TEST DAY!
What can attackers accomplish using malicious port scanning? A. "Fingerprint" of the operating system B. Topology of the network C. All the computer names on the network D. All the usernames and passwords
A. "Fingerprint" of the operating system
From the list of ports, select two that are used for e-mail. (Select the two best answers.) A. 110 B. 3389 C. 143 D. 389
A. 110 C. 143
Which port number is ultimately used by SCP? A. 22 B. 23 C. 25 D. 443
A. 22
You have been tasked to access an older network device. Your only option is to use Telnet. Which port would need to be open on the network device by default? A. 3389 B. 161 C. 135 D. 23
A. 3389
Which TCP port does LDAP use? A. 389 B. 80 C. 443 D. 143
A. 389
Which port number does the Domain Name System use? A. 53 B. 80 C. 110 D. 88
A. 53
Which of the following is the best example of a strong password? A. A 14-character sequence of numbers, letters, and symbols B. The name of your pet C. The last four digits of your Social Security number D. A 15-character sequence of letters only
A. A 14-character sequence of numbers, letters, and symbols
What are some of the drawbacks to using a HIDS instead of a NIDS on a server? (Select the two best answers.) A. A HIDS may use a lot of resources, which can slow server performance. B. A HIDS cannot detect operating system attacks. C. A HIDS has a low level of detection of operating system attacks. D. A HIDS cannot detect network attacks.
A. A HIDS may use a lot of resources, which can slow server performance D. A HIDS cannot detect network attacks.
You are in charge of decreasing the chance of social engineering in your organization. Which of the following should you implement? A. A two-factor authentication scheme B. Vulnerability assessment C. Security awareness training D. Risk assessment
A. A two-factor authentication scheme C. Security awareness training
Imagine that you are an attacker. Which would be most desirable when attempting to compromise encrypted data? A. A weak key B. The algorithm used by the encryption protocol C. Captured traffic D. A block cipher
A. A weak key
One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next? A. ACLs B. NIDS C. AV definitions D. FTP permissions
A. ACLs
The IT director asks you to set up a system that will encrypt credit card data. She wants you to use the most secure symmetric algorithm with the least amount of CPU usage. Which of the following algorithms should you select? A. AES B. SHA-1 C. 3DES D. RSA
A. AES
When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization? A. AES B. 3DES C. SHA-512 D. MD5
A. AES
Which of the following protocols does the 802.11i standard support? A. AES B. RSA C. TKIP D. ECC E. DES
A. AES C. TKIP
Employees are asked to sign a document that describes the methods of accessing a company's servers. Which of the following best describes this document? A. Acceptable use policy B. Chain of custody C. Incident response D. Privacy Act of 1974
A. Acceptable use policy
What would you use to control the traffic that is allowed in or out of a network? (Select the best answer.) A. Access control lists B. Firewall C. Address Resolution Protocol D. Discretionary access control
A. Access control lists
A user attempts to log in to the network three times and fails each time. After the third time, the user is not allowed to attempt to log in for 30 minutes. What setting is this known as? A. Account lockout duration B. Account lockout threshold C. Password complexity requirements D. Minimum password age
A. Account lockout duration
You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security device needs to be configured to disable false alarms in the future? (Select the best answer.) A. Anomaly-based IDS B. Signature-based IPS C. Signature-based IDS D. UTM E. SIEM
A. Anomaly-based IDS
Which of the following will allow the triggering of a security alert because of a tracking cookie? A. Anti-spyware application B. Anti-spam software C. Network-based firewall D. Host-based firewall
A. Anti-spyware application
You are the network security administrator for your organization. You are in charge of deploying 50 new computers on the network. Which of the following should be completed first? A. Apply a baseline configuration B. Install operating system updates C. Install the latest spyware D. Install a spreadsheet program
A. Apply a baseline configuration
Which of the following best describes the proper method and reason to implement port security? A. Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network. B. Apply a security control that ties specific ports to end-device IP addresses, and prevents additional devices from being connected to the network. C. Apply a security control that ties specific ports to end-device MAC addresses, and prevents all devices from being connected to the network. D. Apply a security control that ties specific ports to end-device IP addresses, and prevents all devices from being connected to the network.
A. Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network.
Which of these is an example of social engineering? A. Asking for a username and password over the phone B. Using someone else's unsecured wireless network C. Hacking into a router D. Virus
A. Asking for a username and password over the phone
Which of the following is used when performing a quantitative risk analysis? A. Asset value B. Surveys C. Focus group D. Best practice
A. Asset value
Which of the following is used when performing a quantitative risk analysis? A. Asset value B. Surveys C. Focus groups D. Best practices
A. Asset value
Which of the following encryption concepts is PKI based on? A. Asymmetric B. Symmetric C. Elliptical curve D. Quantum
A. Asymmetric
Which of the following is the most complicated centralized key management scheme? A. Asymmetric B. Symmetric C. Whole disk encryption D. Steganography
A. Asymmetric
You have collected login information, file access information, security log files, and unauthorized security violations. What is this collection known as? A. Audit trail B. Audit C. Access control list D. Security log
A. Audit trail
One of your co-workers complains to you that he cannot see any security events in the Event Viewer. What are three possible reasons for this? (Select the three best answers.) A. Auditing has not been turned on. B. The log file is only 10 MB. C. The co-worker is not an administrator. D. Auditing for an individual object has not been turned on.
A. Auditing has not been turned on. C. The co-worker is not an administrator. D. Auditing for an individual object has not been turned on.
RAID is most concerned with what? A. Availability B. Baselining C. Confidentiality D. Integrity
A. Availability
Mark works for a financial company. He has been tasked to protect customer data. He decides to install a mantrap and an HVAC system in the data center. Which of the following concepts has he addressed? (choose 2) A. Availability B. Integrity C. Confidentiality D. Recovery E. Accountability
A. Availability C. Confidentiality
Which action should be taken to protect against a complete disaster in the case that a primary company's site is permanently lost? A. Back up all data to tape, and store those tapes at a sister site in another city. B. Back up all data to tape, and store those tapes at a sister site across the street. C. Back up all data to disk, and store the disk in a safe deposit box at the administrator's home. D. Back up all data to disk, and store the disk in a safe in the building's basement.
A. Back up all data to tape, and store those tapes at a sister site in another city.
You are contracted to conduct a forensic analysis of the computer. What should you do first? A. Back up the system B. Analyze the files C. Scan for viruses D. Make changes to the operating system
A. Back up the system
Which of the following requires a baseline? (Select the two best answers.) A. Behavior-based monitoring B. Performance Monitor C. Anomaly-based monitoring D. Signature-based monitoring
A. Behavior-based monitoring C. Anomaly-based monitoring
Which of the following are PII that are used in conjunction with each other? A. Birthday B. Full name C. Favorite food D. Marital status E. Pet's name
A. Birthday B. Full name
What type of attack sends two different messages using the same hash function, which end up causing a collision? A. Birthday attack B. Bluesnarfing C. Man-in-the-middle attack D. Logic bomb
A. Birthday attack
Which of the following are Bluetooth threats? (Select the two best answers.) A. Bluesnarfing B. Blue bearding C. Bluejacking D. Distributed denial-of-service
A. Bluesnarfing C. Bluejacking
A group of compromised computers that have software installed by a worm or Trojan is known as which of the following? A. Botnet B. Virus C. Rootkit D. Zombie
A. Botnet
Which of the following methods can be used by a security administrator to recover a user's forgotten password from a password-protected file? A. Brute-force B. Packet sniffing C. Social engineering D. Cognitive password
A. Brute-force
A NOP slide is an indication of what kind of attack? A. Buffer overflow B. SQL injection C. XSS D. Smurf attack
A. Buffer overflow
Which of the following describes an application that accepts more input than it was originally expecting? A. Buffer overflow B. Denial of service (DoS) C. Sandbox D. Brute force
A. Buffer overflow
Heaps and stacks can be affected by which of the following attacks? A. Buffer overflows B. Rootkits C. SQL injection D. Cross-site scripting
A. Buffer overflows
Your company has a mix of on-premises infrastructure and cloud-provider infrastructure and needs to extend the reach of its security policies beyond the internal infrastructure. Which of the following would be the BEST solution for the company to consider? A. CASB B. SaaS C. PaaS D. MaaS
A. CASB
Which of the following protocols or services uses port 19? A. CHARGEN B. Echo C. Telnet D. SMTP
A. CHARGEN
What should you publish a compromised certificate to? A. CRL B. CA C. PKI D. AES
A. CRL
You are in charge of PKI certificates. What should you implement so that stolen certificates cannot be used? A. CRL B. CAD C. CA D. CRT
A. CRL
Stephen has been instructed to update all three routers' firmware for his organization. Where should he document his work? A. Change management system B. Router system log C. Event Viewer D. Chain of custody
A. Change management system
You have been tasked with blocking DNS requests and zone transfers coming from outside IP addresses. You analyze your organization's firewall and note that it implements an implicit allow and currently has the following ACL configured for the external interface: permit TCP any any 80 permit TCP any any 443 Which of the following rules would accomplish your goal? (Select the two best answers.) A. Change the implicit rule to an implicit deny B. Remove the current ACL C. Add the following ACL at the top of the current ACL: deny TCP any any 53 D. Add the following ACL at the bottom of the current ACL: deny ICMP any any 53 E. Apply the current ACL to all interfaces of the firewall F. Add the following ACL at the bottom of the current ACL: deny IP any any 53
A. Change the implicit rule to an implicit deny F. Add the following ACL at the bottom of the current ACL: deny IP any any 53
A hash algorithm has the capability to avoid the same output from two guessed inputs. What is this known as? A. Collision resistance B. Collision strength C. Collision cipher D. Collision metric
A. Collision resistance
Specific secure data is only supposed to be viewed by certain authorized users. What concept ensures this? A. Confidentiality B. Integrity C. Availability D. Authenticity
A. Confidentiality
What are two ways to secure the computer within the BIOS? (Select the two best answers.) A. Configure a supervisor password. B. Turn on BIOS shadowing. C. Flash the BIOS. D. Set the hard drive first in the boot order.
A. Configure a supervisor password. D. Set the hard drive first in the boot order.
Your organization hires temporary users to assist with end-of-year resources and calculations. All the temporary users need access to the same domain resources. These "temps" are hired for a specific period of time with a set completion date. Users log on to a Windows domain controlled by a Windows Server domain controller. Your job is to make sure that the accounts can be used only during the specific period of time for which the temps are hired. The solution you select should require minimal administrative effort and upkeep. Of the following, what is the best solution? A. Configure expiration dates for the temp user accounts B. Configure password expiration dates for temp user accounts C. Configure a domain password policy for the temp user accounts D. Configure a local password policy on the computers used by temp user accounts E. Delete the temp user accounts at the end the work period
A. Configure expiration dates for the temp user accounts
You are the security administrator for your organization. You have just identified a malware incident. Of the following, what should be your first response? A. Containment B. Removal C. Recovery D. Monitoring
A. Containment
Which of the following will an Internet filtering appliance analyze? (Select the three best answers.) A. Content B. Certificates C. Certificate revocation lists D. URLs
A. Content B. Certificates D. URLs
What is a device doing when it actively monitors data streams for malicious code? A. Content inspection B. URL filtering C. Load balancing D. NAT
A. Content inspection
Which of the following is the best practice to secure log files? A. Copy the log files to a server in a remote location. B. Log all failed and successful login attempts. C. Increase the size of the log files. D. Perform hashing of the log files.
A. Copy the log files to a server in a remote location.
There is an important upcoming patch to be released. You are required to test the installation of the patch a dozen times before the patch is distributed to the public. What should you perform to test the patching process quickly and often? A. Create a virtualized sandbox and utilize snapshots B. Create an image of a patched PC and replicate it to the servers C. Create an incremental backup of an unpatched PC D. Create a full disk image to restore after each installation
A. Create a virtualized sandbox and utilize snapshots
Your network is a Windows domain controlled by a Windows Server domain controller. Your goal is to configure user access to file folders shared to the network. In your organization, directory access is dependent upon a user's role in the organization. You need to keep to a minimum the administrative overhead needed to manage access security. You need to be able to quickly modify a user's permissions if that user is assigned to a different role. A user can be assigned to more than one role within the organization. What solutions should you implement? (Select the two best answers.) A. Create security groups and assign access permissions based on organizational roles B. Place users in OUs based on organizational roles C. Create an OU for each organizational role and link GPOs to each OU D. Place users' computers in OUs based on user organizational roles E. Assign access permission explicitly by user account
A. Create security groups and assign access permissions based on organizational roles C. Create an OU for each organizational role and link GPOs to each OU
Of the following, what is the most common problem associated with UTP cable? A. Crosstalk B. Data emanation C. Chromatic dispersion D. Vampire tapping
A. Crosstalk
Which of the following is the weakest encryption type? A. DES B. RSA C. AES D. SHA
A. DES
Which of the following is an area of the network infrastructure that enables a person to put public-facing systems into it without compromising the entire infrastructure? A. DMZ B. VLAN C. VPN D. NAT
A. DMZ
Which of the following should be placed between the LAN and the Internet? A. DMZ B. HIDS C. Domain controller D. Extranet
A. DMZ
Which of the following would you set up in a multifunction SOHO router? A. DMZ B. DOS C. OSI D. ARP
A. DMZ
A coworker goes to a website but notices that the browser brings her to a different website and that the URL has changed. What type of attack is this? A. DNS poisoning B. Denial of service C. Buffer overflow D. ARP poisoning
A. DNS poisoning
What is the most commonly seen security risk of using coaxial cable? A. Data that emanates from the core of the cable B. Crosstalk between the different wires C. Chromatic dispersion D. Jamming
A. Data that emanates from the core of the cable
Which of the following is the first step in creating a security baseline? A. Define a security policy B. Install software patches C. Perform vulnerability testing D. Mitigate risk
A. Define a security policy
What is a default rule found in a firewall's ACL? A. Deny all B. Permit all C. netsh advfirewall firewall D. add address=192.168.0.0/16
A. Deny all
What kind of security control do computer security audits fall under? A. Detective B. Preventive C. Corrective D. Protective
A. Detective
You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution? A. Device encryption B. Remote wipe C. Screen locks D. AV software
A. Device encryption
Which wireless configurations can be easily circumvented using a network sniffer? (select 2) A. Disabled SSID B. EAP-TLS C. WPA2 D. MAC filtering E. WEP with 802.1X
A. Disabled SSID D. MAC filtering
Which of the following are components of hardening an operating system? A. Disabling unnecessary services B. Configuring the desktop C. Applying patches D. Adding users to the administrators group E. Enabling services
A. Disabling unnecessary services C. Applying patches
Your organization already has a policy in place that bans flash drives. What other policy could you enact to reduce the possibility of data leakage? A. Disallow the saving of data to a network share B. Enforce that all work files have to be password protected C. Disallow personal music devices D. Allow unencrypted HSMs
A. Disallow the saving of data to a network share
You have been tasked with sending a decommissioned SSL certificate server's hard drives to be destroyed by a third-party company. What should you implement before sending the drives out? (Select the two best answers.) A. Disk wiping B. Data retention policies C. Removable media encryption D. Full disk encryption E. Disk hashing
A. Disk wiping D. Full disk encryption
Your boss has instructed you to shred some confidential documents. Which threat does this mitigate? A. Dumpster diving B. Tailgating C. Shoulder surfing D. Baiting
A. Dumpster diving
Which of the following are symmetric encryption algorithms? A. ECC B. AES C. RSA D. DES E. RC4 F. Diffie-Hellman G. 3DES
A. ECC B. AES C. RSA D. 3DES
Your organization's server uses a public, unencrypted communication channel. You are required to implement protocols that allow clients to securely negotiate encryption keys with the server. What protocols should you select? (Select the two best answers.) A. ECDHE B. PBKDF2 C. Steganography D. Diffie-Hellman E. Symmetric encryption
A. ECDHE D. Diffie-Hellman
Which option enables you to hide the bootmgr file? A. Enable Hide Protected Operating System Files B. Enable Show Hidden Files and Folders C. Disable Hide Protected Operating System Files D. Remove the -R Attribute
A. Enable Hide Protected Operating System Files
A user can enter improper input into a new computer program and is able to crash the program. What has your organization's programmer most likely failed to implement? A. Error handling B. CRC C. SDLC D. Data formatting
A. Error handling
Your organization must achieve compliance for PCI and SOX. Which of the following would best allow the organization to achieve compliance and ensure security? (Select the three best answers.) A. Establish a company framework B. Compartmentalize the network C. Centralize management of all devices on the network D. Apply technical controls to meet compliance regulations E. Establish a list of users that must work with each regulation F. Establish a list of devices that must meet regulations
A. Establish a company framework B. Compartmentalize the network D. Apply technical controls to meet compliance regulations
As a security administrator, you must be constantly vigilant and always be aware of the security posture of your systems. Which of the following supports this goal? A. Establishing baseline reporting B. Disabling unnecessary services C. Training staff on security policies D. Installing anti-malware applications
A. Establishing baseline reporting
You scan the network and find a counterfeit access point that is using the same SSID as an already existing access point. What is this an example of? A. Evil twin B. War-driving C. AP isolation D. Rogue access point
A. Evil twin
Which of the following would a DMZ typically contain? A. FTP server B. SQL server C. Customer account database D. User workstations
A. FTP server
What is the best way to utilize FTP sessions securely? A. FTPS B. FTP passive C. FTP active D. TFTP
A. FTPS
Which of the following results occurs when a biometric system identifies a legitimate user as unauthorized? A. False rejection B. FAR C. False acceptance D. CER E. False exception
A. False rejection
What would be an example of a device used to shield a server room from data emanation? A. Faraday cage B. TEMPEST C. EMI D. Crosstalk
A. Faraday cage
Which device's log file will show access control lists and who was allowed access and who wasn't? A. Firewall B. Smartphone C. Performance Monitor D. IP proxy
A. Firewall
Which of the following security technologies should you provide to allow users remote access to your network? (choose 2) A. Firewall B. Subnetting C. NAT D. VPN E. NAC
A. Firewall D. VPN
In addition to bribery and forgery, which of the following are the most common techniques that attackers use to socially engineer people? (Select the two best answers.) A. Flattery B. Assuming a position of authority C. Dumpster diving D. WHOIS search
A. Flattery C. Dumpster diving
To protect against malicious attacks, what should you think like? A. Hacker B. Network admin C. Spoofer D. Auditor
A. Hacker
Which of the following best describes a TPM? A. Hardware chip that stores keys B. High-speed secure removable storage device C. Third-party certificate authority D. USB encryption
A. Hardware chip that stores keys
You have implemented a technology that enables you to review logs from computers located on the Internet. The information gathered is used to find out about new malware attacks. What have you implemented? A. Honeynet B. Protocol analyzer C. Firewall D. Proxy
A. Honeynet
Which of the following environmental variables reduces the possibility of static discharges (ESD)? A. Humidity B. Temperature C. EMI D. RFI
A. Humidity
Which of the following is usually used with L2TP? A. IPsec B. SSH C. PHP D. SHA
A. IPsec
Which of the following security actions should be completed before a user is given access to the network? A. Identification and authentication B. Authentication and authorization C. Identification and authorization D. Authentication and biometrics
A. Identification and authentication
You are attempting to establish host-based security for your organization's workstations. Which of the following is the best way to do this? A. Implement OS hardening by applying GPOs B. Implement database hardening by applying vendor guidelines. C. Implement web server hardening by restricting service accounts. D. Implement firewall rules to restrict access.
A. Implement OS hardening by applying GPOs
Of the following backup types, which describes the backup of files that have changed since the last full or incremental backup? A. Incremental B. Differential C. Full D. Copy
A. Incremental
Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption? A. Individually encrypted files will remain encrypted if they are copied to external drives. B. It reduces the processing overhead necessary to access encrypted files. C. NTFS permissions remain intact when files are copied to an external drive. D. Double encryption doubles the bit strength of the encrypted file
A. Individually encrypted files will remain encrypted if they are copied to external drives.
What types of technologies are used by external motion detectors? (Select the two best answers.) A. Infrared B. RFID C. Gamma rays D. Ultrasonic
A. Infrared
What's the best way to prevent SQL injection attacks on web applications? A. Input validation B. Host-based firewall C. Add HTTPS pages D. Update the web server
A. Input validation
Which of the following invalidates SQL injection attacks that were launched from a lookup field of a web server? A. Input validation B. Security template C. NIDS D. Buffer overflow protection
A. Input validation
Which of the following should be implemented to harden an operating system? (Select the two best answers.) A. Install the latest updates. B. Install Windows Defender. C. Install a virtual operating system. D. Execute PHP scripts.
A. Install the latest updates. B. Install Windows Defender.
Jake is in the process of running a bulk data update. However, the process writes incorrect data throughout the database. What has been compromised? A. Integrity B. Confidentiality C. Availability D. Accountability
A. Integrity
The honeypot concept is enticing to administrators because A. It enables them to observe attacks. B. It traps an attacker in a network. C. It bounces attacks back at the attacker. D. It traps a person physically between two locked doors.
A. It enables them to observe attacks.
Which of the following would you make use of when performing a qualitative risk analysis? A. Judgment B. Asset value C. Threat frequency D. SLE
A. Judgment
Users on your network are identified with tickets. Which of the following systems is being used? A. Kerberos B. RADIUS C. TACACS+ D. LDAP
A. Kerberos
Which of the following network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource, and uses a Key Distribution Center (KDC)? A. Kerberos B. RADIUS C. TACACS+ D. PKI
A. Kerberos
During a software development review, the cryptographic engineer advises the project manager that security can be improved by significantly slowing down the runtime of the hashing algorithm and increasing entropy by passing the input and salt back during each iteration. Which of the following best describes what the engineer is trying to achieve? A. Key stretching B. Confusion C. Diffusion D. Root of Trust E. Monoalphabetic cipher F. PRNG G. Pass the hash
A. Key stretching
Which of the following enables an attacker to float a domain registration for a maximum of five days? A. Kiting B. DNS poisoning C. Domain hijacking D. Spoofing
A. Kiting
Which of the following protocols creates an unencrypted tunnel? A. L2TP B. PPTP C. IPsec D. VPN
A. L2TP
NTLM is for the most part backward compatible and is an improved version of which of the following? A. LANMAN B. AES C. MD5 D. passwd
A. LANMAN
When using the mandatory access control model, what component is needed? A. Labels B. Certificates C. Tokens D. RBAC
A. Labels
Which of the following would an antivirus program most likely not detect? (Select the two best answers.) A. Logic bomb B. Worm C. Virus D. Trojan E. Pharming
A. Logic bomb E. Pharming
You receive complaints about network connectivity being disrupted. You suspect that a user connected both ends of a network cable to two different ports on a switch. What can be done to prevent this? A. Loop protection B. DMZ C. VLAN segregation D. Port forwarding
A. Loop protection
Your organization has a policy that states that user passwords must be at least 16 characters. Your computers use NTLM2 authentication for clients. Which of the following hash algorithms will be used for password authentication? A. MD5 B. AES C. LM hash D. SHA
A. MD5
An employee of your organization was escorted off of the premises for suspicion of fraudulent activity, but the employee had been working for two hours before leaving. You have been asked to find out what files have changed since last night's integrity scan. Which protocols could you use to perform your task? (Select the two best answers.) A. MD5 B. ECC C. AES D. PGP E. HMAC F. Blowfish
A. MD5 E. HMAC
What is software that is designed to infiltrate a computer system without the user's knowledge or consent? A. Malware B. Privilege escalation C. Whitelists D. HIDS
A. Malware
Your boss speculates that an employee in a sensitive position is committing fraud. What is the best way to identify if this is true? A. Mandatory vacations B. Separation of duties C. Due diligence D. Acceptable usage policy
A. Mandatory vacations
You need to protect your data center from unauthorized entry at all times. Which is the best type of physical security to implement? A. Mantrap B. Video surveillance C. Nightly security guards D. 802.1X
A. Mantrap
Rick is reviewing the logs of a host-based IDS. They show that the computer has been compromised by a botnet and is communicating with a master server. If Rick needs to power the computer off, which of the following types of data will be unavailable? A. Memory, system processes, and network processes B. Memory, archival storage, and temporary files C. Swap files, system processes, and the master boot record D. The system disk, e-mail, and log files
A. Memory, system processes, and network processes
Your boss needs you to implement a password policy that prevents a user from reusing the same password. To be effective, the policy must be implemented in conjunction with the password history policy. Which of the following is the best method? A. Minimum age B. Expiration time C. Password length D. Lockout time
A. Minimum age
The IT director asks you to create a solution to protect your network from Internet-based attacks. The solution should include pre-admission security checks and automated remediation and should also integrate with existing network infrastructure devices. Which of the following solutions should you implement? A. NAC B. NAT C. VLAN D. Subnetting
A. NAC
Which of the following security applications cannot proactively detect computer anomalies? A. NIDS B. HIPS C. Antivirus software D. Personal software firewall
A. NIDS
Which of the following will identify a Smurf attack? A. NIDS B. Firewall C. Content filter D. Load balancer
A. NIDS
Which of the following would you most likely find in a buffer overflow attack? A. NOP instructions B. Sequence numbers C. IV length D. Set flags
A. NOP instructions
A customer's SD card uses FAT32 as its file system. What file system can you upgrade it to when using the convert command? A. NTFS B. HPFS C. ext4 D. NFS
A. NTFS
You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance? A. Network mapper B. Protocol analyzer C. Port scanner D. Vulnerability scanner
A. Network mapper
Which of the following is used to validate whether trust is in place and accurate by retuning responses of "good," "unknown," or "revoked"? A. OCSP B. PKI C. CRL D. RA
A. OCSP
Which of the following has schemas written in XML? A. OVAL B. 3DES C. WPA D. PAP
A. OVAL
Why do attackers often target nonessential services? (Select the two best answers.) A. Often they are not configured correctly. B. They are not monitored as often. C. They are not used. D. They are not monitored by an IDS.
A. Often they are not configured correctly. B. They are not monitored as often.
Which of the following combines the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext? A. One-time pad B. Obfuscation C. PBKDF2 D. ECDH
A. One-time pad
E-mail servers can be maliciously exploited in many ways, for example, spoofing e-mail messages. Which of the following is a common component that attackers would use to spoof e-mails? A. Open relay B. Web proxy C. Session hijacking D. Logic bomb
A. Open relay
Of the following definitions, which would be an example of eavesdropping? A. Overhearing parts of a conversation B. Monitoring network traffic C. Another person looking through your files D. A computer capturing information from a sender
A. Overhearing parts of a conversation
Which of the following requires a CA during the authentication process? A. PEAP-TLS B. FTPS explicit C. FTPS implicit D. MD5
A. PEAP-TLS
A user is required to have a password that is 14 characters or more. What is this an example of? A. Password length B. Password recovery C. Password complexity D. Password expiration
A. Password length
Your organization has enacted a policy where employees are required to create passwords with at least 15 characters. What type of policy does this define? A. Password length B. Password expiration C. Minimum password age D. Password complexity
A. Password length
Which of the following methods is the most closely associated with DLL injection? A. Penetration testing B. Vulnerability assessment C. Performance monitoring D. Auditing
A. Penetration testing
You have established a baseline for your server. Which of the following is the best tool to use to monitor any changes to that baseline? A. Performance Monitor B. Anti-spyware C. Antivirus software D. Vulnerability assessments software
A. Performance Monitor
Jason is a security administrator for a company of 4000 users. He wants to store 6 months of security logs to a logging server for analysis. The reports are required by upper management due to legal obligations but are not time-critical. When planning for the requirements of the logging server, which of the following should not be implemented? A. Performance baseline and audit trails B. Time stamping and integrity of the logs C. Log details and level of verbose logging D. Log storage and backup requirements
A. Performance baseline and audit trails
Which of the following tools uses ICMP as its main underlying protocol? A. Ping scanner B. Port scanner C. Image scanner D. Barcode scanner
A. Ping scanner
Which of the following ports is required by an e-commerce web server running SSL? A. Port 443 inbound B. Port 80 inbound C. Port 80 outbound D. Port 443 outbound
A. Port 443 inbound
Which of the following are requirements for a cold site? A. Power and connectivity B. Redundant servers and networking devices C. Close proximity to the data center D. Patched and updated client computers
A. Power and connectivity
In a public key infrastructure setup, which of the following should be used to encrypt the signature of an e-mail? A. Private key B. Public key C. Shared key
A. Private key
Your boss wants you to set up an authentication scheme in which employees will use smart cards to log in to the company network. What kind of key should be used to accomplish this? A. Private key B. Public key C. Cipher key D. Shared key
A. Private key
Which of the following can be described as the act of exploiting a bug or flaw in software to gain access to resources that normally would be protected? A. Privilege escalation B. Chain of custody C. Default account D. Backdoor
A. Privilege escalation
You are the network security administrator for your organization. You recently audited a server and found that a user logged in to the server with a regular account, executed a program, and performed activities that should be available only to an administrator. What type of attack does this describe? A. Privilege escalation B. Backdoor C. Trojan horse D. Brute-force
A. Privilege escalation
Which of the following can determine which flags are set in a TCP/IP handshake? A. Protocol analyzer B. Port scanner C. SYN/ACK D. Performance Monitor
A. Protocol analyzer
Which of the following enables a person to view the IP headers on a data packet? A. Protocol analyzer B. NIDS C. Firewall D. L2 switch
A. Protocol analyzer
You suspect a broadcast storm on the LAN. Which tool is required to diagnose which network adapter is causing the storm? A. Protocol analyzer B. Firewall C. Port scanner D. Network intrusion detection system E. Port mirror
A. Protocol analyzer
You work as a network administrator for your organization and need a tool to capture ICMP, HTTP, FTP, and other packets of information. Which of the following tools should you use? A. Protocol analyzer B. Penetration tester C. Vulnerability scanner D. Port scanner
A. Protocol analyzer
In which two environments would social engineering attacks be most effective? (Select the two best answers.) A. Public building with shared office space B. Company with a dedicated IT staff C. Locked building D. Military facility E. An organization whose IT personnel have little training
A. Public building with shared office space E. An organization whose IT personnel have little training
When a user's web browser communicates with a CA, what PKI element does the CA require from the browser? A. Public key B. Private key C. Symmetric key D. Secret key
A. Public key
Why do hackers often target nonessential services? A. Quite often, they are not configured correctly. B. They are not monitored as often. C. They are not used. D. They are not monitored by an IDS.
A. Quite often, they are not configured correctly. B. They are not monitored as often.
You have been tasked with increasing the level of server fault tolerance, but you have been given no budget to perform the task. Which of the following should you implement to ensure that servers' data can withstand hardware failure? A. RAID B. Hardware load balancing C. A cold site D. Towers of Hanoi
A. RAID
Which of the following is not a valid cryptographic hash function? A. RC4 B. SHA-512 C. MD5 D. RIPEMD
A. RC4
Which of the following defines a business goal for system restoration and acceptable data loss? A. RPO B. Warm site C. MTBF D. MTTR
A. RPO
When creating a public/private key pair, which of the following would an admin need to specify key strength? A. RSA B. AES C. DES D. SHA
A. RSA
Which one of the following is the most common encryption protocol used for key exchange during a secure web session? A. RSA B. AES C. SHA D. PKI
A. RSA
A user receives an encrypted message that was encrypted using asymmetric cryptography. What does this recipient need to decrypt the message? A. Recipient's private key B. Recipient's public key C. Sender's private key D. Sender's public key
A. Recipient's private key
You have been given the task of scanning for viruses on a PC. What is the best of the following methods? A. Recovery environment B. Dual-boot into Linux C. Command Prompt only D. Boot into Windows normally
A. Recovery environment
A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do? A. Remote wipe B. GPS tracking C. Implement encryption D. Turn on screen locks
A. Remote wipe
A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device? (Select the two best answers.) A. Remote wipe B. E-mail password C. GPS D. Tethering E. Encryption F. Screen lock
A. Remote wipe E. Encryption
Which of the following attacks is best described as an attacker capturing part of a communication, and then later sending some or all of that communication to a server while pretending to be the original client? A. Replay attack B. TCP/IP hijacking C. Backdoor D. Man-in-the-middle attack
A. Replay attack
You are the systems administrator for your organization. Human resources notifies you that a particular user has been terminated. What should you do? A. Retain the user's data for a specific amount of time. B. Delete the user's account. C. Delete the user's data. D. Disable the user's account.
A. Retain the user's data for a specific amount of time. D. Disable the user's account.
A company has a high attrition rate. What should you ask the network administrator to do first? (Select the best answer.) A. Review user permissions and access control lists. B. Review group policies. C. Review Performance logs. D. Review the Application log.
A. Review user permissions and access control lists.
Identifying residual risk is considered to be the most important task when dealing with which of the following? A. Risk acceptance B. Risk deterrence C. Risk avoidance D. Risk mitigation
A. Risk acceptance
You are implementing a new enterprise database server. After you evaluate the product with various vulnerability scans you determine that the product is not a threat in of itself but it has the potential to introduce new vulnerabilities to your network. Which assessment should you now take into consideration while you continue to evaluate the database server? A. Risk assessment B. Code assessment C. Vulnerability assessment D. Threat assessment
A. Risk assessment
Your boss asks you to purchase additional insurance in an effort to reduce risk. What is this an example of? A. Risk transference B. Risk elimination C. Risk acceptance D. Risk avoidance
A. Risk transference
Which of the following is an unauthorized wireless router that allows access to a secure network? A. Rogue AP B. Evil twin C. War-driving D. AP isolation
A. Rogue AP
You have been commissioned by a customer to implement a network access control model that limits remote users' network usage to normal business hours only. You create one policy that applies to all the remote users. What access control model are you implementing? A. Role-based access control B. Mandatory access control C. Discretionary access control D. Rule-based access control
A. Role-based access control
In an environment where administrators, the accounting department, and the marketing department all have different levels of access, which of the following access control models is being used? A. Role-based access control (RBAC) B. Mandatory access control (MAC) C. Discretionary access control (DAC) D. Rule-based access control (RBAC)
A. Role-based access control (RBAC)
Which of the following access control methods uses rules to govern whether object access will be allowed? (Select the best answer.) A. Rule-based access control B. Role-based access control C. Discretionary access control D. Mandatory access control E. Attribute-based access control
A. Rule-based access control
You are in charge of the disaster recovery plan for your organization. What can you do to make sure that the DRP can be implemented quickly and correctly? A. Run a test of the recovery plan B. Send the plan to management for approval C. Distribute copies of the plan to key personnel D. Store the recovery plan in a secure area
A. Run a test of the recovery plan
Which protocol is based on SSH? A. SFTP B. TFTP C. FTP D. FTPS
A. SFTP
As a network administrator, one of your jobs is to deal with Internet service providers. You want to ensure that a provider guarantees end-to-end traffic performance. What is this known as? A. SLA B. VPN C. DRP D. WPA
A. SLA
You have three e-mail servers. What is it called when one server forwards e-mail to another? A. SMTP relay B. Buffer overflows C. POP3 D. Cookies
A. SMTP relay
The IT director has asked you to install agents on several client computers and monitor them from a program at a server. What is this known as? A. SNMP B. SMTP C. SMP D. Performance Monitor
A. SNMP
Which of the following is the best option if you are trying to monitor network devices? A. SNMP B. Telnet C. FTPS D. IPsec
A. SNMP
Which of the following makes use of three components: a managed device, an agent, and a network management system? A. SNMP B. Wireshark C. Performance Monitor
A. SNMP
Which of these governs the disclosure of financial data? A. SOX B. HIPAA C. GLB D. Top secret
A. SOX
Which of the following network protocols sends data between two computers while using a secure channel? A. SSH B. SMTP C. SNMP D. P2P
A. SSH
Your organization has several separate logins necessary to gain access to several different sets of resources. What access control method could solve this problem? A. SSO B. Two-factor authentication C. Biometrics D. Smart card
A. SSO
What kind of attack would a flood guard protect a network from? A. SYN attack B. Xmas attack C. MITM attack D. Botnet
A. SYN attack
Which one of the following attacks misuses the Transmission Control Protocol three-way handshake process in an attempt to overload network servers so that authorized users are denied access to network resources? A. SYN attack B. Man-in-the-middle attack C. Teardrop attack D. Smurf attack
A. SYN attack
To find out when a computer was shut down, which log file would an administrator use? A. Security B. System C. Application D. DNS
A. Security
Your organization has several building keys circulating among various executive and human resources employees. You are concerned that the keys could be easily lost, stolen, or duplicated, so you have decided to implement an additional security control based on facial recognition. Which of the following will address this goal? A. Security guard B. Fingerprint scanner C. Mantraps D. Proximity readers
A. Security guard
You are designing security for an application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. What access control method should you use? A. Separation of duties B. Implicit deny C. Job rotation D. Least privilege
A. Separation of duties
What are two ways to secure a Microsoft-based web browser? (Select the two best answers.) A. Set the Internet zone's security level to High. B. Disable the pop-up blocker. C. Disable ActiveX controls. D. Add malicious sites to the Trusted Sites zone.
A. Set the Internet zone's security level to High. C. Disable ActiveX controls.
A wireless network switch has connectivity issues but only when the air-conditioning system is running. What can be added to fix the problem? A. Shielding B. A wireless network C. A key deflector D. Redundant air-conditioning systems
A. Shielding
Which of the following environmental controls is part of the TEMPEST standards? A. Shielding B. Fire suppression C. HVAC D. Biometrics
A. Shielding
You have been ordered to implement a secure shredding system as well as privacy screens. What two attacks is your organization attempting to mitigate? A. Shoulder surfing B. Impersonation C. Phishing D. Dumpster diving E. Tailgating
A. Shoulder surfing
What should be incorporated with annual awareness security training? A. Signing of a user agreement B. Implementation of security controls C. User rights and permissions review D. Succession planning
A. Signing of a user agreement
Of the following, what two authentication mechanisms require something you physically possess? (Select the two best answers.) A. Smart card B. Certificate C. USB flash drive D. Username and password
A. Smart card C. USB flash drive
Give two examples of hardware devices that can store keys. (Select the two best answers.) A. Smart card B. Network adapter C. PCI Express card D. USB flash drive
A. Smart card D. USB flash drive
What devices will not be able to communicate in a Faraday cage? (Select the two best answers.) A. Smartphones B. Servers C. Tablets D. Switches
A. Smartphones C. Tablets
User education can help to defend against which of the following? (Select the three best answers.) A. Social engineering B. Phishing C. Rainbow tables D. Dumpster diving
A. Social engineering B. Phishing D. Dumpster diving
What type of cloud service is webmail known as? A. Software as a Service B. Remote Desktop C. Platform as a Service D. Infrastructure as a Service
A. Software as a Service
A proximity card is an example of what? A. Something a user has B. Something a user is C. Something a user knows D. Something a user does
A. Something a user has
An attacker uses a method that is meant to obtain information from a specific person. What type of attack is this? A. Spear phishing B. DNS poisoning C. Pharming D. Fraggle
A. Spear phishing
One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive-by download of unwanted software occurred. What does the download most likely contain? A. Spyware B. DDoS C. Smurf D. Backdoor E. Logic bomb
A. Spyware
Which of the following statements best describes a static NAT? A. Static NAT uses a one-to-one mapping. B. Static NAT uses a many-to-many mapping. C. Static NAT uses a one-to-many mapping. D. Static NAT uses a many-to-one mapping.
A. Static NAT uses a one-to-one mapping.
Which of the following describes hiding data within other files? A. Steganography B. PKI C. Encryption D. Nonrepudiation
A. Steganography
You want to reduce network traffic on a particular network segment to limit the amount of user visibility. Which of the following is the best device to use in this scenario? A. Switch B. Hub C. Router D. Firewall
A. Switch
Which type of encryption technology is used with the BitLocker application? A. Symmetric B. Asymmetric C. Hashing D. WPA2
A. Symmetric
You need to encrypt and send a large amount of data. Which of the following would be the best option? A. Symmetric encryption B. Hashing algorithm C. Asymmetric encryption D. PKI
A. Symmetric encryption
Which of the following log files identifies when a computer was last shut down? A. System B. Security C. Application D. Directory Services
A. System
HIDS and NIDS are similar intrusion detection systems. However, one is for individual computers, and the other is for networks. Which of the following would a HIDS be installed to monitor? A. System files B. CPU performance C. Network adapter performance D. Temporary Internet files
A. System files
You are reviewing your organization's continuity plan, which specifies an RTO of six hours and an RPO of two days. Which of the following is the plan describing? A. Systems should be restored within six hours and no later than two days after the incident B. Systems should be restored within two days and should remain operational for at least six hours. C. Systems should be restored within six hours with a maximum of two days' worth of data latency. D. Systems should be restored within two days with a minimum of six hours' worth of data.
A. Systems should be restored within six hours and no later than two days after the incident
What is the most secure method of authentication and authorization in its default form? A. TACACS B. Kerberos C. RADIUS D. LDAP
A. TACACS
You need to control access to a network through a Cisco router. Which of the following authentication services should you use? A. TACACS+ B. SSH C. Telnet D. SNMP
A. TACACS+
Which of the following attacks involve intercepting a session and modifying network packets? A. TCP/IP hijacking B. Denial of service C. Man-in-the-middle attack D. DNS poisoning E. Null session
A. TCP/IP hijacking C. Man-in-the-middle attack
Which of the following answers are not part of IPsec? (Select the two best answers.) A. TKIP B. Key exchange C. AES D. Authentication header
A. TKIP C. AES
Which of the following is embedded and contains a storage root key? A. TPM B. HSM C. EFS D. BitLocker
A. TPM
Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.) A. Technical support resources are consumed by increased user calls. B. Users are at risk for identity theft. C. Users are tricked into changing the system configuration. D. The e-mail server capacity is consumed by message traffic.
A. Technical support resources are consumed by increased user calls. C. Users are tricked into changing the system configuration.
On Monday, all employees of your organization report that they cannot connect to the corporate wireless network, which uses 802.1X with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the most likely cause of the problem? A. The Remote Authentication Dial-In User Service certificate has expired. B. The DNS server is overwhelmed with connections and is unable to respond to queries. C. There have been too many incorrect authentication attempts and this caused users to be temporarily disabled. D. The company IDS detected a wireless attack and disabled the wireless network.
A. The Remote Authentication Dial-In User Service certificate has expired.
Your boss wants you to properly log what happens on a database server. What are the most important concepts to think about while you do so? (Select the two best answers.) A. The amount of virtual memory that you will allocate for this task B. The amount of disk space you will require C. The information that will be needed to reconstruct events later D. Group Policy information
A. The amount of virtual memory that you will allocate for this task
You are surprised to notice that a co-worker's computer is communicating with an unknown IRC server and is scanning other systems on the network. None of this was scheduled by anyone in your organization, and the user appears to be unaware of what is transpiring. What is the most likely cause? A. The computer is part of a botnet. B. The computer is infected with a worm. C. The computer is infected with spyware. D. The computer is infected with a rootkit.
A. The computer is part of a botnet.
Last week, one of the users in your organization encrypted a file with a private key. This week the user left the organization, and unfortunately the systems administrator deleted the user's account. What are the most probable outcomes of this situation? (Select the two best answers.) A. The data is not recoverable. B. The former user's account can be re-created to access the file. C. The file can be decrypted with a PKI. D. The data can be decrypted using the recovery agent. E. The data can be decrypted using the root user account.
A. The data is not recoverable. D. The data can be decrypted using the recovery agent.
Which of the following is a best practice when a mistake is made during a forensic examination? A. The examiner should document the mistake and work around the problem. B. The examiner should attempt to hide the mistake during the examination. C. The examiner should disclose the mistake and assess another area of the disc. D. The examiner should verify the tools before, during, and after an examination.
A. The examiner should document the mistake and work around the problem.
You are in charge of recycling computers. Some of the computers have hard drives that contain personally identifiable information (PII). What should be done to the hard drive before it is recycled? A. The hard drive should be sanitized. B. The hard drive should be reformatted. C. The hard drive should be destroyed. D. The hard drive should be stored in a safe area.
A. The hard drive should be sanitized.
What does steganography replace in graphic files? A. The least significant bit of each byte B. The most significant bit of each byte C. The least significant byte of each bit D. The most significant byte of each bit
A. The least significant bit of each byte
In a discretionary access control model, who is in charge of setting permissions to a resource? A. The owner of the resource B. The administrator C. Any user of the computer D. The administrator and the owner
A. The owner of the resource
Analyze the following network traffic logs depicting communications between Computer1 and Computer2 on opposite sides of a router. The information was captured by the computer with the IPv4 address 10.254.254.10. Computer1 Computer2 [192.168.1.105]------[INSIDE 192.168.1.1 router OUTSIDE 10.254.254.1] -----[10.254.254.10] LOGS 7:58:36 SRC 10.254.254.1:3030, DST 10.254.254.10:80, SYN 7:58:38 SRC 10.254.254.10:80, DST 10.254.254.1:3030, SYN/ACK 7:58:40 SRC 10.254.254.1:3030, DST 10.254.254.10:80, ACK Given the information, which of the following can you infer about the network communications? A. The router implements NAT. B. The router filters port 80 traffic. C. 192.168.1.105 is a web server. D. The web server listens on a nonstandard port.
A. The router implements NAT.
Which of the following factors should you consider when evaluating assets to a company? (Select the two best answers.) A. Their value to the company B. Their replacement cost C. Where they were purchased from D. Their salvage value
A. Their value to the company B. Their replacement cost
Kerberos uses which of the following? (Select the two best answers.) A. Ticket distribution service B. The Faraday cage C. Port 389 D. Authentication service
A. Ticket distribution service D. Authentication service
Which of the following might a public key be used to accomplish? A. To decrypt the hash of a digital signature B. To encrypt web browser traffic C. To digitally sign a message D. To decrypt wireless messages
A. To decrypt the hash of a digital signature
You are a forensics investigator. What is the most important reason for you to verify the integrity of acquired data? A. To ensure that the data has not been tampered with B. To ensure that a virus cannot be copied to the target media C. To ensure that the acquired data is up to date D. To ensure that the source data will fit on the target media
A. To ensure that the data has not been tampered with
Why would an attacker use steganography? A. To hide information B. For data integrity C. To encrypt information D. For wireless access
A. To hide information
Why would you use a vulnerability scanner? A. To identify open ports on a computer B. To identify remote access policies C. To crack passwords D. To see whether passwords are sent as clear text
A. To identify open ports on a computer
Which of the following is a security reason to implement virtualization in your network? A. To isolate network services and roles B. To analyze network traffic C. To add network services at lower costs D. To centralize patch management
A. To isolate network services and roles
Why would a system administrator have both a user-level account and an administrator-level account? A. To prevent privilege escalation B. To prevent admin account lockout C. To prevent password sharing D. To prevent loss of access through implicit deny
A. To prevent privilege escalation
What is the purpose of a chain of custody as it is applied to forensic image retention? A. To provide documentation as to who handled the evidence B. To provide a baseline reference C. To provide proof the evidence hasn't been tampered with D. To provide data integrity
A. To provide documentation as to who handled the evidence
In an attempt to collect information about a user's activities, which of the following will be used by spyware? A. Tracking cookie B. Session cookie C. Shopping cart D. Persistent cookie
A. Tracking cookie
You want to secure data passing between two points on an IP network. What is the best method to protect from all but the most sophisticated APTs? A. Transport encryption B. Key escrow C. Block ciphers D. Stream ciphers
A. Transport encryption
One of your users complains that files are being randomly renamed and deleted. The last action the user took was to download and install a new screensaver on the computer. The user says that the file activity started immediately after installation of the screensaver. Which of following would be the best description for this screensaver? A. Trojan horse B. Logic bomb C. Virus D. Worm
A. Trojan horse
Which of these is a security component of Windows? A. UAC B. UPS C. Gadgets D. Control Panel
A. UAC
You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate with each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What is the best method to accomplish this? A. Use a virtual switch. B. Remove the virtual network from the routing table. C. Use a standalone switch. D. Create a VLAN without any default gateway.
A. Use a virtual switch.
The fundamental difference between symmetric key systems and asymmetric key systems is that symmetric key systems do which of the following? A. Use the same key on each end B. Use different keys on each end C. Use multiple keys for non-repudiation purposes D. Use public key cryptography
A. Use the same key on each end
Which of the following is the most common authentication model? A. Username and password B. Biometrics C. Key cards D. Tokens
A. Username and password
You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. Which of the following network design elements would most likely be used? A. VLAN B. DMZ C. NAT D. Routing
A. VLAN
You have been tasked with providing a staff of 250 employees secure remote access to your corporate network. Which of the following is the best solution? A. VPN concentrator B. Web security gateway C. Web proxy D. Software-based firewall
A. VPN concentrator
What are the best ways for a web programmer to prevent website application code from being vulnerable to XSRF attacks? (Select the two best answers.) A. Validate input on the client and the server side B. Ensure HTML tags are enclosed within angle brackets C. Permit URL redirection D. Restrict the use of special characters in form fields E. Use a web proxy to pass website requests between the user and the application
A. Validate input on the client and the server side D. Restrict the use of special characters in form fields
Which of the following best describes a protective countermeasure for SQL injection? A. Validating user input within web-based applications B. Installing an IDS to monitor the network C. Eliminating XSS vulnerabilities D. Implementing a firewall server between the Internet and the database server
A. Validating user input within web-based applications
Which of the following are good practices for tracking user identities? (Select the two best answers.) A. Video cameras B. Key card door access systems C. Sign-in sheets D. Security guards
A. Video cameras B. Key card door access systems
Eric wants to install an isolated operating system. What is the best tool to use? A. Virtualization B. UAC C. HIDS D. NIDS
A. Virtualization
Sandy is comparing six different computers on a network. She wants to know which of the systems is more susceptible to attack. Which is the best tool for her to use? A. Vulnerability scanner B. Port scanner C. Ping scanner D. Baseline reporting
A. Vulnerability scanner
Which of the following is the least secure type of wireless encryption? A. WEP 64-bit B. WEP 128-bit C. WPA with TKIP D. WPA2 with AES
A. WEP 64-bit
Your boss has asked you to reduce an AP's power setting and place the AP in the center of your building. What reconnaissance method is your boss trying to prevent? A. War-driving B. Evil twin C. Rogue AP D. RF interference
A. War-driving
Which of these is a true statement concerning active interception? A. When a computer is put between a sender and receiver B. When a person overhears a conversation C. When a person looks through files D. When a person hardens an operating system
A. When a computer is put between a sender and receiver
Which type of malware does not require a user to execute a program to distribute the software? A. Worm B. Virus C. Trojan horse D. Stealth
A. Worm
Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.) A. Worms self-replicate but Trojan horses do not. B. The two are the same. C. Worms are sent via e-mail; Trojan horses are not. D. Trojan horses are malicious attacks; worms are not.
A. Worms self-replicate but Trojan horses do not.
During an audit of your servers, you have noticed that most servers have large amounts of free disk space and have low memory utilization. Which of the following statements will be correct if you migrate some of the servers to a virtual environment? A. You might end up spending more on licensing, but less on hardware and equipment. B. You will need to deploy load balancing and clustering. C. Your baselining tasks will become simpler. D. Servers will encounter latency and lowered throughput
A. You might end up spending more on licensing, but less on hardware and equipment.
You have been tasked by your boss with calculating the annualized loss expectancy (ALE) for a $5000 server that crashes often. In the past year, the server crashed 10 times, requiring a reboot each time, which resulted in a 10% loss of functionality. What is the ALE of the server? A. $500 B. $5000 C. $10,000 D. $50,000
B. $5000
You are the systems administrator for your organization. You have been tasked to block database ports at the firewall. Which port should you block? A. 3389 B. 1433 C. 443 D. 53
B. 1433
Which of the following equations represents the complexity of a password policy that enforces a lowercase password using the letters a through z, where "n" is the password length? A. n2 * 26 B. 26^2 C. n26 D. 2n * 26
B. 26^2
Which of the following inbound ports must be opened on a server to allow a user to log in remotely? A. 53 B. 3389 C. 389 D. 636
B. 3389
Which of the following authentication protocols makes use of a supplicant, authenticator, and authentication server? A. Kerberos B. 802.1X C. RADIUS D. LDAP
B. 802.1X
Your organization has several conference rooms with wired RJ45 jacks that are used by employees and guests. The employees need to access internal organizational resources, but the guests only need to access the Internet. Which of the following should you implement? A. VPN and IPsec B. 802.1X and VLANs C. Switches and a firewall D. NAT and DMZ
B. 802.1X and VLANs
To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented? A. Data connection capabilities should be disabled. B. A password should be set on the smartphone. C. Smartphone data should be encrypted. D. Smartphone should be only for company use.
B. A password should be set on the smartphone.
Which of the following is a disadvantage of PGP? A. Weak encryption can be easily broken B. A recipient must trust a public key that is received. C. Private keys can be compromised. D. Man-in-the-middle attacks are common.
B. A recipient must trust a public key that is received.
What is the main difference between a secure hash and secure encryption? A. A secure hash can be reversed. B. A secure hash cannot be reversed. C. Secure encryption can be reversed. D. Secure encryption cannot be reversed
B. A secure hash cannot be reversed.
Which of the following best describes an IPS? A. A system that identifies attacks B. A system that stops attacks in progress C. A system that is designed to attract and trap attackers D. A system that logs attacks for later analysis
B. A system that stops attacks in progress
Robert needs to access a resource. In the DAC model, what is used to identify him or other users? A. Roles B. ACLs C. MAC D. Rules
B. ACLs
Which of the following encryption protocols is the strongest and can encrypt data with the least amount of CPU usage? A. DES B. AES C. 3DES D. RC4
B. AES
You have been tasked to implement an encryption algorithm that has a key length of 128 bits. Which of the following is the only solution? A. SHA B. AES C. 3DES D. DES
B. AES
Sherry must prevent users from accessing the network after 6 p.m. She must also prevent them from accessing the accounting department's shares at all times. Which of the following should Sherry implement? (choose 2) A. Single sign-on B. Access control lists C. MAC D. Job rotation E. Time of day restrictions
B. Access control lists E. Time of day restrictions
In the DAC model, how are permissions identified? A. Role membership. B. Access control lists. C. They are predefined. D. It is automatic.
B. Access control lists.
Alice wishes to send a file to Bob using a PKI. Which of the following types of keys should Alice use to sign the file? A. Alice's private key B. Alice's public key C. Bob's public key D. Bob's private key
B. Alice's public key
In the event that a mobile device is stolen, what two security controls can prevent data loss? (Select the two best answers.) A. GPS B. Asset tracking C. Screen locks D. Inventory control E. Full device encryption
B. Asset tracking E. Full device encryption
Which of the following is a record of the tracked actions of users? A. Performance Monitor B. Audit trails C. Permissions D. System and event logs
B. Audit trails
Which of the following is not a record of the tracked actions of users? A. Previous logon notification B. Audit trails C. Application log D. Security log
B. Audit trails
Which of the following concepts can ease administration but can be the victim of a malicious attack? A. Zombies B. Backdoors C. Buffer overflow D. Group Policy
B. Backdoors
After auditing an FTP server, you note that the server has an average of 100 concurrent connections. Where should you look to determine whether this is normal or whether your FTP server is being attacked? A. Secure code review B. Baseline reporting C. Security policy D. DRP
B. Baseline reporting
Why should penetration testing only be done during controlled conditions? A. Because vulnerability scanners can cause network flooding. B. Because penetration testing actively tests security controls and can cause system instability. C. Because white-box penetration testing cannot find zero-day attacks. D. Because penetration testing passively tests security controls and can cause system instability.
B. Because penetration testing actively tests security controls and can cause system instability.
What is it called when a hashing algorithm creates the same hash from two different messages? A. Collision B. Birthday attack C. Rainbow tables D. MD5
B. Birthday attack
A network stream of data needs to be encrypted. Jason, a security administrator, selects a cipher that will encrypt 128 bits at a time before sending the data across the network. Which of the following has Jason chosen? A. Stream cipher B. Block cipher C. Hashing algorithm D. RC4
B. Block cipher
Which of the following is the unauthorized access of information from a Bluetooth device? A. Bluejacking B. Bluesnarfing C. Deep Blue D. The Blues Brothers
B. Bluesnarfing
Your boss's smartphone is encrypted and has screen lock protection, yet data was still stolen from it. How is this possible? A. Botnet B. Bluesnarfing C. SIM cloning D. GPS tracking
B. Bluesnarfing
In a PKI, what is responsible for verifying certificate contents? A. Key escrow B. CA C. CRL D. Recovery agent
B. CA
You are required to renew an SSL certificate for a web server. Which of the following should you submit to the certificate authority? A. Private key B. CSR C. CRL D. RA
B. CSR
What two items are included in a digital certificate? (Select the two best answers.) A. User's private key B. Certificate authority's digital signature C. The user's public key D. Certificate authority's IP address
B. Certificate authority's digital signature C. The user's public key
You are told by your manager to keep evidence for later use at a court proceeding. Which of the following should you document? A. Disaster recovery plan B. Chain of custody C. Key distribution center D. Auditing
B. Chain of custody
Which of the following reduces the chances of a single point of failure on a server when it fails? A. Virtualization B. Clustering C. RAID D. Cold site
B. Clustering
Which of the following best describes a backdoor? A. Code inserted into software that initiates one of several types of functions when specific criteria are met B. Computer programs used to bypass normal authentication or other security mechanisms in place C. Code that restricts access to a computer and makes demands for money D. A group of compromised computers
B. Computer programs used to bypass normal authentication or other security mechanisms in place
The IT director asks you to protect a server's data from unauthorized access and disclosure. What is this an example of? A. Integrity B. Confidentiality C. Availability D. Non-repudiation
B. Confidentiality
You are the network security administrator. One of the system administrators reports to you that an unauthorized user has accessed the network. What should you do first? A. Contact the police. B. Contain the problem. C. Determine the monetary impact. D. Notify management.
B. Contain the problem.
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet? A. Instant messaging B. Cookies C. Group policies D. Temporary files
B. Cookies
Which of the following attacks uses a JavaScript image tag in an e-mail? A. SQL injection B. Cross-site scripting C. Cross-site request forgery D. Directory traversal E. Null pointer dereference
B. Cross-site scripting
Which of the following web application security weaknesses can be mitigated by preventing the usage of HTML tags? A. SQL injection B. Cross-site scripting C. LDAP injection D. Rootkits
B. Cross-site scripting
Your organization is attempting to reduce risk concerning the use of unapproved USB devices to copy files. What could you implement as a security control to help reduce risk? A. IDS B. DLP C. Content filtering D. Auditing
B. DLP
When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this? A. DoS B. DNS poisoning C. Modified hosts file D. Domain name kiting
B. DNS poisoning C. Modified hosts file
A person attempts to access a server during a zone transfer to get access to a zone file. What type of server are they trying to manipulate? A. Proxy server B. DNS server C. File server D. Web server
B. DNS server
Which of the following methods will identify which services are running on a computer? A. Calculate risk B. Determine open ports C. Review baseline reporting D. Review firewall logs
B. Determine open ports
Which of the following is most likely to result in data loss? A. Accounting personnel transferring confidential staff information with SFTP B. Developers copying data from production to test environments with USB sticks C. Encrypted backup tapes left unattended at reception for offsite storage D. Back office staff updating details on a mainframe with SSH
B. Developers copying data from production to test environments with USB sticks
What are the two ways in which you can stop employees from using USB flash drives? (Select the two best answers.) A. Utilize RBAC. B. Disable USB devices in the BIOS. C. Disable the USB root hub. D. Enable MAC filtering.
B. Disable USB devices in the BIOS. C. Disable the USB root hub.
You have been asked by an organization to help correct problems with users unknowingly downloading malicious code from websites. Which of the following should you do to fix this problem? A. Install a network-based intrusion detection system B. Disable unauthorized ActiveX controls C. Implement a policy to minimize the problem D. Use virtual machines
B. Disable unauthorized ActiveX controls
Your web server that conducts online transactions crashed, so you examine the HTTP logs and see that a search string was executed by a single user masquerading as a customer. The crash happened immediately afterward. What type of network attack occurred? A. DDoS B. DoS C. MAC spoofing D. MITM E. DNS amplification attack
B. DoS
You go out the back door of your building and notice someone looking through your company's trash. If this person were trying to acquire sensitive information, what would this attack be known as? A. Browsing B. Dumpster diving C. Phishing D. Hacking
B. Dumpster diving
Which of the following uses Transport Layer Security and does not work well in enterprise scenarios because certificates must be configured or managed on both the client side and server side? A. Transitive trust B. EAP-TLS C. EAP-TTLS D. EAP-FAST E. Kerberos
B. EAP-TLS
Which of the following is not a symmetric key algorithm? A. RC4 B. ECC C. 3DES D. Rijndael
B. ECC
You are tasked with selecting an asymmetric encryption method that allows for the same level of encryption strength, but with a lesser key length than is typically necessary. Which encryption method fulfills your requirement? A. RSA B. ECC C. DHE D. Twofish
B. ECC
Which of the following should be considered to mitigate data theft when using Cat 6 wiring? A. Multimode fiber B. EMI shielding C. CCTV D. Passive scanning
B. EMI shielding
What are kernel-level rootkits designed to do to a computer? (select two) A. Make a computer susceptible to pop-ups B. Extract confidential information C. Hide evidence of an attacker's presence D. Hide backdoors into the computer E. Crack the user's password
B. Extract confidential information C. Hide evidence of an attacker's presence
A critical system in the server room was never connected to a UPS. The security administrator for your organization has initiated an authorized service interruption of the server to fix the problem. Which of the following best describes this scenario? A. Succession planning B. Fault tolerance C. Continuity of operations D. Disaster recovery
B. Fault tolerance
Your manager has asked you to run cables for your network through a boiler room where there is a furnace and air conditioning equipment. These devices are known to cause interference. Which of the following types of cabling will have the best chance of preventing interference when working in this area? A. UTP B. Fiber-optic C. STP D. Coaxial
B. Fiber-optic
Which of the following cables suffers from chromatic dispersion if the cable is too long? A. Twisted-pair cable B. Fiber-optic cable C. Coaxial cable D. USB cables
B. Fiber-optic cable
Your organization currently uses two-factor authentication but wants to install a third factor of authentication. The existing system uses passwords and software-based PKI tokens. Which of the following would provide a third factor of authentication? A. Elliptic curve B. Fingerprint scanner C. Passphrases D. Four-digit pin codes
B. Fingerprint scanner
Which device uses stateful packet inspection? A. Switch B. Firewall C. Bridge D. IDS
B. Firewall
Which of the following devices should you employ to protect your network? (Select the best answer.) A. Protocol analyzer B. Firewall C. DMZ D. Proxy server
B. Firewall
You suspect that files are being illegitimately copied to an external location. The file server that the files are stored on does not have logging enabled. Which log should you access to find out more about the files that are being copied illegitimately? A. DNS log B. Firewall log C. Antivirus log D. System log
B. Firewall log
James has detected an intrusion in his company network. What should he check first? A. DNS logs B. Firewall logs C. The Event Viewer D. Performance logs
B. Firewall logs
Jennifer has been tasked with configuring multiple computers on the WLAN to use RDP on the same wireless router. Which of the following might be necessary to implement? A. Enable a DMZ for each wireless computer. B. Forward each computer to a different RDP port. C. Turn off port forwarding for each computer. D. Turn on AP isolation on the wireless router.
B. Forward each computer to a different RDP port.
You have implemented a security technique where an automated system generates random input data to test an application. What have you put into practice? A. XSRF B. Fuzzing C. Hardening D. Input validation
B. Fuzzing
Your high-tech server room needs a quality fire suppression system. What is the most appropriate type of fire suppression system to install? A. Dry chemical suppression B. Gaseous fire suppression C. Wet chemical suppression D. Dry-pipe sprinkler system
B. Gaseous fire suppression
Your company needs to have a backup plan in case power is lost for more than a few hours. Which of the following solutions should you implement? A. UPS B. Generator C. Warm site D. Redundant power supplies
B. Generator
Which of the following is a concern based on a user taking pictures with a smartphone? A. Application whitelisting B. Geotagging C. BYOD D. MDM
B. Geotagging
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to source code. What type of test are you running? A. White-box B. Gray-box C. Black-box D. SDLC
B. Gray-box
You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing? A. White-box B. Gray-box C. Black-box D. Passive vulnerability scan
B. Gray-box
Which device is used to encrypt the authentication process? A. WPA B. HSM C. Enigma machine D. Smart card
B. HSM
Of the following, which type of device attempts to serve client requests without the user actually contacting the remote server? A. IP proxy B. HTTP proxy C. Firewall D. DMZ
B. HTTP proxy
Which of the following protocols uses port 443? A. SFTP B. HTTPS C. SSHTP D. SSLP
B. HTTPS
You have been asked by your boss to protect the confidentiality of sensitive data entered into a database table. What is the best method to use? A. Encryption B. Hashing C. Secure Copy D. Biometrics
B. Hashing
Of the following, which is a collection of servers that was set up to attract attackers? A. DMZ B. Honeypot C. Honeynet D. VLAN
B. Honeypot
Which of the following would be installed on a single computer to prevent intrusion? A. Network firewall B. Host-based firewall C. Host intrusion detection system D. VPN concentrator
B. Host-based firewall
You want to prevent any intrusions to a single computer. What is the best solution? A. VPN concentrator B. Host-based firewall C. Host-based intrusion detection D. Network firewall
B. Host-based firewall
You need to regulate cooling in your data center. What is the best environmental control to use? A. EMI shielding B. Hot and cold aisles C. Fire suppression D. Video surveillance
B. Hot and cold aisles
James wants to set up a VPN connection between his main office and a satellite office. Which protocol should he use? A. 802.1X B. IPsec C. RDP D. Telnet
B. IPsec
Your organization has decided to move large sets of sensitive data to a SaaS cloud provider in order to limit storage and infrastructure costs. Your CIO requires that both the cloud provider and your organization have a clear understanding of the security controls that will be implemented to protect the sensitive data. What kind of agreement is this? A. SLA B. ISA C. MoU D. BPA
B. ISA
Your boss (the IT director) wants to move several internally developed software applications to an alternate environment, supported by a third party, in an effort to reduce the footprint of the server room. Which of the following is the IT director proposing? A. PaaS B. IaaS C. SaaS D. Community cloud
B. IaaS
The IT director asks you to perform a risk assessment of your organization's network. Which of the following should you do first? A. Identify vulnerabilities B. Identify organizational assets C. Identify threats and threat likelihood D. Identify potential monetary impact
B. Identify organizational as
Where is the optimal place to have a proxy server? A. In between two private networks B. In between a private network and a public network C. In between two public networks D. On all of the servers
B. In between a private network and a public network
One of the developers in your organization installs a new application in a test system to test its functionality before implementing into production. Which of the following is most likely affected? A. Application security B. Initial baseline configuration C. Application design D. Baseline comparison
B. Initial baseline configuration
Which of the following programming techniques can stop buffer overflow attacks? A. SQL injection attack B. Input validation C. Sandbox D. Backdoor analysis
B. Input validation
Which of the following is a step in deploying a WPA2-Enterprise wireless network? A. Install a DHCP server on the authentication server B. Install a digital certificate on the authentication server C. Install an encryption key on the authentication server D. Install a token on the authentication server
B. Install a digital certificate on the authentication server
Some of the employees in your organization complain that they are receiving e-mail loaded with advertisements. What should you do? A. Install anti-spyware. B. Install anti-spam. C. Install antivirus. D. Install a HIDS.
B. Install anti-spam.
You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? A. Install antivirus software. B. Install pop-up blockers. C. Install screensavers. D. Install a host-based firewall.
B. Install pop-up blockers.
A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts? A. Confidentiality B. Integrity C. Remediation D. Availability
B. Integrity
Carl is the security administrator for a transportation company. Which of the following should he encrypt to protect the data on a smartphone? (Select the two best answers.) A. Public keys B. Internal memory C. Master boot record (MBR) D. Steganographic images E. Removable memory cards
B. Internal memory E. Removable memory cards
A client contracts you to prevent users from accessing inappropriate websites. Which of the following technologies should you implement? A. NIDS B. Internet content filter C. Honeypot D. IP proxy
B. Internet content filter
Why is fiber-optic cable considered to be more secure than Category 6 twisted-pair cable? A. It is made of glass instead of copper. B. It is hard to tap. C. It is not susceptible to interference. D. It is more difficult to install.
B. It is hard to tap.
In a scenario where data integrity is crucial to the organization, which of the following is true about input validation regarding client/server applications? A. It must rely on the user's knowledge of the application. B. It should be performed on the server side. C. It should be performed on the client side only. D. It must be protected by SSL.
B. It should be performed on the server side.
Jeff wants to employ a Faraday cage. What will this accomplish? A. It will increase the level of wireless encryption. B. It will reduce data emanations. C. It will increase EMI. D. It will decrease the level of wireless emanations.
B. It will reduce data emanations.
One of the accounting people is forced to change roles with another accounting person every three months. What is this an example of? A. Least privilege B. Job rotation C. Mandatory vacation D. Separation of duties
B. Job rotation
You are in charge of training a group of technicians on the authentication method their organization uses. The organization currently runs an Active Directory infrastructure. Which of the following best correlates to the host authentication protocol used within that organization's IT environment? A. TACACS+ B. Kerberos C. LDAP D. 802.1X
B. Kerberos
You have completed the deployment of PKI within your organization's network. Legally you are required to implement a way to provide decryption keys to a governmental third party on an as-needed basis. Which of the following should you implement? A. Additional certificate authority B. Key escrow C. Recovery agent D. Certificate registration
B. Key escrow
Critical equipment should always be able to get power. What is the correct order of devices that your critical equipment should draw power from? A. Generator, line conditioner, UPS battery B. Line conditioner, UPS battery, generator C. Generator, UPS battery, line conditioner D. Line conditioner, generator, USP battery
B. Line conditioner, UPS battery, generator
What are the minimum requirements for a cold site? A. Location near the data center that meets power requirements B. Location that meets power and connectivity requirements C. Location with all required equipment loaded with all updates D. Location with duplicate systems
B. Location that meets power and connectivity requirements
A virus is designed to format a hard drive on a specific day. What kind of threat is this? A. Botnet B. Logic bomb C. Spyware D. Adware
B. Logic bomb
A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer? A. IP address B. MAC address C. Computer name D. NetBIOS name
B. MAC address
If a switch enters fail-open mode because its CAM table memory has been filled, then it will cease to function properly as a switch. What type of attack could cause this? A. Double tagging B. MAC flooding C. Physical tampering D. DoS
B. MAC flooding
While running a new network line, you find an active network switch above the ceiling tiles of the CEO's office with cables going in various directions. What attack is occurring? A. Impersonation B. MAC flooding C. Packet sniffing D. Spear phishing
B. MAC flooding
Which of the following describes key escrow? A. Maintains a secured copy of the user's private key for the purpose of recovering the CRL B. Maintains a secured copy of the user's private key for the purpose of recovering the key if it is lost C. Maintains a secured copy of the user's public key for the purpose of recovering messages if the key is lost D. Maintains a secured copy of the user's public key for the purpose of increasing network performance
B. Maintains a secured copy of the user's private key for the purpose of recovering the key if it is lost
You have critical backups that are made at night and taken to an offsite location. Which of the following would allow for a minimal amount of downtime in the case of a disaster? A. Have a backup server at the offsite location. B. Make the offsite location into a hot site. C. Make the offsite location into a warm site. D. Make the offsite location into a cold site.
B. Make the offsite location into a hot site.
A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following would best describe this level of access control? A. Least privilege B. Mandatory access control C. Role-based access control D. Implicit deny
B. Mandatory access control
You and several others on the IT team are deciding on an access control model. The IT director wants to implement the strictest access control model available, ensuring that data is kept as secure as possible. Which of the following access control models should you and your IT team implement? A. Discretionary access control B. Mandatory access control C. Role-based access control D. Rule-based access control
B. Mandatory access control
Which of the following is the greatest security risk of two or more companies working together under a memorandum of understanding? A. An MoU between two parties cannot be held to the same legal standards as a SLA. B. MoUs are generally loose agreements that do not have strict guidelines governing the transmission of sensitive data. C. Budgetary considerations may not have been written into the MoU. D. MoUs have strict policies concerning services performed between entities.
B. MoUs are generally loose agreements that do not have strict guidelines governing the transmission of sensitive data.
A DDoS attack can be best defined as what? A. Privilege escalation B. Multiple computers attacking a single server C. A computer placed between a sender and receiver to capture data D. Overhearing parts of a conversation
B. Multiple computers attacking a single server
Which of these hides an entire network of IP addresses? A. SPI B. NAT C. SSH D. FTP
B. NAT
What is the best (most secure) file system to use in Windows? A. FAT B. NTFS C. DFS D. FAT32
B. NTFS
Of the following, what is the worst place to store a backup tape? A. Near a bundle of fiber-optic cables B. Near a power line C. Near a server D. Near an LCD screen
B. Near a power line
Which layer of the OSI model does IPsec operate at? A. Data link B. Network C. Transport D. Application
B. Network
Which of the following can enable you to find all the open ports on an entire network? A. Protocol analyzer B. Network scanner C. Firewall D. Performance monitor
B. Network scanner
Which of the following tools can find the open ports on a network? A. Performance monitor B. Network scanner C. Protocol analyzer D. Password cracker
B. Network scanner
Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? A. Authenticity B. Non-repudiation C. Confidentiality D. Integrity
B. Non-repudiation
Which of the following are certificate-based authentication mapping schemes? (Select the two best answers.) A. One to-many mapping B. One-to-one mapping C. Many-to-many mapping D. Many-to-one mapping
B. One-to-one mapping D. Many-to-one mapping
Your Internet café operates a public wireless hotspot. Which of the following should you implement? A. Disable the SSID B. Open system authentication C. MAC filter D. Reduce the power level
B. Open system authentication
Russ is using only documentation to test the security of a system. What type of testing methodology is this known as? A. Active security analysis B. Passive security analysis C. Hybrid security analysis D. Hands-on security analysis
B. Passive security analysis
An example of a program that does comparative analysis is what? A. Protocol analyzer B. Password cracker C. Port scanner D. Event Viewer
B. Password cracker
Which of the following methods should you use to fix a single security issue on a computer? A. Configuration baseline B. Patch C. Service pack D. Patch management
B. Patch
The IT director is worried about OS vulnerabilities. What suggestion should you give as the best way to mitigate this threat? A. Locking cabinet B. Patch management C. Anti-spam software D. Encryption
B. Patch management
Which of the following would not be considered part of a disaster recovery plan? A. Hot site B. Patch management software C. Backing up computers D. Tape backup
B. Patch management software
You have been given ten hard drives that need to be decommissioned. What is the first thing you should do? A. Format the hard drive. B. Perform a bit-level erasure or overwrite the drive. C. Contact a waste disposal facility. D. Burn the hard drives in an incinerator.
B. Perform a bit-level erasure or overwrite the drive.
You are logging a server. What security measures should you implement? A. Perform CRCs B. Perform hashing of the log files C. Apply retention policies on the log files D. Collect temporary files
B. Perform hashing of the log files C. Apply retention policies on the log files
Which of the following requires special handling and policies for data retention and distribution? (Select the two best answers.) A. Phishing B. Personal electronic devices C. SOX D. PII
B. Personal electronic devices D. PII
Which of the following social engineering attacks relies on impersonation in an attempt to gain personal information? A. Hoaxes B. Phishing C. Dumpster diving D. Shoulder surfing
B. Phishing
Your organization has implemented cloud computing. Which of the following security controls do you no longer possess? A. Logical control of data B. Physical control of data C. Administrative control of data D. Executive control of data
B. Physical control of data
Don must configure his firewall to support TACACS+. Which port(s) should he open on the firewall? A. Port 53 B. Port 49 C. Port 161 D. Port 22
B. Port 49
As you review your firewall log, you see the following information. What type of attack is this? S=207.50.135.54:53 - D=10.1.1.80:0 S=207.50.135.54:53 - D=10.1.1.80:1 S=207.50.135.54:53 - D=10.1.1.80:2 S=207.50.135.54:53 - D=10.1.1.80:3 S=207.50.135.54:53 - D=10.1.1.80:4 S=207.50.135.54:53 - D=10.1.1.80:5 A. Denial-of-service B. Port scanning C. Ping scanning D. DNS spoofing
B. Port scanning
Which of the following tools can be used to check network traffic for clear-text passwords? A. Password cracker B. Protocol analyzer C. Port scanner D. Performance monitor
B. Protocol analyzer
You have been contracted to determine if network activity spikes are related to an attempt by an attacker to breach the network. The customer wants you to identify when the activity occurs and what type of traffic causes the activity. Which type of tool should you use? A. Network mapper B. Protocol analyzer C. System Monitor D. Performance Monitor
B. Protocol analyzer
Your boss has asked you to implement a solution that will monitor users and limit their access to external websites. Which of the following is the best solution? A. NIDS B. Proxy server C. Block all traffic on port 80 D. Honeypot
B. Proxy server
Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? (Select the three best answers.) A. AV software B. Proxy server C. Spam filter D. Load balancer E. Firewall F. URL filter G. NIDS
B. Proxy server E. Firewall F. URL filter
For a user to obtain a certificate from a certificate authority, the user must present two items. The first is proof of identity. What is the second? A. Password B. Public key C. Private key D. Authentication
B. Public key
Which of the following asymmetric keys is used to encrypt data to be decrypted by an intended recipient only? A. Secret key B. Public key C. Private key D. Session key
B. Public key
You have been asked to set up authentication through PKI, and encryption of a database using a different cryptographic process to decrease latency. What encryption types should you use? A. Public key encryption to authenticate users and public keys to encrypt the database B. Public key encryption to authenticate users and private keys to encrypt the database C. Private key encryption to authenticate users and private keys to encrypt the database D. Private key encryption to authenticate users and public keys to encrypt the database
B. Public key encryption to authenticate users and private keys to encrypt the database
Which method would you use if you were disposing hard drives as part of a company computer sale? A. Destruction B. Purging C. Clearing D. Formatting
B. Purging
Your organization uses VoIP. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic? A. NAT B. QoS C. NAC D. Subnetting
B. QoS
To show risk from a monetary standpoint, which of the following should risk assessments be based upon? A. Survey of loss, potential threats, and asset value B. Quantitative measurement of risk, impact, and asset value C. Complete measurement of all threats D. Qualitative measurement of risk and impact
B. Quantitative measurement of risk, impact, and asset value
Which of the following only encrypts the password portion of a packet between the client and server? A. TACACS B. RADIUS C. TACACS+ D. XTACACS
B. RADIUS
One of your database servers is mission-critical. You cannot afford any downtime. What is the best item to implement to ensure minimal downtime of the server and ensure fault tolerance of the data stored on the database server? A. UPS B. RAID C. Redundant server D. Spare parts
B. RAID
Which of the following RAID versions offers the least amount of performance degradation when a disk in the array fails? A. RAID 0 B. RAID 1 C. RAID 4 D. RAID 5
B. RAID 1
Which of the following encryption algorithms is used to encrypt and decrypt data? A. SHA-256 B. RC5 C. MD5 D. NTLM
B. RC5
You have been tasked with investigating a compromised web server and just finished analyzing the logs of a firewall. You see the following open inbound ports appear in the log: 22, 25, 445, 514, 1433, 3225, 3389 Of the following answers, which was most likely used to access the server remotely? A. HTTP B. RDP C. LDAP D. HTTPS E. Telnet F. Syslog
B. RDP
Your server room has most items bolted down to the floor, but some items - such as network testing tools - can be easily removed from the room. Which security control can you implement to allow for automated notification of the removal of an item from the server room? A. Environmental monitoring B. RFID C. EMI shielding D. CCTV
B. RFID
Which of the following algorithms depends on the inability to factor large prime numbers? A. AES B. RSA C. Elliptic curve D. Diffie-Hellman
B. RSA
Which of the following encryption algorithms are supported by the IEEE 802.11i standard? A. TKIP B. RSA C. ECC D. AES
B. RSA
Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers? A. SHA-1 B. RSA C. WPA D. Symmetric
B. RSA
Which the following algorithms is used by the protocol TLS to establish a session key? A. AES B. RSA C. RC4 D. HTTPS E. SSL
B. RSA
The IT director tasks you to set up a backup plan to ensure that your organization can be back up and running within hours if a disaster occurs. Which of the following should you implement? A. Hot site B. Redundant servers C. Cold site D. Tape backup
B. Redundant servers
Your company has six web servers. You are implementing load balancing. What is this an example of? A. UPS B. Redundant servers C. RAID D. Warm site
B. Redundant servers
Your Windows domain has additional servers configured as member servers. Your job is to minimize the risk of unauthorized persons logging on locally to the member servers. Your solution should have a minimal impact on local management and administration and should not limit administrator access. Which of the following are the best solutions? A. Disable account lockout policies. B. Require strong passwords. C. Rename the local default accounts. D. Configure all services to run under the context of the Local System account. E. Disable the local default accounts. F. Provide backdoors into the member servers.
B. Require strong passwords. C. Rename the local default accounts.
Susan is in charge of installing a business-critical application on an Internet-facing server. She is going to update the application to the most current version. What other security control should she perform in conjunction with the update? A. Run a port scan of the application server. B. Review and apply vendor-provided hardening documentation. C. Configure the firewall to prevent the application from auto-updating. D. Configure the firewall to allow the application to auto-update.
B. Review and apply vendor-provided hardening documentation.
You have implemented an X.509 PKI. One of the private keys has been compromised before the certificate's regular expiration date. What should you do? A. Validate the certificate. B. Revoke the certificate. C. Register the certificate. D. Put the certificate in escrow.
B. Revoke the certificate
You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server? A. Spam B. Rootkit C. Backdoor D. Logic bomb E. Ransomware
B. Rootkit
Eliot just finished taking a forensic image of a server's memory. What should he employ to ensure image integrity? A. Compress the image B. Run the image through SHA-2. C. Run the image through AES-128. D. Make a duplicate of the image.
B. Run the image through SHA-2.
Which of the following is a trusted OS implementation used to prevent malicious code from executing on Linux platforms? A. System File Checker (SFC) B. SELinux C. Tripwire D. vmlinuz
B. SELinux
Which of the following protocols allow for the secure transfer of files? (Select the two best answers.) A. SNMP B. SFTP C. TFTP D. SCP E. ICMP
B. SFTP D. SCP
The IT director recommends that you require your service provider to give you an end-to-end traffic performance guarantee. What document will include this guarantee? A. Chain of custody B. SLA C. DRP D. Incident response procedures
B. SLA
In what way can you gather information from a remote printer? A. HTTP B. SNMP C. CA D. SMTP
B. SNMP
You need to monitor network devices on your network. Which of the following protocols will best help you complete this task? A. ICMP B. SNMP C. SMTP D. NetBIOS
B. SNMP
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP? A. SMTP B. SPA C. SAP D. Exchange
B. SPA
What is a secure way to remotely administer Linux systems? A. SCP B. SSH C. SNMP D. SFTP
B. SSH
Which of the following, when removed, can increase the security of a wireless access point? A. MAC filtering B. SSID C. WPA D. Firewall
B. SSID
Which of the following misuses the Transmission Control Protocol handshake process? A. Man-in-the-middle attack B. SYN attack C. WPA attack D. Replay attack
B. SYN attack
Which of the following individuals uses code with little knowledge of how it works? A. Hacktivist B. Script kiddie C. APT D. Insider
B. Script kiddie
You are attempting to apply corporate security settings to a workstation. Which of the following would be the best solution? A. Hotfix B. Security template C. Patch D. Services.msc
B. Security template
What does isolation mode on an AP provide? A. Hides the SSID B. Segments each wireless user from every other wireless user C. Stops users from communicating with the AP D. Stops users from connecting to the Internet
B. Segments each wireless user from every other wireless user
You have been hired by an organization to design the security for its banking software. You need to implement a system where tasks involving the transfer of money require action by more than one user. Activities should be logged and audited often. What access control method should you implement? A. Job rotation B. Separation of duties C. Implicit deny D. Least privilege
B. Separation of duties
Which of the following is the most secure type of cabling? A. Unshielded twisted-pair B. Shielded twisted-pair C. Coaxial D. Category 6
B. Shielded twisted-pair
Several users complain they are encountering intermittent loss of network connectivity. The computers are wired to the LAN, and no wireless devices are being used. What should you implement? A. Data emanation B. Shielding C. HVAC D. Faraday cage
B. Shielding
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this? A. Anomaly-based IDS B. Signature-based IDS C. Behavior-based IDS D. Heuristic-based IDS
B. Signature-based IDS
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this? A. Anomaly-based IDS B. Signature-based IDS C. Behavior-based IDS D. Inline IDS
B. Signature-based IDS
Michael's company has a single web server that is connected to three other distribution servers. What is the greatest risk involved in this scenario? A. Fraggle attack B. Single point of failure C. Denial-of-service attack D. Man-in-the-middle attack
B. Single point of failure
Before gaining access to the data center, you must swipe your finger on a device. What type of authentication is this? A. Biometrics B. Single sign-on C. Multifactor D. Tokens
B. Single sign-on
Greg needs to centralize the authentication of multiple networking systems against a single user database. What is he trying to implement? A. Access control list B. Single sign-on C. Multifactor authentication D. Common Access Card
B. Single sign-on
Robert has been asked to make sure that a server is highly available. He must ensure that hard drive failure will not affect the server. Which of the following methods allows for this? (choose 2) A. True clustering B. Software RAID 1 C. Load balancing D. Hardware RAID 5 E. Software RAID 0
B. Software RAID 1 D. Hardware RAID 5
In biometrics, what aspect of human authentication does a thumbprint scanner test for? A. Something a user knows B. Something a user is C. Something a user has D. Something a user does
B. Something a user is
Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat? A. Spyware B. Spam C. Viruses D. Botnets
B. Spam
An employee has been terminated from your organization. What can ensure that the organization continues to have access to the employee's private keys? A. Store the keys in a CRL B. Store the keys in escrow C. Delete the employee's user account D. Retain the employee's token
B. Store the keys in escrow
Your web server's private key has been compromised by a malicious intruder. What, as the security administrator, should you do? A. Issue a new CA. B. Submit the public key to the CRL. C. Submit the private key to the CRL. D. Use key escrow.
B. Submit the public key to the CRL.
In a secure environment, which authentication mechanism performs better? A. RADIUS because it encrypts client/server passwords B. TACACS+ because it encrypts client/server negotiation dialogs C. TACACS+ because it is a remote access authentication service D. RADIUS because it is a remote access authentication service
B. TACACS+ because it encrypts client/server negotiation dialogs
Which of the following transport protocols and port numbers does Secure Shell use? A. UDP port 69 B. TCP port 22 C. TCP port 389 D. UDP port 53
B. TCP port 22
You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement? A. HSM B. TPM C. HIDS D. USB encryption
B. TPM
Your network has a DHCP server, AAA server, LDAP server, and e-mail server. Instead of authenticating wireless connections locally at the WAP, you want to utilize RADIUS for the authentication process. When you configure the WAP's authentication screen, what server should you point to, and which port should you use? A. The DHCP server and port 67 B. The AAA server and port 1812 C. The LDAP server and port 389 D. The e-mail server and port 143
B. The AAA server and port 1812
What ensures that a CRL is authentic and has not been modified? A. The CRL can be accessed by anyone. B. The CRL is digitally signed by the CA C. The CRL is always authentic. D. The CRL is encrypted by the CA.
B. The CRL is digitally signed by the CA
Of the following, which two security measures should be implemented when logging a server? (Select the two best answers.) A. Cyclic redundancy checks B. The application of retention policies on log files C. Hashing of log files D. Storing of temporary files
B. The application of retention policies on log files C. Hashing of log files
Which of the following statements is correct about IPsec authentication headers? A. The authentication information is a keyed hash based on half of the bytes in the packet. B. The authentication information is a keyed hash based on all the bytes in the packet. C. The authentication information hash will remain the same even if the bytes change on transfer. D. The authentication header cannot be used in combination with the IP Encapsulating Security Payload.
B. The authentication information is a keyed hash based on all the bytes in the packet.
You are a security administrator for a midsized company that uses several applications on its client computers. After the installation of a specialized program on one computer, a software application executed an online activation process. Then, a few months later, the computer experienced a hardware failure. A backup image of the operating system was restored on a newer revision of the same brand and model computer. After that restoration, the specialized program no longer works. Which of the following is the most likely cause of the problem? A. The restored image backup was encrypted with the wrong key. B. The hash key summary of the hardware and the specialized program no longer match. C. The specialized program is no longer able to perform remote attestation due to blocked ports. D. The binary files used by the specialized program have been modified by malware.
B. The hash key summary of the hardware and the specialized program no longer match.
How do most network-based viruses spread? A. By optical disc B. Through e-mail C. By USB flash drive D. By instant messages
B. Through e-mail
What is the purpose of LDAP authentication services? A. To prevent multifactor authentication B. To act as a single point of management C. To implement MAC D. To issue one-time passwords
B. To act as a single point of management
What is the primary purpose of network address translation (NAT)? A. To hide the public network from internal hosts B. To convert IP addresses into domain names C. To cache web pages D. To hide internal hosts from the public network
B. To convert IP addresses into domain names
Why would you implement password masking? A. To deter tailgating B. To deter shoulder surfing C. To deter impersonation D. To deter hoaxes
B. To deter shoulder surfing
In a wireless network, why is an SSID used? A. To secure the wireless access point B. To identify the network C. To encrypt data D. To enforce MAC filtering
B. To identify the network
Virtualization is a broad term that includes the use of virtual machines and the extraction of computer resources. Which of the following is the best security reason for using virtualization of network servers? A. To centralize patch management B. To isolate network services and roles C. To add network services D. To analyze network traffic
B. To isolate network services and roles
Why would you deploy a wildcard certificate? A. To extend the renewal date of the certificate B. To reduce the burden of certificate management C. To increase the certificate's encryption key length D. To secure the certificate's private key
B. To reduce the burden of certificate management
What are the best reasons to use an HSM? A. To recover keys B. To store keys C. For a CRL D. To generate keys E. To transfer keys to the hard drive
B. To store keys D. To generate keys
What are LDAP and Kerberos commonly used for? A. To sign SSL wildcard certificates B. To utilize single sign-on capabilities C. To perform queries on a directory service D. To store usernames and passwords in a FIM system
B. To utilize single sign-on capabilities
What is the main reason to frequently view the logs of a DNS server? A. To create aliases B. To watch for unauthorized zone transfers C. To defend against denial-of-service attacks D. To prevent domain name kiting
B. To watch for unauthorized zone transfers
Which of the following gives the user a one-time password? A. PIV B. Tokens C. Single sign-on D. Biometrics
B. Tokens
You are using the following backup scheme: A full backup is made every Friday night at 6 p.m., and differential backups are made every other night at 6 p.m. Your database server fails on a Thursday afternoon at 4 p.m. How many tapes will you need to restore the database server? A. One B. Two C. Three D. Four
B. Two
What device should be used to ensure that a server does not shut down when there is a power outage? A. RAID 1 box B. UPS C. Redundant NIC D. Hot site
B. UPS
Which of the following should be performed on a computer to protect the OS from malicious software? A. Install a perimeter firewall B. Update HIPS signatures C. Update NIDS signatures D. Disable unused services E. Disable DEP settings
B. Update HIPS signatures D. Disable unused services
You have been tasked with protecting an operating system from malicious software. What should you do? (Select the two best answers.) A. Disable the DLP. B. Update the HIPS signatures. C. Install a perimeter firewall. D. Disable unused services. E. Update the NIDS signatures.
B. Update the HIPS signatures. D. Disable unused services.
A coworker has installed an SMTP server on the company firewall. What security principle does this violate? A. Chain of custody B. Use of a device as it was intended C. Man trap D. Use of multifunction network devices
B. Use of a device as it was intended
Which of the following would a routine system audit most likely include? A. Penetration testing B. User rights and permissions reviews C. Security policy development D. Port scanning
B. User rights and permissions reviews
You have been instructed to install an intrusion detection system that can protect a database server and the rest of the network. You cannot afford to use any more resources on the database server. You decide to implement a network intrusion detection system. Why is this superior to a host-based intrusion detection system? (two best answers) A. A HIDS is not reliable when it comes to detecting attacks. B. Usually, a HIDS cannot detect network attacks. C. A HIDS cannot be updated. D. A HIDS can negatively impact system performance.
B. Usually, a HIDS cannot detect network attacks. D. A HIDS can negatively impact system performance.
You suspect that an unauthorized person has accessed your server room. Which of the following would be the best proof of this? A. Card key log B. Video surveillance C. Security log D. Security guard testimony
B. Video surveillance
The IT director asks you to determine if weak passwords are used by any of the users on your network. You run a password-cracking program to determine this. What is this an example of? A. Antivirus scanning B. Vulnerability assessment C. Fingerprinting D. Baselining
B. Vulnerability assessment
Your organization does business with in a TEMPEST-certified building. What attack does this help to prevent? A. Weak encryption B. War-driving C. Bluejacking D. Bluesnarfing
B. War-driving
In Windows, which of the following commands will not show the version number? A. Systeminfo B. Wf.msc C. Winver D. Msinfo32.exe
B. Wf.msc
When is it appropriate to use vulnerability scanners to identify any potential holes in your security design? A. When testing disaster mitigation planning B. When testing to identify known potential security risks inherent to your design C. When testing the network's response to specific attacks D. When testing the automatic detection and alerts of your network
B. When testing to identify known potential security risks inherent to your design
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? A. Virus B. Worm C. Zombie D. PHP script
B. Worm
Which of the following firewall rules only denies DNS zone transfers? A. deny IP any any B. deny TCP any any port 53 C. deny UDP any any port 53 D. deny all dns packets
B. deny TCP any any port 53
Your network uses the subnet mask 255.255.255.224. Which of the following IPv4 addresses are able to communicate with each other? (Select the two best answers.) A. 10.36.36.126 B. 10.36.36.158 C. 10.36.36.166 D. 10.36.36.184 E. 10.36.36.224
C. 10.36.36.166 D. 10.36.36.184
Which of the following is a private IPv4 address? A. 11.16.0.1 B. 127.0.0.1 C. 172.16.0.1 D. 208.0.0.1
C. 172.16.0.1
Which of the following is a Class B private IP address? A. 10.254.254.1/16 B. 192.168.1.1/16 C. 172.16.1.1/16 D. 169.254.50.1/24
C. 172.16.1.1/16
For a remote tech to log in to a user's computer in another state, what inbound port must be open on the user's computer? A. 21 B. 389 C. 3389 D. 8080
C. 3389
Which port number does the protocol LDAP use when it is secured? A. 389 B. 443 C. 636 D. 3389
C. 636
You have been asked to set up a web server that will service regular HTTP requests as well as HTTP Secure requests. Which of the following ports would you use by default? A. 21 B. 25 C. 80 D. 135 E. 443 F. 445
C. 80 E. 443
Which of the following ports is used by Kerberos by default? A. 21 B. 80 C. 88 D. 443
C. 88
Which port does Kerberos use by default? A. 21 B. 80 C. 88 D. 389
C. 88
Your data center has highly critical information. Because of this you want to improve upon physical security. The data center already has a video surveillance system. What else can you add to increase physical security? (Select the two best answers.) A. A software-based token system B. Access control lists C. A mantrap D. Biometrics
C. A mantrap D. Biometrics
Which statement best applies to the term Java applet? A. It decreases the usability of web-enabled systems. B. It is a programming language. C. A web browser must have the capability to run Java applets. D. It uses digital signatures for authentication.
C. A web browser must have the capability to run Java applets.
What is the main difference between a worm and a virus. A. A virus is easily removed. B. A worm is undetectable. C. A worm is self-replicating. D. A virus is larger.
C. A worm is self-replicating.
You are attempting to move data to a USB flash drive. Which of the following enables a rapid and secure connection? A. SHA-2 B. 3DES C. AES-256 D. MD5
C. AES-256
Which of the following does the discretionary access control model use to identify users who have permissions to a resource? A. Roles that users have in the organization B. Predefined access privileges C. Access control lists D. Security labels
C. Access control lists
Jane is a systems administrator and must revoke the access of a user who has been terminated. Which policy must she implement? A. Password recovery B. Password expiration C. Account disablement D. Account lockout
C. Account disablement
You are consulting for a small organization that relies on employees who work from home and on the road. An attacker has compromised the network by denying remote access to the company using a script. Which of the following security controls did the attacker exploit? A. Password complexity B. DoS C. Account lockout D. Password length
C. Account lockout
Which of the following is the best description of a security advantage when using a standardized server image? A. All antivirus software will be current. B. All current updates for the OS will already have been applied. C. All mandated security configurations will already have been applied to the OS. D. OS licensing will be easier to track.
C. All mandated security configurations will already have been applied to the OS.
Which of the following types of firewalls provides inspection of data at layer 7 of the OSI model? A. Network address translation B. Stateful inspection C. Application-proxy D. Circuit-level gateway
C. Application-proxy
You are the network administrator for your organization and are in charge of many servers, including one web server. Which of the following is the best way to reduce vulnerabilities on your web server? A. Enable auditing and review log files B. Block DNS on port 80 C. Apply updates and patches D. Use a 24/7 packet sniffer
C. Apply updates and patches
The university science lab is normally locked when no one is using it. The professor of the science department has a key to unlock the door. Other faculty members are given keys to lock the door only. What type of key structure is this? A. Symmetric B. Key escrow C. Asymmetric D. Secret keys
C. Asymmetric
Which of the following is the verification of a person's identity? A. Authorization B. Accountability C. Authentication D. Password
C. Authentication
Which of the following is the final step a user needs to take before that user can access domain resources? A. Verification B. Validation C. Authorization D. Authentication
C. Authorization
Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.) A. Accountability B. Assessment C. Availability D. Auditing
C. Availability
You are in charge of your organization's backup plan. You need to make sure that the data backups are available in case of a disaster. However, you need to keep the plan as inexpensive as possible. Which of the following solutions should you implement? A. Implement a hot site B. Implement a cold site C. Back up data to removable media and store a copy offsite D. Implement a remote backup solution
C. Back up data to removable media and store a copy offsite
A security assessment of an existing application has never been made. Which of the following is the best assessment technique to use to identify an application's security posture? A. Functional testing B. Threat modeling C. Baseline reporting D. Protocol analysis
C. Baseline reporting
Of the following, which is not a logical method of access control? A. Username/password B. Access control lists C. Biometrics D. Software-based policy
C. Biometrics
Which of the following might be used to start a DDoS attack? A. Spyware B. Worm C. Botnet D. Rootkit
C. Botnet
What are recovery point objectives and recovery time objectives related to? A. Risk managem B. Succession planning C. Business impact analysis D. Single points of failure
C. Business impact analysis
Of the following, which type of fire suppression can prevent damage to computers and servers? A. Class A B. Water C. CO2 D. ABC extinguishers
C. CO2
Where would you store a revoked certificate? A. Key escrow B. Recovery agent C. CRL D. PKI
C. CRL
Which of the following might be included in Microsoft Security Bulletins? A. PHP B. CGI C. CVE D. TLS
C. CVE
Which of the following is the best fire suppression system to use if you do not want any equipment to be damaged? A. Wet pipe sprinkler B. Deluge sprinkler C. Carbon dioxide D. Wet chemical fire extinguisher
C. Carbon dioxide
Which of the following will a Faraday cage prevent the usage of? A. USB flash drives B. Uninterruptible power supplies C. Cell phones D. Wired keyboards
C. Cell phones
To prevent ad hoc configuration issues on your wireless network, what method should you implement? A. Incident management strategy B. Auditing strategy C. Change management strategy D. Patch management strategy
C. Change management strategy
If a fire occurs in the server room, which device is the best method to put it out? A. Class A extinguisher B. Class B extinguisher C. Class C extinguisher D. Class D extinguisher
C. Class C extinguisher
Your boss has tasked you with ensuring that reclaimed space on a hard drive has been sanitized while the computer is in use. What job should you perform? A. Individual file encryption B. Full disk encryption C. Cluster tip wiping D. Storage retention
C. Cluster tip wiping
Your company expects its employees to behave in a certain way. How could a description of this behavior be documented? A. Chain of custody B. Separation of duties C. Code of ethics D. Acceptable use policy
C. Code of ethics
You check the application log of your web server and see that someone attempted unsuccessfully to enter the text below into an HTML form field. Which attack was attempted? test; etc/passwd A. SQL injection B. Code injection C. Command injection D. Buffer overflow
C. Command injection
Which of the following is the greatest risk when it comes to removable storage? A. Integrity of data B. Availability of data C. Confidentiality of data D. Accountability of data
C. Confidentiality of data
Which of the following encompasses application patch management? A. Policy management B. Fuzzing C. Configuration management D. Virtualization
C. Configuration management
Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer? A. Router B. Firewall C. Content filter D. NIDS
C. Content filter
Which of the following techniques enables an already secure organization to assess security vulnerabilities in real time? A. Baselining B. ACLs C. Continuous monitoring D. Video surveillance
C. Continuous monitoring
Which of the following is the best practice to implement when securing logs files? A. Log all failed and successful login attempts. B. Deny administrators access to log files. C. Copy the logs to a remote log server. D. Increase security settings for administrators.
C. Copy the logs to a remote log server.
Your organization uses a SOHO wireless router all-in-one device. The network has five wireless BYOD users and two web servers that are wired to the network. What should you configure to protect the servers from the BYOD users' devices? (Select the two best answers.) A. Implement EAP-TLS B. Change the default HTTP port C. Create a VLAN for the servers D. Deny incoming connections to the outside router interface E. Disable physical ports F. Create an ACL to access the servers
C. Create a VLAN for the servers F. Create an ACL to access the servers
What key combination helps to secure the logon process? A. Windows+R B. Ctrl+Shift+Esc C. Ctrl+Alt+Del D. Alt+F4
C. Ctrl+Alt+Del
A security analyst wants to ensure that all external traffic is able to access an organization's front-end servers but also wants to protect access to internal resources. Which network design element is the best option for the security analyst? A. VLAN B. Virtualization C. DMZ D. Cloud computing
C. DMZ
A Uniform Resource Locator (URL) is a type of Uniform Resource Identifier (URI) that specifies where an identified resource is available. When a user attempts to go to a website, she notices the URL has changed. Which attack is the most likely cause of the problem? A. Denial of service B. ARP poisoning C. DNS poisoning D. DLL injection
C. DNS poisoning
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? A. Availability of virtual machines B. Integrity of data C. Data confidentiality D. Hardware integrity
C. Data confidentiality
You have found vulnerabilities in your SCADA system. Unfortunately, changes to the SCADA system cannot be made without vendor approval, which can take months to obtain. Which of the following is the best way to protect the SCADA system in the interim? A. Install a firewall in the SCADA network B. Update AV definitions on the SCADA system C. Deploy a NIPS at the edge of the SCADA network D. Enable auditing of accounts on the SCADA system
C. Deploy a NIPS at the edge of the SCADA network
Which of the following best describes a NIDS? A. Used to attract and trap potential attackers B. Filters out various types of Internet activities such as websites accessed C. Detects malicious network activities such as port scans and DoS attacks D. Redirects malicious traffic
C. Detects malicious network activities such as port scans and DoS attacks
You perform a risk assessment for your organization. What should you do during the impact assessment? A. Determine actions that can be taken to mitigate any potential threat B. Determine how likely it is that a threat might actually occur C. Determine the potential monetary costs related to a threat D. Determine how well the organization is prepared to manage the threat
C. Determine the potential monetary costs related to a threat
You are the security administrator for your company. You have been informed by human resources that one of the employees in accounting has been terminated. What should you do? A. Delete the user account. B. Speak to the employee's supervisor about the person's data. C. Disable the user account. D. Change the user's password.
C. Disable the user account.
An administrator wants to reduce the size of the attack surface of a Windows Server. Which of the following is the best answer to accomplish this? A. Update antivirus software. B. Install updates. C. Disable unnecessary services. D. Install network intrusion detection systems.
C. Disable unnecessary services.
You have been tasked with securing a switch from physical access. Which of the following should you implement first? A. Set up access control lists. B. Check the baseline configuration. C. Disable unused ports. D. Disable unnecessary accounts.
C. Disable unused ports.
When you arrive at work in the morning, you discover that the server room has been the victim of a fire, and all the servers have been rendered useless. Which of the following is the most important item to have to ensure that your organization can recover from this disaster? A. Warm site B. Offsite backup C. Disaster recovery plan D. Fault-tolerant servers
C. Disaster recovery plan
Which of the following can allow the owner to restrict access to resources according to the identity of the user? A. Mandatory access control B. Role-based access control C. Discretionary access control D. CRL
C. Discretionary access control
You want to stop malicious eavesdroppers from capturing network traffic. What should you implement? A. Hot and cold aisles B. Video surveillance C. EMI shielding D. HVAC shielding
C. EMI shielding
You scan your network and find a rogue AP with the same SSID used by your network. What type of attack is occurring? A. War-driving B. Bluesnarfing C. Evil twin D. IV attack
C. Evil twin
Which of the following descriptions is true concerning external security testing? A. External security testing is conducted from outside the building where an organization's servers are hosted. B. External security testing is conducted from outside the perimeter switch but inside the border router. C. External security testing is conducted from outside the organization's security perimeter. D. External security testing is conducted from outside the perimeter switch but inside the organization's firewall.
C. External security testing is conducted from outside the organization's security perimeter.
Which of the following is the most secure protocol for transferring files? A. FTP B. SSH C. FTPS D. Telnet
C. FTPS
What type of cabling is the most secure for networks? A. STP B. UTP C. Fiber-optic D. Coaxial
C. Fiber-optic
Which of the following cable media is the least susceptible to a tap? A. Coaxial cable B. Twisted-pair cable C. Fiber-optic cable D. CATV cable
C. Fiber-optic cable
Which of the following would fall into the category of "something a person is"? A. Passwords B. Passphrases C. Fingerprints D. Smart cards
C. Fingerprints
Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what? A. Port security B. Content inspection C. Firewall rules D. Honeynet
C. Firewall rules
Which of the following attacks is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19? A. Teardrop B. IP spoofing C. Fraggle D. Replay
C. Fraggle
Which of the following threats is not associated with Bluetooth? A. Discovery mode B. Bluesnarfing C. Fraggle attack D. Bluejacking
C. Fraggle attack
An attacker has identified and exploited several vulnerabilities in a closed-source application that your organization has developed. What did the attacker implement? A. Secure code review B. Vulnerability testing C. Fuzzing D. Compiling
C. Fuzzing
Of the following, what is the best option to implement if you want to be able to recover a lost laptop? A. Remote wipe B. HIDS C. GPS D. Whole disk encryption
C. GPS
Which of the following tape backup methods enables daily backups, weekly full backups, and monthly full backups? A. Towers of Hanoi B. Incremental C. Grandfather-father-son D. Differential E. Snapshot
C. Grandfather-father-son
When it comes to security policies, what should HR personnel be trained in? A. Maintenance B. Monitoring C. Guidelines and enforcement D. Vulnerability assessment
C. Guidelines and enforcement
Which of the following uses an asymmetric key to open a session, and then establishes a symmetric key for the remainder of the session? A. TLS B. SFTP C. HTTPS D. SSL E. TFTP
C. HTTPS
Which of the following is the least volatile when performing incident response procedures? A. RAM B. Registers C. Hard drive D. RAID cache
C. Hard drive
A security administrator analyzed the following logs: Host: 10.248.248.67 [02: 15: 11]Successful Login: 045 10.248.248.67:local [02: 15: 16]Unsuccessful Login: 067 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 072 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 058 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 094 208.159.67.23: RDP 10.248.248.67 What should the security administrator implement as a mitigation method against further attempts? A. System log monitoring B. IDS C. Hardening D. Reporting
C. Hardening
Which of the following best describes the baseline process of securing a device within a network infrastructure? A. Active prevention B. Enumerating C. Hardening D. Passive detection
C. Hardening
The security administrator has added the following information to a SOHO router: PERMIT 00:1C:C0:A2:56:18 DENY 01:23:6D:A9:55:EC Now, a mobile device user reports a problem connecting to the network. What is preventing the user from connecting? A. Port filtering has been implemented. B. IP address filtering has been implemented. C. Hardware address filtering has been implemented. D. WPA2-PSK requires a supplicant on the mobile device.
C. Hardware address filtering has been implemented.
How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.) A. Have the user contact the webmaster. B. Have the user check for HTTPS://. C. Have the user click the padlock in the browser and verify the certificate. D. Have the user call the ISP.
C. Have the user click the padlock in the browser and verify the certificate.
You oversee compliance with financial regulations for credit card transactions. You need to block out certain ports on the individual computers that do these transactions. What should you implement to best achieve your goal? A. HIPS B. Antivirus updates C. Host-based firewall D. NIDS
C. Host-based firewall
You are developing a security plan for your organization. Which of the following is an example of a physical control? A. Password B. DRP C. ID card D. Encryption
C. ID card
Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses? A. HTTP proxy B. Protocol analyzer C. IP proxy D. SMTP proxy E. PAC
C. IP proxy
You ping a hostname on the network and receive a response including the address 2001:4560:0:2001::6A. What type of address is listed within the response? A. MAC address B. Loopback address C. IPv6 address D. IPv4 address
C. IPv6 address
Which of the following attacks involves the interception of authentication traffic on a wireless network? A. Evil twin B. Replay attack C. IV attack D. Near field communication
C. IV attack
The helpdesk department for your organization reports that there are increased calls from clients reporting malware-infected computers. Which of the following steps of incident response is the most appropriate as a first response? A. Recovery B. Lessons learned C. Identification D. Containment E. Eradication
C. Identification
Two items are needed before a user can be given access to the network. What are these two items? A. Authentication and authorization B. Authorization and identification C. Identification and authentication D. Password and authentication
C. Identification and authentication
Virtualization technology is often implemented as operating systems and applications that run in software. Often, it is implemented as a virtual machine. Of the following, which can be a security benefit when using virtualization? A. Patching a computer will patch all virtual machines running on the computer. B. If one virtual machine is compromised, none of the other virtual machines can be compromised. C. If a virtual machine is compromised, the adverse effects can be compartmentalized. D. Virtual machines cannot be affected by hacking techniques.
C. If a virtual machine is compromised, the adverse effects can be compartmentalized.
Which of the following will stop network traffic when the traffic is not identified in the firewall ruleset? A. Explicit allow B. Explicit deny C. Implicit deny D. Access control lists
C. Implicit deny
You are analyzing why the incident response team of your organization could not identify a recent incident that occurred. Review the e-mail below and then answer the question that follows. E-mail from the incident response team: A copyright infringement alert was triggered by IP address 11.128.50.1 at 02: 30: 01 GMT. After reviewing the following logs for IP address 11.128.50.1 we cannot correlate and identify the incident. - 02: 25: 23 11.128.50.1 http://externalsite.com/login.asp?user=steve - 02: 30: 15 11.128.50.1 http://externalsite.com/login.asp?user=amy - 03: 30: 01 11.128.50.1 http://externalsite.com/access.asp?file=movie.mov - 03: 31: 08 11.128.50.1 http://externalsite.com/download.asp?movie.mov=ok Why couldn't the incident response team identify and correlate the incident? A. The logs are corrupt. B. The chain of custody was not properly maintained. C. Incident time offsets were not accounted for. D. Traffic logs for the incident are not available.
C. Incident time offsets were not accounted for.
Which of the following techniques supports availability when considering a vendor-specific vulnerability in critical industrial control systems? A. Verifying that antivirus definitions are up to date B. Deploying multiple firewalls at the network perimeter C. Incorporating diversity into redundant design D. Enforcing application whitelists
C. Incorporating diversity into redundant design
To code applications in a secure manner, what is the best practice to use? A. Cross-site scripting B. Flash version 3 C. Input validation D. HTML version 5
C. Input validation
You want to curtail users from e-mailing confidential data outside your organization. Which of the following would be the best method? A. Block port 110 on the firewall. B. Prevent the usage of USB flash drives. C. Install a network-based DLP device. D. Implement PGP.
C. Install a network-based DLP device.
Which of the following is the most effective way of preventing adware? A. Install an antivirus program B. Install a host-based intrusion detection system C. Install a pop-up blocker D. Install a firewall
C. Install a pop-up blocker
Of the following, what is the service provided by message authentication code? A. Confidentiality B. Fault tolerance C. Integrity D. Data recovery
C. Integrity
What does a virtual private network use to connect one remote host to another? (Select the best answer.) A. Modem B. Network adapter C. Internet D. Cell phone
C. Internet
If your ISP blocks objectionable material, what device would you guess has been implemented? A. Proxy server B. Firewall C. Internet content filter D. NIDS
C. Internet content filter
Which of the following statements is true about a certificate revocation list? A. It should be kept secret. B. It must be encrypted. C. It should be kept public. D. It should be used to sign other keys.
C. It should be kept public.
You review the system logs for your organization's firewall and see that an implicit deny is within the ACL. Which is an example of an implicit deny? A. When an access control list is used as a secure way of moving traffic from one network to another. B. Implicit deny will deny all traffic from one network to another. C. Items not specifically given access are denied by default. D. Everything will be denied because of the implicit deny.
C. Items not specifically given access are denied by default.
Which of the following characterizations best suits the term Java applets? A. Java applets include a digital signature. B. Java applets allow for customized controls and icons. C. Java applets need to have virtual machine web browser support. D. Java applets are the same as ActiveX controls.
C. Java applets need to have virtual machine web browser support.
In an attempt to detect fraud and defend against it, your company cross-trains people in each department. What is this an example of? A. Separation of duties B. Chain of custody C. Job rotation D. Least privilege
C. Job rotation
Your organization implements a policy in which accounting staff needs to be cross-trained in various banking software to detect possible fraud. What is this an example of? A. Separation of duties B. Least privilege C. Job rotation D. Due care
C. Job rotation
Which of the following authentication models places importance on a ticket-granting server? A. PAP B. CHAP C. Kerberos D. RADIUS
C. Kerberos
Which of the following authentication systems makes use of a Key Distribution Center? A. Security tokens B. CHAP C. Kerberos D. Certificates
C. Kerberos
An administrator configures Unix accounts to authenticate to a non-Unix server on the internal network. The configuration file incorporates the following information: DC=ServerName and DC=COM. Which service is being used? A. SAML B. RADIUS C. LDAP D. TACACS+
C. LDAP
Which of the following is a secure wireless authentication method that uses a RADIUS server for the authenticating? A. CCMP B. WEP-PSK C. LEAP D. WPA2-PSK
C. LEAP
Your organization wants to improve its security posture by addressing risks uncovered by a recent penetration test. Which of the following is most likely to affect the organization on a day-to-day basis? A. Large-scale natural disaster B. Corporate espionage C. Lack of antivirus software D. Insufficient encryption
C. Lack of antivirus software
Hardware-based encryption devices such as hardware security modules (HSMs) are sometimes deployed by organizations more slowly than in other organizations. What is the best reason for this? A. RBAC B. USB removable encryption C. Lack of management software D. Multifactor authentication
C. Lack of management software
Which of the following is a technical control? A. Disaster recovery plan B. Baseline configuration development C. Least privilege implementation D. Categorization of system security
C. Least privilege implementation
Which of the following uses multiple computers to share work? A. RAID B. VPN concentrator C. Load balancing D. Switching
C. Load balancing
You have several unused USB flash drives, three laptops, and two HSMs that contain sensitive data. What is the best way to prevent the theft of these devices? A. GPS tracking B. Encryption C. Locking cabinet D. Hashing
C. Locking cabinet
What kind of threat is a virus that is designed to format a computer's hard drive on a specific calendar day? A. Bot B. Spyware C. Logic bomb D. Adware
C. Logic bomb
Which of the following will most likely enable an attacker to force a switch to function like a hub? A. DNS spoofing B. ARP poisoning C. MAC flooding D. DNS poisoning
C. MAC flooding
Which of the following is a room or "closet" where wiring and circuits merge, creating a potential attack point? A. SATCOM B. NFC C. MDF D. TEMPEST
C. MDF
Which of the following about authentication is false? A. RADIUS is a client-server system that provides authentication, authorization, and accounting services. B. PAP is insecure because usernames and passwords are sent as clear text. C. MS-CHAPv2 is not capable of mutual authentication of the client and server. D. CHAP is more secure than PAP because it encrypts usernames and passwords.
C. MS-CHAPv2 is not capable of mutual authentication of the client and server.
When authenticating with PEAP, what is used to provide mutual authentication between peer computers? A. MSCHAPv110-056 B. MD5 C. MSCHAPv2 D. EAP
C. MSCHAPv2
Which of the following types of scanners can locate a rootkit on a computer? A. Image scanner B. Barcode scanner C. Malware scanner D. Adware scanner
C. Malware scanner
Which of the following can prevent tailgating? A. Video cameras B. Biometrics C. Mantraps D. Proximity cards
C. Mantraps
User awareness and training can help with which of the following? A. Compliance with legislative and vendor software best practices B. Enforcement of physical security requirements C. Minimizing organizational risk caused by users D. Identifying DoS attacks
C. Minimizing organizational risk caused by users
To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this? A. Biometrics B. Domain logon C. Multifactor D. Single sign-on
C. Multifactor
What is MAC filtering a form of? A. VPN B. NAT C. NAC D. DMZ
C. NAC
Which of the following devices would detect but not react to suspicious behavior on the network? (Select the most accurate answer.) A. NIPS B. Firewall C. NIDS D. HIDS E. UTM
C. NIDS
Which of the following will detect malicious packets and discard them? A. Proxy server B. NIDS C. NIPS D. PAT
C. NIPS
Which of the following is a vulnerability assessment tool? A. John the Ripper B. Aircrack-ng C. Nessus D. Cain & Abel
C. Nessus
Where would you turn off file sharing in Windows? A. Control Panel B. Local Area Connection C. Network and Sharing Center D. Firewall properties
C. Network and Sharing Center
Which of the following tools require a computer with a network adapter that can be placed in promiscuous mode? A. Password cracker B. Vulnerability scanner C. Network mapper D. Protocol analyzer E. Port scanner
C. Network mapper D. Protocol analyzer
You have been contracted to conduct a forensics analysis on a server. Which of the following should you do first? A. Analyze temporary files B. Run an antivirus scan C. Obtain a binary copy of the system D. Search for spyware
C. Obtain a binary copy of the system
You want to secure your data to retain it over the long term. What is the best way to do this? A. Onsite clustering B. Virtualization C. Offsite backup D. RAID 5 onsite backup
C. Offsite backup
Where are software firewalls usually located? A. On routers B. On servers C. On clients D. On every computer
C. On clients
Which of the following encryption protocols uses a PSK? A. TPM B. CRL C. PGP D. DLP
C. PGP
Which of the following protocols is not used to create a VPN tunnel and not used to encrypt VPN tunnels? A. PPTP B. L2TP C. PPP D. IPsec
C. PPP
Which of the following cloud computing services offers easy-to-configure operating systems? A. SaaS B. IaaS C. PaaS D. VM
C. PaaS
Which of the following are the best options when it comes to increasing the security of passwords? (Select the two best answers.) A. Password age B. Password expiration C. Password complexity D. Password history E. Password length
C. Password complexity E. Password length
Users are required to change their passwords every 30 days. Which policy should be configured? A. Password length B. Password recovery C. Password expiration D. Account lockout
C. Password expiration
Kate is allowed to perform a self-service password reset. What is this an example of? A. Password expiration B. Password length C. Password recovery D. Password complexity
C. Password recovery
Which of the following should you implement to fix a single security issue on the computer? A. Service pack B. Support website C. Patch D. Baseline
C. Patch
Which of the following is one example of verifying new software changes on a test system A. Application hardening B. Virtualization C. Patch management D. HIDS
C. Patch management
The IT director asks you to configure security for your network. The network is isolated from the Internet by a perimeter network. The perimeter network contains three web servers and a network intrusion detection system. You need to test the network's capability to detect and respond to a denial-of-service attack against the applications running on the web servers. What method should you use? A. Port scanning B. Vulnerability scanning C. Penetration testing D. Network analysis
C. Penetration testing
You are configuring security for a network that is isolated from the Internet by a perimeter network. You need to test the network's ability to detect and respond to a DoS attack. What should you implement? A. Port scanning B. Network packet analysis C. Penetration testing D. Vulnerability scanning
C. Penetration testing
Of the following, which is the best way for a person to find out what security holes exist on the network? A. Run a port scan. B. Use a network sniffer. C. Perform a vulnerability assessment. D. Use an IDS solution.
C. Perform a vulnerability assessment.
What is it known as when traffic to a website is redirected to another, illegitimate site? A. Phishing B. Whaling C. Pharming D. Spim
C. Pharming
Turnstiles, double entry doors, and security guards are all preventative measures for what kind of social engineering? A. Dumpster diving B. Impersonation C. Piggybacking D. Eavesdropping
C. Piggybacking
Your boss asks you to implement multifactor authentication. Which of the following should you use? A. Username and password B. Common Access Card C. Pin number and smart card D. ACL entry and password
C. Pin number and smart card
You are the security administrator working for a large corporation with many remote workers. You are tasked with deploying a remote access solution for both staff and contractors. Company management favors Remote Desktop Services because of its ease of use. Your current risk assessment suggests that you protect Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should you choose? A. Change remote desktop to a non-standard port, and implement password complexity for the entire Active Directory domain. B. Distribute new IPsec VPN client software to applicable parties, and then virtualize the remote desktop services functionality. C. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication. D. Deploy a remote desktop server on your internal LAN, and require an Active Directory integrated SSL connection for access.
C. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.
John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required for SSL transactions? A. Port 80 inbound B. Port 80 outbound C. Port 443 inbound D. Port 443 outbound
C. Port 443 inbound
Which of the following methods could identify when an unauthorized access has occurred? A. Two-factor authentication B. Session termination C. Previous logon notification D. Session lock
C. Previous logon notification
Users are required to log in to the network. They use a smart card to do so. Which type of key does the smart card use to log in to the network? A. Cipher key B. Shared key C. Private key D. Public key
C. Private key
Which tool would you use if you want to view the contents of a packet? A. TDR B. Port scanner C. Protocol analyzer D. Loopback adapter
C. Protocol analyzer
You are designing the environmental controls for a server room that contains several servers and other network devices. What roles will an HVAC system play in this environment? (Select the two best answers.) A. Shield equipment from EMI B. Provide isolation in case of a fire C. Provide an appropriate ambient temperature D. Maintain appropriate humidity levels E. Vent fumes from the server room
C. Provide an appropriate ambient temperature D. Maintain appropriate humidity levels
Which of the following solutions should be used by heavily utilized networks? A. VPN concentrator B. Remote access C. Provider cloud D. Telephony
C. Provider cloud
Which of the following is used to cache content? A. Firewall B. Load balancer C. Proxy D. VPN concentrator
C. Proxy
Which of the following types of keys are stored in a CRL? A. Private keys only B. TPM keys C. Public and private keys D. Public keys only
C. Public and private keys
Two computers are attempting to communicate with the SSL protocol. Which two types of keys will be used? (Select the two best answers.) A. Recovery key B. Session key C. Public key D. Key card
C. Public key
In this scenario, your organization and a sister organization use multiple certificate authorities (CAs). Which component of PKI is necessary for one CA to know whether to accept or reject certificates from another CA? A. CRL B. Key escrow C. RA D. Recovery agent
C. RA
Which of the following is an authentication system that uses UDP as the transport mechanism? A. LDAP B. Kerberos C. RADIUS D. TACACS+
C. RADIUS
To determine network access requirements, a person working in HR has been tasked with assigning users in Accounting the same job function. What is this an example of? A. MAC B. DAC C. RBAC D. ACL
C. RBAC
Which of the following protocols are you observing in the packet capture below? 16:42:01 - SRC 192.168.1.5:3389 - DST 10.254.254.57:8080 - SYN/ACK A. HTTP B. HTTPS C. RDP D. SFTP
C. RDP
You are tasked with ensuring that messages being sent and received between two systems are both encrypted and authenticated. Which of the following protocols accomplishes this? A. Diffie-Hellman B. BitLocker C. RSA D. SHA-384
C. RSA
Your company has a fiber-optic connection to the Internet. Which of the following can enable your network to remain operational even if the fiber-optic line fails? A. Redundant network adapters B. RAID 5 C. Redundant ISP D. UPS
C. Redundant ISP
Your CFO's smartphone holding classified data has been stolen. What is the best way to reduce data leakage? A. Inform law enforcement. B. Track the device with GPS. C. Remotely sanitize the device. D. Use strong encryption.
C. Remotely sanitize the device.
Your network is an Active Directory domain controlled by a Windows Server domain controller. The Finance group has read permission to the Reports and History shared folders and other shared folders. The Accounting group has read and write permissions to the Reports, AccountRecs, and Statements shared folders. Several users are members of both the Finance and Accounting groups. All the folders are located on a file server. The Everyone group is granted the Full Control NTFS permission for each folder through inheritance, but non-administrative users do not have the right to log on locally at the server. Access to the shared folders is managed through share permissions. It is determined that the Finance group should no longer have read access to the Reports folder. This change should not affect access permissions granted through membership in other groups. What is the best solution to the problem? A. Deny the read permission to the Finance group for the Reports folder B. Deny the read permission individually for each member of the Finance group for the Reports folder C. Remove the read permission from the Finance group for the Reports folder D. Delete the Finance group
C. Remove the read permission from the Finance group for the Reports folder
What is the best definition for ARP? A. Resolves IP addresses to DNS names B. Resolves IP addresses to hostnames C. Resolves IP addresses to MAC addresses D. Resolves IP addresses to DNS addresses
C. Resolves IP addresses to MAC addresses
What should you do to make sure that a compromised PKI key cannot be used again? A. Renew the key. B. Reconfigure the key. C. Revoke the key. D. Create a new key.
C. Revoke the key.
Which of the following enables an attacker to hide the presence of malicious code by altering Registry entries? A. Worm B. Logic bomb C. Rootkit D. Trojan
C. Rootkit
You investigate an executive's laptop and find a system-level kernel module that is modifying the operating system's functions. What is this an example of? A. Logic bomb B. Virus C. Rootkit D. Worm
C. Rootkit
Alice has read and write access to a database. Bob, her subordinate, only has read access. Alice needs to leave to go to a conference. Which access control type should you implement to trigger write access for Bob when Alice is not onsite? A. Discretionary access control B. Mandatory access control C. Rule-based access control D. Role-based access control E. Attribute-based access control
C. Rule-based access control
Which of the following details one of the primary benefits of using S/MIME? A. S/MIME expedites the delivery of e-mail messages. B. S/MIME enables users to send e-mail messages with a return receipt. C. S/MIME enables users to send both encrypted and digitally signed e-mail messages. D. S/MIME enables users to send anonymous e-mail messages.
C. S/MIME enables users to send both encrypted and digitally signed e-mail messages.
Which is the most secure option when transferring files from one host to another? A. FTP B. TFTP C. SFTP D. Telnet
C. SFTP
You need to protect passwords. Which of the following protocols is not recommended because it can supply passwords over the network? A. DNS B. ICMP C. SNMP D. Kerberos
C. SNMP
You have been tasked with providing daily network usage reports of layer 3 devices without compromising any data during the information gathering process. Which of the following protocols should you select to provide for secure reporting in this scenario? A. ICMP B. SNMP C. SNMPv3 D. SSH
C. SNMPv3
In an environment where the transmission and storage of PII data needs to be encrypted, what methods should you select? (Select the two best answers.) A. TFTP B. TKIP C. SSH D. PGP E. SNMP F. NTLM
C. SSH D. PGP
The IT director has asked you to set up an authentication model in which users can enter their credentials one time, yet still access multiple server resources. What type of authentication model should you implement? A. Smart card and biometrics B. Three-factor authentication C. SSO D. VPN
C. SSO
What is it known as when a web script runs in its own environment and does not interfere with other processes? A. Quarantine B. Honeynet C. Sandbox D. VPN
C. Sandbox
Users in your organization receive an e-mail encouraging them to click a link to obtain exclusive access to the newest version of a popular smartphone. What is this an example of? A. Trust B. Intimidation C. Scarcity D. Familiarity
C. Scarcity
Which of the following should occur first when developing software? A. Fuzzing B. Penetration testing C. Secure code review D. Patch management
C. Secure code review
Which two options can prevent unauthorized employees from entering a server room? (Select the two best answers.) A. Bollards B. CCTV C. Security guard D. 802.1X E. Proximity reader
C. Security guard E. Proximity reader
You are setting up auditing on a Windows computer. If set up properly, which log should have entries? A. Application log B. System log C. Security log D. Maintenance log
C. Security log
Which of the following should be done if an audit recording fails? A. Stop generating audit records. B. Overwrite the oldest audit records. C. Send an alert to the administrator. D. Shut down the server.
C. Send an alert to the administrator.
Which of the following persons is ultimately in charge of deciding how much residual risk there will be? A. Chief security officer B. Security administrator C. Senior management D. Disaster recovery plan coordinator
C. Senior management
Which layer of the OSI model is where SSL provides encryption? A. Network B. Transport C. Session D. Application
C. Session
If a person takes control of a session between a server and a client, it is known as what type of attack? A. DDoS B. Smurf C. Session hijacking D. Malicious software
C. Session hijacking
Which of following is the most basic form of IDS? A. Anomaly-based B. Behavioral-based C. Signature-based D. Statistical-based
C. Signature-based
A man pretending to be a data communications repair technician enters your building and states that there is networking trouble and he needs access to the server room. What is this an example of? A. Man-in-the-middle attack B. Virus C. Social engineering D. Chain of custody
C. Social engineering
Which of the following should you install to stop unwanted and unsolicited e-mails? A. Spyware definitions B. Pop-up blockers C. Spam filters D. Virus definitions
C. Spam filters
What is another term for secret key encryption? A. PKI B. Asymmetrical C. Symmetrical D. Public key
C. Symmetrical
What is secret key encryption also called? A. Asymmetrical encryption B. One-way function C. Symmetrical encryption D. Quantum encryption
C. Symmetrical encryption
Your organization is designing two new systems. They require emphasis on the following: System A requires high availability. System B requires high security. Which configuration should you select? A. System A and System B both fail open. B. System A fails closed. System B fails open. C. System A fails open. System B fails closed. D. System A and System B both fail closed.
C. System A fails open. System B fails closed.
When attempting to grant access to remote users, which protocol uses separate, multiple-challenge responses for each of the authentication, authorization, and audit processes? A. RADIUS B. TACACS C. TACACS+ D. LDAP
C. TACACS+
The organization you work for, a video streaming company, hired a security consultant to find out how customer credit card information was stolen. He determined that it was stolen while in transit from gaming consoles. What should you implement to secure this data in the future? A. Firmware updates B. WAF C. TCP Wrapper D. IDS
C. TCP Wrapper
Which of the following is a detective security control? A. Bollards B. Firewall C. Tape backup D. CCTV
C. Tape backup
Jason needs to add several users to a group. Which of the following will help him to get the job done faster? A. Propagation B. Inheritance C. Template D. Access control lists
C. Template
Which of the following services uses port 49? A. File Transfer Protocol B. Post Office Protocol version 3 C. Terminal Access Controller Access-Control System Plus D. Domain Name System
C. Terminal Access Controller Access-Control System Plus
Tom is getting reports from several users that they are unable to download specific items from particular websites, although they can access other pages of those websites. Also, they can download information from other websites just fine. Tom's IDS is also sending him alarms about possible malicious traffic on the network. What is the most likely cause why the users cannot download the information they want? A. The firewall is blocking web activity. B. The NIDS is blocking web activity from those specific websites. C. The NIPS is blocking web activity from those specific websites. D. The router is blocking web activity.
C. The NIPS is blocking web activity from those specific websites.
A computer that is connected to an NAC-enabled network is not asked for the proper NAC credentials. What is a possible reason for this? A. The computer is not patched. B. The computer doesn't have the latest antivirus definitions. C. The computer is missing the authentication agent. D. The computer does not have the latest SP.
C. The computer is missing the authentication agent.
A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened? A. The computer is infected with spyware. B. The computer is infected with a virus. C. The computer is now part of a botnet. D. The computer is now infected with a rootkit.
C. The computer is now part of a botnet.
Malware can use virtualization techniques. Why would this be difficult to detect? A. A portion of the malware might have already been removed by an IDS. B. The malware might be using a Trojan. C. The malware could be running at a more privileged level than the computer's antivirus software. D. The malware might be running in the command-line.
C. The malware could be running at a more privileged level than the computer's antivirus software.
What can happen if access mechanisms to data on an encrypted USB hard drive are not implemented correctly? A. Data on the USB drive can be corrupted. B. Data on the hard drive can be vulnerable to log analysis. C. The security controls on the USB drive can be bypassed. D. User accounts can be locked out.
C. The security controls on the USB drive can be bypassed.
An attacker gained access to your server room by physically removing the proximity reader from the wall near the entrance. This caused the electronic locks on the door to release. Why did the locks release? A. The proximity reader was improperly installed. B. The system used magnetic locks and the locks became demagnetized. C. The system was designed to fail-open for life safety. D. The system was installed in a fail-close configuration.
C. The system was designed to fail-open for life safety.
Which of the following is the strongest password? A. |ocrian# B. Marqu1sD3S0d C. This1sV#ryS3cure D. Thisisverysecure
C. This1sV#ryS3cure
Which of the following is an example of two-factor authentication? A. L2TP and IPsec B. Username and password C. Thumbprint and key card D. Client and server
C. Thumbprint and key card
Which of the following is the best reason to perform a penetration test? A. To identify all vulnerabilities and weaknesses within your network B. To passively test security controls C. To determine the potential impact of a threat against your network D. To find the security posture of the network
C. To determine the potential impact of a threat against your network
What is the main purpose of a physical access log? A. To enable authorized employee access B. To show who exited the facility C. To show who entered the facility D. To prevent unauthorized employee access
C. To show who entered the facility
What is one reason to implement security logging on a DNS server? A. To perform penetration testing on the server B. To prevent DNS DoS C. To watch for unauthorized zone transfers D. To measure server performance
C. To watch for unauthorized zone transfers
Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer? A. Worm B. Virus C. Trojan D. Spam
C. Trojan
The server room is on fire. What should the HVAC system do? A. Increase the humidity. B. Increase the heat. C. Turn off. D. Turn on the AC.
C. Turn off.
What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented? A. Man-in-the-middle B. TCP/IP hijacking C. UDP attack D. ICMP flood
C. UDP attack
Which of the following would most likely be considered for DLP? A. Proxy server B. Print server C. USB mass storage device D. Application server content
C. USB mass storage device
You want to mitigate the possibility of privilege creep among your long-term users. What procedure should you employ? A. Mandatory vacations B. Job rotation C. User permission reviews D. Separation of duties
C. User permission reviews
What would you implement to separate two departments? A. MAC filtering B. Cloud computing C. VLAN D. SaaS
C. VLAN
You get an automated call from what appears to be your bank. The recording asks you to state your name, state your birthday, and enter your bank account number to validate your identity. What type of attack has been perpetuated against you? A. Pharming B. Phishing C. Vishing D. Spoofing
C. Vishing
You are configuring an 802.11n wireless network. You need to have the best combination of encryption and authorization. Which of the following options should you select? A. WPA2-PSK B. WEP and 802.1X C. WPA-Enterprise D. WPA and TKIP
C. WPA-Enterprise
Which of the following is the most secure protocol to use when accessing a wireless network? A. WEP B. WPA C. WPA2 D. TKIP
C. WPA2
A targeted e-mail attack is received by your organization's CFO. What is this an example of? A. Vishing B. Phishing C. Whaling D. Spear phishing
C. Whaling
A security administrator for your organization utilized a heuristic system to detect an anomaly in a desktop computer's baseline. The admin was able to detect an attack even though the signature-based IDS and antivirus software did not detect it. Upon further review, it appears that the attacker had downloaded an executable file on the desktop computer from a USB port, and executed it triggering a privilege escalation. What type of attack has occurred? A. Directory traversal B. XML injection C. Zero day D. Baiting
C. Zero day
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.) A. Virus B. Worm C. Zombie D. Malware
C. Zombie
The main objective of risk management in an organization is to reduce risk to a level _____________. (Fill in the blank.) A. the organization will mitigate B. where the ARO equals the SLE C. the organization will accept D. where the ALE is lower than the SLE
C. the organization will accept
Which port and transport mechanism protocol must be opened on a firewall to allow incoming SFTP connections? A. 21 and UDP B. 22 and UDP C. 21 and TCP D. 22 and TCP
D. 22 and TCP
Your organization wants to implement a secure e-mail system using the POP3 and SMTP mail protocols. All mail connections need to be secured with SSL. Which of the following ports should you be using? (Select the two best answers.) A. 25 B. 110 C. 143 D. 465 E. 993 F. 995
D. 465 F. 995
What port and transport mechanism does TFTP use by default? A. 68 and TCP B. 69 and TCP C. 68 and UDP D. 69 and UDP
D. 69 and UDP
Which of the following permits or denies access to resources through the use of ports? A. Hub B. 802.11n C. 802.11x D. 802.1X
D. 802.1X
Of the following, which statement correctly describes the difference between a secure cipher and a secure hash? A. A hash produces a variable output for any input size; a cipher does not. B. A cipher produces the same size output for any input size; a hash does not. C. A hash can be reversed; a cipher cannot. D. A cipher can be reversed; a hash cannot.
D. A cipher can be reversed; a hash cannot.
What does it mean if a hashing algorithm creates the same hash for two different downloads? A. A hash is not encrypted. B. A hashing chain has occurred. C. A one-way hash has occurred. D. A collision has occurred.
D. A collision has occurred.
Which type of vulnerability assessments software can check for weak passwords on the network? A. Wireshark B. Antivirus software C. Performance Monitor D. A password cracker
D. A password cracker
Which of the following is the strongest password? A. password B. Apassword C. Apassword123 D. A#password123
D. A#password123
What needs to be configured to offer remote access to a network? A. Tokens B. Biometrics C. Supplicants D. ACLs
D. ACLs
A malicious computer is sending data frames with false hardware addresses to a switch. What is happening? A. DNS poisoning B. pWWN spoofing C. MAC spoofing D. ARP poisoning
D. ARP poisoning
What key combination should be used to close a pop-up window? A. Windows+R B. Ctrl+Shift+Esc C. Ctrl+Alt+Del D. Alt+F4
D. Alt+F4
A systems administrator must configure access to the corporate network such that users always have access without the need to periodically disconnect and reconnect. Which of the following best describes the type of connection that should be configured? A. Federated identify management B. Kerberos C. Generic Routing Encapsulation D. Always-on VPN E. PPTP
D. Always-on VPN
You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem? A. Antivirus B. Anti-spyware C. Host-based firewalls D. Anti-spam
D. Anti-spam
Many third-party programs have security settings disabled by default. What should you as the security administrator do before deploying new software? A. Network penetration testing B. Input validation C. Application whitelisting D. Application hardening
D. Application hardening
You have disabled all unnecessary services on a domain controller. What is this an example of? A. Secure code review B. Baselining C. Patch management strategy D. Application hardening
D. Application hardening
You ran a penetration test against your two database servers and found out that each of them could be compromised with the default database user account and password. Which of the following did you forget to do to your database servers? A. OS hardening B. Patch management C. Virtualization D. Application hardening
D. Application hardening
Which of the following is a type of malware that is difficult to reverse engineer? A. Logic bomb B. Worm C. Backdoor D. Armored virus
D. Armored virus
Which of the following types of viruses hides its code to mask itself? A. Stealth virus B. Polymorphic virus C. Worm D. Armored virus
D. Armored virus
What two security precautions can best help to protect against wireless network attacks? A. Authentication and WEP B. Access control lists and WEP C. Identification and WPA2 D. Authentication and WPA
D. Authentication and WPA
Which of the following defines the main difference between identification and authentication? A. Authentication verifies the identity of a user requesting credentials, whereas identification verifies a set of credentials. B. Authentication verifies a set of credentials, whereas identification verifies the identity of the network. C. Authentication verifies a user ID that belongs to a specific user, whereas identification verifies the identity of a user group. D. Authentication verifies a set of credentials, whereas identification verifies the identity of a user requesting credentials.
D. Authentication verifies a set of credentials, whereas identification verifies the identity of a user requesting credentials.
In the event of a short-term power loss to the server room, what should be powered on first in order to establish DNS services? A. Apache server B. Exchange server C. RADIUS D. BIND server
D. BIND server
What is another name for a malicious attacker? A. White hat B. Penetration tester C. Fuzzer D. Black hat
D. Black hat
Your organization's network has a main office and has two remote sites that connect back to the main office solely. You have been tasked with blocking Telnet access into the entire network. Which would be the best way to go about this? A. Block port 25 on the main office's firewall. B. Block port 25 on each of the L2 switches at the remote sites. C. Block port 23 on each of the L2 switches at the remote sites. D. Block port 23 on the main office's firewall.
D. Block port 23 on the main office's firewall.
Which of the following is not an example of malicious software? A. Rootkits B. Spyware C. Viruses D. Browser
D. Browser
An attacker takes advantage of a vulnerability in programming that allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? A. Directory traversal B. Command injection C. XSS D. Buffer overflow E. Zero day attack
D. Buffer overflow
You have analyzed what you expect to be malicious code. The results show that JavaScript is being utilized to send random data to a separate service on the same computer. What attack has occurred? A. DoS B. SQL injection C. LDAP injection D. Buffer overflow
D. Buffer overflow
Which of the following is a type of photo ID that is used by government officials to gain access to secure locations? A. Biometrics B. DAC C. RSA tokens D. CAC
D. CAC
Which authentication method completes the following in order: logon request, encrypts value response, server, challenge, compare encrypts results, and authorize or fail referred to? A. Security tokens B. Certificates C. Kerberos D. CHAP
D. CHAP
A recent security audit has uncovered an increase in the number MITM attacks during the certificate validation process. Which of the following is a way to add security to the certificate validation process to help detect and block many types of MITM attacks by adding an extra step beyond normal X.509 certificate validation? A. OID stapling B. SSH C. S/MIME D. Certificate pinning
D. Certificate pinning
What should you be concerned with when transferring evidence? A. Change management B. Job rotation C. Due diligence D. Chain of custody
D. Chain of custody
One of the developers for your company asks you what he should do before making a change to the code of a program's authentication. Which of the following processes should you instruct him to follow? A. Chain of custody B. Incident response C. Disclosure reporting D. Change management
D. Change management
You are in charge of installing patches to servers. Which of the following processes should you follow before installing a patch? A. Due process B. Separation of duties C. Fault tolerance D. Change management
D. Change management
Which one of the following can monitor and protect a DNS server? A. Ping the DNS server. B. Block port 53 on the firewall. C. Purge PTR records daily. D. Check DNS records regularly.
D. Check DNS records regularly
Which of the following fire extinguishers should be used to put out magnesium- or titanium-based metal fires? A. Class A B. Class B C. Class C D. Class D
D. Class D
Which of the following will help to prevent data theft? A. Password history B. GPS tracking C. Video surveillance D. Clean desk policy
D. Clean desk policy
What is documentation that describes minimum expected behavior known as? A. Need to know B. Acceptable usage C. Separation of duties D. Code of ethics
D. Code of ethics
Which of the following methods will best verify that a download from the Internet has not been modified since the manufacturer released it? A. Compare the final LANMAN hash with the original B. Download the patch file over an AES encrypted VPN connection C. Download the patch file through an SSL connection. D. Compare the final MD5 hash with the original.
D. Compare the final MD5 hash with the original.
Which of the following would lower the level of password security? A. After a set number of failed attempts, the server will lock the user out, forcing her to call the administrator to re-enable her account. B. Passwords must be greater than eight characters and contain at least one special character. C. All passwords are set to expire after 30 days. D. Complex passwords that users cannot change are randomly generated by the administrator.
D. Complex passwords that users cannot change are randomly generated by the administrator.
In information security, what are the three main goals? (Select the three best answers.) A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk Assessment F. Availability
D. Confidentiality B. Integrity F. Availability
What are the three main goals of information security? A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk assessment F. Availability
D. Confidentiality B. Integrity F. Availability
Which of the following deals with the standard load for a server? A. Patch management B. Group Policy C. Port scanning D. Configuration baseline
D. Configuration baseline
Your organization uses a third-party service provider for some of its systems and IT infrastructure. Your IT director wants to implement a governance, risk, and compliance (GRC) system that will oversee the third party and promises to provide overall security posture coverage. Which of the following is the most important activity that should be considered? A. Baseline configuration B. SLA monitoring C. Security alerting and trending D. Continuous security monitoring
D. Continuous security monitoring
In your organization's network you have VoIP phones and PCs connected to the same switch. Which of the following is the best way to logically separate these device types while still allowing traffic between them via an ACL? A. Install a firewall and connect it to the switch. B. Create and define two subnets, configure each device to use a dedicated IP address, and then connect the whole network to a router. C. Install a firewall and connect it to a dedicated switch for each type of device. D. Create two VLANs on the switch connected to a router.
D. Create two VLANs on the switch connected to a router.
One of your servers (10.254.254.201) is only allowing slow and intermittent connections to clients on the network. You check the logs of the server and see a large number of connections from the following IP addresses: 10.254.254.38 10.254.254.79 10.254.254.102 11.57.86.86 198.155.201.214 212.119.64.32 The connections from these six hosts are overloading the server and causing it to stop responding to requests from clients. What type of attack is happening? A. Xmas tree B. XSS C. DoS D. DDoS
D. DDoS
Which type of attack uses more than one computer? A. Virus B. DoS C. Worm D. DDoS
D. DDoS
Your organization has suffered from several data leaks as a result of social engineering attacks that were conducted over the phone. Your boss wants to reduce the risk of another leak by incorporating user training. Which of the following is the best method for reducing data leaks? A. Social media and BYOD B. Acceptable use C. Information security awareness D. Data handling and disposal
D. Data handling and disposal
Rick has a local computer that uses software to generate and store key pairs. What type of PKI implementation is this? A. Distributed key B. Centralized C. Hub and spoke D. Decentralized
D. Decentralized
Your boss asks you to limit the wireless signal of a WAP from going outside the building. What should you do? A. Put the antenna on the exterior of the building. B. Disable the SSID. C. Enable MAC filtering. D. Decrease the power levels of the WAP.
D. Decrease the power levels of the WAP.
Your LAN is isolated from the Internet by a perimeter network. You suspect that someone is trying to gather information about your LAN. The IT director asks you to gather as much information about the attacker as possible while preventing the attacker from knowing that the attempt has been detected. What is the best method to accomplish this? A. Deploy a DMZ B. Deploy a proxy server in the perimeter network C. Deploy a NIPS outside the perimeter network D. Deploy a honeypot in the perimeter network
D. Deploy a honeypot in the perimeter network
Your boss asks you to replace the current RADIUS authentication system with a more secure system. Your current RADIUS solution supports EAP, and your new solution should do the same. Which of the following is the best option and would offer the easiest transition? A. CHAP B. SAML C. Kerberos D. Diameter
D. Diameter
Your organization uses a type of cryptography that provides good security but uses smaller key sizes and utilizes logarithms that are calculated against a finite field. Which type of cryptography does your organization use? A. Quantum cryptography B. Diffie-Hellman C. RSA D. Elliptic curve
D. Elliptic curve
After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next? A. Leave the ports open and monitor them for malicious attacks. B. Run the port scan again. C. Close all ports. D. Examine the services and/or processes that use those ports.
D. Examine the services and/or processes that use those ports.
To achieve multifactor security, what should you implement to accompany password usage and smart cards? A. Badge readers B. Passphrases C. Hard tokens D. Fingerprint readers
D. Fingerprint readers
You are a security tester for a penetration testing security company. You are currently testing a website and you perform the following manual query: http://www.davidlprowse.com/cookies.jsp?products=5%20and%201=1 The following response is received in the payload: "ORA-000001: SQL command not properly ended" Based on the query and the response, what technique are you employing? A. Cross-site scripting B. SQL injection C. Privilege escalation D. Fingerprinting E. Remote code execution F. Zero day
D. Fingerprinting
Which of the following devices would most likely have a DMZ interface? A. Switch B. VoIP phone C. Proxy server D. Firewall
D. Firewall
A co-worker's laptop has been compromised. What is the best way to mitigate data loss? A. Common Access Card B. Strong password C. Biometric authentication D. Full disk encryption
D. Full disk encryption
What would you use a TPM for? A. Input validation B. System hardening C. Cloud computing D. Full disk encryption
D. Full disk encryption
A security administrator is required to submit a new CSR to a CA. What is the first step? A. Generate a new private key based on AES B. Generate a new public key based on RSA C. Generate a new public key based on AES D. Generate a new private key based on RSA
D. Generate a new private key based on RSA
Your organization's servers and applications are being audited. One of the IT auditors tests an application as an authenticated user. Which of the following testing methods is being used? A. White-box B. Penetration testing C. Black-box D. Gray-box
D. Gray-box
You are in charge of monitoring a workstation for application activity and/or modification. Which of the following types of systems should you use? A. RADIUS B. NIDS C. OVAL D. HIDS
D. HIDS
Randy needs an external add-on solution that can provide encryption and integrate with his existing database server. Which of the following would meet his needs? A. TPM B. FDE C. CAC D. HSM
D. HSM
Which of the following is a removable device that can be used to encrypt in a high-availability, clustered environment? A. Biometrics B. Cloud computer C. TPM D. HSM
D. HSM
Which of the following will provide an integrity check? A. Public key B. Private key C. WEP D. Hash
D. Hash
What should a disaster recovery plan (DRP) contain? A. Hierarchical access control lists B. Single points of failure C. Hierarchical list of hot sites D. Hierarchical list of critical systems
D. Hierarchical list of critical systems
Which of the following can facilitate a full recovery within minutes? A. Warm site B. Cold site C. Reestablishing a mirror D. Hot site
D. Hot site
You see a network address in the command-line that is composed of a long string of letters and numbers. What protocol is being used? A. IPv4 B. ICMP C. IPv3 D. IPv6
D. IPv6
In which of the following phases of identification and authentication does proofing occur? A. Verification B. Authentication C. Authorization D. Identification
D. Identification
What is the deadliest risk of a virtual computer? A. If a virtual computer fails, all other virtual computers immediately go offline. B. If a virtual computer fails, the physical server goes offline. C. If the physical server fails, all other physical servers immediately go offline. D. If the physical server fails, all the virtual computers immediately go offline.
D. If the physical server fails, all the virtual computers immediately go offline.
You administer a bulletin board system for a rock and roll band. While reviewing logs for the board, you see one particular IP address posting spam multiple times per day. What is the best way to prevent this type of problem? A. Block the IP address of the user. B. Ban the user. C. Disable ActiveX. D. Implement CAPTCHA.
D. Implement CAPTCHA.
Your organization wants you to set up a wireless router so that only certain wireless clients can access the wireless network. Which of the following is the best solution? A. Disable the SSID broadcast. B. Enable 802.11n only. C. Configure AP isolation. D. Implement MAC filtering.
D. Implement MAC filtering.
Which of the following is likely to be the last rule contained within the ACLs of a firewall? A. Time of day restrictions B. Explicit allow C. IP allow any D. Implicit deny
D. Implicit deny
Improper use of P2P and social networking software may result in which of the following? A. Data loss prevention B. Denial of service C. Shoulder surfing D. Information disclosure
D. Information disclosure
When it comes to information security, what is the I in CIA? A. Insurrection B. Information C. Indigestion D. Integrity
D. Integrity
What are two reasons to use a digital signature? A. Non-repudiation B. Availability C. Confidentiality D. Integrity E. Encryption
D. Integrity A. Non-repudiation
Which of the following statements best defines a computer virus? A. It is a find mechanism, initiation mechanism, and can propagate. B. It is a search mechanism, connection mechanism, and can integrate. C. It is a learning mechanism, contamination mechanism, and can exploit. D. It is a replication mechanism, activation mechanism, and has an objective.
D. It is a replication mechanism, activation mechanism, and has an objective.
Password-cracking tools are easily available over the Internet. Which of the following is a password-cracking tool? A. AirSnort B. Nessus C. Wireshark D. John the Ripper
D. John the Ripper
Your organization has a PKI. Data loss is unacceptable. What method should you implement? A. CR B. Web of trust C. CA D. Key escrow
D. Key escrow
Which of the following concepts does the Diffie-Hellman algorithm rely on? A. Usernames and passwords B. VPN tunneling C. Biometrics D. Key exchange
D. Key exchange
Study the following items carefully. Which one permits a user to "float" a domain registration for a maximum of 5 days? A. DNS poisoning B. Domain hijacking C. Domain spoofing D. Kiting E. DNS amplification
D. Kiting
Which of the following is used to implement an unencrypted tunnel between two networks? A. HTTPS B. PPTP C. AES D. L2TP E. Always-on VPN
D. L2TP
What is the most common reason that social engineering succeeds? A. Lack of vulnerability testing B. People sharing passwords C. Lack of auditing D. Lack of user awareness
D. Lack of user awareness
Which of the following concepts best describes the mandatory access control model? A. Bell-LaPadula B. Clark-Wilson C. Biba D. Lattice
D. Lattice
You are the security administrator for the company ABC Accounting, Inc. The IT director has given rights to you that allow you to review logs and update network devices only. Other rights are given out to network administrators for the areas that fall within their job description. What kind of access control is this? A. Job rotation B. Discretionary C. Mandatory vacation D. Least privilege
D. Least privilege
Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks? A. VPN concentrator B. Protocol analyzer C. Proxy server D. Load balancer
D. Load balancer
Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows? A. RAID 6 B. Server virtualization C. Multi-CPU motherboards D. Load balancing
D. Load balancing
What is a malicious attack that executes at the same time every week? A. Virus B. Worm C. Ransomware D. Logic bomb
D. Logic bomb
What should you configure to improve wireless security? A. Enable the SSID B. IP spoofing C. Remove repeaters D. MAC filtering
D. MAC filtering
Which of the following is vulnerable to spoofing? A. WPA-LEAP B. WPA-PEAP C. Enabled SSID D. MAC filtering
D. MAC filtering
Which of the following anomalies can a protocol analyzer detect? A. Disabled network adapters B. Decryption of encrypted network traffic C. Passive sniffing of network traffic D. Malformed or fragmented packets
D. Malformed or fragmented packets
Virtualized browsers can protect the OS that they are installed within from which of the following? A. DDoS attacks against the underlying OS B. Phishing and spam attacks C. Man-in-the-middle attacks D. Malware installation from Internet websites
D. Malware installation from Internet websites
You surmise that a user's session was interrupted by an attacker who inserted malicious code into the network traffic. What attack has occurred? A. DoS B. Spoofing C. Phishing D. Man-in-the-middle
D. Man-in-the-middle
Of the following access control models, which uses object labels? (Select the best answer.) A. Discretionary access control B. Role-based access control C. Rule-based access control D. Mandatory access control E. Attribute-based access control
D. Mandatory access control
Which of the following statements regarding the MAC model is true? A. Mandatory access control is a dynamic model. B. Mandatory access control enables an owner to establish access privileges to a resource. C. Mandatory access control is not restrictive. D. Mandatory access control users cannot share resources dynamically.
D. Mandatory access control users cannot share resources dynamically.
You are in the middle of the information gathering stage of the planning and deployment of a role-based access control model. Which of the following is most likely required? A. Clearance levels of personnel B. Rules under which certain systems can be accessed C. Group-based privileges already in place D. Matrix of job titles with required privileges
D. Matrix of job titles with required privileges
Which of the following access control methods is best described as providing a username, password, and biometric thumbprint scan to gain access to a network? A. Biometrics B. Three-way handshake C. Mutual authentication D. Multifactor
D. Multifactor
Which of the following is not an advantage of NTFS over FAT32? A. NTFS supports file encryption. B. NTFS supports larger file sizes. C. NTFS supports larger volumes. D. NTFS supports more file formats.
D. NTFS supports more file formats.
In a classified environment, clearance to top secret information that enables access to only certain pieces of information is known as what? A. Separation of duties B. Chain of custody C. Non-repudiation D. Need to know
D. Need to know
Which command would display the following output? Active Connections Proto Local Address Foreign Address State TCP WorkstationA:1395 8.15.228.165:http ESTABLISHED A. Ping B. Ipconfig C. Nbtstat D. Netstat
D. Netstat
When is a system completely secure? A. When it is updated B. When it is assessed for vulnerabilities C. When all anomalies have been removed D. Never
D. Never
Which of the following is not one of the steps of the incident response process? A. Eradication B. Recovery C. Containment D. Non-repudiation
D. Non-repudiation
The IT director wants you to use a cryptographic algorithm that cannot be decoded by being reversed. Which of the following would be the best option? A. Asymmetric B. Symmetric C. PKI D. One-way function
D. One-way function
What is the best action to take when you conduct a corporate vulnerability assessment? A. Document your scan results for the change control board. B. Examine vulnerability data with a network sniffer. C. Update systems. D. Organize data based on severity and asset value.
D. Organize data based on severity and asset value.
Which of the following does not apply to an X.509 certificate? A. Certificate version B. The issuer of the certificate C. Public key information D. Owner's symmetric key
D. Owner's symmetric key
Which security measure should be included when implementing access control? A. Disabling SSID broadcast B. Time-of-day restrictions C. Changing default passwords D. Password complexity requirements
D. Password complexity requirements
What tool can alert you if a server's processor trips a certain threshold? A. TDR B. Password cracker C. Event Viewer D. Performance Monitor
D. Performance Monitor
Network utilization is the ratio of current network traffic to the maximum amount of traffic that a network adapter or specific port can handle. Which of the following can help you to determine whether current network utilization is abnormal? A. Security log B. Vulnerability assessment C. Penetration testing D. Performance baseline
D. Performance baseline
You've created a baseline for your Windows Server file server. Which of the following tools can best monitor changes to your system baseline? A. Key management software B. Resource planning software C. Antivirus software D. Performance monitoring software
D. Performance monitoring software
One of your users complains that he received an e-mail from a mortgage company asking for personal information. The user does not recognize this mortgage company as the company with which he first applied for a mortgage for his house. What is the best way to describe this e-mail? A. Hoax B. Spam C. Denial of service D. Phishing
D. Phishing
Which of the following is a common symptom of spyware? A. Infected files B. Computer shuts down C. Applications freeze D. Pop-up windows
D. Pop-up windows
You are tasked with implementing an access point to gain more wireless coverage. What should you look at first? A. SSID B. Radio frequency C. Encryption type D. Power levels
D. Power levels
How are permissions defined in the mandatory access control model? A. Access control lists B. User roles C. Defined by the user D. Predefined access privileges
D. Predefined access privileges
Which of the following methods can possibly identify when an unauthorized access has occurred? A. Session lock mechanism B. Session termination mechanism C. Two-factor authentication D. Previous logon notification
D. Previous logon notification
Your organization asks you to design a web-based application. It wants you to design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk if an attack occurs. Which of the following security concepts does this describe? A. Implicit deny B. Mandatory access control C. Separation of duties D. Principle of least privilege
D. Principle of least privilege
Tim needs to collect data from users who utilize an Internet-based application. Which of the following should he reference before doing so? A. Secure code review B. SOX C. Acceptable use policy D. Privacy policy
D. Privacy policy
What kind of attack enables an attacker to access administrator-level resources using a Windows service that uses the local system account? A. Trojan B. Spyware C. Spam D. Privilege escalation
D. Privilege escalation
You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in? A. Half-duplex mode B. Full-duplex mode C. Auto-configuration mode D. Promiscuous mode
D. Promiscuous mode
Many companies send passwords via clear text. Which of the following can view these passwords? A. Rainbow table B. Port scanner C. John the Ripper D. Protocol analyzer
D. Protocol analyzer
Which tool can be instrumental in capturing FTP GET requests? A. Vulnerability scanner B. Port scanner C. Performance Monitor D. Protocol analyzer
D. Protocol analyzer
A customer has asked you to implement a solution to hide as much information about the internal structure of the network as possible. The customer also wants to minimize traffic with the Internet and does not want to increase security risks to the internal network. Which of the following solutions should you implement? A. NIDS B. Firewall C. Protocol analyzer D. Proxy server
D. Proxy server
One of your co-workers has been issued a new smart card because the old one has expired. The co-worker can connect to the computer network but is unable to send digitally signed or encrypted e-mail. What does the security administrator need to perform? A. Make certificates available to the operating system B. Recover the previous smart card certificates C. Remove all previous smart card certificates from the local certificate store D. Publish new certificates to the global address list
D. Publish new certificates to the global address list
You are tasked with setting up a wireless network that uses 802.1X for authentication. You set up the wireless network using WPA2 and CCMP; however, you don't want to use a PSK for authentication. Which of the following options would support 802.1X authentication? A. Kerberos B. CAC card C. Pre-shared key D. RADIUS
D. RADIUS
WEP improperly uses an encryption protocol and therefore is considered to be insecure. What encryption protocol does it use? A. AES B. RSA C. RC6 D. RC4
D. RC4
Which of the following provides a user with a rolling password for one-time use? A. PIV card B. CAC card C. Multifactor authentication D. RSA tokens
D. RSA tokens
Which of the following threats has the highest probability of being increased by the availability of devices such as USB flash drives on your network? A. Introduction of new data on the network B. Increased loss of business data C. Loss of wireless connections D. Removal of PII data
D. Removal of PII data
What is a definition of implicit deny? A. Everything is denied by default B. All traffic from one network to another is denied. C. ACLs are used to secure the firewall. D. Resources that are not given access are denied by default.
D. Resources that are not given access are denied by default.
What is a definition of implicit deny? A. Everything is denied by default. B. All traffic from one network to another is denied. C. ACLs are used to secure the firewall. D. Resources that are not given access are denied by default.
D. Resources that are not given access are denied by default.
What is the best way to test the integrity of a company's backed up data? A. Conduct another backup B. Use software to recover deleted files C. Review written procedures D. Restore part of the backup
D. Restore part of the backup
In which of the following ways can risk not be managed? A. Risk transfer B. Risk mitigation C. Risk acceptance D. Risk elimination
D. Risk elimination
Your organization (ABC-Services Corp.) has three separate wireless networks used for varying purposes. You conducted a site survey and found the following information from your scans: SSID - State - Channel - Level ABC-WAP1 - Connected - 1 - 80 dbm ABC-WAP2 - Connected - 6 - 90 dbm ABC-WAP3 - Connected - 11 - 75 dbm ABC-WAP4 - Connected - 4 - 65 dbm What is occurring here? A. Jamming B. Packet sniffing C. Near field communication D. Rogue access point
D. Rogue access point
To be proactive, you use your vehicle to take several war-driving routes each month through your company's campus. Recently you have found a large number of unauthorized devices. Which of the following security breaches have you most likely encountered? A. Bluejacking B. Interference C. IV attack D. Rogue access points
D. Rogue access points
Which of the following access control models would be found in a firewall? A. Mandatory access control B. Discretionary access control C. Role-based access control D. Rule-based access control
D. Rule-based access control
Which of the following protocols operates at the highest layer of the OSI model? A. IPsec B. TCP C. ICMP D. SCP
D. SCP
You analyze the network and see that a lot of data is being transferred on port 22. Which of the following set of protocols is most likely being used? A. SSL and SFTP B. SCP and Telnet C. FTP and TFTP D. SCP and SFTP
D. SCP and SFTP
MD5 can be manipulated by creating two identical hashes using two different messages, resulting in a collision. This is difficult (if impossible) to do with SHA-256. Why is this? A. SHA-256 has greater collision strength than MD5. B. MD5 has greater collision resistance than SHA-256. C. MD5 has greater collision strength than SHA-256. D. SHA-256 has greater collision resistance than MD5.
D. SHA-256 has greater collision resistance than MD5.
A security auditing consultant has completed a security assessment and gives the following recommendations: 1. Implement fencing and additional lighting around the perimeter of the building. 2. Digitally sign new releases of software. Categorically, what is the security consultant recommending? (Select the two best answers.) A. Encryption B. Availability C. Confidentiality D. Safety E. Fault tolerance F. Integrity
D. Safety
What is the technique of adding text to a password when it is hashed? A. Rainbow tables B. Symmetric cryptography C. NTLMv2 D. Salting
D. Salting
Tara has written an application and is ready to go through the hardening process. Which of the following could be considered a hardening process of the SDLC? A. Disabling unnecessary services B. Application patching management schedule C. Disabling unnecessary accounts D. Secure coding concepts
D. Secure coding concepts
Which of the following log files should show attempts at unauthorized access? A. DNS B. System C. Application D. Security
D. Security
You are in charge of auditing resources and the changes made to those resources. Which of the following log files will show any unauthorized changes to those resources? A. System log file B. Application log file C. Directory Services log file D. Security log file
D. Security log file
Which password management system best provides for a system with a large number of users? A. Locally saved passwords management system B. Synchronized passwords management system C. Multiple access methods management system D. Self-service password reset management system
D. Self-service password reset management system
Your company has 1000 users. Which of the following password management systems will work best for your company? A. Multiple access methods B. Synchronize passwords C. Historical passwords D. Self-service password resetting
D. Self-service password resetting
One of the users in your organization is attempting to access a secure website. However, the certificate is not recognized by his web browser. Which of the following is the most likely reason? A. Weak certificate cipher B. No key escrow was implemented C. Intermittent Internet connection D. Self-signed certificate
D. Self-signed certificate
An IDS looks for patterns to aid in detecting attacks. What are these patterns known as? A. Anomalies B. Viruses C. Malware D. Signatures
D. Signatures
Your organization provides employee badges that are encoded with a private encryption key and specific personal information. The encoding is used to provide access to the organization's network. What type of authentication method is being used? A. Token B. Biometrics C. Kerberos D. Smart card
D. Smart card
What are two examples of common single sign-on authentication configurations? (Select the two best answers.) A. Biometrics-based B. Multifactor authentication C. Kerberos-based D. Smart card-based
D. Smart card-based C. Kerberos-based
What would a password be characterized as? A. Something a user has B. Something a user is C. Something a user does D. Something a user knows
D. Something a user knows
Which of the following is not a common criteria when authenticating users? A. Something you do B. Something you are C. Something you know D. Something you like
D. Something you like
Which of the following targets specific people? A. Pharming B. Phishing C. Vishing D. Spear phishing
D. Spear phishing
Making data appear as if it is coming from somewhere other than its original source is known as what? A. Hacking B. Phishing C. Cracking D. Spoofing
D. Spoofing
What is it known as when an attacker provides falsified information? A. Aliasin B. Flooding C. Redirecting D. Spoofing
D. Spoofing
Which of the following is a type of packet filtering used by firewalls that retains memory of the packets that pass through the firewall? A. Stateless packet filtering B. Circuit-level gateway C. NAT filtering D. Stateful packet inspection
D. Stateful packet inspection
What kind of monitoring methodology does an antivirus program use? A. Anomaly-based B. Behavior-based C. Signature-based D. Statistical-based
D. Statistical-based
You find out that confidential information is being encoded into graphic files in a form of security through obscurity. What have you encountered? A. Digital signature B. Non-repudiation C. Confidentiality D. Steganography
D. Steganography
You look through some graphic files and discover that confidential information has been encoded into the files. These files are being sent to a sister company outside your organization. What is this an example of? A. Confidentiality B. Cryptography C. Digital signature D. Steganography
D. Steganography
Which of the following is used by PGP to encrypt the session key before it is sent? A. Asymmetric key distribution system B. Asymmetric scheme C. Symmetric key distribution system D. Symmetric scheme
D. Symmetric scheme
Which of the following needs to be backed up on a domain controller to recover Active Directory? A. User data B. System files C. Operating system D. System State
D. System State
Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches? A. Kerberos B. RADIUS C. Captive portal D. TACACS+
D. TACACS+
In a secure environment, which authentication mechanism performs better? A. RADIUS because it is a remote access authentication service. B. RADIUS because it encrypts client-server passwords. C. TACACS+ because it is a remote access authentication service. D. TACACS+ because it encrypts client-server negotiation dialogues.
D. TACACS+ because it encrypts client-server negotiation dialogues.
Of the following, which best describes the difference between RADIUS and TACACS+? A. RADIUS is a remote access authentication service B. RADIUS separates authentication, authorization, and auditing capabilities. C. TACACS+ is a remote access authentication service. D. TACACS+ separates authentication, authorization, and auditing capabilities.
D. TACACS+ separates authentication, authorization, and auditing capabilities.
Which of the following is an example of a nonessential protocol? A. DNS B. ARP C. TCP D. TFTP
D. TFTP
You are attempting to prevent unauthorized access to the desktop computers on your network. You decide to have the computers' operating systems lock after 5 minutes of inactivity. What type of security control is this? A. Detective B. Operational C. Management D. Technical
D. Technical
Which law protects your Social Security number and other pertinent information? A. HIPAA B. SOX C. The National Security Agency D. The Gramm-Leach-Bliley Act
D. The Gramm-Leach-Bliley Act
One of the users in your organization informs you that her 802.11n network adapter is connecting and disconnecting to and from an access point that was recently installed. The user has Bluetooth enabled on the laptop. A neighboring company had its wireless network compromised last week. Which of the following is the most likely cause of the disconnections? A. The attacker that compromised the neighboring company is running a war-driving attack. B. A Bluetooth device is interfering with the user's laptop. C. An attacker in your organization is attempting a bluejacking attack. D. The new access point was not properly configured and is interfering with another access point.
D. The new access point was not properly configured and is interfering with another access point.
A visitor plugs her laptop into the network in the conference room and attempts to start a presentation that requires Internet access. The user gets a warning on the screen saying that her antivirus software is not up to date. As a result, the visitor is unable to access the Internet. What is the most likely cause of this? A. The security posture on the network is disabled, and remediation must take place before the user can access the Internet. B. The IDS blocked access to the network. C. The IPS prevented access to the network. D. The security posture on the network is enabled, and remediation must take place before the user can access the Internet.
D. The security posture on the network is enabled, and remediation must take place before the user can access the Internet.
Which of following log files would be the most useful in determining which internal user was the source of an attack that compromised another computer on the same network? A. Directory Services logs B. The attacking computer's audit logs C. The firewall logs D. The target computer's audit logs
D. The target computer's audit logs
Michael has just completed monitoring and analyzing a web server. Which of the following indicates that the server might have been compromised? A. The web server is sending hundreds of UDP packets. B. The web server has a dozen connections to inbound port 80. C. The web server has a dozen connections to inbound port 443. D. The web server is showing a drop in CPU speed and hard disk speed.
D. The web server is showing a drop in CPU speed and hard disk speed.
Why would a security administrator use a vulnerability scanner? (Select the best answer.) A. To identify remote access policies B. To analyze protocols C. To map the network D. To find open ports on a server
D. To find open ports on a server
What is the best reason for security researchers to use virtual machines? A. To offer a secure virtual environment where they can conduct online deployments B. To offer an environment where they can discuss security research C. To offer an environment where network applications can be tested D. To offer an environment where malware might be executed but with minimal risk to equipment
D. To offer an environment where malware might be executed but with minimal risk to equipment
A thumb drive has been used to compromise systems and enable unauthorized access. What kind of malware was most likely installed to the thumb drive? A. Bot B. Logic bomb C. Virus D. Trojan
D. Trojan
One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer? A. Worm B. Logic bomb C. Spyware D. Trojan
D. Trojan
To prevent electrical damage to a computer and its peripherals, the computer should be connected to what? A. Power strip B. Power inverter C. AC to DC converter D. UPS
D. UPS
A systems administrator requires an all-in-one device that combines various levels of defense into one solution. She requires a single device that sits last on the network before the Internet connection. Which of the following would be the best solution? A. Circuit-level gateway B. DLP C. WIDS D. UTM
D. UTM
You are contracted with a customer to protect its user data. The customer requires the following: ~Easy backup of all user data ~Minimizing the risk of physical data theft ~Minimizing the impact of failure on any one file server Which of the following solutions should you implement? A. Back up user files to USB hard disks attached to the customer's systems. Store the USB hard disks in a secure area after hours. B. Use file servers with removable hard disks. Secure the hard disks in a separate area after hours. C. Use internal hard disks installed in file servers. Lock the file servers in a secure area. D. Use file servers attached to a NAS. Lock the file servers and NAS in a secure area.
D. Use file servers attached to a NAS. Lock the file servers and NAS in a secure area.
Ann has been asked by her boss to periodically ensure that a domain controller/DNS server maintains the proper security configuration. Which of the following should she review? A. Firewall logs B. NIPS logs C. WINS configuration D. User rights
D. User rights
Which of the following technologies was originally designed to decrease broadcast traffic and reduce the likelihood of having information compromised by network sniffers? A. DMZ B. VPN C. RADIUS D. VLAN
D. VLAN
What is the best way to prevent ARP poisoning across a network? A. MAC flooding B. Log analysis C. Loop protection D. VLAN segregation
D. VLAN segregation
A programmer wants to prevent cross-site scripting. Which of the following should the programmer implement? A. Validation of input to remove bit code B. Validation of input to remove shell scripts C. Validation of input to remove batch files D. Validation of input to remove hypertext
D. Validation of input to remove hypertext
The IT director asks you to verify that the organization's virtualization technology is implemented securely. What should you do? A. Verify that virtual machines are multihomed B. Perform penetration testing on virtual machines C. Subnet the network so that each virtual machine is on a different network segment D. Verify that virtual machines have the latest updates and patches installed
D. Verify that virtual machines have the latest updates and patches installed
A hacker develops a piece of malicious code that is not designed to automatically spread from one system to another. Instead, it is designed to spread from one file to another file on the individual computer. What type of malware is this? A. Worm B. Trojan C. Botnet D. Virus
D. Virus
You have identified a security threat on a server, but you have decided not to exploit it. What method have you implemented? A. Penetration test B. Risk mitigation C. NIDS D. Vulnerability scan
D. Vulnerability scan
You have received several reports from users of corrupted data. You patched the affected systems but are still getting reports of corrupted data. Which of the following methods should you use to help identify the problem? A. Data integrity check B. Penetration testing C. Hardware baseline review D. Vulnerability scan
D. Vulnerability scan
Which of the following is a passive attempt at identifying weaknesses? A. Port scanning B. Penetration testing C. DoS attack D. Vulnerability scanning
D. Vulnerability scanning
Which of the following can be implemented in hardware or software to protect a web server from XSS attacks? A. Flood guard B. IDS C. URL content filter D. WAF
D. WAF
Your boss asks you to install a wireless access point and set up a new wireless network. Which protocol offers the best wireless security? A. WPA B. SSH C. WEP D. WPA2
D. WPA2
If you were to deploy your wireless devices inside a TEMPEST-certified building, what could you prevent? A. Bluesnarfing B. Weak encryption C. Bluejacking D. War-driving
D. War-driving
The security company you work for has been contracted to discern the security level of a software application. The company building the application has given you the login details, production documentation, a test environment, and the source code. Which of the following testing types has been offered to you? A. Black box B. Red teaming C. Gray box D. White box
D. White box
What is the greatest benefit of using S/MIME? A. You can send e-mails with a return receipt. B. You can send anonymous e-mails. C. It expedites the delivery of your e-mails. D. You can encrypt and digitally sign e-mail messages.
D. You can encrypt and digitally sign e-mail messages.
Bob wants to send an encrypted e-mail to Alice. Which of the following will Alice need to use to verify the validity of Bob's certificate? (Select the two best answers.) A. Bob's private key B. Alice's private key C. The CA's private key D. Bob's public key E. Alice's public key F. The CA's public key
E. Alice's public key
Which of the following offer the best protection against brute-forcing passwords? (Select the two best answers.) A. MD5 B. SHA2 E. PBKDF2 D. AES E. PBKDF2 F. CHAP
E. PBKDF2 E. PBKDF2