security+1 exam 1
You have been requested to turn over all logs from a computer to a government agency through the courts. You record the time of all servers to ensure that____________ Hashes are accurate The system times are all within synchronization CoC is Preserved Time Offset can be calculate
Answer (D) preserving the time offset of servers when compared to logs will help determine the exact time of the attack. l Time offsets can be used to throw off investigations
You want to prevent users from remoting into the workstations on your network using the Remote Desktop Protocol. Which ports would you block by default? 3389 3443 21 22
Answer (a) 3389 is RDP or remote desktop protocol by default. 443 is SSL/TLS and 21 and 22 are both FTP ports
You have discovered an unauthorized device on your network. lt is allowing other users to access the network without authentication. What best describes this discovery? Rogue Access Point Honeypot IV Attack BlueSnarfing
Answer (a) A rogue access point is an access point that is attached to the network but does not offer proper authentication or encryption allowing anyone on the network
Which standard ensures that customers know what they and cannot use the equipment for? AUP SLA SOW BRP
Answer (a) Acceptable Use Policy ensures that the host machines are not used inappropriately.
Which of the following is an operational control type? Audit Logs CCTV Biometrics Guards
Answer (a) Audit logs are used as an operational control. They can be reviewed to verify that there have not been breaches or changes in data
You were on a bus and received an offensive image on your smart phone that was sent by another commuter. Which attack probably took place? Bluejacking War Chalking War Driving Bluesnarfing
Answer (a) Bluejacking is the act of using bluetooth that you are not authorized or authenticated to send or transfer data, often offensive material.
Which of the following is a requirement when implementing PKI if Data loss is unacceptable? Web of Trust Non-Repudiation Key Escrow CRL
Answer (C) Key Escrow is when private keys are held by a third party or in an escrow database for recovering if ever lost
Without Validating user input, a web application is vulnerable to the following except which answer>? Buffer Overflow Command Injection Spear Phishing SQL Injection
Answer (C) Spear phishing is a type of phishing and email scam that is used within social engineering. Input validation will never protect again social engineering
Your company uses biometrics with security locks. Using the finger that you know is in the system, you receive an access denie What just took place? A false Negative A False Positive Fail Open d Fail Closed
Answer (a) this is a false negative. It is when something that is expected to be successful fails.
Why would you want to instate a PKI in your network? Select all that apply Client Authentication WEP Encryptions Access Control Lists Code Signing
Answer (a,d) Code Signing to verify that the code is legitimate and authentication using the PKI infrastructure to encrypt and store passwords
A user who has malicious intentions has plugged in a USB which is not prohibited in your environment. Now he was able to leave with sensitive data on the pen drive. Which of the following best describes what took place? Data Leakage Preventative Data Exfiltration Data classification Data Deduplication
answer (B) Data exfiltration is taking data out of the company network without authorization or approval
During a penetration test you have discovered how a hacker could disrupt remotely working individuals. Which concepts did he exploit? DoS Account Lockout Password Recovery Password Complexity
answer (b) Account lockout will occur when there are too many attempts to enter a passwor This can be used as a DoS by an attacker
When you receive new software from a vendor which of the following should you do because the defaults are usually less secure? white listing Penetration Testing Application Hardening Fuzz Testing
answer (c) Application Defaults are usually less secure because they are shipped with a wide range of compatibility. Hardening the application protects your system
Screens savers with passwords that lock PCs are part of which controls? Management Administrative Technical Operational
answer (c) Technical Controls are controls that are offered by technology itself to help prevent unauthorized access.
ou have a point-to-point VPN protocol that is connecting two remote sites. How are these protocols authenticating? Select two RIPEMD RC4 PAP CHAP
answer (c, d) PAP is Password Authentication Protocol and Chap is Challenge Handshake Authentication protocol. These are two kinds of protocols that never send the password directly in the clear and verify each end of the connection is who they say they are
ou were using a public Wi-Fi to check your email. While you were doing this an attacker recorded your temp credentials. Later the attacker used these recorded credentials to impersonate you and log into your email and use it to send out spam. What has taken place? SQL Injections Email Manipulation Privilege Creep Session Hijacking
answer (d) Session Hijacking occurs when session cookies or session information is intercepted and later used for impersonation
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Whichis the correct bit size of the DH group 5? 1536 2048 768 1025
1536 Bit Key size is group 5. 2048 is group 4.
You have started hardening your network. Which is the BEST way to perform risk mitigation of user access to sensitive data within your network? Conduct Surveys Perform User Permission Reviews Implement vulnerability Scanners Disable user accounts that have not been used within two weeks
Answer ( B ) while D can help it is not the best answer. Routine User permission reviews will prevent accidental privilege creep.
You want to mitigate Dictionary and Brute Force attacks. What will best accomplish this? Spoofing Password Complexity Account Lockout
Answer ( c) Account lockout keeps a brute force and dictionary attack from becoming successful because these two threats just combinations of information over and over until one of them authenticates. Locking out the account prevents this
Your company wants to cut back on the cost of managing your own infrastructure. Which services allow that? PaaS SaaS IaaS Community Services
Answer ( c) Infrastructure as a Service is paying third party to host your company infrastructure on their network. While this gives you less control over your infrastructure it reduces the cost of ownership and maintenance that must be performe
If you have decided to block port 80 on the network to harden the systems, which of the following will the users not be able to do? Transfer files using FTP Send Emails Browse the web Instant message others
Answer ( c) Port 80 is for http which is used for web browsing. Without port 80 users will not be able to browse the web
n a Microsoft exchange environment, which protocol is used to send mail from server to server? POP IMAP SMTP SNMP
Answer ( c) the SMTP or Simple Mail Transfer Protocol is used to send email from one server to the other over port 25
which protocols would you use to create a centralized reporting infrastructure for network devices? TLS SSL SMTP SNMP
Answer ( d) SNMP is simple network management protocol which uses traps that are set on devices that report back to a central management console. SMTP is simple mail transport protocol and is used to deliver and send mail between servers
A security administrator implements access controls based on the security classification of the data and Need-to-Know information.When explaining this to a new employee what do you describe this as? Implicit Deny Role-Based Access Control Mandatory Access Control Least Privilege
Answer (C ) Mandatory access control is need to know and uses a system of levels such as top secret, secret, classified to identify someone's ability to view data
You are setting up a PKI in your infrastructure. In which scenario is the PKI Least Hardened? The crl Posted to a publicly accessible location The Recorded Time Offsets are developed with symmetric keys A malicious CA Certificate is loaded on all the clients All public keys are accessed by an unauthorized user
Answer (C) If this is done it is often harder to determine that the certificate is malicious and the whole CA is compromised rather than just the users
Your company uses a diverse infrastructure and you use SHA. Which of the following attacks must you be aware of? Buffer Overflow Cookie Stealing Directory Traversal XML Injection
Answer (a) Buffer overflow is an attack in which vulnerabilities in coding are used to cause a memory buffer to be purged to either crash a system or write information into the actual code as the memory flows over the expected amount.
when working with third party business partners you want to ensure that they have only access to data that they nee Which concepts would you implement to prevent sensitive data from leaving the network? Data Leakage Preventative Onboarding Off Boarding Privacy Considerations
Answer (a) DLP or Data Leak/Loss Prevention is a technology that is enforced to stop data from being shared or taken outside of the network
What mitigates the impact of mobile device loss or theft? Disk Encryption Encryption Policy Solid State Mobile Device Policy
Answer (a) Disk Encryption will ensure that the data is not compromised in the event of a mobile device being lost or stolen
Your company recently had a security breach in which numerous passwords were cracke What is the most appropriate response to this? Force Expiration of all company passwords by the end of business day Unlock the associated accounts Lock down the network and not let anyone access it until they determine the cause None of the above
Answer (a) Forcing the expiration of passwords will require all users to change either passwords. This is the most reasonable response to this scenario
Your security administrator is using a form of security testing known as fuzzing. What behavior is he looking for in the application that he is testing. of Unexpected Input Invalid output Parameterized input Valid output
Answer (a) Fuzzing is testing a software application's behavior of Unexpected input being entered into fields. This helps prevent application vulnerabilities as it is a common method of attack
You are using an authentication method that issues tickets to authorize use of network resources. Which authentication methods are you using? Kerberos TACACS+ RADIUS LDAP
Answer (a) KERBEROS is an authentication method that uses Tickets to allow access to network resources. It also requires a timestamp on the tickets to verify so, that credentails cannot be hijacked
____ Is the process of translating several Private IP addresses into a single public IP Address NAT b PAT NAC Remote Access Translation
Answer (a) NAT is Network Address Translation is the process of translating several IP addresses from a private LAN to a single Public WAN IP Address. PAT is translating ports back across the network. It is similar to the reverse of NAT
You want to implement hardware assisted full disk encryption. Which technologies will you most likely use? TPM USB Drive Key Escrow PKI
Answer (a) TPM or Trusted Platform Module is used on mobile devices such as laptops, but is hardware-based encryption for full disk encryption
What is a legitimate use for a network engineer or technician to use a Password Cracker within your network infrastructure Look for weak passwords of users that pose a potential threat Change the user password when they leave the company Ensure password complexity requirements
Answer (a) Technicians can see how long it would take to crack users passwords on the network. Password complexity and forgotten passwords are usually handled through active directory or other tools built into the systems that do not require cracks
There have been several breached accounts in the last month within your organization. Which policies will you want to instate to ensure that, it is less likely for users to allow their passwords to be compromised? Clean Desk Policy Job Rotation AUP SLA
Answer (a) The Clean Desk policy ensures that papers that may have users passwords or other credentials written on them are less likely to be discovered by passerby or other mal-content employees.
Which answers best describes defense in depth? Defense in Depth is layered security. The more levels or layers of security the less likely of a compromise. Defense in Depth is how detailed your security is within a network. The detailed your security the better defense you will have Defense in Depth means that you go to great depths to defend your network Defense in depth is not an actual practice in security.
Answer (a) This means you start at the physical layer and attempt to secure that, then secure the application itself, following that, you also secure the way the application is accessed and how data is transmitte
Which of the following hardware-based encryption devices is used as part of multi-factor authentication to access a secured computing system? USB Encryption Whole Disk Encryption TPM Database Encryption
Answer (a) USB Encryption is used as multifactor hardware encryption when accessing a computer system. TPM is hardware based encryption within the machine
Which of the following best describes a device that uses antivirus, web content filtering and email filtering all on a single network device to better protect the network UTM Router Switch SNMP Trap
Answer (a) UTM or Unified Threat Management is managing network threats from a single device using severe technologies to harden your network
Which types of network authentication methods is the LEAST secure? WEP WPA WPA2 RADIUS
Answer (a) WEP is the least secure of all wireless protocols. It has known vulnerabilities and has been cracke WEP should never be the used form of wireless authentication
You are tasked with hardening your company's WLAN. Which products would you use to provide the most secure environment? WPA2 CCMP WPA WPA with MAC Filtering WEP
Answer (a) WPA2 is the most secure but including CCMP to hardens the encryption more and makes it the most secure. WEP is the least secure WPA 1 is becoming less and less secure as time progresses
You are training your network team on looking for activity that looks suspicious but none of your security measures such as AV or NIDS are detecting. What are you training them about? Zero Day Attacks Known Malware Session Hijacking Cookie manipulation
Answer (a) Zero Day Attacks are attacks that have not yet been discovered or recognized by the vendor or general publi
Your company has a webserver that the public can access. You want to make sure that the web server, if compromised does not have direct access to the rest of your network. Which of the following concepts would you implement? DMZ Subnetting Supernetting VLAN
Answer (a) a DMZ allows a machine to be access by the public by not blocking any ports but keeps the machines on it separated from the rest of your network
You have noticed that your network has been under attack for quite some time now. You have determined that this is an organized attack from several locations from a single foreign country. What kind of attack is taking place most likely? Privilege Escalation Advanced Persistent Threat Malicious Insider Threat
Answer (b) Advanced persistent threats are threats carried out by advanced criminal organizations or country government parties. These are very serious targeted attacks
Unwanted advertisements are sent to a user's mobile device. Which of the following best describes what is taking place? Man in the Middle Bluejacking Bluesnarfing Packet Sniffing
Answer (b) Bluejacking is the ability to use bluetooth to send unwanted information to others mobile devices. Bluesnarfing is connecting to someone's phone through bluetooth and using that device
You are explaining to your security administrator what Public keys are used for. Which of the following is true? Decrypting wireless messages Decrypting the Hash of an electronic Signature Bulk Encryption of IP Based email traffic Encrypting Web Browser traffic
Answer (b) Decrypting the hash of an electronic signature allows you to verify that the key has not been change This is how PKI's work
Your team is trying to test the reliability of an application. You want to test the integrity and availability. Which of the following will best accomplish this? Secure Coding b Fuzzing Exception Handling Input Validation
Answer (b) Fuzzing is the process in which you attempt to input unexpected data into an application to see the results or behavior
An attacker has determined open Wi-Fi in the are Faking a response he forces laptops nearby to connect to a malicious device. Host-based firewall Network-Based Firewall Software-based firewall UTM Firewall
Answer (b) Network-based firewalls are put on the edge of your network to allow or block traffic that comes through the router. Host-based firewalls are firewalls that sit on or in front of hosts and monitor the data that comes in and out of that particular machine
You are using an ACL to manage access to your network. This is also known as _______. Role Based Management Rule Based Management Discretionary Access Control Mandatory Access Control
Answer (b) Rule Based Management or Access control uses technologies like ACL to define the access rights. Role Based uses permissions and job roles. Discretionary uses owner ship and is the least secure. Mandatory uses security levels
User1 has Read and Write permissions to a folder. User2 is collaborating with User1 and needs write access to a particular file. Which types of access control would this reflect? Role-Based Access Control Rule-Based Access Control Mandatory Access control Discretionary access control
Answer (b) Rule based access control gives permissions based on allow or deny rules. Discretionary access control is based on ownership.
You are currently reviewing all the authentication methods used in your enterprise infrastructure. Which of the following should be replaced with a more secure alternative? RADIUS TACACS TACACS+ XTACACS
Answer (b) TACACS, of all the listed authentication methods is the least secure as it sends information in the clear. TACACS+ replaced TACACS
After a compromise of the network, which is the MOST important step in preserving any evidence that has been discovered by your IRT? Involvement of Law Enforcement Chain of Custody Time of the Incident Time in which incident is reported
Answer (b) The Chain of Custody ensures that the information and data can be used in the court of law without being contaminated or considered inadmissible.
True Or False: There has been a compromise to your company network. To preserve evidence you first want to track the man hours and expenses of the following the order of volatility True False
Answer (b) The Order of Volatility is about documenting and preserving data that is the least constant as quickly as possible to preserver evidence. Screen Shots of time offsets, hashes of data, traffic logs before they are lost or corruption. RAM and other volatile memory should be captured first
What is the first thing that you should do when you are configuring a new router? Set the encryption of the data Change all default login credentials Stand up the firewall at the edge of the network Set up the network monitoring
Answer (b) default logon credentials are a threat to security. With defaults a device can be hacked just from someone googling the information off a vendor website
While surfing the internet you accidently click a banner that has popped up on a website. While this happens a "drive-by Download" occurs. What is most likely in that download? Backdoor Spyware DoS PoD
Answer (b) spyware is small scripting or programming that takes advantage of cookies and other things to track information such as where you browse to and what you look at on the internet
You notice your network antivirus has quarantined several packets of data. Upon inspection this is known to be non viral and data tha you sent across the network. What just took place A false Negative A False Positive Fail Open Fail closed
Answer (b) this is a false positive. This is when something is seen as an intrusion or expected reaction when it is not actually so. For example biometric false positives means it detected a fingerprint as listed in the database when the fingerprint actually was not in the database
As an I.T. consultant you have recommended redundant internet connections from separate ISPs. Which is the most likely reason for recommending this? (Select all that Apply) To allow load balancing within the network This allows business continuity To Eliminate a single point of failure to allow a cold site in case of a disaster
Answer (b, c) Business continuity is established as it creates failover. If one ISP goes down there is a second provider that will be providing access. A single point of failure will collapse a network. Now two ISPs would have to go down to have a full DoS of any sort
You plan on encrypting smartphones that the company issues as a security measure. Which two things should be included in that encryption? Steganography images Internal Memory Removable Memory Cards
Answer (b, c) Internal memory and Removable memory encryption ensures any sensitive data stored on a phone will be encrypte
You have just discovered a vulnerability in the firmware of your firewall. You begin by submitting a request to upgrade the firmware. Which of the following best describes the process in which changes are handled on your network? Incident Management Order of Volatility Change Management Defense in Depth
Answer (c ) Change management is the policy or procedure in which a change is requested, and performed on the network. It Includes authorization, approval, documentation, planning and implementation. Incident management is similar but is usually a response to a troubleshooting incident.
You test an application as an authenticated user. What kind of penetration testing are you performing? White Box Black Box Grey Box Network
Answer (c ) Grey Box testing is testing with some knowledge or access to the network. Limited priv. and authentication. White box is full access to administrator accounts and all. Black box testing is with no knowledge of the network
You want to increase your overall network security. What is this process known as? stabilizing Reinforcing Hardening Toughening
Answer (c ) Hardening is the act of improving your network security. Any form of security lockdown is considered hardening of the network
Which policies not only increase moral but ensures a persons duties can be checked and verified? AUP Security Policy Mandatory Vacation Policy Least Privilege
Answer (c ) The Mandatory Vacation allows users to go on vacation and will give someone else a chance to verify the duties and tasks of that role to ensure that it is being performed correctly.
Your company has been having a problem with employees emailing data to their personal email accounts that should not leave the network. Which technologies would prevent that? HSM CRL DLP TPM
Answer (c) DLP or Data Loss/Leak Prevention is a technology that when implemented prevents data from escaping the network like in the scenario listed
A group policy requires users in an organization to use strong passwords and change their password every 15 days. A user was hired 25 days ago but has not had to change her passwor What has happened? The user's account has admin privileges The user's account was added to the group policy The user's account was not added to the group policy The user account was disabled and must be recreated
Answer (c) Group policy enforces rules in an AD environment. If the user was added to group policy then it would have required a password change
A third party application can maintain its own user accounts and facilitate single sign on. To use this it is requesting OU information as well as DC=Domain and DC=COM. Which authentication service is this application trying to use? TACACS+ RADIUS LDAP KERBEROS
Answer (c) LDAP uses the structure OU(Organizational Unit) DC (domain controller). MS AD environments use LDAP for the user structure
In an Attempt to prevent wardriving which strategies will harden security Site Surveys CCMP Power Level Controls Captive Portals
Answer (c) Power levels will decrease the range of the antenna. This will limit the access to the network within the walls of the building when combined with antenna placement
Your company has just encountered an attack. Following the order of volatility which steps should be taken immediately after recording time offsets and saving data? Capture Video Talk to Witnesses Take Hashes of the Data Evidence Determine the costs of manpower
Answer (c) taking hashes ensures that when the data is looked over at a later time that it has not been tampered with. This ensures that it is in the same state that it was found in and no tampering is present.
During user training you are explaining what PII is. Used together what constitutes PII? Select all that apply. Marital Status Pet's Name Birthday Full Name
Answer (c, d) PII is personally identifying information. This is information that can be used to verify that you are who you say you are during authentication,.
if your company wants to prevent remote logon to workstations which port would you most likely block access to by default? 21 443 22 3389
Answer (d) 21 is FTP, 22 is SSH, RDP is remote desktop protocol. This allows remote access to workstations by default. Blocking this can prevent this on network.
You want to harden your network and improve your security posture by addressing risks and removing them daily. Which of the following will best accomplish this? Better Encryption Large Scale Disaster Recovery Corporate Espionage Antivirus Software
Answer (d) Antivirus Software will review machines on a day to day routine with scheduled scans and lessen the impact or possibility of virus contamination
You have discovered employees playing installed games on company computers. How can you prevent this from happening in the future? AUP Firewalls Content Inspection Application Whitelisting
Answer (d) Application Whitelisting is the process of setting which applications are allowed or not allowe Whitelisting can cause alerts to be triggered if blacklisted applications are run or prevent them all together
You want to use an ACL to allow or deny traffic to and from certain ports. Which devices allow you to perform such an action? Router Switch Load Balancer1 Firewall
Answer (d) Firewalls use ACL to allow or block types of traffic or based on ports
When explaining HSM within servers, which of the following is the most accurate? Thumb Drives Present a significate threat which is mitigated by HSM Software encryption can perform multiple functions required by HSM Data Loss by removable media can be prevented with DLP Hardware Encryption is faster than software encryption
Answer (d) Hardware encryption uses dedicated chips and processors to encrypt information while software encryption uses the normal processing power of the machine. This makes software encryption less efficient
You have complete access to code for software. You are in the middle of analyzing the quality of the code and ensuring that there aren't vulnerabilities. What type of testing is this? Black Box Penetration Gray Box
Answer (d) Having full access to the code makes this white box testing. You are reviewing it with full knowledge and access to the software
he distance from one router to another measured in units is known as? Administrative Distance Bandwidth Latency Hops
Answer (d) Hops is the distance from one router to the next. The total number of routers that information must pass through to reach the destination is known as the hop count.
You are utilizing LDAP and Kerberos on your network. What are you most likely implementing to do so? Performing queries on a directory service Storing Usernames and passwords for a federated identity Signing SSL wildcard certificates for subdomains Utilizing single sign-on capabilities
Answer (d) LDAP is an authentication protocol and KERBEROS is the means of authorizing resources once authenticate The combination of the two often allows for single sign on, such as in an active directory domain environment
A malicious user has tried to connect to the wireless network. Although due to the security measures, even with the Wi-Fi___33 password his device is not being allowed on the network. Which security methods are most likely in place? leap peap IP Filter MAC Filter
Answer (d) MAC filter means that devices are allowed on the network based off the MAC address of their NIC> This is a good way to ensure only authorized devices access network resources
Your company has started developing a new software. You want to implement a digital rights management solution to protect the product. What should you enforce? Transport Encryption IPsec Non-Repudiation PKI
Answer (d) PKI or Public Key Infrastructure are used for tasks such as Code Signing. This allows you to show ownership and protect code with your signed certificates
If your company requires port 25 to be open you can rightfully assume that you are using which of the following protocols? DNS DHCP SNMP SMTP
Answer (d) SMTP uses port 25 and it sends email from server to server using this Port by Default.
You have been receiving unwanted emails about business grants which all seem to want you to sign up for something. What is happening? Spear Phishing Spoofing Hoax Spam
Answer (d) Spam is unwanted marketing or advertising email most of the time. Phishing uses social engineering and email to collect information or perform scams on the user
You have decided to move large amounts of data to a PaaS to limit costs. With much of the data being a security risk and very sensitive, which of the following provides a clear understanding of controls needed to protect the data by both parties? MOU SLA BPA ISA
Answer (d) This is an interoperability security Policy which states the security requirements of data between two parties that have I.T. data shared between them
You have implemented group-based privileges within your company network. You want to ensure least privilege. What must you do regularly? Leverage Role-based access controsl Verify Smart Card Access Controls Verify SHA_186 for password hashes Perform User group Clean-up
Answer (d) Using groups can cause you to accidently leave users part of groups they no longer belong to which allow privilege or access creep. Routine cleanups should be performed
While surveying the perimeter of your building you notice several markings around the building. These coincide with locations where Wi-Fi is located outside of the perimeter of your building. What is taking place? IV Attack War Dialing Rogue AP War Chalking
Answer (d) War Chalking is the practice of using symbols and markings where there is Wi-Fi taking place for other war drivers to access the network
When forwarding PII what is the most important thing you can do to it? Digital Signatures Hashing Secret Key Data Encryptions
Answer (d) While all the others also help protect the data, data encryption while in transit or not in motion protects the information the most.
You notice you are unable to access a file on a network share. You have determined the file is marked as confidential and your current role does not have the appropriate access level. What is implemented? Mandatory Access Control Discretionary Access Control Rule Based Access Control Role based access control
Answer(a) Mandatory Access Control uses security levels which is identified as the way to access this file
_______ is a type of symmetric key encryption algorithm that transforms a fixed length block of plaintext data into a block of ciphertext data of the same length Block Cipher Stream Cipher Bit Cipher Hash Cipher
Block Ciphers are not as secure as the rest of the ciphers but they are not as data intensive as they encrypted blocks of data rather than each bit at a time.
In your network, users access the corporate web site from their workstations. You are worried that an attacker may be intercepting data and performing a, man in the middle attack. Which is the best remediation against this type of attack? Requiring Client and Server PKI Certificates for all connections. Implementing server side PKI certificates for all connections Mandating that only client side PKI certifies for all connections Requiring Strong authentication for all DNS Queries
PKI Certificates allow both the client and the server to authenticate without directly sharing information as only one side of the key is distribute Applying them to both clients and servers will stop a man in the middle.
A program that is on a windows machine without authorization lies dormant in memory until a thumb drive is detecte At that point the program loads itself onto the thumb drive and then further installs itself on other machines. What is this program? Zero Day Attacks Trojan Virus Rootkit
Zero Day Attacks
Your company has several divisions such as HR and Customer Service. Customer Service has a high amount of turn over. Which strategies are best suited when assigning user rights for the customer service department? Time of Day Restrictions Group Based Privileges User Assign Privileges Domain Admin Restrictions
nswer (B) Group Based Privileges means all people in a particular group have the same priv. which are often predesignated on a template.
You are implementing an IPsec tunnel. Which algorithms are you most likely using? Blowfish Twofish RC4 HMAC
nswer (d) HMAC is used with IPsec most of the time. Blow Fish and TwoFish are different versions of the same type of block encryption. RC4 is a stream cipher that is used in Wi-Fi encryption