sec +
Which type of network intrusion detection system (NIDS) develops a baseline of normal traffic so it can detect deviations in this traffic that might indicate an attack?
Anomaly-based systems detect unusual network traffic patterns based upon a baseline of normal network traffic.
Which of the following processes is concerned with validating credentials?
Authentication is the process of validating that a user?s credentials are authentic, after the user has presented them through the identification process.
Which of the following desired attributes would make an organization most likely to move to a cloud provider?
Availability
Which of the following utilities are specifically used to diagnose DNS issues? (Select Two)
Both dig and nslookup are designed to query DNS servers.
You have received reports that a number of hosts in your company's internal network are sluggish and unresponsive. After troubleshooting other items, you decide to use a sniffer to examine the network traffic coming into the host. You see that massive amounts of ICMP broadcasts are being sent on the network. The switch is having trouble processing all of this traffic, due to repeated ICMP replies, causing it to slow down. Which of the following is the most likely explanation for this?
Flood attack
Which of following is the process of marking a photo or other type of media with geographical location information using the GPS of a mobile device?
Geotagging is the practice of marking media files, such as pictures and video, with relevant information such as geographic location (using the GPS features of the mobile device) and time.
What type of file, often sent with an e-mail message, can contain malicious code that can be downloaded and executed on a client's computer?
HTML attachment
Which of the following fire suppression chemicals was banned in 1987 and can no longer be used in data centers?
Halon
All of the following are characteristics of hashing, except:
Hashes are decrypted using the same algorithm and key that encrypted them
Which of the following is an application designed to create and initiate files on a host to provide a fully functional virtual machine?
Hypervisor
Which of the following secure e-mail protocols is carried over an SSL or TLS connection and uses TCP port 993?
IMAPS (secure IMAP)
Which of the following protocols would you use to encrypt VPN traffic?
Ipsec
Which of the following is a form of intentional interference with a wireless network?
Jamming
Which of the following authentication protocols uses a series of tickets to authenticate users to resources, as well as timestamps to prevent replay attacks?
Kerbos
Which of the following methods of enhancing security between hosts involves generating and exchanging asymmetric keys within a particular communication session?
Key exchange involves generating and exchanging asymmetric keys used for a particular communication session, exchanging public keys in order to use them for public key cryptography.
Which of the following methods of strengthening weak keys involves taking a weak initial key and feeding it to an algorithm that produces an enhanced key, which is much stronger?
Key stretching is a technique used to change weak keys into stronger ones by feeding them into an algorithm to produce enhanced keys.
Which of the following ports would be most likely to allow secure remote access into a system within a data center?
L2TP aligns to TCP port 1701, allowing secure remote access to a system through a VPN connection.
Which of the following is the biggest risk involved in cloud computing?
Lack of control
Which of the following can cause a successful attack on a system when a user enters malicious code or characters into a form field on a Web application?
Lack of input validation
Which of the following is generally a script planted by a disgruntled employee or other malicious actor that is set to execute at a certain time?
Logic bomb
Which of the following security controls allows connectivity to a network based on the system?s hardware address?
MAC address filtering
Which of the following terms indicates the length of time a device is expected to last in operation, and only a single, definitive failure will occur and will require that the device be replaced rather than repaired?
Mean time to failure
Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?
Mean time to recovery (MTTR)
Which of the following policy settings prevent a user from rapidly changing passwords and cycling through his or her password history to reuse a password?
Minimum password age
Which of the following technologies allows devices to communicate with each other at very close range through radio signals by using a special chip implanted in the device, and may be vulnerable to eavesdropping and man-in-the-middle attacks?
Near-field communication is enables devices to send very low-power radio signals to each other by using a special chip implanted in the device.
Which of the following two ways typically separate network hosts for security purposes? (Choose two.)
Networks are typically separated for security purposes either physically, logically, or both.
All of the following are considered duties of a first responder to an incident, except:
Notifying and coordinating with Senoir management and law officials.
Which of the following types of public key cryptography uses a web of trust model?
PGP Pretty Good Privacy
Which of the following are two characteristics of strong passwords? (Choose two.)
Password length and use of additional character space
Which of the following formal management efforts is designed to remediate security flaws discovered in applications and operating systems?
Patch management
Risk assessment means evaluating which of the following elements? (Choose two.)
Probability and Impact
All of the following are characteristics of the RADIUS authentication protocol, EXCEPT:
RADIUS uses TCP port 1812
Wissa is updating a printer driver on a Windows system. She downloads the latest driver from the manufacturer's Web site. When installing the driver, Windows warns that the driver is unsigned. To which of the following threats is Wissa exposing her system?
Refactoring
Which of the following algorithms won the U.S. government?sponsored competition to become the Advanced Encryption Standard (AES)?
Rijindael
Fabian's new load balancer has a number of scheduling options and he's trying to decide the one to use. He wants to schedule load balancing such that the load balancer assigns to each server in order, then returns to the first server. What is this form of scheduling?
Round robin is a turn-based scheduling method where jobs are assigned to servers in sequential order.
Which of the following is an example of a trusted OS?
SELinux is the only example, from the answers given, of a trusted operating system.
Which of the following uses a management information base (MIB) to provide detailed device-specific information to a central management console?
SNMP Simple Network Management Protocol
The corporate IT manager wants you to implement a process that separates corporate apps from personal apps on mobile devices. Which of the following techniques will enable you to do this?
Sandboxing
During which stage of a secure development model would you normally find steps such as secure code review, fuzzing, and vulnerability assessments?
Security Testing
During which stage of a secure development model would you normally find steps such as requirements gathering, analysis, and diagram development?
Security requirements
During which stage of a secure development model would you normally find steps such as secure code review, fuzzing, and vulnerability assessments?
Security testing
Which of the following are typically created for a single Web browsing session and are generally not carried across different sessions?
Session cookies are used for a single Web browsing session only
Which of the following is not a characteristic of effective signage?
Signage should indicate security checkpoints to report to in the event of an emergency requiring evacuation
Which of the following enables a user to provide one set of credentials to the system and use those credentials throughout other interconnected systems?
Single sign-on
Which of the following is a point-in-time backup of certain key configuration settings of a virtual machine, allowing the VM to be restored back to that point in time if it suffers a crash or other issue?
Snapshot
Which of the following types of factors could be used to describe a fingerprint-based method of logging in and authenticating to a touchscreen device?
Something you are
Which of the following types of network-connected systems can manage heating, ventilation, and air-conditioning controls?
Supervisory control and data acquisition (SCADA) systems
All of the following are valid methods to secure static hosts in an organization, except:
User-dependent security
Which of the following encryption protocols uses RC4 with small initialization vector sizes?
WEP
Which of the following is a variant of a phishing attack, where a phishing e-mail is sent to a high-value target instead of on a mass scale to all employees?
Whaling
Which of the following terms describes someone who hacks into systems, with permission of the system?s owner, to discover exploitable vulnerabilities and help secure the system?
White hat hackers
Which of the following attacks might involve an attacker attempting to enter a facility with arms full of boxes, in an attempt to gain sympathy and have someone open the door for him or her?
tailgating
How many rounds does DES perform when it encrypts plaintext?
16
What size is the initialization vector (IV) for the Temporal Key Integrity Protocol (TKIP), used in the WPA standard?
48-bit
You have a server that is used for Domain Name System (DNS) queries. You find that it has several open ports, and you intend to close all of the unnecessary ports on the server. The server is listening on ports 22, 25, 53, and 80. Which port must be left open to continue to use DNS functionality?
53
What size WEP key did the original IEEE 802.11b specification use?
64-bit
You are trying to determine the appropriate level of high availability for a server. The server must be available on a constant basis, and downtime in a given year cannot exceed 1 hour. It normally takes you about 45 minutes to bring down and restart the server for maintenance. Which of the following reflects the level of availability you require?
99.99 percent availability
Which of the following attacks targets relational databases that reside behind Web applications?
A SQL injection attack targets relational databases that reside behind Web applications.
An attack in which an attacker attempts to disconnect a victim?s wireless host from its access point is called a(n) __________.
A deauthentication attack
Which of the following describe a false reject rate? (Choose two.)
A false reject rate (FRR) is the error caused from rejecting an authorized user; it is also called a Type I error.
A password is an example of which of the following authentication factors?
A password is memorized, therefore you know it.
Which type of cloud service is usually operated by a third-party provider that sells or rents "pieces" of the cloud to different entities, such as small businesses or large corporations, to use as they need?
A public cloud is operated by a third-party provider who leases space in the cloud to anyone who needs it.
Which type of assessment is used to determine weaknesses within a system?
A vulnerability assessment
Which of the following details the specific access levels that individuals or entities may have when interacting with objects?
An access control list (ACL)
Which of the following statements best describes a buffer overflow attack?
An attack that exceeds the memory allocated to an application for a particular function, causing it to crash.
Which of the following statements best describes an XML injection attack?
An XML injection attack involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.
Your organization wants you to create and implement a policy that will detail proper use of its information systems during work hours. Which of the following is the best choice?
Acceptable-use policy
The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident.
Both Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols are used to encrypt traffic sent over untrusted networks, such as the Internet.
Which the following is a recognized way of restricting access to applications?
Blacklisting
When information is converted to an unreadable state using cryptography, in what form is the information?
Ciphertext is a result of the encryption process; it is encrypted text.
Which of the following is an older form of attack where a malicious/compromised Web site places invisible controls on a page, giving users the impression they are clicking some safe item that actually is an active control for something malicious?
Clickjacking
Your company allows a number of employees to telecommute, and others travel extensively. You have been tasked with finding a centralized solution that will allow access to shared data over the Internet. Which of the following is best?
Cloud services
Which of the following is normally required to convert and read coded messages?
Codebook
All of the following types of social engineering attacks might go undetected by the victim, except:
Coercion
Your organization is concerned that employees might e-mail proprietary information to themselves at their private addresses. Which of the following would be most effective at catching that particular effort?
Content filters can scan content as it leaves the network, checking for certain types of content that has been pre-specified within the software.
All of the following are supporting elements of authorization, except:
Credential validation
Which of the following methods of log management involves visiting each individual host to review its log files?
Decentralized log management means that logs are managed and reviewed on a host-by-host basis, rather than as a centralized, consolidated group.
What is the second step in the incident response life cycle?
Detection and analysis is the second step of the incident response life cycle.
If a person knows a control exists, and this control keeps him or her from performing a malicious act, what type of control would this be classified as?
Deterrent control
Which of the following access control models enables a person who creates or owns objects to define permissions to access those objects?
Discretionary access control model
During which type of assessment would penetration testers not have any knowledge about the network and network defenders have no knowledge of the test itself?
Double-blind test
What is the biggest difference between EAP-TLS and EAP-TTLS?
EAP-TLS needs server and client certifcates; EAP-TTLS only needs server certifcates.
Which of the following DES/AES encryption modes is considered the weakest?
ECB mode
Which of the following is a key agreement protocol used in public key cryptography?
ECDH Elliptic Curve Diffie-Hellman
Which of the following secure file copy protocols is used over an SSL or TLS connection?
FTP
What type of organizations are the main users of an interconnection service agreement (ISA)?
Telecoms use Interconnection Service Agreements.
Which of the following is a protocol used to obtain the status of digital certificates in public keys?
The Online Certificate Status Protocol (OCSP)
Which of the following forms of authentication pass credentials in clear text and is not recommended for use?
The Password Authentication Protocol (PAP) is an older authentication method that passes usernames and passwords in clear text. For this reason, it is no longer used.
Which of the following statements best defines the recovery point objective (RPO)?
The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident.
Which of the following network management protocols uses agents that respond to queries to report its status to a central program manager?
The Simple Network Management Protocol (SNMP) uses SNMP agents that respond to queries to report their status to a central program manager.
Which of the following is the simplest form of disaster recovery exercise?
The documentation review is the simplest form of test.
Which of the following are true statements regarding the relationships of functionality, security, and available resources? (Choose two.)
The relationship between security and functionality is inversely proportional. As one increases, the other decreases. The relationship between resources and both security and functionality is directly proportional. As resources increase, so do both functionality and security. If resources decrease, so do functionality and security.
Which of the following concepts should be the most important consideration when determining how to budget properly for security controls?
The risk likelihood and impact should directly determine how much you budget for controls to prevent the occurrence of risk.
If Bobby and Dawn exchange confidential encrypted e-mail messages using public and private key pairs, which of the following keys would Bobby need to encrypt confidential data in an e-mail message sent to Dawn?
To encrypt information that Dawn can decrypt, using public and private key pairs, Bobby would need Dawn's public key to encrypt data that only her private key can decrypt.
Marisol sees a tremendous amount of traffic on TCP port 389 from the Internet. Which TCP/IP service should she inspect first?
he Lightweight Directory Application Protocol (LDAP) uses TCP port 389.
Which of the following statements best describes the relationship between the elements of risk?
hreats exploit vulnerabilities.
For which of the following should employees receive training to establish how they are to treat information of differing sensitivity levels?
information classification
Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?
integer overflow attack
Which of the following cannot identify patterns alone and requires other data and event sources to identify trends and patterns?
log analysis