Comprehensive CompTIA Security+ Chapters 1-12 and CASP Chapters 1-10
17. Which of the following strategies involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
C
4. Refer to the scenario in question 2. Which of the following is the ARO for this scenario? A. 0.0167 B. 1 C. 5 D. 16.7 E. 60
A
Which of the following does not apply to a hashing algorithm? A. Variable-length input with fixed-length output B. Long key size C. One-way D. Collision resistance
B
Which of the following is a well-known Linux and Windows port scanner? A. Wireshark B. Nmap C. Netcat D. Nessus
B
Which of the following is an example of a well-known open source IDS tool? A. Nessus B. Snort C. Netcat D. Hping
B
Which of the following is an indication of an ongoing current problem? A Trend B Alarm C Trap D Alert
B
Which of the following is not a concern for data in transit? A. Man-in-the-middle attacks B. Backdoor attack C. Sniffing D. Hijacking
B
Which of the following is not a tunneling protocol, but is used in conjunction with tunneling protocols? A. L2F B. IPSec C. L2TP D. PPTP
B
Which of the following is the last step in the incident response process? A. Containment and mitigation B. Lessons learned C. Identification and evaluation D. Eradication and recovery
B
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead? A Deceit B Entrapment C String D Enticement
B
Which of the following is used to complete a scan by performing all three steps of the TCP session startup? A. Nmap -sS B. Nmap -sT C. Nmap -sU D. Nmap -O
B
Which of the following review methods ask participants to write down their responses and hand them to the team lead for review? A. Quantitative review B. Modified Delphi C. Structured review D. Performance review
B
Which of the following standards is widely used by auditors? A. RFC 1700 B. COBIT C. Common Criteria D. NIST 800-53
B
Which of the following terms implies hosting data from more than one consumer on the same equipment? A. Bastioning B. Multitenancy C. Fashioning D. Duplexing
B
Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts? A badlog B faillog C wronglog D killlog
B
Which of the following will not help prevent XSS? A. Review code of XSS. B. Train users to be more careful. C. Test code of XSS vulnerabilities. D. Escape user input to prevent execution.
B
Which of the following would normally not be part of an incident response policy? A. Evidence collection procedures B. Contingency plans C. Outside agencies (that require status) D. Outside experts (to resolve the incident)
B
What is invoked when a person claims that they are the user but cannot be authenticated, such as with a lost password? A. Social engineering B. Directory traversal C. Identity proofing D. Cross-site requesting
C
What is it known as when an attacker manipulates the database code to take advantage of a weakness in it? A. SQL cracking B. SQL manipulation C. SQL injection D. SQL tearing
C
What is the primary organization for maintaining certificates called? A. RA B. CRL C. CA D. LRA
C
What protocol, running on top of TCP/IP, is often used for name registration and resolution with Windows-based clients? A. Telnet B. SSL C. NetBIOS D. TLS
C
When working with VLANs, you may need to pass traffic from multiple VLANs through one switch port. In such situations, security is imperative. Which of the following technologies allows you to accomplish this? A. VTPM B. Sandboxing C. Trunking D. Proxies
C
Which cloud service model provides the customer the infrastructure to create applications and host them? A. CaaS B. SaaS C. PaaS D. IaaS
C
Which encryption technology is associated with WPA? A. CCMP B. WEP C. TKIP D. LDAP
C
Which of the following 802.11 standards if often references as WPA2? A. 802.11n B. 802.11b C. 802.11i D. 802.11a
C
Which of the following 802.11 standards provides for bandwidths of up to 300 Mbps? A. 802.11b B. 802.11i C. 802.11n D. 802.11g
C
Which of the following authentication levels with WAP requires both ends of the connection to authenticate to confirm validity? A. Anonymous B. Relaxed C. Two-way D. Server
C
Which storage technology appears to the client OS as a local disk or volume that is available to be formatted and used locally as needed? A. NAS B. WAN C. SAN D. DAS
C
Which test method is used to verify that inputs and outputs are correct? A. White box testing B. Black box testing C. Regression test D. Parallel testing
C
Which type of cloud attack results in the service becoming so busy responding to illegitimate requests that it can prevent authorized users from having access? A. Man-in-the-middle attack B. Authentication attack C. DoS D. Data extraction
C
Which type of document defines a minimum level of security? A. Policy B. Standard C. Baseline D. Procedure
C
12. Which of the following policy statements should address who is responsible for ensuring that the policy is enforced? A. Scope B. Exception C. Overview D. Accountability
D
13. Which of the following strategies is accomplished any time you take steps to reduce risk? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
D
When you combine phishing with Voice over IP, it is known as: A. Spoofing B. Whaling C. Spooning D. Vishing
D
Which DNS record holds zone replication TTL information? A. PTR B. NS C. MX D. SOA
D
Which IDS system uses algorithms to analyze the traffic passing through the network? A. Arithmetical B. Algebraic C. Statistical D. Heuristic
D
Which of the following is the term used whenever two or more parties authenticate each other? A. Tunneling B. Multifactor authentication C. SSO D. Mutual authentication
D
7. Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
A
A junior administrator comes to you in a panic after seeing the cost for certificates. She would like to know if there is a way to get one certificate to cover all domains and subdomains for the organization. What solution can you offer? A. Wildcards B. Blanket certificate C. Distributed certificates D. No solution exists
A
Tammy is having difficulty getting a signal from the AP on the second floor of her home office to the basement. You recommend that she replace the antenna on the AP. What measurement should she use to compare gain between possible antenna options? A. dBi B. ios C. MHz D. GB/s
A
The architecture for virtualization that does not include an underlying host operating system is called_______________? A. Type 1 B. VMM C. Type 2 D. Hypervisor
A
Which device monitors network traffic in a passive manner? A Sniffer B Firewall C IDS D Web browser
A
15. Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
B
5. Which of the following strategies involves identifying a risk and making the decision to discontinue engaging in the action? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
B
Which set of specifications is designed to allow XML-based programs access to PKI services? A. PKIXMLS B. XKMS C. XMLS D. PKXMS
B
Which systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed? A. XML B. DLP C. PKM D. GSP
B
Which technology allows a connection to be made between two networks using a secure protocol? A. Extranet B. Tunneling C. Internet D. VLAN
B
Which technology uses a physical characteristic to establish identity? A. Smart card B. Biometrics C. Surveillance D. CHAP authenticator
B
You've just entered telnet www.thesolutionfirm.com 80 at the command line. What is the purpose of this command? A. Port scanning B. Banner grabbing C. Footprinting D. Vulnerability scanning
B
Flood guard appliances protect against all but which of the following style of attack? A. An authentication server receiving forged authentication requests B. A DoS to your database server C. Phlashing attack to your SIP server D. An application server receiving a SYN attack
C
If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called: A. Crackling B. Distorting C. Desensitizing D. Clipping
C
Implementation of a firewall best maps to which of the following? A. Accept B. Avoid C. Mitigate D. Transfer
C
_________________are considered a detective control used to uncover employee malfeasance. A. Background checks B. Dual controls C. Mandatory vacations D. Job rotations
C
A socket is a combination of which components? A. TCP and port number B. UDP and port number C. IP and session number D. IP and port number
D
A vishing attack may be the ultimate goal when an attacker is doing which of the header manipulation attacks? A. XSS B. HTTP C. Clickjacking D. VoIP
D
3. Refer to the scenario in question 2. Which of the following amounts is the ALE for this scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67
D
10. Which of the following strategies involves sharing some of the risk burden with someone else, such as an insurance company? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
E
VoIP phones are more susceptible to__________________ than traditional phone systems. A. Power outages B. Cost increases C. Legal intercept D. Slamming and cramming
A
What is a system that is intended or designed to be broken into by an attacker? A Honeypot B Decoy C Honebucket D Spoofing system
A
When going with a public cloud delivery model, who is accountable for the security and privacy of the outsourced service? A. The organization B. The cloud provider and the organization C. The cloud provider D. No one
A
Which of the following is an early example of a tunneling protocol that does not provide authentication or confidentiality? A. L2F B. IPSec C. PPTP D. L2TP
A
Which type of penetration-style testing involves actually trying to break into the network? A. Intrusive B. Discreet C. Indiscreet D. Non-intrusive
A
You are examining mail services and have discovered TCP port 110 is open. What service is most likely active? A. POP B. SNMP C. SMTP D. IMAP
A
Which of the following cloud-based solutions allows the user to buy or rent physical infrastructure? A. MaaS B. IaaS C. SaaS D. PaaS
B
Which of the following documents is used to support an SLA? A. MOU B. OLA C. MBA D. NDA
B
Which of the following is a protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks? A. MAC limiter B. Flood guard C. MAC filter D. Security posture
B
Which of the following is not a component of VoIP? A. SIP B. H.323 C. RTP D. SPIT
D
Which of the following is not a defense against Dumpster diving? A. Having a corporate policy regarding data destruction B. Shredding sensitive documents C. Locking and securing trash receptacles and areas D. Having trash removed by authorized personnel
D
Which of the following describes the phrase, "We reserve the right to review all books and records of the cloud provider as they may relate to the performance of this Agreement at any time"? A. SLA B. Right to audit C. DR D. BCP
B
Which of the following file systems is from Microsoft and was included with their earliest operating systems? A FAT B UFS C MTFS D NTFS
A
Which of these documents is considered high level and communicates the wishes of management? A. Policy B. Procedure C. Guideline D. Baseline
A
Which ports are, by default, reserved for use by FTP (Choose all that apply.) A. 20 and 21 TCP B. 20 and 21 UDP C. 22 and 23 TCP D 22 and 23 UDP
A
Which protocol is primarily for network maintenance and destination information? A. ICMP B. SMTP C. IGMP D. Router
A
Which protocol is unsuitable for WAN VPN connections? A. PPP B. PPTP C. L2TP D. IPSec
A
Which storage technology makes use of protocols such as NFS, SMB, or CIFS? A. NAS B. DAS C. SAN D. iSCSI
A
Which type of attack denies authorized users access to network resources? A. DoS B. Logic bomb C. Worm D. Social engineering
A
Which type of hypervisor implementation is known as "bare metal"? A. Type I B. Type II C. Type IV D. Type III
A
You company requires that when employees are not at their desk, no documents should be out on the desk and the monitor should not be view-able. What is this called? A. Clean desk B. Wiping the desk C. Excessive requirements D. Basic housekeeping
A
You have been asked to work on a team responsible for a forensic analysis. Which of the following is the best order of analysis? A. RAM, hard drive, DVD B. Hard drive, thumb drive, RAM C. Hard drive, CD, DVD, RAM D. Hard drive, RAM, DVD, CD
A
You have just identified some C code that contains the function vsprintf(). Using this function might lead to which of the following? A. Buffer overflow B. Clickjacking C. XSS D. CSRF
A
You were given a disk full of applications by a friend but are unsure about installing a couple on your company laptop. Is there an easy way to verify if the programs are original or if they have been tampered with? A. Verify with a hashing algorithm B. Submit to a certificate authority. C. Scan with symmetric encryption D. Check the programs against the CRL
A
You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted on. Which of the following terms describes the process of improving security in a NOS? A. Hardening B. Common Criteria C. Networking D. Encryption
A
You've been notified that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't tunneling protocol but is probably used at your site by tunneling protocols for network security? A. IPSec B. PPTP C. L2TP D. L2F
A
Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation? A. RBAC B. MAC C. Security tokens D. DAC
A
__________________means that the information or service is accessible and that other unauthorized subjects should not have access. A. Availability B. Identification C. Confidentiality D. Integrity
A
_________________offers administrators a way to verify that devices meet certain health standards before they're allowed to connect to the network. A. NAC B. IDS C. IPS D. SIEM
A
_______________has an advantage over FCoE because it can run on existing IP networks. A. iSCSI B. HBA C. vSAN D. HBA
A
______________is defined as the variations in transmission delay that can cause packet loss and degraded VoIP call quality. A. Jitter B. Latency C. Wobble D. Noise
A
______________provides a MIME-based envelope structure used to bind SAML assertions to the payload. A. ebXML B. SOAP C. MIME D. HTTP
A
Which of the following is a centralized desktop solution that uses servers to serve up a desktop operating system to a host system? A. OND B. VDI C. LUN D. iSCSI
B
Which of the following is a client/server-oriented environment that operates in a manner similar to RADIUS? A. HSM B. TACACS+ C. TPM D. ACK
B
Which of the following is a reversion from a change that had negative consequences? A. DIS B. Backout C. ERD D. Backup
B
Which of the following is not an advantage of qualitative risk assessments? A. Speed B. Use of numeric dollar values C. Based on CIA D. Performed by a team
B
Which of the following is not an advantage of quantitative risk assessments? A. Examination of real threats B. Fast results C. Real numbers D. Dollar values
B
Which of the following is not offered by Kerberos for Windows users? A. Interoperability B. Nondelegated authentication C. Mutual authentication D. Simplified trust management
B
Which of the following is not one of the three main classes of QoS integrated (IntServ) services? A. Best B. Averaged C. Controlled D. Guaranteed
B
Which of the following is similar to Blowfish but works on 128-bit blocks? A. IDEA B. Twofish C. CCITT D. AES
B
Which of the following is the best example of an attack that cannot be defended against by end-user policies and education? A. Dumpster diving B. Buffer overflow C. Shoulder surfing D. Social engineering
B
Which of the following is the formula for ALE? A. ALE = AV × ARO B. ALE = SL E × ARO C. ALE = SLE / ARO D. ALE = AV / ARO
B
Which of the following is the highest level of classification in the government model of information classification? A. Super secret B. Top secret C. Secret D. Sensitive
B
Which of the following is the lowest level of information classification in the public sector model? A. Open B. Public C. Available D. Unclassified
B
Which of the following is the measure of the anticipated incidence of failure for a system or component? A. MTTR B. MTBF C. AIFS D. CIBR
B
When your servers become too busy, you can offload traffic to resources from a cloud provider. This is known as which of the following? A. Multitenancy B. Cloud Bursting C. Latency D. Peaking
B
Which cloud delivery model could be considered a pool of services and resources delivered across the Internet by a cloud provider? A. Private B. Public C. Community D. Hybrid
B
Which cloud delivery model could be considered an amalgamation of other types of delivery models? A. Public B. Hybrid C. Community D. Private
B
Which feature of cloud computing involves dynamically provisioning (or de-provisioning) resources as needed? A. Sandboxing B. Elasticity C. Multitenancy D. CMDB
B
Which model was designed to prevent conflicts of interest? A. Bell-LaPadula B. Brewer and Nash C. Clark-Wilson D. Biba
B
Which of the following antivirus detection techniques looks for deviation from normal behavior of an application or service? A. Protocol analysis B. Heuristic C. Signature D. Anomaly
B
Which of the following audits is performed to verify the protection mechanisms provided by information systems and related systems? A. Operational audit B. Information system audit C. Security audit D. Forensic audit
B
Which of the following best describes a partnership? A. The combination of two or more corporations by the transfer of the properties to one surviving corporation B. Two or more persons or companies contractually associated as joint principals in a business C. Obtaining goods or services from an outside supplier D. A condition in which a business cannot meet its debt obligations
B
14. If you calculate the SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is: A. $400 B. $4,000 C. $40,000 D. $400,000
C
16. Separation of duties helps to prevent an individual from embezzling money from a company. To embezzle funds successfully, an individual would need to recruit others to commit an act of (an agreement between two or more parties established for the purpose of committing deception or fraud). A. misappropriation B. misuse C. collusion D. fraud
C
19. Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
C
9. Which of the following is the structured approach that is followed to secure a company's assets? A. Audit management B. Incident management C. Change management D. Skill management
C
Which of the following is a primary vulnerability of a wireless environment? A. A gap in the WAP B. Decryption software C. Site survey D. IP spoofing
C
Which of the following is another name for social engineering? A. Social disquise B. Wetfire C. Wetware D. Social hacking
C
Which of the following is data that is too large to be dealt with by traditional database management means? A. Bit stream B. Data warehouse C. Big data D. Informatics
C
Which of the following correctly represents a broadcast physical address? A. 00 00 0C 34 44 01 B. 01 00 00 FF FF FF C. FF FF FF FF FF FF D. 01 00 0C 34 44 01
C
Which of the following is not an issue to consider with cloud computing? A. Physical location of data B. Sensitivity of data C. Hiring practices D. Disaster recovery plans
C
Which of the following is a type of smart card issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees? A. PIV B. DLP C. POV D. CAC
D
Which protocol is mainly used to enable access to the Internet from a mobile device or smartphone? A. WPO B. WTLS C. WEP D. WAP
D
Which protocol operates on 2.4 GHz and has a bandwidth of 1 Mbps or 2 Mbps? A. 802.11b B. 802.11a C. 802.11c D. 802.11
D
Which remote access protocol has the advantage of better management of mobile users? A. Sesame B. RADIUS C. Kerberos D. Diameter
D
Which site best provides limited capabilities for the restoration of services in a disaster? A. Hot site B. Backup site C. Cold site D. Warm site
D
Which test occurs when it's verified a system can operate in its targeted environment? A. Black box test B. White box test C. Function test D. Sociability test
D
Which type of encryption does CCMP use? A. EAP B. IV C. DES D. AES
D
Which version of SNMP provides built-in security A. Version C B. Version B C. Version 2 D. Version 3
D
While using Wireshark, you have captured traffic on UDP port 69. What service or application might this be? A. FTP B. Finger C. SSH D. TFTP
D
Methodically tested and checked is equal to ________________? A. EAL 0 B. EAL 1 C. EAL 2 D. EAL 3
D
One of the big differences between IPv4 and IPv6 is the address length. IPv6 has address lengths of how many bits? A. 16 B. 32 C. 64 D. 128
D
Outsourcing is different from a partnership in that: A. Outsourcing only occurs when products are from third countries where partnerships occur within the same country. B. Both use in-house labor to create products for themselves. C. One uses in-house labor whereas the other contracts the labor from a partner. D. One uses an outside supplier whereas the other combines the two entities.
D
Which of the following is a method of capturing a virtual machine at a given point in time? A. WMI B. Syslog C. Photograph D. Snapshot
D
Which of the following is a programming interface that allows a remote computer to run programs on a local machine? A RSH B SSH C SSL D RPC
D
An IV attack is usually associated with which of the following wireless protocols? A. WAP B. WPA2 C. WPA D. WEP
D
Extended ACLs can process all of the following except which one? A. SSL B. ICMP C. TCP D. UDP
A
ITSEC has how many assurance levels? A. 5 B. 7 C. 9 D. 11
B
Which of the following is the term for a fix for a known software problem? A Patch B Skiff C Slipstream D Upgrade
A
18. If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE? A. $6,250 B. $12,500 C. $25,000 D. $100,000
A
2. Consider the following scenario: The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the SLE for this scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67
A
20. Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to live with it? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
A
A new sales manager has asked for administrator rights on the sales database. Should you grant that request, and why or why not? A. No, his job does not require administrator rights. B. Yes, he should have been given that access initially. C. No, this will interfere with the database administrator's job security. D. Yes, he is the manager, and he should get whatever level of access he wants.
A
A newly hired junior administrator will assume your position temporarily while you attend a conference. You're trying to explain the basics of security to her in as short a period of time as possible. Which of the following best describes an ACL? A. ACLs provide individual access control to resources. B. The ACL process is dynamic in nature. C. ACLs aren't used in today's systems. D. ACLs are used to authenticate users.
A
A(n) ________________________ can be described as a weakness in hardware, software, or components that may be exploited in order for a threat to destroy, damage, or compromise an asset. A. Vulnerability B. Threat C. Exposure D. Risk
A
A____________________ is a top-tier security document that provides an overall view of security. A. Policy B. Procedure C. Baseline D. Guideline
A
After determining the exposure factor, which is the next step of the quantitative risk assessment process? A. Determine SLE B. Determine ARO C. Determine ALE D. Determine AV
A
An NIDS can do which of the following with encrypted email network traffic? A. Nothing B. Scan for viruses C. Alert if malicious D. Full content inspection
A
Applying change, cataloging change, scheduling change, implementing change, and reporting change to management are all steps in what process? A. Change control B. Lifecycle assurance C. Operational assurance D. Resource management
A
As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage? A. Environmental controls B. Administrative controls C. Hardened servers D. Physical security
A
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim? A. DDoS B. UDP attack C. DoS D. Worm
A
Cisco has several ways to incorporate VLAN traffic into trucking. These include which of the following? A. 802.1Q B. 802.1X C. 802.11 D. LDAP
A
Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all of the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire? A. Gas-based B. Overhead sprinklers C. Water-based D. Fixed system
A
Employees failed to respond properly to auditor questions regarding how the employees would react to attempts by an attacker to social engineering situations. Additional security awareness training was scheduled for these employees. What type of control is this? A. Management B. Physical C. Technical D. Logical
A
How many bits are used for addressing with IPv4 and IPv6, respectively? A. 32, 128 B. 16, 64 C. 8, 32 D. 4, 16
A
In a hot and cold aisle system, what is the typical method of handling cold air? A. It is pumped in from below raised floor tiles. B. Cold air exists in each aisle. C. It is pumped in from above through the ceiling tiles. D. Only hot air is extracted and cold air is the natural result.
A
Kristin from Payroll has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true? A. Suspended keys can be reactivated. B. Suspended keys don't expire. C. Suspending keys is a bad practice. D. In order to be used, suspended keys must be revoked.
A
Sending SPAM via IM is known as? A. Spimming B. Phishing C. Pharming D. Escalating
A
Sending SPAM via VoIP is known as? A. SPIT B. Phishing C. Split D. Escalating
A
TSIG is used for what purpose? A. As a means of authentication updates to a Dynamic DNS database B. To prevent VLAN hopping C. As an LDAP security control D. To secure X.500
A
Tailgating with the permission of the person being followed is known as: A. Piggybacking B. Convoying C. Riding D. Clipping
A
The government-based information classification model is based on which of the following? A. Confidentiality B. Availability C. Integrity D. Service level
A
The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be slightly reduced. Which access model allows users some flexibility for information-sharing purposes? A. DAC B. RBAC C. MAC D. MLAC
A
The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as: A Hardening B Reinforcing C Stabilizing D Toughening
A
The purpose of_____________ was to create a standardized access control mechanism with XML. A. XACML B. SOAP C. MIME D. SAML
A
There is a term used for extremely large amounts of data owned by an organization. What is it officially known as? A. Big Data B. SAN C. VMFS D. NAS
A
Upper management has declared that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function? A. Prevents unauthorized packets from entering the network B. Allows all packets to leave the network C. Allows all packets to enter the network D. Eliminates collisions in the network
A
Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on pre-established access and can't be changed by users? A. MAC B. Kerberos C. RBAC D. DAC
A
Users are complaining about name resolution problems suddenly occurring that were never an issue before. You suspect that an intruder has compromised the integrity of the DNS server on your network. What is one of the primary ways in which an attacker uses DNS? A. Network footprinting B. Registration counterfeiting C. Network sniffing D. Database server lookup
A
What technology is used to send data between phones that are in close proximity to each other? A. NFC B. IBI C. IBJ D. IFNC
A
What technology is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join? A. WPS B. WTLS C. WEP D. WPA
A
What type of virtualization technique is used to coordinate instructions to the CPU? A. Type 1 B. Type 2 C. Type 3 D. Type 4
A
What types of systems monitor the contents of workstations, servers, and networks to make sure that key content is not deleted or removed? A. DLP B. Backup systems C. DoS D. HSM
A
When is the best time to terminate access? A. At the time of dismissal B. At the end of the day C. One week after termination D. At the beginning of the worker's shift before dismissal
A
Which RAID level writes parity to two different drives, thus providing fault tolerance to the system even in the event of the failure of two drives in the array? A. RAID 6 B. RAID 5 C. RAID 1+0 D. RAID 0+1
A
Which approach to network security might disable Autorun and remove CD drives? A. Vector-oriented security B. Information-centric C. Protective areas D. Protective enclaves
A
Which backup system backs up all the files that have changed since the last full backup? A. Differential backup B. Archival backup C. Full backup D. Incremental backup
A
Which classification of information designates that information can be released on a restricted basis to outside organizations? A. Limited distribution B. Full distribution C. Restricted information D. Private information
A
Which cloud delivery model is implemented by a single organization, enabling it to be implemented behind a firewall? A. Private B. Public C. Hybrid D. Community
A
Which cloud-based solution is designed for watching over networks, applications, servers, and applications? A. MaaS B. IaaS C. SaaS D. PaaS
A
Which device monitors traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser
A
Which form of attack sends fake SMS text messages? A. SMiShing B. Phishing C. Pharming D. Phreaking
A
Which of the following are multiport devices that improve network efficiency? A. Switches B. Modems C. Gateways D. Concentrators
A
Which of the following can be used to describe a physical security component that is used for cryptoprocessing and can be used to securely store digital keys? A. HSM B. TPM C. HMAC D. OCSP
A
Which of the following controls is used to ensure you have the right person for a specific job assignment? A. Background checks B. Dual controls C. Mandatory vacations D. Job rotation
A
Which of the following is an example of a Linux wireless security tool? A. Kismet B. Tcpdump C. Wireshark D. Nessus
A
Which of the following is an example of perimeter security? A. Chain link fence B. Elevator C. Video camera D. Locked computer room
A
Which of the following is an extension to Simple Object Access Protocol (SOAP) and is designed to add security to web services? A. WS_Security B. ESB C. LDAP D. SSO
A
Which of the following is another, more common, name for EAPOL? A 802.1X B LDAP C LDAPS D 802.12
A
Which of the following is not an attribute of HSM? A. Protects cryptographic algorithms B. Comes in PCI blades C. Sold as stand-alone devices D. Can handle high volumes of transactions
A
Which of the following is not part of the CIA triad? A. Avoidance B. Availability C. Confidentiality D. Integrity
A
Which of the following is proprietary of Cisco? A. XTACACS B. DIAMETER C. TACACS D. RADIUS
A
Which of the following is the basic premise of least privilege? A. When assigning permissions, give users only the permissions they need to do their work and no more. B. Do not give management more permissions than users. C. Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing. D. Always assign responsibilities to the administrator who has the minimum permissions required.
A
Which of the following is the best description of shoulder surfing? A. Watching someone enter important information B. Stealing information from someone's desk C. Following someone through a door they just unlocked D. Figuring out how to unlock a secured area
A
Which of the following is the formula for SLE? A. SLE = AV × EF B. SLE = AV / EF C. SLE = ARO × EF D. SLE = ARO × AV
A
Which of the following is the name used for looking at the header information sent with data to find out what operating system a host is running? A. Banner grabbing B. Transitive attack C. Port scanning D. Vishing
A
Which of the following will not reduce EMI? A. Humidity control B. Physical location C. Overhauling worn motors D. Physical shielding
A
6. Which of the following policy statements may include an escalation contact in the event that the person dealing with a situation needs to know whom to contact? A. Scope B. Exception C. Overview D. Accountability
B
A CASP must understand the importance of encryption and cryptography. It is one of the key concepts used for protection of data in transit, while being processed, or while at rest. With that in mind, DES ECB is an example of which of the following? A. Disk encryption B. Block encryption C. Port encryption D. Record encryption
B
A _________________ points to a statement in a policy or procedure by which to determine a course of action. A. Procedure B. Guideline C. Baseline D. Standard
B
A coworker is concerned about the veracity of a claim because the sender of an email denies sending it. The coworker wants a way to prove the authenticity of an email. What would you recommend? A. Hashing B. Digital signature C. Symmetric encryption D. Asymmetric encryption
B
A mobile user calls you from the road and informs you that he has been asked to travel to China on business. He wants suggestions for securing his hard drive. What do you recommend he use? A. S/MIME B. BitLocker C. Secure SMTP D. PKI
B
An administrator can configure access control functions but is not able to administer audit functions. This is an example of what? A. Account management B. Separation of duties C. Access enforcement D. Least privilege
B
An attacker has laid down a Trojan on a victim's machine that is monitoring the HTTP get requests. The first request the user makes after 10 a.m. on a weekday causes a malicious script to execute that will request a current copy of a confidential research document in support of a product being developed. Which of the following best describes the attack that will take place? A. Logic bomb B. XSRF C. Keystroke logger D. Sniffer
B
When is final acceptance testing usually performed? A. Prototype phase B. Implementation phase C. Development phase D. Creation phase
B
As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve efficiency? A. Hub B. Switch C. Router D. PBX
B
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? A. IDS system B. Social engineering C. Perimeter security D. Biometrics
B
Due to a breach, a certificate must be permanently revoked and you don't want it to ever be used again. What is often used to revoke a certificate? A. CYA B. CRL C. PKI D. CRA
B
EAL 3 is equal to which of the following? A. Semi-formally designed and tested B. Methodically checked and tested C. Functionally tested D. Methodically designed, tested, and reviewed
B
For what purpose is software escrow most commonly used? A. Offsite backup B. Vendor bankruptcy C. Redundancy D. Insurance coverage
B
Geo-location data would most likely be found in which of the following? A. Word documents B. Photographs C. PDFs D. Spreadsheets
B
Granularity is most closely associated with which of the following terms? A. Accountability B. Authentication C. Nonrepudiation D. Accessibility
B
How must user accounts for exiting employees by handled? A Deleted, regardless of the circumstances B Disabled, regardless of the circumstances C Deleted if the employee has been terminated D Disabled if the employee has been terminated
B
IPv6, in addition to having more bits allocated for each host address, has mandatory requirements built in for which security protocols? A. TFTP B. IPSec C. SFTP D. L2TP
B
If someone in payroll wanted to commit fraud, which of the following would force them to collude with someone from accounting? A. Background checks B. Dual control C. Mandatory vacation D. Job rotation
B
In DNS, what is another name for an alias? A. MX B. CNAME C. SOA D. NS
B
LDAPS provides for security by making use of _________________________. A. DES B. SSL C. SET D. PGP
B
When you're capturing an IPv4 packet with Wireshark, what would be the normal value in the first byte of the IP header? A. 40 hex B. 45 hex C. 60 hex D. 65 hex
B
Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols? A. SSH B. TLS C. X.509 D. RSH
B
Most of the sales force has been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a dial-up connection. Which of the following protocols is widely used today as a transport protocol for the Internet dial-up connections A. SMTP B. PPP C. PPTP D. L2TP
B
One item of importance to the CASP is trusted operating systems. Several standards have been developed to measure trust in an operating system. One such standard is TCSEC. TCSEC mandatory protection can be defined as? A. Category A B. Category B C. Category C D. Category D
B
Packets between the WAP server and the Internet may be intercepted. What is this vulnerability known as? A. Middle man B. Packet sniffing C. Minding the gap D. Broken promise
B
Personal smartphones at work create a potential security risk due to which of the following? A. Operating system incompatibility B. Potential for malware introduction C. Widespread use D. Large storage capacity
B
What is the term for files including GPS-relevant information with them? A. RDF-feeding B. Backdating C. GPS-linking D. Geo-tagging
D
RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following? A. Electrical wiring B. Radio spectrum C. Portable media D. Network medium
B
Security awareness training is best described as a____________________ control. A. Recovery B. Preventive C. Detective D. Corrective
B
TCP is addressed in RFC ____________________. A. 821 B. 793 C. 822 D. 1700
B
The Biba mode is based on which of the following? A. Availability B. Integrity C. Confidentiality D. Security
B
The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up-to-date. What is a bundle of one or more system fixes in a single product called? A. Patch B. Service Pack C. System install D. Hotfix
B
The process of automatically switching from a malfunctioning system to another system is called what? A. Fail safe B. Failover C. Hot site D. Redundancy
B
Under Group Policy the local policy node does not include which of the following? A. Audit policies B. Password policies C. User rights D. Security options
B
What is another name for working copies? A. Operating copies B. Shadow copies C. Running copies D. Functional copies
B
What is the at.deny access control? A. It blocks access to Internet users. B. It does not allow users named in the file to access the system. C. It opens up the server only to intranet users. D. It ensures that no one will ever be able to use that part of your system.
B
What is the process of applying manual changes to a program called? A. Hotfix B. Patching C. Replacement D. Service pack
B
What is the term for restricting an application to a safe/restricted resource area? A. Fencing B. Sandboxing C. Multitenancy D. Securing
B
What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)? A Deceit B Enticement C Entrapment D Sting
B
What separates the authentication and authorization process into three operations? A. XTACACS B. TACACS+ C. TACACS D. RADIUS
B
What should a VPN over wireless use for tunneling? A. PEAP B. SSL or IPSec C. TKIP D. CCMP
B
What type of attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access? A. Enticement B. Header Manipulation C. Class Helper D. UTM
B
When a network has been subjected to a vulnerability scan, and a report of vulnerabilities found has been created, what is the next step? A. Determine the attack surface. B. Remediate the security posture. C. Schedule security awareness training. D. Perform a penetration test.
B
Which of the following terms refers to the process of establishing a standard for security? A. Security evaluation B. Baselining C. Hardening D. Methods research
B
Which of the following would properly describe a system that uses a symmetric key distributed by an asymmetric process? A. Digital signature B. Hybrid encryption C. HMAC D. Message digest
B
Which type of encryption best offers easy key exchange and key management? A. Symmetric B. Asymmetric C. Hashing D. Digital signatures
B
You have been asked by a member of senior management to explain the importance of encryption and define what symmetric encryption offers. Which of the following offers the best explanation? A. Non-repudiation B. Confidentiality C. Hashing D. Privacy and authentication
B
You have been asked to examine some traffic with Wireshark and have noticed that some traffic is addressed to 224.3.9.5. What class of address is this? A. Class C B. Class D C. Class B D. Class A
B
You have been asked to run a sniffer on a switch and have captured very little traffic. What might be the problem? A. The Internet connection is down. B. The port was not spanned. C. You were ARP poisoned D. Sniffers are not compatible with Ethernet.
B
You have been scanning a network and have found TCP 53 open. What might you conclude from this? A. DNS is configured for lookups B. A DNS zone transfer might be possible C. DNSSEC has been configured D. SMTP is being used
B
You have just run a tool that has identified the targeted operating system as Microsoft Windows XP. As a CASP you must understand the importance of operating systems and applications that are expired or no longer supported. With this in mind, what step has occurred? A. Port scanning B. OS fingerprinting C. Footprinting D. Vulnerability scanning
B
You have just scanned your network and found UDP port 123. What service makes use of this port? A. Portmapper B. NTP C. Finger D. LDAP
B
You want to assign privileges to a user so that she can delete a file but not be able to assign privileges to others. What permissions should you assign? A. Full Control B. Modify C. Delete D. Administrator
B
You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you want to have the product certified. Which certification is used to indicate minimal electronic emissions? A. RFI B. TEMPEST C. EMI D. CC EAL 4
B
You're explaining the basics of cryptography to management in an attempt to obtain an increase in the budget. Which of the following is not symmetric encryption? A. DES B. RSA C. Blowfish D. Twofish
B
You're outlining your plans for implementing a wireless network to upper management. Suddenly, a vice president brings up the question of security. Which protocol was designed to provide security for a wireless network and is considered equivalent to the security of a wired network? A. WAP B. WPA2 C. WTLS D. IR
B
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system whine the system stays in operation? A. Service pack installation B. Hotfix C. Upgrading D. File update
B
Your company has just purchased a web application. You have been asked to assess this commercial application for any potential vulnerabilities. Which approach would be best? A. Code review B. Black box assessment C. Audit D. Vulnerability assessment
B
Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session? A. Kerberos B. Tokens C. Certificate D. Smart card
B
Your company recently changed firewalls and is now using another vendor's product. Which document would see the most change? A. Policy B. Procedure C. Guideline D. Baseline
B
Your company started moving individuals in sensitive positions from one set of job tasks to another every six months. What is this type of control known as? A. Two-man process B. Job rotation C. Principle of least privilege D. Dual control
B
Your system has been acting strangely since you downloaded a program you thought was from a colleague. Upon examining the program and comparing it to the source on the vendor's website, you discover they are not the same size and have different MD5sum values. Which type of malware probably infected your system? A. Virus B. Trojan C. Worm D. Spyware
B
_________________is about proving the veracity of the claim. A. Accountability B. Authentication C. Nonrepudiation D. Accessibility
B
_______________is a protocol specification for exchanging structured information in the implementation of web services in computer networks. A. ebXML B. SOAP C. MIME D. HTTP
B
What protocol is used by technologies for load balancing/prioritizing traffic? A. IBJ B. IFNC C. ESX D. QoS
D
Which service(s), by default, use TCP and UDP port 22? (Choose all that apply.) A. SMTP B. SSH C. SCP D. IMAP
B, C
11. The risk-assessment component, in conjunction with the business impact analysis (BIA), provides the organization with an accurate picture of the situation facing it. A. RAC B. ALE C. BIA D. RMG
C
In the Windows world, what tool is used to disable a port? A System Manager B System Monitor C Windows Firewall D Performance Monitor
C
1. You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task? A. Policies B. Standards C. Guidelines D. BIA
C
A hypervisor is also known as which of the following? A. OND B. VDI C. VMM D. LUN
C
A junior administrator at a sister company called to report a possible exposed private key that is used for PKI transactions. The administrator would like to know the easiest way to check whether the lost key has been flagged by the system. What are you going to tell the administrator? A. Hashing B. Issuance of entities C. Online Certificate Status Protocol D. Wildcard varification
C
A list of applications approved for use on your network would be known as which of the following? A. Orange list B. Red list C. White list D. Black list
C
A manager at your organization is interviewing potential employees and has asked you to find out some background information. Which of the following should you not research? A. Education B. References C. Marriage status D. Claimed certifications
C
In which cloud service model can the consume "provision" and "deploy and run"? A. SaaS B. CaaS C. IaaS D. PaaS
C
A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack? A. UDP B. TCP C. ICMP D. IP
C
A user reports that she is sending email after opening a VBS script designed to run in Excel. Which type of attack is most likely under way? A. Program infector virus B. Boot record virus C. Macro virus D. Multipartite virus
C
A(n) ___________________ occurs when a program or process tries to store more data in a space than it was designed to hold. A. XSRF B. XSS C. Buffer overflow D. SQL injection
C
A(n) ___________________________ is any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset. A. Vulnerability B. Risk C. Threat D. Exposure
C
A__________________ is a minimum level of security that a system, network, or device must adhere to. A. Procedure B. Guideline C. Baseline D. Standard
C
According to CERT, which of the following would be a formalized or an ad hoc team you can call upon to respond to an incident after it arises? A. CIRT B. IRT C. CSIRT D. RT
C
After returning from a conference, your manager informs you that he has learned that law enforcement has the right, under subpoena, to conduct investigations using keys. He wants you to implement measures to make such an event run smoothly should it ever happen. What is the process of storing keys for use by law enforcement called? A. Certificate rollover B. Key renewal C. Key escrow D. Key archival
C
Although a hybrid cloud could be any mixture of cloud delivery models, it is usually a combination of which of the following? A. Private and community B. Two or more communities C. Public and private D. Public and community
C
Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of back is used for the immediate recovery of a lost file? A. Differential backup B. Onsite storage C. Working copies D. Incremental backup
C
An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred? A. DDoS B. Social engineering C. Backdoor D. DoS
C
As the security administrator for your organization, you have decided to restrict access to the Internet to only those who have an approved need. Which practice does this describe? A. Two-man process B. Job rotation C. Principle of least privilege D. Dual control
C
As the security administrator for your organization, you must be aware of all types of hashing algorithms. Which algorithm was developed by Ron Rivest and offers 128-bit output? A. AES B. DES C. MD5 D. RC4
C
DNSSEC does not protect against which of the following? A. Masquerading B. Domain spoofing C. Domain kiting D. Signature verification
C
If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as: A. Trusted platform corruption B. Cross-site forgery C. Directory traversal D. Root hardening
C
If you don't know the MAC address of a Windows-based machine, what command-line utility can you use to ascertain it? A macconfig B ifconfig C ipconfig D config
C
In order for network monitoring to work properly, you need a PC and a network card running in what mode? A Launch B Exposed C Promiscuous D Sweep
C
In relation to the incident response process, what term best describes noticing the occurrence of a false positive trigger of an IDS? A. Trigger B. Incident C. Event D. Alarm
C
Jerry has discovered small, unknown charges on his phone bill. What has most likely occurred? A. Slamming B. Phreaking C. Cramming D. Pharming
C
LDAP is an example of which of the following? A. Tiered model application development environment B. File server C. Directory access protocol D. IDS
C
Malicious links were placed inside an email that was pretending to solicit funds for rebuilding schools in war-ravaged areas of the world. This email was mass-mailed to the email addresses of military personnel that had been collected by a spider responsible for creating mail lists. The attack was designed to trick a user's browser to send a forged HTTP request including the user's session cookie and authentication information to a vulnerable web application. What kind of attack occurred? A. TOC/TOU B. Clickjacking C. CSRF D. Buffer overflow
C
Most authentication systems make use of a one-way encryption process. Which of the following best offers an example of one-way encryption? A. Asymmetric encryption B. Symmetric encryption C. Hashing D. PKI
C
Phreaking is most closely associated with which of the following? A. Instant messaging B. Data networks C. Telephony D. Videoconferencing
C
SYN cookies are used to defend against SYN flooding attacks. What type of device is best to configure with the ability to create SYN cookies? A. Web server B. A hardened host C. Load balancer D. AAA server
C
The Bell-LaPadula model is based on which of the following? A. Availability B. Integrity C. Confidentiality D. Security
C
The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified? A. CP B. CRC C. OCSP D. CA
C
The concept that users should have only the access needed is known as which of the following? A. Need to know B. Defense in depth C. The principle of least privilege D. Deny all
C
The industry-based model of information classification is based on which of the following? A. Confidentiality B. Availability C. Integrity D. Service level
C
The point at which the FRR and FAR meet is known as the ____________________. A. Type 2 errors B. Type 1 errors C. CER D. Zepher poin
C
The process of reducing or eliminating susceptibility to outside interference is called what? A. Desensitization B. TEMPEST C. Shielding D. EMI
C
The security triad does not include which of the following? A. Availability B. Integrity C. Authenticity D. Confidentiality
C
The system administrator for Bill Steen Moving comes back from a conference intent on disabling the SSID broadcast on the single AP the company uses. What will the effect be on client machines? A. They will no longer be able to use wireless networking. B. They will no longer see the SSID as a Preferred Network when they are connected. C. They will no longer see the SSID as an available network. D. They will be required to make the SSID part of their HomeGroup.
C
There are some implementations of cloud computing where multiple service models (IaaS, SaaS, PaaS) are combined into a hybrid. This is known as what? A. DBaaS B. ZaaS C. XaaS D. HaaS
C
Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher? A. Type D B. Type A C. Type B D. Type C
C
Warning banners typically do not contain which of the following? A. Penalties for noncompliance B. What is considered proper usage C. What is considered improper usage D. Expectations of privacy
C
What form of testing verifies inner logic? A. Pilot B. Blackbox C. Whitebox D. Regression
C
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes? A. Worm B. Trojan horse virus C. Stealth virus D. Polymorphic virus
C
What term describes when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party? A. XML injection B. Patch infiltration C. Session hijacking D. DTB exploitation
C
What types of systems utilize parallel processing (improving performance and availability) and add redundancy? A. Dispersed B. Collected C. Clustered D. Loaded
C
When a hole is found in a web browser or other software, and attackers begin exploiting it the very day it is discovered by the developer, what type of attack is it known as? A. Xmas B. Malicious insider C. Zero-day D. Polymorphic
C
When a lower privilege user or application accesses functions or content reserved for higher privilege users or applications, what is it called? A. Horizontal privilege escalation B. Insecure storage C. Vertical privilege escalation D. Buffer overflow
C
When discussing VLAN tagging, 802.1q is an example of a ________________________ A. Virtual server protocol B. Wireless protocol C. Trunking protocol D. SAN protocol
C
Which of the following best describes EDI? A. It is based on an X509 format. B. It is based on an ANSI X114 format. C. EDI is used to exchange data in a format that both the sending and receiving systems can understand. D. EDI is used to convert data into a format that both the sending and receiving systems can understand.
C
Which of the following can be implemented as a software or hardware solution and is usually associated with a device--a router, a firewall, NAT, and so on--used to shift a load from one device to another? A. Proxy B. Hub C. Load balancer D. Switch
C
Which of the following can extended ACLs not check for? A. Protocol B. Port number C. Response value D. Precedence value
C
Which of the following devices is the most capable of providing infrastructure security A. Hub B. Switch C. Router D. Modem
C
Which of the following documents best fits the description of a step-by-step guide? A. Baseline B. Policy C. Procedure D. Guideline
C
Which of the following does not help in preventing fraud? A. Mandatory vacations B. Job rotation C. Job enlargement D. Separation of duties
C
Which of the following ins an industry standard for host availability? A. Seven 9s B. Eight 9s C. Five 9s D. Six 9s
C
Which of the following involves unauthorized commands coming from a trusted user to the website? A. ZDT B. TT3 C. XSRF D. HSM
C
Which of the following is a newer backup type that provides continuous online backup by using optical or tape jukeboxes and can be configured to provide the closed version of an available real-time backup? A. TPM B. NAS C. HSM D. SAN
C
Which of the following is a notification that an unusual condition exists and should be investigated? A Trend B Trap C Alert D Alarm
C
Which of the following is not a reason why companies implement mandatory vacations? A. To decrease the ability to commit fraud undetected B. To decrease the chance that an area could be seriously negatively affected if someone leaves the organization C. To ensure the employee is well rested D. To allow for times to perform audits and reviews in the employee's absence
C
Which of the following is not an attribute of TPM? A. Inexpensive B. Specialized chip C. External to device D. Fast
C
Which of the following is synonymous with MAC filtering? A. MAC secure B. TKIP C. Network lock D. EAP-TTLS
C
Which of the following is the best description of tailgating? A. Sitting close to someone in a meeting B. Figuring out how to unlock a secured area C. Following someone through a door they just unlocked D. Stealing information from someone's desk
C
Which of the following is the correct sequence of actions in access control mechanisms? A. Access profiles, authentication, authorization, and identification B. Security rules, identification, authorization, and authentication C. Identification, authentication, authorization, and accountability D. Audit trails, authorization, accountability, and identification
C
Which of the following is the most widely used asymmetric algorithm today? A. SHA B. 3DES C. RSA D. AES
C
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash? A. TPM B. HSM C. Fuzzing D. DLP
C
Which of the following provides services similar to TCP and UDP for WAP? A. WDP B. WTLS C. WTP D. WFMD
C
Which of the following security areas encompasses network access control (NAC)? A. Triad security B. Management security C. Operational security D. Physical security
C
Which of the following statements is not true? A. File systems are frequently based on hierarchical models. B. You should never share the root directory of a disk. C. You should share the root directory of a disk. D. You should apply the most restrictive access necessary for a shared directory.
C
Which of the following storage techniques uses a masking process used to provide availability to some hosts and restrict availability to other hosts? A. HBA B. vSAN C. LUN D. NAS
C
Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database. A Access B Security C Event D SQL_LOG
C
Which of the following would an organization security policy statement not define? A. The high-level view of management B. The security goals of the organization C. Step-by-step instructions in how to encrypt data D. What areas of IT security the organization considers important
C
Which of the following would be an appropriate asset disposal technique for a hard drive? A. Delete all files. B. Erase the drive. C. Perform a seven-pass drive wipe. D. Format the drive.
C
Which type of hypervisor implementation is known as "hosted"? A. Type I B. Type III C. Type II D. Type IV
C
Which type of tool would best describe Nmap? A. Port scanner B. Honeynet C. Vulnerability scanner D. Banner grabber
C
Which was the first security model designed for commercial usage? A. Bell-LaPadula B. Brewer and Nash C. Clark-Wilson D. Biba
C
You are examining mail services and have discovered TCP port 25 is open. What service is most likely active? A. POP B. SNMP C. SMTP D. IMAP
C
You have been asked to find a replacement for Telnet and want to use a secure protocol for data exchange. Which of the following applications would be acceptable? A. WebGoat B. Nessus C. PuTTY D. Helix
C
You have just completed a port scan of a computer and have identified that TCP port 31337 is open. What application is possibly running on the remote system? A. pcAnywhere B. Timbuktu C. Back Orifice D. NetBus
C
You have just noticed one of the members of the security team placing a single quote into a web page request field. What type of problem are they testing for? A. XSS B. LDAP injection C. SQL injection D. Clickjacking
C
You need to encrypt your hard drive. Which of the following is the best choice? A. SHA B. DES C. AES D. RSA
C
You're explaining protocols to a junior administrator shortly before you leave for vacation. The topic of Internet mail application comes up, and you explain how communications are done now as well as how you expect them to be done in the future. Which of the following protocols is becoming standard for Internet mail applications? A. SMTP B. POP C. IMAP D. IGMP
C
You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform at its best in order to benefit the sale. Which model is used to provide an intermediary server between the end user and the database? A. Relational database B. Two-tiered C. Three-tiered D. One-tiered
C
You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other? A. Security zone B. MAC C. VLAN D. NAT
C
Your company has grown at a tremendous rate, and the need to hire specialists in various IT areas has become apparent. You're helping to write an online advertisement that will be used to recruit new employees, and you want to make certain that applicants possess the necessary skills. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads? A. Network B. Hierarchical C. Relational D. Archival
C
8. What is the term used for events that were mistakenly flagged although they weren't truly events about which to be concerned? A. Fool's gold B. Non-incidents C. Error flags D. False positives
D
A company decides that the domain controller administrator and the DNS server administrator should exchange positions in order to allow for more oversight of past transactions. Of which of the following is this an example? A. Implicit deny B. Least privilege C. Separation of duties D. Job rotation
D
A mobile user calls you from the road and informs you that his laptop is acting strangely. He reports that there were no problems until he downloaded a weather program and is now getting pop-ups and other redirects from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program? A. Trojan horse virus B. Polymorphic virus C. Worm D. Spyware
D
A periodic update that corrects problems in one version of a product is called a/an A Overhaul B Hotfix C Security update D Service pack
D
According to the process described in this chapter for building security controls, what is the last step? A. Discover protection needs B. Design system security architecture C. Audit D. Implement system security
D
After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon? A. Biometrics B. Kerberos C. Smart card D. Multifactor
D
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute? A. TCP/IP hijacking B. Worm C. Backdoor attack D. Man-in-the-middle attack
D
As part of your training program, your're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type? A. IDS system B. Perimeter security C. Biometrics D. Social engineering
D
By default, what is at the end of every ACL? A. A stateful inspection checkpoint B. An implicit allow statement C. A command that checks for ICMP D. An implicit deny all statement
D
Comprehensive input validation, instead of unchecked assumptions, would help eliminate all but which of the following attacks? A. XSS B. SQL injection C. XML injection D. Radio frequency injection
D
Data diddling can best be categorized as which of the following? A. A type of virus B. The result of a keylogger C. Spam D. An incremental attack
D
During a training session, you want to impress upon users how serious security is and, in particular, cryptography. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use? A. IEEE B. ITU C. NSA D. NIST
D
Fault tolerance is best described as what type of control? A. Recovery B. Preventive C. Detective D. Corrective
D
If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it? A macconfig B ipconfig C config D ifconfig
D
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization? A Director B Supervisor C Root D Administrator
D
John the Ripper is used for which of the following? A. Remote listener B. Wireless security C. Packer analysis D. Password cracking
D
SSL and TLS can best be categorized as which of the following? A. A symmetric encryption system B. An asymmetric encryption system C. A hashing system D. A hybrid encryption system
D
Spanning Tree Protocol (STP) is used for what? A. To suppress multicast traffic B. To bridge SAN traffic C. To implement the 802.1q standard D. To prevent network loops
D
The default level of security established for access controls should be which of the following? A. Read access B. Update access C. All access D. No access
D
There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service, and this is known as: A. at.closed B. at.deny C. at.open D. at.allow
D
To avoid mishandling of information (electronic or documents), what should you consider using? A. Token B. Tickets C. SSL D. Labeling
D
What document describes how a CA issues certificates and for what they are used? A. Certifiate practices B. CRL C. Revocation authority D. Certificate policies
D
What is a system that is intended or designed to be broken into by an attacker called? A. Decoy B. Honeybucket C. Spoofing system D. Honeypot
D
What is implied at the end of each access control list? A. Explicit allow B. Least privilege C. Separation of duties D. Implicit deny
D
What is the correct term for when two different files are hashed and produce the same hashed output? A. Session key B. Digital signature C. Message digest D. Collision
D
What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request? A. Swimming B. Hoaxing C. Spamming D. Phishing
D
What is the machine on which virtualization software is running known as? A. Node B. Workstation C. Server D. Host
D
What is the size of the initialization vector (IV) that WEP uses for encryption? A. 56-bit B. 128-bit C. 6-bit D. 24-bit
D
What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet? A. 64-bit B. 56-bit C. 12-bit D. 128-bit
D
Which act mandates national standards and procedures for storage, use, and transmission of personal medical information? A. GLBA B. CFAA C. FERPA D. HIPAA
D
Which agreement outlines performance requirements for a vendor? A. MTBF B. MTTR C. BCP D. SLA
D
Which cloud delivery model has an infrastructure shared by several organizations with shared interests and common IT needs? A. Hybrid B. Public C. Private D. Community
D
Which cloud service model gives the consumer the ability to use applications provided by the cloud provider over the Internet? A. PaaS B. CaaS C. IaaS D. SaaS
D
Which cloud-based service would handle all phases of the SDLC process? A. MaaS B. IaaS C. SaaS D. PaaS
D
Which device stores information about destinations in a network (choose the best answer)? A. Hub B. Modem C. Firewall D. Router
D
Which form of attack typically targets timing? A. XSS B. XSRF C. Buffer overflows D. TOC/TOU
D
Which form of testing is used to verify that program inputs and outputs are correct? A. Pilot B. Blackbox C. Whitebox D. Regression
D
Which is the approach to dealing with risk that incurs an ongoing continual cost? A. Accept B. Avoid C. Mitigate D. Transfer
D
Which level of RAID is a "stripe of mirrors"? A. RAID 0 B. RAID 1 C. RAID 0+1 D. RAID 1+0
D
Which of the following access control methods includes switching work assignments at preset intervals? A. Mandatory vacations B. Separation of duties C. Least privilege D. Job rotation
D
Which of the following best defines social engineering? A. Destroying or altering data B. Illegal copying of software C. Gathering information from discarded manuals and printouts D. Using people skills to obtain proprietary information
D
Which of the following controls requires two employees working together to complete an action? A. Two-man process B. Job rotation C. Principle of least privilege D. Dual control
D
Which of the following designs uses one packet filtering router between a trusted and untrusted network? A. Screened host B. Screened subnet C. Dual-homed gateway D. Single-tier packet filter
D
Which of the following groups is ultimately responsible for a security policy? A. Employees B. Managers C. CSO D. Senior management
D
Which of the following is a concept that works on the assumption that any information created on any system is stored forever? A. Cloud computing B. Big data C. Warm site D. Full archival
D
Which of the following is a forensic process best described as the actions taken to guard, control, and secure evidence? A. Locking B. Analysis C. Tracking D. Chain of custody
D
Which of the following is an early form of encryption known as ROT3? A. Transposition cipher B. Substitution cipher C. Scytale D. Caesar's cipher
D
Which of the following is considered a framework for information security and addresses issues such as governance, systems development life cycles, security assessments, risk management, and incident response? A. ISO 2701 B. RFC 2196 C. COBIT D. NIST 800-100
D
Which of the following is not a benefit of cloud computing? A. Greater mobility B. Reduced expenditures C. Increased productivity D. Increased data privacy
D
Which of the following is not a hashing algorithm? A. SHA B. HAVAL C. MD5 D. IDEA
D
Which of the following is not a valid UPD header field? A. Source port B. Length C. Checksum D. Flag
D
Which of the following is not an IDS engine? A. Anomaly B. Signature C. Protocol D. Deterministic
D
Which of the following is not an advantage of symmetric encryption? A. It's powerful B. A small key works well for bulk encryption C. It offers confidentiality D. Key exchange is easy
D
Which of the following is not an example of an information security framework? A. SABSA B. IAEFE C. SOMF D. RFC
D
Which of the following is similar to RDP but is designed specifically for Apple products? A. Citrix B. pcAnywhere C. Back Orifice D. Presence
D
Which of the following is the highest classification level in the government? A. Classified B. Secret C. Confidential D. Top Secret
D
Which of the following mail services is optimized for mobile users? A. POP B. SNMP C. SMTP D. IMAP
D
Which of the following outlines those internal to the organization who have the ability to step into positions when they open? A. Emergency planning B. Eventuality planning C. Progression planning D. Succession planning
D
Which of the following security features are not needed in a SAN? A. Firewall B. User access control C. Antivirus D. None of the above
D
Which of the following services use only TCP ports and not UDP? A. IMAP B. LDAP C. FTPS D. SFTP
D
Who in the company is most responsible for initiating a risk analysis, directing a risk analysis, defining goals of the analysis, and making sure the necessary resources are available during the analysis? A. The company's information assurance manager B. The company's security officer C. The company's disaster recovery department and risk analysis team D. Senior management
D
Who typically signs an NDA? A. Focus groups B. Customers C. Alpha testers D. Beta testers
D
You have added a new child domain to your network. As a result of this, the child has adopted all of the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this? A. Fuzzing access B. LDAP access C. XML access D. Transitive access
D
You have been asked to suggest a simple trust system for distribution of encryption keys. Your client is a three-person company and wants a low-cost or free solution. Which of the following would you suggest? A. Single authority trust B. Hierarchical trust C. Spoke/hub trust D. Web of trust
D
You've been assigned to mentor a junior administrator and bring him up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems? A. CHAP B. Smart cards C. Biometrics D. Kerberos
D
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. To what list should the certificate have been added? A. Wildcard verification B. Expired key revocation list C. Online Certificate Status Protocol D. Certificate revocation list (CRL)
D
Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice? A. TLS B. IPSec C. MD5 D. PGP
D
Your company is about to invest heavily in an application written by a new startup. Because it is such a sizable investment, you express your concerns about the longevity of the new company and the risk this organization is taking. You propose that the new company agree to store its source code for use by customers in the event that it ceases business. What is this model called? A. SLA B. BCP C. CA D. Code escrow
D
Your company is considering a policy on social engineering and how employees can avoid phishing attacks. Which of the following techniques would you not recommend? A. Anti-phishing software B. Digital certificates C. Having the policy state that employees should never respond to emails requesting personal information D. Advising employees to avoid using public WiFi and free Internet
D
____________________are tactical documents that specify steps or processes required to meet a certain requirement. A. Procedures B. Guidelines C. Baselines D. Standards
D
__________________is an XML-based open standard designed for authentication and authorization between security domains. A. XACML B. SOAP C. MIME D. SAML
D
__________________solutions help security professionals identify, analyze, and report on threats in real time. A. NAC B. IDS C. IPS D. SIE
D
________________is the practice of organizing and documenting a company's IT assets so that planning, management, and expansion can be enhanced. A. Value delivery B. COBIT C. Performance measurement D. Enterprise architecture
D
_______________provides the ability to have trust in the data and that it is right and correct. A. Authentication B. Identification C. Confidentiality D. Integrity
D
You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come acrosss a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym. A. RFC B. X.509 C. IEEE D. WBS
A
You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency? A. Reciprocal agreement B. Warm-site agreement C. Backup-site agreement D. Hot-site agreement
A
You've been drafted for the safety committee. One of your first tasks is to inventory all of the fire extinguishers and make certain that the correct types are in the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires? A. Type C B. Type D C. Type B D. Type A
A
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be? A. Replay attack B. Backdoor attack C. Man-in-the-middle attack D. TCP/IP hijacking
A
Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you connected to the Internet. Which kind of attack has probably occurred? A. Logic bomb B. ACK attack C. Virus D. Worm
A
You're trying to rearrange your backup procedures to reduce the amount of time that they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last full or partial backup? A. Backup server B. Incremental backup C. Differential backup D. Full backup
B
You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately, you notice that they're using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process? A. Certificate revocation B. Key transmission C. Private key security D. Network security
B
Proximity readers work with which of the following? A. 15.75 fob card B. 125 kHz proximity card C. 13.56 MHz smart card D. 14.32 surveillance card
B, C
You are the senior administrator for a bank. A user calls you on the telephone and says that they were notified to contact you but couldn't find your information on the company website. Two days ago, an email told them that there was something wrong with their account and that they needed to click a link in the email to fix the problem. They clicked the link and filled in the information, but now their account is showing a large number of transactions that they did not authorize. They were likely the victims of what type of attack? A. Pharming B. Escalating C. Phishing D. Spimming
C
You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't use a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage? A. Full Archival method B. Differential Backup method C. Grandfather, Father, and Son method D. Backup Server method
C
You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. To what type of virus is she referring? A. Polymorphic virus B. Stealth virus C. Armored virus D. Worm
C
You're the leader of the security committee at ACME Company. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following best describes a motion detector mounted in the corner of a hallway? A. Perimeter security B. Partitioning C. Security zone D. IDS system
C
Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing? A. TCP/IP hijacking B. Worm attack C. Password-guessing attack D. Backdoor attack
C
MAC is an acronym for what as it relates to cryptography? A. Media access control B. Mandatory access control C. Multiple advisory committees D. Message authentication code
D
Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide? A. Integrity B. Authentication C. Confidentiality D. Nonrepudiation
D
The Cyberspace Security Enhancement Act gives law enforcement the right to: A. Fine ISPs who host rogue sites B. Restrict information from public view C. Stop issuance of .gov domains D. Gain access to encryption keys
D
Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access? A. Proximity reader B. Fencing C. Hot aisle D. Mantrap
D
Which organizations can be used to identify an individual for certificate issuance in a PKI environment? A. RA B. SHE C. PKE D. LRA
D
Which plan or policy helps an organization determine how to relocate to an emergency site? A. Privilege management policy B. Backup site plan C. Privacy plan D. Disaster-recovery plan
D
_________ information is made available to either large public or specific individuals, whereas _______________ information is intended for only those internal to the organization. A. Private; restricted B. Limited distribution; internal C.Public; internal D. Public; private
D