TEST DAY!
To protect against malicious attacks, what should you think like? A. Hacker B. Network admin C. Spoofer D. Auditor
A. Hacker
Which device is used to encrypt the authentication process? A. WPA B. HSM C. Enigma machine D. Smart card
B. HSM
Malware can use virtualization techniques. Why would this be difficult to detect? A. A portion of the malware might have already been removed by an IDS. B. The malware might be using a Trojan. C. The malware could be running at a more privileged level than the computer's antivirus software. D. The malware might be running in the command-line.
C. The malware could be running at a more privileged level than the computer's antivirus software.
A co-worker's laptop has been compromised. What is the best way to mitigate data loss? A. Common Access Card B. Strong password C. Biometric authentication D. Full disk encryption
D. Full disk encryption
What would you use a TPM for? A. Input validation B. System hardening C. Cloud computing D. Full disk encryption
D. Full disk encryption
What kind of attack enables an attacker to access administrator-level resources using a Windows service that uses the local system account? A. Trojan B. Spyware C. Spam D. Privilege escalation
D. Privilege escalation
A thumb drive has been used to compromise systems and enable unauthorized access. What kind of malware was most likely installed to the thumb drive? A. Bot B. Logic bomb C. Virus D. Trojan
D. Trojan
What are some of the drawbacks to using a HIDS instead of a NIDS on a server? (Select the two best answers.) A. A HIDS may use a lot of resources, which can slow server performance. B. A HIDS cannot detect operating system attacks. C. A HIDS has a low level of detection of operating system attacks. D. A HIDS cannot detect network attacks.
A. A HIDS may use a lot of resources, which can slow server performance D. A HIDS cannot detect network attacks.
Which of the following are Bluetooth threats? (Select the two best answers.) A. Bluesnarfing B. Blue bearding C. Bluejacking D. Distributed denial-of-service
A. Bluesnarfing C. Bluejacking
A group of compromised computers that have software installed by a worm or Trojan is known as which of the following? A. Botnet B. Virus C. Rootkit D. Zombie
A. Botnet
Specific secure data is only supposed to be viewed by certain authorized users. What concept ensures this? A. Confidentiality B. Integrity C. Availability D. Authenticity
A. Confidentiality
What are two ways to secure the computer within the BIOS? (Select the two best answers.) A. Configure a supervisor password. B. Turn on BIOS shadowing. C. Flash the BIOS. D. Set the hard drive first in the boot order.
A. Configure a supervisor password. D. Set the hard drive first in the boot order.
Which of the following will an Internet filtering appliance analyze? (Select the three best answers.) A. Content B. Certificates C. Certificate revocation lists D. URLs
A. Content B. Certificates D. URLs
You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution? A. Device encryption B. Remote wipe C. Screen locks D. AV software
A. Device encryption
Which of the following best describes a TPM? A. Hardware chip that stores keys B. High-speed secure removable storage device C. Third-party certificate authority D. USB encryption
A. Hardware chip that stores keys
Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption? A. Individually encrypted files will remain encrypted if they are copied to external drives. B. It reduces the processing overhead necessary to access encrypted files. C. NTFS permissions remain intact when files are copied to an external drive. D. Double encryption doubles the bit strength of the encrypted file
A. Individually encrypted files will remain encrypted if they are copied to external drives.
Jake is in the process of running a bulk data update. However, the process writes incorrect data throughout the database. What has been compromised? A. Integrity B. Confidentiality C. Availability D. Accountability
A. Integrity
Which of the following would an antivirus program most likely not detect? (Select the two best answers.) A. Logic bomb B. Worm C. Virus D. Trojan E. Pharming
A. Logic bomb E. Pharming
What is software that is designed to infiltrate a computer system without the user's knowledge or consent? A. Malware B. Privilege escalation C. Whitelists D. HIDS
A. Malware
Rick is reviewing the logs of a host-based IDS. They show that the computer has been compromised by a botnet and is communicating with a master server. If Rick needs to power the computer off, which of the following types of data will be unavailable? A. Memory, system processes, and network processes B. Memory, archival storage, and temporary files C. Swap files, system processes, and the master boot record D. The system disk, e-mail, and log files
A. Memory, system processes, and network processes
E-mail servers can be maliciously exploited in many ways, for example, spoofing e-mail messages. Which of the following is a common component that attackers would use to spoof e-mails? A. Open relay B. Web proxy C. Session hijacking D. Logic bomb
A. Open relay
You are the network security administrator for your organization. You recently audited a server and found that a user logged in to the server with a regular account, executed a program, and performed activities that should be available only to an administrator. What type of attack does this describe? A. Privilege escalation B. Backdoor C. Trojan horse D. Brute-force
A. Privilege escalation
You have been given the task of scanning for viruses on a PC. What is the best of the following methods? A. Recovery environment B. Dual-boot into Linux C. Command Prompt only D. Boot into Windows normally
A. Recovery environment
A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do? A. Remote wipe B. GPS tracking C. Implement encryption D. Turn on screen locks
A. Remote wipe
A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device? (Select the two best answers.) A. Remote wipe B. E-mail password C. GPS D. Tethering E. Encryption F. Screen lock
A. Remote wipe E. Encryption
One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive-by download of unwanted software occurred. What does the download most likely contain? A. Spyware B. DDoS C. Smurf D. Backdoor E. Logic bomb
A. Spyware
HIDS and NIDS are similar intrusion detection systems. However, one is for individual computers, and the other is for networks. Which of the following would a HIDS be installed to monitor? A. System files B. CPU performance C. Network adapter performance D. Temporary Internet files
A. System files
Which of the following is embedded and contains a storage root key? A. TPM B. HSM C. EFS D. BitLocker
A. TPM
Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.) A. Technical support resources are consumed by increased user calls. B. Users are at risk for identity theft. C. Users are tricked into changing the system configuration. D. The e-mail server capacity is consumed by message traffic.
A. Technical support resources are consumed by increased user calls. C. Users are tricked into changing the system configuration.
You are surprised to notice that a co-worker's computer is communicating with an unknown IRC server and is scanning other systems on the network. None of this was scheduled by anyone in your organization, and the user appears to be unaware of what is transpiring. What is the most likely cause? A. The computer is part of a botnet. B. The computer is infected with a worm. C. The computer is infected with spyware. D. The computer is infected with a rootkit.
A. The computer is part of a botnet.
One of your users complains that files are being randomly renamed and deleted. The last action the user took was to download and install a new screensaver on the computer. The user says that the file activity started immediately after installation of the screensaver. Which of following would be the best description for this screensaver? A. Trojan horse B. Logic bomb C. Virus D. Worm
A. Trojan horse
Which of these is a true statement concerning active interception? A. When a computer is put between a sender and receiver B. When a person overhears a conversation C. When a person looks through files D. When a person hardens an operating system
A. When a computer is put between a sender and receiver
Which type of malware does not require a user to execute a program to distribute the software? A. Worm B. Virus C. Trojan horse D. Stealth
A. Worm
Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.) A. Worms self-replicate but Trojan horses do not. B. The two are the same. C. Worms are sent via e-mail; Trojan horses are not. D. Trojan horses are malicious attacks; worms are not.
A. Worms self-replicate but Trojan horses do not.
To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented? A. Data connection capabilities should be disabled. B. A password should be set on the smartphone. C. Smartphone data should be encrypted. D. Smartphone should be only for company use.
B. A password should be set on the smartphone.
In the event that a mobile device is stolen, what two security controls can prevent data loss? (Select the two best answers.) A. GPS B. Asset tracking C. Screen locks D. Inventory control E. Full device encryption
B. Asset tracking E. Full device encryption
Your boss's smartphone is encrypted and has screen lock protection, yet data was still stolen from it. How is this possible? A. Botnet B. Bluesnarfing C. SIM cloning D. GPS tracking
B. Bluesnarfing
Which of the following best describes a backdoor? A. Code inserted into software that initiates one of several types of functions when specific criteria are met B. Computer programs used to bypass normal authentication or other security mechanisms in place C. Code that restricts access to a computer and makes demands for money D. A group of compromised computers
B. Computer programs used to bypass normal authentication or other security mechanisms in place
The IT director asks you to protect a server's data from unauthorized access and disclosure. What is this an example of? A. Integrity B. Confidentiality C. Availability D. Non-repudiation
B. Confidentiality
Your organization is attempting to reduce risk concerning the use of unapproved USB devices to copy files. What could you implement as a security control to help reduce risk? A. IDS B. DLP C. Content filtering D. Auditing
B. DLP
Which of the following is most likely to result in data loss? A. Accounting personnel transferring confidential staff information with SFTP B. Developers copying data from production to test environments with USB sticks C. Encrypted backup tapes left unattended at reception for offsite storage D. Back office staff updating details on a mainframe with SSH
B. Developers copying data from production to test environments with USB sticks
What are the two ways in which you can stop employees from using USB flash drives? (Select the two best answers.) A. Utilize RBAC. B. Disable USB devices in the BIOS. C. Disable the USB root hub. D. Enable MAC filtering.
B. Disable USB devices in the BIOS. C. Disable the USB root hub.
What are kernel-level rootkits designed to do to a computer? (select two) A. Make a computer susceptible to pop-ups B. Extract confidential information C. Hide evidence of an attacker's presence D. Hide backdoors into the computer E. Crack the user's password
B. Extract confidential information C. Hide evidence of an attacker's presence
Which of the following is a concern based on a user taking pictures with a smartphone? A. Application whitelisting B. Geotagging C. BYOD D. MDM
B. Geotagging
Which of the following would be installed on a single computer to prevent intrusion? A. Network firewall B. Host-based firewall C. Host intrusion detection system D. VPN concentrator
B. Host-based firewall
You want to prevent any intrusions to a single computer. What is the best solution? A. VPN concentrator B. Host-based firewall C. Host-based intrusion detection D. Network firewall
B. Host-based firewall
Some of the employees in your organization complain that they are receiving e-mail loaded with advertisements. What should you do? A. Install anti-spyware. B. Install anti-spam. C. Install antivirus. D. Install a HIDS.
B. Install anti-spam.
A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts? A. Confidentiality B. Integrity C. Remediation D. Availability
B. Integrity
Carl is the security administrator for a transportation company. Which of the following should he encrypt to protect the data on a smartphone? (Select the two best answers.) A. Public keys B. Internal memory C. Master boot record (MBR) D. Steganographic images E. Removable memory cards
B. Internal memory E. Removable memory cards
A virus is designed to format a hard drive on a specific day. What kind of threat is this? A. Botnet B. Logic bomb C. Spyware D. Adware
B. Logic bomb
Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? A. Authenticity B. Non-repudiation C. Confidentiality D. Integrity
B. Non-repudiation
You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server? A. Spam B. Rootkit C. Backdoor D. Logic bomb E. Ransomware
B. Rootkit
Which of the following individuals uses code with little knowledge of how it works? A. Hacktivist B. Script kiddie C. APT D. Insider
B. Script kiddie
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this? A. Anomaly-based IDS B. Signature-based IDS C. Behavior-based IDS D. Heuristic-based IDS
B. Signature-based IDS
Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat? A. Spyware B. Spam C. Viruses D. Botnets
B. Spam
You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement? A. HSM B. TPM C. HIDS D. USB encryption
B. TPM
How do most network-based viruses spread? A. By optical disc B. Through e-mail C. By USB flash drive D. By instant messages
B. Through e-mail
What are the best reasons to use an HSM? A. To recover keys B. To store keys C. For a CRL D. To generate keys E. To transfer keys to the hard drive
B. To store keys D. To generate keys
You have been instructed to install an intrusion detection system that can protect a database server and the rest of the network. You cannot afford to use any more resources on the database server. You decide to implement a network intrusion detection system. Why is this superior to a host-based intrusion detection system? (two best answers) A. A HIDS is not reliable when it comes to detecting attacks. B. Usually, a HIDS cannot detect network attacks. C. A HIDS cannot be updated. D. A HIDS can negatively impact system performance.
B. Usually, a HIDS cannot detect network attacks. D. A HIDS can negatively impact system performance.
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? A. Virus B. Worm C. Zombie D. PHP script
B. Worm
What is the main difference between a worm and a virus. A. A virus is easily removed. B. A worm is undetectable. C. A worm is self-replicating. D. A virus is larger.
C. A worm is self-replicating.
Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.) A. Accountability B. Assessment C. Availability D. Auditing
C. Availability
Which of the following is the greatest risk when it comes to removable storage? A. Integrity of data B. Availability of data C. Confidentiality of data D. Accountability of data
C. Confidentiality of data
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? A. Availability of virtual machines B. Integrity of data C. Data confidentiality D. Hardware integrity
C. Data confidentiality
Of the following, what is the best option to implement if you want to be able to recover a lost laptop? A. Remote wipe B. HIDS C. GPS D. Whole disk encryption
C. GPS
You oversee compliance with financial regulations for credit card transactions. You need to block out certain ports on the individual computers that do these transactions. What should you implement to best achieve your goal? A. HIPS B. Antivirus updates C. Host-based firewall D. NIDS
C. Host-based firewall
You are developing a security plan for your organization. Which of the following is an example of a physical control? A. Password B. DRP C. ID card D. Encryption
C. ID card
Hardware-based encryption devices such as hardware security modules (HSMs) are sometimes deployed by organizations more slowly than in other organizations. What is the best reason for this? A. RBAC B. USB removable encryption C. Lack of management software D. Multifactor authentication
C. Lack of management software
You have several unused USB flash drives, three laptops, and two HSMs that contain sensitive data. What is the best way to prevent the theft of these devices? A. GPS tracking B. Encryption C. Locking cabinet D. Hashing
C. Locking cabinet
What kind of threat is a virus that is designed to format a computer's hard drive on a specific calendar day? A. Bot B. Spyware C. Logic bomb D. Adware
C. Logic bomb
Which of the following types of scanners can locate a rootkit on a computer? A. Image scanner B. Barcode scanner C. Malware scanner D. Adware scanner
C. Malware scanner
Your CFO's smartphone holding classified data has been stolen. What is the best way to reduce data leakage? A. Inform law enforcement. B. Track the device with GPS. C. Remotely sanitize the device. D. Use strong encryption.
C. Remotely sanitize the device.
Which of the following enables an attacker to hide the presence of malicious code by altering Registry entries? A. Worm B. Logic bomb C. Rootkit D. Trojan
C. Rootkit
You investigate an executive's laptop and find a system-level kernel module that is modifying the operating system's functions. What is this an example of? A. Logic bomb B. Virus C. Rootkit D. Worm
C. Rootkit
A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened? A. The computer is infected with spyware. B. The computer is infected with a virus. C. The computer is now part of a botnet. D. The computer is now infected with a rootkit.
C. The computer is now part of a botnet.
What can happen if access mechanisms to data on an encrypted USB hard drive are not implemented correctly? A. Data on the USB drive can be corrupted. B. Data on the hard drive can be vulnerable to log analysis. C. The security controls on the USB drive can be bypassed. D. User accounts can be locked out.
C. The security controls on the USB drive can be bypassed.
Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer? A. Worm B. Virus C. Trojan D. Spam
C. Trojan
Which of the following would most likely be considered for DLP? A. Proxy server B. Print server C. USB mass storage device D. Application server content
C. USB mass storage device
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.) A. Virus B. Worm C. Zombie D. Malware
C. Zombie
You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem? A. Antivirus B. Anti-spyware C. Host-based firewalls D. Anti-spam
D. Anti-spam
You have disabled all unnecessary services on a domain controller. What is this an example of? A. Secure code review B. Baselining C. Patch management strategy D. Application hardening
D. Application hardening
Which of the following is a type of malware that is difficult to reverse engineer? A. Logic bomb B. Worm C. Backdoor D. Armored virus
D. Armored virus
Which of the following types of viruses hides its code to mask itself? A. Stealth virus B. Polymorphic virus C. Worm D. Armored virus
D. Armored virus
What is another name for a malicious attacker? A. White hat B. Penetration tester C. Fuzzer D. Black hat
D. Black hat
Which of the following is not an example of malicious software? A. Rootkits B. Spyware C. Viruses D. Browser
D. Browser
In information security, what are the three main goals? (Select the three best answers.) A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk Assessment F. Availability
D. Confidentiality B. Integrity F. Availability
What are the three main goals of information security? A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk assessment F. Availability
D. Confidentiality B. Integrity F. Availability
Which type of attack uses more than one computer? A. Virus B. DoS C. Worm D. DDoS
D. DDoS
You are in charge of monitoring a workstation for application activity and/or modification. Which of the following types of systems should you use? A. RADIUS B. NIDS C. OVAL D. HIDS
D. HIDS
Randy needs an external add-on solution that can provide encryption and integrate with his existing database server. Which of the following would meet his needs? A. TPM B. FDE C. CAC D. HSM
D. HSM
Which of the following is a removable device that can be used to encrypt in a high-availability, clustered environment? A. Biometrics B. Cloud computer C. TPM D. HSM
D. HSM
What should a disaster recovery plan (DRP) contain? A. Hierarchical access control lists B. Single points of failure C. Hierarchical list of hot sites D. Hierarchical list of critical systems
D. Hierarchical list of critical systems
When it comes to information security, what is the I in CIA? A. Insurrection B. Information C. Indigestion D. Integrity
D. Integrity
Which of the following statements best defines a computer virus? A. It is a find mechanism, initiation mechanism, and can propagate. B. It is a search mechanism, connection mechanism, and can integrate. C. It is a learning mechanism, contamination mechanism, and can exploit. D. It is a replication mechanism, activation mechanism, and has an objective.
D. It is a replication mechanism, activation mechanism, and has an objective.
What is a malicious attack that executes at the same time every week? A. Virus B. Worm C. Ransomware D. Logic bomb
D. Logic bomb
When is a system completely secure? A. When it is updated B. When it is assessed for vulnerabilities C. When all anomalies have been removed D. Never
D. Never
Which of the following is a common symptom of spyware? A. Infected files B. Computer shuts down C. Applications freeze D. Pop-up windows
D. Pop-up windows
Which of the following threats has the highest probability of being increased by the availability of devices such as USB flash drives on your network? A. Introduction of new data on the network B. Increased loss of business data C. Loss of wireless connections D. Removal of PII data
D. Removal of PII data
One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer? A. Worm B. Logic bomb C. Spyware D. Trojan
D. Trojan
A hacker develops a piece of malicious code that is not designed to automatically spread from one system to another. Instead, it is designed to spread from one file to another file on the individual computer. What type of malware is this? A. Worm B. Trojan C. Botnet D. Virus
D. Virus
