COMPtia
When your tablet is missing, you realize that you last used it in class and had the speakers set to mute. Which result can you expect if you try to track it by playing a sound?
Alarm will sound
Which of the following is NOT a function of a vulnerability scanner? Detects when an application is compromised Maintains a log of all interactive network sessions Detects which ports are served and which ports are browsed for each individual system Alerts users when a new patch cannot be found
Alerts users when a new patch cannot be found
Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel? Personal Identity Verification (PIV) card Secure ID Card (SIDC) Common Access Card (CAC) Government Smart Card (GSC)
Common Access Card (CAC)
Bria is reviewing the company's updated personal email policy. Which of the following will she NOT find in it? Employees should not forward company emails to a personal email account. Employees should not give out their company email address unless requested. Employees should not access personal email at work. Employees should not use company email to send personal email messages.
Employees should not give out their company email address unless requested.
What does an incremental backup do? Copies selected files Copies all files changed since the last full or incremental backup Copies all files Copies all files since the last full backup
Copies all files changed since the last full or incremental backup
When considering the proper storage of private keys, what statement is not accurate? Expired keys should be destroyed. Keys can be stored in hardware or software. Keys should be stored in files or folders that are password protected or encrypted. Copies of keys should be made for safe keeping.
Copies of keys should be made for safe keeping.
What is a disadvantage of biometric readers? Standards Cost Speed Weight
Cost
Which of the following is NOT a risk associated with the use of private data? Devices being infected with malware Statistical inferences Associations with groups Individual inconveniences and identity theft
Devices being infected with malware
What describes the ability of an enterprise data center to revert to its former size after expanding? Reduction Elasticity Contraction Scalability
Elasticity
By creating a starting point for comparison purposes in order to apply targets and goals to measure success, what are you doing? Solidifying a goal. Creating a measurement. Establishing a baseline. Provisioning a marker.
Establishing a baseline
Which type of operating system runs on a firewall, router, or switch? Network OS Device OS Server OS Resource OS
Network OS
Tomassa is asked to determine the expected monetary loss every time a risk occurs. Which formula will she use? AV ALE ARO SLE
SLE
On inspecting the methods of standard biometrics authentication identification available be which physical attribute would NOT be considered? Fingerprint Retina Weight Voice
Weight
John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing? XSS DDoS DNS XSRF SQL
XSS
Providing the minimum amount of privileges necessary to perform a job or function is known as what security principle? minimal privilege least privilege necessary privilege required privilege
least privilege
What allows a device to be managed remotely? mobile application management (MAM) mobile resource management (MRM) mobile wrapper management (MWM) mobile device management (MDM)
mobile device management (MDM)
According to the Password Protection Policy Template, all system passwords should be changed __________
quarterly
In what type of security policy might you define the required minimal security configuration for servers on the network? acceptable use policy server security policy antivirus policy network sensitivity policy
server security policy
Penetration testers have a number of methods to meet their testing requirements. In which of the testing techniques shown does the tester have the most knowledge of network layout and source code on specialized applications?
white box
This PIN is used by well over 10% of ATM users in a recent survey of banks limiting the codes to 4 digits.
1234
When you are configuring password policy settings in Group Policy, what is the recommended setting for password reuse? 12 new passwords must be used before a reused password. 48 new passwords must be used before a reused password. 24 new passwords must be used before a reused password. 6 new passwords must be used before a reused password.
24 new passwords must be used before a reused password.
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? A NIPS is much slower because it uses protocol analysis. A NIPS can take actions more quickly to combat an attack. There is no difference; a NIDS and a NIPS are equal. A NIDS provides more valuable information about attacks.
A NIPS can take actions more quickly to combat an attack.
You have been placed in charge of a large number of corporate firewalls and NIPs. Due to the volume of traffic, you would like to recommend the procurement of a product capable of real-time monitoring and management of security information with analysis and reporting of security events. What type of product is this? A Network Security Message Consolidator product. A Security and Information Event Management product. A Centralized Security Monitoring System product. A Host-Based Security Log Aggregator product.
A Security and Information Event Management product.
Which type of access control model uses predefined rules that makes it flexible? Rule-Based Access Control MAC DAC ABAC
ABAC
Which policy defines the actions users may perform while accessing systems and networking equipment? Acceptable use policy End-user policy User permission policy Internet use policy
Acceptable use policy
Which of the following involves rights given to access specific resources? Identification Access Accounting Authorization
Access
Which of the following is NOT part of the AAA framework? Authentication Accounting Access Authorization
Access
The ________ group has the right, by default, to assign or take ownership of a file or folder
Administrators
You are formulating a vulnerability assessment to be performed by security analysts. Nmap is one of the tools to be used. What information will you expect the program provide about the target host(s)? Devices Topology Services All of these
All of these
Which of the following is NOT true regarding how an enterprise should handle an orphaned or a dormant account? All orphaned and dormant accounts should be deleted immediately whenever they are discovered. A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization. Access should be ended as soon as the employee is no longer part of the organization. Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.
All orphaned and dormant accounts should be deleted immediately whenever they are discovered.
What is a hybrid attack? An attack that uses both automated and user input A brute force attack that uses special tables An attack that combines a dictionary attack with a mask attack An attack that slightly alters dictionary words
An attack that combines a dictionary attack with a mask attack
What is not an item that a host based intrusion detection system (HIDS) is capable of monitoring? All input and output communications on the host. An attempt to access files on the local machine. A system call being made by running processes. An attempt to access remote network-shared files.
An attempt to access remote network-shared files.
For adult learners, which approach is often preferred? Pedagogical Institutional Andragogical Proactive
Andragogical
Which of the following statement regarding proper patch management is true? Using SNMP to perform patch management. Applying the correct patch, following the correct procedure, at the correct time. Implementing version control. Subscribing to the vendor's patch program.
Applying the correct patch, following the correct procedure, at the correct time
What two statements describe methods that can be employed by armored viruses in order to avoid detection? (Choose two.) Armored viruses will delete necessary system files to effectively disable the operating system before detection. Armored viruses may mutate or change their code on the fly to avoid detection. Armored viruses can use encrypted code pieces to assemble itself with the help of an infected program. Armored viruses often masquerade as a legitimate program that performs a benign activity to avoid detection.
Armored viruses can use encrypted code pieces to assemble itself with the help of an infected program. Armored viruses may mutate or change their code on the fly to avoid detection.
Once a tester has penetrated a network and gained access, what is the tester's next step? Disconnect from the network and attempt to regain entry using a different method. Close the vulnerability for the target company. End the test and present the findings to the contracted company. Attempt to pivot or move around inside the network to other resources.
Attempt to pivot or move around inside the network to other resources.
Which of the following choices describes the process of testing updates and patches before distributing them to your organization in order to ensure stable operation?
Automated Patch Update Service
Which statement is NOT something that a security policy must do? Be concise and easy to understand. Be capable of being implemented and enforced. Balance protection with productivity. State reasons why the policy is necessary.
Balance protection with productivity.
Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is intended to direct traffic flow? Roller barrier Type V controls Barricade Fencing
Barricade
Which of these Bluetooth attacks involves accessing unauthorized information through a Bluetooth connection? Bluecreeping Bluejacking Bluestealing Bluesnarfing
Bluesnarfing
What are two valid methods that could be used to prevent a replay attack? (Choose two.) The MAC entries of computers requiring secure communications can be entered statically into the ARP table. Timestamps can be utilized for all communication. Both sides of communication could utilize random keys that are valid for limited periods of time. An administrator can employ the use of a network hub, instead of a network switch.
Both sides of communication could utilize random keys that are valid for limited periods of time. Time stamps can be utilized for all communication.
Which of the following are zombie armies formed by a number of innocent hosts set up to perform malicious operations? Botnets Rootnets Rootkits Backnets Backdoors
Botnets
Which of the following is NOT an issue raised regarding how private data is gathered and used? By law, all encrypted data must contain a "backdoor" entry point. The accuracy of the data cannot be verified. The data is gathered and kept in secret. Informed consent is usually missing or is misunderstood.
By law, all encrypted data must contain a "backdoor" entry point.
How is confidentiality ensured using the IPsec VPN protocol? By using the Authentication Header (AH) protocol. By using the Encapsulating Security Payload (ESP) protocol. By using IPsec's Transport Mode. By using IPsec's Tunnel Mode.
By using IPsec's Tunnel Mode.
You have been asked to implement a backup strategy for your organization. The solution would provide real-time immediate data recovery in the event of system failure. Select the appropriate solution. Cloud backup Full backup DRP CDP
CDP
When implementing biometric security, you want to allow the maximum number of legitimate users wile blocking imposters. Which of the choices describes the aggregate rate of acceptance and rejection? CER FAR FRR TARR
CER
Which of the following can be used to secure a laptop or mobile device? Security tab Cable lock Mobile chain Mobile connector
Cable lock
An electrical fire like that which would be found in a computer data center is known as what type of fire? Class D Class B Class A Class C
Class C
Which of the following data sensitivity labels is the highest level of data sensitivity? Private Secret Ultra Confidential
Confidential
Paavo was reviewing a request by an executive for a new subnotebook computer. The executive said that he wanted USB OTG support and asked Paavo's opinion regarding its security. What would Paavo tell him about USB OTG security? Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device. USB OTG uses strong security and the executive should have no concerns. An unsecured mobile device could infect other tethered mobile devices or the corporate network. Subnotebooks do not support USB OTG.
Connecting a mobile device as a peripheral to an infected computer could allow malware to be sent to that device.
Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? End-user Operator Custodian Privacy officer
Custodian
Which of the following is NOT a method for strengthening a key? Randomness Cryptoperiod Variability Length
D. Variability
One way to secure data is through Data Loss Prevention (DLP). Which of the choices is not a data type protected by DLP? Data-at-rest Data-to-disclose Data-in-transit Data-in-use
Data-to-disclose
Which of these access models gives the user total control over an objects?
Discretionary Access Control
In which of the following types of access control is the default for Windows systems and has access determined by the owner of a resource? Mandatory access control Discretionary access control Rule based access control Role based access control
Discretionary access control
Which digital certificate displays the name of the entity behind the website?
Extended Validation (EV) Certificate
Which device intercepts internal user requests and then processes those requests on behalf of the users? Forward proxy server Host detection server Intrusion prevention device Reverse proxy server
Forward proxy server
What allows for a single configuration to be set and then deployed to many or all users? Snap-In Replication (SIR) Command Configuration Active Directory Group Policy
Group Policy
Which one-time password is event-driven? HOTP POTP TOTP ROTP
HOTP
When securing a Windows OS in a corporate environment, which of the elements shown will quickly apply the desired security settings of a properly configured host to the target system?
Import Security Template
Why is a rogue AP a security vulnerability? It allows an attacker to bypass network security configurations. It uses the weaker IEEE 80211i protocol. It requires the use of vulnerable wireless probes on all mobile devices. It conflicts with other network firewalls and can cause them to become disabled.
It allows an attacker to bypass many of the network security configurations.
How is the Security Assertion Markup Language (SAML) used? It is an authenticator in IEEE 802.1x. It allows secure web domains to exchange user authentication and authorization data. It is no longer used because it has been replaced by LDAP. It is a backup to a RADIUS server.
It allows secure web domains to exchange user authentication and authorization data.
Which statement regarding a honeypot is NOT true? It can direct an attacker's attention away from legitimate servers. It cannot be part of a honeynet. It is typically located in an area with limited security. It is intentionally configured with security vulnerabilities.
It cannot be part of a honeynet.
Which of the following is NOT true of a wireless router? It often includes features of an access point (AP). It is most commonly used in an enterprise setting . It is also called a "residential WLAN gateway". It combines multiple features into a single hardware device.
It is most commonly used in an enterprise setting
Which of these is NOT correct about an SSL/TLS accelerator? It is a separate hardware card that inserts into a web server. It replaces FTP using Secure Sockets Layer (FTPS) as a file transport layer resting "on top" of SSL/TLS. It can be installed as a "virtual SSL/TLS server" alongside a forward proxy server. It contains one or more co-processors to handle SSL/TLS processing.
It replaces FTP using Secure Sockets Layer (FTPS) as a file transport layer resting "on top" of SSL/TLS.
What does containerization do? It separates personal data from corporate data. It places all keys in a special vault. It slows down a mobile device to half speed. It splits operating system functions only on specific brands of mobile devices.
It separates personal data from corporate data.
How is key stretching effective in resisting password attacks? It does not require the use of salts. The license fees are very expensive to purchase and use it. It requires the use of GPUs. It takes more time to generate candidate password digests.
It takes more time to generate candidate password digests.
What is the primary weakness of wired equivalent privacy (WEP)? Its usage creates a detectable pattern. Initialization vectors (IVs) are difficult for users to manage. It functions only on specific brands of APs. It slows down a WLAN from 104 Mbps to 16 Mbps.
Its usage creates a detectable pattern.
A friend of Ukrit told him that he has just downloaded and installed an app that allows him to circumvent the built-in limitations on his Apple iOS smartphone. What is this called? Ducking Jailbreaking Rooting Sideloading
Jailbreaking
Which type of residential lock is most often used for keeping out intruders? Passage lock Keyed entry lock Privacy lock Encrypted key lock
Keyed entry lock
In Active Directory, what does authorization? RADIUS SAML LDAP TACACS+ Kerberos
LDAP
What is the version of the X.500 standard that runs on a personal computer over TCP/IP? Lite RDAP DAP LDAP IEEE X.501
LDAP
What is the secure version of LDAP? LDAPS 802.1x X.500 Secure DAP
LDAPS
Which tool manages the distribution and control of apps? MDM MCM MAM MFM
MAM
Which of the following is NOT a motion detection method? Radio frequency Infrared Moisture Magnetism
Moisture
Which of these is an example of a nested RAID? Level 0/1 Level 1-0 Level 0+1 Level 0-1
Level 0+1
Which level of RAID uses disk mirroring and is considered fault-tolerant? Level 2 Level 1 Level 3 Level 4
Level 1
While traveling abroad, Giuseppe needs to use public Internet cafe computers to access the secure network. Which of the following non-persistence tools should he use? Revert to known state Secure Configuration Snapshot Live boot media
Live boot media
To achieve server scalability, more servers may be added to a configuration and make use of:
Load balancers
What statement regarding the use of load balancers on a network is NOT accurate? Servers behind load balancers often utilize a virtual IP address. Load balancers can be used to remove server identification headers from HTTP responses. Load balancers can only be used in an active-pass configuration. Load balancers can be used to hide HTTP error pages from users.
Load balancers can only be used in an active-pass configuration.
Which can be used to establish geographical boundaries where a mobile device can and cannot be used? Geolocation policies Restricted access control policies Mobile device policies Location-based policies
Location-based policies
Which of the following is a form of delayed-execution virus? Logic bomb Backdoor Ransomware Rootkit Botnet
Logic bomb Logic bomb = slag code. It is inserted into the normal program code and gets ready to explode under specific circumstances. It is a form of delayed-execution virus. Some logic bombs are used by legitimate software vendors as a timer to prevent usage after the trial period.
Which access control model is the most restrictive? Rule-Based Access Control MAC Role-Based Access Control DAC
MAC
What are two valid weaknesses of utilizing MAC filtering for controlling wireless network access? The 48-bit MAC address does not have enough complexity to be secure. MAC address filtering requires knowing all the MAC addresses that will be prevented from access. Filtering by MAC address requires significant administrative overhead to maintain the list of allowed MACs. MAC addresses are initially exchanged between wireless devices and the AP in unencrypted format.
MAC addresses are initially exchanged between wireless devices and the AP in unencrypted format. Filtering by MAC address requires significant administrative overhead to maintain the list of allowed MACs.
Which of the following measures protect data integrity? [Choose three that apply.] Backups Mantrap MD5 Data labeling, handling, and disposal policies AES SHA1
MD5 and SHA1 are hashes - Backups can restore an un-corrupted version of a file that was subsequently corrupted.
Which of the following technologies provides for pictures, video, or audio to be included in text messages? ANT SMS QR MMS
MMS
Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? MOU BPA SLA ISA
MOU
Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password? Mask attack Pass the hash attack Rainbow attack Rule attack
Mask attack
Which of these is NOT a reason why users create weak passwords? Having multiple passwords makes it hard to remember all of them. A lengthy and complex password can be difficult to memorize. Most sites force users to create weak passwords even though they do not want to. A security policy requires a password to be changed regularly.
Most sites force users to create weak passwords even though they do not want to.
What is a token system that requires the user to enter the code along with a PIN called? Single-factor authentication system Multifactor authentication system Token-passing authentication system Dual-prong verification system
Multifactor authentication system
Which of the following is a command-line alternative to Nmap? Netcat Statnet Mapper Netstat
Netcat
Apps are small and very useful software programs that range from essential to just silly. They are available from device manufacturers, OS providers, and third parties. Which of the app types listed can be side-loaded on an iOS device? None Any iPhone only IPad only
None
Which of the DLP sensor choices requires communication with the DLP server? DLP network DLP agent DLP storage None of these are correct
None of these are correct
Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend? Open ID Connect Shibboleth NTLM OAuth
OAuth
What is the faster way for browsers to obtain the revocation status of a digital certificate attached to a Web site? PBKDF2 OCSP Blowfish CRL Bcrypt
OCSP
Which of the following may be used as an alternative to CRLs? OCSP Root CA Subordinate CA Cert Escrow CSR
OCSP
To ensure business continuity it is important to maintain consistent reliable electrical power. Which choice represents the LEAST expensive solution for power interruptions? Back up UPS Online UPS Offline UPS Backup generator
Offline UPS
In MDM terms, which choice would most quickly get a device enrolled on a network? Whitelisting QR coding Passcode On-boarding
On-boarding
Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say? -A MAC flooding attack with filter to the local host computer's MAC-to-IP address tables and prevent these hosts from reaching the network. -A MAC flooding attack will prevent load balances from identifying the correct VIP of the servers. -Once the MAC address table is full the switch functions like a network hub. -In a defense of a MAC flooding attack network routers will freeze and not permit any incoming traffic.
Once the MAC address table is full the switch functions like a network hub.
When you are configuring a UPS you want to have it respond as quickly as practical. Of the choices shown which UPS type provides the cleanest most consistent power?
Online UPS
Which of these is NOT a risk when a home wireless router is not securely configured? Malware can be injected into a computer connected to the WLAN. Only a small percentage of the total traffic can be encrypted. An attacker can steal data from any folder with file sharing enabled. User names, passwords, credit card numbers, and other information sent over the WLAN could be captured by an attacker.
Only a small percentage of the total traffic can be encrypted.
When data is collected for a forensic investigation, what order should be followed? Order of seizure Order of vulnerability Order of volatility Order of risk
Order of volatility When collecting data for a forensic investigation, there is an order of volatility that should be followed as some data will be lost faster than the others.
Once a user has taken ____________ of a folder or file, they implicitly have full control over the object.
Ownership
You need to identify a federated development technology to be used to support SSO. Choose the technology that would NOT be used from those provided. OAuth PBKDF2 OpenID Connect Shibboleth
PBKDF2
Which of the following must be kept secure as mandated by HIPAA? PHIL PLILP PII PHI
PHI
Which of these Wi-Fi Protected Setup (WPS) methods is vulnerable? PIN method Push-Button method NFC method piconet method
PIN method
Which device is connected to a port on a switch in order to receive network traffic?
Passive IDS
What is always the first line of defense in protecting data and information? What you are Tokens Accounts Certificates Passwords
Passwords
When discussing the behavior of vulnerability assessments which choice will exploit a weakness? Penetration test Vulnerability scan Intrusive Gray Box Credentialed vulnerability Non-credentialed vulnerability
Penetration test
How does the use of the perfect forward secrecy key exchange method differ from other key exchange methods? Perfect forward secrecy uses temporal keys that are used for a period of time and then discarded. Perfect forward secrecy utilizes elliptic curve cryptography instead of prime numbers in computation. Perfect forward secrecy utilizes large prime numbers and a related integer agreed upon by two parties, and the key never changes. Perfect forward secrecy involves the use of public key systems that generate random public keys that differ for each session.
Perfect forward secrecy involves the use of public key systems that generate random public keys that differ for each session.
Online Certificate Status Protocol (OCSP)
Performs a real-time lookup of a digital certificate's status
Which of the following MAINLY applies to email that appears to be sent from a legitimate business? Spearing Spimming Squatting Vishing Phishing
Phishing
What is the maximum length of time that an organization can tolerate between data backups? Recovery time objective (RTO) Recovery point objective (RPO) Recovery service point (RSP) Optimal recovery timeframe (ORT)
Recovery point objective (RPO)
Which of the following command-line tools tests a connection between two network devices? Nslookup Netstat Ifconfig Ping
Ping
Which of the following should NOT be stored in a secure password database? Plaintext password Iterations Password digest Salt
Plaintext password
Which of the following can a UPS NOT perform? Prevent certain applications from launching that will consume too much power Disconnect users and shut down the server Notify all users that they must finish their work immediately and log off Prevent any new users from logging on
Prevent certain applications from launching that will consume too much power
What hardware based solutions are measures for fault tolerance? (Choose all that apply.) Caching Proxying RAID Clustering Load balancing
RAID, Clustering, and Load balancing
A mail gateway can have many functions. Which choice is NOT one of those functions? Block Spam Monitor outbound email Monitor inbound email Perform automatic encryption Require full tunnel
Require full tunnel
Which of the following is NOT a typical OS security configuration? Restricting patch management Disabling unnecessary ports and services Employing least functionality Disabling default accounts/passwords
Restricting patch management
Which of the following are recompiled UNIX tools that can hide evidence of the intrusion? Adware Viruses Spyware Botnets Rootkits
Rootkits
What two cryptographic transport protocols should not be used or are considered obsolete? (Choose two.) SSL v2.0 TLS v1.2 TLS v1.1 SSL v3.0
SSL v3.0 SSL v2.0
What is the recommended secure protocol for voice and video applications? Secure/Multipurpose Internet Mail Extensions (S/MIME) Secure Real-time Transport Protocol (SRTP) Network Time Protocol (NTP) Hypertext Transport Protocol Secure (HTTPS)
Secure Real-time Transport Protocol (SRTP)
is a protocol for securely accessing a remote computer
Secure Shell (SSH)
Which of the following is a cumulative package of all patches? Service pack Rollup Patch Hotfix
Service pack
Which of the following is true concerning vulnerability scanning? (Choose all that apply.) All scanning attempts must be credentialed. False negative is not possible! Some scanning attempts may be credentialed while some may be non-credentialed. Some scanning attempts are intrusive while some are non-intrusive. False positive is possible!
Some scanning attempts may be credentialed while some may be non-credentialed. False positive is possible! Some scanning attempts are intrusive while some are non-intrusive.
What type of digital certificate is primarily used for Microsoft Exchange servers or unified communications? code signing digital certificate Subject Alternative Name (SAN) certificate wildcard digital certificate email digital certificate
Subject Alternative Name (SAN) certificate
System or device infections can be introduced during the manufacture or storage of the items. How is this described?
Supply Chain Infection
Which of the following is NOT a reason why supply chain infections are considered especially dangerous? Users are receiving infected devices at the point of purchase and are completely unaware that a brand new device may be infected. Supply chains take advantage of the trusted "chain of trust" concept. It is virtually impossible to closely monitor every step in the supply chain. If the malware is planted in the ROM firmware of the device this can make it 5 or sometimes even impossible to clean an infected device.
Supply chains take advantage of the trusted "chain of trust" concept.
Which of the following is NOT a valid physical security measure? Alarms and motion detection Barricades and biometrics Signs and guards Protected distribution of cabling System patching Proper lighting
System patching
How does heuristic detection detect a virus? A virtualized environment is created and the code is executed in it. The bytes of a virus are placed in different "piles" and then used to create a profile. A string of bytes from the virus is compared against the suspected file. The virus signature file is placed in a suspended chamber before streaming to the CPU.
The bytes of a virus are placed in different "piles" and then used to create a profile.
When might an industry-specific security framework or architecture be required for a company? The company operates nationally. The company operates internationally. The company's industry is regulated. The company's industry is non-regulated.
The company's industry is regulated.
Help from a Recovery Agent is necessary when: One needs to remove a CRL. One wants to implement OSCP. The public key is lost. The private key is lost by a user. One needs to setup a registration authority. One needs to service a CSR.
The private key is lost by a user.
In a white box penetration test of a network, how much information is known to the tester, if any? The tester will have limited information of the network and systems tested. The tester will have in-depth knowledge of the network and systems tested. The tester will only be provided with the location of systems to be tested. The tester will have no prior knowledge of the network.
The tester will have in-depth knowledge of the network and systems tested.
When deploying sensors, collectors, and filters, where should they be placed in the network? They should only be placed in the low-traffic areas of the network. They should be placed at each server on the network. They should be placed where the stream of data is largest. At random locations throughout the network to gather a complete picture.
They should be placed where the stream of data is largest.
For what purpose should the network traffic log be analyzed? To facilitate security management To capture network packets To check processor performance To check for suspicious traffic To store the dump file offsite
To check for suspicious traffic The network traffic log should be analyzed to check for suspicious traffic. There are a lot of free tools one can use for this purpose. The traffic data logged through devices (firewalls, IDS etc.) is very useful for tracing back to the source of the attack.
When an unauthorized event occurs, what is the first duty of the cyber-incident response team? To back up the hard drive To reboot the system To log off from the server To secure the crime scene
To secure the crime scene
Packet sniffing can be helpful in detecting rogues
True
Of the two encryption modes supported by IPsec, what mode is more secure, and why? Transport mode, because the data portion of each packet is encrypted. Tunnel mode, because the data portion of each packet is encrypted. Tunnel mode, because the header and data portion of the packet are encrypted. Transport mode, because the header and data portion of the packet are encrypted.
Tunnel mode, because the header and data portion of the packet are encrypted.
Calista is designing the specifications for new laptop computers to be purchased by her company. She is comparing the different types and sizes of USB connections found on the devices. Which type USB connection would she NOT find on a laptop? Standard Mini Micro Type D
Type D
Which type of hypervisor does not run on an underlying operating system? Type III Type I Type IV Type II
Type I
Attackers who register domain names that are similar to legitimate domain names are performing _____. URL hijacking Address resolution HTML squatting HTTP manipulation
URL hijacking
Which of these is NOT a limitation of turning off the SSID broadcast from an AP? Users can more easily roam from one WLAN to another. The SSID can easily be discovered, even when it is not contained in beacon frames, because it still is transmitted in other management frames sent by the AP. Some versions of operating systems favor a network that broadcasts an SSID over one that does not. Turning off the SSID broadcast may prevent users from being able to freely roam from one AP coverage area to another.
Users can more easily roam from one WLAN to another.
Which of the following is NOT a memory vulnerability? Buffer overflow Pointer deference Variable overflow DLL injection
Variable overflow
Which of the following is NOT a security concern of virtualized environments? Physical security appliances are not always designed to protect virtual systems. Virtual servers are less expensive than their physical counterparts. Virtual machines must be protected from both the outside world and from other virtual machines on the same physical computer. Live migration can immediately move one virtualized server to another hypervisor.
Virtual servers are less expensive than their physical counterparts.
Different network scenarios require the use of different tools. The tools you may consider should EXCLUDE: Vulnerability scanner Honeypots Banner grabbing tools Protocol analyzer Honeynets Port scanner Viruses
Virus
An attacker has targeted Corp.com's employees with voicemails that attempt to acquire sensitive information by masquerading as a trustworthy entity. Which type of attack is this? Vishing Phishing Spear phishing Whaling
Vishing Phishing attempts to acquire sensitive information by masquerading as a trustworthy entity- Spear phishing targets select groups of people with something in common- Whaling is targeted phishing of senior executives and other high profile targets.- Vishing is phishing over the phone. This attack is vishing.
Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm? Vulnerability scan Vulnerability assessment Penetration test Risk appraisal
Vulnerability assessment
Which of the following is NOT a category of fire suppression systems? Wet chemical system Clean agent system Water sprinkler system Dry chemical system
Wet chemical system
Crypto service provider
What entity calls in crypto modules to perform cryptographic tasks?
Salt
What is a value that can be used to ensure that hashed plaintext will not consistently result in the same digest?
Which authentication factor is based on a unique talent that a user possesses? What you know What you do What you are What you have
What you do
Which of these is a list of approved email senders? Bluelist Whitelist Yellowlist Blacklist
Whitelist
What criteria has to be met for you to get a picture of the person that stole your tablet?
Wrong passcode 3 times
Which attack uses the user's web browser settings to impersonate that user? Domain hijacking Session hijacking XDD XSRF
XSRF
Which of these is NOT part of the certificate life cycle? -authorization -creation -expiration -revocation
authorization
By default, how often are group policies updated?
all
In the physical world, when a user's credentials are validated, they are considered to be
authenticated
What type of backup is considered to be an evidence-grade backup, because its accuracy meets evidence standards? differential backup incremental backup full backup bit-stream backup
bit-stream backup
The chain of _____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. control custody forensics evidence
custody
The primary design of a(n) _____ is to capture the transmissions from legitimate users. rogue access point Bluetooth grabber WEP evil twin
evil twin
In dealing with facial recognition technology, what term describes the rate at which imposters are recognized as legitimate users? false acceptance rate (FAR) crossover error rate (CER) false rejection rate (FRR) true acceptance rate (TAR)
false acceptance rate (FAR)
Which function does an Internet content filter NOT perform? intrusion detection malware inspection URL filtering content inspection
intrusion detection
What is not one of the more common security issues that should be planned for? weak security configurations unauthorized software data exfiltration inventory management
inventory management
Which of these is NOT a security feature for locating a lost or stolen mobile device? alarm thief picture remote lockout last known good configuration
last known good configuration
An Advanced Persistent Threat is most commonly associated with what type of threat actor? hactivists script kiddie insiders nation state actors
nation state actors
Which technology is predominately used for contactless payment systems? near field communication (NFC) wireless local area network (WLAN) Bluetooth Radio Frequency ID (RFID)
near field communication (NFC)
You want to test your current security configuration. Which method would you use to avoid detection?
passive
Which of these is considered the strongest type of passcode to use on a mobile device? PIN fingerprint swipe password draw connecting dots pattern
password
What type of a social engineering attack attempts to trick a user via email or web page into surrendering private information, such as login information to financial websites? impersonation attack spam attack phishing attack watering hole attack
phishing attack
Gaetan has attempted to enter the passcode for his mobile device but keeps entering the wrong code. Now he is asked to enter a special phrase to continue. Which configuration setting is enabled on Gaetan's mobile device? reset to factory settings lock device extend lockout period enable high security
reset to factory settings
Which of these is NOT a response to risk? mitigation avoidance resistance transference
resistance
What type of malware specializes in avoiding detection by accessing lower layers of the operating system or by using undocumented functions to make alterations? adware ransomware Trojan rootkit
rootkit
What prevents a mobile device from being used until the user enters the correct passcode? screen lock screen timeout swipe identifier (SW-ID) touch swipe
screen lock
What Linux/UNIX-based command interface and protocol can be used for securely accessing a remote computer? rlogin ssh rsh scp
ssh
A digital certificate associates
the user's identity with his public key
What are the two different types of one-time password that can be created? (Choose two.) HMAC based one-time password (HOTP) source-based one time password (SOTP) time-based one time password (TOTP) pad-based one time password (POTP)
time-based one time password (TOTP) HMAC based one-time password (HOTP)
When performing an audit, what is the process that looks at the applications that the user is provided, how frequently they are used, and how they are being used known as? time analysis and review recertification permission auditing and review usage auditing and review
usage auditing and review
Which of the following can protect "data at rest"? (Select FOUR) -BitLocker -CPU-based key storage -Enclaves -Full memory encryption -Bitlocker To Go -Transparent database encryption (TDE) -Encrypted file system (EFS)
Bitlocker, Encrypted file system (EFS), Bitlocker to go, Transparent database encryption(TDE)
Which trust model has multiple CAs, one of which acts as a facilitator?
Bridge
You are examining the types of overflow attacks. Which type of attack attempts to store data in RAM that is beyond the fixed-length storage boundaries?
Buffer overflow attacks
SNMP uses which port by default? 139 22 80 161 110 53
161
Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization's secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia? A bridge will block packets between two different types of networks. A bridge could permit access to the secure wired network from the unsecured wireless network. A bridge would block packets from reaching the Internet. A bridge cannot be used on any Internet connection.
A bridge could permit access to the secure wired network from the unsecured wireless network
When preparing a cloud computer security solution for your organization, you implement a "gatekeeper" to guarantee your security policies. Which choice correctly identifies this method of policy enforcement? CASB SDN SASS SecAAS
CASB (Cloud access security broker)
When defining data policies, what areas or issues must be covered? (Select FOUR) -Disposing -Relations -Retention -Storage -Wiping
Disposing, Retention, Wiping, Storage
What is the difference between a DoS and a DDoS attack? DoS attacks use more memory than a DDoS attack DoS attacks are faster than DDoS attacks DoS attacks do not use DNS servers as DDoS attacks do DoS attacks use fewer computers than DDoS attacks
DoS attacks use fewer computers than DDoS attacks
A security administrator wants to empty the DNS cache after a suspected attack that may have corrupted the DNS server. The server has been repaired, however it is feared that DNS entries may remain in client computer caches. Which of the following tools can be used to flush the DNS cache on a Windows client? PING NET NSLOOKUP IPCONFIG
IPCONFIG
Aideen sent an email to her supervisor explaining the Domain Name System Security Extensions (DNSSEC). Which of the following statements would Aideen have NOT included in her email? It is fully supported in BIND9. It adds message header information. It adds additional resource records. It can prevent a DNS transfer attack.
It can prevent a DNS transfer attack
Which statement is NOT true regarding hierarchical trust models?
It is designed for use on a large scale.
Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser? Extensions Plug-ins Add-ons Scripts
Plug-ins
Catriona needed to monitor network traffic. She did not have the resources to install an additional device on the network. Which of the following solutions would meet her needs? Correlation engine Network tap Aggregation switch Port mirroring
Port mirroring
Which of these is the most secure protocol for transferring files? FTP FTPS TCP SFTP
SFTP
are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity
Session keys
Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose? Split tunnel Full tunnel Wide tunnel Narrow tunnel
Split tunnel
Both DNS poisoning and ARP poisoning involves: DoS? Distributed DoS Eavedropping Spoofing Replaying
Spoofing
Which of these is NOT used in scheduling a load balancer? Round-robin Data within the application message itself The IP address of the destination packet Affinity
The IP address of the destination packet
Why are extensions, plug-ins, and add-ons considered to be security risks? They are written in Java, which is a weak language. They use bitcode. They cannot be uninstalled. They have introduced vulnerabilities in browsers.
They have introduced vulnerabilities in browsers.
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks? -The complex nature of TCP/IP allows for too many ping sweeps to be blocked. -Web application attacks use web browsers that cannot be controlled on a local computer. -Network security devices cannot prevent attacks from web resources. -Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
Which of the following CANNOT be used to hide information about the internal network? network address translation (NAT) a subnetter a proxy server a protocol analyzer
a protocol analyzer
Certificate Policy (CP)
a published set of rules that govern the operation of PKI
What is a session token? another name for a third-party cookie a unique identifier that includes the user's email address XML code used in an XML injection attack a random string assigned by a web server
a random string assigned by a web server
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? number overflow buffer overflow heap overflow integer overflow
integer overflow
Public key infrastructure (PKI)
is the management of digital certificates
A replay attack _____. replays the attack over and over to flood the server is considered to be a type of DoS attack makes a copy of the transmission for use at a later time can be prevented by patching the web browser
makes a copy of the transmission for use at a later time
Which attack intercepts communications between a web browser and the underlying computer? replay man-in-the-middle (MITM) ARP poisoning man-in-the-browser (MITB)
man-in-the-browser (MITB)
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another? transverse attack horizontal access attack cross-site attack privilege escalation
privilege escalation
What can be deployed to intercept and log network traffic passing through the network? NIPSs proxy catchers protocol analyzers NIDSs event viewers
protocol analyzers
Which of these is NOT a DoS attack? push flood smurf attack SYN flood DNS amplification
push flood
Which action cannot be performed through a successful SQL injection attack? discover the names of different fields in a table display a list of customer telephone numbers erase a database table reformat the web application server's hard drive
reformat the web application server's hard drive
DNSSEC adds additional _____ and message header information, which can be used to verify that the requested data has not been altered in transmission. resource records zone transfers hash sequences field flags
resource records
What encryption protocol is used for the WPA2 wireless standard? Temporal Key Integrity Protocol (TKIP) Counter Mode with Ecliptic Curve Block Message Authentication Code Protocol (ECBMP) Galois/Counter with Cipher Block Chaining Message Authentication Code Protocol (GCMP) Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
The range of ports 1 to __________ are reserved for the most universal applications. In the space provided, enter only the numeric value.
1023
The Advanced Encryption Standard (AES) symmetric cipher uses how many rounds of substitution and re-arranging when utilizing a 256-bit key size? 9 rounds 18 rounds 13 rounds 24 rounds
13 rounds
Which port should be filtered (or blocked) to disallow NETBIOS traffic? 139 142 143 195 181
139
In a situation where MIMO is used, the 802.11n standard has an average geographic range of up to _____ meters.
400
Users in PLABS.com require support for remote logins via VPN to the Active Directory domain controllers using Kerberos and LDAP. Which port or ports need to be opened to support this functionality? 443 88 636 389 139 445
443
Media Access Control (MAC) address filtering is a common type of wireless access control. How many bits in length is a MAC address?
48
You are speaking to your CIO, and she has instructed you to ensure that the network is "five nines" in percentage of availability. What is the total yearly downtime that this allows? 8.76 hours 31.5 seconds 5.26 minutes 3.65 days
5.26 minutes
What will be the available drive space in a RAID 5 configured system with 3 250GB hard drives? 1 TB 500 GB 750 GB 250 GB
500 GB
Which of the following is NOT required for a fire to occur? Sufficient oxygen to sustain the combustion A spark to start the process A chemical reaction that is the fire itself A type of fuel or combustible material
A spark to start the process
What statement properly describes the propagation or circulation techniques utilized by a worm-type malware? A worm utilizes application or operating system vulnerabilities to spread through a network. A worm is spread through the sharing of an application that appears to have one function, but also has a malicious function. A worm is spread by tricking the user into interacting with their computer in such a way that the worm can propagate. A worm spreads by the activation of an infected software product, and commonly uses macros.
A worm utilizes application or operating system vulnerabilities to spread through a network.
What is the core principle behind RADIUS? Distributed challenge and response Centralized security Distributed security Ticket granting ticket
Distributed security RADIUS is an access server and also a system of distributed security. It aims to secure remote access against unauthorized attempts. RADIUS can work with many different features to authenticate.
Which of the following would NOT be considered as part of a clean desk policy? Keep mass storage devices locked in a drawer when not in use. Lock computer workstations when leaving the office. Place laptops in a locked filing cabinet. Do not share passwords with other employees.
Do not share passwords with other employees
What statement describes the Privacy Enhancement Mail (PEM) X.509 format? It is the standard file format for exporting certificates, and includes the public and private keys. It is the preferred file format for creating certificates to authenticate mail applications, and contains public and private keys. It is designed to provide confidentiality and integrity to emails utilizing DER encoding. It is one of a numbered set of 15 standards defined by RSA, and uses RSA public key algorithm and contains both public and private keys.
It is designed to provide confidentiality and integrity to emails utilizing DER encoding.
Considering the implications of virtual servers on a host, what poses the greatest threat to them? -Host compromise -Hosted service compromise -Hypervisor compromise -None of these are correct
Hypervisor compromise
Which of the following TCP/IP protocols do not relate to security? FTP SNMP HTTPS IP
IP
When using application-based firewalls, what is NOT capable of being used to identify an application being used? payload analysis header inspection IP addresses pre-defined application signatures
IP addresses
Many botnets were controlled through using what protocol? FTP ICMP IRC SNMP SFTP
IRC Botnets are zombie armies formed by a number of innocent hosts set up to perform malicious operations. A bot is malware that allows a botmaster to control the victimized computer. Many botnets were controlled through using Internet Relay Chat.
Which of these is NOT a characteristic of a disaster recovery plan (DRP)? It is detailed. It is a private document used only by top-level administrators for planning. It is updated regularly. It is written.
It is a private document used only by top-level administrators for planning.
Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about? Privilege escalation Scaling exploit Amplification Session replay
Privilege escalation
Which of the following covers the procedures of managing object authorizations? Task management Privilege management Threat management Asset management
Privilege management
Each of the following accounts should be prohibited EXCEPT: Privileged accounts Generic accounts Guest accounts Shared accounts
Privileged accounts
When dealing with the preservation of evidence, who should be responsible for processing the evidence? Properly trained computer evidence specialists. A designated supervisor in the affected company. Only users with some level of computer experience. Only law enforcement personnel.
Properly trained computer evidence specialists.
Which of the following data sensitivity labels has the lowest level of data sensitivity? Open Unrestricted Free Public
Public
Which of these is NOT a risk of connecting a mobile device to a public network? Public networks are beyond the control of the employee's organization. Public networks are faster than local networks and can spread malware more quickly to mobile devices. Replay attacks can occur on public networks. Public networks may be susceptible to man-in-the-middle attacks.
Public networks are faster than local networks and can spread malware more quickly to mobile devices.
What attack involves impersonating another device?
Spoofing
Which of the following is usually bundled as a hidden component of a freeware? Botnet Armored virus Logic bomb Spyware Polymorphic malware
Spyware
Which stage is a "quality assurance" test that verifies the code functions as intended? Testing stage Production stage Staging stage Development stage
Staging stage
On examining the methods of standard biometric authentication available, which would NOT be considered? Facial recognition Retinal identification Speech recognition Voice recognition
Speech Recognition
Which of the following are factors in determining the required frequency of data backups? [Choose two that apply.] The criticality of the concerned data Individual member schedules Server log patterns The frequency of changes
The frequency of data backups would depend on the frequency of changes, and also the criticality of the concerned data. Backup copies of critical data must always be maintained.
Which statement regarding vulnerability appraisal is NOT true? Each threat could reveal multiple vulnerabilities. Every asset must be viewed in light of each threat. Vulnerability appraisal is always the easiest and quickest step. Each vulnerability should be cataloged.
Vulnerability appraisal is always the easiest and quickest step.
Which of these is NOT a type of wireless AP probe? wireless device probe WNIC probe dedicated probe AP probe
WNIC probe
Which device watches for attacks and sounds an alert only when one occurs? network intrusion detection system (NIDS) firewall proxy intrusion device network intrusion prevention system (NIPS)
network intrusion detection system (NIDS)
Which of the following aims to support distributed authentication and authorization over the Internet? Trust bridge services Federation services DFS Transitive trust services Trust link services
Federation services Federation services aim to support distributed authentication and authorization over the Internet so that it is possible to create, secure, and verify claims that flow between partnering organizations
Gibson Research recommends that first-time users perform which two scan types first?
File Sharing Common Ports
If a software application aborts and leaves the program open, which control structure is it using? Fail-open Fail-right Fail-safe Fail-secure
Fail-open
What are some common symptoms of RAID array failures? (Choose all that apply.) OS not found Failure to boot Drive not recognized Overheating
Failure to boot Drive not recognized OS not found Common symptoms of RAID array failure include OS not found, when the OS is installed to the RAID array. Drive not recognized may indicate a RAID array failure and it may also indicate a single drive has failed when seen outside the scope of a RAID array. Failure to boot is as common as OS not found. In any of these situations, when RAID stops working, one will have to replace failed drives and potentially restore data to the RAID array. Overheating is not a common symptom of RAID failures, though is a common symptom of failure within the cooling system or another electrical component.
Along with the forensic investigation effort, the man hours and expense should not be tracked since the costs are always justified regardless, of the actual amount involved. True False
False
DoS attacks are for gaining unauthorized access or control of a system. False True
False
NIDS is an advanced version of NIPS. False True only when the NIDS is vendor specific. True True only when the NIDS is patched.
False NIDS can inspect inbound and outbound network activity and identify suspicious patterns that may be a sign of attack. NIPS is the next step up, and can carry out proactive actions against the detected threats. Think of NIPS as the advanced version of NIDS.
What statement is accurate in regards to adjusting frequency spectrum settings? On a dual band radio, both bands should be enabled even if one band is unused. Channel width determines how much spectrum is available to transfer data. Larger channels are less affected by wireless interference. APs should be configured to use the same channel as other nearby APs to ensure AP familiarity.
Channel width determines how much spectrum is available to transfer data.
Which of the following statements are true about client-side DNS? (Choose all that apply). Check out DNS settings using the DIG command If a web site can be reached by IP address and not by host name, then DNS or the Hosts file would be the problem If an APIPA address is assigned, then DNS is the problem Check out DNS settings using the NSLookup command The Root Hints file has the IP addresses of the 13 root DNS servers The cache.dns file has the IP addresses of the 13 root DNS servers Client-side DNS should be configured to point towards the DNS server that is authoritative for the domain that client wants to join
Check out DNS settings using the DIG command The cache.dns file has the IP addresses of the 13 root DNS servers Check out DNS settings using the NSLookup command Client-side DNS should be configured to point towards the DNS server that is authoritative for the domain that client wants to join If a web site can be reached by IP address and not by host name, then DNS or the Hosts file would be the problem The Root Hints file has the IP addresses of the 13 root DNS servers
What block cipher mode of operation involves each ciphertext block being fed back into the encryption process to encrypt the next plaintext block? Counter (CTR) Galois/Counter (GCM) Cipher Block Chaining (CBC) Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Which of the following block ciphers XORs each block of plaintext with the previous block of ciphertext before being encrypted? -Electronic Code Book (ECB) -Galois/Counter (GCM) -Cipher Block Chaining (CBS) -Counter (CTR)
Cipher Block Chaining (CBS)
_____ biometrics is related to the perception, thought processes, and understanding of the user. Standard Intelligent Behavioral Cognitive
Cognitive
What EAP protocol supported by WPA2-Enterprise securely tunnels any credential form for authentication using TLS? EAP-TLS EAP-FAST EAP-TTLS PEAP
EAP-FAST
What does the abbreviation RAID represent? Resilient Architecture for Interdependent Discs Resistant Architecture of Inter-Related Data Storage Redundant Array of IDE Drives Redundant Array of Independent Drives
Redundant Array of Independent Drives
What type of security control implements security in a defined structure and location? physical control preventative control security control deterrent control
physical control
Which technology is NOT a core feature of a mobile device? small form factor physical keyboard data synchronization capabilities local non-removable data storage
physical keyboard
Recently, a managed Cisco network switch in a publicly accessible closet experienced a crash, dropping all those that were connected to it. Based on logs recovered from a central logging system, you determine that the switch may have been flooded with spoofed MAC addresses, causing the memory available on the switch to be consumed. What feature could you implement to help prevent this from happening in the future? spanning-tree algorithm port security port mirroring Access Control Lists (ACLs)
port security
How can an SDIO card be made secure? Turning on patch updates to the SDIO card. SDIO cards are natively secure and no security settings are needed. Requiring a username before accessing the SDIO card. Using the security mechanisms on a standard Wi-Fi network.
Using the security mechanisms on a standard Wi-Fi network.
Which application stores the user's desktop inside a virtual machine that resides on a server and is accessible from multiple locations? Application cell VDI Container VDE
VDI
Due to the sensitivity of the computer equipment your company has in its core network, you would like to shield these devices from electromagnetic pulses. What can you do to accomplish this? You can use electromagnetic dispersing devices to counter any EMPs. You can add additional insulation to the walls in the server room. You can place the sensitive equipment underground. You can use a metallic enclosure known as a Faraday cage.
You can use a metallic enclosure known as a Faraday cage.
You are examining the security implications of virtual machines. A condition exists where the virtual machine can potentially harm the host. Which choice describes this? -Sprawl -Escape -Container leak -All of these are correct
all
Which RAID types would use a minimum of four hard drives? (Choose all that apply). 6 5 1 10 51 0
51 6 10 RAID 0 stripes two or more hard drives. RAID 1 mirrors two hard drives. RAID 5 is disk striping with parity and it uses three or more hard drives. RAID 1+0 (RAID 10) is disk mirroring with stripping. It typically uses four hard drives. RAID 6 is disk striping with two parity disks. It uses four or more disk drives. RAID 5+1 (RAID 51) is mirrored RAID 5. It takes six or more disks.
According to the Encryption Policy Template, symmetric cryptosystem keys must be at least ___________ bits in length. In the space provided, enter only the numeric value.
56
Select one of the choices to complete this statement. One of the limitations of a UPS is the amount of _________ it can provide power to the system. Time Voltage Wattage All of these
?
Which of the choices provides the best option in terms of accessibility and recovery?
?
When using TCP/IP, most communication involves exchanging information between a _____ running on one system and the same program running on a remote system. TCP/IP uses a 16 bit numeric value called a _____________ to identify the resources to be used for the exchange. Complete the statement using the choices provided.
? route identifier
When reviewing the local copy of a file that has been back up, you notice that the archive bit has not reset. What does that indicate?
? Not Incremental backup
The minimum recommended backup strategy is 3-2-1. Including the original data how many copies will exist when this strategy is completely implemented?
? not 3
While evaluating network solutions for mission-essential functions you see a provider claiming a yearly downtime of 32.5 seconds. Which choice would be used to classify uptime?
? not 99.9
You are reviewing backup solutions. Which choice summarizes the process of creating a series of data reference markers at a specific time?
? not rto
In the management of virtual machines, what are the risks associated with virtual machine sprawl? A guest operating system may be vulnerable because it has not been maintained. A guest operating system will cease to function without management. A guest operating system may malfunction and damage the host computer. A guest operating system will consume the resources of the host, even when offline.
A guest operating system may be vulnerable because it has not been maintained.
Which of these is NOT a characteristic of a weak password? Using personal information A long password Using a predictable sequence of characters A common dictionary word
A long password
What is a valid disadvantage of the use of a software firewall versus using a hardware firewall? Software firewalls are harder to configure and maintain than a hardware firewall. Software firewalls are often more expensive than deploying a hardware firewall. Software firewalls cannot use stateless firewall settings. A malware infection on the machine could compromise the software firewall processes.
A malware infection on the machine could compromise the software firewall processes.
What can be used to help ensure against employee perpetrated fraud against an employer? A mandatory vacation policy. An employee geolocation tracking system. A clean desk policy. A non-disclosure agreement.
A mandatory vacation policy.
What statement accurately defines what a race condition is and how it might affect a computer? A race condition results from the use of incorrect input data that causes a program to enter an unexpected loop. A race condition occurs when concurrent threads of execution access a shared resource simultaneously, producing unintended consequences. A race condition is the result of multiple exploits being used or attempted to gain access to a system, resulting in the faster and more effective method winning. A race condition is when two programs attempt to access the hardware resources of a system at the same time, causing a bottleneck and slowing the system.
A race condition occurs when concurrent threads of execution access a shared resource simultaneously, producing unintended consequences.
What statement correctly defines what a rainbow table is in relation to password attacks? A rainbow table is a collection of rules designed to match potential password patterns that may be in use by a particular organization. A rainbow table contains a table of potential hash collisions that can be used to try and brute force a password. A rainbow table is a compressed representation of cleartext passwords that are related and organized in a sequence. A rainbow table contains password masks that are used to guess passwords using a predetermined sequence.
A rainbow table is a compressed representation of cleartext passwords that are related and organized in a sequence.
Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will she be working on? After-action report Containment report Identification of critical systems report Business continuity report
After-action report
Which type of log can provide details regarding requests for specific files on a system? access log event log audit log SysFile log
ACCESS log
What can be used to provide both file system security and database security? ACLs RBASEs LDAPs CHAPs
ACLs
Which of these is a set of permissions that is attached to an object? Security entry designator Subject Access Entity (SAE) Access control list (ACL) Object modifier
Access control list (ACL)
Agnella was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization. Which of the following would she NOT list in her report? Access to resources Limit retaliation Legal authorization Indemnification
Access to resources
Which of these should NOT be classified as an asset? Employee databases Accounts payable Buildings Business partners
Accounts payable
Which of the following sends "probes" to network devices and examines the responses to evaluate whether a specific device needs remediation? Active scanner Passive scanner Probe scanner Remote scanner
Active scanner
In which of the following configurations are all the load balancers always active? Passive-active-passive Active-passive Active-active Active-load-passive-load
Active-active
The _________ tab on the folder's Advanced Properties dialog box will show you the folders owner
Advanced
What is NOT a component in the "AAA" framework used to control access to computer resources? Accounting Authentication Affiliation Authorization
Affiliation
Which of the following is NOT a time employee training should be conducted? When a new computer is installed. After monthly patch updates. When an employee is promoted. During an annual department retreat
After monthly patch updates.
If a wireless attacker sends a Request to Send (RTS) frame with a duration field containing a very high value, what happens on the wireless network? The access point will crash due to manipulation of the duration field. The wireless clients will transmit a collision detection frame, causing all traffic to halt. All other wireless client devices on the network will be unable to transmit until their NAV value is 0. Other wireless clients disassociate from the wireless network.
All other wireless client devices on the network will be unable to transmit until their NAV value is 0.
Flash cookies are a type of spyware. What are ways to clean Flash cookies? (Choose all that apply.) Clear browser cache Use a browser add-on Disable Adobe Flash Anti-malware programs
Anti-malware programs Disable Adobe Flash Use a browser add-on A Flash cookie, also known as a Local Share Object (LSO) stores cookie-like data using Adobe Flash without permission. Flash cookies are like zombies in that they can come back from the dead even after clearing brower cache. The following will protect against Flash cookies:- Disable Adobe Flash- Use a browser add-on that disables flash cookies- Use an antimalware program to clean Flash cookies.
In Windows network, transitive trust is used among the different domains inside a forest for implementing: Distributed file systems Authentication RPC File systems DCOM
Authentication Transitivity is what determines if a trust is allowed to extend outside the two domains between which a trust was formulated. In Windows network, transitive trust is used among the different domains inside a forest for implementing authentication.
Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate? Custom attack Hybrid attack Dictionary attack Brute force attack
Brute force attack
Identification of any single points of failure should be a key component in what important business tool? Mission Objectives Statement (MOS) Business Impact Analysis (BIA) Probability of Failure Report (PFR) Potential Risk Report (PRR)
Business Impact Analysis (BIA)
Which of these is NOT a state of a port that can be returned by a port scanner? Busy Blocked Open Closed
Busy
Select the response that best identifies the method of using UEFI and Secure Boot to validate the first element of the boot process then validate each consecutive element before handing the hardware over to the operating system?
Chain of Trust
Public keys of compromised certificates can be found in which ways? (Choose all that apply.) PBKDF2 Bcrypt Blowfish CRL OCSP
CRL OCSP The following are ways to check for revoked certificates:- Certificate Revocation List (CRL.) The CRL contains a list of certificates that are compromised and invalid. The CRL should be checked regularly to avoid using compromised certificates. The main disadvantages of implementing a certificate revocation list is that it is a single point of failure, is expensive to maintain, and is slower than OCSP. - Online Certificate Status Protocol (OCSP.) The OCSP overcomes the chief limitation of CRL: the fact that updates must be frequently downloaded to keep the list current at the client end. When a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown." The protocol specifies the syntax for communication between the server (which contains the certificate status) and the client application (which is informed of that status). OCSP allows users with expired certificates a grace period, so they can access servers for a limited time before renewing. The Online Certificate Status Protocol (OCSP) is the protocol used by browsers to obtain the revocation status of a digital certificate attached to a website. OCSP speed is faster than downloading a CRL. The following provide key stretching and do not reveal compromised certificates:- PBKDF2 (Password-Based Key Derivation Function 2) applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process tens of thousands of times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.- Bcrypt. Bcrypt uses a variant of the Blowfish encryption algorithm's keying schedule, and introduces a work factor, which allows one to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore's law. As computers get faster one can increase the work factor and the hash will get slower.Although bcrypt is derived from Blowfish, Blowfish does not provide key stretching. Blowfish is a very strong symmetric algorithm with up to a 448 bit key.
In her job interview, Xiu asks about the company policy regarding smartphones. She is told that employees may choose from a limited list of approved devices but that she must pay for the device herself; however, the company will provide her with a monthly stipend. Which type of enterprise deployment model does this company support? BYOD Corporate-owned CYOD COPE
CYOD
The security administrator for a large organization receives numerous alerts from a network-based intrusion detection system (NIDS) of a possible worm infection spreading through the network via network shares. Before taking any drastic action to solve this problem such as blocking file sharing, what should first be done? Perform a pilot study of the solution and monitor for adverse affects Look for a less radical solution Research best practices with respect to stopping the worm and implement the solution without delay. Call an emergency change management meeting to ensure the solution will not have unforeseen negative affects. Block file sharing immediately because this is an emergency that could lead to a widespread data compromise.
Call an emergency change management meeting to ensure the solution will not have unforeseen negative affects.
The forensic investigator at a crime lab will be performing a forensic analysis of a hard drive that was brought in by state troopers. What should be done before performing the analysis? Capture video Capture data in order of volatility Capture a system image Chain of custody
Capture a system image Before performing a forensic analysis of a hard drive, one should capture a system image and then use forensic tools on the system image while preserving the original hard drive using the chain of custody. The other items are important forensics concepts but are not the first concern: - Capturing data in order of volatility should have been done by field investigators. - Field investigators should have also documented their evidence collection with a capture video. - They should have initiated the chain of custody. This will be preserved by not altering the original hard drive.
Sebastian was explaining to his supervisor why the enterprise needed to implement port security. His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred. Which of the following was NOT an answer that was given by Sebastian? Block the port entirely Ignore the new MAC addresses while allowing normal traffic from the single pre-approved MAC address Record new MAC addresses up to a specific limit Cause the device to enter a fail-open mode
Cause the device to enter a fail-open mode.
While reviewing several certificate-based authentication methods, which choice can support even driven HOTP? CAP Smart cards PIV Cell phones
Cell phones
An entity that issues digital certificates is a _______________.
Certificate Authority (CA)
A centralized directory of digital certificates is called a(n)
Certificate Repository (CR)
What functions of a switch does a software defined network separate? Host and virtual Control plane and physical plane Network level and resource level RAM and hard drive
Control plane and physical plane
A wireless LAN controller (WLC) was recently installed, and now Kelsey needs to purchase several new APs to be managed by it. Which type of AP should he purchase? Fat AP Standalone AP Any type of AP can be managed by a WLC. Controller AP
Controller AP
Minh has been asked to recommend an EAP for a system that uses both passwords and tokens with TLS. Which should she recommend? EAP-FAST EAP-TLS EAP-TTLS EAP-SSL
EAP-FAST
What is the least restrictive access control model? DAC MAC ABAC Rule-Based Access Control
DAC
Which of the following involves deploying a large number of compromised hosts to flood a target system? MITM DDoS DoS Spim Smurf
DDoS
How does a distributed denial of service attack differ from a regular denial of service attack? DDoS attacks utilize authorized user access to infiltrate a network. DDoS attacks have multiple targets that are all attacked simultaneously by a single source. DDoS attacks utilize many computers for making bogus requests, instead of just one. DDoS attacks generate fewer bogus requests by distributing the workload amongst clustered machines.
DDoS attacks utilize many computers for making bogus requests, instead of just one.
Which of the following can be used to prevent a buffer overflow attack? FIM DNS VPN DEP
DEP
Which Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name? DNS forwarding DNS poisoning DNS replay DNS masking
DNS Poisoning
What DNS vulnerability can be specifically addressed by utilizing Domain Name System Security Extensions (DNSSEC)? DNS poisoning DNS spoofing DNS hijacking DNS looping
DNS poisoning
Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? Detective control Deterrent control Corrective control Preventive control
Deterrent control
A forensic investigator at a crime lab is performing a forensic analysis of a hard drive that was brought in by state troopers. They make a mistake by using the wrong forensic tool during their forensics examination. What should the investigator do? Disclose the mistake and preserve the chain of custody Disclose the mistake and assess another area of the hard drive Document the mistake and press on with remaining tasks Document the mistake and workaround the problem.
Document the mistake and workaround the problem.
Which of the following types of testing uses unexpected or invalid inputs? Dynamic analysis Stress testing Static analysis Runtime testing
Dynamic analysis
What protocol offers the capability to deploy RADIUS in an Ethernet network? CHAP V2 PAP MSCHAP CHAP V3 EAP
EAP
Which of the following threats would be classified as the actions of a hactivist? Environmental threat External threat Compliance threat Internal threat
External threat
A TOTP token code is generally valid for what period of time? Until an event occurs For as long as it appears on the device Only while the user presses SEND For up to 24 hours
For as long as it appears on the device
Creating a pattern of where a user accesses a remote web account is an example of which of the following? Keystroke dynamics Geolocation Cognitive biometrics Time-Location Resource Monitoring (TLRM)
Geolocation
Which Microsoft Windows feature provides group-based access control for centralized management and configuration of computers and remote users who are using Active Directory? AD Management Services (ADMS) Windows Registry Settings Group Policy Resource Allocation Entities
Group Policy
A security administrator uses third-party certificate authorities plus their own set of enterprise certificate authorities. How is a list of trusted certificate authorities delivered to a browser? (Choose all that apply.) Group policy Certificate Authority (CA) Online Certificate Status Protocol (OCSP) Browser manufacturer Registration Authority (RA)
Group policy Browser manufacturer The list of trusted third-party certificate authorities is installed by the browser manufacturer and updated when the browser is updated. The list of trusted Conglomerate.com enterprise certificate authorities should be delivered to the browser by group policy. While the certificate authority signs its own root certificate and vouches for itself, it is up to the browser manufacturer to install them. While a registration authority can help a CA by identity proofing certificate applicants, it is again up to the browser manufacturer to install them. The Online Certificate Status Protocol (OCSP) allows a user to check for revoked certificates. The OCSP overcomes the chief limitation of CRL: the fact that updates must be frequently downloaded to keep the list current at the client end. When a user attempts to access a server, OCSP sends a request for certificate status information. The server sends back a response of "current", "expired," or "unknown." The protocol specifies the syntax for communication between the server (which contains the certificate status) and the client application (which is informed of that status). OCSP allows users with expired certificates a grace period, so they can access servers for a limited time before renewing. The Online Certificate Status Protocol (OCSP) is the protocol used by browsers to obtain the revocation status of a digital certificate attached to a website. OCSP speed is faster than downloading a CRL.
Which of the following factors should be considered and addressed in regards to account policy enforcement? [Choose all that apply.] Group policy Credential management Password expiration Account recovery Password complexity
Group policy Credential management Password expiration Account recovery Password complexity
What is a collection of suggestions that should be implemented? Guideline Standard Policy Code
Guideline
What statement best describes how an HMAC-based one-time password (HOTP) works? HOTPs are event-driven and change when specific events occur, such as when a user enters a personal identification number. HOTPs are randomly generated at various intervals as the user accesses resources. HOTPs are time-driven and change when a timestamp expires, usually after an hour or so. HOTPs are created when the user consciously decides to create the HOTP.
HOTPs are event-driven and change when specific events occur, such as when a user enters a personal identification number.
Which of the following services only requires a single port be opened on the firewall? RDP SSH SNMP FTP DHCP DNS HTTP
HTTP
Examine the choices listed. Which choice is NOT a valid port state? Half-open Open Closed Blocked
Half-opened
Which of the following is NOT a service model in cloud computing? Hardware as a Service (HaaS) Infrastructure as a Service (IaaS) Software as a Service (SaaS) Platform as a Service (PaaS)
Hardware as a Service (HaaS)
Which question is NOT a basic question to be asked regarding creating a data backup? What information should be backed up? Where should the backup be stored? What media should be used? How long will it take to finish the backup?
How long will it take to finish the backup?
Which human characteristic is NOT used for biometric identification? Iris Fingerprint Height Retina
Height
The security administrator for PLABS.com recommends using a host-based firewall for all servers and workstations. What can a host-based firewall do? [Choose three that apply.] Stop a process or application from launching Helps prevent a system from being fingerprinted by port scans Stops attackers when they are outside of the company's internal network Can restrict a computer from receiving network traffic Disable an account
Help prevent a system from being fingerprinted by port scans Restrict a computer from receiving network traffic Stops attackers when they are outside of the company's internal network
Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect? Web browser and browser add-on Host table and external DNS server Reply referrer and domain buffer Web server buffer and host DNS server
Host table and external DNS server
Which solution to the limitations of a UPS is best described as a universally accessible repository for backups and disaster recovery?
Hot Site
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running? Hot site Replicated site Cold site Warm site
Hot Site
Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this? Risk IT planning Disaster recovery planning IT contingency planning Business impact analysis planning
IT contingency planning
To increase fault-tolerance, the security administrator for Corp.com has installed an active/passive firewall cluster where the second firewall is held in reserve in case of primary firewall failure. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients. Which of the following is MOST likely the cause of this problem? The heartbeat between the firewalls is not enabled All packets are traversing the passive firewall causing the connections to be dropped. All packets are traversing the active firewall causing the connections to be dropped. Inbound packets are traversing the active firewall and return traffic is being sent through the passive firewall
Inbound packets are traversing the active firewall and return traffic is being sent through the passive firewall
How is credentialed scanning better than non-credentialed scanning? (Choose all that apply.) Active vs. passive scanning Customized auditing More accurate results Safer scanning
Incorrect Credentialed scanning better than non-credentialed scanning for the following reasons: - Safer scanning. Credentialed scanning offers a safe way to get security information using normal network communication methods. - More accurate results. Credentialed scanning offers a much more accurate report of open ports and vulnerabilities. - Customized auditing. Credentialed scanning, with policy compliance plugins, allows for customized auditing. Both scanning methods are passive and not active measures. Safer scanning More accurate results Customized auditing
When discussing protections provided by cryptography, what does non-repudiation mean? Individuals are prevented from fraudulently denying that they were involved in a transaction. It means the encrypted information cannot be changed except by authorized users who have the key. It means there is proof that the sender was legitimate and not an imposter. Encrypted information can only be viewed by those who have been provided the key.
Individuals are prevented from fraudulently denying that they were involved in a transaction.
Dilma has been tasked with creating a list of potential employees to serve in an upcoming tabletop exercise. Which employees will be on her list? Individuals on a decision-making level All employees Full-time employees Only IT managers
Individuals on a decision-making level
Agape was asked to make a recommendation regarding short-range wireless technologies to be supported in a new conference room that was being renovated. Which of the following would she NOT consider due to its slow speed and its low deployment levels today? NFC Bluetooth ANT Infrared
Infrared
The security administrator for Conglomerate.com has been been directed by the CIO to reduce the cost of certificates. Which of the following is the FIRST step that should be taken? Generate shared public and private keys. Install a CA. Establish a key escrow policy. Install a RA
Install a CA
Which of the following is NOT a wireless peripheral protection option? Install a network sensor to detect an attack Update or replacing any vulnerable device Switch to a more fully tested Bluetooth model Substitute a wired device
Install a network sensor to detect an attack
Which statement regarding a demilitarized zone (DMZ) is NOT true? It contains servers that are used only by internal network users. It typically includes an email or a web server. It provides an extra degree of security. It can be configured to have one or two firewalls.
It contains servers that are used only by internal network users.
On Windows, how does the Mandatory Integrity Control (MIC) MAC implementation ensure data integrity? It controls access to securable objects through the use of timestamps. It mediates access to files and records file access in an audit log. It repudiates changes made to a file without the proper access. It controls access to securable objects through the use of security identifiers.
It controls access to securable objects through the use of security identifiers.
Why should the account lockout threshold not be set too low? It could decrease calls to the help desk. The network administrator would have to reset the account manually. It could result in denial of service (DoS) attacks. The user would not have to wait too long to have her password reset.
It could result in denial of service (DoS) attacks.
How does network address translation (NAT) improve security? It filters based on protocol. It discards unsolicited packets. NATs do not improve security. It masks the IP address of the NAT device.
It discards unsolicited packets.
Which statement about Rule-Based Access Control is true? It requires that a custodian set all rules. It is considered obsolete today. It is considered a real-world approach by linking a user's job function with security. It dynamically assigns roles to subjects based on rules.
It dynamically assigns roles to subjects based on rules.
Elijah was asked by a student intern to explain the Extensible Authentication Protocol (EAP). What would be the best explanation of EAP? It is the transport protocol used in TCP/IP for authentication It is a framework for transporting authentication protocols It is a technology used by IEEE 802.11 for encryption It is a subset of WPA2
It is a framework for transporting authentication protocols
Which statement about a mantrap is true? It requires the use of a cipher lock. It is a special keyed lock. It is illegal in the United States. It monitors and controls two interlocking doors to a room.
It monitors and controls two interlocking doors to a room.
What is NOT an advantage of using job rotation in a complex business environment? It limits the amount of time that individuals are in a position to manipulate security configurations. It reduces job training costs by ensuring everyone knows how to do everyone else's job. It helps expose any potential avenues for fraud by having multiple individuals with different perspectives learn about a job. It reduces burnout in employees and increases employee satisfaction, motivation, and improves employee skills.
It reduces job training costs by ensuring everyone knows how to do everyone else's job.
What does a component's mean time between failures (MTBF) value determine? It refers to the average amount of time until a component fails and cannot be repaired. It determines the exact time at which a component will fall out of warranty coverage. It refers to the average amount of times a component will fail before it is no longer usable. It determines the maximum amount of time an item should be left in service before it is replaced.
It refers to the average amount of time until a component fails and cannot be repaired.
Which statement about network address translation (NAT) is true? It can be found only on core routers. It removes private addresses when the packet leaves the network. It substitutes MAC addresses for IP addresses. It can be stateful or stateless.
It removes private addresses when the packet leaves the network.
refers to a situation in which keys are managed by a third party, such as a trusted CA
Key escrow
A network administrator has a domain that includes single location. They want to store a copy of digital certificates with a trusted third party. What should be implemented? Key backup Recovery agent Dual keys Key escrow
Key escrow Key escrow is the process of entrusting the keys to a third party. Key escrow provides a system for recovering encrypted data even if the users lose private keys. The following do not necessarily use trusted third parties: - A recovery agent, usually an administrator can decrypt the data the soonest. A recovery agent allows a company to maintain access to encrypted resources when employee turnover is high. A recovery agent stores information with a trusted agent to decrypt data at a later date, even if the user destroys the key A data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users. The assignment of DRA rights to an approved individual provides an IT department with a way to unlock encrypted data in case of an emergency. Data Recovery Agents can be defined at the domain, site, organizational unit or local machine level. In a small to mid-sized business, the network administrator is often the designated DRA. - Key backup could be stored locally and/or offsite, but usually does not involve a third party. Dual keys are a different concept. One key pair is used for digital signatures and is not backed up, so as to provide strong non-repudiation. A second key pair is used for encryption and is backed up so a corrupted or lost key can be recovered.
Which of the following are responsibilities of the certificate authority (CA) that cannot be outsourced? (Choose all that apply.) Identity proofing Key escrow Key recovery Maintaining the CRL Key generation
Key generation Maintaining the CRL The CA is responsible for generating and issuing keys and for assuring their continued validity by maintaining the Certificate Revocation list (CRL.) The CA might outsource identify proofing of potential customers to a registration authority. The CA might also outsource key escrow and key recovery to a third-party key escrow company. Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications. More importantly, key escrow systems are used to ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data through a disaster or malicious intent.
The security administrator for Corp.com has been directed by the CIO to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following authentication methods should be used? CHAP MS-CHAP PAP LEAP
LEAP Cisco's Lightweight Extensible Authentication Protocol (LEAP) is an older implementation of Extensible Authentication Protocol (EAP) that uses Temporal Key Integrity Protocol (TKIP) and dynamic Wired Equivalency Protocol (WEP) keys to secure wireless authentication to a remote RADIUS server. The newer Protected Extensible Authentication Protocol (PEAP) used Public Key Infrastructure (PKI) and Transport Layer Security (TLS) for authentication confidentiality. PEAP has largely replaced LEAP. The following are not as secure as LEAP: - Password authentication protocol (PAP) is an authentication protocol that uses a password that is sent in clear text and can be captured by a sniffer. - CHAP and MSCHAP. CHAP provides protection against replay attacks by an attacker through the use of a changing identifier and of a random challenge-value. CHAP provides better security than Password Authentication Protocol (PAP), but not as strong as LEAP or PEAP.
Which of these is a vulnerability of MAC address filtering? The user must enter the MAC. MAC addresses are initially exchanged unencrypted. APs use IP addresses instead of MACs. Not all operating systems support MACs.
MAC addresses are initially exchanged unencrypted.
Which of the choices identifies an attack that intercepts communications between a browser and the host security system? -MIM -MITB -MITM -MTM
MITB
A replay attack is a variation of this attack type
MITM
What type of attack intercepts legitimate communication and forges a fictitious response to the sender? interceptor SQL intrusion SIDS MITM
MITM
Which of the following is the Microsoft version of CHAP? AD-EAP PAP-MICROSOFT MS-CHAP EAP-MS
MS-CHAP
What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? MTBF MTBR MTTR MTTI
MTTR
Which of the following is the average amount of time that it will take a device to recover from a failure that is not a terminal failure? MTBF FIT MTTR MTTF
MTTR
What type of attack involves manipulating third-party ad networks? Clickjacking Malvertising Directory traversal Session advertising
Malvertising
Which of these access control models is the most restrictive?
Mandatory Access Control (MAC)
You are involved in the creation of your company's employee offboarding policy. What statement reflects a good policy measure? Offboarded employee accounts are immediately deleted. Offboarded employee accounts are immediately disabled. Offboarded employee accounts are handed over to supervisory employees within 7 days. Offboarded employee accounts remain active, but must have password changed after 7 days of employee's leave date.
Offboarded employee accounts are immediately disabled.
Kyle asked his supervisor which type of computing model was used when the enterprise first started. She explained that the organization purchased all the hardware and software necessary to run the company. What type of model was she describing to Kyle? Hosted services Off-premises Virtual services On-premises
On-premises
Which statement does NOT describe a characteristic of a policy? Policies identify what tools and procedures are needed. Policies define appropriate user behavior. Policies may be helpful if it is necessary to prosecute violators. Policies communicate a unanimous agreement of judgment.
Policies communicate a unanimous agreement of judgment.
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) represents a risk? Quantitative risk calculation Qualitative risk calculation Policy-based risk calculation Rule-based risk calculation
Qualitative risk calculation
Which of the following are both an access server and also a system of distributed security that secures remote access against improper attempts? RADIUS TELNET RRAS NAC+ SSH
RADIUS
A system administrator is using a packet sniffer to troubleshoot remote authentication. The sniffer detects a device trying to communicate on UDP ports 1812 and 1813. Which of the following authentication methods is being attempted? TACACS+ RADIUS LDAP Kerberos
RADIUS RADIUS is Remote Authentication Dial-in User Service. The Radius Server is the AAA service provider. AAA stands for Authentication, Authorization, and Accounting. The RADIUS Client is the network access server or device (i.e. wireless router.) RADIUS is scalable and interoperable. RADIUS and TACACS+ are the most common AAA servers. RADIUS uses UDP ports 1812 for authentication and 1813 for accounting. TACACS+ uses TCP port 49. Kerberos uses TCP port 88 and UDP port 88. LDAP uses TCP port 389, while LDAP over SSL uses TCP port 636.
What is a difference between NFC and RFID? NFC devices cannot pair as quickly as RFID devices. RFID is designed for paper-based tags while NFC is not. NFC is based on wireless technology while RFID is not. RFID is faster than NFC.
RFID is designed for paper-based tags while NFC is not
Adabella was asked by her supervisor to adjust the frequency spectrum settings on a new AP. She brought up the configuration page and looked through the different options. Which of the following frequency spectrum settings would she NOT be able to adjust? RFID spectrum Channel width Channel selection Frequency band
RFID spectrum
Which type of OS is typically found on an embedded system? OTG COPE SoC RTOS
RTOS
Which of the following are valid types of password attack? [Choose all that apply.] Rainbow table Brute force attack Dictionary attack Birthday attack Hybrid attack
Rainbow table Brute force attack Dictionary attack Birthday attack Hybrid attack
What statement regarding the use of Software Defined Networking (SDN) is NOT accurate? SDNs can be used to help capture data for NIDS and NIPS. In order to move through the network, traffic must first receive permission from the SDN controller. Communication between the SDN controller and the SDN switches uses a standard protocol and application programing interface (API). SDN controllers and switches are limited to Layer 2 and Layer 3 of the OSI model.
SDN controllers and switches are limited to Layer 2 and Layer 3 of the OSI model.
Which of the following is NOT a characteristic of an alarmed carrier PDS? Carrier can be hidden above the ceiling Uses continuous monitoring Eliminates the need to seal connections Requires periodic visual inspections
Requires periodic visual inspections
Which version of Simple Network Management Protocol (SNMP) is considered the most secure? SNMPv2 SNMPv3 SNMPv5 SNMPv4
SNMPv3
The security administrator for Corp.com wants to provide wireless access for employees as well as guests. Multiple wireless access points and separate networks for internal users and guests are required. Which of the following should separate each network? (Choose all that apply.) SSIDs Security protocols Channels Physical security
SSIDs Channels Security protocols
Which of the following are characteristics of spyware? (Choose all that apply.) Negatively affects availably It is greyware Negatively affects confidentiality Secretly collects information about users Negatively affects integrity Tracking cookies and browser history can be used by spyware
Secretly collects information about users Negatively affects confidentiality Negatively affects availably Tracking cookies and browser history can be used by spyware It is greyware Spyware secretly collects information about users. Spyware negatively affects confidentiality because it collects secrets. Spyware can slow down a PC, so it affects availability. Spyware does not corrupt data so it does not affect file integrity. Tracking cookies and browser history can be used by spyware Greyware refers to a malicious software or code that is considered to fall in the "grey area" between normal software and a virus. Greyware is a term for which all other malicious or annoying software such as adware, spyware, trackware, and other malicious code and malicious shareware fall under.
The __________ tab on the folder's Properties dialog box will show you the permissions assigned to each Access Control Entry
Security
A________ is a written document that states how an organization plans to protect the company's information technology assets.
Security Policy
What type of agreement serves as a contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service? Interconnection Security Agreement (ISA) Memorandum of Understanding (MOU) Service Level Agreement (SLA) Blanket Purchase Agreement (BPA)
Service Level Agreement (SLA)
What federation system technology uses federation standards to provide SSO and exchanging attributes? Open ID Connect OAuth SSOnly Shibboleth
Shibboleth
Which of the following is NOT a means used by an attacker to do reconnaissance on a network? Christmas tree attack DNS footprinting TCP/IP Stack fingerprinting Smurf attack Port scan attack Banner grabbing
Smurf attack
For what purpose would it be desired to capture the system image? To capture network packets So memory analysis can be performed later Check processor performance To facilitate security management To store the dump file offsite
So memory analysis can be performed later In addition to the image of the storage system, a system image should be captured. Once captured, memory analysis can be performed to check and examine the state of the system accordingly.
Which of the following is NOT a security risk of social media sites for users? Social media security is lax or confusing. Social media sites use popup ads. Users may be too trusting. Personal data can be used maliciously.
Social media sites use popup ads.
In multifactor authentication, a password is considered to be what element of authentication? Something you do. Something you know. Something you have. Something you are.
Something you know.
Consider the following network: PC1->Switch1->Switch2->PC2. When Switch1 receives a frame from PC1 intended for PC2, but does not have an entry in the MAC table for PC2, what happens? Switch1 attempts to locate the PC2 port, and creates a temporary switching loop in the process. Once the ensuing broadcast storm ends, the switch will have populated its MAC address table, and the frame will be forwarded on through Switch2 to PC2. Switch1 returns the frame to PC1 with a "frame undeliverable" message due to the MAC not being in the forwarding table. PC1 then initiates a MAC address discovery using ARP, and forwards the MAC information to the switch once it is found. The frame is then retransmitted. Switch1 attempts to locate PC2 by asking for MAC addresses on all connected ports, using targeted unicast traffic. This in turn triggers Switch2 to do the same if it does not know where the MAC is. Once the proper port is found, the frame is delivered. Switch1 broadcasts the frame out all connected ports. Switch2 will do the same if it too does not contain an entry for PC2, else the frame will be delivered to the port PC2 resides on.
Switch1 broadcasts the frame out all connected ports. Switch2 will do the same if it too does not contain an entry for PC2, else the frame will be delivered to the port PC2 resides on.
What is the current version of TACACS? TACACS+ TRACACS TACACS v9 XTACACS
TACACS+
Which method of port scanning is the most popular? Open scanning TCP SYN scanning Xmas tree TCP connect scanning
TCP SYN scanning
Secure Sockets Layer (SSL) is the predecessor of: DES IPSec SSH TLS
TLS
Which of these is considered the strongest cryptographic transport protocol? SSL v2.0 SSL v2.0 TLS v1.0 TLS v1.2
TLS v1.2
Which of the following are available protocols for security purposes? (Choose all that apply.) IPSec SSH SSL TLS NetBIOS
TLS, SSL, IPSec, SSH
Which of the following technologies are necessary for implementing USB drive encryption or hard drive encryption? (Choose two that apply) -TACAC -HSM -FAT32 -TPM -RADIUS -HFS
TPM & HSM
You are planning to deploy several patches and updates to a virtual server. Which step do you take just before implementation? -Check file size of the package -Take system snapshot -Log off any users -All of these are correct
Take system snapshot
Which of the following tools is a Linux command-line protocol analyzer? Tcpdump Wireshark IP Arp
Tcpdump
WPA replaces WEP with _____. Temporal Key Integrity Protocol (TKIP) Message Integrity Check (MIC) Cyclic Redundancy Check (CRC) WPA2
Temporal Key Integrity Protocol (TKIP)
Although change management involves all types of changes to information systems, what two major types of changes regarding security need to be properly documented? (Choose two.) The classification status of files or documents, such as a file being changed to confidential or top secret. Any change in system architecture, such as new servers, routers, or other equipment. Any new employee or contractor hires that will be given access to the network. The renewal status of support contracts for used equipment and software.
The classification status of files or documents, such as a file being changed to confidential or top secret. Any change in system architecture, such as new servers, routers, or other equipment.
If a company that employs a SCADA system comes under attack, and the SCADA system itself is affected, what are the risks? None, as SCADA is designed to be a supervisory system only, allowing control systems to be managed separately if affected. The control systems managed by SCADA could malfunction, possibly causing damage to equipment. Minimal, as a SCADA system does not provide access to any other equipment in the network. The organization may lose access to reports on control systems.
The control systems managed by SCADA could malfunction, possibly causing damage to equipment.
Elliot's computer has a TPM chip, which was used to encrypt the contents of his hard drive. Due to a component failure on the motherboard, Elliot had to move the hard drive to a new computer, also with a TPM chip. What happens to the drive upon starting the computer? The drive will be unavailable until the recovery password is entered. Nothing; without the original TPM chip, the drive is essentially rendered useless. The drive's contents will be wiped due to the new TPM chip not matching the old chip. The drive's contents will be automatically available due to the presence of a TPM chip.
The drive will be unavailable until the recovery password is entered
What is the difference between a key escrow and a recovery agent? (Choose all that apply.) The former is primarily for third party access to data The latter is primarily for helping internal users The former has replaced the latter in many occasions The latter is primarily for third party access to data The former is primarily for helping internal users
The latter is primarily for helping internal users The former is primarily for third party access to data
When performing a vulnerability scan, what is NOT one of the things the scan looks for? The presence of vulnerabilities or security weaknesses. A lack of proper security controls to establish a secure framework. The likelihood of zero-day malware attacks on the system. Any common misconfigurations that could compromise the system.
The likelihood of zero-day malware attacks on the system.
Once a system has been infected, what is the method of operation of a logic bomb malware program? The logic bomb silently captures and stores keystroke information, then passes the information on to an attacker. The logic bomb software passively tracks and monitors a user's activities until an attacker decides to "detonate" the bomb. The logic bomb code lies dormant until a specific logical event triggers it, upon which data is deleted and/or the system is sabotaged. The logic bomb opens or creates vulnerabilities on the running system, allowing an attacker to access the system remotely.
The logic bomb code lies dormant until a specific logical event triggers it, upon which data is deleted and/or the system is sabotaged.
A Digital signature is a piece of data digest encrypted with: The private key of the signer. The public key of the key escrow. The public key of the signer. The private key of the receiver. The public key of the receiver.
The private key of the signer.
When using OAuth, how are a user's username and password received by a third party server. The username and password are forwarded directly to the third party server, which then verifies with an OAuth server. The username and password are used to create a certificate, which then is used to authenticate to the third party server. The username and password must be transmitted in clear text to the web application, which must then verify the credentials before giving access. The username and password are replaced by a an authentication token, which is then used to gain access to the third party server.
The username and password are replaced by a an authentication token, which is then used to gain access to the third party server.
At what point in a vulnerability assessment would an attack tree be utilized? Vulnerability appraisal Risk mitigation Risk assessment Threat evaluation
Threat evaluation
Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur? Risk assessment Threat modeling Attack assessment Vulnerability prototyping
Threat modeling
Viruses, botnets, social engineering, and drive-by-downloads and other methods used to attack a target are best described as which of the following? Malware Exploits Threat vectors Grayware
Threat vectors A threat vector is the method a threat uses to get to the target. An threat or attack vector is a path or means by which an attacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. There is a proliferation of new threat vectors and a greater volume of established attacks. Threat vectors include worms, viruses, botnets, drive-by downloads click-jacking, and social engineering. Malware is harmful software such as viruses, worms, trojans, and root kits. Grayware (or greyware) is a general term sometimes used as a classification for applications that behave in a manner that is annoying or undesirable, and yet less serious or troublesome than malware. Grayware encompasses spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs apart from viruses that are designed to harm the performance of computers on the network. Exploits use threat vectors to deliver their attacks. An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic.
What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? Daylight savings time Greenwich Mean Time (GMT) Time offset Civil time
Time offset
Which of the following is NOT true about privacy? Privacy is the right to be left alone to the degree that you choose. Privacy is difficult due to the volume of data silently accumulated by technology. Today, individuals can achieve any level of privacy that is desired. Privacy is freedom from attention, observation, or interference based on your decision.
Today, individuals can achieve any level of privacy that is desired.
True or False? Owners of a file have full control of the object when using DAC Access control method.
True
The Secure Boot security standard is used in conjunction with what type of booting process firmware? Basic Input/Output System (BIOS) OpenFirmware Coreboot Unified Extensible Firmware Interface (UEFI)
Unified Extensible Firmware Interface (UEFI)
Which of the following is a multipurpose security device? Hardware security module Unified Threat Management (UTM) Media gateway Intrusion Detection/Prevention (ID/P)
Unified Threat Management
Which of the following is NOT an advantage to an automated patch update service? Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service. Downloading patches from a local server instead of using the vendor's online update service can save bandwidth and time because each computer does not have to connect to an external server.
Users can disable or circumvent updates just as they can if their computer is configured to use the vendor's online update service.
AES-CCMP is the encryption protocol standard used in _____. WPA2 WPA IEEE 802.11 NFC
WPA2
Which model uses a sequential design process? Rigid model Agile model Secure model Waterfall model
Waterfall model
If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique? Gray box White box Black box Blue box
White box
Pakpao has been asked to provide research regarding a new company initiative to add Android smartphones to a list of approved devices. One of the considerations is how frequently the smartphones receive firmware OTA updates. Which of the following reasons would Pakpao NOT list in his report as a factor in the frequency of Android firmware OTA updates? Both OEMs and wireless carriers are hesitant to distribute Google updates because it limits their ability to differentiate themselves from competitors if all versions of Android start to look the same through updates. Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks. Because many of the OEMs had modified Android, they are reluctant to distribute updates that could potentially conflict with their changes. Because OEMs and wireless carriers want to sell as many devices as possible, they have no financial incentive to update mobile devices that users would then continue to use indefinitely.
Wireless carriers are reluctant to provide firmware OTA updates because of the bandwidth it consumes on their wireless networks.
Per your company's data destruction policy, you have been tasked with the destruction of data on a magnetic hard drive. The policy employed by your company specifies that you must destroy the drive by reducing or eliminating the magnetic fields present in the drive. What method should you use? You should perform a random write of 0s and 1s to the drive. You should utilize a wiping utility, such as DBAN. You should utilize the purging data method built in to the operating system being used. You should perform a degaussing procedure on the drive.
You should perform a degaussing procedure on the drive.
What type of information security policy is often considered to be the most important policy? antivirus policy information sensitivity policy personal email policy acceptable use policy
acceptable use policy
A Bluetooth piconet is an example of what type of network topology? bus topology dynamic topology ad hoc topology small network topology
ad hoc topology
Which of the following devices can identify the application that sends packets and then makes decisions about filtering based on it? application-based firewall reverse proxy Internet content filter web security gateway
application-based firewall
An attack in which the attacker substitutes the return address in a program with a pointer to malicious code is an example of what kind of attack? integer overflow attack refactoring attack buffer overflow attack memory leap attack
buffer overflow attack
The security administrator for Corp.com. You are explaining to your CIO the value of credentialed scanning over non-credentialed scanning. In credentialed scanning, policy compliance plugins give you which advantage? Active scanning More accurate results Safer scanning Customized auditing
customized auditing
Which of the following are concepts or terms relevant to the discipline of disaster recovery? [Choose all that apply.] Warm site Hot site Backup execution Backup policies Backup plans Cold site Backup frequency
backup plans/policies, backup execution/frequency, cold site, hot site, and warm site.
You have been tasked with responding to a security incident involving the compromise of a manager's documents. You and your team have determined that the attacker involved copied files via a Bluetooth connection with the manager's unprotected cell phone. What kind of attack was this? bluejacking attack bluesnatching attack bluesnarfing attack near field communication (NFC) attack
bluesnarfing attack
Flavio visits a local coffee shop on his way to school and accesses its free Wi-Fi. When he first connects, a screen appears that requires him to first agree to an Acceptable Use Policy (AUP) before continuing. What type of AP has he encountered? captive portal rogue portal web-based portal authenticated portal
captive portal
What is the most secure form of IEEE 802.1x authentication? MAC authentication certificate based pre-shared key token based
certificate based
What type of redundant site provides office space, but equipment necessary for continuing operations must be provided by the customer? warm site hot site cold site hybrid site
cold site
An attacker is attempting to generate data that has the same hash as a captured hash of a password. What type of attack is this? birthday attack downgrade attack collision attack known-ciphertext attack
collision attack
Which type of cloud is offered to specific organizations that have common concerns? community cloud hybrid cloud private cloud public cloud
community cloud
The Google Android OS Smart Lock feature is an example of what kind of authentication? open system authentication context-aware authentication user state-aware authentication application-aware authentication
context-aware authentication
What are two items that are specifically part of the Secure DevOps methodology? (Choose two.) user training continuous integration funding management security automation
continuous integration security automaton
Your organization is planning to deploy wireless access points across their campus network, and you have been tasked with securing the installation. Currently, the design calls for a wireless network with many APs that are controlled by a single device, to allow centralized management. What type of APs will you be securing? standalone APs thin APs fat APs controller APs
controller APs
Which of these would NOT be a filtering mechanism found in a firewall ACL rule? direction date source address protocol
date
A lock that extends a solid metal bar into the door frame for extra security is the _____. deadman's lock full bar lock deadbolt lock triple bar lock
deadbolt lock
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____________.
digital certificate
What type of cryptography provides security comparable to asymmetric encryption with significantly reduced computational power and with smaller key sizes? asymptotic cryptography symmetric encryption elliptic curve cryptography quadratic cryptography
elliptic curve cryptography
Which type of device log contains the most beneficial security data? switch log email log router log firewall log
firewall log
What enforces the location in which an app can function by tracking the location of the mobile device? location resource management Graphical Management Tracking (GMT) GPS tagging geofencing
geofencing
What feature of a mobile device management system could be used to restrict the use of an application containing confidential data to only a specific geographical area? digital locking location tracking geofencing Wi-Fi fencing
geofencing
What is the process of identifying the geographical location of a mobile device? geotracking geolocation geoID geomonitoring
geolocation
You are asked to design a VLAN using a Type 1 Hypervisor. Which technology will you use as a base? -Host operating system -Specialized 64-bit applications -Hardware -All of these are correct
host
Which device is easiest for an attacker to take advantage of to capture and analyze packets? hub switch load balancer router
hub
In mandatory access control, what are the two key elements used to grant permissions? (Choose two.) levels markers labels tags
levels labels
According to the Information Sensitivity Policy Template, access to information classified as Most Sensitive requires the signing of a ____________ pact
non-disclosure
You are reviewing different penetration techniques to determine which best simulates an actual attack. Which techniques would you choose?
none?
Which command is used in testing and troubleshooting DNS servers? nslookup netsh netdom netstat
nslookup
A client PC on your company's network is attempting to browse to a vendor's web page on the Internet, but the computer goes to a malicious web page instead. What two utilities can you use to verify that the DNS records are correct for the web page? (Choose two.) nslookup dig netstat tracert
nslookup dig
A(n) _____ is always running off its battery while the main power runs the battery charger. off-line UPS secure UPS backup UPS on-line UPS
on-line UPS
You are currently engaged in troubleshooting an active connection that is being cut off in mid-transmission each time an attempt is made to communicate. What type of program should you use to diagnose the problem with this transmission? honeypot software data sanitizer port scanner protocol analyzer
protocol analyzer
Jabez needs to alert through an SMS text message those corporate users who have a specific brand and type of mobile device regarding a serious malware incident. What technology will she use? MCM MAM push notification services COPE
push notification services
With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage? RADIUS DAP Lite RDAP RDAP
radius
Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend? SIEM device virtual private network hub router
router
An unskilled person who downloads automated attack software (i.e. open-source intelligence) and uses it to carry out attacks would be considered to be what type of threat actor? hactivist cracker script kiddie organized criminal
script kiddie
Using one authentication credential to access multiple accounts or applications is known as _____. federal login credentialization single sign-on identification authentication
single sign-on
A RADIUS authentication server requires the ________ to be authenticated first. supplicant authentication server user authenticator
supplication
Which is the most secure type of firewall? stateful packet filtering reverse proxy analysis stateless packet filtering network intrusion detection system replay
stateful packet filtering
What type of fingerprint scanner requires that a user place their entire thumb or finger over a small oval window, which then takes an optical picture of the fingerprint? digital fingerprint scanner dynamic fingerprint scanner automatic fingerprint scanner static fingerprint scanner
static fingerprint scanner
DNS poisoning _____. -floods a DNS server with requests until it can no longer respond -is the same as ARP poisoning -substitutes DNS addresses so that the computer is automatically redirected to another device -is rarely found today due to the use of host tables
substitutes DNS addresses so that the computer is automatically redirected to another device
The basic ROT13 cipher is an example of what kind of cipher algorithm? Beale cipher substitution cipher diffusion cipher XOR cipher
substitution cipher
Eachna is showing a new security intern the log file from a firewall. Which of the following entries would she tell him do not need to be investigated? successful logins Probes to obscure port numbers suspicious outbound connections IP addresses that are being rejected and dropped
successful logins
Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites? managerial strategic technical operational
technical
What is the basis of an SQL injection attack? -to have the SQL server attack client web browsers -to link SQL servers into a botnet -to insert SQL statements through unfiltered user input -to expose SQL code so that it can be examined
to insert SQL statements through unfiltered user input
Digital certificates can be used for each of these EXCEPT -to encrypt channels to provide secure communication between clients and servers -to encrypt messages for secure email communications -to verify the authenticity of the Registration Authorizer -to verify the identity of clients and servers on the Web
to verify the authenticity of the Registration Authorizer
According to the E-mail Policy Template mass mailings for _________ or malware warnings shall NOT be sent without company approval
virus
You are an administrator for the site example.com, and would like to secure all the subdomains under example.com with a single SSL certificate. What type of certificate should you use? code signing certificate SAN certificate wildcard certificate self-signed certificate
wildcard certificate