. C. The security company is provided with limited information on the network, including all network diagrams. D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams
B. The security company is provided with no information about the corporate network or physical locations.
A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring? A. The user is encrypting the data in the outgoing messages. B. The user is using steganography. C. The user is spamming to obfuscate the activity. D. The user is using hashing to embed data in the emails.
B. The user is using steganography.
After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO). A. To allow load balancing for cloud support B. To allow for business continuity if one provider goes out of business C. To eliminate a single point of failure D. To allow for a hot site in case of disaster E. To improve intranet communication speeds
B. To allow for business continuity if one provider goes out of business C. To eliminate a single point of failure
Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)? A. Co-hosted application B. Transitive trust C. Mutually exclusive access D. Dual authentication
B. Transitive trust
Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage and access these servers? A. SSL B. TLS C. HTTP D. FTP
B. Transport Layer Security (TLS) (Used to wrap data in transport)
Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE). A. RC4 B. 3DES C. AES D. MD5 E. PGP F. Blowfish
B. Triple Data Encryption Standard (3DES) C. Advanced Encryption Standard (AES) F. Blowfish
Which of the following provides additional encryption strength by repeating the encryption process with additional keys? A. AES B. 3DES C. TwoFish D. Blowfish
B. Triple-Data Encryption Standard (3DES)
Which of the following is built into the hardware of most laptops but is not setup for centralized management by default? A. Whole disk encryption B. TPM encryption C. USB encryption D. Individual file encryption
B. Trusted Platform Module (TPM) encryption
Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user? A. Failure to capture B. Type II C. Mean time to register D. Template capacity
B. Type II (False Acceptance Rate (FAR))
Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites? A. Spam filter B. URL filter C. Content inspection D. Malware inspection
B. URL filter
Which of the following assets is MOST likely considered for DLP? A. Application server content B. USB mass storage devices C. Reverse proxy D. Print server
B. USB mass storage devices
An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns. Which of the following is an example of this threat? A. An attacker using the phone remotely for spoofing other phone numbers B. Unauthorized intrusions into the phone to access data C. The Bluetooth enabled phone causing signal interference with the network D. An attacker using exploits that allow the phone to be disabled
B. Unauthorized intrusions into the phone to access data
Which of the following is true about an email that was signed by User A and sent to User B? A. User A signed with User B's private key and User B verified with their own public key. B. User A signed with their own private key and User B verified with User A's public key. C. User A signed with User B's public key and User B verified with their own private key. D. User A signed with their own public key and User B verified with User A's private key.
B. User A signed with their own private key and User B verified with User A's public key.
After an audit, it was discovered that the security group memberships were not properly adjusted for employees' accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO). A. Mandatory access control enforcement. B. User rights and permission reviews. C. Technical controls over account management. D. Account termination procedures. E. Management controls over account management. F. Incident management and response plan.
B. User rights and permission reviews. E. Management controls over account management.
A recent audit of a company's identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario? (Select TWO). A. Automatically disable accounts that have not been utilized for at least 10 days. B. Utilize automated provisioning and de-provisioning processes where possible. C. Request that employees provide a list of systems that they have access to prior to leaving the firm. D. Perform regular user account review / revalidation process. E. Implement a process where new account creations require management approval.
B. Utilize automated provisioning and de-provisioning processes where possible. D. Perform regular user account review / revalidation process.
Which of the following would Peter, a security administrator, MOST likely implement in order to allow employees to have secure remote access to certain internal network services such as file servers? A. Packet filtering firewall B. VPN gateway C. Switch D. Router
B. VPN gateway
The public key is used to perform which of the following? (Select THREE). A. Validate the CRL B. Validate the identity of an email sender C. Encrypt messages D. Perform key recovery E. Decrypt messages F. Perform key escrow
B. Validate the identity of an email sender C. Encrypt messages E. Decrypt messages
Which of the following should be done before resetting a user's password due to expiration? A. Verify the user's domain membership. B. Verify the user's identity. C. Advise the user of new policies. D. Verify the proper group membership.
B. Verify the user's identity.
Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed? A. Bollards B. Video surveillance C. Proximity readers D. Fencing
B. Video surveillance
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected? A. VPN B. VLAN C. WPA2 D. MAC filtering
B. Virtual Local Area Network (VLAN)
Peter, a security administrator, is informed that people from the HR department should not have access to the accounting department's server, and the accounting department should not have access to the HR department's server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department's server and vice-versa? A. ACLs B. VLANs C. DMZs D. NATS
B. Virtual Local Area Networks (VLANs)
Which of the following is a concern when encrypting wireless data with WEP? A. WEP displays the plain text entire key when wireless packet captures are reassembled B. WEP implements weak initialization vectors for key transmission C. WEP uses a very weak encryption algorithm D. WEP allows for only four pre-shared keys to be configured
B. WEP implements weak initialization vectors for key transmission
The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections? A. WEP B. WPA2 CCMP C. Disable SSID broadcast and increase power levels D. MAC filtering
B. WPA2 CCMP
The practice of marking open wireless access points is called which of the following? A. War dialing B. War chalking C. War driving D. Evil twin
B. War chalking
A security engineer is reviewing log data and sees the output below: POST: /payload.php HTTP/1.1 HOST: localhost Accept: */* Referrer: http://localhost/ ******* HTTP/1.1 403 Forbidden Connection: close Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log? A. Host-based Intrusion Detection System B. Web application firewall C. Network-based Intrusion Detection System D. Stateful Inspection Firewall E. URL Content Filter
B. Web application firewall
Which of the following attacks targets high level executives to gain company information? A. Phishing B. Whaling C. Vishing D. Spoofing
B. Whaling
Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period? A. When creating the account, set the account to not remember password history. B. When creating the account, set an expiration date on the account. C. When creating the account, set a password expiration date on the account. D. When creating the account, set the account to have time of day restrictions.
B. When creating the account, set an expiration date on the account.
Which of the following provides the strongest authentication security on a wireless network? A. MAC filter B. WPA2 C. WEP D. Disable SSID broadcast
B. Wi-Fi Protected Access 2 (WPA2)
Which of the following is a management control? A. Logon banners B. Written security policy C. SYN attack prevention D. Access Control List (ACL)
B. Written security policy
Emily, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Emily runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. Which of the following was used to perform this attack? A. SQL injection B. XML injection C. Packet sniffer D. Proxy
B. XML injection
An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation? A. Dipole B. Yagi C. Sector D. Omni
B. Yagi-Uda Antenna (Yagi) (Directional, Consists of multiple parallel dipoles)
A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. Which of the following BEST describes this exploit? A. Malicious insider threat B. Zero-day C. Client-side attack D. Malicious add-on
B. Zero-day
While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are: A. no longer used to authenticate to most wireless networks. B. contained in certain wireless packets in plaintext. C. contained in all wireless broadcast packets by default. D. no longer supported in 802.11 protocols.
B. contained in certain wireless packets in plaintext.
Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts? A. badlog B. faillog C. wronglog D. killlog
B. faillog
If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it? A. macconfig B. ifconfig C. ipconfig D. config
B. ifconfig
An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that: A. it is being caused by the presence of a rogue access point. B. it is the beginning of a DDoS attack. C. the IDS has been compromised. D. the internal DNS tables have been poisoned.
B. it is the beginning of a Distributed Denial of Service (DDoS) attack.
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system? A. 1 B. 2 C. 3 D. 4
C. 3 ("Something you know"/"Something you have"/"Somewhere you are")
An active directory setting restricts querying to only secure connections. Which of the following ports should be selected to establish a successful connection? A. 389 B. 440 C. 636 D. 3286
C. 636 (Used for Secure LDAP)
Which of the following ports would be blocked if Peter, a security administrator, wants to deny access to websites? A. 21 B. 25 C. 80 D. 3389
C. 80 (HTTP)
In which of the following scenarios is PKI LEAST hardened? A. The CRL is posted to a publicly accessible location. B. The recorded time offsets are developed with symmetric keys. C. A malicious CA certificate is loaded on all the clients. D. All public keys are accessed by an unauthorized user.
C. A malicious CA certificate is loaded on all the clients.
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application's task. Which of the following is the security administrator practicing in this example? A. Explicit deny B. Port security C. Access control lists D. Implicit deny
C. Access control lists
Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine? A. Account expiration settings B. Complexity of PIN C. Account lockout settings D. PIN history requirements
C. Account lockout settings
Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company's security device. Which of the following might the administrator do in the short term to prevent the emails from being received? A. Configure an ACL B. Implement a URL filter C. Add the domain to a block list D. Enable TLS on the mail server
C. Add the domain to a block list
Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits? A. Botnet B. Rootkit C. Adware D. Virus
C. Adware
Which of the following is an indication of an ongoing current problem? A. Alert B. Trend C. Alarm D. Trap
C. Alarm
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges? A. All users have write access to the directory. B. Jane has read access to the file. C. All users have read access to the file. D. Jane has read access to the directory.
C. All users have read access to the file.
A company replaces a number of devices with a mobile appliance, combining several functions. Which of the following descriptions fits this new implementation? (Select TWO). A. Cloud computing B. Virtualization C. All-in-one device D. Load balancing E. Single point of failure
C. All-in-one device E. Single point of failure
Which of the following helps to establish an accurate timeline for a network intrusion? A. Hashing images of compromised systems B. Reviewing the date of the antivirus definition files C. Analyzing network traffic and device logs D. Enforcing DLP controls at the perimeter
C. Analyzing network traffic and device logs
A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Peter and Ann were hired 16 days ago. When Peter logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password? A. Ann's user account has administrator privileges. B. Peter's user account was not added to the group policy. C. Ann's user account was not added to the group policy. D. Peter's user account was inadvertently disabled and must be re-created.
C. Ann's user account was not added to the group policy.
Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software? A. Application white listing B. Network penetration testing C. Application hardening D. Input fuzzing testing
C. Application hardening (Reenabling security settings)
A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks? A. Application hardening B. Application change management C. Application patch management D. Application firewall review
C. Application patch management
When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents? A. Digital Signature B. Symmetric C. Asymmetric D. Hashing
C. Asymmetric (Keys can be exchanged, but there is no secure channel for the private key)
Which of the following is the BEST technology for the sender to use in order to secure the in-band exchange of a shared key? A. Steganography B. Hashing algorithm C. Asymmetric cryptography D. Steam cipher
C. Asymmetric cryptography
A user ID and password together provide which of the following? A. Authorization B. Auditing C. Authentication D. Identification
C. Authentication
In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following? A. Identification B. Authorization C. Authentication D. Multifactor authentication
C. Authentication
An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process? A. Employee is required to share their password with authorized staff prior to leaving the firm B. Passwords are stored in a reversible form so that they can be recovered when needed C. Authorized employees have the ability to reset passwords so that the data is accessible D. All employee data is exported and imported by the employee prior to them leaving the firm
C. Authorized employees have the ability to reset passwords so that the data is accessible
Which of the following would a security administrator implement in order to identify change from the standard configuration on a server? A. Penetration test B. Code review C. Baseline review D. Design review
C. Baseline review
Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server? A. MAC filter list B. Recovery agent C. Baselines D. Access list
C. Baselines
A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner? A. Kill all system processes B. Enable the firewall C. Boot from CD/USB D. Disable the network connection
C. Boot from CD/USB
Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file? A. Cognitive password B. Password sniffing C. Brute force D. Social engineering
C. Brute force
Which of the following can be used as an equipment theft deterrent? A. Screen locks B. GPS tracking C. Cable locks D. Whole disk encryption
C. Cable locks
Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools? A. Identify user habits B. Disconnect system from network C. Capture system image D. Interview witnesses
C. Capture system image
To ensure proper evidence collection, which of the following steps should be performed FIRST? A. Take hashes from the live system B. Review logs C. Capture the system image D. Copy all compromised files
C. Capture the system image
When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner? A. Trust models B. CRL C. CA D. Recovery agent
C. Certificate Authority (CA)
Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access? A. Registration B. CA C. CRL D. Recovery agent
C. Certificate Revocation List (CRL)
Which of the following should a security technician implement to identify untrusted certificates? A. CA B. PKI C. CRL D. Recovery agent
C. Certificate Revocation List (CRL)
Which of the following provides a static record of all certificates that are no longer valid? A. Private key B. Recovery agent C. CRLs D. CA
C. Certificate Revocation Lists (CRLs)
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident? A. Eye Witness B. Data Analysis of the hard drive C. Chain of custody D. Expert Witness
C. Chain of custody
Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems? A. Incident management B. Server clustering C. Change management D. Forensic analysis
C. Change management
Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access? A. CCTV system access B. Dial-up access C. Changing environmental controls D. Ping of death
C. Changing environmental controls
A company wants to prevent end users from plugging unapproved smartphones into PCs and transferring data. Which of the following would be the BEST control to implement? A. MDM B. IDS C. DLP D. HIPS
C. Data Loss Prevention (DLP)
Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device? A. Authentication B. Blacklisting C. Whitelisting D. Acceptable use policy
C. Whitelisting
Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company's access point and finds no issues. Which of the following should the technician do? A. Change the access point from WPA2 to WEP to determine if the encryption is too strong B. Clear all access logs from the AP to provide an up-to-date access list of connected users C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap
C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
Emily, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent? A. Warm site B. Load balancing C. Clustering D. RAID
C. Clustering
Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario? A. Baseline Reporting B. Capability Maturity Model C. Code Review D. Quality Assurance and Testing
C. Code Review
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire? A. Install a proxy server between the users' computers and the switch to filter inbound network traffic. B. Block commonly used ports and forward them to higher and unused port numbers. C. Configure the switch to allow only traffic from computers based upon their physical address. D. Install host-based intrusion detection software to monitor incoming DHCP Discover requests.
C. Configure the switch to allow only traffic from computers based upon their physical address.
Which of the following is being tested when a company's payroll server is powered off for eight hours? A. Succession plan B. Business impact document C. Continuity of operations plan D. Risk assessment plan
C. Continuity of operations plan
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used? A. Detective B. Deterrent C. Corrective D. Preventive
C. Corrective
A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080? A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port B. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080 D. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80
C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080
Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished? A. Create a VLAN without a default gateway. B. Remove the network from the routing table. C. Create a virtual switch. D. Commission a stand-alone switch.
C. Create a virtual switch.
Peter an application developer is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Peter filters client-side JAVA input. Which of the following is Peter attempting to prevent? A. SQL injections B. Watering holes C. Cross site scripting D. Pharming
C. Cross site scripting (XSS)
A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue? A. HTTP B. DHCP C. DNS D. NetBIOS
C. DNS
An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. This company should consider which of the following technologies? A. IDS B. Firewalls C. DLP D. IPS
C. Data Loss Prevention (DLP) (Software to detect transmission of credit card information)
A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with? A. Data confidentiality B. High availability C. Data integrity D. Business continuity
C. Data integrity
Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table? A. Full disk B. Individual files C. Database D. Removable media
C. Database
Which of the following network architecture concepts is used to securely isolate at the boundary between networks? A. VLAN B. Subnetting C. DMZ D. NAT
C. Demilitarized Zone (DMZ)
Which of the following are examples of network segmentation? (Select TWO). A. IDS B. IaaS C. DMZ D. Subnet E. IPS
C. Demilitarized Zone (DMZ) D. Subnet
Visible security cameras are considered to be which of the following types of security controls? A. Technical B. Compensating C. Deterrent D. Administrative
C. Deterrent
Which of the following authentication methods can use the SCTP and TLS protocols for reliable packet transmissions? A. TACACS+ B. SAML C. Diameter D. Kerberos
C. Diameter
The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take? A. Create a firewall rule to block SSH B. Delete the root account C. Disable remote root logins D. Ensure the root account has a strong password
C. Disable remote root logins
A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario? A. Site visit to the backup data center B. Disaster recovery plan review C. Disaster recovery exercise D. Restore from backup
C. Disaster recovery exercise
Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed? A. Role-based B. Mandatory C. Discretionary D. Rule-based
C. Discretionary
Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network? A. Disable SSID broadcast B. Install a RADIUS server C. Enable MAC filtering D. Lowering power levels on the AP
C. Enable MAC filtering
The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action? A. Create a single, shared user account for every system that is audited and logged based upon time of use. B. Implement a single sign-on application on equipment with sensitive data and high-profile shares. C. Enact a policy that employees must use their vacation time in a staggered schedule. D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes.
C. Enact a policy that employees must use their vacation time in a staggered schedule. (Mandatory Vacations)
A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage? A. Deduplication is not compatible with encryption B. The exports are being stored on smaller SAS drives C. Encrypted files are much larger than unencrypted files D. The SAN already uses encryption at rest
C. Encrypted files are much larger than unencrypted files (it adds overhead)
Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly? A. Fuzzing B. Patch management C. Error handling D. Strong passwords
C. Error handling
After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points: Corpnet Coffeeshop FreePublicWifi Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created? A. Infrastructure as a Service B. Load balancer C. Evil twin D. Virtualized network
C. Evil twin
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results? A. True negatives B. True positives C. False positives D. False negatives
C. False positives
Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic? A. Sniffer B. Router C. Firewall D. Switch
C. Firewall
Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). A. Tethering B. Screen lock PIN C. Remote wipe D. Email password E. GPS tracking F. Device encryption
C. Remote wipe F. Device encryption
The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements? A. Sniffers B. NIDS C. Firewalls D. Web proxies E. Layer 2 switches
C. Firewalls
An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code? A. Vulnerability scanning B. Denial of service C. Fuzzing D. Port scanning
C. Fuzzing
Which of the following application security principles involves inputting random data into a program? A. Brute force attack B. Sniffing C. Fuzzing D. Buffer overflow
C. Fuzzing
The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware? A. TwoFish B. SHA-512 C. Fuzzy hashes D. HMAC
C. Fuzzy hashes
Ann is a member of the Sales group. She needs to collaborate with Peter, a member of the IT group, to edit a file. Currently, the file has the following permissions: Ann: read/write Sales Group: read IT Group: no access If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Peter? A. Add Peter to the Sales group. B. Have the system administrator give Peter full access to the file. C. Give Peter the appropriate access to the file directly. D. Remove Peter from the IT group and add him to the Sales group.
C. Give Peter the appropriate access to the file directly.
A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application? A. Black box testing B. White box testing C. Gray box testing D. Design review
C. Gray box testing
A file on a Linux server has default permissions of rw-rw-r-. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file? A. User ownership information for the file in question B. Directory permissions on the parent directory of the file in question C. Group memberships for the group owner of the file in question D. The file system access control list (FACL) for the file in question
C. Group memberships for the group owner of the file in question
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment? A. Water base sprinkler system B. Electrical C. HVAC D. Video surveillance
C. HVAC (for detecting changes in the environment)
Peter needs to track employees who log into a confidential database and edit files. In the past, critical files have been edited, and no one admits to making the edits. Which of the following does Peter need to implement in order to enforce accountability? A. Non-repudiation B. Fault tolerance C. Hashing D. Redundancy
C. Hashing
Identifying a list of all approved software on a system is a step in which of the following practices? A. Passively testing security controls B. Application hardening C. Host software baselining D. Client-side targeting
C. Host software baselining
A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario? A. WPA2 B. WPA C. IPv6 D. IPv4
C. IPv6
Which of the following protocols allows for the LARGEST address space? A. IPX B. IPv4 C. IPv6 D. Appletalk
C. IPv6
Which of the following pseudocodes can be used to handle program exceptions? A. If program detects another instance of itself, then kill program instance. B. If user enters invalid input, then restart program. C. If program module crashes, then restart program module. D. If user's input exceeds buffer length, then truncate the input.
C. If program module crashes, then restart program module.
A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room? A. Man-in-the-middle B. Tailgating C. Impersonation D. Spoofing
C. Impersonation
Emily, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Emily then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST? A. Phishing B. Shoulder surfing C. Impersonation D. Tailgating
C. Impersonation
Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks? A. Implement a HIDS to protect the SCADA system B. Implement a Layer 2 switch to access the SCADA system C. Implement a firewall to protect the SCADA system D. Implement a NIDS to protect the SCADA system
C. Implement a firewall to protect the SCADA system
A security administrator has concerns that employees are installing unapproved applications on their company provide smartphones. Which of the following would BEST mitigate this? A. Implement remote wiping user acceptance policies B. Disable removable storage capabilities C. Implement an application whitelist D. Disable the built-in web browsers
C. Implement an application whitelist
Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need? A. Implement voice encryption, pop-up blockers, and host-based firewalls. B. Implement firewalls, network access control, and strong passwords. C. Implement screen locks, device encryption, and remote wipe capabilities. D. Implement application patch management, antivirus, and locking cabinets.
C. Implement screen locks, device encryption, and remote wipe capabilities.
Requiring technicians to report spyware infections is a step in which of the following? A. Routine audits B. Change management C. Incident management D. Clean desk policy
C. Incident management
Who should be contacted FIRST in the event of a security breach? A. Forensics analysis team B. Internal auditors C. Incident response team D. Software vendors
C. Incident response team
A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take? A. Install a registration server. B. Generate shared public and private keys. C. Install a CA D. Establish a key escrow policy.
C. Install a CA
A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak? A. Create a separate printer network B. Perform penetration testing to rule out false positives C. Install patches on the print server D. Run a full vulnerability scan of all the printers
C. Install patches on the print server
Emily, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concepts is Emily using? A. Confidentiality B. Compliance C. Integrity D. Availability
C. Integrity
Which of the following documents outlines the technical and security requirements of an agreement between organizations? A. BPA B. RFQ C. ISA D. RFC
C. Interconnection Security Agreement (ISA)
Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations? A. Subnetting B. NAT C. Jabber D. DMZ
C. Jabber (Conferencing App by Cisco)
A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization? A. LDAP B. RADIUS C. Kerberos D. XTACACS
C. Kerberos (utilizes a Key Distribution Center (KDC))
Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of: A. Redundant systems. B. Separation of duties. C. Layered security. D. Application control.
C. Layered security.
A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall? A. Mandatory vacations B. Job rotation C. Least privilege D. Time of day restrictions
C. Least privilege
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following? A. Mandatory access B. Rule-based access control C. Least privilege D. Job rotation
C. Least privilege
A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use. Which of the following controls would BEST address this security concern? A. Host-based firewall B. Cable locks C. Locking cabinets D. Surveillance video
C. Locking cabinets
Ann, a security administrator, has concerns regarding her company's wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be. Which of the following would BEST alleviate Ann's concerns with minimum disturbance of current functionality for clients? A. Enable MAC filtering on the wireless access point. B. Configure WPA2 encryption on the wireless access point. C. Lower the antenna's broadcasting power. D. Disable SSID broadcasting.
C. Lower the antenna's broadcasting power.
During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization. Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization? A. Hostile takeovers B. Large scale natural disasters C. Malware and viruses D. Corporate espionage
C. Malware and viruses
A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control? A. Implicit deny B. Role-based Access Control C. Mandatory Access Controls D. Least privilege
C. Mandatory Access Controls
A security team has established a security awareness program. Which of the following would BEST prove the success of the program? A. Policies B. Procedures C. Metrics D. Standards
C. Metrics
Which of the following are examples of detective controls? A. Biometrics, motion sensors and mantraps. B. Audit, firewall, anti-virus and biometrics. C. Motion sensors, intruder alarm and audit. D. Intruder alarm, mantraps and firewall.
C. Motion sensors, intruder alarm and audit.
A distributed denial of service attack can BEST be described as: A. Invalid characters being entered into a field in a database application. B. Users attempting to input random or invalid data into fields within a web browser application. C. Multiple computers attacking a single target in an organized attempt to deplete its resources. D. Multiple attackers attempting to gain elevated privileges on a target system.
C. Multiple computers attacking a single target in an organized attempt to deplete its resources.
A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this? A. ICMP B. BGP C. NetBIOS D. DNS
C. NetBIOS
A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type? A. NAT B. NIPS C. NAC D. DMZ
C. Network Access Control (NAC)
A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? A. TCP/IP socket design review B. Executable code review C. OS Baseline comparison D. Software architecture review
C. OS Baseline comparison
Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"? A. CRL B. PKI C. OCSP D. RA
C. Online Certificate Status Protocol (OCSP)
Which of the following implementation steps would be appropriate for a public wireless hot-spot? A. Reduce power level B. Disable SSID broadcast C. Open system authentication D. MAC filter
C. Open system authentication
Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords? A. EAP-MD5 B. WEP C. PEAP-MSCHAPv2 D. EAP-TLS
C. PEAP-MSCHAPv2
Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues? A. URL filter B. Spam filter C. Packet sniffer D. Switch
C. Packet sniffer
A security administrator wants to check user password complexity. Which of the following is the BEST tool to use? A. Password history B. Password logging C. Password cracker D. Password hashing
C. Password cracker
Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack? A. ARP poisoning B. DoS C. Replay D. Brute force
C. Replay (Playback Attack)
An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes. Which of the following should the administrator implement? A. Snapshots B. Sandboxing C. Patch management D. Intrusion detection system
C. Patch management
A security administrator is aware that a portion of the company's Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform? A. Patch management assessment B. Business impact assessment C. Penetration test D. Vulnerability assessment
C. Penetration test
Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks? A. User Awareness B. Acceptable Use Policy C. Personal Identifiable Information D. Information Sharing
C. Personal Identifiable Information
Peter, a user, wants to protect sensitive information stored on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive information within the hidden volume. This is an example of which of the following? (Select TWO). A. Multi-pass encryption B. Transport encryption C. Plausible deniability D. Steganography E. Transitive encryption F. Trust models
C. Plausible deniability D. Steganography
Which of the following tools would a security administrator use in order to identify all running services throughout an organization? A. Architectural review B. Penetration test C. Port scanner D. Design review
C. Port scanner
A video surveillance audit recently uncovered that an employee plugged in a personal laptop and used the corporate network to browse inappropriate and potentially malicious websites after office hours. Which of the following could BEST prevent a situation like this form occurring again? A. Intrusion detection B. Content filtering C. Port security D. Vulnerability scanning
C. Port security
Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key? A. Session Key B. Public Key C. Private Key D. Digital Signature
C. Private Key
Which of the following would be MOST appropriate if an organization's requirements mandate complete control over the data and applications stored in the cloud? A. Hybrid cloud B. Community cloud C. Private cloud D. Public cloud
C. Private cloud
In order for network monitoring to work properly, you need a PC and a network card running in what mode? A. Launch B. Exposed C. Promiscuous D. Sweep
C. Promiscuous
Which of the following access methods uses radio frequency waves for authentication? A. Video surveillance B. Mantraps C. Proximity readers D. Biometrics
C. Proximity readers
Which of the following devices would be the MOST efficient way to filter external websites for staff on an internal network? A. Protocol analyzer B. Switch C. Proxy D. Router
C. Proxy
Which of the following types of security services are used to support authentication for remote users and devices? A. Biometrics B. HSM C. RADIUS D. TACACS
C. RADIUS
A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal? A. CCTV B. Environmental monitoring C. RFID D. EMI shielding
C. Radio Frequency Identification (RFID)
Which of the following defines a business goal for system restoration and acceptable data loss? A. MTTR B. MTBF C. RPO D. Warm site
C. Recovery Point Objective (RPO)
A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost? A. Clustering B. Mirrored server C. RAID D. Tape backup
C. Redundant Array of Independent Disks (RAID)
A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667 Which of the following protocols was used to access the server remotely? A. LDAP B. HTTP C. RDP D. HTTPS
C. Remote Desktop Protocol (RDP) (Port 3389)
A network administrator has identified port 21 being open and the lack of an IDS as a potential risk to the company. Due to budget constraints, FTP is the only option that the company can is to transfer data and network equipment cannot be purchased. Which of the following is this known as? A. Risk transference B. Risk deterrence C. Risk acceptance D. Risk avoidance
C. Risk acceptance
Identifying residual is MOST important to which of the following concepts? A. Risk deterrence B. Risk acceptance C. Risk mitigation D. Risk avoidance
C. Risk mitigation
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager? A. User permissions B. Policy enforcement C. Routine audits D. Change management
C. Routine audits
The string: ' or 1=1- Represents which of the following? A. Bluejacking B. Rogue access point C. SQL Injection D. Client-side attacks
C. SQL Injection
A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO). A. FTP service should be disabled B. HTTPS service should be disabled C. SSH service should be disabled D. HTTP service should disabled E. Telnet service should be disabled
C. SSH service should be disabled (Port 22) D. HTTP service should disabled (Port 80)
A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here? A. Separation of duties B. Least privilege C. Same sign-on D. Single sign-on
C. Same sign-on (User enters credentials multiple times)
An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building? A. Cloud B. Trusted C. Sandbox D. Snapshot
C. Sandbox
Which of the following protocols operates at the HIGHEST level of the OSI model? A. ICMP B. IPSec C. SCP D. TCP
C. Secure Copy (SCP) (uses Secure Shell (SSH) which runs at the Application Layer (Layer 7))
Which of the following protocols allows for secure transfer of files? (Select TWO). A. ICMP B. SNMP C. SFTP D. SCP E. TFTP
C. Secure File Transfer Protocol (SFTP) D. Secure Copy Protocol (SCP)
Which of the following protocols provides for mutual authentication of the client and server? A. Two-factor authentication B. Radius C. Secure LDAP D. Biometrics
C. Secure Lightweight Directory Access Protocol (LDAP)
Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network? A. Single sign on B. IPv6 C. Secure zone transfers D. VoIP
C. Secure zone transfers
Emily, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Emily is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again? A. Disable the wireless access and implement strict router ACLs. B. Reduce restrictions on the corporate web security gateway. C. Security policy and threat awareness training. D. Perform user rights and permissions reviews.
C. Security policy and threat awareness training.
A user has forgotten their account password. Which of the following is the BEST recovery strategy? A. Upgrade the authentication system to use biometrics instead. B. Temporarily disable password complexity requirements. C. Set a temporary password that expires upon first use. D. Retrieve the user password from the credentials database.
C. Set a temporary password that expires upon first use.
A technician is investigating intermittent switch degradation. The issue only seems to occur when the building's roof air conditioning system runs. Which of the following would reduce the connectivity issues? A. Adding a heat deflector B. Redundant HVAC systems C. Shielding D. Add a wireless network
C. Shielding (EMI)
A security administrator is concerned about the strength of user's passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords? A. Increase the password length requirements B. Increase the password history C. Shorten the password expiration period D. Decrease the account lockout time
C. Shorten the password expiration period
All executive officers have changed their monitor location so it cannot be easily viewed when passing by their offices. Which of the following attacks does this action remediate? A. Dumpster Diving B. Impersonation C. Shoulder Surfing D. Whaling
C. Shoulder Surfing
When performing the daily review of the system vulnerability scans of the network Peter, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Peter researches the assigned vulnerability identification number from the vendor website. Peter proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described? A. Network based B. IDS C. Signature based D. Host based
C. Signature based
A system administrator has noticed network performance issues and wants to gather performance data from the gateway router. Which of the following can be used to perform this action? A. SMTP B. iSCSI C. SNMP D. IPSec
C. Simple Network Management Protocol (SNMP)
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following? A. Peer to Peer B. Mobile devices C. Social networking D. Personally owned devices
C. Social networking
Internet banking customers currently use an account number and password to access their online accounts. The bank wants to improve security on high value transfers by implementing a system which call users back on a mobile phone to authenticate the transaction with voice verification. Which of the following authentication factors are being used by the bank? A. Something you know, something you do, and something you have B. Something you do, somewhere you are, and something you have C. Something you are, something you do and something you know D. Something you have, something you are, and something you know
C. Something you are, something you do and something you know
Without validating user input, an application becomes vulnerable to all of the following EXCEPT: A. Buffer overflow. B. Command injection. C. Spear phishing. D. SQL injection.
C. Spear phishing.
Which of the following malware types typically allows an attacker to monitor a user's computer, is characterized by a drive-by download, and requires no user interaction? A. Virus B. Logic bomb C. Spyware D. Adware
C. Spyware
A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered? A. Symmetric encryption B. Non-repudiation C. Steganography D. Hashing
C. Steganography
A security administrator is reviewing the company's continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing? A. Systems should be restored within six hours and no later than two days after the incident. B. Systems should be restored within two days and should remain operational for at least six hours. C. Systems should be restored within six hours with a minimum of two days worth of data. D. Systems should be restored within two days with a minimum of six hours worth of data.
C. Systems should be restored within six hours with a minimum of two days worth of data. (RTO = Recovery Time Objective) (RPO = Recovery Point Objective)
A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Select TWO). A. UDP 1723 B. TCP 500 C. TCP 1723 D. UDP 47 E. TCP 47
C. TCP 1723 D. UDP 47
A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. Which of the following is the BEST approach for implementation of the new application on the virtual server? A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location. B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application. C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location. D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.
C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location.
Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies? A. To ensure that false positives are identified B. To ensure that staff conform to the policy C. To reduce the organizational risk D. To require acceptable usage of IT systems
C. To reduce the organizational risk
Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks? A. Intrusion Detection System B. Flood Guard Protection C. Web Application Firewall D. URL Content Filter
C. Web Application Firewall
A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability? A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot the server and monitor for any changes B. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the patch, and monitor for any changes C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for any changes
C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes
Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank's website, but not login. Which is the following is MOST likely the issue? A. The IP addresses of the clients have change B. The client certificate passwords have expired on the server C. The certificates have not been installed on the workstations D. The certificates have been installed on the CA
C. The certificates have not been installed on the workstations
An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication? A. The malicious user has access to the WPA2-TKIP key. B. The wireless access point is broadcasting the SSID. C. The malicious user is able to capture the wired communication. D. The meeting attendees are using unencrypted hard drives.
C. The malicious user is able to capture the wired communication.
A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed? A. The request needs to be sent to the incident management team. B. The request needs to be approved through the incident management process. C. The request needs to be approved through the change management process. D. The request needs to be sent to the change management team.
C. The request needs to be approved through the change management process.
A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled? A. The supervisor should be allowed to have access to the spreadsheet files, and their membership in the human resources group should be terminated. B. The supervisor should be removed from the human resources group and added to the accounting group. C. The supervisor should be added to the accounting group while maintaining their membership in the human resources group. D. The supervisor should only maintain membership in the human resources group.
C. The supervisor should be added to the accounting group while maintaining their membership in the human resources group.
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp's debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party? A. The data should be encrypted prior to transport B. This would not constitute unauthorized data sharing C. This may violate data ownership and non-disclosure agreements D. Acme Corp should send the data to ABC Services' vendor instead
C. This may violate data ownership and non-disclosure agreements
A company's Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster? A. Risk B. Asset C. Threat D. Vulnerability
C. Threat
Peter needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall? A. TCP 23 B. UDP 69 C. TCP 22 D. TCP 21
C. Transmission Control Protocol 22 (TCP 22) (Secure File Transfer Protocol (SFTP) uses Secure Shell (SSH) which utilizes this port)
Emily, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware? A. Logic bomb B. Worm C. Trojan D. Adware
C. Trojan
A security administrator must implement a system that will support and enforce the following file system access control model: FILE NAMESECURITY LABEL Employees.docConfidential Salary.xlsConfidential OfficePhones.xlsUnclassified PersonalPhones.xlsRestricted Which of the following should the security administrator implement? A. White and black listing B. SCADA system C. Trusted OS D. Version control
C. Trusted OS (Uses Multi-Level Security a form of Mandatory Access Control)
Which of the following has a storage root key? A. HSM B. EFS C. TPM D. TKIP
C. Trusted Platform Module (TPM)
Which of the following is a hardware based encryption device? A. EFS B. TrueCrypt C. TPM D. SLE
C. Trusted Platform Module (TPM)
Peter, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal? A. Firewall B. Switch C. URL content filter D. Spam filter
C. URL content filter
A review of the company's network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose? A. ACL B. IDS C. UTM D. Firewall
C. Unified Threat Management (UTM)
The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO). A. Permit redirection to Internet-facing web URLs. B. Ensure all HTML tags are enclosed in angle brackets, e.g., "<" and ">". C. Validate and filter input on the server side and client side. D. Use a web proxy to pass website requests between the user and the application. E. Restrict and sanitize use of special characters in input and URLs.
C. Validate and filter input on the server side and client side. E. Restrict and sanitize use of special characters in input and URLs.
Which of the following BEST describes a protective countermeasure for SQL injection? A. Eliminating cross-site scripting vulnerabilities B. Installing an IDS to monitor network traffic C. Validating user input in web applications D. Placing a firewall between the Internet and database servers
C. Validating user input in web applications
An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used? A. Routing B. DMZ C. VLAN D. NAT
C. Virtual Local Area Network (VLAN)
Peter, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing? A. OS hardening B. Application control C. Virtualization D. Sandboxing
C. Virtualization
A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program? A. Zero-day B. Trojan C. Virus D. Rootkit
C. Virus
Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this? A. Hoax B. Phishing C. Vishing D. Whaling
C. Vishing (Voice over IP phishing)
A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance? A. MOTD challenge and PIN pad B. Retina scanner and fingerprint reader C. Voice recognition and one-time PIN token D. One-time PIN token and proximity reader
C. Voice recognition and one-time PIN token ("Something you are" / "Something you have")
Which of the following would a security administrator implement in order to discover comprehensive security threats on a network? A. Design reviews B. Baseline reporting C. Vulnerability scan D. Code review
C. Vulnerability scan
A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed? A. Penetration testing B. WAF testing C. Vulnerability scanning D. White box testing
C. Vulnerability scanning
Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown? A. Folder encryption B. File encryption C. Whole disk encryption D. Steganography
C. Whole disk encryption
Which of the following provides the HIGHEST level of confidentiality on a wireless network? A. Disabling SSID broadcast B. MAC filtering C. WPA2 D. Packet switching
C. Wi-Fi Protected Access 2 (WPA2)
While setting up a secure wireless corporate network, which of the following should Peter, an administrator, avoid implementing? A. EAP-TLS B. PEAP C. WEP D. WPA
C. Wired Equivalent Privacy (WEP) (Only used for compatibility with older devices)
Several users' computers are no longer responding normally and sending out spam email to the users' entire contact list. This is an example of which of the following? A. Trojan virus B. Botnet C. Worm outbreak D. Logic bomb
C. Worm outbreak
An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack? A. Integer overflow B. Cross-site scripting C. Zero-day D. Session hijacking E. XML injection
C. Zero-day
A user has plugged in a wireless router from home with default configurations into a network jack at the office. This is known as: A. an evil twin. B. an IV attack. C. a rogue access point. D. an unauthorized entry point.
C. a rogue access point.
A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive? A. cp /dev/sda /dev/sdb bs=8k B. tail -f /dev/sda > /dev/sdb bs=8k C. dd in=/dev/sda out=/dev/sdb bs=4k D. locate /dev/sda /dev/sdb bs=4k
C. dd in=/dev/sda out=/dev/sdb bs=4k
Which of the following firewall rules only denies DNS zone transfers? A. deny UDP any any port 53 B. deny IP any any C. deny TCP any any port 53 D. deny all DNS packets
C. deny TCP any any port 53
Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement? A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password B. line console 0 password password line vty 0 4 password P@s5W0Rd C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd D. line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd
C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd (Syntax for A, B, and D are incorrect)
Which of the following ports is used for SSH, by default? A. 23 B. 32 C. 12 D. 22
D. 22
Ann, a technician, is attempting to establish a remote terminal session to an end user's computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open? A. 22 B. 139 C. 443 D. 3389
D. 3389 (Remote Desktop Protocol (RDP) uses TCP port 3389)
Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports? A. 25 B. 53 C. 143 D. 443
D. 443 (HTTPS)
While configuring a new access layer switch, the administrator, Peter, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens? A. Log Analysis B. VLAN Management C. Network separation D. 802.1x
D. 802.1x (Port-based authentication)
A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements? A. NAT and DMZ B. VPN and IPSec C. Switches and a firewall D. 802.1x and VLANs
D. 802.1x and VLANs (802.1x uses port-based authentication) (VLANs segment networks)
FTP/S uses which of the following TCP ports by default? A. 20 and 21 B. 139 and 445 C. 443 and 22 D. 989 and 990
D. 989 and 990
Peter, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Peter take into consideration? A. A disk-based image of every computer as they are being replaced. B. A plan that skips every other replaced computer to limit the area of affected users. C. An offsite contingency server farm that can act as a warm site should any issues appear. D. A back-out strategy planned out anticipating any unforeseen problems that may arise.
D. A back-out strategy planned out anticipating any unforeseen problems that may arise.
Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices? A. Remote wiping enabled for all removable storage devices B. Full-disk encryption enabled for all removable storage devices C. A well defined acceptable use policy D. A policy which details controls on removable storage use
D. A policy which details controls on removable storage use
The security administrator at ABC company received the following log information from an external party: 10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal 10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force 10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company's security administrator is unable to determine the origin of the attack? A. A NIDS was used in place of a NIPS. B. The log is not in UTC. C. The external party uses a firewall. D. ABC company uses PAT.
D. ABC company uses Port Address Translation (PAT). (All computers share the same IP address with differing ports, log does not provide port number)
A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Peter, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Peter indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices? A. Privacy Policy B. Security Policy C. Consent to Monitoring Policy D. Acceptable Use Policy
D. Acceptable Use Policy
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented? A. Implicit deny B. VLAN management C. Port security D. Access control lists
D. Access control lists
While rarely enforced, mandatory vacation policies are effective at uncovering: A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems. B. Collusion between two employees who perform the same business function. C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team. D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.
D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.
Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring? A. A user has plugged in a personal access point at their desk to connect to the network wirelessly. B. The company is currently experiencing an attack on their internal DNS servers. C. The company's WEP encryption has been compromised and WPA2 needs to be implemented instead. D. An attacker has installed an access point nearby in an attempt to capture company information.
D. An attacker has installed an access point nearby in an attempt to capture company information.
The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior? A. Acceptable use policies B. Host-based firewalls C. Content inspection D. Application whitelisting
D. Application whitelisting
A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing? A. Single sign-on B. Authorization C. Access control D. Authentication
D. Authentication
RADIUS provides which of the following? A. Authentication, Authorization, Availability B. Authentication, Authorization, Auditing C. Authentication, Accounting, Auditing D. Authentication, Authorization, Accounting
D. Authentication, Authorization, Accounting
A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate? A. Authentication B. Integrity C. Confidentiality D. Availability
D. Availability
Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following? A. Root Kit B. Spyware C. Logic Bomb D. Backdoor
D. Backdoor
A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on: A. MAC filtering. B. System hardening. C. Rogue machine detection. D. Baselining.
D. Baselining.
Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks? A. Malicious logic B. Cross-site scripting C. SQL injection D. Buffer overflow
D. Buffer overflow
Which of the following is a penetration testing method? A. Searching the WHOIS database for administrator contact information B. Running a port scanner against the target's network C. War driving from a target's parking lot to footprint the wireless network D. Calling the target's helpdesk, requesting a password reset
D. Calling the target's helpdesk, requesting a password reset
Which of the following offers the LEAST amount of protection against data theft by USB drives? A. DLP B. Database encryption C. TPM D. Cloud computing
D. Cloud computing
Peter, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Peter search for in the log files? A. Failed authentication attempts B. Network ping sweeps C. Host port scans D. Connections to port 22
D. Connections to port 22
The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this? A. Log audits B. System hardening C. Use IPS/IDS D. Continuous security monitoring
D. Continuous security monitoring
A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege? A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator. B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll. C. Create two additional generic accounts, one for payroll and one for sales that users utilize. D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.
D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.
A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security? A. Assign users manually and perform regular user access reviews B. Allow read only access to all folders and require users to request permission C. Assign data owners to each folder and allow them to add individual users to each folder D. Create security groups for each folder and assign appropriate users to each group
D. Create security groups for each folder and assign appropriate users to each group
An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting division require access to a server in the Sales division, but no users in the Human Resources division should have access to resources in any other division, nor should any users in the Sales division have access to resources in the Accounting division. Which of the following network segmentation schemas would BEST meet this objective? A. Create two VLANS, one for Accounting and Sales, and one for Human Resources. B. Create one VLAN for the entire organization. C. Create two VLANs, one for Sales and Human Resources, and one for Accounting. D. Create three separate VLANS, one for each division.
D. Create three separate VLANS, one for each division.
A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario? A. Content filtering B. IDS C. Audit logs D. DLP
D. Data Loss Prevention (DLP) (includes software admins can use to limit what users can transfer)
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement? A. File encryption B. Printer hardening C. Clean desk policies D. Data loss prevention
D. Data loss prevention (DLP)
An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause? A. Spyware B. Trojan C. Privilege escalation D. DoS
D. Denial of Service (DoS)
A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic. Which of the following would accomplish this task? A. Deny TCP port 68 B. Deny TCP port 69 C. Deny UDP port 68 D. Deny UDP port 69
D. Deny UDP port 69 (Used by Trivial File Transfer Protocol (TFTP))
During a recent investigation, an auditor discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse? A. Update anti-virus definitions on SCADA systems B. Audit accounts on the SCADA systems C. Install a firewall on the SCADA network D. Deploy NIPS at the edge of the SCADA network
D. Deploy NIPS at the edge of the SCADA network
Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly? A. Baseline reporting B. Input validation C. Determine attack surface D. Design reviews
D. Design reviews
Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely? A. Digital Signatures B. Hashing C. Secret Key D. Encryption
D. Encryption
Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device's removable media in the event that the device is lost or stolen? A. Hashing B. Screen locks C. Device password D. Encryption
D. Encryption
An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users' home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO). A. Enforcing SELinux in the OS kernel is role-based access control B. Enforcing SELinux in the OS kernel is rule-based access control C. The policy added by the root user is mandatory access control D. Enforcing SELinux in the OS kernel is mandatory access control E. The policy added by the root user is role-based access control F. The policy added by the root user is rule-based access control
D. Enforcing SELinux in the OS kernel is mandatory access control F. The policy added by the root user is rule-based access control
A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company's server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation? (Select TWO). A. PBKDF2 B. Symmetric encryption C. Steganography D. ECDHE E. Diffie-Hellman
D. Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) E. Diffie-Hellman
Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network. Which of the following has been reported by the vulnerability scan? A. Passive scan B. Active scan C. False positive D. False negative
D. False negative
After copying a sensitive document from his desktop to a flash drive, Peter, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Peter's desktop remain encrypted when moved to external media or other network based storage? A. Whole disk encryption B. Removable disk encryption C. Database record level encryption D. File level encryption
D. File level encryption
Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? A. Input validation B. Exception handling C. Application hardening D. Fuzzing
D. Fuzzing
A technician wants to secure communication to the corporate web portal, which is currently using HTTP. Which of the following is the FIRST step the technician should take? A. Send the server's public key to the CA B. Install the CA certificate on the server C. Import the certificate revocation list into the server D. Generate a certificate request from the server
D. Generate a certificate request from the server
An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step? A. Generate a new private key based on AES. B. Generate a new public key based on RSA. C. Generate a new public key based on AES. D. Generate a new private key based on RSA.
D. Generate a new private key based on RSA.
An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing? A. Penetration B. White box C. Black box D. Gray box
D. Gray box
A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments? A. User assigned privileges B. Password disablement C. Multiple account creation D. Group based privileges
D. Group based privileges
Which of the following practices reduces the management burden of access management? A. Password complexity policies B. User account audit C. Log analysis and review D. Group based privileges
D. Group based privileges
Which of the following is the LEAST volatile when performing incident response procedures? A. Registers B. RAID cache C. RAM D. Hard drive
D. Hard drive
Which of the following BEST explains the use of an HSM within the company servers? A. Thumb drives present a significant threat which is mitigated by HSM. B. Software encryption can perform multiple functions required by HSM. C. Data loss by removable media can be prevented with DLP. D. Hardware encryption is faster than software encryption.
D. Hardware encryption is faster than software encryption. (Hardware Security Model (HSM))
Which of the following would a security administrator use to verify the integrity of a file? A. Time stamp B. MAC times C. File descriptor D. Hash
D. Hash
Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret? A. RIPEMD B. MD5 C. SHA D. HMAC
D. Hash-based Message Authentication Code (HMAC)
Which of the following cryptographic algorithms is MOST often used with IPSec? A. Blowfish B. Twofish C. RC4 D. HMAC
D. Hash-based Message Authentication Code (HMAC)
Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services? A. NIPS B. Content filter C. NIDS D. Host-based firewalls
D. Host-based firewalls
Which of the following is an effective way to ensure the BEST temperature for all equipment within a datacenter? A. Fire suppression B. Raised floor implementation C. EMI shielding D. Hot or cool aisle containment
D. Hot or cool aisle containment
When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record? A. DNSSEC record B. IPv4 DNS record C. IPSEC DNS record D. IPv6 DNS record
D. IPv6 DNS record (AAAA record links a Fully-Qualified Domain Name (FQDN) to an IPv6 address)
The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response? A. Recovery B. Follow-up C. Validation D. Identification E. Eradication F. Containment
D. Identification
Key elements of a business impact analysis should include which of the following tasks? A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes. B. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates. C. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management. D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement? A. Implement IIS hardening by restricting service accounts. B. Implement database hardening by applying vendor guidelines. C. Implement perimeter firewall rules to restrict access. D. Implement OS hardening by applying GPOs.
D. Implement OS hardening by applying Group Policy Objects (GPOs).
An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network? A. Configure each port on the switches to use the same VLAN other than the default one B. Enable VTP on both switches and set to the same domain C. Configure only one of the routers to run DHCP services D. Implement port security on the switches
D. Implement port security on the switches
A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future? A. Procedure and policy management B. Chain of custody management C. Change management D. Incident management
D. Incident management
Which of the following statements is MOST likely to be included in the security awareness training about P2P? A. P2P is always used to download copyrighted material. B. P2P can be used to improve computer system response. C. P2P may prevent viruses from entering the network. D. P2P may cause excessive network bandwidth.
D. P2P may cause excessive network bandwidth.
The incident response team has received the following email message. From: [email protected] To: [email protected] Subject: Copyright infringement A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT. After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident. 09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john 09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne 10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov 11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident? A. The logs are corrupt and no longer forensically sound. B. Traffic logs for the incident are unavailable. C. Chain of custody was not properly maintained. D. Incident time offsets were not accounted for.
D. Incident time offsets were not accounted for.
Use of group accounts should be minimized to ensure which of the following? A. Password security B. Regular auditing C. Baseline management D. Individual accountability
D. Individual accountability
Which of the following offerings typically allows the customer to apply operating system patches? A. Software as a service B. Public Clouds C. Cloud Based Storage D. Infrastructure as a service
D. Infrastructure as a service
Which of the following is a step in deploying a WPA2-Enterprise wireless network? A. Install a token on the authentication server B. Install a DHCP server on the authentication server C. Install an encryption key on the authentication server D. Install a digital certificate on the authentication server
D. Install a digital certificate on the authentication server
Peter, the system administrator, wishes to monitor and limit users' access to external websites. Which of the following would BEST address this? A. Block all traffic on port 80. B. Implement NIDS. C. Use server load balancers. D. Install a proxy server.
D. Install a proxy server.
A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO). A. Fault tolerance B. Encryption C. Availability D. Integrity E. Safety F. Confidentiality
D. Integrity E. Safety
Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization? A. It should be enforced on the client side only. B. It must be protected by SSL encryption. C. It must rely on the user's knowledge of the application. D. It should be performed on the server side.
D. It should be performed on the server side.
Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process? A. TACACS+ B. Secure LDAP C. RADIUS D. Kerberos
D. Kerberos
A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company's gateway firewall? A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443 B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443
D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443
A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices? A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware. B. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops. C. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access. D. Laptops that are placed in a sleep mode allow full data access when powered back on.
D. Laptops that are placed in a sleep mode allow full data access when powered back on.
Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks? A. Protocol filter B. Load balancer C. NIDS D. Layer 7 firewall
D. Layer 7 firewall (Application Layer)
After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies? A. Change management B. Implementing policies to prevent data loss C. User rights and permissions review D. Lessons learned
D. Lessons learned
In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence? A. Mitigation B. Identification C. Preparation D. Lessons learned
D. Lessons learned
Which of the following incident response plan steps would MOST likely engaging business professionals with the security team to discuss changes to existing procedures? A. Recovery B. Incident identification C. Isolation / quarantine D. Lessons learned E. Reporting
D. Lessons learned
A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used? A. RADIUS B. SAML C. TACACS+ D. LDAP
D. Lightweight Directory Access Protocol (LDAP)
An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default? A. RADIUS B. Kerberos C. TACACS+ D. LDAP
D. Lightweight Directory Access Protocol (LDAP)
A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up. Which of the following BEST allows the analyst to restrict user access to approved devices? A. Antenna placement B. Power level adjustment C. Disable SSID broadcasting D. MAC filtering
D. MAC filtering
Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company? A. Privacy Policy B. Least Privilege C. Acceptable Use D. Mandatory Vacations
D. Mandatory Vacations
Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together? A. Least privilege access B. Separation of duties C. Mandatory access control D. Mandatory vacations
D. Mandatory vacations
Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network? A. Application white listing B. Remote wiping C. Acceptable use policy D. Mobile device management
D. Mobile device management (MDM)
Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services? A. Hot site B. Warm site C. Cold site D. Mobile site
D. Mobile site
Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system? A. Biometrics B. PKI C. Single factor authentication D. Multifactor authentication
D. Multifactor authentication ("Something you have" / "Something you know")
An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a: A. stateful firewall B. packet-filtering firewall C. NIPS D. NAT
D. Network Address Translation (NAT)
A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement? A. Internet networks can be accessed via personally-owned computers. B. Data can only be stored on local workstations. C. Wi-Fi networks should use WEP encryption by default. D. Only USB devices supporting encryption are to be used.
D. Only USB devices supporting encryption are to be used.
An administrator has to determine host operating systems on the network and has deployed a transparent proxy. Which of the following fingerprint types would this solution use? A. Packet B. Active C. Port D. Passive
D. Passive (Does not communicate with the host)
The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help? A. Account Disablements B. Password Expiration C. Password Complexity D. Password Recovery
D. Password Recovery
Users can authenticate to a company's web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration? A. Malicious users can exploit local corporate credentials with their social media credentials B. Changes to passwords on the social media site can be delayed from replicating to the company C. Data loss from the corporate servers can create legal liabilities with the social media site D. Password breaches to the social media site affect the company application as well
D. Password breaches to the social media site affect the company application as well
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue? A. Host based firewall B. Initial baseline configurations C. Discretionary access control D. Patch management system
D. Patch management system
Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO). A. Acceptable use of social media B. Data handling and disposal C. Zero day exploits and viruses D. Phishing threats and attacks E. Clean desk and BYOD F. Information security awareness
D. Phishing threats and attacks F. Information security awareness
Emily, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task? A. Fingerprinting and password crackers B. Fuzzing and a port scan C. Vulnerability scan and fuzzing D. Port scan and fingerprinting
D. Port scan and fingerprinting
The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to work and plug them directly into the network port under their desk. Which of the following should be configured on the network switch to prevent this from happening? A. Access control lists B. Loop protection C. Firewall rule D. Port security
D. Port security
Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B? A. Registration B. Public key C. CRLs D. Private key
D. Private key
The recovery agent is used to recover the: A. Root certificate B. Key in escrow C. Public key D. Private key
D. Private key
Which of the following must be kept secret for a public key infrastructure to remain secure? A. Certificate Authority B. Certificate revocation list C. Public key ring D. Private key
D. Private key
Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________. A. Public keys, one time B. Shared keys, private keys C. Private keys, session keys D. Private keys, public keys
D. Private keys, public keys
Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements? A. EAP-TLS B. EAP-FAST C. PEAP-CHAP D. PEAP-MSCHAPv2
D. Protected Extensible Authentication Protocol - Microsoft Challenge-Handshake Authentication Protocol Version 2 (PEAP-MSCHAPv2)
A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights? A. Transport encryption B. IPsec C. Non-repudiation D. Public key infrastructure
D. Public key infrastructure
Upper management decides which risk to mitigate based on cost. This is an example of: A. Qualitative risk assessment B. Business impact analysis C. Risk management framework D. Quantitative risk assessment
D. Quantitative risk assessment
Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised? A. Elliptic curve cryptography. B. Perfect forward secrecy. C. Steganography. D. Quantum cryptography.
D. Quantum cryptography. (Impossible to be compromised without the knowledge of sender/receiver)
Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS? A. Kerberos B. LDAP C. SAML D. RADIUS
D. RADIUS
Which of the following is mainly used for remote access into the network? A. XTACACS B. TACACS+ C. Kerberos D. RADIUS
D. RADIUS (Used by RDP)
The security administrator runs an rpm verify command which records the MD5 sum, permissions, and timestamp of each file on the system. The administrator saves this information to a separate server. Which of the following describes the procedure the administrator has performed? A. Host software base-lining B. File snapshot collection C. TPM D. ROMDB verification
D. ROMDB verification
Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords? A. Hybrid B. Birthday attack C. Dictionary D. Rainbow tables
D. Rainbow tables
A user, Ann, is reporting to the company IT support group that her workstation screen is blank other than a window with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Ann's workstation? A. Trojan B. Spyware C. Adware D. Ransomware
D. Ransomware
A company recently experienced data loss when a server crashed due to a midday power outage. Which of the following should be used to prevent this from occurring again? A. Recovery procedures B. EMI shielding C. Environmental monitoring D. Redundancy
D. Redundancy
Which of the following provides data the best fault tolerance at the LOWEST cost? A. Load balancing B. Clustering C. Server virtualization D. RAID 6
D. Redundant Array of Independent Disks 6 (RAID 6)
Timestamps and sequence numbers act as countermeasures against which of the following types of attacks? A. Smurf B. DoS C. Vishing D. Replay
D. Replay
Peter, the security engineer, would like to prevent wireless attacks on his network. Peter has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address? A. Interference B. Man-in-the-middle C. ARP poisoning D. Rogue access point
D. Rogue access point
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server? A. SPIM B. Backdoor C. Logic bomb D. Rootkit
D. Rootkit
A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls? A. Integrity B. Availability C. Confidentiality D. Safety
D. Safety
A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal? A. AES B. IPSec C. PGP D. SSH
D. Secure Shell (SSH)
Which of the following is BEST used as a secure replacement for TELNET? A. HTTPS B. HMAC C. GPG D. SSH
D. Secure Shell (SSH)
Which of the following authentication provides users XML for authorization and authentication? A. Kerberos B. LDAP C. RADIUS D. SAML
D. Security Association Markup Language (SAML)
Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of? A. Size of the files B. Availability of the files C. Accessibility of the files from her mobile device D. Sensitivity of the files
D. Sensitivity of the files
Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Peter writes, signs and distributes paychecks, as well as other expenditures. Which of the following controls can she implement to address this concern? A. Mandatory vacations B. Time of day restrictions C. Least privilege D. Separation of duties
D. Separation of duties
Peter, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Peter's browser. The attacker later uses the credentials to impersonate Peter and creates SPAM messages. Which of the following attacks allows for this impersonation? A. XML injection B. Directory traversal C. Header manipulation D. Session hijacking
D. Session hijacking
Ann an employee is visiting Peter, an employee in the Human Resources Department. While talking to Peter, Ann notices a spreadsheet open on Peter's computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation? A. Impersonation B. Dumpster diving C. Tailgating D. Shoulder surfing
D. Shoulder surfing
A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this? A. Multi-factor authentication B. Smart card access C. Same Sign-On D. Single Sign-On
D. Single Sign-On
The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types? A. Two-factor authentication B. Single sign-on C. Multifactor authentication D. Single factor authentication
D. Single factor authentication
Which of the following network devices is used to analyze traffic between various network interfaces? A. Proxies B. Firewalls C. Content inspection D. Sniffers
D. Sniffers (packet sniffer intercepts flowing data)
Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of? A. Spear phishing B. Hoaxes C. Spoofing D. Spam
D. Spam
A system administrator wants to confidentially send a user name and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal? A. Digital signatures B. Hashing C. Full-disk encryption D. Steganography
D. Steganography
Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)? A. Hashing B. Transport encryption C. Digital signatures D. Steganography
D. Steganography
Which of the following can be used to mitigate risk if a mobile device is lost? A. Cable lock B. Transport encryption C. Voice encryption D. Strong passwords
D. Strong passwords
Which of the following would allow the organization to divide a Class C IP address range into several ranges? A. DMZ B. Virtual LANs C. NAT D. Subnetting
D. Subnetting
Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency? A. Business continuity planning B. Continuity of operations C. Business impact analysis D. Succession planning
D. Succession planning
An agent wants to create fast and efficient cryptographic keys to use with Diffie-Hellman without using prime numbers to generate the keys. Which of the following should be used? A. Elliptic curve cryptography B. Quantum cryptography C. Public key cryptography D. Symmetric cryptography
D. Symmetric cryptography
Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions? A. TACACS B. XTACACS C. RADIUS D. TACACS+
D. TACACS+ (Incompatible with TACACS and XTACACS)
On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue? A. Too many incorrect authentication attempts have caused users to be temporarily disabled. B. The DNS server is overwhelmed with connections and is unable to respond to queries. C. The company IDS detected a wireless attack and disabled the wireless network. D. The Remote Authentication Dial-In User Service server certificate has expired.
D. The Remote Authentication Dial-In User Service (RADIUS) server certificate has expired.
Which of the following BEST describes the weakness in WEP encryption? A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived. B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key. C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions. D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.
D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.
The administrator receives a call from an employee named Peter. Peter says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Peter to try visiting a popular search engine site, which Peter reports as successful. Peter then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure? A. The access rules on the IDS B. The pop up blocker in the employee's browser C. The sensitivity level of the spam filter D. The default block page on the URL filter
D. The default block page on the URL filter
Which of the following would be used when a higher level of security is desired for encryption key storage? A. TACACS+ B. L2TP C. LDAP D. TPM
D. Trusted Platform Module (TPM)
Which of the following explains the difference between a public key and a private key? A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. D. The private key is only used by the client and kept secret while the public key is available to all.
D. The private key is only used by the client and kept secret while the public key is available to all.
Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10. DIAGRAM PC1 PC2 [192.168.1.30]——-[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS 10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN 10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK 10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK Given the above information, which of the following can be inferred about the above environment? A. 192.168.1.30 is a web server. B. The web server listens on a non-standard port. C. The router filters port 80 traffic. D. The router implements NAT.
D. The router implements NAT.
A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12? A. The server's network switch port must be enabled for 802.11x on VLAN 12. B. The server's network switch port must use VLAN Q-in-Q for VLAN 12. C. The server's network switch port must be 802.1q untagged for VLAN 12. D. The server's network switch port must be 802.1q tagged for VLAN 12.
D. The server's network switch port must be 802.1q tagged for VLAN 12. (The port must be tagged to pass traffic from multiple VLANs)
Peter, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause? A. The system is running 802.1x. B. The system is using NAC. C. The system is in active-standby mode. D. The system is virtualized.
D. The system is virtualized.
When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";-" and "or 1=1 -") were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results? A. The user is attempting to highjack the web server session using an open-source browser. B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks. C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website. D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk? A. (Threats X vulnerability X asset value) x controls gap B. (Threats X vulnerability X profit) x asset value C. Threats X vulnerability X control gap D. Threats X vulnerability X asset value
D. Threats X vulnerability X asset value
LDAP and Kerberos are commonly used for which of the following? A. To perform queries on a directory service B. To store usernames and passwords for Federated Identity C. To sign SSL wildcard certificates for subdomains D. To utilize single sign-on capabilities
D. To utilize single sign-on capabilities
Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization? A. Train employees on correct data disposal techniques and enforce policies. B. Only allow employees to enter or leave through one door at specified times of the day. C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance. D. Train employees on risks associated with social engineering attacks and enforce policies.
D. Train employees on risks associated with social engineering attacks and enforce policies.
Emily, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Emily do to address the risk? A. Accept the risk saving $10,000. B. Ignore the risk saving $5,000. C. Mitigate the risk saving $10,000. D. Transfer the risk saving $5,000.
D. Transfer the risk saving $5,000. Risk Cost = $6000/year * 5 years = $30000 > $25000
A security engineer, Peter, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate? A. HTTPS B. SSH C. FTP D. TLS
D. Transport Layer Security (TLS)
Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server? A. SSLv2 B. SSHv1 C. RSA D. TLS
D. Transport Layer Security (TLS) (Expands upon SSL)
Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible? A. ECC B. RSA C. SHA D. 3DES
D. Triple Data Encryption Standard (3DES) (Less secure than ECC, but requires less computational power)
Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system? A. Database encryption B. USB encryption C. Whole disk encryption D. TPM
D. Trusted Platform Module (TPM)
Which of the following should be enabled in a laptop's BIOS prior to full disk encryption? A. USB B. HSM C. RAID D. TPM
D. Trusted Platform Module (TPM)
A company requires that a user's credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described? A. Biometrics B. Kerberos C. Token D. Two-factor
D. Two-factor
A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited? A. Peer review B. Component testing C. Penetration testing D. Vulnerability testing
D. Vulnerability testing
A security administrator has been tasked with setting up a new internal wireless network that must use end to end TLS. Which of the following may be used to meet this objective? A. WPA B. HTTPS C. WEP D. WPA2
D. Wi-Fi Protected Access 2 (WPA2)
A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement? A. WPA2 over EAP-TTLS B. WPA-PSK C. WPA2 with WPS D. WEP over EAP-PEAP
D. Wired Equivalent Privacy (WEP) over Extensible Authentication Protocol (EAP-PEAP)
Emily, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Emily BEST accommodate the vendor? A. Allow incoming IPSec traffic into the vendor's IP address. B. Set up a VPN account for the vendor, allowing access to the remote site. C. Turn off the firewall while the vendor is in the office, allowing access to the remote site. D. Write a firewall rule to allow the vendor to have access to the remote site.
D. Write a firewall rule to allow the vendor to have access to the remote site.
A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that: A. HDD hashes are accurate. B. the NTP server works properly. C. chain of custody is preserved. D. time offset can be calculated.
D. time offset can be calculated.
A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data? A. AES B. 3DES C. RC4 D. WPA2
Triple Data Encryption Standard (3DES)
Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection? A. HIPS B. Antivirus C. NIDS D. ACL
A. Host-based Intrusion Prevention Systems (HIPS)
Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption? A. Blowfish B. DES C. SHA256 D. HMAC
A. Blowfish
Emily, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? A. Buffer overflow B. Pop-up blockers C. Cross-site scripting D. Fuzzing
A. Buffer overflow
A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern? A. Change the encryption from TKIP-based to CCMP-based. B. Set all nearby access points to operate on the same channel. C. Configure the access point to use WEP instead of WPA2. D. Enable all access points to broadcast their SSIDs.
A. Change the encryption from TKIP-based to CCMP-based.
Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service? A. Clustering B. RAID C. Backup Redundancy D. Cold site
A. Clustering
An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors' accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding? A. Disable unnecessary contractor accounts and inform the auditor of the update. B. Reset contractor accounts and inform the auditor of the update. C. Inform the auditor that the accounts belong to the contractors. D. Delete contractor accounts and inform the auditor of the update.
A. Disable unnecessary contractor accounts and inform the auditor of the update.
The use of social networking sites introduces the risk of: A. Disclosure of proprietary information B. Data classification issues C. Data availability issues D. Broken chain of custody
A. Disclosure of proprietary information
Which of the following is best practice to put at the end of an ACL? A. Implicit deny B. Time of day restrictions C. Implicit allow D. SNMP string
A. Implicit deny
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges? A. Internal account audits B. Account disablement C. Time of day restriction D. Password complexity
A. Internal account audits
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO). A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements. B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. C. Developed recovery strategies, test plans, post-test evaluation and update processes. D. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential. E. Methods to review and report on system logs, incident response, and incident handling.
A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements. B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.
A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate? A. Patch management B. Application hardening C. White box testing D. Black box testing
A. Patch management
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use? A. Port scanner B. Network sniffer C. Protocol analyzer D. Process list
A. Port scanner
Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment? A. Protocol analyzer B. Router C. Firewall D. HIPS
A. Protocol analyzer
Which of the following is a programming interface that allows a remote computer to run programs on a local machine? A. RPC B. RSH C. SSH D. SSL
A. Remote Procedure Call (RPC)
A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond? A. Rule based access control B. Role based access control C. Discretionary access control D. Mandatory access control
A. Rule based access control
A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO). A. SSH B. TFTP C. NTLM D. TKIP E. SMTP F. PGP/GPG
A. Secure Shell (SSH) F. Pretty Good Privacy (PGP/GPG)
A company's business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model? A. Software as a Service B. DMZ C. Remote access support D. Infrastructure as a Service
A. Software as a Service (SaaS)
Which of the following wireless security technologies continuously supplies new keys for WEP? A. TKIP B. Mac filtering C. WPA2 D. WPA
A. TKIP
Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem? A. The intermediate CA certificates were not installed on the server. B. The certificate is not the correct type for a virtual server. C. The encryption key used in the certificate is too short. D. The client's browser is trying to negotiate SSL instead of TLS.
A. The intermediate CA certificates were not installed on the server.
A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server? A. The new virtual server's MAC address was not added to the ACL on the switch B. The new virtual server's MAC address triggered a port security violation on the switch C. The new virtual server's MAC address triggered an implicit deny in the switch D. The new virtual server's MAC address was not added to the firewall rules on the switch
A. The new virtual server's MAC address was not added to the ACL on the switch
A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff? A. Virtualization B. Subnetting C. IaaS D. SaaS
A. Virtualization
Which of the following ports is used to securely transfer files between remote UNIX systems? A. 21 B. 22 C. 69 D. 445
B. 22
A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts? A. Confidentiality B. Availability C. Succession planning D. Integrity
B. Availability
Digital certificates can be used to ensure which of the following? (Select TWO). A. Availability B. Confidentiality C. Verification D. Authorization E. Non-repudiation
B. Confidentiality E. Non-repudiation
Establishing a method to erase or clear cluster tips is an example of securing which of the following? A. Data in transit B. Data at rest C. Data in use D. Data in motion
B. Data at rest
It is MOST important to make sure that the firewall is configured to do which of the following? A. Alert management of a possible intrusion. B. Deny all traffic and only permit by exception. C. Deny all traffic based on known signatures. D. Alert the administrator of a possible intrusion.
B. Deny all traffic and only permit by exception.
A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario? A. Encryption B. Digital signatures C. Steganography D. Hashing E. Perfect forward secrecy
B. Digital signatures
Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device? A. Block cipher B. Elliptical curve cryptography C. Diffie-Hellman algorithm D. Stream cipher
B. Elliptical curve cryptography
After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. Which of the following controls support this goal? A. Contingency planning B. Encryption and stronger access control C. Hashing and non-repudiation D. Redundancy and fault tolerance
B. Encryption and stronger access control
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead? A. Enticement B. Entrapment C. Deceit D. Sting
B. Entrapment
Which of the following is MOST critical in protecting control systems that cannot be regularly patched? A. Asset inventory B. Full disk encryption C. Vulnerability scanning D. Network segmentation
B. Full disk encryption
Which of the following disaster recovery strategies has the highest cost and shortest recovery time? A. Warm site B. Hot site C. Cold site D. Co-location site
B. Hot site (Remote backups)
A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques? A. UDP B. IPv6 C. IPSec D. VPN
B. IPv6 (Does not use ARP)
An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence? A. Using a software file recovery disc B. Mounting the drive in read-only mode C. Imaging based on order of volatility D. Hashing the image after capture
B. Mounting the drive in read-only mode
Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment? A. NoSQL databases are not vulnerable to XSRF attacks from the application server. B. NoSQL databases are not vulnerable to SQL injection attacks. C. NoSQL databases encrypt sensitive information by default. D. NoSQL databases perform faster than SQL databases on the same hardware.
B. NoSQL databases are not vulnerable to SQL injection attacks.
Which of the following offers the LEAST secure encryption capabilities? A. TwoFish B. PAP C. NTLM D. CHAP
B. PAP
A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening? A. Antivirus B. Pop-up blocker C. Spyware blocker D. Anti-spam
B. Pop-up blocker
Peter, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? A. No competition with the company's official social presence B. Protection against malware introduced by banner ads C. Increased user productivity based upon fewer distractions D. Elimination of risks caused by unauthorized P2P file sharing
B. Protection against malware introduced by banner ads
Peter, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO). A. Private hash B. Recovery agent C. Public key D. Key escrow E. CRL
B. Recovery agent D. Key escrow
Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure? A. Hardware load balancing B. RAID C. A cold site D. A host standby
B. Redundant Array of Inexpensive Disks (RAID)
A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique? A. Disabling unnecessary accounts B. Rogue machine detection C. Encrypting sensitive files D. Implementing antivirus
B. Rogue machine detection
The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following? A. Stream ciphers B. Transport encryption C. Key escrow D. Block ciphers
B. Transport encryption
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system? A. Penetration test B. Vulnerability scan C. Load testing D. Port scanner
B. Vulnerability scan
Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption? A. HTTPS B. WEP C. WPA D. WPA 2
B. WEP
Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred? A. Cookie stealing B. Zero-day C. Directory traversal D. XML injection
B. Zero-day
At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access? A. Configure an access list. B. Configure spanning tree protocol. C. Configure port security. D. Configure loop protection
C. Configure port security.
Used in conjunction, which of the following are PII? (Select TWO). A. Marital status B. Favorite movie C. Pet's name D. Birthday E. Full name
D. Birthday E. Full name
A malicious individual is attempting to write too much data to an application's memory. Which of the following describes this type of attack? A. Zero-day B. SQL injection C. Buffer overflow D. XSRF
C. Buffer overflow
When employees that use certificates leave the company they should be added to which of the following? A. PKI B. CA C. CRL D. TKIP
C. Certificate Revocation List (CRL)
An organization is required to log all user internet activity. Which of the following would accomplish this requirement? A. Configure an access list on the default gateway router. Configure the default gateway router to log all web traffic to a syslog server B. Configure a firewall on the internal network. On the client IP address configuration, use the IP address of the firewall as the default gateway, configure the firewall to log all traffic to a syslog server C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server D. Configure an access list on the core switch, configure the core switch to log all web traffic to a syslog server
C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server
A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack? A. Configure MAC filtering on the switch. B. Configure loop protection on the switch. C. Configure flood guards on the switch. D. Configure 802.1x authentication on the switch.
C. Configure flood guards on the switch.
After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: "Perform Purchase" Which of the following has MOST likely occurred? A. SQL injection B. Cookie stealing C. XSRF D. XSS
C. Cross-Site Request Forgery (XSRF)
Peter, the system administrator, has concerns regarding users losing their company provided smartphones. Peter's focus is on equipment recovery. Which of the following BEST addresses his concerns? A. Enforce device passwords. B. Use remote sanitation. C. Enable GPS tracking. D. Encrypt stored data.
C. Enable GPS tracking.
Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO). A. Disable the wired ports B. Use channels 1, 4 and 7 only C. Enable MAC filtering D. Disable SSID broadcast E. Switch from 802.11a to 802.11b
C. Enable MAC filtering D. Disable SSID broadcast
A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link? A. MPLS should be run in IPVPN mode. B. SSL/TLS for all application flows. C. IPSec VPN tunnels on top of the MPLS link. D. HTTPS and SSH for all application flows.
C. IPSec VPN tunnels on top of the MPLS link.
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start? A. Review past security incidents and their resolution B. Rewrite the existing security policy C. Implement an intrusion prevention system D. Install honey pot systems
C. Implement an intrusion prevention system (IPS)
A system administrator has concerns regarding their users accessing systems and secured areas using others' credentials. Which of the following can BEST address this concern? A. Create conduct policies prohibiting sharing credentials. B. Enforce a policy shortening the credential expiration timeframe. C. Implement biometric readers on laptops and restricted areas. D. Install security cameras in areas containing sensitive systems.
C. Implement biometric readers on laptops and restricted areas.
The security manager must store a copy of a sensitive document and needs to verify at a later point that the document has not been altered. Which of the following will accomplish the security manager's objective? A. RSA B. AES C. MD5 D. SHA
C. MD5
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task? A. HIDS B. Firewall C. NIPS D. Spam filter
C. Network-based Intrusion Prevention System (NIPS)
A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment? A. Chain of custody B. Tracking man hours C. Record time offset D. Capture video traffic
C. Record time offset
Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future? A. Data loss prevention B. Enforcing complex passwords C. Security awareness training D. Digital signatures
C. Security awareness training
A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following? A. Dual-factor authentication B. Multifactor authentication C. Single factor authentication D. Biometric authentication
C. Single factor authentication (all knowledge factors)
Which of the following is a best practice when a mistake is made during a forensics examination? A. The examiner should verify the tools before, during, and after an examination. B. The examiner should attempt to hide the mistake during cross-examination. C. The examiner should document the mistake and workaround the problem. D. The examiner should disclose the mistake and assess another area of the disc.
C. The examiner should document the mistake and workaround the problem.
Which of the following is required to allow multiple servers to exist on one physical server? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Virtualization D. Infrastructure as a Service (IaaS)
C. Virtualization
A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place? A. IV attack B. WEP cracking C. WPA cracking D. Rogue AP
C. WPA cracking
The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented? A. Cold site B. Load balancing C. Warm site D. Hot site
C. Warm site (Still requires install)
Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains? Server 1: 192.168.100.6 Server 2: 192.168.100.9 Server 3: 192.169.100.20 A. /24 B. /27 C. /28 D. /29 E. /30
D. /29
Which of the following is true about asymmetric encryption? A. A message encrypted with the private key can be decrypted by the same key B. A message encrypted with the public key can be decrypted with a shared key. C. A message encrypted with a shared key, can be decrypted by the same key. D. A message encrypted with the public key can be decrypted with the private key.
D. A message encrypted with the public key can be decrypted with the private key.
A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used? A. RC4 B. DES C. 3DES D. AES
D. Advanced Encryption Standard (AES)
An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security? A. Initial baseline configuration snapshots B. Firewall, IPS and network segmentation C. Event log analysis and incident response D. Continuous security monitoring processes
D. Continuous security monitoring processes
The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types? A. Rule based access control B. Mandatory access control C. User assigned privilege D. Discretionary access control
D. Discretionary access control (DAC)
Peter, the systems administrator, is setting up a wireless network for his team's laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this? A. Disable default SSID broadcasting. B. Use WPA instead of WEP encryption. C. Lower the access point's power settings. D. Implement MAC filtering on the access point.
D. Implement MAC filtering on the access point.
Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing? A. Port security B. Flood guards C. Loop protection D. Implicit deny
D. Implicit deny
Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data? A. Social networking use training B. Personally owned device policy training C. Tailgating awareness policy training D. Information classification training
D. Information classification training
Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter with Chain Block Message Authentication Code)? A. It enables the ability to reverse the encryption with a separate key B. It allows for one time pad inclusions with the passphrase C. Counter mode alternates between synchronous and asynchronous encryption D. It allows a block cipher to function as a steam cipher
D. It allows a block cipher to function as a steam cipher
A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis? A. Insufficient encryption methods B. Large scale natural disasters C. Corporate espionage D. Lack of antivirus software
D. Lack of antivirus software
Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described? A. Tailgating B. Fencing C. Screening D. Mantrap
D. Mantrap
The system administrator is reviewing the following logs from the company web server: 12:34:56 GET /directory_listing.php?user=admin&pass=admin1 12:34:57 GET /directory_listing.php?user=admin&pass=admin2 12:34:58 GET /directory_listing.php?user=admin&pass=1admin 12:34:59 GET /directory_listing.php?user=admin&pass=2admin Which of the following is this an example of? A. Online rainbow table attack B. Offline brute force attack C. Offline dictionary attack D. Online hybrid attack
D. Online hybrid attack (Dictionary/Brute Force)
One of the most consistently reported software security vulnerabilities that leads to major exploits is: A. Lack of malware detection. B. Attack surface decrease. C. Inadequate network hardening. D. Poor input validation.
D. Poor input validation.
An organization has a need for security control that identifies when an organizational system has been unplugged and a rouge system has been plugged in. The security control must also provide the ability to supply automated notifications. Which of the following would allow the organization to BEST meet this business requirement? A. MAC filtering B. ACL C. SNMP D. Port security
D. Port security
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on? A. Lessons Learned B. Eradication C. Recovery D. Preparation
D. Preparation
Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE). A. Spam filter B. Load balancer C. Antivirus D. Proxies E. Firewall F. NIDS G. URL filtering
D. Proxies E. Firewall G. URL filtering
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future? A. User permissions reviews B. Incident response team C. Change management D. Routine auditing
D. Routine auditing
Emily, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Emily should immediately implement which of the following? A. Acceptable Use Policy B. Physical security controls C. Technical controls D. Security awareness training
D. Security awareness training
Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following? A. Application patch management B. Cross-site scripting prevention C. Creating a security baseline D. System hardening
D. System hardening
Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective? A. Password reuse B. Phishing C. Social engineering D. Tailgating
D. Tailgating
A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident? A. MAC Spoofing B. Session Hijacking C. Impersonation D. Zero-day
D. Zero-day