Exam 3 Security
Which of the following would you find on a CPS
A declaration of security that the organization is implementing for all certificates
What is a PKI
A hierarchy of computers for issuing certificates
Which of the following best describes the content of the CRL
A list of all revoked certificates
What type of key or keys are used in symmetric cryptography
A shared private key
Which of the following best describes high amplifications when applied to hashing algorithms
A small change in the message results in a big change in the hash value.
Which of the following is a policy that defines appropriate activities and usage for company resources, assets, and communications
Acceptable use policy
Components within your server room are failing at rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do the help reduce problems
Add a separate A/C unit in the server room
A private key has been stolen. What action should be taken to deal with this crisis
Add the digital certificate to the CRL
Which of the following conditions does not result in a certificate being added to the certificate revocation list
Certificate expiration
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this
Chain of custody
What is the most important element related to evidence in addition to the evidence itself
Chain of custody document
Which of the following fire extinguishers types is best for electrical fires that might result when working with computer components
Class C
A service level agreement (SLA) defines the relationship between, and the contractual responsibilities of providers and recipients of service. Which of the following characteristics are most important when designing an SLA (Select two)
Clear and detailed description of penalties if the level of service is not provided. Detailed provider responsibilities for continuity and disaster recovery mechanisms.
A code of ethics provides for all but which of the following
Clearly defines course of action to take when a complex issue is encountered.
Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its tasks, preventing a disruption in service
Clustering
Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present
Cold site
When two different messages produce the same hash value, what has occurred
Collision
By definition, which security concept ensures that only authorized parties can access data
Confidentiality
You create a new document and save it to a hard drive on a file server on your company's network. Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing what security goal
Confidentiality
You manage the website for your company. The website uses clusters of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage, and a single connection to your ISP. You want to provide redundancy such that a failure in a single component does not cause the website to be unavailable. What should you add to your configuration to accomplish this
Connect one server through a different ISP to the Internet.
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by the attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do
Contact your customer to let them know of the security breach
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence
Create a checksum using a hashing algorithm
You want to store your computer-generated audits logs in case they are needed in the future examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future
Create a hash of each log.
Which of the following functions are performed by the TPM
Create a hash of system components
Hashing algorithms are use to perform what activity
Create a message digest
Which of the following algorithms are used in asymmetric encryption (Select two.)
Diffie-Hellman, RSA
Which of the following is a direct protection of integrity
Digital signature
What is the most obvious means of providing non-repudiation in a cryptography system
Digital signatures
On your way into the back entrance of the building at work one morning, a man dressed as a plumber ask you to let him in so he can "fix the restroom." What should you do
Direct him to the front entrance and to check in with the receptionist.
When informing an employee that they are being terminated, what is the most important activity
Disabling their network access
During a recent site survey, you find a rouge wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence
Disconnect the access point from the network
If maintaining confidentiality is of the utmost importance to your organization, which is the best response when an intruder is detected on your network
Disconnect the intruder
You manage the website for your company. The Web 1 server hosts the website. This server has the following configuration:..........Which component is a single point of failure for the website
Disk Controller
When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first
Document what's on screen
Which of the following security measures encrypts the entire contents of a hard drive
Drive Lock
Which of the following is the employment of two separate key pairs in order to separate the security functions of confidentiality and integrity in a communication system
Dual key pair
Which of the following protocols are most likely used with digital signatures (Select two.)
ECC, RSA
Which of the following security would prevent a user from reading a file which she did not create
EFS
Which of the following statements about ESD is not correct
ESD is more likely to occur when the relative humidity is above 50%
IPSec is implemented through two separate protocols. What are these protocols called (Select two.)
ESP, AH
Which of the following is not part of security awareness training
Employee agreement documents.
You want to implement BitLocker to encrypt data on a hard disk even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do
Enable the TPM in the BIOS
Which IPSec sub protocol provides data encryption
Encapsulating Security Payload (ESP)
Which of the following is not a valid example of steganography
Encrypting a data file with an encryption key
Dumpster diving is a low-tech mean of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving
Establish and enforce a document destruction policy
Which of the following is not used to oversee and/or improve the security performance of employees
Exit interviews
Which backup strategy backsup all files from a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up
Full
What is the main function of a TPM hardware chip
Generate and store cryptographic keys
You organization uses the following tape rotation strategy for its backup tapes: 1. The first set of tapes is used for daily backups 2. At the end of each week, the latest daily backup tape is promoted to be the weekly backup tape 3. At the end of the each month, one of the weekly backup tapes is promoted to be the monthly backup tape. What kind of backup ration strategy is being used
Grandfather
Which protocol is used for securely browsing a Web site
HTTPS
Which of the following fire extinguisher types poses a safety risk to users in the area (Select tow)
Halon, C02
Which of the following is used to verify that a downloaded file has not been altered
Hash
Which method can be use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence
Hashing
Which of the following is a common form of social engineering attack
Hoax virus information e-mails.
You have been asked to deploy a network solution that requires an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose
Hot site
Which of the following is the best countermeasure against man-in-the-middle attacks
IPSec
Which of the following network layer protocols provides authentication and encryption services of IP based network traffic
IPSec
Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic
IPSec (Internet protocol security)
To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where should it be submitted
Identify data and a certification request to the registration authority (RA)
Which of the following is not a form of social engineering
Impersonating a user by logging on with stolen credentials
You want to protect data on hard drives for users with laptops. You want to drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do
Implement BitLocker with a TPM
When should a hardware device be replaced in order to minimize downtime
Just before it's a MTBF is reached
You are concerned that if a private key is lost, all documents encrypted using your private key will be inaccessible. Which service should you use to solve this problem
Key escrow
Which of the following is not true concerning symmetric key cryptography
Key management is easy when implemented on a large scale.
What is the most common failure of a security policy in an environment
Lack of user awareness
When returning to the rebuilt primary site, the salvage team will restore or return what process first.
Least business-critical
The chain of custody is used for what purposes
Listing people coming into contact with evidence
Which of the following is the weakest hashing algorithm
MD-5
What is the primary goal of business continuity planning
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activates on the disk to see what kind of information it contains. What should you do first
Make a bit-level copy of the disk
You walk by the server room and notice a fire has started. What should you do first
Make sure everyone has cleared the area.
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature
Mary's private key
When a recovery is being performed due to a disaster, what services are to be stabilized first
Mission critical
You used BitLocker to encrypt the hard drive of a laptop. The laptop stores the startup key in the TPM, and a PIN is also required to start the system. Because of a hardware failure, the system will not boot. You want to gain access to the data on the hard drive. What should you do
Move the hard drive to another system. Use the recovery key to unlock the disk.
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach
Negligence
By definition, which security concept uses the ability to prove that a sender sent an encrypted message
Non-repudiation
When a sender encrypts a message using their own private key, what security service is being provided to the recipient
Non-repudiation
You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server
Obtain a certificate from a public PKI
How many keys are used with symmetric key cryptography
One
What is the primary difference between impersonating and masquerading
One is more active, the other is more passive
Which of the following encryption methods combines a random value with the plaintext to produce the cipher text
One-time pad
What technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large complex environments
Online Certificate Status Protocol
Which of the following are backed up during a differential backup
Only file that have changed since the last full backup.
Which of the following are backed up during an incremental backup
Only files that have changed since the last full or incremental backup.
A disaster recovery plan should include all but which of the following
Penetration testing
The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local back. Because of this, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but is also quick to back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups
Perform a full backup once a week with a differential backup the other days of the week.
You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer form the network to isolate it from the network and stop the attack. What should you do next
Perform a memory dump
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site
Phishing
You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area into server components and affecting the availability of the network. Which of the following should you implement
Positive pressure system
To prevent server downtime, which of the following components should be installed redundantly in a server system
Power supply
Above all else, what must be protect to maintain the security and benefit of a asymmetric cryptographic solution, especially if it is widely used for digital certificates
Private keys
Which of the following algorithms are used in symmetric encryption (Select three.)
Blowfish, AES, 3DES
In business continuity planning, what is the primary focus of the scope
Business processes
Besides protecting a computer from under voltages, typical UPS also performs which two actions
Protects from over voltages, Conditions the power signal
Which of the following is the best countermeasure for man-in-the-middle attacks
Public Key Infrastructure (PKI)
How can organization help prevent social engineering attacks (Select two)
Publish and enforce clearly-written security polices, Educate employees on the risk and countermeasures
How can an organization help prevent social engineering attacks (Select two)
Publish and enforce clearly-written security policies, Educate employees on the risk and countermeasures
Which of the following disk configurations can sustain a loss of any two disks
RAID 1+0
Which of the following drive configuration is fault tolerant
RAID 5
What is an advantage of RAID 5 over RAID 1
RAID 5 improves performance over RAID 1
Which of the following protocols can TLS for key exchange (Select two.)
RSA, Diffie- Hellman
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence
Rebooting the system
Which form of alternate site is the cheapest but my not allow an organization to recover before reaching their maximum tolerable downtime
Reciprocal agreement
Which of the following identifies someone who can retrieve private keys from storage
Recovery agent
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact
Recovery agent
Who is responsible for performing the steps of the business continuity plan or disaster recovery plain in the event of an emergency
Recovery team
What is the primary security feature that can be designed into a network's infrastructure to protect and support availability
Redundancy
Which of the following is an entity that accepts and validates information contained within a request for certificate
Registration authority
Even if you perform regular backups, what must be done to ensure that you are protected against data loss
Regularly test restoration procedures
A system failure has occurred. Which of the following restoration process would result in the fastest restoration of all data t its most current state
Restore the full backup and the last differential backup.
In the certificate authority trust model known as hierarchy, where does trust start
Root CA
Which of the following is the strongest hashing algorithm
SHA-1
Telnet is inherently insecure its communications is in plain text and easily intercepted. Which of the following is an acceptable alternative to Telnet
SSH
Which of the following protocols can be used to securely manage a network device from a remote connection
SSH
Which protocol does HTTPS use to offer greater security in Web transactions
SSL
You are purchasing a hard disk over the Internet from an online retailer. What does your browser use to ensure the other cannot see your credit card number on the Internet
SSL
You want to allow traveling users to connect to your private network through the Internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the Internet in these locations.
SSL
Which of the following protocols are often added to other protocols to provide secure transmission of data
SSL, TLS
Mary wants to send a message to Sam so the only Sam can read it. Which key would be used to encrypt the message
Sam's public key
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization
Sanitization
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them through a local liquidator. Computers were previously not used for storing sensitive information. What should you do prior to getting rid of the computers
Sanitize the hard drives
Which of the following is not an example of a service level agreement
Security policy design
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to the verify the integrity of the transmission
Sender's public key
Which of the following technologies is based upon SSL (Secure Socket Layer)
TLS (Transport Layer Security)
Which of the following are typically associated with human resource security policies (Select two)
Termination, Background checks
An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity
The CA's public key must validate the CA's digital signature on the server certificate
What is the primary purpose of forcing employees to take mandatory on-week minimum vacations every-year
To check for evidence of fraud
Why should backup media be stored offsite
To prevent the same disaster from affecting the both network and the backup media.
What is the purpose of key escrow
To provide a means to recover from a lost private key
Which of the following defines a method for one CA hierarchy to accept certificates issued by another CA hierarchy
Trusted model
Which aspect of certificates makes them a reliable and useful mechanism for providing the identity of a person, system, or service on the Internet
Trusted third-party
How many keys are used with asymmetric or public key cryptography
Two
When a cryptographic system is used to protect confidentiality of data, what is actually protected
Unauthorized users are prevented from viewing or accessing the resource.
What is the most effective means of improving or enforcing security in any environment
User awareness training
Which of the following items are contained in a digital certificate
Validity period, public key
You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using new services. What should you do
Verify that e-mail was sent by the administrator and that this new service is legitimate.
Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information
Vishing
If your mission critical services have a maximum tolerable downtime (MTD) (or a recovery time objective (RTO)) of 36 hours, what would be the optimum form of recovery site you should choose
Warm
Daily backups are done at the ABD company location and only a weekly backup is maintained at another network location. Which of the following disaster recovery strategies is ABD using
Warm site
You manage a Web site for your company. The Web site three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point of failure
Website storage
A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind productions. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of project's detail so the project can get back on schedule. What type of an attack best describes the scenario
Whaling
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file
Your copy is the same as the copy posted on the website.
Your network performs a full back every night. Each Sunday, the previous night's backup tape is archived. Wednesday morning the storage system fails. How many restore operations will you need to perform to recover all the data
1
The session keys employed by SSL (Secure Socket Layer) are available in what bit lengths
128 bit and 40 bit
Your network uses the following backup strategy: Full backup every Sunday night, Differential backup Monday through Saturday nights. Thursday morning the storage system fails. How many restore operations will you need to perform to recover all the data
2
You have been asked to implement a RAID 5 solution for RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5
3
Your network uses the following backup strategy: full backup every Sunday night, Incremental backups Monday through Saturday nights. Thursday morning the storage system fails. How many restore operations will you need to perform to recover all the data
4
What is the recommended humidity level for a server rooms
50%
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible
AES
Which of the following defines an acceptable use agreement
An agreement which identifies the employees rights to use company property such as Internet access and computer equipment for personal use.
A PKI is a method for managing which type of encryption
Asymmetric
Which of the follow are characteristics of ECC (Select two.)
Asymmetric encryption, Uses a finite set of values within an algebraic field.
Which of the following statements is true when comparing symmetric and asymmetric cryptography
Asymmetric key cryptography is used to distribute symmetric keys.
To increase your ability to recover from a disaster, where should you store backup tapes
At the vice president's home
What is the primary countermeasure to social engineering
Awareness
What does a differential backup do during the backup
Back up all files with the archive bit set; does not reset the archive bit
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take
Back up all logs and audits regarding the incident
Which of the following is an important aspect of evidence gathering
Backing up all log files and audit trails
What does an incremental backup do during the backup
Backs up all file with the archived bit set; resets the archive bit.
When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate
Bit-level cloning
You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which solution would you choose
BitLocker
In what form of key management solution is key recovery possible
Centralized
Certificates can be invalidated by the trusted third-party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates
CRL
Which of the following generates the key pair used in asymmetric cryptography
CSP
Which of the following fire extinguisher suppressant types is best use for electrical fires that might result when working with computer components
Carbon dioxide (CO2)
You're responsible for implementing network cabling in a new Gigabit Ethernet network installation. The cabling will be installed in a manufacturing environment where there is a great deal of electromagnetic interference (EMI). Which type of cabling would operate best in this environment (Choose two.)
Category 5 shielded twisted pair cable, Fiber-optic cable
What s the primary function of the IKE protocol use with IPSec
Create a security association between communicating partners
Which of the following is used for secure exchange of symmetric encryption keys
Diffie-Hellaman
Which of the following is the weakest symmetric encryption method
DES
You have a computer with three hard disks.............Disk 2 fails. Which of the following is true
Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not.
Which backup strategy backs up only files which have the archive bit set, but does not mark them as having backed up
Differential
As you are helping a user with a computer problem you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: ...........Which of the following is best action to take to make remember passwords easier so that she no longer has to write the password down
Implement end-user training
Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment
Improve and hold new awareness sessions
Which of the following activities assigns a security level to different types of data
Information classification
Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running. What should you do
Install shielded cables near the elevator
Your company system is a participant in an asymmetric cryptography system. You've crafted a message to be sent another user. Before transmission, you hash the message, then encrypt the hashing using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide
Integrity
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its clients
Service level agreement
Which of the following are examples of social engineering (Select two)
Shoulder surfing, Dumpster diving
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs
Shredding
Of the following cables, which offer the best protection against EMI
Single mode fiber optic cable
When developing the totality of security policy documentation, what type of document will contain instructions or information on remaining compliance with regulations and industry standards
Standards
What is the cryptography mechanism which hides secret communications within various forms of data
Steganography
Which of the following is the least effective power loss protection for computer systems
Surge protector
When protection of the content of a message is required, which of the following cryptography solution should be employed
Symmetric encryption
What form of cryptography is best suited for bulk encryption because it is so fast
Symmetric key cryptography
Certificate revocation should occur under all but which of the following conditions
The certificate owner has held the certificate beyond the established lifetime timer
What action is taken when the private key associated with a digital certificate becomes compromised
The certification is revoked and added to the Certificate Revocation List
Which of the following would require that a certificate be placed on the CRL
The private key is compromised.