MIS 170 All Multiple Choice
Which of the following concepts can ease administration but can be the victim of a malicious attack? A Zombies B Backdoors C Buffer overview D Group policy
B Backdoors
Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches? A. Kerberos B. RADIUS C. Captive portal D. TACACS+
D. TACACS+
Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what? Port security Content inspection Firewall rules Honeynet
Firewall rules
Where are software firewalls usually located? On routers On servers On clients On every computer
On clients
Which port number is used by SCP? A. 22 B. 23 C. 25 D. 443
22
For a remote tech to log in to a user's computer in another state, what inbound port be open on the user's computer? A. 21 B. 389 C. 3389 D. 8080
3389
Which port number does the Domain Name System use? A. 53 B. 80 C. 110 D. 88
53
How many of the TCP/IP ports can be attacked? A. 1,024 ports B. 65,535 C. 256 D. 16,777,216
65,535 The Internet Assigned Numbers Authority (IANA) list of ports starts at 0 and ends at 65,535.
What are two ways to secure Internet Explorer? (2 answers) A Set the internet zone security level to high B Disable the pop-up blocker C Disable activeX controls D Add malicious sites to the Trusted Sites zone
A Set the internet zone security level to high C Disable activeX controls
Which of the following might a public key be used to accomplish? A.To decrypt the hash of a digital signature B.To encrypt web browser traffic C.To digitally sign a message D.To decrypt wireless messages
A. To decrypt the hash of a digital signature
Why would a hacker use steganography? A.To hide information B.For data integrity C.To encrypt information D.For wireless access
A. To hide information
Which of the following is not a symmetric key algorithm? A.RC4 B.ECC C.3DES D.Rijndael
B .ECC
You are tasked with selecting an asymmetric encryption method that allows for the same level of encryption strength, but with a lesser key length than is typically necessary. Which encryption method fulfills your requirement? A. RSA B. ECC C. DHE D. Twofish
B. ECC
Which of the following should be considered to mitigate data theft when using Cat 6 wiring? A. Multimode fiber B. EMI shielding C. CCTV D. Passive scanning
B. EMI shielding
Your network uses the subnet mask 255.255.255.224. Which of the following IPv4 addresses are able to communicate with each other? (Select the two best answers.) A. 10.36.36.126 B. 10.36.36.158 C. 10.36.36.166 D. 10.36.36.184 E. 10.36.36.224
C. 10.36.36.166 D. 10.36.36.184
Which of the following is a private IPv4 address? A. 11.16.0.1 B. 127.0.0.1 C. 172.16.0.1 D. 208.0.0.1
C. 172.16.0.1
Which port number does the protocol LDAP use when it is secured? A.389 B.443 C.636 D.3389
C. 636
When it comes to information security, what is the I in CIA? A. Insurrection B. Information C. Indigestion D. Integrity
D.
What is the best way to utilize FTP sessions securely? A. FTPS B. FTP passive C. FTP active D. TFTP
FTPS
Which of the following is the most secure protocol for transferring files? A. FTP B. SSH C. FTPS D. Telnet
FTPS
Which device's log file will show access control lists and who was allowed access and who wasn't? Firewall Smartphone Performance Monitor IP proxy
Firewall
Which of the following attacks is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19? A. Teardrop B. IP spoofing C. Fraggle D. Replay
Fraggle
Which of the following is likely to be the last rule contained within the ACLs of a firewall? Time of day restrictions Explicit allow IP allow any Implicit deny
Implicit deny
Where is the optimal place to have a proxy server? In between two private networks In between a private network and a public network In between two public networks On all of the servers
In between a private network and a public network
If your ISP blocks objectionable material, what device would you guess has been implemented? Proxy server Firewall Internet content filter NIDS
Internet content filter
Which of the following enables a hacker to float a domain registration for a maximum of 5 days? A. Kiting B. DNS poisoning C. Domain hijacking D. Spoofing
Kiting
A DDoS attack can be best defined as what? A. Privilege escalation B. Multiple computers attacking a single server C. A computer placed between a sender and receiver to capture data D. Overhearing parts of a conversation
Multiple computers attacking a single server
John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required for SSL transactions? A. Port 80 inbound B. Port 80 outbound C. Port 443 inbound D. Port 443 outbound
Port 443 inbound For clients to connect to the server via SSL, the server must have inbound port 443 open.
Don must configure his firewall to support TACACS+. Which port(s) should he open on the firewall? A. Port 53 B. Port 49 C. Port 161 D. Port 22
Port 49
What is the best definition for ARP? A. Resolves IP addresses to DNS names B. Resolves IP addresses to hostnames C. Resolves IP addresses to MAC addresses D. Resolves IP addresses to DNS addresses
Resolves IP addresses to MAC addresses
Which of the following protocols allow for the secure transfer of files? (Select the 2 best answers) A. SNMP B. SFTP C. TFTP D. SCP E. ICMP
SFTP and SCP
You have 3 e-mail servers. What is it called when one server forwards e-mail to another? A. SMTP relay B. Buffer overflows C. POP3 D. Cookies
SMTP relay
Which of the following is the best option if you are trying to monitor network devices? A. SNMP B. Telnet C. FTPS D. IPsec
SNMP
What is a secure way to remotely administer Linux systems? A. SCP B. SSH C. SNMP D. SFTP
SSH
Making data appear as if it is coming from somewhere other than its original source is known as what? A. Hacking B. Phishing C. Cracking D. Spoofing
Spoofing
Which of the following is an example of a nonessential protocol? A. DNS B. ARP C. TCP D. TFTP
TFTP
What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented? A. Man-in-the-middle B. TCP/IP hijacking C. UDP attack D. ICMP flood
UDP attack
Which of the following devices would most likely have a DMZ interface? A. Switch B. VoIP phone C. Proxy server D. Firewall
D. Firewall
Which of the following ports is used by Kerberos by default? A. 21 B. 80 C. 88 D. 443
88
A customer's computer uses FAT16 as its file system. What file system can you upgrade it to when using the convertcommand? A. NTFS B. HPFS C. FAT32 D. NFS
A
The fundamental difference between symmetric key systems and asymmetric key systems is that the symmetric key system will: A.Use the same key on each end B.Use different keys on each end C.Use multiple keys for nonrepudiation purposes D.Use public key cryptography
A. Use the same key on each end
In Windows 7, Vista, and XP, what is the best file system to use? A. FAT B. NTFS C. DFS D. FAT32
B
Which of the following types of scanners can locate a rootkit on a computer? A. Image scanner B. Barcode scanner C. Malware scanner D. Adware scanner
C. Malware Scanner
Which of the following devices would detect but not react to suspicious behavior on the network? (Select the most accurate answer.) NIPS Firewall NIDS HIDS UTM
NIDS
Which of the following will detect malicious packets and discard them? Proxy server NIDS NIPS PAT
NIPS
You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in? Half-duplex mode Full-duplex mode Auto-configuration mode Promiscuous mode
Promiscuous mode
Which tool would you use if you want to view the contents of a packet? TDR Port scanner Protocol analyzer Loopback adapter
Protocol analyzer
Your boss has asked you to implement a solution that will monitor users and limit their access to external websites. Which of the following is the best solution? NIDS Proxy server Block all traffic on port 80 Honeypot
Proxy server
Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? (Select the three best answers.) AV software Proxy server Spam filter Load balancer Firewall URL filter NIDS
Proxy server, Firewall, URL filter
Which of the following misuses the Transmission Control Protocol handshake process? A. Man-in-the-middle attack B. SYN attack C. WPA attack D. Replay attack
SYN attack
If a person takes control of a session between a server and a client, it is known as what type of attack? A. DDoS B. Smurf C. Session hijacking D. Malicious software
Session Hijacking
A coworker has installed an SMTP server on the company firewall. What security principle does this violate? Chain of custody Use of a device as it was intended Man trap Use of multifunction network devices
Use of a device as it was intended
Which of the following firewall rules only denies DNS zone transfers? deny IP any any deny TCP any any port 53 deny UDP any any port 53 deny all dns packets
deny TCP port any any port 53
Eric wants to install an isolated operating system. What is the best tool to use? A. Virtualization B. UAC C. HIDS D. NIDS
A
To protect against malicious attacks, what should you think like? A. Hacker B. Network admin C. Spoofer D. Auditor
A
Which of the following is a security reason to implement virtualization in your network? A. To isolate network services and roles B. To analyze network traffic C. To add network services at lower costs D. To centralize patch management
A
Which of the following should Carl, a security administrator, include when encrypting a smartphone? (Select the two best answers.) A. Public keys B. Internal memory C. Master boot record (MBR) D. Steganographic images E. Removable memory cards
A
Imagine that you are a hacker. Which would be most desirable when attempt-ing to compromise encrypted data? A.A weak key B.The algorithm used by the encryption protocol C.Captured traffic D.A block cipher
A A weak key
When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization? A.AES B.3DES C.SHA-1 D.MD5
A AES
Which of the following will allow the triggering of security alert because of a tracking cookie? A Anti-spyware application B Anti-spam software C Network-based firewall D Host-based firewall
A Anti-spyware application
Before gaining access to the datacenter, you must swipe your finger on a de-vice. What type of authentication is this? A.Biometrics B.Single sign-on C.Multifactor D.Tokens
A Biometrics
Heaps and stacks can be affected by which of the following attacks? A Buffer overflows B Rootkits C SQL infection D Cross-site scripting
A Buffer overflows
Which of the following is the weakest encryption type? A.DES B.RSA C.AES D.SHA
A DES
Which of the following results occurs when a biometric system identifies a le-gitimate user as unauthorized? A.False rejection B.False positive C.False acceptance D.False exception
A False rejection
What types of technologies are used by external motion detectors? (Select the two best answers.) A.Infrared B.RFID C.Gamma rays D.Ultrasonic
A Infrared D Ultrasonic
Your boss wants you to set up an authentication scheme in which employ-ees will use smart cards to log in to the company network. What kind of key should be used to accomplish this? A.Private key B.Public key C.Cipher key D.Shared key
A Private key
Of the following, what two authentication mechanisms require something you physically possess? (Select the two best answers.) A.Smart card B.Certificate C.USB flash drive D.Username and password
A Smart card C USB flash drive
Give two examples of hardware devices that can store keys. (Select the two best answers.) A.Smart card B.Network adapter C.PCI Express card D.PCMCIA card
A Smart card D.PCMCIA card
Which type of encryption technology is used with the BitLocker application? A.Symmetric B.Asymmetric C.Hashing D.WPA2
A Symmetric
You need to encrypt and send a large amount of data, which of the following would be the best option? A.Symmetric encryption B.Hashing algorithm C.Asymmetric encryption D.PKI
A Symmetric encryption
What does steganography replace in graphic files? A.The least significant bit of each byte B.The most significant bit of each byte C.The least significant byte of each bit D.The most significant byte of each bit
A The least significant bit of each byte
Why would a hacker use steganography? A.To hide information B.For data integrity C.To encrypt information D.For wireless access
A To hide information
Which of the following are good practices for tracking user identities? (Select the two best answers.) A.Video cameras B.Key card door access systems C.Sign-in sheets D.Security guards
A Video cameras B Key card door access systems
Which of the following should be implemented to harden an operating sys-tem? (Select the two best answers.) A. Install the latest service pack. B. Install Windows Defender. C. Install a virtual operating system. D. Execute PHP scripts.
A and B
From the list of ports select two that used for e-mail (Select the two best answers.) A. 110 B. 3389 C. 143 D. 389
A and C
Which of the following best describes an IPS? A system that identifies attacks A system that stops attacks in progress A system that is designed to attract and trap attackers A system that logs attacks for later analysis
A system that stops attacks in progress
You finished installing the operating system for a home user. What are three good methods to implement to secure that operating system? (Select the three best answers.) A. Install the latest service pack. B. Install a hardware- or software-based firewall. C. Install the latest patches. D. Install pcAnywhere.
A,B, and C
Which TCP port does LDAP use? A. 389 B. 80 C. 443 D. 143
A. 389
Which of the following best describes the proper method and reason to imple-ment port security? A.Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network. B.Apply a security control that ties specific ports to end-device IP addresses, and prevents additional devices from being connected to the network. C.Apply a security control that ties specific ports to end-device MAC addresses, and prevents all devices from being connected to the network. D.Apply a security control that ties specific ports to end-device IP addresses, and prevents all devices from being connected to the network.
A. Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network.
What type of attack sends two different messages using the same hash func-tion, which end up causing a collision? A.Birthday attack B.Bluesnarfing C.Man-in-the-middle attack D.Logic bomb
A. Birthday attack
Of the following, what is the most common problem associated with UTP cable? A. Crosstalk B. Data emanation C. Chromatic dispersion D. Vampire Tapping
A. Crosstalk
Which of the following should be placed between the LAN and the Internet? A. DMZ B. HIDS C. Domain controller D. Extrane
A. DMZ
Which of the following would you set up in a multifunction SOHO router? A. DMZ B. DOS C. OSI D. ARP
A. DMZ
What is the most commonly seen security risk of using coaxial cable? A. Data that emanates from the core of the cable. B. Cross talk between the different wires C.chromatic dipersion D. time domain reflection
A. Data that emanates from the core of the cable.
You receive complaints about network connectivity being disrupted. You suspect that a user connected both ends of a network cable to two different ports on a switch. What can be done to prevent this? A. Loop protection B. DMZ C. VLAN segregation D. Port forwarding
A. Loop protection
Which of the following can be described as the act of exploiting a bug or flaw in software to gain access to resources that normally would be protected? A. Privilege escalation B. Chain of custody C. Default account D. Backdoor
A. Privilege escalation
Which of the following is not a valid cryptographic hash function? A. RC4 B. SHA-512 C. MD5 D. RIPEMD
A. RC4
Which of the following is an unauthorized wireless router that allows access to a secure network? A. Rogue access point B. Evil twin C. War-driving D. AP isolation
A. Rogue access point
A wireless network switch has connectivity issues but only when the air conditioning system is running. What can be added to fix the problem? A. Shielding B. A wireless network C. a key deflector D. Redundent air conditioning systems
A. Shielding
Last week, one of the users in your organization encrypted a file with a private key. This week the user left the organization, and unfortunately the systems administrator deleted the user's account. What are the most probable out-comes of this situation? (Select the two best answers.) A.The data is not recoverable. B.The former user's account can be re-created to access the file. C.The file can be decrypted with a PKI. D.The data can be decrypted using the recovery agent. E.The data can be decrypted using the root user account.
A. The data is not recoverable. D. The data can be decrypted using the recovery agent.
Analyze the following network traffic logs depicting communications between Computer1 and Computer2 on opposite sides of a router. The information was captured by the computer with the IPv4 address 10.254.254.10. Computer1 Computer2 [192.168.1.105]------[INSIDE 192.168.1.1 router OUTSIDE 10.254.254.1] -----[10.254.254.10] LOGS 7:58:36 SRC 10.254.254.1:3030, DST 10.254.254.10:80, SYN 7:58:38 SRC 10.254.254.10:80, DST 10.254.254.1:3030, SYN/ACK 7:58:40 SRC 10.254.254.1:3030, DST 10.254.254.10:80, ACK Given the information, which of the following can you infer about the network communications? A. The router implements NAT. B. The router filters port 80 traffic. C. 192.168.1.105 is a web server. D. The web server listens on a nonstandard port.
A. The router implements NAT.
You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate with each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What is the best method to accomplish this? A. Use a virtual switch. B. Remove the virtual network from the routing table. C. Use a standalone switch. D. Create a VLAN without any default gateway
A. Use a virtual switch.
You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. Which of the following network design elements would most likely be used? A. VLAN B. DMZ C. NAT D. Routing
A. VLAN
Which of the following is the least secure type of wireless encryption? A. WEP 64-bit B. WEP 128-bit C. WPA with TKIP D. WPA2 with AES
A. WEP 64-bit
Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.) A. Worms self-replicate but Trojan horses do not. B. The two are the same. C. Worms are sent via e-mail; Trojan horses are not. D. Trojan horses are malicious attacks; worms are not.
A. Worms self-replicate but Trojan horse do not.
A hash algorithm has the capability to avoid the same output from two guessed inputs. What is this known as? A.Collision resistance B.Collision strength C.Collision cipher D.Collision metric
A.Collision resistance
Kerberos uses which of the following? (Select the two best answers.) A.Ticket distribution service B.The Faraday cage C.Port 389 D.Authentication service
A.Ticket distribution service D. Authentication service
One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next? ACLs NIDS AV definitions FTP permissions
ACLs
In Windows, which of the following commands will not show the version number? A. Systeminfo B. Wf.msc C. Winver D. Msinfo32.exe
B
To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented? A. Data connection capabilities should be disabled. B. A password should be set on the smartphone. C. Smartphone data should be encrypted. D. Smartphone should be only for company use.
B
Which of the following is a concern based on a user taking pictures with a smartphone? A. Application whitelisting B. Geotagging C. BYOD D. MDM
B
Which of the following is one way of preventing spyware from being downloaded? A Use firewall exceptions B Adjust internet explorer security settings C Adjust the internet explorer home page D Remove the spyware from Add/Remove programs
B Adjust internet explorer security settings
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to source code. What type of test are you running? A White box B Gray box C Black box D SDLC
B Gray box
What is the most secure method of authentication and authorization in its de-fault form? A.TACACS B.Kerberos C.RADIUS D.LDAP
B Kerberos
You are in charge of training a group of technicians on the authentication method their organization uses. The organization currently runs an Active Directory infrastructure. Which if the following best correlated to the host authentication protocol used withing that organizations IT environment/ A. TACACS+ B. Kerberos C. LDAP D. 802.1X
B Kerberos
Which of the following encryption algorithms is used to encrypt and decrypt data? A.SHA-1 B.RC5 C.MD5 D.NTLM
B RC5
Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers? A.SHA-1 B.RSA C.WPA D.Symmetric
B RSA
A network stream of data needs to be encrypted. Jason, a security administrator, selects a cipher that will encrypt 128 bits at a time before sending the data across the network. Which of the following has jason chosen? A. Stream cipher B. Block cipher C. Hashing algorithm D. RC4
B. Block cipher
Which of the following is the unauthorized access of information from a Bluetooth device? A. Bluejacking B. Bluesnarfing C. Deep Blue D. The blues brothers
B. Bluesnarfing
When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this? A. DoS B. DNS poisoning C. Modified hosts file D. Domain name kiting
B. DNS Poisoning C. Modified hosts file
Which of the following cables suffers from chromatic dispersion if the cable is too long? A.Twiste-pair cable B. Fiber-optic cable C.Coaxial cable D. USB cable
B. Fiber-optic cable
Your boss (the IT director) wants to move several internally developed software applications to an alternate environment, supported by a third-party, in an effort to reduce the footprint of the server room. Which of the following is the IT director proposing? A. PaaS B. IaaS C. SaaS D. Community cloud
B. IaaS
Your organization uses VoIP. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic? A. NAT B. QoS C. NAC D. Subnetting
B. QoS
Which of the following, when removed, can increase the security of a wireless access point? A. MAC filtering B. SSID C. WPA D. Firewall
B. SSID
What does isolation mode on an AP provide? A. Hides the SSID B. Segments each wireless user from every other wireless user C. Stops users from communicating with the AP D.Stops users from connecting to the Internet
B. Segments each wireless user from every other wireless user
Which of the following is the most secure type of cabling? A. Unsheilded twisted pair B. Shielded twisted pair C. Coaxial D. Category 5
B. Shielded twisted-pair
Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat? A. Spyware B. Spam C. Viruses D. Botnets
B. Spam
How do most network-based viruses spread? A. By optical disc B. Through e-mail C. By USB flash drive D. By floppy disk
B. Through e-mail
In a wireless network, why is an SSIS used? A. To secure the wireless access point B.To identify the network C.To encrypt data D. to enforce MAC filtering
B. To identify the network
An administrator wants to reduce the size of the attack surface of Windows server 2008. Which of the following is the best answer to accomplish this? A. Update antivirus software. B. Install service packs. C. Disable unnecessary services. D. Install network intrusion detection systems.
C
Which of the following should you implement to fix a single security issue on the computer? A. Service pack B. Support website C. Patch D. Baseline
C
You are developing a security plan for your organization. Which of the following is an example of a physical control? A. Password B. DRP C. ID card D. Encryption
C
You are in charge of compliance with financial regulations for credit card transactions. You need to block out certain ports on the individual computers that do these transactions. What should you implement to best achieve your goal? A. HIPS B. Antivirus updates C. Host-based firewall D. NIDS
C
An SHA algorithm will have how many bits? A.64 B.128 C.512 D.1,024
C 512
Your data center has highly critical information. Because of this you want to improve upon physical security. The data center already has a video surveil-lance system. What else can you add to increase physical security? (Select the two best answers.) A.A software-based token system B.Access control lists C.A mantrap D.Biometrics
C A mantrap D Biometrics
You are attempting to move data to a USB flash drive. Which of the following enables a rapid and secure connection? A.SHA-1 B.3DES C.AES256 D.MD5
C AES256
Which of the following is the verification of a person's identity? A.Authorization B.Accountability C.Authentication D.Password
C Authentication
Which of the following is the final step a user needs to take before that user can access domain resources? A.Verification B.Validation C.Authorization D.Authentication
C Authorization
You check the application log of your web server and see that someone attempted unsuccessfully to enter the text test: etc/passwd into an HTML format field. Which attack was attempted? A SQL injection B Code injection C Command injection D Buffer overflow
C Command injection
Which of the following is the proper order of functions for asymmetric keys? A.Decrypt, validate, and code and verify B.Sign, encrypt, decrypt, and verify C.Encrypt, sign, decrypt, and verify D.Decrypt, decipher, and code and encrypt
C Encrypt, sign, decrypt, and verify
Which of the following would fall into the category of "something a person is"? A.Passwords B.Passphrases C.Fingerprints D.Smart cards
C Fingerprints
How can you train a user to easily determine whether a web page has a valid security certificate? A Have the user contact the webmaster B Have the user check for HTTPS:// C Have the user click the padlock in the browser and verify the certificate D Have the user call the ISP
C Have the user click the padlock in the browser and verify the certificate
To code applications in a secure manner, what is the best practice to use? A Cross-site scripting B Flash version 3 C Input validation D HTML version 5
C Input validation
What are two examples of common single sign-on authentication configura-tions? (Select the two best answers.) A.Biometrics-based B.Multifactor authentication C.Kerberos-based D.Smart card-based
C Kerberos-based D .Smart card-based
You scan a computer for weak passwords and discover that you can figure out the password by cracking the first seven characters and then cracking the second part of the password separately. What type of hash is being used on the computer? A.MD5 B.SHA-1 C.LANMAN D.NTLMv2
C LANMAN
Which of the following is an authentication system that uses the UDP as the transport mechanism? A. LDAP B. Kerberos C. RADIUS D. TACACS+
C RADIUS
The IT director has asked you to set up an authentication model in which users can enter their credentials one time, yet still access multiple server re-sources. What type of authentication model should you implement? A.Smart card and biometrics B.Three factor authentication C.SSO D.VPN
C SSO
What is it known as when a web script runs in its own environment and does not interfere with other processes? A Quarantine B Honeynet C Sandbox D VPN
C Sandbox
Which of the following should occur first when developing software? A Fuzzing B Penetration testing C Secure code review D Patch management
C Secure code review
Which two options can prevent unauthorized employees from entering a server room? (Select the two best answers.) A.Bollards B.CCTV C.Security guard D.802.1X E.Proximity reader
C Security guard E Proximity reader
What is another term for secret key encryption? A. PKI B. Asymmetrical C. Symmetrical D. Public key
C Symmetrical
When attempting to grant access to remote users, which protocol uses sepa-rate, multiple-challenge responses for each of the authentication, authoriza-tion, and audit processes? A.RADIUS B.TACACS C.TACACS+ D.LDAP
C TACACS+
Which of the following does the A in CIA stand for when it comes to IT secu-rity? Select the best answer. A. Accountability B. Assessment C. Availability D. Auditing
C.
Of the following, which is not a logical method of access control? A.Username/password B.Access control lists C.Biometrics D.Software-based policy
C. Biometrics
Which of the following might be included in Microsoft Security Bulletins? A. PHP B. CGI C. CVE D. TLS
C. CVE
A security analyst wants to ensure that all external traffic is able to access an organization's front-end servers but also wants to protect access to internal resources. Which network design element is the best option for the security analyst? A. VLAN B. Virtualization C. DMZ D. Cloud computing
C. DMZ
You scan your network and find a rogue access point with the same SSID used by your network. What type of attack is occurring? A. War-driving B. Bluesnarfing C. Evil twin D. IV Attack
C. Evil twin
What type of cabling is the most secure for networks? A STP. B. UTP C. Fiber Optic D. Coaxial
C. Fiber-optic
Which of the following cable media is the least susceptible to a tap? A. Coaxial cable B. Twiste-pair cable C. Fiber-optic cable D. CATV cable
C. Fiber-optic cable
You ping a hostname on the network and receive a response including the address 2001:4560:0:2001::6A. What type of address is listed within the response? A. MAC address B. Loopback address C. IPv6 address D. IPv4 address
C. IPv6 address
Two items are needed before a user can be given access to the network. What are these two items? (Select the two best answers.) A.Authentication and authorization B.Authorization and identification C.Identification and authentication D.Password and authentication
C. Identification and authentication
What does a virtual private network use to connect one remote host to an-other? (Select the best answer.) A.Modem B.Network adapter C.Internet D.Cell phone
C. Internet
Which of the following authentication systems make use of a Key Distribution Center? A.Security tokens B.CHAP C.Kerberos D.Certificates
C. Kerberos
Which of the following about authentication is false? A.RADIUS is a client/server system that provides authentication, authori-zation, and accounting services. B.PAP is insecure because usernames and passwords are sent as clear text. C.MS-CHAPv1 is capable of mutual authentication of the client and server. D.CHAP is more secure than PAP because it encrypts usernames and pass-words.
C. MS-CHAPv1 is capable of mutual authentication of the client and server.
Which of the following cloud computing services offers easy to configure operating systems? A. SaaS B. IaaS C. PaaS D. VM
C. PaaS
You are tasked with ensuring that messages being sent and received between two systems are both encrypted and authenticated. Which of the following protocols accomplishes this? A.Diffie-Hellman B.WDE C.RSA D.SHA-1
C. RSA
Which of the following is an example of two factor authentication? A.L2TP and IPSec B.Username and password C.Thumb print and key card D.Client and server
C. Thumb print and key card
What is the main purpose of a physical access log? A.To enable authorized employee access B.To show who exited the facility C.To show who entered the facility D.To prevent unauthorized employee access
C. To show who entered the facility
Which of the following is the most secure protocol to use when accessing a wireless network? A. WEP B. WPA. C. WPA2 D. TKIP
C. WPA2
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.) A. Virus B. Worm C. Zombie D. Malware
C. Zombie
To gain access to your network, users must provide a thumbprint and a user-name and password. What type of authentication model is this? A.Biometrics B.Domain logon C.Multifactor D.Single sign-on
C.Multifactor
Which one of the following can monitor and protect a DNS server? A. Ping the DNS server. B. Block port 53 on the firewall. C. Purge PTR records daily. D. Check DNS records regularly.
Checking DNS records regularly
Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer? Router Firewall Content filter NIDS
Content filter
What is a device doing when it actively monitors data streams for malicious code? Content inspection URL filtering Load balancing NAT
Content inspection
Which of the following will an Internet filtering appliance analyze? (Select the three best answers.) Content Certificates Certificate revocation lists URLs
Content, Certificates, URLs
When is a system completely secure? A. When it is updated B. When it is assessed for vulnerabilities C. When all anomalies have been removed D. Never
D
Of the following, which statement correctly describes the difference between a secure cipher and a secure hash? A.A hash produces a variable output for any input size; a cipher does not. B.A cipher produces the same size output for any input size; a hash does not. C.A hash can be reversed; a cipher cannot. D.A cipher can be reversed; a hash cannot.
D A cipher can be reversed; a hash cannot.
What does it mean if a hashing algorithm creates the same hash for two differ-ent downloads? A.A hash is not encrypted. B.A hashing chain has occurred. C.A one-way hash has occurred. D.A collision has occurred.
D A collision has occurred.
What key combination should be used to close a pop-up window? A Windows + R B Ctrl+shift+esc C Crl+alt+del D Alt+f4
D Alt+f4
Many third-party programs have security settings disabled by default. What should you as the security administrator do before deploying new software? A Network penetration testing B Input validation C Application whitelisting D Application hardening
D Application hardening
An attacker takes advantage of vulnerability in programming that allows that attacker to copy more than 16 bytes to a standard 16 byte variable. Which attack is being initiated? A Directory traversal B Command injection C XSS D Buffer overflow
D Buffer overflow
You have analyzed what you expect to be malicious code. The results show that JavaScript is being utilized to send random data to a separate service on the same computer. What attack has occured? A DoS B SQL injection C LDAP injection D Buffer overflow
D Buffer overflow
Which authentication method completes the following in order: Logon re-quest, encrypts value response, server, challenge, compare encrypts results, and authorize or fail referred to? A.Security tokens B.Certificates C.Kerberos D.CHAP
D CHAP
Which of the following methods will best verify that a download from the In-ternet has not been modified since the manufacturer released it? A.Compare the final LANMAN hash with the original. B.Download the patch file over an AES encrypted VPN connection. C.Download the patch file through an SSL connection. D.Compare the final MD5 hash with the original.
D Compare the final MD5 hash with the original.
Your organization's servers and applications are being audited. One of the IT auditors tests an application as an authenticated user. Which of the following testing methods is being used? A White-box B Penetration testing C Black-box D Gray-box
D Gray-box
Which of the following will provide an integrity check? A.Public key B.Private key C.WEP D.Hash
D Hash
Which of the following concepts does the Diffie-Hellman algorithm rely on? A.Usernames and passwords B.VPN tunneling C.Biometrics D.Key exchange
D Key exchange
The IT director wants you to use a cryptographic algorithm that cannot be decoded by being reversed. Which of the following would be the best option? A.Asymmetric B.Symmetric C.PKI D.One way function
D One way function
You are tasked with setting up a wireless network that uses 802.1X for authen- tication. You set up the wireless network using WPA2 and CCMP; however, you don't want to use a PSK for authentication. Which of the following op-tions would support 802.1X authentication? A.Kerberos B.CAC card C.Preshared key D.RADIUS
D RADIUS
Your organization provides to its employees badges that are encoded with a private encryption key and specific personal information. The encoding is used to provide access to the organizations network. What type of authentication method is used. A. Token B. Biometrics C. Kerberos D. Smart Card
D Smart Card
Which of the following is used by PGP to encrypt data. A.Asymmetric key distribution system B.Asymmetric scheme C.Symmetric key distribution system D.Symmetric scheme
D Symmetric scheme
Which of the following permits or denies access to resources through the use of ports? A. Hub B. 802.11n C. 802.11x D. 802.1X
D. 802.1X
Which of the following would most likely be considered for DLP? A. Proxy server B. Print server C. USB mass storage device D. Application server content
D. Application server content
What two security precautions can best help to protect against wireless network attacks? A. Authentication and WEP B. Access control lists and WEP C. Identification and WPA2 D. Authentication, and WPA
D. Authentication, and WPA
In your organization's network you have VoIP phones and PCs connected to the same switch. Which of the following is the best way to logically separate these device types while still allowing traffic between them via an ACL? A. Install a firewall and connect it to the switch. B. Create and define two subnets, configure each device to use a dedicated IP address, and then connect the whole network to a router. C. Install a firewall and connect it to a dedicated switch for each type of device. D. Create two VLANs on the switch connected to a router.
D. Create two VLANs on the switch connected to a router
Your boss asks you to limit the wireless signal of WAP from going outside the building. What should you do? A. Put the antenna on the exterior of the building B. Disable the SSID C. Enable MAC filtering D. Decrease the power levels of the WAP.
D. Decrease the power levels of the WAP.
You see a network address in the command-line that is composed of a long string of letters and numbers. What protocol is being used? A. IPv4 B. ICMP C. IPv3 D. IPv6
D. IPv6
What should you configure to improve wireless security? A.Enable the SSID B. IP Spoofing C.Remove repeaters D. MAC filtering
D. MAC filtering
WEP improperly uses an encryption protocol and because of this is considered to be insecure. What encryption protocol does it use? A.AES B.RSA C.RC6 D.RC4
D. RC4
Which of the following is not a common criteria when authenticating users? A.Something you do B.Something you are C.Something you know D.Something you like
D. Something you like
In a secure environment, which authentication mechanism performs better? A.RADIUS because it is a remote access authentication service. B.RADIUS because it encrypts client/server passwords. C.TACACS because it is a remote access authentication service. D.TACACS because it encrypts client/server negotiation dialogues.
D. TACACS because it encrypts client/server negotiation dialogues.
Of the following, which best describes the difference between RADIUS and TACACS? A.RADIUS is a remote access authentication service. B.RADIUS separates authentication, authorization, and auditing capabili-ties. C.TACACS is a remote access authentication service. D.TACACS separates authentication, authorization, and auditing capabili-ties.
D. TACACS separates authentication, authorization, and auditing capabili-ties.
A person attempts to access a server during a zone transfer to get access to a zone file. What type of server are they trying to manipulate? A. Proxy server B. DNS server C. File server D. Web server
DNS Server Only types of servers listed that do zone transfers. The purpose of accessing the zone file is to find out what hosts are on the network.
A coworker goes to a website but notices that the browser brings her to a different website and that the URL has changed. What type of attack is this? A. DNS poisoning B. Denial of service C. Buffer overflow D. ARP poisoning
DNS poisoning
Your web server that conducts online transactions crashed, so you examine the HTTP logs and see that a search string was executed by a single user masquerading as a customer. The crash happened immediately afterward. What type of network attack occurred? A. DDoS B. DoS C. MAC spoofing D. MITM
DoS attack probably occurred. The attacker most likely used code to cause an infinite loop or repeating search, which caused the server to crash. I couldn't have been a DDoS because only attacker was involved. MAC spoofing is when an attacker disguises the MAC address of their network adapter with another number
Which of the following devices should you employ to protect your network? (Select the best answer) Protocol analyzer Firewall DMZ Proxy server
Firewall
James has detected an intrusion in his company network. What should he check first? DNS logs Firewall logs The Event Viewer Performance logs
Firewall logs
Of the following, which is a collection of servers that was set up to attract attackers? DMZ Honeypot Honeynet VLAN
Honeynet
You have implemented a technology that enables you to review logs from computers located on the Internet. The information gathered is used to find out about new malware attacks. What have you implemented? Honeynet Protocol analyzer Firewall Proxy
Honeynet
Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses? HTTP proxy Protocol analyzer IP proxy SMTP proxy PAC
IP proxy
The honeypot concept is enticing to administrators because... It enables them to observe attacks It traps an attacker in a network It bounces attacks back at the attacker It traps a person physically between two locked doors
It enables them to observe attacks
A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer? A. IP address B. MAC address C. Computer name D. NetBIOS name
MAC address
A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do? A. Remote wipe B. GPS tracking C. Implement encryption D. Turn on screen locks
A
During an Audit of your servers, you have noticed the most servers have large amounts of free disk space and have low memory utilization. Which of the following statements will be correct if you migrate some of the servers to a virtual environment? A. You might end up spending more on licensing, but less on hardware and equipment. B. You will need to deploy load balancing and clustering. C. Your base lining tasks will become simpler. D. Servers will encounter latency and lowered throughput issues.
A
One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive-by download of unwanted software occurred. What does the download most likely contain? A. Spyware B. DDoS C. Smurf D. Backdoor E. Logic bomb
A
Tim believes that his computer has a worm. What is the best tool to use to remove that worm? A. Antivirus software B. Anti-spyware software C. HIDS D. NIDS
A
Which of these is true for active interception? A. When a computer is put between a sender and receiver B. When a person overhears a conversation C. When a person looks through files D. When a person hardens an operating system
A
Which option enables you to hide ntldr? A. Enable Hide Protected Operating System Files B. Disable Show Hidden Files and Folders C. Disable Hide Protected operating system Files D. Remove the -R Attribute
A
You are attempting to establish a host based security for your organizations workstations. Which of the following is the best way to do this? A. Implement OS hardening by applying GPOs B. Implement database hardening by applying vendor guidlines C. Implement web server hardening by restricting server accounts D. Implement Firewall rules to restrict access.
A
You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution? A. Device encryption B. Remote wipe C. Screen locks D. AV software
A
A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device? (Select the two best answers.) A. Remote wipe B. E-mail password C. GPS D. Tethering E. Encryption F. Screen lock
A F
What's the best way to prevent SQL injection attacks on web application? A Input validation B Host-based firewall C Add HTTPS pages D Update the web server
A Input validation
In an attempt to collect information about a user's activities, which of the following will be used by spyware? A Tracking cookie B Session cookie C Shopping cart D Persistent cookie
A Tracking cookie
Which of the following best describes a protective countermeasure for SQL injection? A Validating user input within web based applications B Installing an IDS to monitor the network C Eliminating XSS vulnerabilities D Implementing a firewall server between the Internet and the database server
A Validating user input within web based applications
Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.) A. Technical support resources are consumed by increased user calls. B. Users are at risk for identity theft. C. Users are tricked into changing the system configuration. D. The e-mail server capacity is consumed by message traffic.
A and C
What are two ways to secure the computer within the BIOS? (Select the two best answers.) A. Configure a supervisor password. B. Turn on BIOS shadowing. C. Flash the BIOS. D. Set the hard drive first in the boot order.
A and D Configuring a supervisor password in the BIOS disallows any other user to enter the BIOS and make changes. Setting the hard drive first in the BIOS boot order disables any other devices from being booted off, including floppy drives, optical drives, and USB flash drives. BIOS shadowing doesn't have anything to do with computer security, and although flashing the BIOS may include some security updates, it's not the best answer.
What are some of the drawbacks to using a HIDS instead of a NIDS on a server? (Select the two best answers.) A. A HIDS may use a lot of resources, which can slow server performance. B. A HIDS cannot detect operating system attacks. C. A HIDS has a low level of detection of operating system attacks. D. A HIDS cannot detect network attacks.
A and D. Host-based intrusion detection systems (HIDS) run within the OS of a computer. Because of this, they can slow a computer's performance. HIDS DO NOT detect network attacks well (if at all).
Which of the following are Bluetooth threats? (Select the two best answers.) A. Bluesnarfing B. Blue bearding C. Bluejacking D. Distributed denial-of-service
A. C.
A group of compromised computers that have software installed by a worm or Trojan is known as which of the following? A. Botnet B. Virus C. Honeypot D. Zombie
A. Botnet
Which of the following is the best mode to use when scanning for viruses? A. Safe Mode B. Last Known Good Configuration C. Command Prompt only D. Boot into Windows normally
A. Safe Mode should be used (if your AV software supports it) when scanning for viruses.
Which of the following statements best describes a static NAT? A. Static NAT uses a one-to-one mapping. B. Static NAT uses a many-to-many mapping. C. Static NAT uses a one-to-many mapping. D. Static NAT uses a many-to-one mapping.
A. Static NAT uses a one-to-one mapping.
You want to reduce network traffic on a particular network segment to limit the amount of user visibility. Which of the following is the best device to use in this scenario? A. Switch B. Hub C. Router D. Firewall
A. Switch
Which type of malware does not require a user to execute a program to distribute the software? A. Worm B. Virus C. Trojan horse D. Stealth
A. Worm
Tom sends out many e-mails containing secure information to other com-panies. What concept should be implemented to prove that Tom did indeed send the e-mails? A. Authenticity B. Non-repudiation C. Confidentiality D. Integrity
B
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this? A. Anomaly-based IDS B. Signature-based IDS C. Behavior-based IDS D. Heuristic-based IDS
B
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet? A Instant messaging B Cookies C Group policies D Temporary files
B Cookies
Which of the following attacks uses a JavaScript image tag in an email? A SQL injection B Cross-site scripting C Cross-site request forgery D Directory traversal
B Cross-site scripting
You have implemented a security technique where an automated system generates random input data to test an application. What have you put into practice? A XSRF B Fuzzing C Hardening D Input validation
B Fuzzing
You are the security administrator for multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? A Install antivirus software B Install pop-up blockers C Install screensavers D Install a host-based firewall
B Install pop-up blockers
Which protocol can be used to secure the email login from an Outlook client using POP2 and SMTP? A SMTP B SPA C SAP D Exchange
B SPA
You have been tasked with protecting an operating system from malicious software. What should you do? (Select the two best answers.) A. Disable the DLP. B. Update the HIPS signatures. C. Install a perimeter firewall. D. Disable unused services. E. Update the NIDS signatures.
B and D
In information security, what are the three main goals? (Select the three best answers.) A. Auditing B. Integrity C. Nonrepudiation D. Confidentiality E. Risk Assessment F. Availability
B, D, F
You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement? A. HSM B. TPM C. HIDS D. USB encryption
B. A TPM, or trusted platform module, is a chip that resides on the motherboard of the laptop. It generates cryptographic keys that allow the entire disk to be encrypted, as in full disk encryption (FDE). Hardware security modules (HSMs) and USB encryption require additional hardware. A host-based intrusion detection system requires either additional software or hardware.
Which of these hides an entire network of IP addresses? A. SPI B. NAT C. SSH D. FTP
B. NAT
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? A. Virus B. Worm C. Zombie D. PHP script
B. Worm
What are the two ways in which you can stop employees from using USB flash drives? (Select the two best answers.) A. Utilize RBAC. B. Disable USB devices in the BIOS. C. Disable the USB root hub. D. Enable MAC filtering.
B. and C. By disabling all USB devices in the BIOS, a user cannot use his flash drive. Also, the user cannot use the device if you disable the USB root hub within the operating system. RBAC, which stands for role-based access control, defines access to networks by the person's role in the organization (we will cover this more later in the book). MAC filtering is a method of filtering out computers when they attempt to access the network (using the MAC addresses of those computers).
A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened? A. The computer is infected with spyware. B. The computer is infected with a virus. C. The computer is now part of a botnet. D. The computer is now infected with a rootkit.
C
Virtualization technology is often implemented as operating systems and ap-plications that run in software. Often, it is implemented as a virtual machine. Of the following, which can be a security benefit when using virtualization? A. Patching a computer will patch all virtual machines running on the com-puter. B. If one virtual machine is compromised, none of the other virtual ma-chines can be compromised. C. If a virtual machine is compromised, the adverse effects can be compart-mentalized. D. Virtual machines cannot be affected by hacking techniques.
C
Where would you turn off file sharing in Windows Vista? A. Control Panel B. Local Area Connection C. Network and Sharing Center D. Firewall properties
C
Which of the following is one example of verifying new software changes on a test system? A. Application hardening B. Virtualization C. Patch management D. HIDS
C
Which of the following is the greatest risk when it comes to removable storage? A. Integrity of data B. Availability of data C. Confidentiality of data D. Accountability of data
C
Which statement best applies to the term Java applet? A It decrease the usability of web-enabled systems B It is a programming language C A web browser must have the capability to run Java applets D It uses digital signatures for authentication
C A web browser must have the capability to run Java applets
Which of the following encompasses application patch management? A Policy management B Fuzzing C Configuration management D Virtualization
C Configuration management
Which of the following does not need updating? A. HIDS B. Antivirus software C. Pop-up blockers D. Anti-spyware
C. Pop-up blockers do not require updating to be accurate. However, hostbased intrusion detection systems, antivirus software, and anti-spyware all need to be updated to be accurate.
Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer? A. Worm B. Virus C. Trojan D. Spam
C. Trojan
One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer? A. Worm B. Logic bomb C. Spyware D. Trojan
D
Virtualized browsers can protect the OS that they are installed within from which of the following? A. DDoS attacks against the underlying OS B. Phishing and spam attacks C. Man-in-the-middle attacks D. Malware installation from Internet websites
D
What is the deadliest risk of a virtual computer? A. If a virtual computer fails, all other virtual computers immediately go offline. B. If a virtual computer fails, the physical server goes offline. C. If the physical server fails, all other physical servers immediately go offline. D. If the physical server fails, all the virtual computers immediately go offline.
D
Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption? A. Individually encrypted files will remain encrypted if they are copied to external drives. B. It reduces the processing overhead necessary to access encrypted files. C. NTFS permissions remain intact when files are copied to an external drive. D. Double encryption doubles the bit strength of the encrypted file.
D
Which of the following is not an advantage of NTFS over FAT32? A. NTFS supports file encryption. B. NTFS supports larger file sizes. C. NTFS supports larger volumes. D. NTFS supports more file formats.
D
Which of the following needs to be backed up on a domain controller to re-cover Active Directory? A. User data B. System files C. Operating system D. System state
D
Which of these is not considered to be an inline device? A. Firewall B. Router C. CSU/DSU D. HIDS
D
You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server? A. Spam B. Rootkit C. Backdoor D. Logic bomb E. Ransomware
D
Which type of attack uses more than one computer? A. Virus B. DoS C. Worm D. DDoS
D. A DDoS or distributed denial-of-service, attack uses multiple computers to make its attack, usually perpetuated on a server. None of the other answers use multiple computers.
You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem? A. Antivirus B. Anti-spyware C. Host-based firewalls D. Anti-spam
D. Anti-spam
Which of the following is not an example of malicious software? A. Rootkits B. Spyware C. Viruses D. Browser
D. Browser
What is a malicious attack that executes at the same time every week? A. Virus B. Worm C. Bluejacking D. Logic bomb
D. Logic bomb
Which of the following is a common symptom of spyware? A. Infected files B. Computer shuts down C. Applications freeze D. Pop-up windows
D. Pop-up windows They are common to spyware. The rest of the answers are more common symptoms of viruses
Which of the following types of viruses hides its code to mask itself? A. Stealth virus B. Polymorphic virus C. Worm D. Armored virus
D. Stealth An armored virus attempts to make disassembly difficult for an antivirus software program. It thwarts attempts at code examination. Stealth viruses attempt to avoid detection by antivirus software altogether. Polymorphic viruses change every time they run. Worms are not viruses.
