Security+ Test1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

DMZ

A DMZ is a network segment that can be created using: A. one firewall and one VPN B. one router and one firewall C. two routers D. two firewalls

A

A URL for an Internet site begins with 'https:'rather than 'http:" which is an indication that this web site uses: A. SSL B. PGP C. Kerberos D. PKI

D

A VPN is needed for users to connect to a remote site and the VPN must be transparent to the user. Which of the following VPN models would be BEST to use? A. Host to Host B. Gateway to Host C. Host to Gateway D. Gateway to Gateway

A

A Windows file server is an example of which of the following types of models? A. Discretionary Access Control (DAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Role Based Access Control (RBAC)

A

A clothing store with a single location has one owner, two managers and six cashiers. Under this scenario, which of the following inventory system permissions might be BEST aligned with the least privilege principle for the managers? A. Update rights B. Write rights C. Read rights D. Full access

D

A common tool used for wireless sniffing and war driving is: A. Sam Spacle B. S/MIME C. NESSUS D. Net Stumbler

A

A company conducts sensitive research and development and wants a strict environment for enforcing the principles of need to know, separation of duties, and least privilege. Which of the following should the company implement? A. Mandatory Access Control (MAC) B. Discretionary Access Contol (DAC) C. Single sign on D. Single factor authentication

D

A company has implemented a policy stating that users will only receive access to the system needed to perform their job duties. This is an example of: A. concurrent session control B. separation of duties C. least privilege D. access control

A

A company has instituted a VPN to allow remote users to connect to the office. As time progresses mulitple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. IKE B. AES C. SHA D. 3 DES

A

A company impements an SMTP server on their firewall. This implementation would violate which of the following security principles? A. Use a device as intended B. Keep the solution simple C. Address internal threats D. Create an in-depth defense

C

A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used? A. Routern B. Firewall C. Switch D. Hub

C

A company wants to connect the network to a manufacturer's network to be able to order parts. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection? A. Intranet B. Scatternet C. Extranet D. VPN

B

A company wants to implement a VLAN. Senior management believes that a VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocl will facilitate network efficiency. Which of the following issues should be discussed with senior management before VLAN implementation? A. MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports B. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports C. MAC addresses are a secure authetication mechanism and DTP allows only authenticated users D. MAC addresses can be spoofed and DTP allows only authenticate users

B

A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. Which of the following BEST describes this document? A Privacy Act of 1974 B. Acceptable Use Policy C. Authorized Access Policy D. Due Dillegence form

B, C

A company's security specialist is securing a web server that is reachable from the Internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server? (Select TWO). A. Network-based firewall B. Host-based IDS C. Host-based firewall D. Network-based IDS E. Router with an IDS module F. Router with firewall rule set

B, C

A company's web server needs to be accessible by remote users, business partners, and corporate users. Which of the following would be the BEST location for the web server? A. Internal network segment B. Demilitarized zone (DMZ) C. Network perimeter D. External network segment

C

A computer system containing personal identification information is being implemented by a company's sales department. The sales department has requested that the system become operational before a security review can be completed. Which of the following can be used to explain the reasons a security review must be completed? A. Need to know policy B. Risk assessment C. Corporate security policy D. Vulnerability assessment

D

A credential that has been digitally signed by a trusted authority is known as: A. a trusted packet B. an encrypted tunnel C. a trust relationship D. a certificate

D

A digital signature is used for: A. storage and recovery B. access control and trusts C. confidentiality and encryption D. integrity and non-repudiation

C

A malformed MIME header can have a negative impact on the system. Choose the option that correctly details this. A. Can result in the unauthorized disclosure of private information B. Can create a virus that infects the copmuters of users C. Can result in an e-mail server crashing D. Can lead to the creation of a back door, which will enable attackers the internal network.

B

A newly hired secuity specialist is asked to evaluate a company's network securit. The security specialist discovers that users have installed personal software; the network OS has default setting and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take? A. Disable non-essential services B. Enforce security policy C. Password managment D. Install software patches

A

A person pretends to be a telecommunications repair technician, enters a building stating that there is a networking trouble work order and requests that a security guard unlock the wiring closet. The person connects a packet sniffer to the network swith in the wiring closet and hides the sniffer behind the switch against a wall. This is an example of: A. social engineering B. a man in th middle attack C. vulnerability scan D. a penetration test

C

A person walks up to a group of people who have physcial access to a network operations room. As some of the group enters the room, this person walks into the room behind the group without providing credentials to gain access. Which of the following would BEST describe this activity? A. Walk behind B. Shoulder surfing C. Tailgating D. Social engineering

B

A program allows a user to execute code with a higher level of security than the user should have access to. Which of the following is this an example of? A. DoS B. Privilege escalation C. Default accounts D. Weak Passwords

D

A programming mechanism used to allow administrative access while bypassing the usual access control methods is known as a: A. Trojan horse B. Logic bomb C. software exploit D. back door

A

A public key ___________ is a pervasive system whose services are implemetned and delivered using public key technologies that include Certificate Authority (CA), digitial certificates, non-repudiation, and key history management. A. infrastructure B. cryptography scheme C. exchange D. distribution authority

B, C

A real estate company recently deployed Kerberos authentication on the network. Which of the following does Kerberos require for correct operation? A. POP-3 B. Key Distribution Center C. Accurate network time D. Extranets E. SSL/TLS

A

A remote user has a laptop computer and wants to connect to a wireless network in a hotel. Which of the following should be impmented to protect the laptop computer when connecting to the hotel network? A. Personal firewall B. Network firewall C. Privacy screen D. Router with firewall rule set

A

A representative from the human resources department informs a security specialist that an employee has been terminated. Which of the following would be the BEST action to take? A. Disable the employee's user accounts and keep the data for a specified period of time B. Change the employee's user password and keep the data for a specified period C. Contact the employee's supervisor regarding disposition of user accounts D. Disable the employee's user accounts and delete all data

A

A security specialist for a large distributed network with numberous divisions is selecting an access control model. Employees in the human resource division need access to personnel information but not production data and operations employees need access to production data only. Which of the following access control models would be MOST appropriate? A. Role Based Access Control (RBAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

D

A security specialist has completed a vulnerability assessment for a network and applied the most current software patches. The next step before placing the network back into operation would be to: A. conduct a follow-up vulnerability analysis B. Update the baseline C. perform penetration testing D. test the essential functionality

D

A security specialist has downloaded a free security software tool from a trusted industry site. The source has published the MD5 hash values for the executable program. The specialist performs a successful virus scan on the download but the MD5 hash is different. Which of the following steps should the specialist take? A. Re-run the anti-virus program to ensure that it contains no virus execute B. Install the executable program because there was probably a mistake with the MD5 value C. Ignore the MD5 hash values becaue the values can change during IP fragmentation D. Avoid executing the file and contact the source website administrator

D

A security specialist is called to an onsite vacant office where an employee has found an unauthorized wireless access device connected to an RJ-45 jack linked to the corporate LAN. Which of the following actions should the administrator take FIRST? A. Turn off power B. Install a sniffer C. Call the police D. Disconnect the network cable

C

A security specialist is reviewing writable FTP directories and observes several files that violate the company's security policy. In addition to checking the FTP server, the specialist should: A. Review logs for other compromises and report the situation to authorities B. Review logs for other compromises, delete the files that violate security policy and report the situation to authorities C. contain the affected system, review logs for other compromises and report the situation D. reboot the affected server, review logs for other compromises and notify the human resources department

A

A security system that uses labels to identify objects and requires formal authorization to use is BEST described as: A. Mandatory Access Control (MAC) B. Kerberos C. Role-Based Access Control (RBAC) D. Discretionary Access Control (DAC)

C, D

A small manufacturing company wants to deploy secure wireless on their network. Which of the following wireless security protocols could be used? (Select TWO). A. WAN B. IPX C. WPA D. WEP

D

A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a: A. honeypot B. anti-virus program C. packet sniffer D. firewall

C

A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take? A. Contact law enforcement officials B. Determine the business impact C. Contain the problem D. Notify management

B

A task-based control model is an example of which of the following? A. Rule Based Access Control (RBAC) B. Role Based Access Control (RBAC) C. Discretionary Access Control (DAC) D. Mandatory Access Control (MAC)

A

A technician is auditing the security posture of an organization. The audit shows that many of the users have the ability to access the company's accounting information. Which of the following should the technician recommend to address this problem? A. Changing the user rights and security groups B. Implementing a host based intrusion detection system C. Changing file level audit settings D. Implementing a host based intrustion prevention system

A

A technician wants to be able to add new users to a few key groups by default, which of the following will allow this? A. Inheritance B. Template C. Default pairing D. Auto-population

A

A uer is assigned access rights based on the function within the organization. This is a feature of which of the following types of access control models? A. Role Based Access Control (RBAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Discretionary Access Control (DAC)

A

A user accesses a retailer from an Internet search. While browsing the retailer's web site, the user wants to purchase an item and enters the credit card information. The user later observes unknown charges on the credit card bill and has not received the purchased items. Which of the following actions should the user take? A. Be sure that a URL is secure before entering personal information B. Check for shipping delays for the requested items C. Type the retailer's web address directly into the URL in the future D. Limit the number of times online purchases are made monthly

A

A user download and installs a new screen saver and the program starts to rename and delete random files. Which of the following would be the BEST description of this program? A. Trojan horse B. Logic bomb C. Virus D. Worm

A

A user has received an email from a mortgage company asking for personal information including bank account numbers. This would be descirbed as: A. phishing B. Spam C. packet sniffing D. a hoax

A

A user is assigned access rights explicitly. This is a feature of which of the following access control models? A. Discretionary Access Control (DAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Role Based Access Control (RBAC)

C

A user receives an email asking the user to reset the online banking username and password. The email contains a link and when the user accesses the link, the URL that appears in the browser does not match the link. This would be an example of: A. redirecting B. hijacking C. phishing D. spoofing

A

A web page becomes unresponsive whenever the embedded calendar control is used. Which of the following types of vulnerabilities is occurring? A. Active X B. Common Gateway Interface (CGI) C. Cross-site scripting D. Cookies

A

A workstation is being used as a zombie set to attack a web server on a certain date. The infected workstation is MOST likely part of a: A. DDoS attack B. TCP/IP hijacking C. spoofing attack D. man-in-the-middle attack

A,E

After establishing a tunnel, the IPSec Protocol Suite uses which of the following specific protocols for security the data packet? (Select TWO). A. Encapsulating Security Payload (ESP) B. Secure Key Exchange Mechanism for Internet (SKEM) C. Oakley D. Internet Security Association and Key Management Protocol (ISAKMP) E. Authentication Header (AH)

A, E

All of the following montoring type evaluate pre-specifie conditions EXCEPT: (Select TWO) A behavior-based B. rate-based C signature-based D. Performance-based E. anomaly-based

B

All of the following types of attacks can be detected by an IDS EXCEPT: A. Denial of Service (DoS) B. spoofed e-mail C. port scan D. exploits of bugs or hidden features

A

An IDS sensor on a network is not capturing all the network data traffic. This may be happening because the sensor is connected to the network with a: A. switch B. bridge C. hub D. router

B

An SMTP server is the source of email spam in an organization. Which of the following is MOST likely the cause? A. Remote access to the email application's install directory has not removed B. Anonymous relays have not been disabled C. The administrator account was not secured D. X.400 connectors have been not been password protected

D

An administrator is concerned that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which of the following could BEST be used to confirm the administrator's suspicious? A. Proxy logs B. AV server logs C. HIDS logs D. Firewall logs

A

An administrator is selecting a device to secure an internal network segment from traffic external to the segmet. Which of the followig devices could be selected to provide security to the network segment? A. NIPS B. HIDS C. Internet content filter D. DMZ

B

An administrator wants to implement a procedures to control inbound and oubound traffic on a network segment. Which of the following would achieve this goal? A. HIDS B. ACL C. Proxy D. NIDS

A

An attackercan use a specific method to exploit the clear-text attribute of Instant-Messaging sessions. Which is it? A. Packet sniffing B. Reverse engineering C. Cryptanalysis D. Port Scanning

C

An employee receives a request from a peson claiming to be an employee at a remote office location. The caller is knowledgeable about the company and the caller's name is listed in the company telephone and email directory; however, the caller claims there is an emergeny and asks that the request be expedited. Which of the following would be the BEST action for the employee to take? A. Expedite the request since the caller's identity has been verified B. Give the caller a supervisor's name and telephone number to request authority to expedite the request. C. Follow established prodedures and report any abnormal incidents D. Ask a supervisor for permission to deviate from established procedures due to the emergency

A

An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A. Faraday cage B. TEMPEST C. Mantrap D. Grounded wiring frame

B

An end-to-end traffic performance guarantee made by service provider to a customer is a: A. BCP B. SLA C. DRP D. VPN

A

An important component of a good data retention policy is: A. offsite storage B. magnetic media sorting C. server drive redundancy D. backup software licensing

B

An organization has a hierarchical-based concept of privilege management with administrators having full access, human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as: A. Rule Based Access Control (RBAC) B. Role Based Access Control (RBAC) C. Discretionary Access Control (DAC) D. Mandatory Access Control (MAC)

B, D

Audit log information can BEST be protected by: (Select TWO): A. a firewall that creates an enclave B. access controls that restrict usage c. using a VPN d. recording a write-once media e. an intrusion prevention system f. an IDS

D

Audit logs must contain which of the following characteristics? A. Authorization B. Accessibility C. Confidentiality D. Non-repudiation

A

CGI scripts are susceptible to which of the following types of attacks? A. Cross site scripting B. Buffer overflows C. DNS spoofing D. SQL injection

C

Choose malicious code which can distribute itself without having to attach to a host file. A. A virus B. A logic bomb C. A worm D. A trojan horse

C

Choose the access control method which provides the most granular access to protected objects? A. Profiles B. Capabilities C. ACLs D. Permission bits

B

Choose the access control model that allows access control determinations to be performed base on the security labels associated with each user and each data item: A. LBACs (List Based Access Control) method B. MACs (Mandatory Access Control) method C. RBACs (Role Based Access Control) method D. DACs (Discretionary Acces Control) method

B

Choose the attack or malicious code that cannot be prevented or deterred solely through using technical measures. A. Man in the middle attacks B. Social engineering C. Dictionary attacks D. DoS attacks

C

Choose the component that you would locate in the DMZ A. SQL B. User workstations C. FTP server D. Customer account database

C, E, F

Choose the items that an intruder would ignore when going through disposed garbage. Choose all options that apply. A. Process lists B. Boot sectors C. Old passwords D. Virtual memory E. Network diagrams F. IP address lists

A

Choose the mechanism that is NOT a valide access control mechanism. A. SAC list B. RBAC list C. MAC list D. DAC list

B

Choose the method of authentication which is the most COSTLY method. A. Shared secrets B. Biometrics C. Tokens D. Passwords

C

Choose the most effective method of preventing computer viruses from spreading throughout the network. A. You should prevent the excution of .vbs files B. You should require root/administrator access to run programs and applications C. You should enable scanning of all e-mail attachments D. You should install a host based IDS

D

Choose the network mapping tool (scanner) which uses ICMP. A. A share scanner B. A port scanner C. A map scanner D. A ping scanner

A

Choose the option that correctly details the greatest vulnerability of using Instant Messaging clients. A. Results in maliciouis code being delivered by file transfer B. Results in theft of root user credentials C. Results in loss of email privileges D. Results in disconnection from the file server E. Results in slow Internet connections F. Results in Blue Screen of Death errors

A

Choose the option that correctly specifies a likely negative technical impact of receiving large quantities of spam A. DoS B. Increased network throughput C. Processor underutilization D. Reduction in hard drive space requirements

C

Choose the password generator that uses a challenge-response method for authentication A. Cryptographic keys B. Smart cards C. Synchronous password generator D. Asynchronous password generator

A

Choose the ports that are used to access the FTP protocol. A. Ports 20 and 21 B. Ports 80 and 443 C. Ports 20 and 80 D. Ports 21 and 23

C

Choose the primary disadvantage of using a third party mail relay. A. A third party mail relay restricts the types of e-mail that maybe sent B. A third party mail relay restricts spammers from gaining access C. Spammers can utilize the third party mail relay D. A third party mail relay limits access to specific users

C

Choose the protocol used by a web server to encrypt data. A. ActiveX B. TCP/IP C. SSL D. IPSec

B

Choose the scheme or system used by PGP to encrypt data. A. Symmetric key distribution system B. Asymmetric scheme C. Asymmetric key distribution system D. Symmetric scheme

A

Choose the statement that best details the difference between a worm and a Trojan horse? A. Worms self replicate while Trojan horses do not B. Worms are a form of malicious code while Trojan horses are not C. Worms are distributed through e-mail messages while Trojan horses do not D. There is no difference between a worm and a Trojan horse

D

Choose the statement which best defines the characteristcs of a computer virus. A. A computer virus is a learning mechanism, contamination mechanism and can exploit B. A computer virus is a find mechanism, intitiaion mechanism and can propagate C. A computer virus is a search mechanism, connection mechanism and can integrate A computer virus is a replication mechanism, activation mechanism and has an objective

C

Choose the terminology or concept which best describes a MAC model: A. Bell-La-Padula B. BIBA C. Lattice D. Clark and Wilson

A

Choose the terminology used to refer to the situation when authorized access is perceived as an intrusion or network attack. A. False intrusion B. False positive C. False negative D. False alarm

A

Communication is important to maintaining security because communication keeps: A. the user community informed of threats B. the network bandwidth usage under control C. the IT security budget justified D. law enforcement informed of what is being done

A

Company intranet, newsletters, posters, login banners and e-mails would be good tools to utilize in a security: A. Awareness program B. Control test C. investigation D. Policy review

A

Computer forensics experts use specific guidelines to gather and analyze data while minimizing data loss. What guidelines do they use? A. Chain of custody B. Chain of command C. Evidence D. Incident response

C

Controlling access to information systems and associated networks is necessary for the preservation of their: A. authenticity, confidentiality and availability B. authenticity, confidentiality, integrity and availability C. confidentiality, integrity and availability D. integrity and availability

D

Default passwords in hardware and software should be changed: A. if a threat becomes known B. once each month C. when the vendor requires it D. when the hardware or software is turned on

C

Disguising onself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: A. a Trojan horse B. a man-in-the-middle attack C. social engineering D. a phishing attack

A

During a live response to an unauthorized access, a forensics specialist executes a command on the computer being investigated. Which of the following commands would be used to display the current network connections on the local computer? A. NETSTAT B. nmap C. netcat D. IPCONFIG/IFCONFIG

A

Following a disaster, which of the following functions should be returend FIRST from the backup facility to the primary facility? A. Least critical functions B. Systems functions C. Executive functions D. Web services

B

For a SSL connection to be automatically established between a web client and server, a specific element has to exist. Which is it? A. Shared password B. Certificate signed by a trusted root CA C. Address on the same subnet D. Common operating system

A

For which reason are clocks used in Kerberos authentication? A. Clocks are used to ensure that tickets expire correctly B. Clocks are used to both benchmark and specify the optimal encryption algorithm C. Clocks are used to ensure proper connections D. Clock are used to generate the seed value for the encryption keys

C

From the list below, choose the exploit that can be considered a DoS attack because more traffic than what the node can handle is flooded to that node. A. Ping of death B. Logic bomb C. Buffer overflow D. Smurf attack

C

From the list of options, chose the primary attribute associated with e-mail hoaxes A. E-mail hoaxese consume large quantities of server disk space B. E-mail hoaxes can result in buffer overflows on the e-mail server C. E-mail hoaxes create unnecessary e-mail traffic, as well as panic in users that are not technically inclined D. E-mail hoaxes tend to encourage malicious users

C

From the list of protocols, which is used to secure web transactions? A. XML B. SMTP C. SSL D. S/MIME

C

From the listing of attack types, which exploits poor programming techniques or lack of code review? A. CGI scripts B. Birthday attacks C. Buffer overflow attacks D. Dictionary attacks

B

From the listing of attacks, choose the attack which exploits session initiation between a Transport Control Program (TCP) client and server within a network? A. Smurf attack B. SYN attack C. Birthday attack D. Buffer Overflow attack

C

From the listing of attacks, which analyzes how the operating system (OS) responds to specific network traffic, in an attempt to determine the operating system running in your networking environment? A. Reverse engineering B. Host hijacking C. Fingerprinting D. Operating system scanning

A

From the options below, which represents the first action performed by an SSL enabled server when a user clicks to browse a secure page? A. The server uses its digital certificate to identify itself to the browser B. The server validates the user by checking the CRL C. The server requests the user to produce the CRL D. The server displays the page requested by the user on the browser, and then provides its IP address for verification purposes

C

From the options choose the disadvantage of implementing an IDS A. Administration B. Decrease in throughput C. False positives D. Compatibility

A

From the options which is a tunneling protocol that can work on IP networks because it requires IP connectivity? A. PPTP B. SSH C. IPX protocol D. L2TP

C

From the options, choose the VPN tunneling protocl A. AH (authentication Header) B. DES (Data Encryption Standard) C. IPSec (Internet Protocol Security) D. SSH (Secure Shell)

A

From the options, choose the attack which an IDS cannot detect. A. Spoofed e-mail B. DoS attack C. Port scan attack D. Vulnerability exploits

C

From the options, which details a specific advantage of implementing a single sign-on technology? A. You can configure system wide permissions B. Users must log on twice at all times C. Multiple directories can be browsed D. Multiple applications can be installed

A

From the options, which explains the general standpoint behind a DMZ? A. All systems on the DMZ can be compromised because the DMZ can be accessed from the Internet. B. Only those systems on the DMZ that can be accessed from the Internet can be compromised. C. No systems on the DMZ can be compromised because the DMZ is completely secure and cannot be accessed from the Internet D. No systems on the DMZ can be compromised because the DMZ cannot be accessed from the Internet

B

From the recommendations below, which is considered the best method for securing a web browser? A. Only use a VPN connection to connect to the Internet B. Disable all unused features of the web browser C. Do not upgrade web browsers because new versions have a tendency to contain more security flaws D. Deploy a filtering policy for unknown and illegal websites that you do not want users to access

C

Giving each user or group of users only the access they need to do their job is an example of which of the following security principals? A. Separation of duties B. Access control C. Least privilege D. Defense in depth

A

How many characters is the output of a MD5 hash? A. 32 B. 160 C. 128 D. 64

C

Human resource department personnel should be trained about security policy: A. maintenance B. implementation C. guidelines and enforcement D. monitoring and administration

B, C

IPSec uses which of the following protocols to provide traffic securiy? (Select TWO): A. L2TP B. AH C. Encapsulating Security Protcol (ESP) D. PPTP E. SSL F. SSH

A

If a user reports that the user's public/private key has been compromised, the CA should issue: A. a CRL B. an LDAP C. a CPS D. a PKCS

D

In a certificate hierarchy, the ultimate authority is called the: A. Private Branch Exchange (PBX) B. Terminal Access Controller Access Control System (TACACS) C. Certification Revocation List (CRL) D. Root Certifying Authority (Root CA)

A

In a mandatory access control (MAC) environment, which of the following are accss decisions based on? A Sensitivity labels B. Group membership C. Access control lists D. Ownership

D, E

In addition to bribery and forgery, which of the following are the MOST common techniques that attackers use to socially engineer people? (Select TWO) A. Phreaking B. Whois search C. Dumpster diving D. Flattery E. Assuming a position of trust

C, D

In order to secure web-based communications, SSL uses: (Select TWO) A. Challenge Handshake Authentication Protocol (CHAP) B. Blowfsh encryption C. Public-key cryptography D. Symmetric cryptography E. IPSec F. PPP

A

Kerberos uses which of the following ports by default? A. 88 B. 23 C. 443 D. 139

A

L2TP tunneling replies on which of the following for security? A. IPSEC B. SSH C. SSL D. L2F

C

MITRE and CERT are: A. Spyware and virus distributing software B. virus propagation monitoring utilities C. virus and malware cataloging organizations D. anti-virus software companies

A

Malicious code that enters a computer by means of a freely distributed game that intentionallys installed and played is known as: A. a Trojan horse B. a logic bomb C. a worm D. an email attachment

C

Malicious code that enters a target system, lays dormant unil a user opens the certain program then deletes the contents of attached network drives and removalbe storage devices is known as a: A. Trojan horse B. Honeypot C. Logic bomb D. worm

B

Malicious port scanning is a method of attack to determine which of the following? A. The physcial cabling topology of a network B. The fingerprint of the operating system C. Computer name D. User IDs and passwords

A

Malicious software that travels across computer networks without user assistance is an example of a: A. worm B. Trojan horse C. Virus D. logic bomb

B

Message authentication codes are used to provide which service? A. Key recovery B. Integrity C. Acknowledgement D. Faultrecover

A

Most current encryption schemes are based on: A. algortihms B. time stamps C. Digitial rights management D. randomizing

C, E

Most key fob based identification systems use which of the following types of authentication mechanisms? (Select TWO). A. Biometrics B. Kerberos C. Username/password D. Certificates E. Token

C, F

Non-essential services are often appealing to attackers because non-essential services: (Select TWO). A. consume less bandwidth B. decrease the surface area for the attack C. sustain attacks that go unnoticed D. provide root level access E. are not visible to an IDS F. are not typically configurd correctly or secured

A

Non-repudiation is enforced by which of the following? A. Digital signatures B. Cipher block chaining C. Secret keys D PKI

B

Of the intrusion detection capabilities listed below, which is FALSE for a network based IDS system? A. A network based IDS system can detect attacks in progress, attack patterns within the network and malicious activities. B. A network based IDS system can detect dial-in intrusions and attempts to physically access the server. C. A network based IDS system can see packet header information, which is invisible to host-based IDS systems D. A network based IDS system can monitor and report on all network traffic, based on where it is located

C

On a Windows host, which of the following event logs would contain failed logons? A. DNS log B. Application log C. Security log D. System log

A

On the topic of comparing viruses and hoaxes, which statement is TRUE? Choose the best TRUE statement. A. Hoaxes can create as much damage as a real virus B. Hoaxes carry a malicious payload and can be ignored C. Hoaxes are harmless pranks and should be ignored D. Hoaxes can help educate users about a virus

A

One of the below attacks focus on the cracking of passwords, which one is it? A. Dictionary B. Teardrop C. Spamming D. SMURG

A

One of the following options details the main advantage of why you should choose to use SSL over using HTTPS. Which is it? A. SSL supports additional Application layer protocols, for instance FTP and NNTP, whereas HTTPs does not. B. SSL provides full application security for HTTP whereas HTTPS does not C. SSL supports user authentication whereas HTTPS does not D. SSL and HTTPS are transparent to the application

C

One of these protocols is used to encrypt traffic passed between a web browser and web server. Which is it? A. IPSec B. VPN C. SSL D. HTTP

A

One type of network attack sends two different messages that use the same hash function to generate the same message digest. Which network attack does this? A. Birthday attack B. Brute force attack C. Ciphertext only attack D. Man in the middle attack

D

One type of port scan can determine which ports are in a listening state on the network, and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP fin scan B. A TCP connect scan C. A TCP null scan D. A TCP SYN scan

D

Open FTP file shares on servers can faciliate which of the following types of attacks? A. CPU starvation B. Memory starvation C. Smurf D. Disk storage consumption

C

PKI provides non-repudiation by providing third-party assurance of certificate: A. destruction B. revocation C. validation D. expiration

A

Poor programming techniques and lack of code review can lead to which of the following types of attack? A. Buffer overflow B. Dictionary C. Common Gateway Interface (CGI) script D. Birthday

C

Pretty Good Privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as: A. hierarchical B. downlevel C. peer-to-peer D. hybrid

B

Pretty good privacy (PGP) uses a PKI Trust Model where no certificate authority (CA) is subordinate to another. The model with no single trusted root is known as: A. hybrid B. peer-to-peer C. downlevel D. hierarchical

B

Privileges are used for which of the following purposes? A. To allow or deny signature updates to group applications B. To allow or deny specific actions to users or groups C. To allow or deny network traffic from host based systems D. To allow or deny network traffic from server based systems

D

Refusing a ticket, as a replay attack, in Kerberos authentication will not be successful because the tickets: A. use a token B. are digitally signed C. are encrypted D. are time stamped

C

SSL establishes a stateful connection negotiated by a process performed between client and server. Identify the protocol that allows for the following: 1. Client and server authentication 2. MAC and encryption algorithm negotiation 3. Selection of cryptographic keys A. SSL alert protocol B. SSL change cipher spec protocol C. SSL handshake protocl D. SSL record protocol

C

SSL operates at which layer? A. Data link B. Network C. Transport D. Application

A

Secret Key encryption is also known as: A. symmetrical B. asymmetrical C. reply D. one way function

D

Sending a patch through a testing and approval process is an example of which of the following? A. User education and awareness training B. Disaster planning C. Acceptable use policies D. Change managment

A, D

Social engineering attacks would be MOST effective in which of the following environments? (Select TWO) A. A company with a help desk whose personnel have minimal training B. A company with a dedicated information technology (IT)security staff C. A locked, windowless building D. A public building that has shared office space E. A military facility with computer equipment containing biometrics

A

Stateful packet inspection is a methodology used by: A. a firewall B. NAT C. network monitoring D. a hub

B

The CHAP sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer. A. At the stage when the connection is established B. At the stage when the connection is established and at whichever time after the connection has been established C. At the stage when the connection is established and when the connection is disconnected D. At the stage when the connection is disconnected

C

The Certpaper.com wireless network environment uses WEP to provided wireless security. Choose the entitiy or entitiies that can authenticate to an access point. A. Administrators only B. Only Certpaper.com users C. AllCertpaper.com users that have the correct WEP key D. Anyone

A

The DAC model has an inherent flaw. Choose the option that describes this flaw. A. The DAC model uses only the identity of the user or specific process to control access to a resource. This creates a security loophole for Trojan horse attacks B. The DAC model does not have any known security flasw. C. The DAC model does not use the identity of a user to control access to resources. This allows anyone to use an account to access resources. D. The DAC model uses certificates to control access to resources. This creates an opportunity for attackers to use your certificates

B

The Diffie-Hellman encryption algorithm relies on which of the following? A. Tunneling B. Key exchange C. Passwords D. Digital signatures

B

The FIRST step in creating a security baseline would be: A. installing software patches B. creating a security policy C. vulnerability testing D. identifying the use case

D

The IPSec Security Assocation is managed by A. IEEE B. AH C. ESP D. ISAKMP

D

The MOST common Certificate Server port required for secure web page access is port: A. 25 B. 80 C. 446 D. 443

D

The MOST common exploits of Internet-exposed network services are due to: A. active content (e.g. Java Applets) B. Trojan horse programs C. Illicit servers D. buffer overflows

B, D

The SSL protocol operates between specific layers of the OSI reference model. Which is it? Choose all correct answers. A. Physcial Layer B. Application Layer C. Network Layer D. Transport Layer E. Data Link Layer

D

The authentication process where the user can access several resources without the need for multiple credentials is known as: A. need to know B. Decentralized management C. Discretionary Access Control (DAC) D. Single sign-on

A

The concept that a web script is run in its own environment and cannot interfere with any other process is known as a: A. sandbox B. VLAN C. honey pot D. Quarantine

C

The difference between identification and authentication is that: A. authentication verifies the identify of a user requesting credentials while identification verifies a set of credentials B. authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group C. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials D. authentication verifies a set of credential while identification verifies the identity of the network

D

The employees at a company are using instant messaging on comapny networked computers. The MOST important security issue to address when using instant messaging is that instant messaging: A. Uses weak encryption B. communications are a drain on bandwidth C. has no common protocol D. Communications are open and unprotected

C

The first step in effectively implementing a firewall is: A. blocking unwanted outgoing traffic B. blocing unwanted incoming traffic C. developing a firewall policy D. protecting against DDoS attacks

D

The first step in risk identification would be to identify: A. threats B. costs C. vulnerabilities D. assets

B

The process of documenting who applied a patch to a specific firewall at a specific time and what the patch is supposed to accomplish is known as: A. logs and inventories B. Change control management C. user awareness D. asset identification

B

The process of predicting threats and vulnerabilities to assets is known as threat: A. mitigation B. modeling C. acceptance D. avoidance

A

The purpose of the SSID in a wireless network is to: A. identify the network B. protect the client C. secure the WAP D. define the encryption protocols used

A, B

The risks of social engineering can be decreased by implementing: (Select TWO) A.security awareness training B. identity verification methods C. risk assessment policies D. vulnerability testing techniques E. operating system patching instructions

C

To aid in preventing the execution of malicious code in email clients, which of the following should be done by the email administrator? A. Email client features should be disabled B. Regular updates should be performed C. Spam and anti-virus filters should be used D. Preview screens should be disabled

D

To keep an 802.11x netowrk from being automatically discovered, a user should: A. activate the SSID password B. leave the SSID default C. change the SSID name D. Turn off the SSID broadcast

B

To preserve evidence for later use in court, which of the following needs to be documented? A. Disaster recovery plan B. Chain of custody C. Audit trail of systems usage D. Chain of certificates

D

To reduce vulnerabilities on a web server, an administrator should adopt which of the following preventive measure? A. Enable auditing on the web server and periodically review the audit logs B. Block all Domain Name Service (DNS) requests coming into the server C. Use packet sniffing software on all inbound communications D. Apply the most recent manufacturer updates and patches to the server

A

Turnstiles double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. Piggybacking B. Looking through a co-worker's trash to retrieve information C. Impersonation D. Looking over a co-workers shoulder to retriever information

B

User logs in with a domain account and is denied access to a specific file which the user should have access to. The server is not able to verify the identity of the user. Which of the following is the problem? A. Allocation B. Authentication C. Identification D. Authorization

B

Using software on an individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? A. Distributed key B. Decentralized C. Hub and spoke D. Centralized

B

WEP uses which of the following stream ciphers? A. 3DES B. RC4 C. IKE D. RC2

A, E

WTLS provides security services between network devices or mechanisms. Which is it? Choose all that apply. A. WAP gateway B. Wireless client C. Web server D. Wireless NIC E. Mobile device

D

What is the BEST process of removing PII data from a disk drive before reuse? A. Destruction B. Reformatting C. Degaussing D. Sanitization

C

What is the primary security risk associated withremovable storage? A. Integrity B. Confidentiality C. Continuity D. Availability

A

When a patch is released for a server the administrator should: A. test the patch on a non-production server then install the patch to production B. Install the patch and then backup the production server C. Immediately download and install the patch D. not install the patch unless there is a current need

C

When reviewing audit trails, what makes unique user IDs especially important? A. Unique user IDs cannot be modified easily B. Unique user IDs triggers corrective controls C. Unique user IDs establishes individual accountability D. Unique user IDs show which files and data were changed

A

When reviewing traces from an IDS, the following entries are observed: Date Time Source IP Destination IP Port Type 10/21 0900 192.168.5.2 10.10.2.1. 20 SYN 10/21 0915 192.168.5.2 10.10.2.1 21 SYN 10/21 0920 192.168.5.2.10.10.2.1 23 SYN 10/21 0930 192.168.5.2.10.10.2.1 25 SYN Which of the following is MOST likel occurring? A. Port scanning B. SYN Flood C. Denial of Service (DoS) D. Expected TCP/IP traffic

D

When setting password rules, which of the following would lower the level of security of a network? A. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before B. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account C. Passwords must be greater than six characters and contain at least one non-alpha D. Comlex passwords that users can not remotely change are randomly generated by the administrator and given to users

B

Which access control method allows users to have some level of flexibility on how information is accessed, but at the expense of increasing the risk unauthorized disclosure of information? A. Role-Based Access Control (RBAC) method B. Discretionary Access Control (DAC) method C. All of the above D. Mandatory Access Control (MAC) method

B

Which definition best defines what a challenge-response session is? A. A challenge-response session is a workstation or system that produces a random login ID that the user provides, when prompted, in conjunction with the proper PIN B. A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjuction with the proper PIN C. A challenge-response session is a special hardware device used to produce random text in a cryptography system. D. A challenge-response session is the authentication mechanism in the workstations or system that does not determine whether the owner shouled be authenicated.

B

Which is a BEST practice method to assign rights and privileges? A. By network B. By individual C. By group D. By location

D

Which of following can be used to determine the topology of a network and discover unknown devices? A. Password crackers B. Penetration testing C. Vulnerability scanner D. Networkmapper

C

Which of the below options would you conider as a program that constantly observes data traveling over a network? A. Smurfer B. Fragmenter C. Sniffer D. Spoofer

B

Which of the followg may be a security issue during transport of store tape media to an offsite storage location? A. Corruption ofthe media B Theft of the media C. Timely restore of lost data D. A courier x-raying the contents

B

Which of the followig authentication methods requires that the client authenticate itself to the server and the server authenticate itself to the client? A Username B. Mutual C. Multifactor D. Biometric

B

Which of the followin methods of password guessing typically requires the longest attack time? A. Birthday B. Brute force C. Dictionary D. Rainbow

C

Which of the following BEST describes a set of programs and code that allows an undetectable presence on a system with administrative rights? A. Trojan horse B. Virus C. Rootkit D. Worm

C, E

Which of the following BEST describes actions pertaining to user account reviews? (Select TWO). A. User accounts reports are periodically extracted from systems and end users are informed. B. User accounts reports are periodically extracted from systems and user access date are verified C. User accunt reports are periodically extracted from systems and employment verification is performed. D. User accounts and their privileges are periodically extracted from systems and reports are kept for auditing purposes. E. User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization.

A

Which of the following BEST describes an attack that takes advantage of a computer not fully updated with the most recent operating system patches? A. Software exploitation B. Vulnerability C. Brute force D. Spoofing

D

Which of the following BEST describes the sequence of steps in the auditing process? A. Set auditing on the object and respond as alerts are generated B. Enable auditing and set auditing to record all events C. Enable auditing, set auditing on the object and respond as alerts are generated D. Enable auditing, set auditing on objects and review event lgos

B

Which of the following VPN implementations consists of taking IPv6 security features and porting them to IPv4? A. SSL B. IPSEC C. L2TP D. PPTP

D

Which of the following access control models uses subject and object labels? A. Role Based Access Control (RBAC) B. DAC C. Rule Based Access Control (RBAC) D. MAC

A

Which of the following access decisions are based on a Mandatory Access Control (MAC) envrironment? A. sensitivity labels B. Ownership C. Group membership D. Access control lists

A

Which of the following actions can an attacker perform when network services are enabled on a target system? A. An attacker can runa port scan against the target system B. An attacker can enable logging on the target system C. An attacker can install a rootkit on the target system D. An attacker can check te service file

C

Which of the following activities is MOST closely associated with DLL injection? A. SQL servers B. Vulnerability assessment C. Penetration testing D. Network mapping

A, D, F

Which of the following are MOST likely to be analyzed by Internet filter appliances/servers? (Select THREE). A. Content B. TLS C. Keys D. URL E. CRLs F. Certificates

D, E

Which of the following are components of host hardening? (Select TWO) A. Removing a user access to the user data B. Configuring the Start menu and Desktop C. Adding users to the administrator group D. Disabling unnecessary services E. Applying patches

B, C

Which of the following are components of host hardening? (Select TWO). A. Configuring the Start menu and Desktop B. Applying patches C. Disabling unneccessary services D. Adding users to the administrator group E. Removing a user's access to the user's data

B, D

Which of the following are types of certificate-based authentication? (Select TWO) A. Many-to-many mapping B. One-to-one mapping C. One-to-many mapping D. Many-to-one mapping

D

Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text? A. Password cracker B. Vulnerability scanner C. Port scanner D. Protocol analyzer

B

Which of the following authentication methods is based upon an authentication server that distributes tickets to clients? A. Multifactor B. Kerberos C. Username/password D. Challenge Handshake Authentication Protocol (CHAP)

C

Which of the following authentication systems make use of the KDC Key Distribution Center? A. Security Tokens B. CHAP C. Kerberos D. Certififcates

D

Which of the following best describes what tunneling is? A. Tunneling is the process of creating a tunnel capable of capturing data B. Tunneling is the process of moving through three levels of firewalls C. Tunneling is the process of passing information over the Internet within the shortest time frame D. Tunneling is the process of utilizing the Internet as part of a private secure network

C

Which of the following connectivity is required for a web server that is hosting an SSL based web site? A. Port 443 outbound B. Port 80 inbound C. Port 443 inbound D. Port 80 outbound

D

Which of the following correctly identifies some of the contents of an end user's X.509 certificate? A. A: User's public key, object identifiers, and the location of the user's electronic identity B. User's public key, the serial number of the CA certificate, and the CRL entry point C. User's public key, the CA distinguished name, and the type of symmetric algorithm used for encryption D. User's public key, the certificate's serial number, and the certificate's validity dates

C

Which of the following correctly specifies where user accounts and passwords are stored in a decentralized privilege management environment? A. User accounts and passwords are stored on a server configured for decentralized management B. User accounts and passwords are stored on no more than two servers C. User accounts and passwords are stored on each individual server D. User accounts and passwords are stored on a central authentication server

B

Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. Private addressing B. NAT C. SOCKS D. DNS

D

Which of the following could result in a DDoS? A. TCP/IP Hijacking B. Buffer Overflow C. NIPS D. Privilege escalation

D

Which of the following daemons is MOST likely to be the cause if an unauthorized user obtains a copy of a Linux systems/etc/passwd file? A . SSH with version 0.9.8a is installed and configured for remote administration B. SSL has enabled the Apache service with no virtual hosts configured C. Sendmail is configured to allow the administrator's web access D. FTP configures to allow anonymous user access

B

Which of the following definitions would be correct regarding Active Inception? A. Listening or overhearing parts of a conversation B. Placing a computer system between the sender and receiver to capture information C. Someone looking through your files D. Involve someone who routinely monitor network traffic

A

Which of the following describes a semi-trusted location used to securely house public facing servers betwween the Internet and the local network? A. DMZ B. VLAN C. Intranet D. vPN

A

Which of the following describes a server or application that is accepting more input than the server or application is expecting? A. Buffer overflow B. Brute force C. Denial of Service (DoS) D. Syntax error

A

Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A. One Way Function B. Symmetric C. Asymmetric D. Pseudorandom Number Generator (PRNG)

A

Which of the following describes an unauthorized user redirecting wireless network traffic from the intended access point to a laptop to inject a packet with malware? A. A man-in-the-middle attack B. A replay attack C. A social engineering D. A weak key

D

Which of the following describes backing up files and software that have changed since the last full or incremental backup? A. Delta backup B. Full backup C. Differntial backup D. Incremental backup

C

Which of the following describes the process by which a singler user name and password can be entered to access multiple computer applications? A. ACL B. Constrained user interfaces C. Single sign-on D. Encryption protocol

C

Which of the following describes the process of comparing cryptographic hash functions of system executables, configuration files, and log files? A. Network based intrusion detecton B. Stateful packet filtering C. File integrity auditing D. Host based intrusion detection

C

Which of the following freeware forensic tools is sed to capture packet traffic from a network? A. nmap B. NESSUS C. tcpdump dd

A

Which of the following increases the collision resistance of a hash? A. Salt B. Rainbow Table C. Larger key space D. Increase the input length

C

Which of the following is MOST often used to allow a client or partner access to a network? A. DMZ B. VLAN C. Extranet D. Intranet

B

Which of the following is a best practice for managing user rights and privileges? A. Enroll users in a biometric authentication system, deploy biometric hardware to the client computers, and grant righs and privileges. B. Identify roles and objects to be accessed, create groups, and grant rights and privileges based on groups C. Create a list of departments, create a folder for each department, meet with the departments and direct them to access their departmental foler D. Create a certificate authority, issue certificates to each user, assign rights and privileges based on individual certificates

A

Which of the following is a common type of attack on web servers? A. Buffer overflow B. Birthday C. Spam D. Brute force

A

Which of the following is a critical element in private key technology? A. Keeping the key secret B. Using the key to decrypt messages C. Distributing the key to everyone D. Getting the proper key the first time

B

Which of the following is a major reason that social engineering attacks succeed? A. Audit logs are not monitored frequently B. Lack of security awareness C. Strong passwords are not required D. Multiple logins are allowed

C

Which of the following is a port scanning utility? A. John the Ripper B. L0phtcrack C. Nmap D. Cain & Abel

C

Which of the following is a protocol analyzer? A. John the Ripper B. Nessus C. WireShark D. Cain & Abel

A

Which of the following is a reason to implement security logging on a DNS server? A. To monitor unauthorized zone transfer B. To perform penetration testing on the DNS server C. To control unauthorized DNSDoS D. To measure the DNS server performance

C

Which of the following is a reason to use a vulnerability scanner? A. To identify remote access policies B. To assist with PKI implementation C. To identify open ports on a system D. To assist with protocol analyzing

D

Which of the following is a security reason to implement virtualization throughout the network infrastructure? A. To analyze the various network traffic with protocol analyzers B. To implement additional network services at a lower cost C. To centralize the patch management of network servers D. To isolate the various network services and roles

C

Which of the following is a solution that you can implement to protect against an intercepted password? A. Implement a VPN B. Implement PPTP C. Implement a one time password D. Implement complex password requirements

B

Which of the following is a suitable hashing algorithm for a secure environment? A. SHA-1 because it produces 160-bits message digests B. MD5 because it produces 160-bits message digests C. MD5 because i produces fewer numbers of collisions D. RC4 because it produces 160-bits message digests

C

Which of the following is a suppression method for a Class C Fire? A. Soda acid B. Dry powder C. Carbon dioxide (CO2) D. Water

B

Which of the following is an example of two-factor authentication for an information system? A. Photo ID and PIN B. ATM card and PIN C. Retina scan and mantrap D. Username and password

C

Which of the following is an installable package that includes several patches from the same vendor for various applications? A. Hotfix B. Patch rollup C. Service Pack D. Patch template

B

Which of the following is commonly used in a distribution denial of service (DDOS) attack? A. Adware B. Botnet C. Phishing D. Trojan

B

Which of the following is considered by some HIDS tools to detect system security related anomalies? A. Patch reports B. File hashing snapshot comparison C. Vulnerability analysis snapshot comparison D. Virus signature reports

B

Which of the following is often misused by spyware to collect and report a users's activities? A. Session cookie B. Tracking Cookie C. Persistent Cookie D. Web bug

A

Which of the following is the BEST description of the basic elements of virtualization? A. Guest, HOst, Hypervisor, Hardware B. Host, Sandbox, Hypervisor, Hardware C. Guest, Sandbox, Hypervisor, Hardware D. Sandbox, Emulator, Hypervisor, Hardware

B

Which of the following is the BEST place to obtain a hotfix or patch for an application or system? A. An email from the vendor B. The manufactureer's website C. A newsgroup or forum D. A CD-ROM

C

Which of the following is the MOST effective social engineering defensive strategy? A. Badge security system B. Escorting of guests C. Training and awareness D. Marking of documents

A

Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. Perform a vulnerability assessment B. Install and monitoran IDS C. Run a sniffer D. Run a port scan

A

Which of the following is the MOST efficient way to force a large number of uses to change their passwords on logon? A. Force the change with group policy B. Force the change by security group C. Force the change with registry editor D. Force the change with remote logon

C

Which of the following is the MOST secure way to implement data encryption between SMTP servers? A. PPTP B. SSL C. TLS D. L2TP

D

Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. Weak encyption can be easily broken B. It is subject to a man-in-the-middle attack C. Private keys can be compromised D. A user must trust the public key that is received

B

Which of the following is the number of security associations in an IPSec encrypted session for each direction? A. 4 B. one C. 2 D. 8

A

Which of the following is the primary method of performing network hardening? A. Disable any unnecessary ports and services B. Conduct vulnerability analysis C. Deploy a firewall and IDS D. Develop a trust model

D

Which of the following is used by anti-virus software to detect viruses that have not been previously identified? A. Zero-day algorithm B. Quarantingin C. Random scanning D. Heuristic analysis

C

Which of the following logs shows when the workstations was last shutdown? A. Access B. Security C. System D. DHCP

C

Which of the following methods of documenting and storing a password is considered acceptable? A. Writing the password on a note and placing the note under the computer keyboard B. Sharing the password with a family member and asking the family member not to reveal the password C. Writing the password on a piece of paper and storing the paper in a locked safe D. Placing the password in a text document and saving the document on the system administrator's computer

B

Which of the following methods will help identify when unauthroized access has occurred? A. Implement session termination mechanism B. Implement previous logon notification C. Implement session lock mechanism D. Implement two-factor authentication

A

Which of the following must be installed for HTTPS to work properly on a web site? A. Digital certificate B. Symmetric Key C. 3DES encryption D. Security token

C

Which of the following needs to be backed up on a domain controller to be able to recover Active Directory? A. User date B. Operating System C. System state D. System files

B

Which of the following network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource and uses a Key Distribution Center (KDC)? A. RADIUS B. Kerberos C. TACACS+ PKI

D

Which of the following portions of a company's network is between the Internet and an internal network? A. Filter router B. IDS C. Bastion host D. DMZ

A, D

Which of the following ports are typically used by email clients? (Select TWO) A. 143 B. 3389 C. 23 D. 110 E. 49 F. 194

B

Which of the following programming techniques should be used to prevent buffer overflow attacks? A. Automatic updates B. Input validation C. Nested loops D. Signed applets

A

Which of the following protocols are not recommended due to them supplying passwords and information over the network? A. SNMP B. Network News Transfer Protocol (NNTP) C. Domain Name Service (DNS) D. Internet Control Message Protocol (ICMP)

A

Which of the following protocols is used by Encapsulating Security Payload (ESP) in IPSEC? A. 50 B. 25 C. 51 D. 20

A

Which of the following protocols works with 802.1X to authenticate a client to a network? A. EAP B. LDAP C. CHAP D. SPAP

B

Which of the following provides the MOST secure form of encryption? A. 3DES B. AES C. Diffie-Hellman D. DES

C

Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? A. Authentication B. Confidentiality C. Integrity D. Non-repudiation

C, D, F

Which of the following security services are provided by digital signatures? (Select THREE). A. Authorization B. Encryption C. Authentication D. Non-repudiation E. Confidentiality F. Integrity

B, E

Which of the following settings works BEST to avoid password reuse? (Select TWO). A. Password complexity controls B. Password history C. Account lockout D. Maximum password age E. Minimum password age

B

Which of the following should be done if an audit recording fails in an IS? A. Overwrite the oldest audit records B. Send an alert to the appropriate personnel C. Stop generating audit records D. Log off the user

A

Which of the following should be scanned for viruses? A.Executable files B. All of the above C. Plain text documents D. Microsoft Word documents

B

Which of the following trust models would allow each user to create and sign certificates for the people they know? A. Browser trust-list B. Web-of-trust C. Single certificate authority (CA) D. Hierarchical

D

Which of the following trust models would allow each user to create and sign certificates for the people they know? A. Single certificate authority (CA) B. Browser trust-list C. Hierarchical D. Web-of-trust

C

Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment? A. Carbon Dioxide B. Halon C. Water D. Foam

C

Which of the following types of IDS should be employed to obtain the MOST information about the enterprise? A. Unix based B. Server based C. Network based D. Host based

A, D

Which of the following types of IDS should be implemented to monitor traffic on a switch? (Select TWO). A. Network Based Passive B. Host Based Active C. Host Based Passive D. Network Based Active

C

Which of the following types of IDS uses known patterns to detect malicious activity? A. Detection based B. Keyword based C. Signature based D. Anomaly based

C

Which of the following types of attacks consists of a computer sending PING packets with the destination address set to the network's broadcast address and the source address set to the target computer's IP address? A. Replay B. XMAS Tree C. Smurg D. Fraggle

B

Which of the following types of attacks is targeting a web server if thousands of computers are simultaneously sending hundreds of FIN packets with spoofed source IP addresses? A. XMAS tree scan B. DDoS C. Brute force D. SYN flood

D

Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation? A. Kerberos B. Biometric C. Mutual D. Multifactor

D

Which of the following types of authentication models uses a smart card and a User ID/Password for accessing network resources? A. Tokens B. Biometric C. Mutual D. Multifactor

D

Which of the following types of firewalls provides inspection at layer 7 of the OSI model? A. Packet filters B. Stateful inspecion C. Network address translation (NAT) D. Application Proxy

B

Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software? A. Trojan horse B. Worm C. Virus D. Logic Bomb

B

Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. DNS B. FTP C. Web D. Email

B

Which of the following types of servers should be placed on a private network? A. Email server B. File and print server C. Remote Access Server D. Web server

C

Which of the following web vulnerabilities is being referred to when it receives more data than it is programmed to accept? A. SMTP Relay B. Cookies C. Buffer Overflows D. CGI

B, E

Which of the following will allow a credit card information theft? (choose TWO) A. Virus B. Adware C. Worm D. SPIM E. Phishing

C

Which of the following will allow you to monitor a user's online activities? A. Logic bomb B. virus C. Spy ware D. worm

A

Which of the following would allow an administrator to find weak passwords on the network? A. A rainbow table B. A networkmapper C. A hash function D. A password generator

A

Which of the following would be BEST for deploying third-party application security updates on a network with 1,000 computers? A. Enterprise System Management (ESM) B. Baseline security analyzer C. Vulnerability scanner D. Logon script

A

Which of the following would be MOST desirable when attacking encrypted data A. weak key B. Sniffed traffic C. Block cipher D. Algorithm used

B

Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A. Alternate sites B. Disaster recover plan C. Fault tolerant systems D. Offsite storage

A

Which of the following would be MOST important when designing a security awareness program? A. Conducting user training sessions B. Minimizing development cost C. Using an independent security instructor D. Creating security awareness posters and notices

D

Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The attacking computer's audit logs B. The firewall's logs C. The domain controller's logs D. The target computer's audit logs

A, C, E

Which of the following would be achieved by using encryption? (Select THREE). A. Non-repudiation B. Availability C. Confidentiality D. Authorization E. Integrity

C

Which of the following would be an advantage for using PKI over a key server system? A. Certificate authority revocation is easy to implement B. PKI is less complex to deploy C. The root certifcate authority key can be stored offline D. The key server is superior in large systems

A

Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A. Right click on the lock at the bottom of the browser and check the certificate information B. Ensure that the web URL starts with 'https:\\' C. Contact Thawte or Verisign and ask about the web page D. Contact the web page's web master

A

Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. Revoke the key B. Renew the key C. Reconfigure the key D. Delete the key

A, B

Which of the following would be an example of a hardware device where keys can be stored? (Select TWO). A. Smartcard B. PCMCIA card C. PCI card D. Network interface card (NIC)

C

Which of the following would be an example of a high-availability disk technology? A. Clustering B. Load balancing C. RAID D. Remote access

A, B

Which of the following would be considered a detrimental effect of a virus hoax? (Select TWO). A. Users are tricked into changing the system configuration B. Technical support resources are consumed by increased user calls C. The email server capacity is consumed by message traffic D. Users are at risk for identity theft

D

Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A. Data integrity B. Asymmetric cryptography C. Anti-aliasing D. Non-repudiation

B

Which of the following would be the BEST reason for certification expiration? A. To keep the server from using the same key for two sessions B. Brute force techniques are likely to break the key if given enough time C. Renewal keeps the log files from getting too large D. The longer an encryption key is used the more processing power it will consume

B, C

Which of the following would be the BEST step to take to stop unauthorized users from targeting a wireless network with a site survey? (Select TWO). A. Using a switch rather than a hub B. Changing the default SSID C. Disabling SSID broadcasting D. Physically locking the WAP E. Broadcasting a false domain name

A

Which of the following would be the FIRST step to take to mitigate the threat of non-essential domain accounts? A. Develop a security policy B. Rename the system administrator account C. Review the domain accounts D. Write an LDAP query

C

Which of the following would be the MOST common method for attackers to spoof email? A. Web proxy B. Man in the middle attacks C. Open relays D. Trojan horse programs

D

Which of the following would be the MOST effective backup site for disaster recovery? A. Cold site B. Reciprocal agreement C. Warm site D. Hot site

B

Which of the following would be the MOST important reason to apply updates? A. Software is a productivity facilitator and as new functionality is available the functionality must be enabled B. Software is inherently insecure and as new vulnerabilities are found the vulnerabilities must be fixed C. Software is a supported product and vendors won't support the product if the latest version is not installed D. Software is a licensed product and the license will expire if not updated

A

Which of the following would be the mnimally acceptable method of ensuring that a disposed hard drive does not reveal sensitive data? A. Perform multiple bit level overwrites B. Format the drive C. Use the FDISK Command D. Delete the files and re-install the operating system

A

Which of the follownig describes an attacker encouraging a person to perform an action in order to be successful? A. Social engineering B. Password guessing C. Back door D. Man-in-the-middle

A

Which of the follwoing BEST describes the baseline process of securitng devices on a netwrok infrastructure? A. Hardening B. Active prevention C. Enumerating D. Passive detection

C

Which of the follwoing would allow a technician to compile a visual view of an infrastructure? A. Protocol analyzer B. Port scanner C. Network D. Security log

A

Which of the folowing would be MOST effective in preventing network traffic sniffing? A. Use switches instaed of hubs B. Disable promiscuous mode C. Use hubs instead of routers D. Deploy an IDS

A

Which password management system best provides for a system with a large number of users? A. Self service password reset management systems B. Locally saved passwords management systems C. Multiple access methods management systems D. Synchronized passwords management systems

C

Which ports need to be open to allow a user to login remotely onto a workstation? A. 53 B. 8080 C. 3389 D. 636

A

Which scenario or element would typically cause a CGI (Common Gateway Interface) security issue? A. The external data provided by the user. B. The HTTP (Hypertext Transfer Protocol) protocol C. The compiler or interpreter which runs the CGI script D. The web browser

B

Whih of the following types of backus requires that files and software that have been changed since the last full backup be copied to storage media? A. Full B. Differential C. Incremental D. Delta

B

While surfing the Internet a user encounters a pop-up window that prompts the user to download a browser plug-in. The pop-up window is a certificate which validates the identity of the plug-in developer. Which of the following BEST describers this type of certificate? A. Web certificate B. Software publisher certificate C. CA certificate D. Server certificate

B

You plan to update the user security policy. Whom should the new updated user security policy be distributed and made available to? A. All auditors B. All staff C. All security administrators D. All users

C

You work as a security administrator at Certpaper.com. The Certpaper.com network must be configured to support e-mail communication using SMTP. Which ports must you open on the firewall to support SMTP connections? A. Open UDP port 25 to inbound connections B. Open UDP port 110 to inbound connections C. Open TCP port 25 to inbound and outbound connections D. Open TCP port 110 to inbound and outbound connections

B

You work as the security administator at Certpaper.com. The Certpaper.com network must be configured to allow LDAP traffic. Which ports must you open on the firewall to allow LDAP traffic? A. Open ports 389 and 139 B. Open ports 389 and 636 C. Open ports 636 and 137 D. Open ports 137 and 139

D

You work as the security administrato at Certpaper.com. You must document te procedure for handling computer virus infections. Choose the action which you should specify to perform when receiving an e-mail message warning of the existance of a virus on the system if a specific executabe file exists? A. First broadcast a message to all users to alert them of the presence of a virus. B. First locate and download a patch to repair the file C. First search for and delete the virus file D. First investigate the e-mail message as a possible hoax with a trusted anti-virus vendor

C

You work as the security administrator at Certpaper.com. One morning you discover that a user named Mia Hamm has used her user account to log on to a network server. Mia has then executed a program and been able to perform operations which only a network administrator or security administrator should be able to. What type of attack has occured? A. Trojan horse B. Security policy removal C. Privilege escalation attack D. Subseven back door

A

You work as the security administrator at Certpaper.com. You are defining a SLA. You want to ensure the availability of server based resources over guaranteed server performance levels. What must you include in the SLA to achieve this objective? A. Hosting B. Application C. Network D. Security

C

You work as the security administrator at Certpaper.com. You are investigating the consequences of networks attacks aimed at FTP servers. Which of the following states the aim of a FTP bounce attack? A. The attak aims to store and distribute malicious code B. The attack aims to exploit buffer overflow vulnerability on the FTP server C. The attack aims to establish a connection between the FTP server and another computer D. The attack aims to reboot the FTP server

A, B, C, D

You work as the security administrator at Certpaper.com. You have become aware of a hacker accessing confidential company data from over the network. Which of the following actions should you perform? Choose all correct answers. A. Detach the network cable from the server to prevent the hacker from accessing more data B. Prevent members of the organization from entering the server room C. Shut down the server to prevent the hacker from accessing more data D. Prevent members of the incident response team from entering the server room

B

You work as the security administrator at Certpaper.com. You must ensure that internal access to other parts of the network is controlled and restricted. The soluction which you implement to restrict network access must be hardware based. You also want to use the least amount of administrative effort to accomplsigh your task. How will you accomplish the task? A. Deploy a VPN B. Deploy a VLAN C. Deploy a proxy server Deploy D. Deploy firewalls between your subnets

D

You work as the security administrator at Certpaper.com. You must implement an authentication protocol that uses only encrypted passwords during the authentication process. Choose the authentication protocol that accomplishes this. A. Kerberos B. SMTP C. PPTP D. CHAP

C

You work as the security administrator at Certpaper.com. You must secure the FTP server by allowing only authorized users access to it. How will you accomplish this task? A. Provide the FTP server's address to only those users that must access it. B. Allow blind authentication C. Do not allow anonymous authentication D. Redirect FTP to a different port

D

You work as the security administrator at Certpaper.com. You want to enable anonymous FTP read/write access. Choose the important factor which you should consider and be aware of. A. The upload and download directory for each user B. The detailed logging information for each user. C. Less server connections and netowrk bandwidth utilization D. The storage and distribution of unlicensed software

B

You work as the security administrator at Certpaper.com. You want to implement a solution which will provide the following for handled devices in your wireless network: 1. Data privacy 2. Data integrity 3. Authentication Which solution should you implement? A. WAP B. WTLS C. WSET D. WEP

A

You work as the security administrator at Certpaper.com. You want to reduce the current vulnerability from dumpster driving. How will you accomplish the task? A. Destroy all paper and other media that are no longer required B. Install expensive surveillance equipment C. Employ additional security staff D. Remove the contents of the trash can on a regular basis

A

You work as the security administrator. You want to implement a solution which will provide a WLAN (Wireless Local Area Network) with the security typically associated with a wired LAN: Which solution should you implement? A. WEP B. VPN C. ISDN D. ISSE

C

You work as the security administrator. You want to reduce the likelihood of certpaper.com employees misusing your ORG. e-mail. How will you accomplish the task? A. Implement a strong authentication method B. Create and enforce ACLS C. Create and enforce network security policy D. Encrypt all company e-mail messages

A

You work asa the security administrator at Certpaper.com. You must configure the firewall to support TACACS. Which port should you open on the firewall? A. Port 49 B. Port 53 C. Port 161 D. Port 21


Ensembles d'études connexes

Madness of Crowds by Douglas Murray quotes

View Set

1.3.5 Quiz - Week Three: Inductive & Deductive Reasoning

View Set

Apologia Biology Module 10 Study Guide for Emma

View Set

Rasgos heredados y comportamientos aprendidos

View Set

Anatomy - Unit 2 Movement Quiz Review

View Set

Fundamental Concepts and Skills for Nursing Ch.8

View Set

Essential Interviewing Midterm 2

View Set

California Certified Veterinary Assistant Final Review - Breed Identification - Unit 4

View Set