Security+
Which of the following specifications identifies security that can be added to wireless networks? 802.11i 802.11ac IEEE 802.3u IEEE 802.3
802.11i
Symmetric encryption algorithms use how many keys? 4 2 1 3
1
Which of the following is a slang term for unwanted commercial e-mail. IMAP SPIM SPAM POP
SPAM
You have a website that accepts input from users for creating customer profiles based on shopping product preferences. Input on the form is passed to a database server where the user account preference information is stored. An attacker discovers that he is able to insert database commands in the input fields and have those commands execute on the server. Based on this vulnerability, which type of attack is this server likely to experience from the attacker? Buffer overflow SQL injection DLL injection Cross-site scripting
SQL Injection
You are at a website and you click on checkout to complete the transaction and you notice that the http changes to https in your browser and you now see a little padlock next to your URL bar. What is the underlying protocol that is being used to create a secure connection? IPSec SSH FTPS SSL
SSL
Which organization can be used to identify an individual for certificate issue in a PKI environment? A. RA B. LRA C. PKE D. SHA
A. The Registration Authority identifies an individual for issuing a certificate by a Certificate Authority
Your organization is facing a sophisticated series of network attacks over a prolonged period of time. What is the term that is used to describe this? Persistent Advanced Threat (PAT) Advanced Persistent Threat (APT) Never Ending Threat (NET) Game Over Threat (GOT)
Advanced Persistent Threat (APT)
Janet is a network administrator for a small company. Users have been reporting that personal data is being stolen when using the wireless network. They all insist that they only connect to the corporate wireless access point. Reviewing the logs for the WAP shows that these users have not connected to it. Which of the following could best explain this situation? A. Bluesnarfing B. Rouge access point C. Jamming D. Bluejacking
B. This is a classic example of a rogue access point. None of the other attacks would explain this scenario.
You need to encrypt your hard drive. Which of the following is the best choice? A. DES B. RSA C. AES D. SHA
C. For a hard drive, you want a symmetric cipher and AES is more secure than DES.
Ahmed is a network administrator for an insurance company. He is concerned about users storing company data on their smartphones to exfiltrate that data. Which of the following best describes this? A. BYOD B. Bluejacking C. USB OTG D. CYOD
C. USB OTG is the use of portable devices as USB. Bring Your Own Device is simply a method for allowing employees to bring their own devices into the company network. Bluejacking is a Bluetooth attack. Choose Your Own Device allows employees to select a device from a pre-approved list.
Which of the following acronyms describes mobile devices that are provided by the company to employees to have the most control over the devices? B2TB BYOD COPE CYOP
COPE
Which of the following involves unauthorized commands coming from a trusted user to the website? A. ZDT B. HSM C. TT3 D. XSRF
D. XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge, and it employs some type of social networking to pull it off.
Which of the following is the weakest symmetric encryption algorithm? DES 3DES AES Twofish
DES
While using the Internet, you type the URL of a particular website that you are familiar with but the browser displays a completely different website. When you input the IP address of the web server into the URL bar of your web browser, you are taken to the appropriate web site. Which type of attack likely has occurred? Man-in-the-middle DNS poisoning Hijacking Spoofing
DNS Poisoning
What is used to provide EMI and RFI shielding for an entire room of computer or electronic equipment (also used to prevent electronic eavesdropping). Room shield Cone of silence Faraday cage Smart shield
Faraday cage
Which of the following is the term used to describe inputting random data to the inputs of an application in order to test the application for security vulnerabilities? Fuzzing Sirening Outputting Phreaking
Fuzzing
With which type of technology will make a device stop functioning if it is falls outside a defined geographic range? Geofencing Mantrapping Segmenting Perimterizing
Geofencing
Which of the following backup methods is based on the philosophy that a full backup should occur at regular intervals, such as monthly or weekly and backup tapes should be reused once the data on the tape is backed up to longer term storage? Cousin, Aunt, Dead Uncle Grandfather, Father, Son Daughter, Mother, Grandmother Son, Dad, Father
Grandfather, Father, Son
In which of the following does the tester have some limited knowledge of the system prior to performing a penetration test? Black Box Gray Box White Box Code Red Box
Gray Box
Which of the following threat actors seeks to discredit, place a harmful light on, or hurt an organization or government? Competitor Insider Nation-State Hacktivist
Hacktivist
Which of the following is not a form of social engineering? Impersonating a manager over the phone Impersonating a utility repair technician A virus hoax email message Impersonating a user by logging on with stolen credentials
Impersonating a user by logging on with stolen credentials
Which of the following is the initial step in the incident response cycle? Documenting the response Investigating the incident Repairing the damage Incident identification
Incident identification
Which of the following backup systems backs up only the files that have changed since the last backup? Full Backup Differential Backup Incremental Backup Archival Intermediary Backup
Incremental Backup
Which of the following threat actors is most likely to be motivated purely for financial gain? Hacktivist Nation-State Organized Crime Script Kiddies
Organized crime
Which PKCS standard is the standard for password-based cryptography? PKCS #3 PKCS #7 PKCS #1 PKCS #5
PKCS #5
Which of the following describes the process of applying program updates manually? Service pack Hotsite Hotfix Patching
Patching
The outermost edge of physical security is a barrier that is known as which of the following? Blockade Perimeter Door Stop
Perimeter
Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victims trusts? Phishing Man-in-the-middle Adware Session hijacking
Phishing
Which of the following answer choices is the term for an area in a building where access is individually monitored and controlled? Network perimeter Security zone Secured room Man trap
Security zone
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network? Smurf Fingerprinting Fraggle Session hijacking
Smurf
Which kind of security attack is a result of the trusting nature of human beings? Social engineering Sociologic Friendly neighbor Human nature
Social Engineering
What is the primary organization for maintaining certificates called? A. CA B. RA C. LRA D. CRL
A. This is a certificate authority.
Which of the following is typically not necessary to back up? Databases User data Applications Registry
Applications
The area of an application that is available to users (those who are authenticated as well as those who are not) is known as its: Ring of trust Attack surface Public persona Personal space
Attack Surface
You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately, you notice that they're using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process? A. Network security B. Key transmission C. Certificate revocation D. Private key security
B. Key transmission is a concern.
Pass-the-hash attacks take advantage of a weak encryption routine associated with which protocols? A. NetBEUI and NetBIOS B. NTLM and LanMan C. Telnet and TFTP D. Chargen and DNS
B. Pass-the-hash attacks take advantage of a weak encryption routine associated with NTLM and LanMan protocols.
With which of the following is the DNS server given information about a name server that it thinks is legitimate when it isn't? A. DNS tagging B. DNS kiting C. DNS poisoning D. DNS foxing
C. With DNS poisoning, also known as DNS spoofing, the DNS server is given information about a name server that it thinks is legitimate when it isn't.
Which of the following is a solution that allows an employee to purchase their own mobile device but they must choose from a list of company approved mobile devices; this gives the company some control over the type of device and software that connects to the corporate network? COPE BYOD BYOB CYOD
CYOD
The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified? A. CA B. CP C. CRC D. OCSP
D. Online Certificate Status Protocol is done in real time.
When you combine phishing with Voice over IP, it is known as: A. Spoofing B. Spooning C. Whaling D. Vishing
D. Vishing involves combining phishing with Voice over IP.
You are the administrator of the www.realtor.com website. You are working when suddenly web server and network utilization spikes to 100 percent and stays there for several minutes and users start reporting "Server not available" errors. You may have been the victim of what kind of attack? DoS Virus Replay attack Man in the middle
DoS
Which of the following is a popular asymmetric encryption type for devices that do not have a lot of CPU power and are power sensitive? GOST SHA-2 ECC RSA
ECC
Which of the following statements about electrostatic discharge is not correct? Measuring the moisture content in the air can be helpful in avoiding ESD ESD damage is more likely to occur in low humidity ESD is much more likely to occur when the relative humidity is above 50% One of the greatest threats to computer equipment is ESD
ESD is much more likely to occur when the relative humidity is above 50%
What is the goal of a TCP/IP hijacking attack? Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access. Establishing an encryption tunnel between two remote systems over an otherwise secured network. Destroying data. Preventing legitimate authorized access to a resource
Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access.
The process of automatically switching from a malfunctioning system to another system is referred to as which of the following? Redundancy Failover Fail-safe Fail-open
Failover
You are leading your network team in a process to identify all needed ports and services that are required for each desktop PC and then configuring each PC to ensure that only those identified ports and services are open and running. What process does this describe? Encrypting Concreting Hardening Softening
Hardening
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data and not unexpected characters? Error and exception handling Process spawning Input validation Output validation
Input validation
Which security principle is the most critical when setting up network accounts? Separation of duties Password complexity Least privilege Password expiration
Least privilege
You have decided that in order to get maximum life out of your networking gear that you want to deliver consistent and optimal power to your devices. Which device should you use to accomplish this goal? Backup generator Line conditioner Surge protector Power strip
Line conditioner
What is the primary drawback of infrared networking? Line of sight FAA concerns to flying aircraft Encryption not possible Poor authentication
Line of sight
Which of the following wireless technology is primarily responsible for the significant bandwidth increase from the 802.11g standard to the 802.11n standard? WPA2 WTLS WPS MIMO
MIMO
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack? DDoS Man-in-the-middle attack Spamming Passive logging
Man-in-the-middle attack
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key should Mary use to create the digital signature? Sam's public key Sam's private key Mary's public key Mary's private key
Mary's private key
Which U.S. government agency is responsible for creating and breaking encryption codes? NSA FCC NIST FBI
NSA
Which resource would be the most useful to discover known and documented web application vulnerabilities? RFC NSA CERT OWASP
OWASP
An internal PC has been compromised by Malware and it is now being used to attack the intended target which is the SQL server. How would you characterize this type of attack? Pivot Post and Front Plant and Go Swivel
Pivot
What must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? Cryptographic algorithm Public key Private key Hash values
Private Key
A high school student is angry at a particular University because the student received a letter that their application to the University was denied. The angry student decided to get revenge on the University and downloaded an attack toolkit and used the toolkit to launch a denial-of-service attack on the website of the University. Which term best describes this threat actor? Insider Knuckleheader Script Kiddie Hacktivist
Script Kiddie
Which of the following is a type of attack that occurs when an attacker pretends to be a legitimate client, using information it has gained from a legitimate client (like its IP address)? DoS Spoofing Replay Smurf
Spoofing
Which of the following cellular standards is 3G and is essentially considered an improvement over GSM? LTE EDGE UMTS ComSat
UMTS
Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information? Tailgating Spear phishing Vishing Masquerading
Vishing
Which WiFi Alliance wireless security protocol is most closely associated with TKIP? WPA WPAIV WEP WPA2
WPA
Which type of Malware has the characteristic of finding an operating system vulnerability, exploiting it, and then automatically spreading to infect other systems on the network? Virus Worm Trojan Horse Rootkit
Worm
Which "X" standard defines the digital certificate format and fields for web servers? X.109 X.509 X.300 X.500
X.509
Which of the following is not a component of Public Key Infrastructure (PKI)? Digital Certificates CA RA XA
XA
With 802.11g and 802.11n in the United States, how many non-overlapping channels are there on the 2.4GHz frequency? 1 23 3 11
3
Which of the following is not an asymmetric encryption algorithm? RSA ECC 3DES Diffie-Hellman
3DES
Computer room humidity should ideally be kept at approximately what level? 75% 25% No humidity 50%
50%
Juanita is responsible for setting up network accounts for her company. She wants to establish an account for the SQL Server service. Which of the following would be the best type of account for her to use? A. A user/service account B. Domain admin account C. Guest account D. Shared account
A. All services should be assigned a service account. The other options are not secure.
According to CERT, which of the following would be a formalized or an ad hoc team you can call upon to respond to an incident after it arises? A. CSIRT B. CIRT C. IRT D. RT
A. A CSIRT is a formalized or an ad hoc team that you can call upon to respond to an incident after it arises.
Which type of attack denies authorized users access to network resources? A. DoS B. Worm C. Logic bomb D. Social engineering
A. A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.
Which of the following terms refers to the process of establishing a standard for security? A. Baselining B. Security evaluation C. Hardening D. Methods research
A. Baselining is the term for establishing a standard for security.
You are responsible for e-commerce security at your company. You want to use the most widely implemented asymmetric algorithm available today. Which of the following is the most widely used asymmetric algorithm today? A. RSA B. AES C. 3DES D. SHA
A. RSA is the most widely used asymmetric cipher today, though ECC is quickly becoming more widely used.
A SYN attack or SYN flood exploits or alters which element of the TCP 3-way handshake? ACK SYN/ACK FIN or RES SYN
ACK
Which of the following types of penetration test focuses on a specific device using port scans, traceroute information, and network mapping to find weaknesses? Passive recon Operational recon Black ops recon Active recon
Active Recon
Which of the following best describes the ping of death? Redirecting echo responses from an ICMP communication Partial IP packets with overlapping sequencing numbers Sending multiple spoofed ICMP packets to the victim An ICMP packet that is larger than 65,536 bytes
An ICMP packet that is larger than 65,536 bytes
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DoS B. DDoS C. Worm D. UDP attack
B. A DDoS attack uses multiple computer systems to attack a server or host in the network.
The command monlist can be used with which protocol as part of an amplification attack? A. SMTP B. NTP C. SNMP D. ICMP
B. The command monlist can be used with an NTP amplification attack to send details of the last 600 people who requested network time.
Proximity readers work with which of the following? (Choose all that apply.) A. 15.75 fob card B. 14.32 surveillance card C. 13.56 MHZ smart card D. 125 kHz proximity card
C, D. Proximity readers work with 13.56 MHz smart cards and 125 kHz proximity cards.
Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate? A. CRA B. CYA C. CRL D. PKI
C. A Certificate Revocation List should be used.
Which of the following is the process used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated? A. Chain of custody B. Order of volatility C. Legal hold D. Strategic intelligence gathering
C. The process that is used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated is known as legal hold.
MAC is an acronym for what as it relates to cryptography? A. Media access control B. Mandatory access control C. Message authentication code D. Multiple advisory committees
C. This is a Message Authentication Code.
Tom is responsible for account management in his company. For user John Smith who is an administrator, which of the following would be the best name for him to choose? A. Admin001 B. Admjsmith C. Ajsmith D. jsmith
D. This is the only name choice that does not give any hint as to the role of that user. The others all reveal, or suggest, the user's role.
What is another name for working copies? A. Functional copies B. Running copies C. Operating copies D. Shadow copies
D. Working copies are also known as shadow copies.
Which of the following features on a wireless access point allows or rejects client connections based on the Layer 2 wireless network card address? IP address filtering WPA2 Enterprise SSID MAC address filtering
Mac address filtering
Which of the following symmetric encryption types uses a stream cipher and not a block cipher? Blowfish RC4 3DES AES
RC4
What can be used to derive the original message from a computed hash value? Non return to zero attack Rainbow table Amplification algorithm Collision
Rainbow table
Which of the following is considered the strongest hashing algorithm? MD5 SHA-2 LANMAN NTLM
SHA-2
Which fire extinguisher type is the best to be used on computer equipment in the case of a computer electrical fire? Type C Type B Type A Type D
Type C
Your company has implemented email encryption throughout the enterprise. You are concerned that someone might lose their cryptographic key. You want to implement some mechanism for storing copies of keys and recovering them. What should you implement? A. Key escrow B. Key archival C. Key renewal D. Certificate rollover
A. A key escrow should be used.
Which wireless technology uses TKIP? A. WEP B. WPA C. WPA2 D. WAP
B. WPA uses Temporal Key Integrity Protocol (TKIP), while WEP and WPA2 do not. WAP is a wireless access point.
Which site best provides limited capabilities for the restoration of services in a disaster? A. Hot site B. Warm site C. Cold site D. Backup site
B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.
The new head of software engineering has demanded that all code be tested to identify the design flow and then modified, as needed, to clean up routines without changing the code's visible behavior. What is this process known as? A. Straightening B. Sanitizing C. Refactoring D. Uncluttering
C. Refactoring involves testing to identify the design flow and then modifying, as needed, to clean up routines without changing the code's visible behavior.
Which of the following is a concept that works on the assumption that any information created on any system is stored forever? A. Cloud computing B. Warm site C. Big data D. Full archival
D. Full archival is a concept that works on the assumption that any information created on any system is stored forever.
John is responsible for application security at his company. He is concerned that the application reacts appropriately to unexpected input. What type of testing would be most helpful to him? A. Unit testing B. Integration testing C. Stress testing D. Fuzzing
D. Fuzzing is testing by entering incorrect data to test the applications response.
A smartphone has been stolen from an employee while he was on travel and the smartphone contains sensitive company data. What is the appropriate action to take to prevent the sensitive data from being compromised? Conwiping Goefencing Remote wipe Segmentation
Remote wipe
You have downloaded and installed a new screen saver but you have also noticed that new services are now running on your system and CPU and RAM utilization has gone up significantly. Your system has likely been infected by which type of Malware? Ransomware Trojan Horse Worm Swiss cheese infection
Trojan Horse
What is the primary countermeasure to social engineering? Heavy management oversight A written security policy Traffic filters User training
User training
Which of the following wireless security standard is most closely associated with the IEEE 802.11i standard? WPA2 RC4 WEP WPA
WPA2
Which of the following back up site locations provides some limited resources such as a network infrastructure and an ISP connection for an organization to continue operations after a disaster? Hot Site Cold Site Warm Site Luke Warm Site
Warm Site
Which of the following is an attack that injects malicious scripts into legitimate Website webpages to redirect users to fake websites where they may encounter malware? SQL injection DLL injection ZSS XSS
XSS
A computer that has been infected by a type of malware that places the system under the command and control of an attacker is called which of the following? Zombie Dracula Herder Worm
Zombie
Users in the Marketing department perform many of their daily tasks, such as emailing and creating presentations on their own personal tablets. The chief information officer worries that one of these users might also use their tablet to steal important private information on the organization's network. Your job is to implement a solution that can help prevent allowing insiders from accessing sensitive information on the internal network while they are using their personal tablets. Which of the following should you implement? A guest wireless network that is isolated from your organization's production network An acceptable use policy BYOD A network access control solution
A guest wireless network that is isolated from your organization's production network
Which of the following types of vulnerability scans uses actual network authentication to connect to systems and scan for vulnerabilities? A. Credentialed B. Validated C. Endorsed D. Confirmed
A. A credentialed vulnerability scan uses actual network credentials to connect to systems and scan for vulnerabilities.
Which symmetric encryption algorithm is based on Rijndael? ECC RSA AES RC4
AES
Which of the following is an attack where a program or service is placed on a server to bypass normal security procedures? DoS Replay Social engineering Backdoor
Backdoor
RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following? A. Network medium B. Electrical wiring C. Radio spectrum D. Portable media
C. RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across a radio spectrum. Motors with defective brushes can generate RFI, as can a number of other devices.
What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? A. SQL tearing B. SQL manipulation C. SQL cracking D. SQL injection
D. SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.
You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you want to have the product certified. Which certification is used to indicate minimal electronic emissions? A. EMI B. RFI C. CC EAL 4 D. TEMPEST
D. TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.
Which of the following is most prone to an SQL injection attack? Browsers that allow client-side scripts Database servers ActiveX controls Websites using Javascript
Database servers
A meeting with an organizations key players to discuss the threats they face is known as which of the following? Tabletop Exercise Executive Council Summarization The Big Wig Exercise The Round Table Meeting
Tabletop Exercise
Which of the following is similar to Blowfish but works on 128-bit blocks? A. Twofish B. IDEA C. CCITT D. AES
A. Twofish.
Individuals who specialize in the breaking of codes are known as which of the following? Cryptationists Cryptanalysts Crypticpersons Cryptographers
Cryptanalysts
John is concerned about message integrity. He wants to ensure that message integrity cannot be compromised no matter what the threat. What would best help him accomplish this goal? A. SHA2 B. MD5 C. AES D. MAC
D. A message authentication code will reveal any tampering, accidental or intentional.
You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency? A. Backup-site agreement B. Warm-site agreement C. Hot-site agreement D. Reciprocal agreement
D. A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency
Which of the following is a small library that is created to intercept API calls transparently? A. Chock B. Wedge C. Refactor D. Shim
D. A shim is a small library that is created to intercept API calls transparently.
Which of the following would be most effective in preventing a thief from using a mobile device stolen from your company? A. GPS tracking B. WPA2 C. COPE D. Geofencing
D. Geofencing prevents a device from working outside a geographic area. WPA2 is a wireless security technology. Company-Owned and -Provided Equipment has the company buying mobile devices, and geotracking simply locates the device.
Which type of penetration-style testing involves actually trying to break into the network? A. Discreet B. Indiscreet C. Nonintrusive D. Intrusive
D. Intrusive testing involves actually trying to break into the network. Non-intrusive testing takes more of a passive approach.
Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred? A. Logic bomb B. Worm C. Virus D. ACK attack
A. A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? A. Man-in-the-middle attack B. Backdoor attack C. Worm D. TCP/IP hijacking
A. A man-in-the-middle attack attempts to fool both ends of a communications session into believing that the system in the middle is the other end.
The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up to date. What is a bundle of one or more system fixes in a single product called? A. Service pack B. Hotfix C. Patch D. System install
A. A service pack is a bundle of patches and hot fixes.
Which of the following types of penetration testing focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses? A. Active reconnaissance B. Passive reconnaissance C. Operational reconnaissance D. Constricted reconnaissance
A. Active reconnaissance is a type of penetration testing that focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses.
Vincent is a programmer working on an e-commerce site. He has conducted a vulnerability scan and discovered a flaw in a third-party module. There is an update available for this module that fixes the flaw. What is the best approach for him to take to mitigate this threat? A. Submit an RFC. B. Immediately apply the update. C. Place the update on a test server; then if it works, apply it to the production server. D. Document the issue.
A. Always use change management.
You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is she referring to? A. Armored virus B. Malevolent virus C. Worm D. Stealth virus
A. An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus
Which technology uses a physical characteristic to establish identity? A. Biometrics B. Surveillance C. Smart card D. CHAP authenticator
A. Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.
Using Bluetooth to extract data from a victim's phone is best described as which of the following? A. Bluesnarfing B. Bluejacking C. CYOD D. Jailbreaking
A. Bluesnarfing extracts data via Bluetooth. Bluejacking simply sends messages to the device. Choose Your Own Device allows employees to select a device from a preapproved list. Jailbreaking refers to gaining root or admin access.
An attacker has placed an opaque layer over the Request A Catalog button on your web page. This layer tricks visitors into going to a form on a different website and giving their contact information to another party when their intention was to give it to you. What type of attack is this known as? A. Clickjacking B. Man-in-the-middle C. XSRF D. Zero-day
A. Clickjacking involves an attacker using multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they were intending to click the top-level page.
Your company is about to invest heavily in a new server farm and have made an attractive offer for a parcel of land in another country. A consultant working on another project hears of this and suggests that you get the offer rescinded because the laws in that country are much more stringent than where you currently operate. Which of the following is the concept that data is subject to the laws of where it is stored? A. Data sovereignty B. Data subjugation C. Data dominion D. Data protectorate
A. Data sovereignty is the concept that data is subject to the laws of where it is stored.
Elizabeth works for a company that manufactures portable medical devices, such as insulin pumps. She is concerned about security for the device. Which of the following would be the most helpful in securing these devices? A. Ensure that all communications with the device are encrypted. B. Ensure that the devices have FDE. C. Ensure that the devices have been stress tested. D. Ensure that the devices have been fuzz tested.
A. Encrypt all transmissions.
As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage? A. Environmental controls B. Physical security C. Hardened servers D. Administrative controls
A. Environmental controls would be the least important issue
Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire? A. Gas-based B. Water-based C. Fixed system D. Overhead sprinklers
A. Gas-based systems work by displacing the air around a fire. This eliminates one of the three necessary components of a fire: oxygen.
Which of the following does not apply to a hashing algorithm? A. One-way B. Long key size C. Variable-length input with fixed-length output D. Collision resistance
A. long key sizes are not applicable to hashing algorithms.
Which of the following is an intermediate access control mechanism used in a highsecurity installation that requires visual identification, as well as authentication, to gain access? A. Mantrap B. Fencing C. Proximity reader D. Hot aisle
A. High-security installations use a type of intermediate access control mechanism called a mantrap. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed by a large number of individuals at once because it allows only one or two people into a facility at a time.
What principle is most important in setting up network accounts? A. Least privileges B. Password expiration C. Password complexity D. Separation of duties
A. Least privileges is the most critical principle in account management. The other options are all important, but not as critical as least privileges.
Karl from Accounting is in a panic. He is convinced that he has identified malware on the servers—a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and yet still displays back the user's intended transaction. What type of attack could he have stumbled on? A. Man-in-the-browser B. Man-in-the-castle C. Man-in-the-code D. Man-in-the-business
A. Man-in-the-browser is a type of man-in-the-middle attack in which a Trojan horse manipulates calls between the browser and its security mechanisms yet still displaying back the user's intended transaction.
Myra is concerned about database security. She wants to begin with a good configuration of the database. Which of the following is a fundamental issue with database configuration? A. Normalization B. Input validation C. Fuzz testing D. Stress testing
A. Normalization is one of the most fundamental aspects of database configuration.
Mary is responsible for website security in her company. She wants to address widely known and documented web application vulnerabilities. Which resource would be most helpful? A. OWASP B. CERT C. NIST D. ISO
A. Open Web Application Security Project (OWASP).
Which of the following is the best example of perimeter security? A. Chain link fence B. Video camera C. Elevator D. Locked computer room
A. Perimeter security involves creating a perimeter or outer boundary for a physical space. Video surveillance systems wouldn't be considered a part of perimeter security, but they can be used to enhance physical security monitoring.
Which of the following would be the most secure way to deploy a legacy application that requires a legacy operating system? A. Sandboxing B. Stress testing C. Dynamic testing D. Placing it on an encrypted drive
A. Sandboxing the application would be the most secure.
The process of reducing or eliminating susceptibility to outside interference is called what? A. Shielding B. EMI C. TEMPEST D. Desensitization
A. Shielding keeps external electronic signals from disrupting operations.
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? A. Social engineering B. IDS system C. Perimeter security D. Biometrics
A. Social engineering attacks take advantage of our inherent trust as human beings, as opposed to technology, to gain access to your environment.
Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols? A. TLS B. SSH C. RSH D. X.509
A. TLS is the replacement for SSL.
Which of the following is the best description of tailgating? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Sitting close to someone in a meeting D. Stealing information from someone's desk
A. Tailgating is best defined as following someone through a door they just unlocked
You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't use a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage? A. Grandfather, Father, Son method B. Full Archival method C. Backup Server method D. Differential Backup method
A. The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.
During a training session, you want to impress upon users the serious nature of security and, in particular, cryptography. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use? A. NSA B. NIST C. IEEE D. ITU
A. The National Security Administration is responsible for cryptography in the U.S. government, even though those standards by then become NIST standards.
What document describes how a CA issues certificates and for what they are used? A. Certificate policies B. Certificate practices C. Revocation authority D. CRL
A. The certificate policy describes how a certificate can be used.
Which plan or policy helps an organization determine how to relocate to an emergency site? A. Disaster-recovery plan B. Backup site plan C. Privilege management policy D. Privacy plan
A. The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage
In a hot and cold aisle system, what is the typical method of handling cold air? A. It is pumped in from below raised floor tiles. B. It is pumped in from above through the ceiling tiles. C. Only hot air is extracted, and cold air is the natural result. D. Cold air exists in each aisle.
A. With hot and cold aisles, cold air is pumped in from below raised floor tiles.
What is the primary weakness of infrared communications? A. Line of sight B. Low bandwidth C. Poor authentication D. Cannot be encrypted
A. line of sight is the primary weakness of infrared communications. All of the other answers are not true. Infrared connections can support each of these.
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? A. Trojan horse virus B. Stealth virus C. Worm D. Polymorphic virus
B. A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.
You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign? A. Full Control B. Delete C. Administrator D. Modify
B. Always apply least privileges, and in this case that is Delete.
Ahmed is responsible for security of a SCADA system. If availability is his biggest concern, what is the most important thing for him to implement? A. SIEM B. IPS C. Automated patch control D. Log monitoring
B. An IPS will stop many attacks thus keeping the system online.
You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last backup? A. Full backup B. Incremental backup C. Differential backup D. Backup server
B. An incremental backup backs up files that have changed since the last full or partial backup.
Which acronym describes devices provided by the company? A. BYOD B. COPE C. CYOD D. CYOP
B. BYOD, or Bring Your Own Device, as well as CYOD, or Choose Your Own Device, are both employee-owned equipment. CYOP is not a real acronym for portable devices.
Which of the following will not reduce EMI? A. Physical shielding B. Humidity control C. Physical location D. Overhauling worn motors
B. Electrical devices, such as motors, that generate magnetic fields cause EMI. Humidity control does not address EMI.
Which of the following is a newer backup type that provides continuous online backup by using optical or tape jukeboxes and can be configured to provide the closest version of an available real-time backup? A. TPM B. HSM C. SAN D. NAS
B. HSM is a newer backup type that provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup.
You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a network operating system (NOS)? A. Common criteria B. Hardening C. Encryption D. Networking
B. Hardening is the process of improving security in a network operating system, or any operating system.
If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called: A. Clipping B. Desensitizing C. Distorting D. Crackling
B. If RF levels become too high, it can cause the receivers in wireless units to become deaf, and it is known as desensitizing. This occurs because of the volume of RF energy present
Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice? A. MD5 B. IPSEC C. TLS D. PGP
D. PGP is an excellent choice for email security.
Karl is conducting penetration testing on the Pranks Anonymous servers and having difficulty finding a weakness. Suddenly, he discovers that security on a different company's server—a vendor to Pranks Anonymous—can be breached. Once he has compromised the completely different company's server, he can access the Pranks Anonymous servers and then launch an attack. What is this weakness/exploit known as? A. Fulcrum B. Pivot C. Swivel D. Twirl
B. In the realm of penetration testing, using a weakness in another—usually trusted— entity to launch an attack against a site/server is known as a pivot.
Gerard is concerned about SQL injection attacks on his company's e-commerce server. What security measure would be most important for him to implement? A. Stress testing B. Input validation C. IPS D. Agile programming
B. Input validation can stop most SQL injection attacks.
Juan has just made a minor change to the company's e-commerce application. The change works as expected. What type of testing is most important for him to perform? A. Unit testing B. Regression testing C. Static testing D. Stress testing
B. Regression testing tests to see if the change caused any other problems.
Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You're helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads? A. Hierarchical B. Relational C. Network D. Archival
B. Relational.
Which of the following would be best at preventing a thief from accessing the data on a stolen phone? A. Geotagging B. Remote wipe C. Geofencing D. Segmentation
B. Remote wiping allows you to remove all data from a stolen phone. Geotagging would merely allow you to locate the phone. Geofencing would prevent the phone from working, but not prevent access of the data. Segmentation is used to separate user data from company data.
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash? A. DLP B. Fuzzing C. Stress testing D. HSM
B. This is fuzzing or fuzz testing
Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher? A. Type A B. Type B C. Type C D. Type D
B. Type K fire extinguishers are a subset of Type B fire extinguishers
Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file? A. Onsite storage B. Working copies C. Incremental backup D. Differential backup
B. Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.
Which of the following terms is used to describe the process of establishing a standard for security? Baselining Security Evaluation Hardening Templating
Baselining
Using Bluetooth to gain access to confidential data on another mobile device is referred to a which of the following? Bluejacking Jailbreaking Bluestealing Bluesnarfing
Bluesnarfing
Which method of code breaking tries every possible combination of characters in an attempt to "guess" the password or key? Algorithm errors Frequency analysis Mathematical Brute force
Brute Force
A programmer that does not check the length of input before processing in their program leaves the code vulnerable to what form of common attack? Backdoor Privilege escalation Session hijacking Buffer overflow
Buffer overflow
Which of the following is a reversion from a change that had negative consequences? A. Backup B. ERD C. Backout D. DIS
C. A backout is a reversion from a change that had negative consequences.
Which of the following would normally not be part of an incident response policy? A. Outside agencies (that require status) B. Outside experts (to resolve the incident) C. Contingency plans D. Evidence collection procedures
C. A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan.
Which backup system backs up all the files that have changed since the last full backup? A. Full backup B. Incremental backup C. Differential backup D. Archival backup
C. A differential backup backs up all of the files that have changed since the last full backup.
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Man-in-the-middle attack B. Backdoor attack C. Replay attack D. TCP/IP hijacking
C. A replay attack attempts to replay the results of a previously successful session to gain access.
You're the leader of the security committee at ACME Company. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following categories best describes a motion detector mounted in the corner of a hallway? A. Perimeter security B. Partitioning C. Security zone D. IDS system
C. A security zone is an area that is a smaller component of the entire facility. Security zones allow intrusions to be detected in specific parts of the building.
You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. Which model is used to provide an intermediary server between the end user and the database? A. One-tiered B. Two-tiered C. Three-tiered D. Relational database
C. A three-tiered architecture has an intermediary server.
John is looking for a solution for his company that will give the company the most control over mobile devices, while still having the employees purchase their own devices. Which of the following solutions should he select? A. BYOD B. COPE C. CYOD D. BBBA
C. CYOD has employees select from a list of approved devices. COPE has the company buy the devices, and BYOD provides very little control. BBBA is not a term used in this context.
Employees in your company are provided smartphones by the company. Which of the following best describes this? A. BYOD B. CYOD C. COPE D. BYOE
C. Company Owned and Provided Device describes company provided smartphones. The other acronyms/answers refer to alternative approaches to mobile devices
The process of automatically switching from a malfunctioning system to another system is called what? A. Fail-safe B. Redundancy C. Failover D. Hot site
C. Failover occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation? A. Upgrading B. Service pack installation C. Hotfix D. File update
C. Hotfixes usually can be installed without rebooting the machine
An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? A. DoS B. DDoS C. Backdoor D. Social engineering
C. In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.
What is the process of applying manual changes to a program called? A. Hotfix B. Service pack C. Patching D. Replacement
C. Patching.
Denish is testing an application that is multithreaded. Which of the following is a specific concern for multithreaded applications? A. Input validation B. Memory overflow C. Race conditions D. Unit testing
C. Race conditions
What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A. Patch infiltration B. XML injection C. Session hijacking D. DTB exploitation
C. Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party
Which of the following is the best description of shoulder surfing? A. Following someone through a door they just unlocked B. Figuring out how to unlock a secured area C. Watching someone enter important information D. Stealing information from someone's desk
C. Shoulder surfing is best defined as watching someone enter important information.
You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym? A. WBS B. X.509 C. RFC D. IEEE
C. The Request for Comment is how you propose a new standard.
Kristin from Payroll has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true? A. In order to be used, suspended keys must be revoked. B. Suspended keys don't expire. C. Suspended keys can be reactivated. D. Suspending keys is a bad practice.
C. The key will have to be re-activated.
You've been drafted for the safety committee. One of your first tasks is to inventory all the fire extinguishers and make certain that the correct types are in the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires? A. Type A B. Type B C. Type C D. Type D
C. Type C fire extinguishers are intended for use in electrical fires.
Which of the following fully implements the 802.11i security standards? A. WEP B. WPA C. WPA2 D. WAP
C. WPA2 fully implements 802.11i, while WEP and WPA do not. WAP is Wireless Access Point, and it is not a security mechanism.
Which of the following is another name for social engineering? A. Social disguise B. Social hacking C. Wetware D. Wetfire
C. Wetware is another name for social engineering.
As it relates to incident response, which of the following is the process used to store data in a manner so that it would be admissible in a court of law during a legal proceeding? Chain of custody Reign of usability Order of Oauth Strategic intelligence gathering
Chain of Custody
Which of the following uses multiple transparent or opaque layers to trick a user into clicking a button or link on another page when they had intended to click on the top page? Wireshark OpenVAS John the Ripper Clickjacking
Clickjacking
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario? Baseline reporting Input validation Fuzzing Code review
Code review
You need to connect a wireless laptop to your wireless network at work. The connection should use a user name and password for authentication with AES encryption. How should you configure the wireless laptop? Configure the connection to use WPA2-Personal Configure the connection to use WPA-Enterprise Configure the connection to use WPA-Personal Configure the connection to use WPA2-Enterprise
Configure the connection to use WPA2-Enterprise
After the identification of a security incident, what is the next logical step? Lessons learned Recovery Containment Eradication
Containment
What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request? A. Hoaxing B. Swimming C. Spamming D. Phishing
D. Phishing is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request.
Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide? A. Integrity B. Confidentiality C. Authentication D. Nonrepudiation
D. This is nonrepudiation
It has been brought to your attention that a would-be attacker in Indiana has been buying up domains based on common misspellings of your company's name with the sole intent of creating websites that resemble yours and prey on those who mistakenly stumble onto these pages. What type of attack is this known as? A. Watering hole B. Poisoned well C. Faulty tower D. Typo squatting
D. Typo squatting involves creating domains that are based on the misspelling of another.
Gertrude is managing a new software project. The project has very clearly defined requirements that are not likely to change. Which of the following is the most appropriate development model for her? A. Agile B. XP Programming C. Waterfall D. Scrum
D. Waterfall is a good approach when the requirements are firm.
When a hole is found in a web browser or other software, and attackers begin exploiting it before the developer can respond, what type of attack is it known as? A. Polymorphic B. Xmas C. Malicious insider D. Zero-day
D. When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-twoday response time that many software providers need to put out a patch once the hole has been found), it is known as a zero-day attack.
You find that users on your network are getting dropped from the wireless connection. When you check the logs for the wireless access point, you find that a deauthentication packet has been sent to the WAP from the users' IP addresses. What seems to be happening here? A. Bluesnarfing B. Bluejacking C. Session hijacking D. Disassociation attack
D. this is a disassociation attack. Bluesnarfing and bluejacking are Bluetooth attacks. The question does not describe session hijacking
Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smart cards to gain entry? Deploy a mantrap Use key locks rather than electronic locks Install a surveillance camera Install security cameras
Deploy a mantrap
Which of the following backup types backs up all data that has changed since the last full backup and does not clear the archive bit? Differential Full Diffie-Hellman Incremental
Differential
Which of the following plans is part of an organizations business continuity plan (BCP) and it specifically deals with the role of how the IT Dept. helps an organization recover from an unplanned event that affects the availability and usability of the network and data? Disaster Recovery Plan Against All Odds Plan Mitigation Technique Plan Backup Site Plan
Disaster Recovery Plan
Which of the following is the least effective power loss protection for computer systems? Surge protector Secondary power source Uninterruptible power supply (UPS) Backup power generator
Surge Protector