Wiley's Security+ Practice Questions
A. Computer forensics is the process of investigating a computer system to determine the cause of the incident. Part of this process would be gathering evidence. Chapter 12
The process of investigating a computer system for clues about an event is called what? A. Computer forensics B. Virus scanning C. Security policy D. Evidence gathering
A. Multitenancy implies hosting data from more than one consumer on the same equipment.
Which of the following terms implies hosting data from more than one consumer on the same equipment? A. Multitenancy B. Duplexing C. Bastioning D. Fashioning
A. Baselining is the term for establishing a standard for security.
Which of the following terms refers to the process of establishing a standard for security? A. Baselining B. Security evaluation C. Hardening D. Methods research
B. Electrical devices, such as motors, that generate magnetic fields cause EMI. Humidity control does not address EMI.
Which of the following will not reduce EMI? A. Physical shielding B. Humidity control C. Physical location D. Overhauling worn motors
D. Bluejacking is the sending of unsolicited messages over a Bluetooth connection.
Which of the following types of attacks involves the sending of unsolicited messages over a Bluetooth connection? A. Bluesmurfing B. Bluesnarfing C. Bluewhaling D. Bluejacking
D. Intrusive testing involves actually trying to break into the network. Non-intrusive testing takes more of a passive approach.
Which type of penetration-style testing involves actually trying to break into the network? A. Discreet B. Indiscreet C. Nonintrusive D. Intrusive
B. WPA uses Temporal Key Integrity Protocol (TKIP), while WEP and WPA2 do not. WAP is a wireless access point.
Which wireless technology uses TKIP? A. WEP B. WPA C. WPA2 D. WAP
A. Discoverable
With Bluetooth devices suddenly popping up everywhere in your network, you want to secure as many of them as possible. One of the simplest methods of securing these devices is not to set their attribute to: A. Discoverable B. Transmit C. Announce D. Communicate
C. While there is no hard-coded standard defining "near," the industry tends to use 4cm (1.6 inches) as the distance.
With near field communication (NFC) technology, the industry tends to use what distance as "near"? A. 1 inch B. 1.2 inches C. 1.6 inches D. 2 inches
C. With DNS poisoning, also known as DNS spoofing, the DNS server is given information about a name server that it thinks is legitimate when it isn't.
With which of the following is the DNS server given information about a name server that it thinks is legitimate when it isn't? A. DNS tagging B. DNS kiting C. DNS poisoning D. DNS foxing
B. Elasticity is a feature of cloud computing that involves dynamically provisioning (or de-provisioning) resources as needed.
Which feature of cloud computing involves dynamically provisioning (or deprovisioning) resources as needed? A. Multitenancy B. Elasticity C. CMDB D. Sandboxing
D. Flooding A flood attach is designed to overload a protocol or service by repeatedly initiating a request for service. This type of attack usually results in a DoS (denial-of-service) situation occurring because the protocol freezes or since excessive bandwidth is used in the network as a result of the request. Chapter 3
Which kind of attack is designed to overload a particular protocol or service? A. Spoofing B. Back door C. Man in the middle D. Flood
D. Online Certificate Status Protocol (OCSP) is the mechanism used to verify immediately whether a certificate is valid. The Certificate Revocation List (CRL) is published on a regular basis, but it isn't current once it's published. Chapter 8
Which mechanism is used by PKI to allow immediate verification of a certificate's validity? A. CRL B. MD5 C. SSHA D. OCSP
B. Access Control List (ACLs) are used to allow or deny an IP address access to a network. ACL mechanisms are implemented in many routers, firewalls, and other network devices. Chapter 3
Which mechanism or process is used to enable or disable access to a network resource based on an IP address? A. NDS B. ACL C. Hardening D. Port blocking
C. Bridges Bridges are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two.
Which network devices are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two? A. Accelerators B. Proxies C. Bridges D. Balancers
A. Sandboxing the application would be the most secure.
Which of the following would be the most secure way to deploy a legacy application that requires a legacy operating system? A. Sandboxing B. Stress testing C. Dynamic testing D. Placing it on an encrypted drive
D. Cloaking is a method of protecting the network that involves turning off the SSID broadcast. The access point is still there and accessible by those who know of its existence, but it prevents those who are just scanning from finding it.
A client calls you and says that he wants to turn off the SSID broadcast on his small network because he is afraid that those simply scanning for a network are finding it and trying to connect to it. You inform him that this is a very weak form of security and suggest some other options, but he is insistent on this being done. What is this form of hiding the router known as? A. Veiling B. Masking C. Shrouding D. Cloaking
C. Service Pack Answer A is incorrect. A hot fix is an immediate and urgent fix for a specific problem. Answer B is incorrect; an Overhaul is not a term used in the industry. Answer D is incorrect. A patch is done to fix a specific problem.
A periodic update that corrects problems in one version of a product is called a(n) __________. A. Hotfix B. Overhaul C. Service pack D. Security update
A. Your user inadvertently downloaded a virus using IM. IM and other systems allow unsuspecting users to download files that may contain viruses. Due to a weakness in the file extension name convention, a file that appears to have one extension may actually have another extension. For example, the file account.doc.vbs would appear in many applications as account.doc, but it;s actually a Visual Basic script and could contain malicious code. Chapter 9
A user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doc. The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred? A. Your user inadvertently downloaded a virus using IM. B. Your user may have a defective hard drive. C. Your user is imagining what cannot be and is therefore mistaken. D. The system is suffering from power surges.
D. Risk mitigation
Which of the following strategies is accomplished any time you take steps to reduce risk? A. Risk acceptance B. Risk avoidance C. Risk transference D. Risk mitigation
A. A CSIRT is a formalized or an ad hoc team that you can call upon to respond to an incident after it arises.
According to CERT, which of the following would be a formalized or an ad hoc team you can call upon to respond to an incident after it arises? A. CSIRT B. CIRT C. IRT D. RT
A. Multifactor authentication uses more than one method. Answers B, C, and D are all one-factor methods.
After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon? A. Multifactor B. Biometrics C. Smartcard D. Kerberos
A. Directory access protocol LDAP, or Lightweight Directory Access Control, is a directory access protocol. The other answers are simply not related to directory access.
Ahmed has been directed to ensure that LDAP on his network is secure. LDAP is an example of which of the following? A. Directory access protocol B. IDS C. Tiered model application development environment D. File server
C. No, this violates control diversity He is using the same vendor for all of his anti-malware. If there is any flaw in that vendor or the algorithm used by that vendor misses a specific virus, then it will be missed everywhere
Ahmed has been working to mitigate the threat of malware in his network. He has selected a specific vendor (Vendor ABC) for his antivirus software. He is using ABC products everywhere he needs antivirus software. Is this the correct decision? Why or why not? A. Yes, consistency is more secure. B. Yes, this will make the process more affordable. C. No, this violates control diversity. D. No, this violates vendor diversity.
C. USB OTG is the use of portable devices as USB. Bring Your Own Device is simply a method for allowing employees to bring their own devices into the company network. Bluejacking is a Bluetooth attack. Choose Your Own Device allows employees to select a device from a pre-approved list.
Ahmed is a network administrator for an insurance company. He is concerned about users storing company data on their smartphones to exfiltrate that data. Which of the following best describes this? A. BYOD B. Bluejacking C. USB OTG D. CYOD
B. An IPS will stop many attacks thus keeping the system online.
Ahmed is responsible for security of a SCADA system. If availability is his biggest concern, what is the most important thing for him to implement? A. SIEM B. IPS C. Automated patch control D. Log monitoring
B. While a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of public and private.
Although a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of which of the following? A. Public and community B. Public and private C. Private and community D. Two or more communities
B. Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.
Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file? A. Onsite storage B. Working copies C. Incremental backup D. Differential backup
A. An IV attack is usually associated with the WEP wireless protocol.
An IV attack is usually associated with which of the following wireless protocols? A. WEP B. WAP C. WPA D. WPA2
A. A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end.
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? A. Man-in-the-middle attack B. Backdoor attack C. Worm D. TCP/IP hijacking
C. In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.
An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? A. DoS B. DDoS C. Backdoor D. Social engineering
B. Switch create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used.
As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency? A. Hub B. Switch C. Router D. PBX
A. Clickjacking involves an attacker using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they were intending to click the top-level page.
An attacker has placed an opaque layer over the Request A Catalog button on your web page. This layer tricks visitors into going to a form on a different website and giving their contact information to another party when their intention was to give it to you. What type of attack is this known as? A. Clickjacking B. Man-in-the-middle C. XSRF D. Zero-day
A. Social Engineering is using human intelligence methods to gain access or information about your organization. Chapter 10
An individual presents herself at your office claiming to be a service technician. She wants to discuss your current server configuration. This may be an example of what type of attack? A. Social engineering B. Acess Control C. Perimeter screening D. Behavioral engineering
A. Social engineering attacks take advantage of our inherent trust as human beings, as opposed to technology, to gain access to your environment.
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? A. Social engineering B. IDS system C. Perimeter security D. Biometrics
A. Environmental controls would be the least important issue.
As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage? A. Environmental controls B. Physical security C. Hardened servers D. Administrative controls
B. A DDoS attack uses multiple computer systems to attack a server or host in the network.
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DoS B. DDoS C. Worm D. UDP attack
A. $2 Million It does not matter how frequent a loss is projected (only once every 60 years, in this case). What does matter is that each occurrence will be disastrous: SLE (single loss expectancy) is equal to asset value (AV) times exposure factor (EF). In this case, asset is $2 million, and the exposure factor is 1.
Consider the following scenario. The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the SLE for this scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67
A. Risk acceptance
Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to live with it? A. Risk acceptance B. Risk avoidance C. Risk transference D. Risk mitigation
B. RFID (Radio Frequency Identification) technology is used to identify and track tags attached to objects.
Which of the following technologies is used to identify and track tags attached to objects? A. NFC B. RFID C. IV D. DSC
C. Race conditions.
Denish is testing an application that is multithreaded. Which of the following is a specific concern for multithreaded applications? A. Input validation B. Memory overflow C. Race conditions D. Unit testing
A. Although three items are used, they are all Type I, something you know. Two-factor or strong, authentication requires two authentication methods from two different categories (Type I, II, or III).
Dennis has implemented an authentication system that uses a password, a PIN, and the user's birthday. What best describes this system? A. Single factor B. Two factor C. Three factor D. Strong authentication
C. A Certificate Revocation List should be used.
Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate? A. CRA B. CYA C. CRL D. PKI
A. Gas-based systems work by displacing the air around a fire. This eliminates one of the three necessary components of a fire: oxygen.
Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire? A. Gas-based B. Water-based C. Fixed system D. Overhead sprinklers
A. The National Security Administration is responsible for cryptography in the U.S. government, even though those standards by then become NIST standards.
During a training session, you want to impress upon users the serious nature of security and, in particular, cryptography. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use? A. NSA B. NIST C. IEEE D. ITU
C. An authentication process that requires the user to do something in order to complete the enrollment process is known as Wi-Fi Protected Setup (WPS).
During the authentication part of setting up his small office access point, Wolfgang was required to enter a PIN within 60 seconds. This process is known as: A. Wired Equivalent Privacy B. Wi-Fi Protected Access C. Wi-Fi Protected Setup D. Wi-Fi Authentication Protection
A. Encrypt all transmissions.
Elizabeth works for a company that manufactures portable medical devices, such as insulin pumps. She is concerned about security for the device. Which of the following would be the most helpful in securing these devices? A. Ensure that all communications with the device are encrypted. B. Ensure that the devices have FDE. C. Ensure that the devices have been stress tested. D. Ensure that the devices have been fuzz tested
C. Company Owned and Provided Device describes company provided smartphones. The other acronyms/answers refer to alternative approaches to mobile devices.
Employees in your company are provided smartphones by the company. Which of the following best describes this? A. BYOD B. CYOD C. COPE D. BYOE
B. Jamming is purposely obstructing or interfering with a signal.
Evan fears that the tenant in the office next door is using RF interference to try to force his small company to vacate the building in frustration. Purposely obstructing or interfering with a signal is known as which of the following? A. Shoving B. Jamming C. Cramming D. Blocking
B. A rogue access point is any unauthorized wireless access point on a network.
Frustrated with the low signal that the devices in his cubicle receive, Spencer brings in his own access point and creates his own network. Kristin, a co-worker, tells him that if the boss finds out about this it is grounds for immediate dismissal, and he should read the employee handbook if he has any questions. Setting up your own access point represents which of the following? A. Degenerate B. Rogue C. Corporeal D. Temporal
B. Input validation can stop most SQL injection attacks.
Gerard is concerned about SQL injection attacks on his company's e-commerce server. What security measure would be most important for him to implement? A. Stress testing B. Input validation C. IPS D. Agile programming
D. Waterfall is a good approach when the requirements are firm.
Gertrude is managing a new software project. The project has very clearly defined requirements that are not likely to change. Which of the following is the most appropriate development model for her? A. Agile B. XP Programming C. Waterfall D. Scrum
B. If RF levels become too high, it can cause the receivers in wireless units to become deaf, and it is known as desensitizing. This occurs because of the volume of RF energy present.
If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called: A. Clipping B. Desensitizing C. Distorting D. Crackling
A. $6,250 ALE = SLE x ARO
If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE? A. $6,250 B. $12,500 C. $25,000 D. $100,00
C. $40,000 ALE = SLE x ARO ALE - Annual Loss Expectancy SLE - Single Loss Expectancy ARO - Annual Rate of Occurrence
If you calculate the SLE to be $4,000 and that there will be 10 occurrences (ARO), then the ALE is: A. $400 B. $4,000 C. $40,000 D. $400,000
A. With hot and cold aisles, cold air is pumped in from below raised floor tiles.
In a hot and cold aisle system, what is the typical method of handling cold air? A. It is pumped in from below raised floor tiles. B. It is pumped in from above through the ceiling tiles. C. Only hot air is extracted, and cold air is the natural result. D. Cold air exists in each aisle.
B. Administrator
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization? A. Supervisor B. Administrator C. Root D. Director
C. Previous Key If the previous key can't be recovered, then all the information for which the key was used will be irrecoverably lost. Chapter 8
In the key recovery process, which key must be recoverable? A. Rollover key B. Secret key C. Previous key D. Escrow key
C. In the Infrastructure as a Service (IaaS) model, the consumer can "provision" and is able to "deploy and run," but they still do not "manage or control" the underlying cloud infrastructure.
In which cloud service model can the consumer "provision" and "deploy and run"? A. SaaS B. PaaS C. IaaS D. CaaS
C. IPsec can work in either Tunneling or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload.
In which two modes can IPSec work? A. Tunneling and Storing B. Transport and Storing C. Tunneling and Transport D. At-Rest and At-Ease
D. Typo squatting involves creating domains that are based on the misspelling of another.
It has been brought to your attention that a would-be attacker in Indiana has been buying up domains based on common misspellings of your company's name with the sole intent of creating websites that resemble yours and prey on those who mistakenly stumble onto these pages. What type of attack is this known as? A. Watering hole B. Poisoned well C. Faulty tower D. Typo squatting
B. This is a classic example of a rogue access point. None of the other attacks would explain this scenario.
Janet is a network administrator for a small company. Users have been reporting that personal data is being stolen when using the wireless network. They all insist that they only connect to the corporate wireless access point. Reviewing the logs for the WAP shows that these users have not connected to it. Which of the following could best explain this situation? A. Bluesnarfing B. Rouge access point C. Jamming D. Bluejacking
A. SAML is used with web page authorization. Answer B is incorrect—PIV is a type of smart card. Answer C is incorrect—CHAP is a type of authentication protocol. Answer D is incorrect—RBAC is an access control protocol.
Jarod is evaluating web-based, single sign-on solutions. Which of the following technologies is most associated with web page authorization? A. SAML B. PIV C. CHAP D. RBAC
B. Least privileges means to grant just enough privileges to do the job and no more. The other answers do not describe least privileges.
John is a network administrator for ACME company. He is trying to explain least privileges to a new technician. Which of the following is the basic premise of least privilege? A. Always assign responsibilities to the administrator who has the minimum permissions required. B. When assigning permissions, give users only the permissions they need to do their work and no more. C. Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing. D. Do not give management more permissions than users.
D. A message authentication code will reveal any tampering, accidental or intentional.
John is concerned about message integrity. He wants to ensure that message integrity cannot be compromised no matter what the threat. What would best help him accomplish this goal? A. SHA2 B. MD5 C. AES D. MAC
C. CYOD has employees select from a list of approved devices. COPE has the company buy the devices, and BYOD provides very little control. BBBA is not a term used in this context.
John is looking for a solution for his company that will give the company the most control over mobile devices, while still having the employees purchase their own devices. Which of the following solutions should he select? A. BYOD B. COPE C. CYOD D. BBBA
D. Fuzzing is testing by entering incorrect data to test the applications response.
John is responsible for application security at his company. He is concerned that the application reacts appropriately to unexpected input. What type of testing would be most helpful to him? A. Unit testing B. Integration testing C. Stress testing D. Fuzzing
C. tracert (or traceroute in Linux) will show the complete path to the IP address. Answer A is incorrect—ping shows if a site is reachable, but not the path to it. Answer B is incorrect—arp shows address resolution protocol tables. Answer D is incorrect; nslookup is used with DNS.
John is trying to determine the origin of an email. He has captured the email headers and knows the IP address of the originating email server. What command would show John the complete path to that IP address? A. ping -a B. arp C. tracert D. nslookup
C. Place the web server in a DMZ. DMZs are meant to set public facing servers. The exterior firewall of the DMZ is more permissive than the interior, making the DMZ somewhat less secure. Answer A is incorrect. A honeynet is designed to catch attackers, and it should not be obviously less secure than the actual production network. Answer B is incorrect; a guest network is not meant to be accessible from the outside world. Answer D is incorrect. It would be completely insecure, not just somewhat less secure.
John is working on designing a network for the insurance company where he is employed. He wants to put the web server in an area that has somewhat less security so that outside users might access it. But he does not want that to compromise the security of the rest of the network. What would be John's best approach? A. Place the web server in a honeynet. B. Place the web server on the guest network segment. C. Place the web server in a DMZ. D. Place the web server outside his network
B. Regression testing tests to see if the change caused any other problems.
Juan has just made a minor change to the company's e-commerce application. The change works as expected. What type of testing is most important for him to perform? A. Unit testing B. Regression testing C. Static testing D. Stress testing
D. Self Encrypting Drive (SED) The other answers are related to cryptography but are not automatic. For example, FDE, or Full Disk Encryption, would fully encrypt the hard drive, but it would not be automatic.
Juanita is implementing a security mechanism that will fully encrypt the hard drive of laptops in her organization. The encryption and decryption will be automatic. What best describes what Juanita is implementing? A. AES B. TPM C. FDE D. SED
A. All services should be assigned a service account. The other options are not secure. C. WPA2 fully implements 802.11i, while WEP and WPA do not. WAP is Wireless Access Point, and it is not a security mechanism.
Juanita is responsible for setting up network accounts for her company. She wants to establish an account for the SQL Server service. Which of the following would be the best type of account for her to use? A. A user/service account B. Domain admin account C. Guest account D. Shared account
A. Software is subject to copyright, and unauthorized software might be copyrighted software.
Juanita is the security administrator for a large university. She is concerned about copyright issues and wants to ensure that her university does not violate copyrights. What would be her main concern regarding unauthorized software? A. It might be copyrighted. B. It might be used to circumvent copyright protection. C. That should not be a copyright concern. D. It is not a concern if she has a least one license for the software.
A. Man-in-the-browser is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms yet still displaying back the user's intended transaction.
Karl from Accounting is in a panic. He is convinced that he has identified malware on the servers—a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and yet still displays back the user's intended transaction. What type of attack could he have stumbled on? A. Man-in-the-browser B. Man-in-the-castle C. Man-in-the-code D. Man-in-the-business
C. With a disassociation attack, the intruder sends a frame to the AP with a spoofed address to make it look like it came from the victim and disconnects them from the network.
Karl has checked into a hotel after a long day of travel. He is attempting to check his daily deluge of email messages using the free in-room Wi-Fi, but it keeps losing the connection. When he calls the front desk, they suggest that he might want to use the premium Wi-Fi (which costs more) to get a better connection. What type of attack could this scenario represent? A. Upselling B. Cross-selling C. Disassociation D. Imitation
B. In the realm of penetration testing, using a weakness in another—usually trusted—entity to launch an attack against a site/server is known as a pivot.
Karl is conducting penetration testing on the Pranks Anonymous servers and having difficulty finding a weakness. Suddenly, he discovers that security on a different company's server—a vendor to Pranks Anonymous—can be breached. Once he has compromised the completely different company's server, he can access the Pranks Anonymous servers and then launch an attack. What is this weakness/exploit known as? A. Fulcrum B. Pivot C. Swivel D. Twirl
C. The key will have to be re-activated.
Kristin from Payroll has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true? A. In order to be used, suspended keys must be revoked. B. Suspended keys don't expire. C. Suspended keys can be reactivated. D. Suspending keys is a bad practice
C. This is a Message Authentication Code.
MAC is an acronym for what as it relates to cryptography? A. Media access control B. Mandatory access control C. Message authentication code D. Multiple advisory committees
A. Normalization is one of the most fundamental aspects of database configuration.
Myra is concerned about database security. She wants to begin with a good configuration of the database. Which of the following is a fundamental issue with database configuration? A. Normalization B. Input validation C. Fuzz testing D. Stress testing
D. This is nonrepudiation.
Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide? A. Integrity B. Confidentiality C. Authentication D. Nonrepudiation
A. Open Web Application Security Project (OWASP).
Mary is responsible for website security in her company. She wants to address widely known and documented web application vulnerabilities. Which resource would be most helpful? A. OWASP B. CERT C. NIST D. ISO
C. You want a crossover error rate (CER), also called equal error rate, and you want it to be low.
Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects? A. High FRR, low FAR B. High FAR, low FRR C. Low CER D. High CER
A. TLS is the replacement for SSL.
Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols? A. TLS B. SSH C. RSH D. X.509
B. Pass-the-hash attacks take advantage of a weak encryption routine associated with NTLM and LanMan protocols.
Pass-the-hash attacks take advantage of a weak encryption routine associated with which protocols? A. NetBEUI and NetBIOS B. NTLM and LanMan C. Telnet and TFTP D. Chargen and DNS
C. Nonintrusive testing
Penetration/vulnerability testing that takes a passive approach rather than actually trying to break into the network is known as which one of the following? A. Flaccid testing B. Noncredentialed testing C. Nonintrusive testing D. Pedestrian testing
C, D. Proximity readers work with 13.56 MHz smart cards and 125 kHz proximity cards.
Proximity readers work with which of the following? (Choose all that apply.) A. 15.75 fob card B. 14.32 surveillance card C. 13.56 MHZ smart card D. 125 kHz proximity card
C. RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across a radio spectrum. Motors with defective brushes can generate RFI, as can a number of other devices.
RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following? A. Network medium B. Electrical wiring C. Radio spectrum D. Portable media
D. $33,333.33 ALE (annual loss expectancy) is equal to the SLE times the annualized rate of occurrence. In this case, the SLE is $2 million, and the ARO is 1/60
Refer to the scenario in question 2. Which of the following amounts is the ALE for this scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67
A. 0.0167 ARO (annualized rate of occurance) is the frequency (in number of years) that an event can be expected to happen. In this case, ARO is 1/60 or 0.0167
Refer to the scenario in question 2. Which of the following is the ARO for this scenario? A. 0.0167 B. 1 C. 5 D. 16.7 E. 60
D. The CAC is the smart card used by the U.S. Department of Defense.
Which of the following is a type of smartcard issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees? A. PIV B. POV C. DLP D. CAC
C. Collusion An agreement between two or more parties established for the purpose of committing deception or fraud. Collusion, when part of a crime, is also a criminal act in and of itself
Separation of duties helps to prevent an individual from embezzling money from a company. To embezzle funds successfully, an individual would need to recruit others to commit an act of __________ (an agreement between two or more parties established for the purpose of committing deception or fraud). A. Misappropriation B. Misuse C. Collusion D. Fraud
C. Kerberos was invented at MIT and uses tickets for authentication. Answers A and B are Challenge Handshake Authentication Protocol, which does not use tickets. Answer D also is an authentication protocol that does not use tickets.
Terrance is examining an authentication system that was developed at MIT and uses tickets for authentication. What system is Terrance most likely examining? A. CHAP B. MS-CHAP C. KERBEROS D. OATH
D. Online Certificate Status Protocol is done in real time.
The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified? A. CA B. CP C. CRC D. OCSP
A. A service pack is a bundle of patches and hot fixes.
The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up to date. What is a bundle of one or more system fixes in a single product called? A. Service pack B. Hotfix C. Patch D. System install
B. The command monlist can be used with an NTP amplification attack to send details of the last 600 people who requested network time
The command monlist can be used with which protocol as part of an amplification attack? A. SMTP B. NTP C. SNMP D. ICMP
D. This is the only name choice that does not give any hint as to the role of that user. The others all reveal, or suggest, the user's role.
Tom is responsible for account management in his company. For user John Smith who is an administrator, which of the following would be the best name for him to choose? A. Admin001 B. Admjsmith C. Ajsmith D. jsmith
A. Verification that information is accurate To meet the goal of integrity, you must verify that the information being used is accurate and hasn't been tampered with. Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed. Chapter 8
The integrity objective addresses which characteristic of information security? A. Verification that information is accurate B. Verification that ethics are properly maintained C. Establishment of clear access control of data D. Verification that data is kept private and secure
C. Refactoring involves testing to identify the design flow and then modifying, as needed, to clean up routines without changing the code's visible behavior.
The new head of software engineering has demanded that all code be tested to identify the design flow and then modified, as needed, to clean up routines without changing the code's visible behavior. What is this process known as? A. Straightening B. Sanitizing C. Refactoring D. Uncluttering
A. Discretionary Access Control (DAC) Discretionary access control allows users to define access. Answer B is incorrect, as this would be more restrictive. Answer C is role-based access control. Answer D is not an access control mechanism.
The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be slightly reduced. Which access model allows users some flexibility for information-sharing purposes? A. DAC B. MAC C. RBAC D. MLAC
C. Failover occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.
The process of automatically switching from a malfunctioning system to another system is called what? A. Fail-safe B. Redundancy C. Failover D. Hot site
A. Shielding keeps external electronic signals from disrupting operations.
The process of reducing or eliminating susceptibility to outside interference is called what? A. Shielding B. EMI C. TEMPEST D. Desensitization
B. Chain of Custody ensures that each step taken with evidence is documented and accounted for from the point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage. Chapter 12
The process of verifying the steps taken to maintain the integrity of evidence is called what? A. Security investigation B. Chain of custody C. Three As of investigation D. Security Policy
C. Business Impact Analysis (BIA)
The risk assessment component, in conjunction with the ______________, provides the organization with an accurate picture of the situation facing it. A. RAC B. ALE C. BIA D. RMG
D. Working copies are also known as shadow copies.
What is another name for working copies? A. Functional copies B. Running copies C. Operating copies D. Shadow copies
D. Spanning Tree Protocol (STP) D. To combat the loop problem, technologies such as the Spanning Tree Protocol (STP) enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent loops.
To combat the problem described in Question 19, which of the following technologies enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent problems? A. ESSID B. SSID C. BRD D. STP
B. 128-bit TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on things such as MAC addresses of the host device and the serial number of the packet. Chapter 5
To increase security, TKIP places a wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet. What is the size of the wrapper? A. 64-bit B. 128-bit C. 256-bit D. 512-bit
C. NIST 800-14 The other answers are standards, not policies
Tom has been instructed to find a security standard, applicable to the United States, that will help him develop appropriate security policies. He has found a standard that describes 8 principles and 14 practices that can be used to develop security policies. What standard is Tom most likely reviewing? A. ISO/IEC 27001:2013 B. NIST 800-12 C. NIST 800-14 D. ISA/IEC-62443 4
B. Type K fire extinguishers are a subset of Type B fire extinguishers.
Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher? A. Type A B. Type B C. Type C D. Type D
A. Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic.
Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function? A. Prevents unauthorized packets from entering the network B. Allows all packets to leave the network C. Allows all packets to enter the network D. Eliminates collisions in the network
A. Mandatory Access Control cannot be modified by users and is considered more secure. Answer B is incorrect—DAC provides the users flexibility and is less secure. Answer C is incorrect. RBAC is not based on pre-established access, but rather roles. Answer D is incorrect. Kerberos is an authentication protocol, not an access method.
Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on preestablished access and can't be changed by users? A. MAC B. DAC C. RBAC D. Kerberos
A. Bluesnarfing extracts data via Bluetooth. Bluejacking simply sends messages to the device. Choose Your Own Device allows employees to select a device from a pre-approved list. Jailbreaking refers to gaining root or admin access.
Using Bluetooth to extract data from a victim's phone is best described as which of the following? A. Bluesnarfing B. Bluejacking C. CYOD D. Jailbreaking
D. SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.
What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? A. SQL tearing B. SQL manipulation C. SQL cracking D. SQL injection
B. The Recovery Point Objective (RPO) is the point of maximum tolerable loss for a system due to a major incident. Chapter 1
What is the acronym associated with the point of maximum tolerable loss for a system due to a major incident? A. ARO B. RPO C. RTP D. WML
A. Always use change management.
Vincent is a programmer working on an e-commerce site. He has conducted a vulnerability scan and discovered a flaw in a third-party module. There is an update available for this module that fixes the flaw. What is the best approach for him to take to mitigate this threat? A. Submit an RFC. B. Immediately apply the update. C. Place the update on a test server; then if it works, apply it to the production server. D. Document the issue
B. Containers Also known as "Docker containers" Chapter 6
Virtualization that does not utilize hypervisors can be accomplished through the use of which of the following? A. Wrappers B. Containers C. Portals D. Sinks
A. The certificate policy describes how a certificate can be used.
What document describes how a CA issues certificates and for what they are used? A. Certificate policies B. Certificate practices C. Revocation authority D. CRL
A. Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. Chapter 8
What encryption process uses one message to hide another? A. Steganography B. Hashing C. MDA D. Cryptointelligence
C. Deauthentication attack
What is a disassociation attack more commonly known as? A. Decertification attack B. Disconfirmation attack C. Deauthentication attack D. Denial attack
A. Honeypot
What is a system that is intended or designed to be broken into by an attacker? A. Honeypot B. Honeybucket C. Decoy D. Spoofing system E. Deleted if the employee has been terminated
D. Phishing is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request.
What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request? A. Hoaxing B. Swimming C. Spamming D. Phishing
C. The machine on which virtualization software is running is known as a host, whereas the virtual machines are known as guests.
What is the machine on which virtualization software is running known as? A. Node B. Workstation C. Host D. Server
A. This is a certificate authority.
What is the primary organization for maintaining certificates called? A. CA B. RA C. LRA D. CRL
A. line of sight is the primary weakness of infrared communications. All of the other answers are not true. Infrared connections can support each of these.
What is the primary weakness of infrared communications? A. Line of sight B. Low bandwidth C. Poor authentication D. Cannot be encrypted
C. Patching
What is the process of applying manual changes to a program called? A. Hotfix B. Service pack C. Patching D. Replacement
B. The initialization vector (IV) that WEP uses for encryption is 24-bit.
What is the size of the initialization vector (IV) that WEP uses for encryption? A. 6-bit B. 24-bit C. 56-bit D. 128-bit
A. TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet.
What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet? A. 128-bit B. 64-bit C. 56-bit D. 12-bit
D. Sandboxing is the term used for restricting an application to a safe/restricted resource area.
What is the term for restricting an application to a safe/restricted resource area? A. Multitenancy B. Fencing C. Securing D. Sandboxing
D. False positives
What is the term used for events that were mistakenly flagged although they weren't truly events about which to be concerned? A. Fool's gold B. Non-incidents C. Error flags D. False positives
D. Mantrap limits access to one individual at a time. It could be, for example, a small room. Mantraps typically use electronic locks and other methods to control access. Chapter 10
What kind of physical access device restricts access to a small number of individuals at one time? A. Checkpoint B. Perimeter security C. Security zones D. Mantrap
B. A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? A. Trojan horse virus B. Stealth virus C. Worm D. Polymorphic virus
A. Least privileges is the most critical principle in account management. The other options are all important, but not as critical as least privileges.
What principle is most important in setting up network accounts? A. Least privileges B. Password expiration C. Password complexity D. Separation of duties
B. QoS (Quality of Service) makes load balancing/prioritizing possible.
What protocol is used by technologies for load balancing/prioritizing traffic? A. ESX B. QoS C. IBJ D. IFNC
A. Near Field Communication (NFC) is used to send data between phones that are in close proximity.
What technology is used to send data between phones that are in close proximity to each other? A. NFC B. IBI C. IBJ D. IFNC
D. WPS (Wi-Fi Protected Setup) is intended to simplify network setup for home and small offices.
What technology is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join? A. WEP B. WPA C. WTLS D. WPS
C. Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.
What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A. Patch infiltration B. XML injection C. Session hijacking D. DTB exploitation
A. A replay attack captures portions of a session to play back later to convince a host that it is still talking to the original connection.
What type of attack captures portions of a session to play back later to convince a host that it is still talking to the original connection? A. Replay B. Echo C. Duplication D. Reprise
B. Tabletop exercise involves sitting around the table and discussing (with the help of a facilitator) possible security risks in a low-stress format. Chapter 12
What type of exercise involves discussing possible security risks in a low-stress environment? A. White box B. Tabletop C. Black hat D. DHE
D. Worm is designed to multiply and propagate. Worms may carry viruses that cause system destruction, but that isn't their primary mission. Chapter 9
What type of program exists primarily to propagate and spread itself to other systems? A. Virus B. Trojan Horse C. Logic bomb D. Worm
D. When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-two-day response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack.
When a hole is found in a web browser or other software, and attackers begin exploiting it before the developer can respond, what type of attack is it known as? A. Polymorphic B. Xmas C. Malicious insider D. Zero-day
C. Ultimately, the organization is accountable for the choice of public cloud and the security and privacy of the outsourced service.
When going with a public cloud delivery model, who is accountable for the security and privacy of the outsourced service? A. The cloud provider and the organization B. The cloud provider C. The organization D. No one
D. Vishing involves combining phishing with Voice over IP.
When you combine phishing with Voice over IP, it is known as: A. Spoofing B. Spooning C. Whaling D. Vishing
C. VM sprawl can be a result of creating virtual machines without the disciplines and controls of the physical world. This can result in over-provisioning (too much CPU, memory, or disk), or consuming resources after they are no longer required.
When your company purchased a virtual datacenter provider, you inherited a mess. The employees working there had to respond regularly to requests to create virtual machines without the disciplines and controls normally found in the physical world. This resulted in machines being over-provisioned (too much CPU, memory, or disk) and consuming resources long after they were no longer required. What type of problem is this? A. VM escape B. VM digress C. VM sprawl D. VM Type I
B. Cloud bursting means that when your servers become too busy, you can offload traffic to resources from a cloud provider.
When your servers become too busy, you can offload traffic to resources from a cloud provider. This is known as which of the following? A. Latency B. Cloud bursting C. Multitenancy D. Peaking
A. Mac Filtering With MAC Filtering each host is identified by its MAC address and allowed (or denied) access based on that.
Which AP-based technology can increase security dramatically by allowing or denying access based on a client's physical address? A. MAC filtering B. UTM (unified threat management) C. Round-robin D. WORM
D. Heuristic system uses algorithms to analyze the traffic passing through the network.
Which IDS system uses algorithms to analyze the traffic passing through the network? A. Arithmetical B. Algebraic C. Statistical D. Heuristic
C. Role-based access control (RBAC) is primarily concerned with providing access to systems that a user needs based on the user's role in the organization. Chapter 4
Which access control method is primarily concerned with the role that individuals have in the organization? A. MAC B. DAC C. RBAC D. STAC
B. BYOD, or Bring Your Own Device, as well as CYOD, or Choose Your Own Device, are both employee-owned equipment. CYOP is not a real acronym for portable devices.
Which acronym describes devices provided by the company? A. BYOD B. COPE C. CYOD D. CYOP
B. Key Exchange Algorithm (KEA) is used to create a temporary session to exchange key information. This sessions creates a secret key. When the key has been exchanged, the regular session begins. Chapter 8
Which algorithm is used to create a temporary secure session for the exchange of key information? A. KDC B. KEA C. SSL D. RSA
C. A differential backup backs up all of the files that have changed since the last full backup.
Which backup system backs up all the files that have changed since the last full backup? A. Full backup B. Incremental backup C. Differential backup D. Archival backup
B. A public delivery model could be considered a pool of services and resources delivered across the Internet by a cloud provider.
Which cloud delivery model could be considered a pool of services and resources delivered across the Internet by a cloud provider? A. Private B. Public C. Community D. Hybrid
D. The hybrid delivery model can be considered an amalgamation of other types of delivery models.
Which cloud delivery model could be considered an amalgamation of other types of delivery models? A. Private B. Public C. Community D. Hybrid
C. A community delivery model has an infrastructure shared by several organizations with shared interests and common IT needs.
Which cloud delivery model has an infrastructure shared by several organizations with shared interests and common IT needs? A. Private B. Public C. Community D. Hybrid
A. A private cloud delivery model is implemented by a single organization, and it can be implemented behind a firewall.
Which cloud delivery model is implemented by a single organization, enabling it to be implemented behind a firewall? A. Private B. Public C. Community D. Hybrid
A. In the Software as a Service (SaaS) model, the consumer has the ability to use applications provided by the cloud provider over the Internet.
Which cloud service model gives the consumer the ability to use applications provided by the cloud provider over the Internet? A. SaaS B. PaaS C. IaaS D. CaaS
B. In the Platform as a Service (PaaS) model, the consumer has the ability to create applications and host them.
Which cloud service model provides the consumer with the infrastructure to create applications and host them? A. SaaS B. PaaS C. IaaS D. CaaS
B. Sensor collects data from the data source and passes it on to the analyzer. If the analyzer determines that unusual activity has occurred, an alert may be generated. Chapter 2
Which component of an IDS collects data? A. Data source B. Sensor C. Event D. Analyzer
A. Demilitarized Zone (DMZ) is an read in a network that allows restrictive access to untrusted users and isolates the internal network from access by external users and systems. It does so by using routers and firewalls to limit access to sensitive network resources. Chapter 2
Which design concept limits access to systems from outside users while protecting users and systems inside the LAN? A. DMZ B. VLAN C. I&A D. Router
B. IDS B. An IDS monitors network traffic, but it does not take any specific action and is therefore considered passive. Answer A is incorrect because sniffers tend to be run for a specific period of time by a human operator. Answer C is incorrect; a firewall is for blocking traffic, not monitoring, and is thus not passive. Answer D is incorrect; a web browser is for viewing web pages.
Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser
D. Router store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router.
Which device stores information about destinations in a network (choose the best answer)? A. Hub B. Modem C. Firewall D. Router
C. Interconnection Security Agreement (ISA) specifies the technical and security requirements of the interconnection
Which of the following agreements contains the technical information regarding the technical and security requirements of the interconnection between two or more organizations? A. BPA B. MOA C. ISA D. MOU
A. Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network.
Which of the following are multiport devices that improve network efficiency? A. Switches B. Modems C. Gateways D. Concentrators
D. Cloud access security brokers are on-premise or cloud-based security policy enforcement points.
Which of the following are on-premise or cloud-based security policy enforcement points? A. Feature slugs B. Flood guards C. VDI/VDEs D. Cloud access security brokers
B. Incremental backup will generally be the fastest of the backup methods because it backs up only the files that have changed since the last incremental or full backup. Chapter 12
Which of the following backup methods will generally provide the fastest backup times? A. Full backup B. Incremental backup C. Differential backup D. Archival backup
C. A load balancer can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another.
Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—used to shift a load from one device to another? A. Proxy B. Hub C. Load balancer D. Switch
A. SSL accelerator Since encrypting data is very processor-intensive, SSL accelerators can be used to offload the public-key encryption to a separate plug-in card.
Which of the following can be used to offload the public-key encryption to a separate hardware plug-in card? A. SSL accelerator B. Load balancer C. Proxy firewall D. IEM
C. Router can be configured in many instances to act as a packet-filtering firewall. When configured properly, they can prevent unauthorized ports from being opened
Which of the following devices is the most capable of providing infrastructure security? A. Hub B. Switch C. Router D. Modem
A. long key sizes are not applicable to hashing algorithms.
Which of the following does not apply to a hashing algorithm? A. One-way B. Long key size C. Variable-length input with fixed-length output D. Collision resistance
C. WPA2 fully implements 802.11i, while WEP and WPA do not. WAP is Wireless Access Point, and it is not a security mechanism.
Which of the following fully implements the 802.11i security standards? A. WEP B. WPA C. WPA2 D. WAP
D. XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some type of social networking to pull it off.
Which of the following involves unauthorized commands coming from a trusted user to the website? A. ZDT B. HSM C. TT3 D. XSRF
B. Trusted Platform Module (TPM)
Which of the following is a chip that can store cryptographic keys, passwords, or certificates? A. HMP B. TPM C. MTP D. PMH
D. Full archival is a concept that works on the assumption that any information created on any system is stored forever.
Which of the following is a concept that works on the assumption that any information created on any system is stored forever? A. Cloud computing B. Warm site C. Big data D. Full archival
B. HSM is a newer backup type that provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup.
Which of the following is a newer backup type that provides continuous online backup by using optical or tape jukeboxes and can be configured to provide the closest version of an available real-time backup? A. TPM B. HSM C. SAN D. NAS
C. A backout is a reversion from a change that had negative consequences.
Which of the following is a reversion from a change that had negative consequences? A. Backup B. ERD C. Backout D. DIS
B. Public Key Cryptography Standards (PKCS) is a set of voluntary standards for public key cryptography. This set of standards is coordinated by RSA. Chapter 8
Which of the following is a set of voluntary standards governing encryption? A. PKI B. PKCS C. ISA D. SSL
D. A shim is a small library that is created to intercept API calls transparently.
Which of the following is a small library that is created to intercept API calls transparently? A. Chock B. Wedge C. Refactor D. Shim
B. Man-in-the-Browser (MITB) Is a type of man-in-the-middle attack in which a Trojan Horse manipulates calls between the browser and its security mechanisms, sniffing or modifying transactions as they are formed on the browser yet still displaying back the user's intended transaction. Chapter 9
Which of the following is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanism yet still displays back the user's intended transactions? A. PFS B. MITB C. P12 D. SDN
A. High-security installations use a type of intermediate access control mechanism called a mantrap. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed by a large number of individuals at once because it allows only one or two people into a facility at a time.
Which of the following is an intermediate access control mechanism used in a high-security installation that requires visual identification, as well as authentication, to gain access? A. Mantrap B. Fencing C. Proximity reader D. Hot aisle
C. Wetware is another name for social engineering.
Which of the following is another name for social engineering? A. Social disguise B. Social hacking C. Wetware D. Wetfire
B. In an evil twin attack, a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
Which of the following is attack in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit? A. Collision B. Evil twin C. NFC D. WPS
A. Network Name An SSID (Service Set Identifier) broadcast includes the network name. Chapter 3
Which of the following is included in an SSID broadcast (choose the best answer)? A. Network name B. MAC address C. DHCP configuration information D. DNS default values
A. Twofish.
Which of the following is similar to Blowfish but works on 128-bit blocks? A. Twofish B. IDEA C. CCITT D. AES
C. Shoulder surfing is best defined as watching someone enter important information.
Which of the following is the best description of shoulder surfing? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Watching someone enter important information D. Stealing information from someone's desk
A. Tailgating is best defined as following someone through a door they just unlocked.
Which of the following is the best description of tailgating? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Sitting close to someone in a meeting D. Stealing information from someone's desk
A. Perimeter security involves creating a perimeter or outer boundary for a physical space. Video surveillance systems wouldn't be considered a part of perimeter security, but they can be used to enhance physical security monitoring.
Which of the following is the best example of perimeter security? A. Chain link fence B. Video camera C. Elevator D. Locked computer room
B. Bluesnarfing is the gaining of unauthorized access through a Bluetooth connection.
Which of the following is the gaining of unauthorized access through a Bluetooth connection? A. Bluejumping B. Bluesnarfing C. Bluerunning D. Bluelining
C. The process that is used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated is known as legal hold.
Which of the following is the process used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated? A. Chain of custody B. Order of volatility C. Legal hold D. Strategic intelligence gathering
C. Change management
Which of the following is the structured approach that is followed to secure a company's assets? A. Audit management B. Incident management C. Change management D. Skill management
B. This is fuzzing or fuzz testing.
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash? A. DLP B. Fuzzing C. Stress testing D. HSM
C. Two parties authenticating each other is mutual authentication. The other answers do not describe this.
Which of the following is the term used whenever two or more parties authenticate each other? A. SSO B. Multifactor authentication C. Mutual authentication D. Tunneling
A. Separation of duties
Which of the following policies are designed to reduce the risk of fraud and prevent others losses in an organization? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
B. Acceptable use
Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware? A. Separation of duties B. Acceptable use C. Lease privelage D. Physical access control
C. Least Privilege Give users only the permissions that they need to do their work and no more.
Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
B. Exception The exception policy statement may include an escalation contact in the event that the person dealing with a situation needs to know whom to contact
Which of the following policy statements may include an escalation contact in the event that the person dealing with a situation needs to know who to contact? A. Scope B. Exception C. Overview D. Accountability
D. Accountability
Which of the following policy statements should address who is responsible for ensuring that the policy is enforced? A. Scope B. Exception C. Overview D. Accountability
C. Write-once-read-many (WORM) protection, information, once written, cannot be modified thus assuring that the data cannot be tampered with once it is written to the device.
Which of the following protections implies that information, once written, cannot be modified? A. DLP B. ROM C. WORM D. NAC
B. Risk avoidance involves identifying a risk and making the decision no longer to engage in the actions associated with that risk.
Which of the following strategies involves identifying a risk and making the decision to discontinue engaging in the action? A. Risk acceptance B. Risk avoidance C. Risk mitigation D. Risk transference
E. Risk transference
Which of the following strategies involves sharing some of the risk burden with someone else, such as an insurance company? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
A. Active reconnaissance is a type of penetration testing that focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses.
Which of the following types of penetration testing focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses? A. Active reconnaissance B. Passive reconnaissance C. Operational reconnaissance D. Constricted reconnaissance
A. A credentialed vulnerability scan uses actual network credentials to connect to systems and scan for vulnerabilities.
Which of the following types of vulnerability scans uses actual network authentication to connect to systems and scan for vulnerabilities? A. Credentialed B. Validated C. Endorsed D. Confirmed
D. SSL decryptors SSL decryptors work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination.
Which of the following work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination? A. SSL filters B. SSL gateways C. SSL accelerators D. SSL decryptors
B. Remote wiping allows you to remove all data from a stolen phone. Geotagging would merely allow you to locate the phone. Geofencing would prevent the phone from working, but not prevent access of the data. Segmentation is used to separate user data from company data.
Which of the following would be best at preventing a thief from accessing the data on a stolen phone? A. Geotagging B. Remote wipe C. Geofencing D. Segmentation
D. Geofencing prevents a device from working outside a geographic area. WPA2 is a wireless security technology. Company-Owned and -Provided Equipment has the company buying mobile devices, and geotracking simply locates the device.
Which of the following would be most effective in preventing a thief from using a mobile device stolen from your company? A. GPS tracking B. WPA2 C. COPE D. Geofencing
C. A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan.
Which of the following would normally not be part of an incident response policy? A. Outside agencies (that require status) B. Outside experts (to resolve the incident) C. Contingency plans D. Evidence collection procedures
A. The Registration Authority identifies an individual for issuing a certificate by a Certificate Authority.
Which organization can be used to identify an individual for certificate issue in a PKI environment? A. RA B. LRA C. PKE D. SHA
A. The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.
Which plan or policy helps an organization determine how to relocate to an emergency site? A. Disaster-recovery plan B. Backup site plan C. Privilege management policy D. Privacy plan
D. Loops Loops can occur when more than one bridge or switch is implemented on the network and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not.
Which problem can occur when more than one bridge or switch is implemented on the network, and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not? A. Backdoors B. Dead zones C. Collisions D. Loops
A. Wired Equivalent Privacy (WEP) is a security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network.
Which security protocol for wireless networks attempts to establish the same security for them as would be present in a wired network? A. WEP B. WEB C. WELL D. WALL
B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.
Which site best provides limited capabilities for the restoration of services in a disaster? A. Hot site B. Warm site C. Cold site D. Backup site
C. The 802.1x standard defines port-based security for wireless network access control.
Which standard defines port-based security for wireless network access control? 802.1n 802.1g 802.1x 802.1s
A. Intrusion Prevention Systems (IPS) provides active monitoring and rule-based responses to unusual activities on a network. A firewall, for example, provides passive security by preventing access from unauthorized traffic. If the firewall were compromised, the IPS would notify you based on rules that it's designed to implement. Chapter 3
Which system would you install to provide active protection and notification of security problems in a network connected to the Internet? A. IPS B. Network monitoring C. Router D. VPN
A. Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.
Which technology uses a physical characteristic to establish identity? A. Biometrics B. Surveillance C. Smart card D. CHAP authenticator
A. A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.
Which type of attack denies authorized users access to network resources? A. DoS B. Worm C. Logic bomb D. Social engineering
A. Privilege Audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. Chapter 11
Which type of audit can be used to determine whether accounts have been established properly and verify that privilege creep isn't occurring? A. Privilege audit B. Usage audit C. Escalation audit D. Report audit
A. Type I hypervisor implementations are known as "bare metal."
Which type of hypervisor implementation is known as "bare metal"? A. Type I B. Type II C. Type III D. Type IV
B. Type II hypervisor implementations are known as "hosted."
Which type of hypervisor implementation is known as "hosted"? A. Type I B. Type II C. Type III D. Type IV
A. Active-active An active-active configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in.
Which type of load balancing configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in? A. Active-active B. Cooperative-sharing C. Equal-partner D. Proactive-colleague
A. Security as a Service (SECaaS) is a subscription-based business model intended to be more cost effective than smaller individuals/corporations could ever get on their own.
With which of the following subscription-based models is security more cost effective than individuals or smaller corporations could ever get on their own? A. SECaaS B. PaaS C. XaaS D. WaaS
A. Split With a full tunnel configuration, all requests are routed and encrypted through the VPN, while with a split tunnel, only some requests (usually all incoming) are routed and encrypted over the VPN.
With which tunnel configuration are only some (usually all incoming) requests routed and encrypted over the VPN? A. Split B. Full C. Partial D. Hybrid
B. Round-robin With round-robin load balancing, the first client request is sent to the first group of servers, the second is sent to the second, and so on.
With which type of load balance scheduling is the first client request sent to the first group of servers, the second is sent to the second, and so on? A. Affinity B. Round-robin C. Sequential D. Progressive
C. Hardening is the term used for making a system as secure as it can be.
You are a junior security administrator for a large bank. You have been asked to make the database servers as secure as they can be. The process of making certain that an entity (operating system, application, and so on) is as secure as it can be is known as which of the following? A. Stabilizing B. Reinforcing C. Hardening D. Toughening
D. Attribute Based Authentication (ABAC) looks at the entire environment. Answers A, B, and C are all access control methods but do not consider the entire environment.
You are a network administrator for ACME Corporation. You want to implement a new access control mechanism. The mechanism you are considering takes into account the entire environment/scenario of the access request. What does this describe? A. MAC B. DAC C. RBAC D. ABAC
A. Air-gap is not exposed to the network and thus is far less likely to become infected. In fact, the only possibility for infection at the moment is that a backup is transferred to the air-gapped storage. If anti-virus is run just prior to this action, then the chances of malware in the backup become extremely small. The other answers have nothing to do with protecting backups.
You are concerned about your backup files becoming infected with malware. Which of the following technologies would be best to protect your backup? A. Air-gap B. SPI firewall C. DMZ D. VLAN
A. RSA is the most widely used asymmetric cipher today, though ECC is quickly becoming more widely used.
You are responsible for e-commerce security at your company. You want to use the most widely implemented asymmetric algorithm available today. Which of the following is the most widely used asymmetric algorithm today? A. RSA B. AES C. 3DES D. SHA
D. CHAP periodically re-authenticates. Answers A, B, and C are all authentication methods but do not re-authenticate.
You are working as a security administrator for a small financial institution. You want to use an authentication method that will periodically reauthenticate clients. Which protocol is best suited for this? A. PAP B. SPAP C. KERBEROS D. CHAP
D. this is a disassociation attack. Bluesnarfing and bluejacking are Bluetooth attacks. The question does not describe session hijacking.
You find that users on your network are getting dropped from the wireless connection. When you check the logs for the wireless access point, you find that a deauthentication packet has been sent to the WAP from the users' IP addresses. What seems to be happening here? A. Bluesnarfing B. Bluejacking C. Session hijacking D. Disassociation attack
D. This is a classic example of transitive access. Answer A is incorrect. LDAP is a directory access protocol. Answers B and C are not access descriptions.
You have added a new child domain to your network. As a result of this, the child has adopted all of the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this? A. LDAP access B. XML access C. Fuzzing access D. Transitive access
C. For a hard drive, you want a symmetric cipher and AES is more secure than DES.
You need to encrypt your hard drive. Which of the following is the best choice? A. DES B. RSA C. AES D. SHA
B. Always apply least privileges, and in this case that is Delete.
You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign? A. Full Control B. Delete C. Administrator D. Modify
C. Biometrics is the authentication process that uses physical characteristics, such as a palm print or retinal pattern, to establish identification. Chapter 11
You want to grant access to network resources based on authenticating an individual's retina during a scan. Which security method uses a physical characteristic as a method of determining identity. A. Smart card B. I&A C. Biometrics D. CHAP
D. Hardware Security Module (HSM) is a cryptoprocessor chip (or circuit mounted within the computer) that can be used to enhance security, and it is commonly used with PKI systems. Chapter 3
You want to install a cryptoprocessor chip that can be used to enhance security with the PKI systems. Which of the following is the one you are looking for? A. OCSP B. HSM C. MTU D. PIV
D. TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.
You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you want to have the product certified. Which certification is used to indicate minimal electronic emissions? A. EMI B. RFI C. CC EAL 4 D. TEMPEST
A. The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.
You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't use a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage? A. Grandfather, Father, Son method B. Full Archival method C. Backup Server method D. Differential Backup method
C. The Request for Comment is how you propose a new standard.
You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym? A. WBS B. X.509 C. RFC D. IEEE
A. An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.
You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to? A. Armored virus B. Malevolent virus C. Worm D. Stealth virus
C. A three-tiered architecture has an intermediary server.
You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. Which model is used to provide an intermediary server between the end user and the database? A. One-tiered B. Two-tiered C. Three-tiered D. Relational database
C. Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards
You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and to create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task? A. Policies B. Standards C. Guidelines D. BIA
D. A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency.
You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency? A. Backup-site agreement B. Warm-site agreement C. Hot-site agreement D. Reciprocal agreement
C. A security zone is an area that is a smaller component of the entire facility. Security zones allow intrusions to be detected in specific parts of the building.
You're the leader of the security committee at ACME Company. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following categories best describes a motion detector mounted in the corner of a hallway? A. Perimeter security B. Partitioning C. Security zone D. IDS system
B. An incremental backup backs up files that have changed since the last full or partial backup.
You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last backup? A. Full backup B. Incremental backup C. Differential backup D. Backup server
B. Kerberos uses a KDC or Key Distribution Center. The other answers do not.
You've been assigned to mentor a junior administrator and bring her up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems? A. CHAP B. Kerberos C. Biometrics D. Smartcards
B. Key transmission is a concern.
You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately, you notice that they're using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process? A. Network security B. Key transmission C. Certificate revocation D. Private key security
B. Hardening is the process of improving security in a network operating system, or any operating system.
You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a network operating system (NOS)? A. Common criteria B. Hardening C. Encryption D. Networking
C. Type C fire extinguishers are intended for use in electrical fires.
You've been drafted for the safety committee. One of your first tasks is to inventory all the fire extinguishers and make certain that the correct types are in the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires? A. Type A B. Type B C. Type C D. Type D
A. Elliptic Curve Cryptography (ECC) would probably be your best choice. ECC is designed to work with smaller processors. The other systems may be options, but they require more computing power than ECC. Chapter 8
You've been hired as a security consultant for a company that's beginning to implement handheld devices, such as smartphones. You're told that the company must use an asymmetric system. Which security standard would you recommend that it implement? A. ECC B. PKI C. SHA D. MD
A. IPsec provides network security for tunneling protocols. IPsec can be used with many different protocols besides TCP/IP, and it has two modes of security.
You've been notified that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security? A. IPSec B. PPTP C. L2TP D. L2F
C. A replay attack attempts to replay the results of a previously successful session to gain access.
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Man-in-the-middle attack B. Backdoor attack C. Replay attack D. TCP/IP hijacking
D. PGP is an excellent choice for email security.
Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice? A. MD5 B. IPSEC C. TLS D. PGP
C. Hotfixes usually can be installed without rebooting the machine.
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation? A. Upgrading B. Service pack installation C. Hotfix D. File update
B. Relational
Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You're helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads? A. Hierarchical B. Relational C. Network D. Archival
A. A key escrow should be used.
Your company has implemented email encryption throughout the enterprise. You are concerned that someone might lose their cryptographic key. You want to implement some mechanism for storing copies of keys and recovering them. What should you implement? A. Key escrow B. Key archival C. Key renewal D. Certificate rollover
A. Data sovereignty is the concept that data is subject to the laws of where it is stored.
Your company is about to invest heavily in a new server farm and have made an attractive offer for a parcel of land in another country. A consultant working on another project hears of this and suggests that you get the offer rescinded because the laws in that country are much more stringent than where you currently operate. Which of the following is the concept that data is subject to the laws of where it is stored? A. Data sovereignty B. Data subjugation C. Data dominion D. Data protectorate
A. Tokens are secure and can be one-time tokens. Answers B, C, and D can all be used more than once.
Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session? A. Tokens B. Certificate C. Smartcard D. Kerberos
C. Role-Based Access Control is based on the user's role, in this case the office administrator. Answers A and B are incorrect and are not based on user roles. Answer D is not related to access.
Your office administrator is being trained to perform server backups. Which access control method would be ideal for this situation? A. MAC B. DAC C. RBAC D. Security Token
A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.
Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred? A. Logic bomb B. Worm C. Virus D. ACK attack