IT_282_FinalReview
You find out that confidential information is being encoded into graphic files in a form of security through obscurity. What have you encountered? A) Steganography B) Confidentiality C) Non-repudiation D) Digital signature
A) Steganography
You are reviewing your organization's continuity plan, which specifies an RTO of six hours and an RPO of two days. Which of the following is the plan describing? A) Systems should be restored within six hours with a maximum of two days' worth of data latency. B) Systems should be restored within six hours and no later than two days after the incident C) Systems should be restored within two days and should remain operational for at least six hours. D) Systems should be restored within two days with a minimum of six hours' worth of data.
A) Systems should be restored within six hours with a maximum of two days' worth of data latency.
Which of the following attacks involve intercepting a session and modifying network packets? A) TCP/IP hijacking B) Denial of service C) Man-in-the-middle attack D) DNS poisoning E) Null session
A) TCP/IP hijacking, C) Man-in-the-middle attack
On Monday, all employees of your organization report that they cannot connect to the corporate wireless network, which uses 802.1X with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the most likely cause of the problem? A) The Remote Authentication Dial-In User Service certificate has expired. B) The DNS server is overwhelmed with connections and is unable to respond to queries. C) There have been too many incorrect authentication attempts and this caused users to be temporarily disabled. D) The company IDS detected a wireless attack and disabled the wireless network.
A) The Remote Authentication Dial-In User Service certificate has expired.
Which of the following is used when performing a quantitative risk analysis? A) Surveys B) Asset value C) Best practice D) Focus group
B) Asset value
Which of the following services uses port 49? A) File Transfer Protocol B)Post Office Protocol version 3 C) Terminal Access Controller Access-Control System Plus D) Domain Name System
C) Terminal Access Controller Access-Control System Plus
You have been tasked by your boss with calculating the annualized loss expectancy (ALE) for a $5000 server that crashes often. In the past year, the server crashed 10 times, requiring a reboot each time, which resulted in a 10% loss of functionality. What is the ALE of the server? A) $5000 B) $50,000 C) $500 D) $10,000
A) $5000
Which of the following is a disadvantage of PGP? A) A recipient must trust a public key that is received. B) Man-in-the-middle attacks are common. C) Weak encryption can be easily broken D) Private keys can be compromised.
A) A recipient must trust a public key that is received.
You are the network security administrator for your organization. You are in charge of deploying 50 new computers on the network. Which of the following should be completed first? A) Apply a baseline configuration B) Install operating system updates C) Install the latest spyware D) Install a spreadsheet program
A) Apply a baseline configuration
Your organization must achieve compliance for PCI and SOX. Which of the following would best allow the organization to achieve compliance and ensure security? (Select the three best answers.) A) Apply technical controls to meet compliance regulations B) Centralize management of all devices on the network C) Establish a list of users that must work with each regulation D) Establish a list of devices that must meet regulations E) Establish a company framework F) Compartmentalize the network
A) Apply technical controls to meet compliance regulations D) Establish a list of devices that must meet regulations F) Compartmentalize the network
Which of the following includes the examination of critical versus noncritical functions? A) BIA B) RPO C) Failover D) snapshots
A) BIA
Your company has a mix of on-premises infrastructure and cloud-provider infrastructure and needs to extend the reach of its security policies beyond the internal infrastructure. Which of the following would be the BEST solution for the company to consider? A) CASB B) SaaS C) PaaS D) MaaS
A) CASB
You are required to renew an SSL certificate for a web server. Which of the following should you submit to the certificate authority? A) CSR B) CRL C) Private key D) RA
A) CSR
Which of the following fire extinguishers should be used to put out magnesium- or titanium-based metal fires? A) Class D B) Class B C) Class A D) Class C
A) Class D
Your boss has tasked you with ensuring that reclaimed space on a hard drive has been sanitized while the computer is in use. What job should you perform? A) Cluster tip wiping B) Full disk encryption C) Individual file encryption D) Storage retention
A) Cluster tip wiping
There is an important upcoming patch to be released. You are required to test the installation of the patch a dozen times before the patch is distributed to the public. What should you perform to test the patching process quickly and often? A) Create a virtualized sandbox and utilize snapshots B) Create an image of a patched PC and replicate it to the servers C) Create an incremental backup of an unpatched PC D) Create a full disk image to restore after each installation
A) Create a virtualized sandbox and utilize snapshots
Your network is a Windows domain controlled by a Windows Server domain controller. Your goal is to configure user access to file folders shared to the network. In your organization, directory access is dependent upon a user's role in the organization. You need to keep to a minimum the administrative overhead needed to manage access security. You need to be able to quickly modify a user's permissions if that user is assigned to a different role. A user can be assigned to more than one role within the organization. What solutions should you implement? (Select the two best answers.) A) Create an OU for each organizational role and link GPOs to each OU B) Place users in OUs based on organizational roles C) Create security groups and assign access permissions based on organizational roles D) Place users' computers in OUs based on user organizational roles E) Assign access permission explicitly by user account
A) Create an OU for each organizational role and link GPOs to each OU, C) Create security groups and assign access permissions based on organizational roles
Which of the following is an area of the network infrastructure that enables a person to put public-facing systems into it without compromising the entire infrastructure? A) DMZ B) VLAN C) VPN D) NAT
A) DMZ
Which of the following is the first step in creating a security baseline? A) Define a security policy B) Install software patches C) Perform vulnerability testing D) Mitigate risk
A) Define a security policy
You perform a risk assessment for your organization. What should you do during the impact assessment? A) Determine the potential monetary costs related to a threat B) Determine how likely it is that a threat might actually occur C) Determine actions that can be taken to mitigate any potential threat D) Determine how well the organization is prepared to manage the threat
A) Determine the potential monetary costs related to a threat
Which of the following are components of hardening an operating system? (Choose all that apply) A) Disabling unnecessary services B) Configuring the desktop C) Applying patches D) Adding users to the administrator's group E) Enabling services
A) Disabling unnecessary services, C) Applying patches
When you arrive at work in the morning, you discover that the server room has been the victim of a fire, and all the servers have been rendered useless. Which of the following is the most important item to have to ensure that your organization can recover from this disaster? A) Disaster recovery plan B) Warm site C) Fault-tolerant servers D) Offsite backup
A) Disaster recovery plan
Your organization's server uses a public, unencrypted communication channel. You are required to implement protocols that allow clients to securely negotiate encryption keys with the server. What protocols should you select? (Select the two best answers.) A) ECDHE B) Symmetric encryption C) PBKDF2 D) Steganography E) Diffie-Hellman
A) ECDHE, E) Diffie-Hellman
As a security administrator, you must be constantly vigilant and always be aware of the security posture of your systems. Which of the following supports this goal? A) Establishing baseline reporting B) Disabling unnecessary services C) Training staff on security policies D) Installing anti-malware applications
A) Establishing baseline reporting
Which of the following would a DMZ typically contain? A) FTP server B) SQL server C) Customer account database D) User workstations
A) FTP server
What kind of monitoring methodology does an antivirus program use? A) Signature-based B) Anomaly-based C) Statistical-based D) Behavior-based
A) Signature-based
You suspect that files are being illegitimately copied to an external location. The file server that the files are stored on does not have logging enabled. Which log should you access to find out more about the files that are being copied illegitimately? A) Firewall log B) DNS log C) System log D) Antivirus log
A) Firewall log
A security administrator is required to submit a new CSR to a CA. What is the first step? A) Generate a new private key based on RSA B) Generate a new private key based on AES C) Generate a new public key based on RSA D) Generate a new public key based on AES
A) Generate a new private key based on RSA
Your company needs to have a backup plan in case power is lost for more than a few hours. Which of the following solutions should you implement? A) Generator B) UPS C) Redundant power supplies D) Warm site
A) Generator
The IT director tasks you to set up a backup plan to ensure that your organization can be back up and running within hours if a disaster occurs. Which of the following should you implement? A) Hot site B) Cold site C) Redundant servers D) Tape backup
A) Hot site
Your organization has decided to move large sets of sensitive data to a SaaS cloud provider in order to limit storage and infrastructure costs. Your CIO requires that both the cloud provider and your organization have a clear understanding of the security controls that will be implemented to protect the sensitive data. What kind of agreement is this? A) ISA B) SLA C) MoU D) BPA
A) ISA
Your organization has suffered from several data leaks as a result of social engineering attacks that were conducted over the phone. Your boss wants to reduce the risk of another leak by incorporating user training. Which of the following is the best method for reducing data leaks? A) Information security awareness B) Acceptable use C) Social media and BYOD D) Data handling and disposal
A) Information security awareness
Which of the following network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource, and uses a Key Distribution Center (KDC)? A) Kerberos B) RADIUS C) TACACS+ D) PKI
A) Kerberos
You have completed the deployment of PKI within your organization's network. Legally you are required to implement a way to provide decryption keys to a governmental third party on an as-needed basis. Which of the following should you implement? A) Key escrow B) Additional certificate authority C) Certificate registration D) Recovery agent
A) Key escrow
The IT director asks you to create a solution to protect your network from Internet-based attacks. The solution should include pre-admission security checks and automated remediation and should also integrate with existing network infrastructure devices. Which of the following solutions should you implement A) NAC B) NAT C) VLAN D) Subnetting
A) NAC
You have been contracted to conduct a forensics analysis on a server. Which of the following should you do first? A) Obtain a binary copy of the system B) Run an antivirus scan C) Analyze temporary files D) Search for spyware
A) Obtain a binary copy of the system
Which of the following tools can be used to check network traffic for clear-text passwords? A) Protocol analyzer B) Port scanner C) Password cracker D) Performance monitor
A) Protocol analyzer
Why do hackers often target nonessential services? (choose all that apply) A) Quite often, they are not configured correctly. B) They are not monitored as often. C) They are not used. D) They are not monitored by an IDS
A) Quite often, they are not configured correctly, B) They are not monitored as often.
In this scenario, your organization and a sister organization use multiple certificate authorities (CAs). Which component of PKI is necessary for one CA to know whether to accept or reject certificates from another CA? A) RA B) Recovery agent C) CRL D) Key escrow
A) RA
When creating a public/private key pair, which of the following would an admin need to specify key strength? A) RSA B) AES C) SHA D) DES
A) RSA
Which of the following attacks is best described as an attacker capturing part of a communication, and then later sending some or all of that communication to a server while pretending to be the original client? A) Replay attack B) TCP/IP hijacking C) Backdoor D) Man-in-the-middle attack
A) Replay attack
MD5 can be manipulated by creating two identical hashes using two different messages, resulting in a collision. This is difficult (if impossible) to do with SHA-256. Why is this? A) SHA-256 has greater collision resistance than MD5. B) MD5 has greater collision resistance than SHA-256. C) SHA-256 has greater collision strength than MD5. D) MD5 has greater collision strength than SHA-256.
A) SHA-256 has greater collision resistance than MD5.
You need to protect passwords. Which of the following protocols is not recommended because it can supply passwords over the network? A) SNMP B) Kerberos C) ICMP D) DNS
A) SNMP
Your organization has several separate logins necessary to gain access to several different sets of resources. What access control method could solve this problem? A) SSO B) Two-factor authentication C) Biometrics D) Smart card
A) SSO
Which one of the following attacks misuses the Transmission Control Protocol three-way handshake process in an attempt to overload network servers so that authorized users are denied access to network resources? A) SYN attack B) Man-in-the-middle attack C) Teardrop attack D) Smurf attack
A) SYN attack
What is the main difference between a secure hash and secure encryption? A) Secure encryption can be reversed. B) A secure hash cannot be reversed. C) A secure hash can be reversed. D) Secure encryption cannot be reversed.
A) Secure encryption can be reversed. B) A secure hash cannot be reversed.
Your organization has several building keys circulating among various executive and human resources employees. You are concerned that the keys could be easily lost, stolen, or duplicated, so you have decided to implement an additional security control based on facial recognition. Which of the following will address this goal? A) Security guard B) Fingerprint scanner C) Mantraps D) Proximity readers
A) Security guard
You are contracted with a customer to protect its user data. The customer requires the following: Easy backup of all user data Minimizing the risk of physical data theft Minimizing the impact of failure on any one file server Which of the following solutions should you implement? A) Use file servers with removable hard disks. Secure the hard disks in a separate area after hours. B) Use internal hard disks installed in file servers. Lock the file servers in a secure area. C) Use file servers attached to a NAS. Lock the file servers and NAS in a secure area. D) Back up user files to USB hard disks attached to the customer's systems. Store the USB hard disks in a secure area after hours.
A) Use file servers with removable hard disks. Secure the hard disks in a separate area after hours.
What are the best ways for a web programmer to prevent website application code from being vulnerable to XSRF attacks? (Select the two best answers.) A) Validate input on the client and the server side B) Ensure HTML tags are enclosed within angle brackets C) Permit URL redirection D) Restrict the use of special characters in form fields E) Use a web proxy to pass website requests between the user and the application
A) Validate input on the client and the server side, D) Restrict the use of special characters in form fields
Which of the following inbound ports must be opened on a server to allow a user to log in remotely? A) 53 B) 3389 C) 389 D) 636
B) 3389
Which of the following authentication protocols makes use of a supplicant, authenticator, and authentication server? A) Kerberos B) 802.1X C) RADIUS D) LDAP
B) 802.1X
Your organization has several conference rooms with wired RJ45 jacks that are used by employees and guests. The employees need to access internal organizational resources, but the guests only need to access the Internet. Which of the following should you implement? A) VPN and IPsec B) 802.1X and VLANs C) Switches and a firewall D) NAT and DMZ
B) 802.1X and VLANs
Which of the following does the discretionary access control model use to identify users who have permissions to a resource? A) Security labels B) Access control lists C) Predefined access privileges D) Roles that users have in the organization
B) Access control lists
A recent security audit has uncovered an increase in the number MITM attacks during the certificate validation process. Which of the following is a way to add security to the certificate validation process to help detect and block many types of MITM attacks by adding an extra step beyond normal X.509 certificate validation? A) S/MIME B) Certificate pinning C) OID stapling D) SSH
B) Certificate pinning
You have been asked by an organization to help correct problems with users unknowingly downloading malicious code from websites. Which of the following should you do to fix this problem? A) Install a network-based intrusion detection system B) Disable unauthorized ActiveX controls C) Implement a policy to minimize the problem D) Use virtual machines
B) Disable unauthorized ActiveX controls
You have been tasked with sending a decommissioned SSL certificate server's hard drives to be destroyed by a third-party company. What should you implement before sending the drives out? (Select the two best answers.) A) Disk hashing B) Disk wiping C) Removable media encryption D) Full disk encryption E) Data retention policies
B) Disk wiping, D) Full disk encryption
Which of the following uses Transport Layer Security and does not work well in enterprise scenarios because certificates must be configured or managed on both the client side and server side? A) Transitive trust B) EAP-TLS C) EAP-TTLS D) EAP-FAST E) Kerberos
B) EAP-TLS
An employee of your organization was escorted off of the premises for suspicion of fraudulent activity, but the employee had been working for two hours before leaving. You have been asked to find out what files have changed since last night's integrity scan. Which protocols could you use to perform your task? (Select the two best answers.) A) ECC B) HMAC C) MD5 D) Blowfish E) PGP F) AES
B) HMAC, C) MD5
The IT director asks you to perform a risk assessment of your organization's network. Which of the following should you do first? A) Identify potential monetary impact B) Identify organizational assets C) Identify threats and threat likelihood D) Identify vulnerabilities
B) Identify organizational assets
Which of the following programming techniques can stop buffer overflow attacks? A) SQL injection attack B) Input validation C) Sandbox D) Backdoor analysis
B) Input validation
Which of the following is a step in deploying a WPA2-Enterprise wireless network? A) Install a DHCP server on the authentication server B) Install a digital certificate on the authentication server C) Install an encryption key on the authentication server D) Install a token on the authentication server
B) Install a digital certificate on the authentication server
In a scenario where data integrity is crucial to the organization, which of the following is true about input validation regarding client/server applications? A) It must rely on the user's knowledge of the application. B) It should be performed on the server side. C) It should be performed on the client side only. D) It must be protected by SSL.
B) It should be performed on the server side.
You review the system logs for your organization's firewall and see that an implicit deny is within the ACL. Which is an example of an implicit deny? A) Implicit deny will deny all traffic from one network to another. B) Items not specifically given access are denied by default. C) When an access control list is used as a secure way of moving traffic from one network to another. D) Everything will be denied because of the implicit deny.
B) Items not specifically given access are denied by default.
Your organization implements a policy in which accounting staff needs to be cross-trained in various banking software to detect possible fraud. What is this an example of? A) Least privilege B) Job rotation C) Separation of duties D) Due care
B) Job rotation
Which of the following is used to implement an unencrypted tunnel between two networks? A) PTP B) L2TP C) Always-on VPN D) HTTPS E) AES
B) L2TP
Which of the following concepts best describes the mandatory access control model? A) Clark-Wilson B) Lattice C) Bell-LaPadula D) Biba
B) Lattice
If a switch enters fail-open mode because its CAM table memory has been filled, then it will cease to function properly as a switch. What type of attack could cause this? A) Double tagging B) MAC flooding C) Physical tampering D) DoS
B) MAC flooding
Which of the following anomalies can a protocol analyzer detect? A) Decryption of encrypted network traffic B) Malformed or fragmented packets C) Disabled network adapters D) Passive sniffing of network traffic
B) Malformed or fragmented packets
You are in the middle of the information gathering stage of the planning and deployment of a role-based access control model. Which of the following is most likely required? A) Group-based privileges already in place B) Matrix of job titles with required privileges C) Rules under which certain systems can be accessed D) Clearance levels of personnel
B) Matrix of job titles with required privileges
Which of the following tools require a computer with a network adapter that can be placed in promiscuous mode? A) Vulnerability scanner B) Network mapper C) Port scanner D) Protocol analyzer E) Password cracker
B) Network mapper, D) Protocol analyzer
Which of the following offer the best protection against brute-forcing passwords? (Select the two best answers.) A) MD5 B) PBKDF2 C) Bcrypt D) AES E) CHAP F) SHA2
B) PBKDF2, C) Bcrypt
While running a new network line, you find an active network switch above the ceiling tiles of the CEO's office with cables going in various directions. What attack is occurring? A) Spear phishing B) Packet sniffing C) Impersonation D) MAC flooding
B) Packet sniffing
Which of the following are the best options when it comes to increasing the security of passwords? (Select the two best answers.) A) Password history B) Password complexity C) Password length D) Password expiration E) Password age
B) Password complexity, C) Password length
Which of the following methods should you use to fix a single security issue on a computer? A) Configuration baseline B) Patch C) Service pack D) Patch management
B) Patch
You are logging a server. What security measures should you implement? (Choose two) A) Perform CRCs B) Perform hashing of the log files C) Collect temporary files D) Apply retention policies on the log files
B) Perform hashing of the log files, D) Apply retention policies on the log files
You've created a baseline for your Windows Server file server. Which of the following tools can best monitor changes to your system baseline? A) Resource planning software B) Performance monitoring software C) Key management software D) Antivirus software
B) Performance monitoring software
You have been contracted to determine if network activity spikes are related to an attempt by an attacker to breach the network. The customer wants you to identify when the activity occurs and what type of traffic causes the activity. Which type of tool should you use? A) Network mapper B) Protocol analyzer C) System Monitor D) Performance Monitor
B) Protocol analyzer
You are designing the environmental controls for a server room that contains several servers and other network devices. What roles will an HVAC system play in this environment? (Select the two best answers.) A) Provide isolation in case of a fire B) Provide an appropriate ambient temperature C) Maintain appropriate humidity levels D) Vent fumes from the server room E) Shield equipment from EMI
B) Provide an appropriate ambient temperature, C) Maintain appropriate humidity levels
Which of the following types of keys are stored in a CRL? A) TPM keys B) Public and private keys C) Public keys only D) Private keys only
B) Public and private keys
You have been tasked with investigating a compromised web server and just finished analyzing the logs of a firewall. You see the following open inbound ports appear in the log: 22, 25, 445, 514, 1433, 3225, 3389 Of the following answers, which was most likely used to access the server remotely? A) HTTP B) RDP C) LDAP D) HTTPS E) Telnet F) Syslog
B) RDP
Your server room has most items bolted down to the floor, but some items - such as network testing tools - can be easily removed from the room. Which security control can you implement to allow for automated notification of the removal of an item from the server room? A) Environmental monitoring B) RFID C) EMI shielding D) CCTV
B) RFID
Which one of the following is the most common encryption protocol used for key exchange during a secure web session? A) PKI B) RSA C) SHA D) AES
B) RSA
A user receives an encrypted message that was encrypted using asymmetric cryptography. What does this recipient need to decrypt the message? A) Sender's private key B) Recipient's private key C) Recipient's public key D) Sender's public key
B) Recipient's private key
Your network is an Active Directory domain controlled by a Windows Server domain controller. The Finance group has read permission to the Reports and History shared folders and other shared folders. The Accounting group has read and write permissions to the Reports, AccountRecs, and Statements shared folders. Several users are members of both the Finance and Accounting groups. All the folders are located on a file server. The Everyone group is granted the Full Control NTFS permission for each folder through inheritance, but non-administrative users do not have the right to log on locally at the server. Access to the shared folders is managed through share permissions. It is determined that the Finance group should no longer have read access to the Reports folder. This change should not affect access permissions granted through membership in other groups. What is the best solution to the problem? A) Delete the Finance group B) Remove the read permission from the Finance group for the Reports folder C) Deny the read permission individually for each member of the Finance group for the Reports folder D) Deny the read permission to the Finance group for the Reports folder
B) Remove the read permission from the Finance group for the Reports folder
Identifying residual risk is considered to be the most important task when dealing with which of the following? A) Risk avoidance B) Risk acceptance C) Risk deterrence D) Risk mitigation
B) Risk acceptance
You have been commissioned by a customer to implement a network access control model that limits remote users' network usage to normal business hours only. You create one policy that applies to all the remote users. What access control model are you implementing? A) Mandatory access control B) Role-based access control C) Discretionary access control D) Rule-based access control
B) Role-based access control
You are in charge of the disaster recovery plan for your organization. What can you do to make sure that the DRP can be implemented quickly and correctly? A) Send the plan to management for approval B) Run a test of the recovery plan C) Store the recovery plan in a secure area D) Distribute copies of the plan to key personnel
B) Run a test of the recovery plan
The IT director recommends that you require your service provider to give you an end-to-end traffic performance guarantee. What document will include this guarantee? A) Incident response procedures B) SLA C) DRP D) Chain of custody
B) SLA
Users in your organization receive an e-mail encouraging them to click a link to obtain exclusive access to the newest version of a popular smartphone. What is this an example of? A) Intimidation B) Scarcity C) Trust D) Familiarity
B) Scarcity
You are in charge of decreasing the chance of social engineering in your organization. Which of the following should you implement? A) Risk assessment B) Security awareness training C) A two-factor authentication scheme D) Vulnerability assessment
B) Security awareness training, C) A two-factor authentication scheme
You are in charge of auditing resources and the changes made to those resources. Which of the following log files will show any unauthorized changes to those resources? A) Directory Services log file B) Security log file C) System log file D) Application log file
B) Security log file
You are attempting to apply corporate security settings to a workstation. Which of the following would be the best solution? A) Hotfix B) Security template C) Patch D) Services.msc
B) Security template
An employee has been terminated from your organization. What can ensure that the organization continues to have access to the employee's private keys? A) Retain the employee's token B) Store the keys in escrow C) Store the keys in a CRL D) Delete the employee's user account
B) Store the keys in escrow
In a secure environment, which authentication mechanism performs better? A) RADIUS because it encrypts client/server passwords B) TACACS+ because it encrypts client/server negotiation dialogs C) TACACS+ because it is a remote access authentication service D) RADIUS because it is a remote access authentication service
B) TACACS+ because it encrypts client/server negotiation dialogs
Which of the following transport protocols and port numbers does Secure Shell use? A) UDP port 69 B) TCP port 22 C) TCP port 389 D) UDP port 53
B) TCP port 22
Your network has a DHCP server, AAA server, LDAP server, and e-mail server. Instead of authenticating wireless connections locally at the WAP, you want to utilize RADIUS for the authentication process. When you configure the WAP's authentication screen, what server should you point to, and which port should you use? A) The DHCP server and port 67 B) The AAA server and port 1812 C) The LDAP server and port 389 D) The e-mail server and port 143
B) The AAA server and port 1812
You are a security administrator for a midsized company that uses several applications on its client computers. After the installation of a specialized program on one computer, a software application executed an online activation process. Then, a few months later, the computer experienced a hardware failure. A backup image of the operating system was restored on a newer revision of the same brand and model computer. After that restoration, the specialized program no longer works. Which of the following is the most likely cause of the problem? A) The binary files used by the specialized program have been modified by malware. B) The hash key summary of the hardware and the specialized program no longer match. C) The specialized program is no longer able to perform remote attestation due to blocked ports. D) The restored image backup was encrypted with the wrong key.
B) The hash key summary of the hardware and the specialized program no longer match.
Virtualization is a broad term that includes the use of virtual machines and the extraction of computer resources. Which of the following is the best security reason for using virtualization of network servers? A) To centralize patch management B) To isolate network services and roles C) To add network services D) To analyze network traffic
B) To isolate network services and roles
Why would you deploy a wildcard certificate? A) To secure the certificate's private key B) To reduce the burden of certificate management C) To increase the certificate's encryption key length D) To extend the renewal date of the certificate
B) To reduce the burden of certificate management
What are LDAP and Kerberos commonly used for? A) To sign SSL wildcard certificates B) To utilize single sign-on capabilities C) To perform queries on a directory service D) To store usernames and passwords in a FIM system
B) To utilize single sign-on capabilities
You want to secure data passing between two points on an IP network. What is the best method to protect from all but the most sophisticated APTs? A) Stream ciphers B) Transport encryption C) Block ciphers D) Key escrow
B) Transport encryption
Which of the following should be performed on a computer to protect the OS from malicious software? (Choose all that apply) A) Install a perimeter firewall B) Update HIPS signatures C) Update NIDS signatures D) Disable unused services E) Disable DEP settings
B) Update HIPS signatures, D) Disable unused services
When is it appropriate to use vulnerability scanners to identify any potential holes in your security design? A) When testing the automatic detection and alerts of your network B) When testing to identify known potential security risks inherent to your design C) When testing the network's response to specific attacks D) When testing disaster mitigation planning
B) When testing to identify known potential security risks inherent to your design
Which of the following is a Class B private IP address? A) 10.254.254.1/16 B) 192.168.1.1/16 C) 172.16.1.1/16 D) 169.254.50.1/24
C) 172.16.1.1/16
Which port does Kerberos use by default? A) 21 B) 80 C) 88 D) 389
C) 88
Which of the following is the best example of a strong password? A) The last four digits of your Social Security number B) A 15-character sequence of letters only C) A 14-character sequence of numbers, letters, and symbols D) The name of your pet
C) A 14-character sequence of numbers, letters, and symbols
The IT director asks you to set up a system that will encrypt credit card data. She wants you to use the most secure symmetric algorithm with the least amount of CPU usage. Which of the following algorithms should you select? A) 3DES B) SHA-1 C) AES D) RSA
C) AES
Alice wishes to send a file to Bob using a PKI. Which of the following types of keys should Alice use to sign the file? A) Bob's public key B) Alice's public key C) Alice's private key D) Bob's private key
C) Alice's private key
You are the network administrator for your organization and are in charge of many servers, including one web server. Which of the following is the best way to reduce vulnerabilities on your web server? A) Enable auditing and review log files B) Block DNS on port 80 C) Apply updates and patches D) Use a 24/7 packet sniffer
C) Apply updates and patches
Which of the following is the most complicated centralized key management scheme? A) Symmetric B) Steganography C) Asymmetric D) Whole disk encryption
C) Asymmetric
You are in charge of your organization's backup plan. You need to make sure that the data backups are available in case of a disaster. However, you need to keep the plan as inexpensive as possible. Which of the following solutions should you implement? A) Implement a cold site B) Implement a hot site C) Back up data to removable media and store a copy offsite D) Implement a remote backup solution
C) Back up data to removable media and store a copy offsite
You are contracted to conduct a forensic analysis of the computer. What should you do first? A) Make changes to the operating system B) Analyze the files C) Back up the system D) Scan for viruses
C) Back up the system
What should you be concerned with when transferring evidence? A) Due diligence B) Job rotation C) Chain of custody D) Change management
C) Chain of custody
Your organization uses a SOHO wireless router all-in-one device. The network has five wireless BYOD users and two web servers that are wired to the network. What should you configure to protect the servers from the BYOD users' devices? (Select the two best answers.) A) Implement EAP-TLS B) Change the default HTTP port C) Create a VLAN for the servers D) Deny incoming connections to the outside router interface E) Disable physical ports F) Create an ACL to access the servers
C) Create a VLAN for the servers, F) Create an ACL to access the servers
A Uniform Resource Locator (URL) is a type of Uniform Resource Identifier (URI) that specifies where an identified resource is available. When a user attempts to go to a website, she notices the URL has changed. Which attack is the most likely cause of the problem? A) Denial of service B) ARP poisoning C) DNS poisoning D) DLL injection
C) DNS poisoning
You have found vulnerabilities in your SCADA system. Unfortunately, changes to the SCADA system cannot be made without vendor approval, which can take months to obtain. Which of the following is the best way to protect the SCADA system in the interim? A) Enable auditing of accounts on the SCADA system B) Update AV definitions on the SCADA system C) Deploy a NIPS at the edge of the SCADA network D) Install a firewall in the SCADA network
C) Deploy a NIPS at the edge of the SCADA network
Which of the following can allow the owner to restrict access to resources according to the identity of the user? A) Mandatory access control B) Role-based access control C) Discretionary access control D) CRL
C) Discretionary access control
Which of the following threats is not associated with Bluetooth? A)Discovery mode B) Bluesnarfing C) Fraggle attack D) Bluejacking
C) Fraggle attack
A security administrator analyzed the following logs: Host: 10.248.248.67 [02: 15: 11]Successful Login: 045 10.248.248.67:local [02: 15: 16]Unsuccessful Login: 067 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 072 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 058 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 094 208.159.67.23: RDP 10.248.248.67 What should the security administrator implement as a mitigation method against further attempts? A) System log monitoring B) IDS C) Hardening D) Reporting
C) Hardening
You are analyzing why the incident response team of your organization could not identify a recent incident that occurred. Review the e-mail below and then answer the question that follows. E-mail from the incident response team: A copyright infringement alert was triggered by IP address 11.128.50.1 at 02: 30: 01 GMT. After reviewing the following logs for IP address 11.128.50.1 we cannot correlate and identify the incident. - 02: 25: 23 11.128.50.1 http://externalsite.com/login.asp?user=steve - 02: 30: 15 11.128.50.1 http://externalsite.com/login.asp?user=amy - 03: 30: 01 11.128.50.1 http://externalsite.com/access.asp?file=movie.mov - 03: 31: 08 11.128.50.1 http://externalsite.com/download.asp?movie.mov=ok Why couldn't the incident response team identify and correlate the incident? A) The chain of custody was not properly maintained. B) Traffic logs for the incident are not available. C) Incident time offsets were not accounted for. D) The logs are corrupt.
C) Incident time offsets were not accounted for.
Which of the following techniques supports availability when considering a vendor-specific vulnerability in critical industrial control systems? A) Enforcing application whitelists B) Verifying that antivirus definitions are up to date C) Incorporating diversity into redundant design D) Deploying multiple firewalls at the network perimeter
C) Incorporating diversity into redundant design
Which of the following is the most effective way of preventing adware? A) Install an antivirus program B) Install a host-based intrusion detection system C) Install a pop-up blocker D) Install a firewall
C) Install a pop-up blocker
Which of the following characterizations best suits the term Java applets? A) Java applets include a digital signature. B) Java applets allow for customized controls and icons. C) Java applets need to have virtual machine web browser support. D) Java applets are the same as ActiveX controls.
C) Java applets need to have virtual machine web browser support.
Which of the following authentication models places importance on a ticket-granting server? A) PAP B) CHAP C) Kerberos D) RADIUS
C) Kerberos
An administrator configures Unix accounts to authenticate to a non-Unix server on the internal network. The configuration file incorporates the following information: DC=ServerName and DC=COM. Which service is being used? A) SAML B) RADIUS C) LDAP D) TACACS+
C) LDAP
Which of the following is a secure wireless authentication method that uses a RADIUS server for the authenticating? A) CCMP B) WEP-PSK C) LEAP D) WPA2-PSK
C) LEAP
Your organization wants to improve its security posture by addressing risks uncovered by a recent penetration test. Which of the following is most likely to affect the organization on a day-to-day basis? A) Insufficient encryption B) Corporate espionage C) Lack of antivirus software D) Large-scale natural disaster
C) Lack of antivirus software
Which of the following will most likely enable an attacker to force a switch to function like a hub? A) DNS spoofing B) ARP poisoning C) MAC flooding D) DNS poisoning
C) MAC flooding
Which of the following tools can find the open ports on a network? A) Password cracker B) Protocol analyzer C) Network scanner D) Performance monitor
C) Network scanner
You are configuring security for a network that is isolated from the Internet by a perimeter network. You need to test the network's ability to detect and respond to a DoS attack. What should you implement? A) Network packet analysis B) Port scanning C) Penetration testing D) Vulnerability scanning
C) Penetration testing
Network utilization is the ratio of current network traffic to the maximum amount of traffic that a network adapter or specific port can handle. Which of the following can help you to determine whether current network utilization is abnormal? A) Penetration testing B) Vulnerability assessment C) Performance baseline D) Security log
C) Performance baseline
What is it known as when traffic to a website is redirected to another, illegitimate site? A) Phishing B) Whaling C) Pharming D) Spim
C) Pharming
You are the security administrator working for a large corporation with many remote workers. You are tasked with deploying a remote access solution for both staff and contractors. Company management favors Remote Desktop Services because of its ease of use. Your current risk assessment suggests that you protect Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should you choose? A) Change remote desktop to a non-standard port, and implement password complexity for the entire Active Directory domain. B) Distribute new IPsec VPN client software to applicable parties, and then virtualize the remote desktop services functionality. C) Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication. D) Deploy a remote desktop server on your internal LAN, and require an Active Directory integrated SSL connection for access.
C) Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.
Your organization asks you to design a web-based application. It wants you to design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk if an attack occurs. Which of the following security concepts does this describe? A) Mandatory access control B) Implicit deny C) Principle of least privilege D) Separation of duties
C) Principle of least privilege
You work as a network administrator for your organization and need a tool to capture ICMP, HTTP, FTP, and other packets of information. Which of the following tools should you use? A) Penetration tester B) Port scanner C) Protocol analyzer D) Vulnerability scanner
C) Protocol analyzer
One of your co-workers has been issued a new smart card because the old one has expired. The co-worker can connect to the computer network but is unable to send digitally signed or encrypted e-mail. What does the security administrator need to perform? A) Recover the previous smart card certificates B) Remove all previous smart card certificates from the local certificate store C) Publish new certificates to the global address list D) Make certificates available to the operating system
C) Publish new certificates to the global address list
One of your database servers is mission-critical. You cannot afford any downtime. What is the best item to implement to ensure minimal downtime of the server and ensure fault tolerance of the data stored on the database server? A) Spare parts B) UPS C) RAID D) Redundant server
C) RAID
Which of the following are symmetric encryption algorithms? A) RSA B) DES C) RC4 D) 3DES E) AES F) ECC G) Diffie-Hellman
C) RC4, D) 3DES, E) AES
Which the following algorithms is used by the protocol TLS to establish a session key? A) AES B) RC4 C) RSA D) SSL
C) RSA
A security incident just occurred involving a physical asset (a USB flash drive). Immediately afterward, what should be done first? A) Create a working image of the data B) Back up the device C) Record every person who was in possession of the asset during and after the incident D) Document the incident and how it was mitigated
C) Record every person who was in possession of the asset during and after the incident
In an environment where the transmission and storage of PII data needs to be encrypted, what methods should you select? (Select the two best answers.) A) TFTP B) TKIP C) SSH D) PGP E) SNMP F) NTLM
C) SSH, D) PGP
What is the technique of adding text to a password when it is hashed? A) NTLMv2 B) Rainbow tables C) Salting D) Symmetric cryptography
C) Salting
You are designing security for an application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. What access control method should you use? A) Least privilege B) Job rotation C) Separation of duties D) Implicit deny
C) Separation of duties
An IDS looks for patterns to aid in detecting attacks. What are these patterns known as? A) Viruses B) Anomalies C) Signatures D) Malware
C) Signatures
Which of the following protocols does the 802.11i standard support? A) DES B) ECC C) TKIP D) AES E) RSA
C) TKIP, D) AES
You are in charge of recycling computers. Some of the computers have hard drives that contain personally identifiable information (PII). What should be done to the hard drive before it is recycled? A) The hard drive should be reformatted. B) The hard drive should be destroyed. C) The hard drive should be sanitized. D) The hard drive should be stored in a safe area.
C) The hard drive should be sanitized.
A security administrator for your organization utilized a heuristic system to detect an anomaly in a desktop computer's baseline. The admin was able to detect an attack even though the signature-based IDS and antivirus software did not detect it. Upon further review, it appears that the attacker had downloaded an executable file on the desktop computer from a USB port, and executed it triggering a privilege escalation. What type of attack has occurred? A) Directory traversal B) XML injection C) Zero day D) Baiting
C) Zero day
Which port and transport mechanism protocol must be opened on a firewall to allow incoming SFTP connections? A) 21 and UDP B) 22 and UDP C) 21 and TCP D) 22 and TCP
D) 22 and TCP
What port and transport mechanism does TFTP use by default? A) 68 and TCP B) 69 and TCP C) 68 and UDP D) 69 and UDP
D) 69 and UDP
A systems administrator must configure access to the corporate network such that users always have access without the need to periodically disconnect and reconnect. Which of the following best describes the type of connection that should be configured? A) Federated identify management B) Kerberos C) Generic Routing Encapsulation D) Always-on VPN E) PPTP
D) Always-on VPN
You have collected login information, file access information, security log files, and unauthorized security violations. What is this collection known as? A) Audit B) Access control list C) Security log D) Audit trail
D) Audit trail
In the event of a short-term power loss to the server room, what should be powered on first in order to establish DNS services? A) Apache server B) Exchange server C) RADIUS D) BIND server
D) BIND server
Bob wants to send an encrypted e-mail to Alice. Which of the following will Alice need to use to verify the validity of Bob's certificate? (Select the two best answers.) A) Bob's private key B) Alice's private key C) The CA's private key D) Bob's public key E) Alice's public key F) The CA's public key
D) Bob's public key, F) The CA's public key
What is it called when a hashing algorithm creates the same hash from two different messages? A) Birthday attack B) Rainbow tables C) MD5 D) Collision
D) Collision
One of your servers (10.254.254.201) is only allowing slow and intermittent connections to clients on the network. You check the logs of the server and see a large number of connections from the following IP addresses: 10.254.254.38 10.254.254.79 10.254.254.102 11.57.86.86 198.155.201.214 212.119.64.32 The connections from these six hosts are overloading the server and causing it to stop responding to requests from clients. What type of attack is happening? A) Xmas tree B) XSS C) DoS D) DDoS
D) DDoS
Your boss asks you to replace the current RADIUS authentication system with a more secure system. Your current RADIUS solution supports EAP, and your new solution should do the same. Which of the following is the best option and would offer the easiest transition? A) CHAP B) SAML C) Kerberos D) Diameter
D) Diameter
To achieve multifactor security, what should you implement to accompany password usage and smart cards? A) Badge readers B) Passphrases C) Hard tokens D) Fingerprint readers
D) Fingerprint readers
You are a security tester for a penetration testing security company. You are currently testing a website and you perform the following manual query: http://www.davidlprowse.com/cookies.jsp?products=5%20and%201=1 The following response is received in the payload: "ORA-000001: SQL command not properly ended" Based on the query and the response, what technique are you employing? A) Cross-site scripting B) SQL injection C) Privilege escalation D) Fingerprinting E) Remote code execution F) Zero day
D) Fingerprinting
Your high-tech server room needs a quality fire suppression system. What is the most appropriate type of fire suppression system to install? A) Dry-pipe sprinkler system B) Wet chemical suppression C) Dry chemical suppression D) Gaseous fire suppression
D) Gaseous fire suppression
In which of the following phases of identification and authentication does proofing occur? A) Verification B) Authentication C) Authorization D) Identification
D) Identification
Of the following, what is the service provided by message authentication code? A) Data recovery B) Fault tolerance C) Confidentiality D) Integrity
D) Integrity
Study the following items carefully. Which one permits a user to "float" a domain registration for a maximum of 5 days? A) DNS poisoning B) Domain hijacking C) Domain spoofing D) Kiting E) DNS amplification
D) Kiting
Which of the following is vulnerable to spoofing? A) WPA-LEAP B) WPA-PEAP C) Enabled SSID D) MAC filtering
D) MAC filtering
You and your security team have established a security awareness program to help educate the employees in your organization. Which of the following would give you the best indication of the success of the program? A) Procedures B) Standards C) Policies D) Metrics
D) Metrics
Which of the following is the greatest security risk of two or more companies working together under a memorandum of understanding? A) Budgetary considerations may not have been written into the MoU. B) MoUs have strict policies concerning services performed between entities. C) An MoU between two parties cannot be held to the same legal standards as a SLA. D) MoUs are generally loose agreements that do not have strict guidelines governing the transmission of sensitive data
D) MoUs are generally loose agreements that do not have strict guidelines governing the transmission of sensitive data
Which of the following access control methods is best described as providing a username, password, and biometric thumbprint scan to gain access to a network? A) Biometrics B) Three-way handshake C) Mutual authentication D) Multifactor
D) Multifactor
Which of the following is used to validate whether trust is in place and accurate by retuning responses of "good," "unknown," or "revoked"? A) RA B) PKI C) CRL D) OCSP
D) OCSP
Which of the following encryption protocols uses a PSK? A) TPM B) CRL C) DLP D) PGP
D) PGP
Which of the following methods is the most closely associated with DLL injection? A) Performance monitoring B) Auditing C) Vulnerability assessment D) Penetration testing
D) Penetration testing
One of your users complains that he received an e-mail from a mortgage company asking for personal information. The user does not recognize this mortgage company as the company with which he first applied for a mortgage for his house. What is the best way to describe this e-mail? A) Denial of service B) Hoax C) Spam D) Phishing
D) Phishing
Which of the following social engineering attacks relies on impersonation in an attempt to gain personal information? A) Dumpster diving B) Hoaxes C) Shoulder surfing D) Phishing
D) Phishing
Which of the following methods can possibly identify when an unauthorized access has occurred? A) Session termination mechanism B) Session lock mechanism C) Two-factor authentication D) Previous logon notification
D) Previous logon notification
For a user to obtain a certificate from a certificate authority, the user must present two items. The first is proof of identity. What is the second? A) Private key B) Password C) Authentication D) Public key
D) Public key
Which of the following algorithms depends on the inability to factor large prime numbers? A) AES B) Diffie-Hellman C) Elliptic curve D) RSA
D) RSA
What is a definition of implicit deny? A) All traffic from one network to another is denied. B) Everything is denied by default C) ACLs are used to secure the firewall. D) Resources that are not given access are denied by default.
D) Resources that are not given access are denied by default.
Alice has read and write access to a database. Bob, her subordinate, only has read access. Alice needs to leave to go to a conference. Which access control type should you implement to trigger write access for Bob when Alice is not onsite? A) Discretionary access control B) Attribute-based access control C) Mandatory access control D) Rule-based access control E) Role-based access control
D) Rule-based access control
Which of the following protocols operates at the highest layer of the OSI model? A) IPsec B) TCP C) ICMP D) SCP
D) SCP
A security auditing consultant has completed a security assessment and gives the following recommendations: 1. Implement fencing and additional lighting around the perimeter of the building. 2. Digitally sign new releases of software. Categorically, what is the security consultant recommending? (Select the two best answers.) A) Encryption B) Availability C) Confidentiality D) Safety E) Fault tolerance F) Integrity
D) Safety F) Integrity
Which of the following OSI model layers is where SSL provides encryption? A) Network B) Transport C) Application D) Session
D) Session
Which of the following environmental controls is part of the TEMPEST standards? A) Biometrics B) HVAC C) Fire suppression D) Shielding
D) Shielding
What is it known as when an attacker provides falsified information? A) Aliasin B) Flooding C) Redirecting D) Spoofing
D) Spoofing
What is secret key encryption also called? A) One-way function B) Quantum encryption C) Asymmetrical encryption D) Symmetrical encryption
D) Symmetrical encryption
Which of the following log files identifies when a computer was last shut down? A) Directory Services B) Security C) Application D) System
D) System
Which of following log files would be the most useful in determining which internal user was the source of an attack that compromised another computer on the same network? A) The firewall logs B) Directory Services logs C) The attacking computer's audit logs D) The target computer's audit logs
D) The target computer's audit logs
What is the primary purpose of network address translation (NAT)? A) To hide the public network from internal hosts B) To convert IP addresses into domain names C) To cache web pages D) To hide internal hosts from the public network
D) To hide internal hosts from the public network
Which of the following technologies was originally designed to decrease broadcast traffic and reduce the likelihood of having information compromised by network sniffers? A) DMZ B) VPN C) RADIUS D) VLAN
D) VLAN
The IT director asks you to verify that the organization's virtualization technology is implemented securely. What should you do? A) Verify that virtual machines are multihomed B) Perform penetration testing on virtual machines C) Subnet the network so that each virtual machine is on a different network segment D) Verify that virtual machines have the latest updates and patches installed
D) Verify that virtual machines have the latest updates and patches installed
The IT director asks you to determine if weak passwords are used by any of the users on your network. You run a password-cracking program to determine this. What is this an example of? A) Baselining B) Fingerprinting C) Antivirus scanning D) Vulnerability assessment
D) Vulnerability assessment
What is the greatest benefit of using S/MIME? A) You can send e-mails with a return receipt. B) You can send anonymous e-mails. C) It expedites the delivery of your e-mails. D) You can encrypt and digitally sign e-mail messages.
D) You can encrypt and digitally sign e-mail messages.
Your organization hires temporary users to assist with end-of-year resources and calculations. All the temporary users need access to the same domain resources. These "temps" are hired for a specific period of time with a set completion date. Users log on to a Windows domain controlled by a Windows Server domain controller. Your job is to make sure that the accounts can be used only during the specific period of time for which the temps are hired. The solution you select should require minimal administrative effort and upkeep. Of the following, what is the best solution? A) Delete the temp user accounts at the end the work period B) Configure a domain password policy for the temp user accounts C) Configure a local password policy on the computers used by temp user accounts D) Configure password expiration dates for temp user accounts E) Configure expiration dates for the temp user accounts
E) Configure expiration dates for the temp user accounts
The helpdesk department for your organization reports that there are increased calls from clients reporting malware-infected computers. Which of the following steps of incident response is the most appropriate as a first response? A) Lessons learned B) Containment C) Recovery D) Eradication E) Identification
E) Identification
During a software development review, the cryptographic engineer advises the project manager that security can be improved by significantly slowing down the runtime of the hashing algorithm and increasing entropy by passing the input and salt back during each iteration. Which of the following best describes what the engineer is trying to achieve? A) PRNG B) Monoalphabetic cipher C) Diffusion D) Root of Trust E) Confusion F) Pass the hash G) Key stretching
G) Key stretching
You are the network security administrator for your organization. You recently audited a server and found that a user logged in to the server with a regular account, executed a program, and performed activities that should be available only to an administrator. What type of attack does this describe? a) Privilege escalation b) Backdoor c) trojan horse d) Brute force
a) Privilege escalation
Which of the following is embedded and contains a storage root key? a) TPM b) HSM c) EFS d) Bitlocker
a) TPM
One of your users complains that files are being randomly renamed and deleted. The last action the user took was to download and install a new screensaver on the computer. The user says that the file activity started immediately after installation of the screensaver. Which of following would be the best description for this screensaver? a) Trojan Horse b) logic bomb c) virus d) worm
a) Trojan horse
Which of the following will an Internet filtering appliance analyze? (Select the three best answers.) a) Content b) certificates c) certificate revocation lists d) URLs
a) content b) certificates d) URLs
To protect against malicious attacks, what should you think like? a) hacker b) network admin c) spoofer d) auditor
a) hacker
What is software that is designed to infiltrate a computer system without the user's knowledge or consent? a) malware b) privilege escalation c) whitelists d) HIDS
a) malware
E-mail servers can be maliciously exploited in many ways, for example, spoofing e-mail messages. Which of the following is a common component that attackers would use to spoof e-mails? a) Open relay b) web proxy c) session hijacking d) logic bomb
a) open relay
Your organization is attempting to reduce risk concerning the use of unapproved USB devices to copy files. What could you implement as a security control to help reduce risk? a) IDS b) DLP c) content filtering d) auditing
b) DLP
Which device is used to encrypt the authentication process? a) WPA b) HSM c) Enigma machine d) smart card
b) HSM
The IT director asks you to protect a server's data from unauthorized access and disclosure. What is this an example of? a) Integrity b) Confidentiality c) Availability d) non-repudiation
b) confidentiality
What are kernel-level rootkits designed to do to a computer? (choose all that apply) a) Make a computer susceptible to popups b) Extract confidential information c) hide evidence of an attacker's presence d) hide backdoors into the computer e) crack the user's password
b) extract confidential information c) hide evidence of an attacker's presence
In information security, what are the three main goals? (Select the three best answers.) A) Auditing B) Integrity C) Non-repudiation D) Confidentiality E) Risk Assessment F) Availability
b) integrity d) Confidentiality f) Availability
A virus is designed to format a hard drive on a specific day. What kind of threat is this? a) Botnet b) logic bomb c) spyware d) adware
b) logic bomb
Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? a) authenticity b) non-repudiation c) confidentiality d) integrity
b) non-repudiation
Which of the following individuals uses code with little knowledge of how it works? a) hacktivist b) script kiddie c) APT d) insider
b) script kiddie
Malware can use virtualization techniques. Why would this be difficult to detect? a) A portion of the malware might have already been removed by an IDS. b) The malware might be using a Trojan. c) The malware could be running at a more privileged level than the computer's antivirus software. d) The malware might be running in the command-line.
c) The malware could be running at a more privileged level than the computer's antivirus software
Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.) a) Accountability b) assessment c) Availability d) Auditing
c) availability
Which of the following is the greatest risk when it comes to removable storage? a) integrity of data b) availability of data c) confidentiality of data d) accountability of data
c) confidentiality of data
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? a) availability of virtual machines b) integrity of data c) data confidentiality d) hardware integrity
c) data confidentiality
Which of the following enables an attacker to hide the presence of malicious code by altering Registry entries? a) worm b) logic bomb c) Rootkit d) Trojan
c) rootkit
In the event that a mobile device is stolen, what two security controls can prevent data loss? (Select the two best answers.) a) GPS b) Asset tracking c) screen locks d) inventory control e) full device encryption
c) screen locks e) full device encryption
What can happen if access mechanisms to data on an encrypted USB hard drive are not implemented correctly? a) Data on the USB drive can be corrupted. b) Data on the hard drive can be vulnerable to log analysis. c) The security controls on the USB drive can be bypassed. d) User accounts can be locked out.
c) the security controls on the USB drive can be bypassed.
You are in charge of monitoring a workstation for application activity and/or modification. Which of the following types of systems should you use? a) RADIUS b) NIDS c) OVAL d) HIDS
d) HIDS
Which of the following is a type of malware that is difficult to reverse engineer? a) Logic bomb b) worm c) backdoor d) armored virus
d) armored virus
When it comes to information security, what is the I in CIA? a) Insurrection b) Information c) indigestion d) Integrity
d) integrity
Which of the following statements best defines a computer virus? a) it is a find mechanism, initiation mechanism, and can propagate b) it is a search mechanism, connection mechanism, and can integrate c) it is a learning mechanism, contamination mechanism, and can exploit d) it is a replication mechanism, activation mechanism, and has an objective
d) it is a replication mechanism, activation mechanism, and has an objective
When is a system completely secure? a) when it is updated b) when it is assessed for vulnerabilities c) when all anomalies have been removed d) never
d) never
What kind of attack enables an attacker to access administrator-level resources using a Windows service that uses the local system account? a) Trojan b) Spyware c) Spam d) Privilege escalation
d) privilege escalation
Which of the following threats has the highest probability of being increased by the availability of devices such as USB flash drives on your network? a) introduction of new data on the network b) increased loss of business data c) loss of wireless connections d) removal of PII data
d) removal of PII data
A hacker develops a piece of malicious code that is not designed to automatically spread from one system to another. Instead, it is designed to spread from one file to another file on the individual computer. What type of malware is this? a) worm b) trojan c) botnet d) virus
d) virus