CompTIA Security+ Q1747_SY0-401

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Ann a security administrator wants a limit access to the wireless network. Which of the following can be used to do this without using certificates?

A. Employ EPA-TLS A. Employ EPA-TLS B. Employ PEAP on all laptops C. Enable MAC filtering D. Disable SSID broadcasting Correct Answer: C

Which of the following are examples of network segmentation? (Select TWO).

A. IDS A. IDS B. IaaS C. DMZ D. Subnet E. IPS Correct Answer: CD

Which of the following protocols is the security administrator observing in this packet capture? 12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK

A. HTTPS A. HTTPS B. RDP C. HTTP D. SFTP Correct Answer: B

A company has implemented full disk encryption. Clients must authenticate with a username and password at a pre-boot level to unlock the disk and again a username and password at the network login. Which of the following are being used? (Select TWO)

A. Multifactor authentication A. Multifactor authentication B. Single factor authentication C. Something a user is D. Something a user has E. Single sign-on F. Something a user knows Correct Answer: BF

Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?

A. Protocol filter A. Protocol filter B. Load balancer C. NIDS D. Layer 7 firewall Correct Answer: D

Which of the following is synonymous with a server's certificate?

A. Public key A. Public key B. CRL C. Private key D. Recovery agent Correct Answer: A

A new client application developer wants to ensure that the encrypted passwords that are stored in their database are secure from cracking attempts. To implement this, the developer implements a function on the client application that hashes passwords thousands of times prior to being sent to the database. Which of the following did the developer MOST likely implement?

A. RIPEMD A. RIPEMD B. PBKDF2 C. HMAC D. ECDHE Correct Answer: B

All of the following are valid cryptographic hash functions EXCEPT:

A. RIPEMD. A. RIPEMD. B. RC4. C. SHA-512. D. MD4. Correct Answer: B

Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?

A. Root Kit A. Root Kit B. Spyware C. Logic Bomb D. Backdoor Correct Answer: D

When implementing a Public Key Infrastructure, which of the following should the sender use to digitally sign a document?

A. A CSR A. A CSR B. A private key C. A certificate authority D. A public key Correct Answer: B

Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?

A. Protocol analyzer A. Protocol analyzer B. Router C. Firewall D. HIPS Correct Answer: A

When generating a request for a new x.509 certificate for securing a website, which of the following is the MOST appropriate hashing algorithm?

A. RC4 B. MD5 C. HMAC D. SHA Correct Answer: B

Which of the following is a penetration testing method?

A. Searching the WHOIS database for administrator contact information A. Searching the WHOIS database for administrator contact information B. Running a port scanner against the target's network C. War driving from a target's parking lot to footprint the wireless network D. Calling the target's helpdesk, requesting a password reset Correct Answer: D

Physical documents must be incinerated after a set retention period is reached. Which of the following attacks does this action remediate?

A. Shoulder Surfing A. Shoulder Surfing B. Dumpster Diving C. Phishing D. Impersonation Correct Answer: B

Which of the following use the SSH protocol?

A. Stelnet B. SCP C. SNMP D. FTPS E. SSL F. SFTP Correct Answer: BF

Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?

A. Subnetting A. Subnetting B. NAT C. Jabber D. DMZ Correct Answer: C

Which of the following will provide data encryption, key management and secure application launching?

A. TKIP A. TKIP B. HSM C. EFS D. DLP Correct Answer: D

To ensure proper evidence collection, which of the following steps should be performed FIRST?

A. Take hashes from the live system A. Take hashes from the live system B. Review logs C. Capture the system image D. Copy all compromised files Correct Answer: C

Visible security cameras are considered to be which of the following types of security controls?

A. Technical A. Technical B. Compensating C. Deterrent D. Administrative Correct Answer: C

A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?

A. The old APs use 802.11a A. The old APs use 802.11a B. Users did not enter the MAC of the new APs C. The new APs use MIMO D. A site survey was not conducted Correct Answer: D

Which of the following types of trust models is used by a PKI?

A. Transitive A. Transitive B. Open source C. Decentralized D. Centralized Correct Answer: D

Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

A. Trusted OS A. Trusted OS B. Host software baselining C. OS hardening D. Virtualization Correct Answer: D

After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described?

A. Trusted OS A. Trusted OS B. Mandatory access control C. Separation of duties D. Single sign-on Correct Answer: D

Which of the following offers the LEAST secure encryption capabilities?

A. TwoFish A. TwoFish B. PAP C. NTLM D. CHAP Correct Answer: B

Which of the following should be enabled in a laptop's BIOS prior to full disk encryption?

A. USB A. USB B. HSM C. RAID D. TPM Correct Answer: D

The act of magnetically erasing all of the data on a disk is known as:

A. Wiping A. Wiping B. Dissolution C. Scrubbing D. Degaussing Correct Answer: D

It is MOST difficult to harden against which of the following?

A. XSS A. XSS B. Zero-day C. Buffer overflow D. DoS Correct Answer: C

A user has plugged in a wireless router from home with default configurations into a network jack at the office. This is known as:

A. an evil twin. A. an evil twin. B. an IV attack. C. a rogue access point. D. an unauthorized entry point. Correct Answer: C

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

A. Unexpected input A. Unexpected input B. Invalid output C. Parameterized input D. Valid output Correct Answer: A

Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO).

A. WPA2-PSK A. WPA2-PSK B. WPA - EAP - TLS C. WPA2-CCMP D. WPA -CCMP E. WPA - LEAP F. WEP Correct Answer: AE

A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?

A. AES A. AES B. IPSec C. PGP D. SSH Correct Answer: D

In order to enter a high-security datacenter, users are required to speak the password into a voice recognition system. Ann a member if the sales department over hears the password and upon speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center?

A. An authentication factor A. An authentication factor B. Discretionary access C. Time of day restrictions D. Least privilege restrictions Correct Answer: A

Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"?

A. CRL A. CRL B. PKI C. OCSP D. RA Correct Answer: C

An administrator is implementing a security control that only permits the execution of allowed programs. Which of the following are cryptography concepts that should be used to identify the allowed programs? (Select two.)

A. Digital signatures A. Digital signatures B. Hashing C. Asymmetric encryption D. openID E. key escrow Correct Answer: AB

Which of the following ports is used for TELNET by default?

A. 22 A. 22 B. 23 C. 21 D. 20 Correct Answer: B

Which of the following application attacks is used to gain access to SEH?

A. Cookie stealing A. Cookie stealing B. Buffer overflow C. Directory traversal D. XML injection Correct Answer: B

The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?

A. Create a firewall rule to block SSH A. Create a firewall rule to block SSH B. Delete the root account C. Disable remote root logins D. Ensure the root account has a strong password Correct Answer: C

A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak?

A. Create a separate printer network A. Create a separate printer network B. Perform penetration testing to rule out false positives C. Install patches on the print server D. Run a full vulnerability scan of all the printers Correct Answer: C

While opening an email attachment, Pete, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?

A. Cross-site scripting A. Cross-site scripting B. Buffer overflow C. Header manipulation D. Directory traversal Correct Answer: B

Data execution prevention is a feature in most operating systems intended to protect against which type of attack?

A. Cross-site scripting A. Cross-site scripting B. Buffer overflow C. Header manipulation D. SQL injection Correct Answer: B

A website administrator has received an alert from an application designed to check the integrity of the company's website. The alert indicated that the hash value for a particular MPEG file has changed. Upon further investigation, the media appears to be the same as it was before the alert. Which of the following methods has MOST likely been used?

A. Cryptography B. Time of check/time of use C. Man in the middle D. Covert timing E. Steganography Correct Answer: E

In order to use a two-way trust model the security administrator MUST implement which of the following?

A. DAC A. DAC B. PKI C. HTTPS D. TPM Correct Answer: B

Which of the following types of attacks is based on coordinating small slices of a task across multiple systems?

A. DDos A. DDos B. Spam C. Spoofing D. Dos Correct Answer: B

A security administrator would like the corporate webserver to select perfect forward secrecy ciphers first. Which of the following cipher suites should the administrator select to accomplish this goal?

A. DH-DSS-CAMELLA256-SHA A. DH-DSS-CAMELLA256-SHA B. ECDHE-RSA-AES1280SHA C. DH-RSA-AES128-SHA256 D. ADH-AES256-SHA Correct Answer: B

A chief privacy officer, Joe, is concerned that employees are sending emails to addresses outside of the company that contain PII. He asks that the security technician to implement technology that will mitigate this risk. Which of the following would be the best option?

A. DLP A. DLP B. HIDS C. Firewall D. Web content filtering Correct Answer: A

A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?

A. DMZ A. DMZ B. Cloud computing C. VLAN D. Virtualization Correct Answer: A

Which of the following would allow the organization to divide a Class C IP address range into several ranges?

A. DMZ A. DMZ B. Virtual LANs C. NAT D. Subnetting Correct Answer: D

Which of the following would an attacker use to penetrate and capture additional traffic prior to performing an IV attack?

A. DNS poisoning A. DNS poisoning B. DDoS C. Replay attack D. Dictionary attacks Correct Answer: D

Which of the following can take advantage of man in the middle techniques to prevent data exfiltration?

A. DNS poisoning A. DNS poisoning B. URL hijacking C. ARP spoofing D. HTTPS inspection Correct Answer: A

Which of the following BEST describes the type of attack that is occurring? (Select TWO).

A. DNS spoofing A. DNS spoofing B. Man-in-the-middle C. Backdoor D. Replay E. ARP attack F. Spear phishing G. Xmas attack Correct Answer: AE

When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record?

A. DNSSEC record A. DNSSEC record B. IPv4 DNS record C. IPSEC DNS record D. IPv6 DNS record Correct Answer: D

A network manager needs a cost-effective solution to allow for the restoration of information with a RPO of 24 hours. The disaster recovery plan also requires that backups occur within a restricted timeframe during the week and be take offsite weekly. Which of the following should the manager choose to BEST address these requirements?

A. Daily incremental backup to tape A. Daily incremental backup to tape B. Disk-to-disk hourly server snapshots C. Replication of the environment at a hot site D. Daily differential backup to tape E. Daily full backup to tape Correct Answer: A

Ann, a college professor, was recently reprimanded for posting disparaging remarks re-grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?

A. Data Labeling and disposal B. Use of social networking C. Use of P2P networking D. Role-based training Correct Answer: B

If an organization wants to implement a BYOD policy, which of the following administrative control policy considerations MUST be addressed? (Select two)

A. Data archiving A. Data archiving B. Data ownership C. Geo-tagging D. Acceptable use E. Remote wipe Correct Answer: BC

Various employees have lost valuable customer data due to hard drives failing in company provided laptops. It has been discovered that the hard drives used in one model of laptops provided by the company has been recalled by the manufactory, The help desk is only able to replace the hard drives after they fail because there is no centralized records of the model of laptop given to each specific user. Which of the following could have prevented this situation from occurring?

A. Data backups A. Data backups B. Asset tracking C. Support ownership D. BYOD policies Correct Answer: B

Which of the following helps to apply the proper security controls to information?

A. Data classification A. Data classification B. Deduplication C. Clean desk policy D. Encryption Correct Answer: A

A security administrator wants to ensure that the message the administrator sends out to their Chief Financial Officer (CFO) does not get changed in route. Which of the following is the administrator MOST concerned with?

A. Data confidentiality A. Data confidentiality B. High availability C. Data integrity D. Business continuity Correct Answer: C

An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?

A. Data encryption A. Data encryption B. Patching the system C. Digital signatures D. File hashing Correct Answer: A

Which of the following concepts is a term that directly relates to customer privacy considerations?

A. Data handling policies A. Data handling policies B. Personally identifiable information C. Information classification D. Clean desk policies Correct Answer: B

Establishing a method to erase or clear cluster tips is an example of securing which of the following?

A. Data in transit A. Data in transit B. Data at rest C. Data in use D. Data in motion Correct Answer: B

Which of the following technologies can store multi-tenant data with different security requirements?

A. Data loss prevention A. Data loss prevention B. Trusted platform module C. Hard drive encryption D. Cloud computing Correct Answer: D

Technicians working with servers hosted at the company's datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures. Which of the following should be implemented to correct this issue?

A. Decrease the room temperature B. Increase humidity in the room C. Utilize better hot/cold aisle configurations D. Implement EMI shielding Correct Answer: D

Which of the following devices will help prevent a laptop from being removed from a certain location?

A. Device encryption A. Device encryption B. Cable locks C. GPS tracking D. Remote data wipes Correct Answer: B

When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?

A. Digital Signature A. Digital Signature B. Symmetric C. Asymmetric D. Hashing Correct Answer: C

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts A. Disable unnecessary accounts B. Print baseline configuration C. Enable access lists D. Disable unused ports Correct Answer: D

A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

A. Enforce Kerberos A. Enforce Kerberos B. Deploy smart cards C. Time of day restrictions D. Access control lists Correct Answer: C

Joe a company's new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?

A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company's servers A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company's servers B. Ensure the vulnerability scanner is configured to authenticate with a privileged account C. Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers D. Ensure the vulnerability scanner is conducting antivirus scanning Correct Answer: A

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company's applications. Which of the following best describes what she will do?

A. Enter random or invalid data into the application in an attempt to cause it to fault B. Work with the developers to eliminate horizontal privilege escalation opportunities C. Test the applications for the existence of built-in- back doors left by the developers D. Hash the application to verify it won't cause a false positive on the HIPS. Correct Answer: A

A company needs to provide a secure backup mechanism for key storage in a PKI. Which of the following should the company implement?

A. Ephemeral keys A. Ephemeral keys B. Steganography C. Key escrow D. Digital signatures Correct Answer: C

Which of the following is an application security coding problem?

A. Error and exception handling A. Error and exception handling B. Patch management C. Application hardening D. Application fuzzing Correct Answer: A

A security Operations Center was scanning a subnet for infections and found a contaminated machine. One of the administrators disabled the switch port that the machine was connected to, and informed a local technician of the infection. Which of the following steps did the administrator perform?

A. Escalation A. Escalation B. Identification C. Notification D. Quarantine E. Preparation Correct Answer: CD

An auditor is given access to a conference room to conduct an analysis. When they connect their laptop's Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?

A. Ethernet cable is damaged A. Ethernet cable is damaged B. The host firewall is set to disallow outbound connections C. Network Access Control D. The switch port is administratively shutdown Correct Answer: C

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?

A. Event A. Event B. SQL_LOG C. Security D. Access Correct Answer: A

While an Internet café a malicious user is causing all surrounding wireless connected devices to have intermittent and unstable connections to the access point. Which of the following is MOST likely being used?

A. Evil Twin A. Evil Twin B. Interference C. Packet sniffer D. Rogue AP Correct Answer: D

Which of the following is characterized by an attack against a mobile device?

A. Evil twin A. Evil twin B. Header manipulation C. Blue jacking D. Rogue AP Correct Answer: C

Which of the following results in datacenters with failed humidity controls? (Select TWO).

A. Excessive EMI A. Excessive EMI B. Electrostatic charge C. Improper ventilation D. Condensation E. Irregular temperature Correct Answer: BD

Which of the following has a storage root key?

A. HSM A. HSM B. EFS C. TPM D. TKIP Correct Answer: C

A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?

A. HTTP A. HTTP B. DHCP C. DNS D. NetBIOS Correct Answer: C

Which of the following is BEST used as a secure replacement for TELNET?

A. HTTPS A. HTTPS B. HMAC C. GPG D. SSH Correct Answer: D

A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?

A. ICMP A. ICMP B. BGP C. NetBIOS D. DNS Correct Answer: C

Which of the following protocols operates at the HIGHEST level of the OSI model?

A. ICMP A. ICMP B. IPSec C. SCP D. TCP Correct Answer: C

An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. This company should consider which of the following technologies?

A. IDS A. IDS B. Firewalls C. DLP D. IPS Correct Answer: C

Which of the following protocols allows for the LARGEST address space?

A. IPX A. IPX B. IPv4 C. IPv6 D. Appletalk Correct Answer: C

An attacker unplugs the access point at a coffee shop. The attacker then runs software to make a laptop look like an access point and advertises the same network as the coffee shop normally does. Which of the following describes this type of attack?

A. IV A. IV B. Xmas C. Packet sniffing D. Evil twin E. Rouge AP Correct Answer: D

Which of the following is the default port for TFTP?

A. 20 A. 20 B. 69 C. 21 D. 68 Correct Answer: B

A company wants to prevent unauthorized access to its secure data center. Which of the following security controls would be MOST appropriate?

A. Alarm to local police A. Alarm to local police B. Camera C. Security guard D. Motion detector Correct Answer: C

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls. A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls. B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities. C. Exploit security controls to determine vulnerabilities and misconfigurations. D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls. Correct Answer: A

An employee from the fire Marshall's office arrives to inspect the data center. The operator allows him to bypass the multi-factor authentication to enter the data center. Which of the following types of attacks may be underway?

A. Impersonation A. Impersonation B. Hoax C. Tailgating D. Spoofing Correct Answer: C

Using proximity card readers instead of the traditional key punch doors would help to mitigate:

A. Impersonation A. Impersonation B. Tailgating C. Dumpster diving D. Shoulder surfing Correct Answer: D

The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Select TWO)

A. Asset tracking A. Asset tracking B. Screen-locks C. GEO-Tracking D. Device encryption Correct Answer: A

The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?

A. Implement a honeynet A. Implement a honeynet B. Perform a penetration test C. Examine firewall logs D. Deploy an IDS Correct Answer: A

A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?

A. Assign users passwords based upon job role. A. Assign users passwords based upon job role. B. Enforce a minimum password age policy. C. Prevent users from choosing their own passwords. D. Increase the password expiration time frame. Correct Answer: B

A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?

A. Automatically encrypt impacted outgoing emails A. Automatically encrypt impacted outgoing emails B. Automatically encrypt impacted incoming emails C. Monitor impacted outgoing emails D. Prevent impacted outgoing emails Correct Answer: A

Joe wants to employ MD5 hashing on the company file server. Which of the following is Joe trying to achieve?

A. Availability A. Availability B. Confidentiality C. Non repudiation D. Integrity Correct Answer: B

Digital certificates can be used to ensure which of the following? (Select TWO).

A. Availability A. Availability B. Confidentiality C. Verification D. Authorization E. Non-repudiation Correct Answer: BE

Which of the following documents outlines the technical and security requirements of an agreement between organizations?

A. BPA A. BPA B. RFQ C. ISA D. RFC Correct Answer: C

Which of the following is a common coding error in which boundary checking is not performed?

A. Input validation A. Input validation B. Fuzzing C. Secure coding D. Cross-site scripting Correct Answer: A

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

A. Installing anti-malware A. Installing anti-malware B. Implementing an IDS C. Taking a baseline configuration D. Disabling unnecessary services Correct Answer: D

Which of the following components MUST be trusted by all parties in PKI?

A. Key escrow A. Key escrow B. CA C. Private key D. Recovery key Correct Answer: B

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?

A. MAC Spoofing A. MAC Spoofing B. Session Hijacking C. Impersonation D. Zero-day Correct Answer: D

Used in conjunction, which of the following are PII? (Select TWO).

A. Marital status A. Marital status B. Favorite movie C. Pet's name D. Birthday E. Full name Correct Answer: DE

A Company has recently identified critical systems that support business operations. Which of the following will once defined, be the requirement for restoration of these systems within a certain period of time?

A. Mean Time Between Failure A. Mean Time Between Failure B. Mean Time to Restore C. Recovery Point Objective D. Recovery Time Objective Correct Answer: A

Which of the following passwords is the LEAST complex?

A. MyTrain!45 A. MyTrain!45 B. Mytr@in!! C. MyTr@in12 D. MyTr@in#8 Correct Answer: B

Which of the following would allow users from outside of an organization to have access to internal resources?

A. NAC A. NAC B. VLANS C. VPN D. NAT Correct Answer: C

A security administrator wishes to implement a method of generating encryption keys from user passwords to enhance account security. Which of the following would accomplish this task?

A. NTLMv2 A. NTLMv2 B. Blowfish C. Diffie-Hellman D. PBKDF2 Correct Answer: C

Which of the following policies is implemented in order to minimize data loss or theft?

A. PII handling A. PII handling B. Password policy C. Chain of custody D. Zero day exploits Correct Answer: A

Public key certificates and keys that are compromised or were issued fraudulently are listed on which of the following?

A. PKI A. PKI B. ACL C. CA D. CRL Correct Answer: D

Which of the following provides a static record of all certificates that are no longer valid?

A. Private key A. Private key B. Recovery agent C. CRLs D. CA Correct Answer: C

After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with?

A. Ransomware A. Ransomware B. Trojan C. Backdoor D. Armored virus Correct Answer: A

An employee reports work was being completed on a company-owned laptop using a public wireless hot-spot. A pop-up screen appeared, and the user closed the pop-up. Seconds later, the desktop background was changed to the image of a padlock with a message demanding immediate payment to recover the data. Which of the following types of malware MOST likely caused this issue?

A. Ransomware B. Rootkit C. Scareware D. Spyware Correct Answer: A

Joe an end user has received a virus detection warning. Which of the following is the first course of action that should be taken?

A. Recovery A. Recovery B. Reporting C. Remediation D. Identification Correct Answer: B

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?

A. Recovery agent A. Recovery agent B. Certificate authority C. Trust model D. Key escrow Correct Answer: A

An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?

A. Review past security incidents and their resolution A. Review past security incidents and their resolution B. Rewrite the existing security policy C. Implement an intrusion prevention system D. Install honey pot systems Correct Answer: C

A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user's digital certificate. Which of the following will help resolve the issue? (Select TWO).

A. Revoke the digital certificate A. Revoke the digital certificate B. Mark the key as private and import it C. Restore the certificate using a CRL D. Issue a new digital certificate E. Restore the certificate using a recovery agent Correct Answer: AD

A company's Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

A. Risk A. Risk B. Asset C. Threat D. Vulnerability Correct Answer: C

When viewing IPS logs the administrator see systems all over the world scanning the network for servers with port 22 open. The administrator concludes that this traffic is a(N):

A. Risk B. Vulnerability C. Exploit D. Threat Correct Answer: D

Joe Has read and write access to his own home directory. Joe and Ann are collaborating on a project, and Joe would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?

A. Role-based access control A. Role-based access control B. Rule-based access control C. Mandatory access control D. Discretionary access control Correct Answer: D

A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?

A. Role-based privileges A. Role-based privileges B. Credential management C. User assigned privileges D. User access Correct Answer: A

Which of the following is used to certify intermediate authorities in a large PKI deployment?

A. Root CA A. Root CA B. Recovery agent C. Root user D. Key escrow Correct Answer: A

The recovery agent is used to recover the:

A. Root certificate A. Root certificate B. Key in escrow C. Public key D. Private key Correct Answer: D

Which of the following is considered the MOST effective practice when securing printers or scanners in an enterprise environment?

A. Routine vulnerability scanning of peripherals A. Routine vulnerability scanning of peripherals B. Install in a hardened network segment C. Turn off the power to the peripherals at night D. Enable print sharing only from workstations Correct Answer: A

To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended?

A. SHA A. SHA B. MD5 C. Blowfish D. AES Correct Answer: D

A security administrator implements a web server that utilizes an algorithm that requires other hashing standards to provide data integrity. Which of the following algorithms would meet the requirement?

A. SHA A. SHA B. MD5 C. RIPEMD D. HMAC Correct Answer: A

Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?

A. SMTP A. SMTP B. SNMPv3 C. IPSec D. SNMP Correct Answer: B

Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended?

A. Screen lock A. Screen lock B. Voice encryption C. GPS tracking D. Device encryption Correct Answer: A

Which of the following can be used as an equipment theft deterrent?

A. Screen locks A. Screen locks B. GPS tracking C. Cable locks D. Whole disk encryption Correct Answer: C

A small company has recently purchased cell phones for managers to use while working outside if the office. The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company's requirements?

A. Screen-lock A. Screen-lock B. Disable removable storage C. Full device encryption D. Remote wiping Correct Answer: A

Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?

A. Set up mantraps to avoid tailgating of approved users. A. Set up mantraps to avoid tailgating of approved users. B. Place a guard at the entrance to approve access. C. Install a fingerprint scanner at the entrance. D. Implement proximity readers to scan users' badges. Correct Answer: B

Which of the following BEST describes an attack where communications between two parties are intercepted and forwarded to each party with neither party being aware of the interception and potential modification to the communications?

A. Spear phishing B. Main-in-the-middle C. URL hijacking D. Transitive access Correct Answer: B

After making a bit-level copy of compromised server, the forensics analyst Joe wants to verify that he bid not accidentally make a change during his investigation. Which of the following should he perform?

A. Take a hash of the image and compare it to the one being investigated A. Take a hash of the image and compare it to the one being investigated B. Compare file sizes of all files prior to and after investigation C. Make a third image and compare it to the second image being investigated D. Compare the logs of the copy to the actual server Correct Answer: A

Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity's of Joe's certificate? (Select TWO).

A. The CA's public key A. The CA's public key B. Joe's private key C. Ann's public key D. The CA's private key E. Joe's public key F. Ann's private key Correct Answer: AE

The programmer confirms that there is potential for a buffer overflow on one of the data input fields in a corporate application. The security analyst classifies this as a (N).

A. Threat A. Threat B. Risk C. Attack D. Vulnerability Correct Answer: D

If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing?

A. Transitive trust A. Transitive trust B. Public key trust C. Certificate authority trust D. Domain level trust Correct Answer: A

The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administor has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network?

A. Upgrade the encryption to WPA or WPA2 B. Create a non-zero length SSID for the wireless router C. Reroute wireless users to a honeypot D. Disable responses to a broadcast probe request Correct Answer: D

Which of the following would prevent a user from installing a program on a company-owned mobile device?

A. White-listing A. White-listing B. Access control lists C. Geotagging D. Remote wipe Correct Answer: A

Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe's laptop directly?

A. full-disk encryption B. Host-based firewall C. Current antivirus definitions D. Latest OS updates Correct Answer: B

Which of the following presents the STRONGEST access control?

A. MAC A. MAC B. TACACS C. DAC D. RBAC Correct Answer: A

A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance?

A. MOTD challenge and PIN pad A. MOTD challenge and PIN pad B. Retina scanner and fingerprint reader C. Voice recognition and one-time PIN token D. One-time PIN token and proximity reader Correct Answer: C

Which of the following metrics is important for measuring the extent of data required during backup and recovery?

A. MOU A. MOU B. ARO C. ALE D. RPO Correct Answer: C

DRAG DROP A Security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and Drop the applicable controls to each asset type. Instructions: Controls can be used multiple times and not all placeholders needs to be filled. When you have completed the simulation, Please select Done to submit. Select and Place:Explanation/Reference: Explanation: Cable locks are used as a hardware lock mechanism - thus best used on a Data Center Terminal Server. Network monitors are also known as sniffers - thus best used on a Data Center Terminal Server. Install antivirus software. Antivirus software should be installed and definitions kept current on all hosts. Antivirus software should run on the server as well as on every workstation. In addition to active monitoring of incoming fi les, scans should be conducted regularly to catch any infections that have slipped through- thus best used on a Data Center Terminal Server. Proximity readers are used as part of physical barriers which makes it more appropriate to use on a center's entrance to protect the terminal server. Mentor app is an Apple application used for personal development and is best used on a mobile device such as a smart phone. Remote wipe is an application that can be used on devices that are stolen to keep data safe. It is basically a command to a phone that will remotely clear the data on that phone. This process is known as a remote wipe, and it is intended to be used if the phone is stolen or going to another user. Should a device be stolen, GPS (Global Positioning System) tracking can be used to identify its location and allow authorities to find it - thus best used on a smart phone. Screen Lock is where the display should be configured to time out after a short period of inactivity and the screen locked with a password. To be able to access the system again, the user must provide the password. After a certain number of attempts, the user should not be allowed to attempt any additional logons; this is called lockout - thus best used on a smart phone. Strong Password since passwords are always important, but even more so when you consider that the device could be stolen and in the possession of someone who has unlimited access and time to try various values - thus best use strong passwords on a smartphone as it can be stolen more easily than a terminal server in a data center. Device Encryption- Data should be encrypted on the device so that if it does fall into the wrong hands, it cannot be accessed in a usable form without the correct passwords. It is recommended to you use Trusted Platform Module (TPM) for all mobile devices where possible. Use pop-up blockers. Not only are pop-ups irritating, but they are also a security threat. Pop-ups (including popunders) represent unwanted programs running on the system, and they can jeopardize the system's well-being. This will be more effective on a mobile device rather than a terminal server. Use host-based firewalls. A firewall is the first line of defense against attackers and malware. Almost every current operating system includes a firewall, and most are turned on by Default- thus best used on a Data Center Terminal Server. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 221, 222, 369, 418 http://www.mentor-app.com/ Which of the following defines a business goal for system restoration and acceptable data loss?

A. MTTR A. MTTR B. MTBF C. RPO D. Warm site Correct Answer: C

Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for failure?

A. MOU B. ISA C. BPA D. SLA Correct Answer: D

Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?

A. Mandatory vacation A. Mandatory vacation B. Job rotation C. Separation of duties D. Replacement Correct Answer: A

Which of the following relies on the use of shared secrets to protect communication?

A. RADIUS A. RADIUS B. Kerberos C. PKI D. LDAP Correct Answer: A

After reviewing the firewall logs of her organization's wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?

A. Reduce the power level of the AP on the network segment A. Reduce the power level of the AP on the network segment B. Implement MAC filtering on the AP of the affected segment C. Perform a site survey to see what has changed on the segment D. Change the WPA2 encryption key of the AP in the affected segment Correct Answer: A

Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption?

A. Reduces processing overhead required to access the encrypted files A. Reduces processing overhead required to access the encrypted files B. Double encryption causes the individually encrypted files to partially lose their properties C. Individually encrypted files will remain encrypted when copied to external media D. File level access control only apply to individually encrypted files in a fully encrypted drive Correct Answer: C

Which of the following allows an application to securely authenticate a user by receiving credentials from a web domain?

A. TACACS+ B. RADIUS C. Kerberos D. SAML Correct Answer: D

Joe a web developer wants to make sure his application is not susceptible to cross-site request forgery attacks. Which of the following is one way to prevent this type of attack?

A. The application should always check the HTTP referrer header A. The application should always check the HTTP referrer header B. The application should always check the HTTP Request header C. The application should always check the HTTP Host header D. The application should always use SSL encryption Correct Answer: D

Recently clients are stating they can no longer access a secure banking site's webpage. In reviewing the clients' web browser settings, the certificate chain is showing the following: Certificate Chain: X Digi Cert Digi Cert High assurance C3 * banksite.com Certificate Store: Digi Cert - Others Certificate Store Digi Cert High assurance C3 - Others Certificate Store Based on the information provided, which of the following is the problem when connecting to the website?

A. The certificate signature request was invalid B. Key escrow is failing for the certificate authority C. The certificate authority has revoked the certificate D. The clients do not trust the certificate authority Correct Answer: C

Which of the following is a best practice when setting up a client to use the LDAPS protocol with a server?

A. The client should follow LDAP referrals to other secure servers on the network A. The client should follow LDAP referrals to other secure servers on the network B. The client should trust the CA that signed the server's certificate C. The client should present a self-signed certificate to the server D. The client should have access to port 389 on the server Correct Answer: C

An employee's mobile device associates with the company's guest WiFi SSID, but then is unable to retrieve email. The email settings appear to be correct. Which of the following is the MOST likely cause?

A. The employee has set the network type to WPA instead of WPA2 A. The employee has set the network type to WPA instead of WPA2 B. The network uses a captive portal and requires a web authentication C. The administrator has blocked the use of the personal hot spot feature D. The mobile device has been placed in airplane mode Correct Answer: B

A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?

A. Replay A. Replay B. DDoS C. Smurf D. Ping of Death Correct Answer: A

Which of the following will allow the live state of the virtual machine to be easily reverted after a failed upgrade?

A. Replication A. Replication B. Backups C. Fault tolerance D. Snapshots Correct Answer: D

During a data breach cleanup it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited?

A. Reporting B. Preparation C. Mitigation D. Lessons Learned Correct Answer: B

When implementing fire suppression controls in a datacenter it is important to:

A. Select a fire suppression system which protects equipment but may harm technicians. A. Select a fire suppression system which protects equipment but may harm technicians. B. Ensure proper placement of sprinkler lines to avoid accidental leakage onto servers. C. Integrate maintenance procedures to include regularly discharging the system. D. Use a system with audible alarms to ensure technicians have 20 minutes to evacuate. Correct Answer: B

During a review a company was cited for allowing requestors to approve and implement their own change request. Which of the following would resolve the issue? (Select TWO)

A. Separation duties A. Separation duties B. Mandatory access C. Mandatory vacations D. Audit logs E. Job Rotation F. Time of day restrictions Correct Answer: AE

A user, Ann, has been issued a smart card and is having problems opening old encrypted email. Ann published her certificates to the local windows store and to the global address list. Which of the following would still need to be performed?

A. Setup the email security with her new certificates A. Setup the email security with her new certificates B. Recover her old private certificate C. Reinstall her previous public certificate D. Verify the correct email address is associated with her certificate Correct Answer: A

A cyber security administrator receives a list of IPs that have been reported as attempting to access the network. To identify any possible successful attempts across the enterprise, which of the following should be implemented?

A. Monitor authentication logs A. Monitor authentication logs B. Disable unnecessary accounts C. Time of day restrictions D. Separation of duties Correct Answer: A

A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

A. Single sign-on A. Single sign-on B. Authorization C. Access control D. Authentication Correct Answer: D

An administrator is looking to implement a security device which will be able to not only detect network intrusions at the organization level, but help defend against them as well. Which of the following is being described here?

A. NIDS A. NIDS B. NIPS C. HIPS D. HIDS Correct Answer: B

Which of the following is the term for a fix for a known software problem?

A. Skiff A. Skiff B. Patch C. Slipstream D. Upgrade Correct Answer: B

The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords. The company currently stores passwords as SHA hashes. Which of the following can the CTO implement requiring the LEAST change to existing systems?

A. Smart cards A. Smart cards B. TOTP C. Key stretching D. Asymmetric keys Correct Answer: A

When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?

A. Network based A. Network based B. IDS C. Signature based D. Host based Correct Answer: C

Which of the following protocols is used to authenticate the client and server's digital certificate?

A. PEAP A. PEAP B. DNS C. TLS D. ICMP Correct Answer: C

Which of the following practices reduces the management burden of access management?

A. Password complexity policies A. Password complexity policies B. User account audit C. Log analysis and review D. Group based privileges Correct Answer: D

Which of the following is replayed during wireless authentication to exploit a weak key infrastructure?

A. Preshared keys A. Preshared keys B. Ticket exchange C. Initialization vectors D. Certificate exchange Correct Answer: B

Which of the following is the BEST reason for placing a password lock on a mobile device?

A. Prevents an unauthorized user from accessing owner's data A. Prevents an unauthorized user from accessing owner's data B. Enables remote wipe capabilities C. Stops an unauthorized user from using the device again D. Prevents an unauthorized user from making phone calls Correct Answer: A

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

A. Privacy Policy A. Privacy Policy B. Least Privilege C. Acceptable Use D. Mandatory Vacations Correct Answer: D

Virtualization that allows an operating system kernel to run multiple isolated instances of the guest is called:

A. Process segregation B. Software defined network C. Containers D. Sandboxing Correct Answer: C

Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?

A. Protocol analyzer A. Protocol analyzer B. Baseline report C. Risk assessment D. Vulnerability scan Correct Answer: A

Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly?

A. Protocol analyzer A. Protocol analyzer B. Baseline report C. Risk assessment D. Vulnerability scan Correct Answer: A

Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?

A. Protocol analyzer A. Protocol analyzer B. Load balancer C. VPN concentrator D. Web security gateway Correct Answer: B

Four weeks ago a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff begins to spread, the IDS alerted the network administrator that access to sensitive client files had risen for above normal. Which of the following kind of IDS is in use?

A. Protocol based A. Protocol based B. Heuristic based C. Signature based D. Anomaly based Correct Answer: D

Which of the following network devices is used to analyze traffic between various network interfaces?

A. Proxies A. Proxies B. Firewalls C. Content inspection D. Sniffers Correct Answer: D

A network technician is trying to determine the source of an ongoing network based attack. Which of the following should the technician use to view IPv4 packet data on a particular internal network segment?

A. Proxy B. Protocol analyzer C. Switch D. Firewall Correct Answer: B

Users have reported receiving unsolicited emails in their inboxes, often times with malicious links embedded. Which of the following should be implemented in order to redirect these messages?

A. Proxy server A. Proxy server B. Spam filter C. Network firewall D. Application firewall. Correct Answer: B

A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario?

A. The switch also serves as the DHCP server B. The switch has the lowest MAC address C. The switch has spanning tree loop protection enabled D. The switch has the fastest uplink port Correct Answer: C

Six months into development, the core team assigned to implement a new internal piece of software must convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?

A. The system integration phase of the SDLC B. The system analysis phase of SSDSLC C. The system design phase of the SDLC D. The system development phase of the SDLC Correct Answer: B

A new employee has joined the accounting department and is unable to access the accounting server. The employee can access other network resources and the Internet. Other accounting employees are able to access the accounting server without any issues. Which of the following is the MOST likely issue?

A. The server's IDS is blocking the new employee's connection A. The server's IDS is blocking the new employee's connection B. The workstation is unable to join the domain C. The server's drive is not mapped on the new employee's workstation D. The new account is not in the proper role-based profile Correct Answer: D

A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

A. User assigned privileges A. User assigned privileges B. Password disablement C. Multiple account creation D. Group based privileges Correct Answer: D

Joe, an employee is taking a taxi through a busy city and starts to receive unsolicited files sent to his Smartphone. Which of the following is this an example of?

A. Vishing A. Vishing B. Bluejacking C. War Driving D. SPIM E. Bluesnarfing Correct Answer: B

Which of the following tests a number of security controls in the least invasive manner?

A. Vulnerability scan A. Vulnerability scan B. Threat assessment C. Penetration test D. Ping sweep Correct Answer: A

An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?

A. Vulnerability scanning A. Vulnerability scanning B. Denial of service C. Fuzzing D. Port scanning Correct Answer: C

An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?

A. WEP A. WEP B. CCMP C. TKIP D. RC4 Correct Answer: B

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?

A. WEP A. WEP B. LEAP C. EAP-TLS D. TKIP Correct Answer: C

A security administrator has been tasked with setting up a new internal wireless network that must use end to end TLS. Which of the following may be used to meet this objective?

A. WPA A. WPA B. HTTPS C. WEP D. WPA 2 Correct Answer: D

RC4 is a strong encryption protocol that is general used with which of the following?

A. WPA2 CCMP A. WPA2 CCMP B. PEAP C. WEP D. EAP-TLS Correct Answer: C

Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?

A. WPA2-Enterprise wireless network A. WPA2-Enterprise wireless network B. DNS secondary zones C. Digital certificates D. Intrusion detection system Correct Answer: A

An administrator uses a server with a trusted OS and is configuring an application to go into production tomorrow, In order to make a new application work properly, the administrator creates a new policy that labels the application and assigns it a security context within the trusted OS. Which of the following control methods is the administrator using by configuring this policy?

A. Time based access control A. Time based access control B. Mandatory access control C. Role based access control D. Rule based access control Correct Answer: C

A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?

A. Time of day restrictions A. Time of day restrictions B. Group based privileges C. User assigned privileges D. Domain admin restrictions Correct Answer: B

Which of the following would a security administrator use to verify the integrity of a file?

A. Time stamp A. Time stamp B. MAC times C. File descriptor D. Hash Correct Answer: D

Several users' computers are no longer responding normally and sending out spam email to the users' entire contact list. This is an example of which of the following?

A. Trojan virus A. Trojan virus B. Botnet C. Worm outbreak D. Logic bomb Correct Answer: C

Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?

A. Trust Model A. Trust Model B. Recovery Agent C. Public Key D. Private Key Correct Answer: A

A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?

A. Write-once drives A. Write-once drives B. Database encryption C. Continuous monitoring D. Role-based access controls Correct Answer: A

Which of the following is mainly used for remote access into the network?

A. XTACACS A. XTACACS B. TACACS+ C. Kerberos D. RADIUS Correct Answer: D

Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources?

A. Zero-day A. Zero-day B. LDAP injection C. XML injection D. Directory traversal Correct Answer: A

Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:

A. user accounts may be inadvertently locked out. A. user accounts may be inadvertently locked out. B. data on the USB drive could be corrupted. C. data on the hard drive will be vulnerable to log analysis. D. the security controls on the USB drive can be bypassed. Correct Answer: D

A security administrator would like to write an access rule to block the three IP addresses given below. Which of the following combinations should be used to include all of the given IP addresses? 192.168.12.255 192.168.12.227 192.168.12.229

A. 192.168.12.0/25 A. 192.168.12.0/25 B. 192.168.12.128.28 C. 192.168.12.224/29 D. 192.168.12.225/30 Correct Answer: B

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

A. 20 A. 20 B. 21 C. 22 D. 23 Correct Answer: B

While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).

A. 20 A. 20 B. 21 C. 22 D. 68 E. 69 Correct Answer: AB

FTP/S uses which of the following TCP ports by default?

A. 20 and 21 A. 20 and 21 B. 139 and 445 C. 443 and 22 D. 989 and 990 Correct Answer: D

Which of the following BEST describes a demilitarized zone?

A. A buffer zone between protected and unprotected networks. A. A buffer zone between protected and unprotected networks. B. A network where all servers exist and are monitored. C. A sterile, isolated network segment with access lists. D. A private network that is protected by a firewall and a VLAN. Correct Answer: A

An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised?

A. A password that has not changed in 180 days A. A password that has not changed in 180 days B. A single account shared by multiple users C. A user account with administrative rights D. An account that has not been logged into since creation Correct Answer: C

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?

A. A user has plugged in a personal access point at their desk to connect to the network wirelessly. A. A user has plugged in a personal access point at their desk to connect to the network wirelessly. B. The company is currently experiencing an attack on their internal DNS servers. C. The company's WEP encryption has been compromised and WPA2 needs to be implemented instead. D. An attacker has installed an access point nearby in an attempt to capture company information. Correct Answer: D

Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack?

A. ARP poisoning A. ARP poisoning B. DoS C. Replay D. Brute force Correct Answer: C

Environmental control measures include which of the following?

A. Access list A. Access list B. Lighting C. Motion detection D. EMI shielding Correct Answer: D

During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?

A. Account recovery A. Account recovery B. Account disablement C. Account lockouts D. Account expiration Correct Answer: B

A network security analyst has confirmed that the public facing web server has been compromised. Which of the following stages if the Incident Handling Response does this describe?

A. Analyzing A. Analyzing B. Recovering C. Identification D. Mitigation Correct Answer: C

Which of the following concepts defines the requirement for data availability?

A. Authentication to RADIUS A. Authentication to RADIUS B. Non-repudiation of email messages C. Disaster recovery planning D. Encryption of email messages Correct Answer: C

A user ID and password together provide which of the following?

A. Authorization A. Authorization B. Auditing C. Authentication D. Identification Correct Answer: C

Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?

A. Blowfish A. Blowfish B. DES C. SHA256 D. HMAC Correct Answer: A

A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

A. Brute force password attack A. Brute force password attack B. Cross-site request forgery C. Cross-site scripting D. Fuzzing Correct Answer: B

Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:

A. Brute force. A. Brute force. B. HTML encoding. C. Web crawling. D. Fuzzing. Correct Answer: D

Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?

A. Business continuity planning A. Business continuity planning B. Continuity of operations C. Business impact analysis D. Succession planning Correct Answer: D

Which of the following can be used to mitigate risk if a mobile device is lost?

A. Cable lock A. Cable lock B. Transport encryption C. Voice encryption D. Strong passwords Correct Answer: D

Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability?

A. Calculate the ALE B. Calculate the ARO C. Calculate the MTBF D. Calculate the TCO Correct Answer: A

Company XYZ's laptops was recently stolen from a user which led to the exposure if confidential information. Which of the following should the security team implement on laptops to prevent future compromise?

A. Cipher locks A. Cipher locks B. Strong passwords C. Biometrics D. Full Disk Encryption Correct Answer: D

Which of the following does full disk encryption prevent?

A. Client side attacks A. Client side attacks B. Clear text access C. Database theft D. Network-based attacks Correct Answer: B

The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following?

A. Collision resistance B. Rainbow table C. Key stretching D. Brute force attack Correct Answer: C

A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?

A. Command shell restrictions A. Command shell restrictions B. Restricted interface C. Warning banners D. Session output pipe to /dev/null Correct Answer: C

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

A. Configure an access list. A. Configure an access list. B. Configure spanning tree protocol. C. Configure port security. D. Configure loop protection. Correct Answer: C

A security engineer discovers that during certain times of day, the corporate wireless network is dropping enough packets to significantly degrade service. Which of the following should be the engineer's FIRST step in troubleshooting the issues?

A. Configure stronger encryption A. Configure stronger encryption B. Increase the power level C. Change to a higher gain antenna D. Perform a site survey Correct Answer: B

An attacker impersonates a fire marshal and demands access to the datacenter under the threat of a fine. Which of the following reasons make this effective? (Select two.)

A. Consensus A. Consensus B. Authority C. Intimidation D. Trust E. Scarcity Correct Answer: BE

Searching for systems infected with malware is considered to be which of the following phases of incident response?

A. Containment A. Containment B. Preparation C. Mitigation D. Identification Correct Answer: D

Which of the following risks could IT management be mitigating by removing an all-in-one device?

A. Continuity of operations A. Continuity of operations B. Input validation C. Single point of failure D. Single sign on Correct Answer: C

A major medical corporation is investigating deploying a web based portal for patients to access their medical records. The medical corporation has a long history of maintaining IT security but is considering having a third party vendor create the web portal. Which of the following areas is MOST important for the Chief Information Security Officer to focus on when reviewing proposal from vendors interested in creating the web portal?

A. Contractor background check A. Contractor background check B. Confidentiality and availability C. Redundancy and privacy D. Integrity and confidentiality Correct Answer: B

Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?

A. Cookie stealing A. Cookie stealing B. Zero-day C. Directory traversal D. XML injection Correct Answer: B

A load balancer has the ability to remember which server a particular client is using and always directs that client to the same server. This feature is called:

A. Cookie tracking A. Cookie tracking B. URL filtering C. Session affinity D. Behavior monitoring Correct Answer: C

Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?

A. DLP A. DLP B. CRL C. TPM D. HSM Correct Answer: A

Having adequate lighting on the outside of a building is an example of which of the following security controls?

A. Deterrent B. Compensating C. Detective D. Preventative Correct Answer: A

Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?

A. Disable SSID broadcast A. Disable SSID broadcast B. Install a RADIUS server C. Enable MAC filtering D. Lowering power levels on the AP Correct Answer: C

How must user accounts for exiting employees be handled?

A. Disabled, regardless of the circumstances A. Disabled, regardless of the circumstances B. Disabled if the employee has been terminated C. Deleted, regardless of the circumstances D. Deleted if the employee has been terminated Correct Answer: A

Which of the following fire suppression systems is MOST likely used in a datacenter?

A. FM-200 A. FM-200 B. Dry-pipe C. Wet-pipe D. Vacuum Correct Answer: A

What is a system that is intended or designed to be broken into by an attacker?

A. Honeypot A. Honeypot B. Honeybucket C. Decoy D. Spoofing system Correct Answer: A

Which of the following is best practice to put at the end of an ACL?

A. Implicit deny A. Implicit deny B. Time of day restrictions C. Implicit allow D. SNMP string Correct Answer: A

Which of the following can be mitigated with proper secure coding techniques?

A. Input validation B. Error handling C. Header manipulation D. Cross-site scripting Correct Answer: A

The IT department needs to prevent users from installing untested applications. Which of the following would provide the BEST solution?

A. Job rotation B. Least privilege C. Account lockout D. Antivirus Correct Answer: B

An organization has a need for security control that identifies when an organizational system has been unplugged and a rouge system has been plugged in. The security control must also provide the ability to supply automated notifications. Which of the following would allow the organization to BEST meet this business requirement?

A. MAC filtering A. MAC filtering B. ACL C. SNMP D. Port security Correct Answer: D

A CRL is comprised of.

A. Malicious IP addresses. A. Malicious IP addresses. B. Trusted CA's. C. Untrusted private keys. D. Public keys. Correct Answer: D

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability. Which of the following BEST describes this exploit?

A. Malicious insider threat A. Malicious insider threat B. Zero-day C. Client-side attack D. Malicious add-on Correct Answer: B

Joe needs to track employees who log into a confidential database and edit files. In the past, critical files have been edited, and no one admits to making the edits. Which of the following does Joe need to implement in order to enforce accountability?

A. Non-repudiation A. Non-repudiation B. Fault tolerance C. Hashing D. Redundancy Correct Answer: C

A security engineer is asked by the company's development team to recommend the most secure method for password storage. Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).

A. PBKDF2 A. PBKDF2 B. MD5 C. SHA2 D. Bcrypt E. AES F. CHAP Correct Answer: AD

Which the following flags are used to establish a TCP connection? (Select TWO).

A. PSH A. PSH B. ACK C. SYN D. URG E. FIN Correct Answer: BC

Given the following list of corporate access points, which of the following attacks is MOST likely underway if the company wireless network uses the same wireless hardware throughout? MAC SID 00:01:AB:FA:CD:34 Corporate AP 00:01:AB:FA:CD:35 Corporate AP 00:01:AB:FA:CD:36 Corporate AP 00:01:AB:FA:CD:37 Corporate AP 00:01:AB:FA:CD:34 Corporate AP

A. Packet sniffing A. Packet sniffing B. Evil Twin C. WPS attack D. Rogue access point Correct Answer: B

Use of group accounts should be minimized to ensure which of the following?

A. Password security A. Password security B. Regular auditing C. Baseline management D. Individual accountability Correct Answer: D

Which of the following provides the LEAST availability?

A. RAID 0 A. RAID 0 B. RAID 1 C. RAID 3 D. RAID 5 Correct Answer: A

Which of the following BEST describes disk striping with parity?

A. RAID O A. RAID O B. RAID 1 C. RAID 2 D. RAID 5 Correct Answer: D

Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).

A. RC4 A. RC4 B. 3DES C. AES D. MD5 E. PGP F. Blowfish Correct Answer: BCF

Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?

A. Recipient's private key A. Recipient's private key B. Sender's public key C. Recipient's public key D. Sender's private key Correct Answer: B

Which of the following is considered a risk management BEST practice of succession planning?

A. Reducing risk of critical information being known to an individual person who may leave the organization A. Reducing risk of critical information being known to an individual person who may leave the organization B. Implementing company-wide disaster recovery and business continuity plans C. Providing career advancement opportunities to junior staff which reduces the possibility of insider threats D. Considering departmental risk management practices in place of company-wide practices Correct Answer: B

Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?

A. Rootkit A. Rootkit B. Logic bomb C. Worm D. Botnet Correct Answer: B

A network administrator is asked to send a large file containing PII to a business associate. Which of the following protocols is the BEST choice to use?

A. SSH A. SSH B. SFTP C. SMTP D. FTP Correct Answer: B

A company wants to ensure that all aspects if data are protected when sending to other sites within the enterprise. Which of the following would ensure some type of encryption is performed while data is in transit?

A. SSH A. SSH B. SHA1 C. TPM D. MD5 Correct Answer: C

Which of the following is an important step in the initial stages of deploying a host-based firewall?

A. Selecting identification versus authentication A. Selecting identification versus authentication B. Determining the list of exceptions C. Choosing an encryption algorithm D. Setting time of day restrictions Correct Answer: B

Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?

A. Spam filter A. Spam filter B. URL filter C. Content inspection D. Malware inspection Correct Answer: B

Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).

A. Spoofing A. Spoofing B. Man-in-the-middle C. Dictionary D. Brute force E. Privilege escalation Correct Answer: CD

Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO).

A. Steganography images A. Steganography images B. Internal memory C. Master boot records D. Removable memory cards E. Public keys Correct Answer: BD

Which of the following encrypts data a single bit at a time?

A. Stream cipher B. Steganography C. 3DES D. Hashing Correct Answer: A

On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe?

A. Tailgating A. Tailgating B. Shoulder surfing C. Interference D. Illegal downloading Correct Answer: B

A system security analyst wants to capture data flowing in and out of the enterprise. Which of the following would MOST likely help in achieving this goal?

A. Taking screenshots A. Taking screenshots B. Analyzing Big Data metadata C. Analyzing network traffic and logs D. Capturing system image Correct Answer: C

Which of the following best describes the objectives of succession planning?

A. To identify and document the successive order in which critical systems should be reinstated following a disaster situation B. To ensure that a personnel management plan is in place to ensure continued operation of critical processes during an incident C. To determine the appropriate order in which contract internal resources, third party suppliers and external customers during a disaster response D. To document the order that systems should be reinstated at the primary site following a failover operation at a backup site. Correct Answer: A

An assessment too reports that the company's web server may be susceptible to remote buffer overflow. The web server administrator insists that the finding is a false positive. Which of the following should the administrator do to verify if this is indeed a false positive?

A. Use a banner grabbing tool A. Use a banner grabbing tool B. Run a vulnerability scan C. Enforce company policies D. Perform a penetration test Correct Answer: B

Which of the following may significantly reduce data loss if multiple drives fail at the same time?

A. Virtualization A. Virtualization B. RAID C. Load balancing D. Server clustering Correct Answer: B

Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain \. Which of the following tools would aid her to decipher the network traffic?

A. Vulnerability Scanner B. NMAP C. NETSTAT D. Packet Analyzer Correct Answer: C

An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware the attacker is provided with access to the infected machine. Which of the following is being described?

A. Zero-day exploit B. Remote code execution C. Session hijacking D. Command injection Correct Answer: A

A computer is found to be infected with malware and a technician re-installs the operating system. The computer remains infected with malware. This is an example of:

A. a rootkit. A. a rootkit. B. a MBR infection. C. an exploit kit. D. Spyware. Correct Answer: B

A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?

A. cp /dev/sda /dev/sdb bs=8k A. cp /dev/sda /dev/sdb bs=8k B. tail -f /dev/sda > /dev/sdb bs=8k C. dd in=/dev/sda out=/dev/sdb bs=4k D. locate /dev/sda /dev/sdb bs=4k Correct Answer: C

If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?

A. macconfig A. macconfig B. ifconfig C. ipconfig D. config Correct Answer: B

A network administrator has recently updated their network devices to ensure redundancy is in place so that:

A. switches can redistribute routes across the network. A. switches can redistribute routes across the network. B. environmental monitoring can be performed. C. single points of failure are removed. D. hot and cold aisles are functioning. Correct Answer: C

Which of the following would BEST deter an attacker trying to brute force 4-digit PIN numbers to access an account at a bank teller machine?

A. Account expiration settings A. Account expiration settings B. Complexity of PIN C. Account lockout settings D. PIN history requirements Correct Answer: C

Which of the following is a notification that an unusual condition exists and should be investigated?

A. Alert A. Alert B. Trend C. Alarm D. Trap Correct Answer: A

Which of the following is an indication of an ongoing current problem?

A. Alert A. Alert B. Trend C. Alarm D. Trap Correct Answer: C

A security technician wants to improve the strength of a weak key by making it more secure against brute force attacks. Which of the following would achieve this?

A. Blowfish A. Blowfish B. Key stretching C. Key escrow D. Recovery agent Correct Answer: A

A security administrator needs to implement a technology that creates a secure key exchange. Neither party involved in the key exchange will have pre-existing knowledge of one another. Which of the following technologies would allow for this?

A. Blowfish A. Blowfish B. NTLM C. Diffie-Hellman D. CHAP Correct Answer: C

Which of the following cryptographic algorithms is MOST often used with IPSec?

A. Blowfish A. Blowfish B. Twofish C. RC4 D. HMAC Correct Answer: D

The string: ' or 1=1-- - Represents which of the following?

A. Bluejacking A. Bluejacking B. Rogue access point C. SQL Injection D. Client-side attacks Correct Answer: C

Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file?

A. Cognitive password A. Cognitive password B. Password sniffing C. Brute force D. Social engineering Correct Answer: C

Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT?

A. Contact the Chief Information Officer and ask them to change the company password policy so that the A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant. B. Tell the application development manager to code the application to adhere to the company's password policy. C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented. D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded. Correct Answer: B

A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT?

A. Contact their manager and request guidance on how to best move forward A. Contact their manager and request guidance on how to best move forward B. Contact the help desk and/or incident response team to determine next steps C. Provide the requestor with the email information since it will be released soon anyway D. Reply back to the requestor to gain their contact information and call them Correct Answer: B

Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?

A. Cross-platform compatibility issues between personal devices and server-based applications A. Cross-platform compatibility issues between personal devices and server-based applications B. Lack of controls in place to ensure that the devices have the latest system patches and signature files C. Non-corporate devices are more difficult to locate when a user is terminated D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets Correct Answer: B

Which of the following is a hardware based encryption device?

A. EFS A. EFS B. TrueCrypt C. TPM D. SLE Correct Answer: C

A company would like to take electronic orders from a partner; however, they are concerned that a nonauthorized person may send an order. The legal department asks if there is a solution that provides nonrepudiation. Which of the following would meet the requirements of this scenario?

A. Encryption A. Encryption B. Digital signatures C. Steganography D. Hashing E. Perfect forward secrecy Correct Answer: B

Which of the following secure file transfer methods uses port 22 by default?

A. FTPS A. FTPS B. SFTP C. SSL D. S/MIME Correct Answer: B

Client computers login at specified times to check and update antivirus definitions using a dedicated account configured by the administrator. One day the clients are unable to login with the account, but the server still responds to ping requests. The administrator has not made any changed. Which of the following most likely happened?

A. Group policy is blocking the connection attempts A. Group policy is blocking the connection attempts B. The administrator account has been disabled C. The switch port for the server has died D. The password on the account has expired Correct Answer: D

A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:

A. HDD hashes are accurate. A. HDD hashes are accurate. B. the NTP server works properly. C. chain of custody is preserved. D. time offset can be calculated. Correct Answer: D

In order to prevent and detect fraud, which of the following should be implemented?

A. Job rotation A. Job rotation B. Risk analysis C. Incident management D. Employee evaluations Correct Answer: A

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?

A. Management A. Management B. Administrative C. Technical D. Operational Correct Answer: C

A network technician at a company, Joe is working on a network device. He creates a rule to prevent users from connecting to a toy website during the holiday shopping season. This website is blacklisted and is known to have SQL injections and malware. Which of the following has been implemented?

A. Mandatory access A. Mandatory access B. Network separation C. Firewall rules D. Implicit Deny Correct Answer: D

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented?

A. Mandatory vacations A. Mandatory vacations B. Job rotation C. Least privilege D. Separation of duties Correct Answer: B

A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?

A. Mandatory vacations A. Mandatory vacations B. Job rotation C. Least privilege D. Time of day restrictions Correct Answer: C

While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two)

A. Minimum complexity B. Maximum age limit C. Maximum length D. Minimum length E. Minimum age limit F. Minimum re-use limit Correct Answer: DF

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?

A. Multifactor authentication A. Multifactor authentication B. Single factor authentication C. Separation of duties D. Identification Correct Answer: B

An administrator is configuring a network for all users in a single building. Which of the following design elements would be used to segment the network based on organizational groups? (Select two)

A. NAC A. NAC B. NAT C. Subnetting D. VLAN E. DMZ F. VPN Correct Answer: BC

A security administrator needs a method to ensure that only employees can get onto the internal network when plugging into a network switch. Which of the following BEST meets that requirement?

A. NAC B. UTM C. DMZ D. VPN Correct Answer: A

A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal?

A. NIDS A. NIDS B. NAC C. DLP D. DMZ E. Port Security Correct Answer: B

Recently the desktop support group has been performing a hardware refresh and has replaced numerous computers. An auditor discovered that a number of the new computers did not have the company's antivirus software installed on them, Which of the following could be utilized to notify the network support group when computers without the antivirus software are added to the network?

A. Network port protection B. NAC C. NIDS D. Mac Filtering Correct Answer: C

When designing a web based client server application with single application server and database cluster backend, input validation should be performed:

A. On the client B. Using database stored procedures C. On the application server D. Using HTTPS Correct Answer: C

A business has recently adopted a policy allowing employees to use personal cell phones and tablets to access company email accounts while out of the office. Joe an employee was using a personal cell phone for email access and was recently terminated. It is suspected that Joe saved confidential client emails on his personal cell phone. Joe claims that the data on the phone is completely personal and refuse to allow the company access to inspect the cell phone. Which of the following is the MOST likely cause of this dispute?

A. Onboarding procedures A. Onboarding procedures B. Fair use policy C. Device ownership D. User acceptance Correct Answer: C

Which of the following statements is MOST likely to be included in the security awareness training about P2P?

A. P2P is always used to download copyrighted material. A. P2P is always used to download copyrighted material. B. P2P can be used to improve computer system response. C. P2P may prevent viruses from entering the network. D. P2P may cause excessive network bandwidth. Correct Answer: D

Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?

A. PAP, MSCHAPv2 A. PAP, MSCHAPv2 B. CHAP, PAP C. MSCHAPv2, NTLMv2 D. NTLM, NTLMv2 Correct Answer: A

A security engineer is tasked with encrypting corporate email. Which of the following technologies provide the MOST complete protection? (Select TWO)

A. PGP/GPG A. PGP/GPG B. S/MIME C. IPSEC D. Secure POP3 E. IMAP F. HMAC Correct Answer: BF

Which of the following would Pete, a security administrator, MOST likely implement in order to allow employees to have secure remote access to certain internal network services such as file servers?

A. Packet filtering firewall A. Packet filtering firewall B. VPN gateway C. Switch D. Router Correct Answer: B

The Chief Executive Officer (CEO) Joe notices an increase in the wireless signal in this office and thanks the IT director for the increase in network speed, Upon investigation the IT department finds an access point hidden in the dropped ceiling outside of joe's office. Which of the following types of attack is MOST likely occurring?

A. Packet sniffing A. Packet sniffing B. Bluesnarfing C. Man-in-the-middle D. Evil twin Correct Answer: D

A new security analyst is given the task of determining whether any of the company's servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?

A. Passive scanning A. Passive scanning B. Banner grabbing C. Protocol analysis D. Penetration testing Correct Answer: B

Identifying a list of all approved software on a system is a step in which of the following practices?

A. Passively testing security controls A. Passively testing security controls B. Application hardening C. Host software baselining D. Client-side targeting Correct Answer: C

A network administrator, Joe, arrives at his new job to find that none of the users have changed their network passwords since they were initially hired. Joe wants to have everyone change their passwords immediately. Which of the following policies should be enforced to initiate a password change?

A. Password expiration A. Password expiration B. Password reuse C. Password recovery D. Password disablement Correct Answer: A

A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?

A. Password history A. Password history B. Password logging C. Password cracker D. Password hashing Correct Answer: C

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

A. Patch management A. Patch management B. Application hardening C. White box testing D. Black box testing Correct Answer: A

A security administrator is aware that a portion of the company's Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?

A. Patch management assessment A. Patch management assessment B. Business impact assessment C. Penetration test D. Vulnerability assessment Correct Answer: C

An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing?

A. Penetration A. Penetration B. White box C. Black box D. Gray box Correct Answer: D

A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?

A. Penetration testing A. Penetration testing B. Honeynets C. Vulnerability scanning D. Baseline reporting Correct Answer: B

The internal audit group discovered that unauthorized users are making unapproved changes to various system configuration settings. This issue occurs when previously authorized users transfer from one department to another and maintain the same credentials. Which of the following controls can be implemented to prevent such unauthorized changes in the future?

A. Periodic access review A. Periodic access review B. Group based privileges C. Least privilege D. Account lockout Correct Answer: C

An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of the following attacks does this prevent?

A. Pharming A. Pharming B. Smurf C. Replay D. Xmas Correct Answer: B

Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?

A. Placement of antenna A. Placement of antenna B. Disabling the SSID C. Implementing WPA2 D. Enabling the MAC filtering Correct Answer: A

A workstation is exhibiting symptoms of malware and the network security analyst has decided to remove the system from the network. This represents which of the following stages of the Incident Handling Response?

A. Plan of action A. Plan of action B. Mitigation C. Lesson Learned D. Recovery Correct Answer: A

A technician is configuring a switch to support VOPIP phones. The technician wants to ensure the phones do not require external power packs. Which of the following would allow the phones to be powered using the network connection?

A. PoE+ A. PoE+ B. PBX C. PSTN D. POTS Correct Answer: A

A security team has established a security awareness program. Which of the following would BEST prove the success of the program?

A. Policies A. Policies B. Procedures C. Metrics D. Standards Correct Answer: C

Users in an organization are experiencing when attempting to access certain websites. The users report that when they type in a legitimate URL, different boxes appear on the screen, making it difficult to access the legitimate sites. Which of the following would best mitigate this issue?

A. Pop-up blockers A. Pop-up blockers B. URL filtering C. Antivirus D. Anti-spam Correct Answer: C

During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?

A. Port scanner A. Port scanner B. Network sniffer C. Protocol analyzer D. Process list Correct Answer: A

A security administrator suspects that an employee in the IT department is utilizing a reverse proxy to bypass the company's content filter and browse unapproved and non-work related sites while at work. Which of the following tools could BEST be used to determine how the employee is connecting to the reverse proxy?

A. Port scanner A. Port scanner B. Vulnerability scanner C. Honeypot D. Protocol analyzer Correct Answer: C

Which of the following is BEST utilized to actively test security controls on a particular system?

A. Port scanning A. Port scanning B. Penetration test C. Vulnerability scanning D. Grey/Gray box Correct Answer: B

A company discovers an unauthorized device accessing network resources through one of many network drops in a common area used by visitors. The company decides that is wants to quickly prevent unauthorized devices from accessing the network but policy prevents the company from making changes on every connecting client. Which of the following should the company implement?

A. Port security A. Port security B. WPA2 C. Mandatory Access Control D. Network Intrusion Prevention Correct Answer: A

For high availability which of the following would be MOST appropriate for fault tolerance?

A. RAID 0 A. RAID 0 B. Clustering C. JBOD D. Load Balancing Correct Answer: D

A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?

A. RC4 A. RC4 B. DES C. 3DES D. AES Correct Answer: D

Which of the following ciphers would be BEST used to encrypt streaming video?

A. RSA A. RSA B. RC4 C. SHA1 D. 3DES Correct Answer: B

a company is deploying an new video conferencing system to be used by the executive team for board meetings. The security engineer has been asked to choose the strongest available asymmetric cipher to be used for encryption of board papers, and chose the strongest available stream cipher to be configured for video streaming. Which of the following ciphers should be chosen? (Select two)

A. RSA B. RC4 C. 3DES D. HMAC E. SJA-256 Correct Answer: AB

Which of the following would provide the STRONGEST encryption?

A. Random one-time pad A. Random one-time pad B. DES with a 56-bit key C. AES with a 256-bit key D. RSA with a 1024-bit key Correct Answer: A

Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?

A. Record time offset A. Record time offset B. Clean desk policy C. Cloud computing D. Routine log review Correct Answer: B

Which of the following incident response plan steps would MOST likely engaging business professionals with the security team to discuss changes to existing procedures?

A. Recovery A. Recovery B. Incident identification C. Isolation / quarantine D. Lessons learned E. Reporting Correct Answer: D

After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).

A. Recovery A. Recovery B. User assigned privileges C. Lockout D. Disablement E. Group based privileges F. Password expiration G. Password complexity Correct Answer: FG

Which of the following implementation steps would be appropriate for a public wireless hot-spot?

A. Reduce power level A. Reduce power level B. Disable SSID broadcast C. Open system authentication D. MAC filter Correct Answer: C

The new Chief Information Officer (CIO) of company ABC, Joe has noticed that company XWY is always one step ahead with similar products. He tasked his Chief Security Officer to implement new security controls to ensure confidentiality of company ABC's proprietary data and complete accountability for all data transfers. Which of the following security controls did the Chief Security Officer implement to BEST meet these requirements? (Select Two)

A. Redundancy A. Redundancy B. Hashing C. DRP D. Digital Signatures E. Encryptions Correct Answer: BE

A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal?

A. Require different account passwords through a policy A. Require different account passwords through a policy B. Require shorter password expiration for non-privileged accounts C. Require shorter password expiration for privileged accounts D. Require a greater password length for privileged accounts Correct Answer: A

A system requires administrators to be logged in as the "root" in order to make administrator changes. Which of the following controls BEST mitigates the risk associated with this scenario?

A. Require that all administrators keep a log book of times and justification for accessing root A. Require that all administrators keep a log book of times and justification for accessing root B. Encrypt all users home directories using file-level encryption C. Implement a more restrictive password rotation policy for the shared root account D. Force administrator to log in with individual accounts and switch to root E. Add the administrator to the local group Correct Answer: D

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement?

A. Revision control system B. Client side exception handling C. Server side validation D. Server hardening Correct Answer: C

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).

A. Rootkit A. Rootkit B. Logic Bomb C. Botnet D. Backdoor E. Spyware Correct Answer: BD

A recent audit has revealed that all employees in the bookkeeping department have access to confidential payroll information, while only two members of the bookkeeping department have job duties that require access to the confidential information. Which of the following can be implemented to reduce the risk of this information becoming compromised in this scenario? (Select TWO)

A. Rule-based access control B. Role-based access control C. Data loss prevention D. Separation of duties E. Group-based permissions Correct Answer: BE

An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:

A. Rule-based access control B. Role-based access control C. Mandatory access control D. Discretionary access control Correct Answer: B

A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here?

A. Separation of duties A. Separation of duties B. Least privilege C. Same sign-on D. Single sign-on Correct Answer: C

Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of?

A. Spear phishing A. Spear phishing B. Hoaxes C. Spoofing D. Spam Correct Answer: D

The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as:

A. Stabilizing A. Stabilizing B. Reinforcing C. Hardening D. Toughening Correct Answer: C

Which of the following is the primary security concern when deploying a mobile device on a network?

A. Strong authentication A. Strong authentication B. Interoperability C. Data security D. Cloud storage technique Correct Answer: C

Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate?

A. Taking screenshots A. Taking screenshots B. System image capture C. Chain of custody D. Order of volatility Correct Answer: B

A security administrator at a company which implements key escrow and symmetric encryption only, needs to decrypt an employee's file. The employee refuses to provide the decryption key to the file. Which of the following can the administrator do to decrypt the file?

A. Use the employee's private key A. Use the employee's private key B. Use the CA private key C. Retrieve the encryption key D. Use the recovery agent Correct Answer: C

A military base wants to incorporate biometrics into its new security measures, but the head of security does not want them to be the sole method of authentication. For unmanned entry points, which of the following solutions would work BEST?

A. Use voice print and a bollard A. Use voice print and a bollard B. Use a retina scanner and a thumbprint C. Use CCTV and a PIN D. Use a retina scan and a PIN code Correct Answer: D

Which of the following is true about an email that was signed by User A and sent to User B?

A. User A signed with User B's private key and User B verified with their own public key. A. User A signed with User B's private key and User B verified with their own public key. B. User A signed with their own private key and User B verified with User A's public key. C. User A signed with User B's public key and User B verified with their own private key. D. User A signed with their own public key and User B verified with User A's private key. Correct Answer: B

Which of the following is true about PKI? (Select TWO).

A. When encrypting a message with the public key, only the public key can decrypt it. A. When encrypting a message with the public key, only the public key can decrypt it. B. When encrypting a message with the private key, only the private key can decrypt it. C. When encrypting a message with the public key, only the CA can decrypt it. D. When encrypting a message with the public key, only the private key can decrypt it. E. When encrypting a message with the private key, only the public key can decrypt it. Correct Answer: DE

Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway?

A. Wireless jamming A. Wireless jamming B. Evil twin C. Rogue AP D. Packet sniffing Correct Answer: A

While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:

A. no longer used to authenticate to most wireless networks. A. no longer used to authenticate to most wireless networks. B. contained in certain wireless packets in plaintext. C. contained in all wireless broadcast packets by default. D. no longer supported in 802.11 protocols. Correct Answer: B

Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?

A. A disk-based image of every computer as they are being replaced. A. A disk-based image of every computer as they are being replaced. B. A plan that skips every other replaced computer to limit the area of affected users. C. An offsite contingency server farm that can act as a warm site should any issues appear. D. A back-out strategy planned out anticipating any unforeseen problems that may arise. Correct Answer: D

A server crashes at 6 pm. Senior management has determined that data must be restored within two hours of a server crash. Additionally, a loss of more than one hour worth of data is detrimental to the company's financial well-being. Which of the following is the RTO?

A. 7pm A. 7pm B. 8pm C. 9pm D. 10pm Correct Answer: B

Which of the following wireless standards is backwards compatible with 802.11g?

A. 802.11a A. 802.11a B. 802.11b C. 802.11n D. 802.1q Correct Answer: B

Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?

A. A host-based intrusion prevention system A. A host-based intrusion prevention system B. A host-based firewall C. Antivirus update system D. A network-based intrusion detection system Correct Answer: B

In PKI, a key pair consists of: (Select TWO).

A. A key ring A. A key ring B. A public key C. A private key D. Key escrow E. A passphrase Correct Answer: BC

Which of the following application security principles involves inputting random data into a program?

A. Brute force attack A. Brute force attack B. Sniffing C. Fuzzing D. Buffer overflow Correct Answer: C

Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?

A. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost A. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing. B. MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high. C. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities. D. MOUs between two companies working together cannot be held to the same legal standards as SLAs. Correct Answer: C

Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

A. Buffer overflow. A. Buffer overflow. B. Command injection. C. Spear phishing. D. SQL injection. Correct Answer: C

A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?

A. CCTV A. CCTV B. Environmental monitoring C. RFID D. EMI shielding Correct Answer: C

Which of the following can use RC4 for encryption? (Select TWO).

A. CHAP A. CHAP B. SSL C. WEP D. AES E. 3DES Correct Answer: BC

A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of bandwidth used when verifying the validity of a certificate. Which of the following should the technician implement?

A. CSR A. CSR B. Key escrow C. OSCR D. CRL Correct Answer: D

An advantage of virtualizing servers, databases, and office applications is:

A. Centralized management. A. Centralized management. B. Providing greater resources to users. C. Stronger access control. D. Decentralized management. Correct Answer: A

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?

A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share Correct Answer: C

An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three device types while still allowing traffic between them via ACL?

A. Create three VLANs on the switch connected to a router A. Create three VLANs on the switch connected to a router B. Define three subnets, configure each device to use their own dedicated IP address range, and then connect the network to a router C. Install a firewall and connect it to the switch D. Install a firewall and connect it to a dedicated switch for each device type Correct Answer: A

Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?

A. Design reviews A. Design reviews B. Baseline reporting C. Vulnerability scan D. Code review Correct Answer: C

A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform. The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user. Which of the following mobile device capabilities should the user disable to achieve the stated goal?

A. Device access control B. Location based services C. Application control D. GEO-Tagging Correct Answer: D

The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO).

A. Device encryption A. Device encryption B. Antivirus C. Privacy screen D. Cable locks E. Remote wipe Correct Answer: BD

It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue?

A. Device encryption A. Device encryption B. Application control C. Content filtering D. Screen-locks Correct Answer: B

An employee finds a usb drive in the employee lunch room and plugs the drive into a shared workstation to determine who owns the drive. When the drive is inserted, a command prompt opens and a script begins to run. The employee notifies a technician who determines that data on a server have been compromised. This is an example of:

A. Device removal B. Data disclosure C. Incident identification D. Mitigation steps Correct Answer: C

Which of the following password attacks involves attempting all kinds of keystroke combinations on the keyboard with the intention to gain administrative access?

A. Dictionary A. Dictionary B. Hybrid C. Watering hole D. Brute Force Correct Answer: A

A security technician would like to use ciphers that generate ephemeral keys for secure communication. Which of the following algorithms support ephemeral modes? (Select TWO)

A. Diffie-Hellman A. Diffie-Hellman B. RC4 C. RIPEMO D. NTLMv2 E. PAP F. RSA Correct Answer: AF

When confidentiality is the primary concern which of the following types of encryption should be chosen?

A. Digital Signature A. Digital Signature B. Symmetric C. Asymmetri D. Hashing Correct Answer: D

A system administrator wants to confidentially send a user name and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

A. Digital signatures A. Digital signatures B. Hashing C. Full-disk encryption D. Steganography Correct Answer: D

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company's public facing website in the DMZ. Joe is using steganography to hide stolen data. Which of the following controls can be implemented to mitigate this type of inside threat?

A. Digital signatures B. File integrity monitoring C. Access controls D. Change management E. Stateful inspection firewall Correct Answer: B

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?

A. Dipole A. Dipole B. Yagi C. Sector D. Omni Correct Answer: B

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?

A. Disable the SSID broadcasting A. Disable the SSID broadcasting B. Configure the access points so that MAC filtering is not used C. Implement WEP encryption on the access points D. Lower the power for office coverage only Correct Answer: D

The company's sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports. Which of the following controls is preventing them from completing their work?

A. Discretionary access control A. Discretionary access control B. Role-based access control C. Time of Day access control D. Mandatory access control Correct Answer: C

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

A. Disk encryption A. Disk encryption B. Encryption policy C. Solid state drive D. Mobile device policy Correct Answer: A

A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO).

A. Disk hashing procedures A. Disk hashing procedures B. Full disk encryption C. Data retention policies D. Disk wiping procedures E. Removable media encryption Correct Answer: BD

Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?

A. Joe's public key A. Joe's public key B. Joe's private key C. Ann's public key D. Ann's private key Correct Answer: D

Which of the following authentication provides users XML for authorization and authentication?

A. Kerberos A. Kerberos B. LDAP C. RADIUS D. SAML Correct Answer: D

Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?

A. Kerberos A. Kerberos B. LDAP C. SAML D. RADIUS Correct Answer: D

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667 Which of the following protocols was used to access the server remotely?

A. LDAP A. LDAP B. HTTP C. RDP D. HTTPS Correct Answer: C

Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user?

A. LDAP A. LDAP B. RADIUS C. Kerberos D. TACACS+ Correct Answer: A

A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?

A. LDAP A. LDAP B. RADIUS C. Kerberos D. XTACACS Correct Answer: C

The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own?

A. LDAP A. LDAP B. SAML C. TACACS D. RADIUS Correct Answer: A

Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?

A. LDAP A. LDAP B. SAML C. TACACS+ D. Kerberos Correct Answer: B

Which of the following can be used to control specific commands that can be executed on a network infrastructure device?

A. LDAP B. Kerberos C. SAML D. TACACS+ Correct Answer: D

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement?

A. LDAP server 10.55.199.3 B. CN=company, CN=com, OU=netadmin, DC=192.32.10.233 C. SYSLOG SERVER 172.16.23.50 D. TACAS server 192.168.1.100 Correct Answer: B

After connecting to the corporate network a user types the URL if a popular social media website in the browser but reports being redirected to a login page with the corporate logo. Which of the following is this an example of?

A. LEAP A. LEAP B. MAC filtering C. WPA2-Enterprise D. Captive portal Correct Answer: D

One of the most consistently reported software security vulnerabilities that leads to major exploits is:

A. Lack of malware detection. A. Lack of malware detection. B. Attack surface decrease. C. Inadequate network hardening. D. Poor input validation. Correct Answer: D

In order for network monitoring to work properly, you need a PC and a network card running in what mode?

A. Launch A. Launch B. Exposed C. Promiscuous D. Sweep Correct Answer: C

Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?

A. Least privilege A. Least privilege B. Job rotation C. Mandatory vacations D. Separation of duties Correct Answer: B

Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

A. Least privilege A. Least privilege B. Sandboxing C. Black box D. Application hardening Correct Answer: B

Which of the following internal security controls is aimed at preventing two system administrators from completing the same tasks?

A. Least privilege A. Least privilege B. Separation of Duties C. Mandatory Vacation D. Security Policy Correct Answer: B

While preparing for an audit a security analyst is reviewing the various controls in place to secure the operation of financial processes within the organization. Based on the pre assessment report, the department does not effectively maintain a strong financial transaction control environment due to conflicting responsibilities held by key personnel. If implemented, which of the following security concepts will most effectively address the finding?

A. Least privilege A. Least privilege B. Separation of duties C. Time-based access control D. Dual control Correct Answer: B

Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?

A. Least privilege access A. Least privilege access B. Separation of duties C. Mandatory access control D. Mandatory vacations Correct Answer: D

Joe noticed that there is a larger than normal account of network on the printer VLAN of his organization, causing users to have to wait a long time for a print job. Upon investigation Joe discovers that printers were ordered and added to the network without his knowledge. Which of the following will reduce the risk of this occurring again in the future?

A. Log analysis B. Loop protection C. Access control list D. Rule-based management Correct Answer: D

A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution?

A. Driving a van full of Micro SD cards from data center to data center to transfer data A. Driving a van full of Micro SD cards from data center to data center to transfer data B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server Correct Answer: B

All executive officers have changed their monitor location so it cannot be easily viewed when passing by their offices. Which of the following attacks does this action remediate?

A. Dumpster Diving A. Dumpster Diving B. Impersonation C. Shoulder Surfing D. Whaling Correct Answer: C

Ann was reviewing her company's event logs and observed several instances of GUEST accessing the company print server, file server, and archive database. As she continued to investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and often logging in at the same time. Which of the following would BEST mitigate this issue?

A. Enabling time of day restrictions A. Enabling time of day restrictions B. Disabling unnecessary services C. Disabling unnecessary accounts D. Rogue machine detection Correct Answer: C

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?

A. Enforce authentication for network devices B. Configure the phones on one VLAN, and computers on another C. Enable and configure port channels D. Make users sign an Acceptable use Agreement Correct Answer: A

Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?

A. Enticement A. Enticement B. Entrapment C. Deceit D. Sting Correct Answer: B

After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: MAC SSID ENCRYPTION POWER BEACONS 00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 1202 00:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102 FB:90:11:42:FA:99 MYCORP WPA2 CCMP 40 3031 00:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 2021 00:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044 Given that the corporate wireless network has been standardized, which of the following attacks is underway?

A. Evil twin A. Evil twin B. IV attack C. Rogue AP D. DDoS Correct Answer: A

A wireless site survey has been performed at a company. One of the results of the report is that the wireless signal extends too far outside the building. Which of the following security issues could occur as a result of this finding?

A. Excessive wireless access coverage A. Excessive wireless access coverage B. Interference with nearby access points C. Exhaustion of DHCP address pool D. Unauthorized wireless access Correct Answer: D

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application's task. Which of the following is the security administrator practicing in this example?

A. Explicit deny A. Explicit deny B. Port security C. Access control lists D. Implicit deny Correct Answer: C

During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic?

A. FTP A. FTP B. DNS C. Email D. NetBIOS Correct Answer: B

By default, which of the following uses TCP port 22? (Select THREE).

A. FTPS A. FTPS B. STELNET C. TLS D. SCP E. SSL F. HTTPS G. SSH H. SFTP Correct Answer: DGH

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?

A. Fail safe B. Fault tolerance C. Fail secure D. Redundancy Correct Answer: A

An administrator requests a new VLAN be created to support the installation of a new SAN. Which of the following data transport?

A. Fibre Channel B. SAS C. Sonet D. ISCSI Correct Answer: A

An organization's security policy states that users must authenticate using something you do. Which of the following would meet the objectives of the security policy?

A. Fingerprint analysis A. Fingerprint analysis B. Signature analysis C. Swipe a badge D. Password Correct Answer: B

Which of the following can affect electrostatic discharge in a network operations center?

A. Fire suppression B. Environmental monitoring C. Proximity card access D. Humidity controls Correct Answer: D

A company hosts its public websites internally. The administrator would like to make some changes to the architecture. The three goals are: reduce the number of public IP addresses in use by the web servers drive all the web traffic through a central point of control mitigate automated attacks that are based on IP address scanning Which of the following would meet all three goals?

A. Firewall A. Firewall B. Load balancer C. URL filter D. Reverse proxy Correct Answer: D

Which of the following devices would MOST likely have a DMZ interface?

A. Firewall A. Firewall B. Switch C. Load balancer D. Proxy Correct Answer: A

Layer 7 devices used to prevent specific types of html tags are called:

A. Firewalls A. Firewalls B. Content filters C. Routers D. NIDS Correct Answer: B

Which of the following BEST explains Platform as a Service?

A. An external entity that provides a physical or virtual instance of an installed operating system A. An external entity that provides a physical or virtual instance of an installed operating system B. A third party vendor supplying support services to maintain physical platforms and servers C. An external group providing operating systems installed on virtual servers with web applications D. An internal group providing physical server instances without installed operating systems or support Correct Answer: C

Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table?

A. Full disk A. Full disk B. Individual files C. Database D. Removable media Correct Answer: C

Multi-tenancy is a concept found in which of the following?

A. Full disk encryption A. Full disk encryption B. Removable media C. Cloud computing D. Data loss prevention Correct Answer: C

A user attempts to install a new and relatively unknown software program recommended by a colleague. The user is unable to install the program, dispute having successfully installed other programs previously. Which of the following is MOST likely the cause for the user's inability to complete the installation?

A. Application black listing A. Application black listing B. Network Intrusion Prevention System C. Group Policy D. Application White Listing Correct Answer: A

Which of the following, if implemented, would improve security of remote users by reducing vulnerabilities associated with data-in-transit?

A. Full-disk encryption A. Full-disk encryption B. A virtual private network C. A thin-client approach D. Remote wipe capability Correct Answer: B

A user attempts to install new and relatively unknown software recommended by a colleague. The user is unable to install the program, despite having successfully installed other programs previously. Which of the following is MOST likely the cause for the user's inability to complete the installation?

A. Application black listing A. Application black listing B. Network Intrusion Prevention System C. Group policy D. Application white listing Correct Answer: A

Devices on the SCADA network communicate exclusively at Layer 2. Which of the following should be used to prevent unauthorized systems using ARP-based attacks to compromise the SCADA network?

A. Application firewall B. IPSec C. Hardware encryption D. VLANS Correct Answer: B

The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?

A. Application hardening A. Application hardening B. Application firewall review C. Application change management D. Application patch management Correct Answer: C

A company wants to improve its overall security posture by deploying environmental controls in its datacenter. Which of the following is considered an environmental control that can be deployed to meet this goal?

A. Full-disk encryption A. Full-disk encryption B. Proximity readers C. Hard ward locks D. Fire suppression Correct Answer: B

A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security?

A. Assign users manually and perform regular user access reviews A. Assign users manually and perform regular user access reviews B. Allow read only access to all folders and require users to request permission C. Assign data owners to each folder and allow them to add individual users to each folder D. Create security groups for each folder and assign appropriate users to each group Correct Answer: D

A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate?

A. Authentication A. Authentication B. Integrity C. Confidentiality D. Availability Correct Answer: D

A system administrator runs a network inventory scan every Friday at 10:00 am to track the progress of a large organization's operating system upgrade of all laptops. The system administrator discovers that some laptops are now only being reported as IP addresses. Which of the following options is MOST likely the cause of this issue?

A. HIDS B. Host-based firewalls rules C. All the laptops are currently turned off D. DNS outage Correct Answer: B

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

A. HIPS A. HIPS B. Antivirus C. NIDS D. ACL Correct Answer: A

Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?

A. HIPS A. HIPS B. NIDS C. HIDS D. NIPS Correct Answer: A

A security technician is concerned there4 is not enough security staff available the web servers and database server located in the DMZ around the clock. Which of the following technologies, when deployed, would provide the BEST round the clock automated protection?

A. HIPS & SIEM B. NIPS & HIDS C. HIDS& SIEM D. NIPS&HIPS Correct Answer: B

A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?

A. HTTPS A. HTTPS B. SSH C. FTP D. TLS Correct Answer: D

Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?

A. HTTPS A. HTTPS B. WEP C. WPA D. WPA 2 Correct Answer: B

Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?

A. Hard tokens A. Hard tokens B. Fingerprint readers C. Swipe badge readers D. Passphrases Correct Answer: B

Which of the following helps to establish an accurate timeline for a network intrusion?

A. Hashing images of compromised systems A. Hashing images of compromised systems B. Reviewing the date of the antivirus definition files C. Analyzing network traffic and device logs D. Enforcing DLP controls at the perimeter Correct Answer: C

During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization. Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

A. Hostile takeovers A. Hostile takeovers B. Large scale natural disasters C. Malware and viruses D. Corporate espionage Correct Answer: C

A periodic update that corrects problems in one version of a product is called a

A. Hotfix A. Hotfix B. Overhaul C. Service pack D. Security update Correct Answer: C

Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?

A. Input validation A. Input validation B. Network intrusion detection system C. Anomaly-based HIDS D. Peer review Correct Answer: A

An application developer has coded a new application with a module to examine all user entries for the graphical user interface. The module verifies that user entries match the allowed types for each field and that OS and database commands are rejected before entries are sent for further processing within the application. These are example of:

A. Input validation A. Input validation B. SQL injection C. Application whitelisting D. Error handling Correct Answer: A

A security administrator is reviewing the web logs and notices multiple attempts by users to access: http:// www.comptia.org/idapsearch?user-* Having identified the attack, which of the following will prevent this type of attack on the web server?

A. Input validation on the web server A. Input validation on the web server B. Block port 389 on the firewall C. Segregate the web server by a VLAN D. Block port 3389 on the firewall Correct Answer: A

A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator's concerns?

A. Install a mobile application that tracks read and write functions on the device. A. Install a mobile application that tracks read and write functions on the device. B. Create a company policy prohibiting the use of mobile devices for personal use. C. Enable GPS functionality to track the location of the mobile devices. D. Configure the devices so that removable media use is disabled. Correct Answer: D

An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?

A. Install a proxy server between the users' computers and the switch to filter inbound network traffic. A. Install a proxy server between the users' computers and the switch to filter inbound network traffic. B. Block commonly used ports and forward them to higher and unused port numbers. C. Configure the switch to allow only traffic from computers based upon their physical address. D. Install host-based intrusion detection software to monitor incoming DHCP Discover requests. Correct Answer: C

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

A. Install a token on the authentication server A. Install a token on the authentication server B. Install a DHCP server on the authentication server C. Install an encryption key on the authentication server D. Install a digital certificate on the authentication server Correct Answer: D

Many employees are receiving email messages similar to the one shown below: From IT department To employee Subject email quota exceeded Pease click on the following link http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email quota. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs have the following common elements; they all use HTTP, they all come from .info domains, and they all contain the same URI. Which of the following should the security administrator configure on the corporate content filter to prevent users from accessing the phishing URL, while at the same time minimizing false positives?

A. BLOCK http://www.*.info/" B. DROP http://"website.info/email.php?* C. Redirect http://www,*. Info/email.php?quota=*TOhttp://company.com/corporate_polict.html D. DENY http://*.info/email.php?quota=1Gb Correct Answer: D

An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?

A. Integer overflow A. Integer overflow B. Cross-site scripting C. Zero-day D. Session hijacking E. XML injection Correct Answer: C

A malicious user has collected the following list of information: 192.168.1.5 OpenSSH-Server_5.8 192.168.1.7 OpenSSH-Server_5.7 192.168.1.9 OpenSSH-Server_5.7 Which of the following techniques is MOST likely to gather this type of data?

A. Banner grabbing A. Banner grabbing B. Port scan C. Host scan D. Ping scan Correct Answer: B

A company requires that a user's credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described?

A. Biometrics A. Biometrics B. Kerberos C. Token D. Two-factor Correct Answer: D

Which of the following types of authentication solutions use tickets to provide access to various resources from a central location?

A. Biometrics A. Biometrics B. PKI C. ACLs D. Kerberos Correct Answer: D

Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

A. Biometrics A. Biometrics B. PKI C. Single factor authentication D. Multifactor authentication Correct Answer: D

A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:

A. Black box testing A. Black box testing B. White box testing C. Black hat testing D. Gray box testing Correct Answer: A

Pete, the system administrator, wishes to monitor and limit users' access to external websites. Which of the following would BEST address this?

A. Block all traffic on port 80. A. Block all traffic on port 80. B. Implement NIDS. C. Use server load balancers. D. Install a proxy server. Correct Answer: D

A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?

A. Block cipher A. Block cipher B. Stream cipher C. CRC D. Hashing algorithm Correct Answer: A

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?

A. Cluster tip wiping A. Cluster tip wiping B. Individual file encryption C. Full disk encryption D. Storage retention Correct Answer: A

A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?

A. Clustering A. Clustering B. Mirrored server C. RAID D. Tape backup Correct Answer: C

Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?

A. Clustering A. Clustering B. RAID C. Backup Redundancy D. Cold site Correct Answer: A

Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?

A. Clustering A. Clustering B. RAID C. Load balancing D. Virtualization Correct Answer: A

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

A. Co-hosted application A. Co-hosted application B. Transitive trust C. Mutually exclusive access D. Dual authentication Correct Answer: B

Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place?

A. Code review A. Code review B. Penetration test C. Protocol analyzer D. Vulnerability scan Correct Answer: B

Which of the following is a black box testing methodology?

A. Code, function, and statement coverage review A. Code, function, and statement coverage review B. Architecture and design review C. Application hardening D. Penetration testing Correct Answer: A

The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter's HVAC. Which of the following can be implemented?

A. Cold site A. Cold site B. Load balancing C. Warm site D. Hot site Correct Answer: C

Pete's corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number. Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?

A. Collusion A. Collusion B. Impersonation C. Pharming D. Transitive Access Correct Answer: B

Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?

A. Common access card A. Common access card B. Role based access control C. Discretionary access control D. Mandatory access control Correct Answer: B

The ore-sales engineering team needs to quickly provide accurate and up-to-date information to potential clients. This information includes design specifications and engineering data that is developed and stored using numerous applications across the enterprise. Which of the following authentication technique is MOST appropriate?

A. Common access cards A. Common access cards B. TOTP C. Single sign-on D. HOTP Correct Answer: B

A datacenter manager has been asked to prioritize critical system recovery priorities. Which of the following is the MOST critical for immediate recovery?

A. Communications software B. Operating system software C. Weekly summary reports to management D. Financial and production software Correct Answer: B

During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?

A. Conditional rules under which certain systems may be accessed A. Conditional rules under which certain systems may be accessed B. Matrix of job titles with required access privileges C. Clearance levels of all company personnel D. Normal hours of business operation Correct Answer: B

An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?

A. Integrity A. Integrity B. Availability C. Confidentiality D. Remediation Correct Answer: A

A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls?

A. Integrity A. Integrity B. Availability C. Confidentiality D. Safety Correct Answer: D

The finance department just procured a software application that needs to communicate back to the vendor server via SSL. Which of the following default ports on the firewall must the security engineer open to accomplish this task?

A. 80 A. 80 B. 130 C. 443 D. 3389 Correct Answer: C

Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?

A. 802.1x A. 802.1x B. Data encryption C. Password strength D. BGP Correct Answer: A

How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on her system?

A. Annually A. Annually B. Immediately after an employee is terminated C. Every five years D. Every time they patch the server Correct Answer: A

Which of the following practices is used to mitigate a known security vulnerability?

A. Application fuzzing A. Application fuzzing B. Patch management C. Password cracking D. Auditing security logs Correct Answer: B

Which of the following types of malware, attempts to circumvent malware detection by trying to hide its true location on the infected system?

A. Armored virus A. Armored virus B. Ransomware C. Trojan D. Keylogger Correct Answer: C

Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

A. Certification authority A. Certification authority B. Key escrow C. Certificate revocation list D. Registration authority Correct Answer: A

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?

A. UDP A. UDP B. IPv6 C. IPSec D. VPN Correct Answer: B

A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Select TWO).

A. UDP 1723 A. UDP 1723 B. TCP 500 C. TCP 1723 D. UDP 47 E. TCP 47 Correct Answer: CD

Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues?

A. URL filter A. URL filter B. Spam filter C. Packet sniffer D. Switch Correct Answer: C

The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor's server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).

A. URL filtering A. URL filtering B. Role-based access controls C. MAC filtering D. Port Security E. Firewall rules Correct Answer: AE

The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring?

A. Unannounced audit response A. Unannounced audit response B. Incident response process C. Business continuity planning D. Unified threat management E. Disaster recovery process Correct Answer: B

The helpdesk is receiving numerous reports that a newly installed biometric reader at the entrance of the data center has a high of false negatives. Which of the following is the consequence of this reported problem?

A. Unauthorized employees have access to sensitive systems A. Unauthorized employees have access to sensitive systems B. All employees will have access to sensitive systems C. No employees will be able to access the datacenter D. Authorized employees cannot access sensitive systems Correct Answer: C

A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?

A. Integrity A. Integrity B. Confidentiality C. Steganography D. Availability Correct Answer: C

It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?

A. Integrity A. Integrity B. Safety C. Availability D. Confidentiality Correct Answer: A

A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:

A. Integrity of downloaded software. A. Integrity of downloaded software. B. Availability of the FTP site. C. Confidentiality of downloaded software. D. Integrity of the server logs. Correct Answer: A

Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?

A. Interference A. Interference B. Man-in-the-middle C. ARP poisoning D. Rogue access point Correct Answer: D

Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?

A. Internal account audits A. Internal account audits B. Account disablement C. Time of day restriction D. Password complexity Correct Answer: A

Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete's access to this site?

A. Internet content filter A. Internet content filter B. Firewall C. Proxy server D. Protocol analyzer Correct Answer: A

A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

A. Internet networks can be accessed via personally-owned computers. A. Internet networks can be accessed via personally-owned computers. B. Data can only be stored on local workstations. C. Wi-Fi networks should use WEP encryption by default. D. Only USB devices supporting encryption are to be used. Correct Answer: D

An attack that is using interference as its main attack to impede network traffic is which of the following?

A. Introducing too much data to a targets memory allocation B. Utilizing a previously unknown security flaw against the target C. Using a similar wireless configuration of a nearby network D. Inundating a target system with SYN requests Correct Answer: A

Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?

A. Intrusion Detection System A. Intrusion Detection System B. Flood Guard Protection C. Web Application Firewall D. URL Content Filter Correct Answer: C

Which of the following can result in significant administrative overhead from incorrect reporting?

A. Job rotation A. Job rotation B. Acceptable usage policies C. False positives D. Mandatory vacations Correct Answer: C

The software developer is responsible for writing the code and promoting from the development network to the quality network. The network administrator is responsible for promoting code to the application servers. Which of the following practices are they following to ensure application integrity?

A. Job rotation A. Job rotation B. Implicit deny C. Least privilege D. Separation of duties Correct Answer: D

Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?

A. Man-in-the-middle A. Man-in-the-middle B. Bluejacking C. Bluesnarfing D. Packet sniffing Correct Answer: B

A security administrator wants to block unauthorized access to a web server using a locally installed software program. Which of the following should the administrator deploy?

A. NIDS A. NIDS B. HIPS C. NIPS D. HIDS Correct Answer: B

Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?

A. NIPS A. NIPS B. Content filter C. NIDS D. Host-based firewalls Correct Answer: D

Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?

A. NIPS A. NIPS B. HIDS C. HIPS D. NIDS Correct Answer: A

Which of the following file systems is from Microsoft and was included with their earliest operating systems?

A. NTFS A. NTFS B. UFS C. MTFS D. FAT Correct Answer: D

An administrator has two servers and wants them to communicate with each other using a secure algorithm. Which of the following choose to provide both CRC integrity checks and RCA encryption?

A. NTLM A. NTLM B. RSA C. CHAP D. ECDHE Correct Answer: D

A security administrator working for a law enforcement organization is asked to secure a computer system at the scene of a crime for transport to the law enforcement forensic facility. In order to capture as mush evidence as possible, the computer system has been left running. The security administrator begins information by image which of the following system components FIRST?

A. NVRAM B. RAM C. TPM D. SSD Correct Answer: B

Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?

A. Near field communication A. Near field communication B. IV attack C. Evil twin D. Replay attack Correct Answer: B

Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?

A. Network based firewall A. Network based firewall B. Anti-spam software C. Host based firewall D. Anti-spyware software Correct Answer: D

A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host. Which of the following is preventing the remote user from being able to access the workstation?

A. Network latency is causing remote desktop service request to time out B. User1 has been locked out due to too many failed passwords C. Lack of network time synchronization is causing authentication mismatches D. The workstation has been compromised and is accessing known malware sites E. The workstation host firewall is not allowing remote desktop connections Correct Answer: B

During a recent audit, it was discovered that many services and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue?

A. Network mapping B. Vulnerability scan C. Port Scan D. Protocol analysis Correct Answer: B

A security administrator suspects that data on a server has been exhilarated as a result of un-authorized remote access. Which of the following would assist the administrator in con-firming the suspicions? (Select TWO)

A. Networking access control B. DLP alerts C. Log analysis D. File integrity monitoring E. Host firewall rules Correct Answer: BC

Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?

A. No competition with the company's official social presence A. No competition with the company's official social presence B. Protection against malware introduced by banner ads C. Increased user productivity based upon fewer distractions D. Elimination of risks caused by unauthorized P2P file sharing Correct Answer: B

A fiber company has acquired permission to bury a fiber cable through a famer's land. Which of the following should be in the agreement with the farmer to protect the availability of the network?

A. No farm animals will graze near the burial site of the cable A. No farm animals will graze near the burial site of the cable B. No digging will occur near the burial site of the cable C. No buildings or structures will be placed on top of the cable D. No crops will be planted on top of the cable Correct Answer: B

The access control list (ACL) for a file on a server is as follows: User: rwx User: Ann: r- - User: Joe: r- - Group: rwx Group: sales: r-x Other: r-x Joe and Ann are members of the Human Resources group. Will Ann and Joe be able to run the file?

A. No since Ann and Joe are members of the Sales group owner of the file A. No since Ann and Joe are members of the Sales group owner of the file B. Yes since the regular permissions override the ACL for the file C. No since the ACL overrides the regular permissions for the file D. Yes since the regular permissions and the ACL combine to create the effective permissions on the file Correct Answer: C

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

A. NoSQL databases are not vulnerable to XSRF attacks from the application server. A. NoSQL databases are not vulnerable to XSRF attacks from the application server. B. NoSQL databases are not vulnerable to SQL injection attacks. C. NoSQL databases encrypt sensitive information by default. D. NoSQL databases perform faster than SQL databases on the same hardware. Correct Answer: B

Which of the following concepts is used by digital signatures to ensure integrity of the data?

A. Non-repudiation A. Non-repudiation B. Hashing C. Transport encryption D. Key escrow Correct Answer: B

Joe an employee has reported to Ann a network technician an unusual device plugged into a USB port on a workstation in the call center. Ann unplugs the workstation and brings it to the IT department where an incident is opened. Which of the following should have been done first?

A. Notify the incident response team lead B. Document chain of custody C. Take a copy of volatile memory D. Make an image of the hard drive Correct Answer: A

A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?

A. OCSP A. OCSP B. PKI C. CA D. CRL Correct Answer: D

Which of the following technologies was developed to allow companies to use less-expensive storage while still maintaining the speed and redundancy required in a business environment?

A. RAID A. RAID B. Tape Backup C. Load Balancing D. Clustering Correct Answer: D

A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?

A. RC4 A. RC4 B. AES C. MD5 D. TKIP Correct Answer: A

An administrator would like to utilize encryption that has comparable speed and strength to the AES cipher without using AES itself. The cipher should be able to operate in the same modes as AES and utilize the same minimum bit strength. Which of the following algorithms should the administrator select?

A. RC4 A. RC4 B. Rijndael C. SHA D. TwoFish E. 3DES Correct Answer: A

A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO).

A. RDP A. RDP B. SNMP C. FTP D. SCP E. SSH Correct Answer: DE

Which of the following documents outlines the responsibility of both participants in an agreement between two organizations?

A. RFC A. RFC B. MOU C. RFQ D. SLA Correct Answer: B

An administrator must select an algorithm to encrypt data at rest. Which of the following could be used?

A. RIPEMD A. RIPEMD B. Diffie-hellman C. ECDSA D. CHAP E. Blowfish Correct Answer: E

Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret?

A. RIPEMD A. RIPEMD B. MD5 C. SHA D. HMAC Correct Answer: D

Connections using point-to-point protocol authenticate using which of the following? (Select TWO).

A. RIPEMD A. RIPEMD B. PAP C. CHAP D. RC4 E. Kerberos Correct Answer: BC

Which of the following is a programming interface that allows a remote computer to run programs on a local machine?

A. RPC A. RPC B. RSH C. SSH D. SSL Correct Answer: A

Which of the following uses both a public and private key?

A. RSA A. RSA B. AES C. MD5 D. SHA Correct Answer: A

The security manager must store a copy of a sensitive document and needs to verify at a later point that the document has not been altered. Which of the following will accomplish the security manager's objective?

A. RSA A. RSA B. AES C. MD5 D. SHA Correct Answer: C

A company is planning to encrypt the files in several sensitive directories of a file server with a symmetric key. Which of the following could be used?

A. RSA B. TwoFish C. Diffie-Helman D. NTLMv2 E. RIPEMD Correct Answer: B

The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?

A. Rainbow tables attacks A. Rainbow tables attacks B. Brute force attacks C. Birthday attacks D. Cognitive passwords attacks Correct Answer: D

An employee reports work was being completed on a company owned laptop using a public wireless hot-spot. A pop-up screen appeared and the user closed the pop-up. Seconds later the desktop background was changed to the image of a padlock with a message demanding immediate payment to recover the data. Which of the following types of malware MOST likely caused this issue?

A. Ransomware A. Ransomware B. Rootkit C. Scareware D. Spyware Correct Answer: A

A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of the following should the security administrator do to rectify this issue?

A. Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability B. Recommend classifying each application into like security groups and segmenting the groups from one another C. Recommend segmenting each application, as it is the most secure approach D. Recommend that only applications with minimal security features should be segmented to protect them Correct Answer: B

After a security incident involving a physical asset, which of the following should be done at the beginning?

A. Record every person who was in possession of assets, continuing post-incident. A. Record every person who was in possession of assets, continuing post-incident. B. Create working images of data in the following order: hard drive then RAM. C. Back up storage devices so work can be performed on the devices immediately. D. Write a report detailing the incident and mitigation suggestions. Correct Answer: A

A security administrator has been tasked with assisting in the forensic investigation of an incident relating to employee misconduct. The employee's supervisor believes evidence of this misconduct can be found on the employee's assigned workstation. Which of the following choices BEST describes what should be done? (Select TWO)

A. Record time as offset as required and conduct a timeline analysis A. Record time as offset as required and conduct a timeline analysis B. Update antivirus definitions and conduct a full scan for infected files C. Analyze network traffic, system, and file logs D. Create an additional local admin account on that workstation to conduct work from E. Delete other user profiles on the system to help narrow down the search space F. Patch the system before reconnecting it to the network Correct Answer: AC

A company has a BYOD policy that includes tablets and smart phones. In the case of a legal investigation, which of the following poses the greatest security issues?

A. Recovering sensitive documents from a device if the owner is unable or unwilling to cooperate A. Recovering sensitive documents from a device if the owner is unable or unwilling to cooperate B. Making a copy of all of the files on the device and hashing them after the owner has provided the PIN C. Using GPS services to locate the device owner suspected in the investigation D. Wiping the device from a remote location should it be identified as a risk in the investigation Correct Answer: A

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response?

A. Recovery A. Recovery B. Follow-up C. Validation D. Identification E. Eradication F. Containment Correct Answer: D

After encrypting all laptop hard drives, an executive officer's laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data. Which of the following can be used to decrypt the information for retrieval?

A. Recovery agent A. Recovery agent B. Private key C. Trust models D. Public key Correct Answer: A

A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented?

A. Recovery agent B. Ocsp C. Crl D. Key escrow Correct Answer: B

A company recently experienced data loss when a server crashed due to a midday power outage. Which of the following should be used to prevent this from occurring again?

A. Recovery procedures A. Recovery procedures B. EMI shielding C. Environmental monitoring D. Redundancy Correct Answer: D

Which of the following steps in incident response procedures entails of the incident and identification of knowledge gained that can be applied to future handling of incidents?

A. Recovery procedures A. Recovery procedures B. Escalation and notification C. Reporting D. Lessons learned Correct Answer: D

Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of:

A. Redundant systems. A. Redundant systems. B. Separation of duties. C. Layered security. D. Application control. Correct Answer: C

A custom PKI application downloads a certificate revocation list (CRL) once per day. Management requests the list be checked more frequently. Which of the following is the BEST solution?

A. Refresh the CA public key each time a user logs in A. Refresh the CA public key each time a user logs in B. Download the CRK every 60 seconds C. Implement the OCSP protocol D. Prompt the user to trust a certificate each time it is used Correct Answer: C

Which of the following is the LEAST volatile when performing incident response procedures?

A. Registers A. Registers B. RAID cache C. RAM D. Hard drive Correct Answer: D

Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?

A. Registration A. Registration B. CA C. CRL D. Recovery agent Correct Answer: C

Company A sends a PGP encrypted file to company B. If company A used company B's public key to encrypt the file, which of the following should be used to decrypt data at company B?

A. Registration A. Registration B. Public key C. CRLs D. Private key Correct Answer: D

The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop. Which of the following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip?

A. Remote wipe B. Full device encryption C. BIOS password D. GPS tracking Correct Answer: B

A thief has stolen mobile device and removed its battery to circumvent GPS location tracking. The device user is a four digit PIN. Which of the following is a mobile device security control that ensures the confidentiality of company data?

A. Remote wiping A. Remote wiping B. Mobile Access control C. Full device encryption D. Inventory control Correct Answer: C

Ann, a technician, wants to implement a single protocol on a remote server which will enable her to encrypt and proxy all of her traffic though the remote server via SOCKS5. Which of the following should Ann enable to support both encryption and proxy services?

A. SSH A. SSH B. IPSEC C. TLS D. HTTPS Correct Answer: A

Which of the following would be used as a secure substitute for Telnet?

A. SSH A. SSH B. SFTP C. SSL D. HTTPS Correct Answer: A

Which of the following uses port 22 by default? (Select THREE).

A. SSH A. SSH B. SSL C. TLS D. SFTP E. SCP F. FTPS G. SMTP H. SNMP Correct Answer: ADE

A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO).

A. SSH A. SSH B. TFTP C. NTLM D. TKIP E. SMTP F. PGP/GPG Correct Answer: AF

An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?

A. SSID broadcast A. SSID broadcast B. MAC filter C. WPA2 D. Antenna placement Correct Answer: A

Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage and access these servers?

A. SSL A. SSL B. TLS C. HTTP D. FTP Correct Answer: B

During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).

A. SSL 1.0 A. SSL 1.0 B. RC4 C. SSL 3.0 D. AES E. DES F. TLS 1.0 Correct Answer: AE

Which of the following cryptographic related browser settings allows an organization to communicate securely?

A. SSL 3.0/TLS 1.0 A. SSL 3.0/TLS 1.0 B. 3DES C. Trusted Sites D. HMAC Correct Answer: A

An attacker is attempting to insert malicious code into an installer file that is available on the internet. The attacker is able to gain control of the web server that houses both the installer and the web page which features information about the downloadable file. To implement the attack and delay detection, the attacker should modify both the installer file and the:

A. SSL certificate on the web server A. SSL certificate on the web server B. The HMAC of the downloadable file available on the website C. Digital signature on the downloadable file D. MD5 hash of the file listed on the website Correct Answer: D

Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?

A. SSLv2 A. SSLv2 B. SSHv1 C. RSA D. TLS Correct Answer: D

Which of the following should be used to implement voice encryption?

A. SSLv3 B. VDSL C. SRTP D. VoIP Correct Answer: C

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?

A. SaaS A. SaaS B. MaaS C. IaaS D. PaaS Correct Answer: B

Which of the following is the BEST concept to maintain required but non-critical server availability?

A. SaaS site A. SaaS site B. Cold site C. Hot site D. Warm site Correct Answer: D

After several thefts a Chief Executive Officer (CEO) wants to ensure unauthorized do not have to corporate grounds or its employees. The CEO just approved new budget line items for fences, lighting, locks and CCTVs. Which of the following is the primary focus?

A. Safety A. Safety B. Confidentiality C. Availability D. Integrity Correct Answer: A

Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).

A. Scanning printing of documents. A. Scanning printing of documents. B. Scanning of outbound IM (Instance Messaging). C. Scanning copying of documents to USB. D. Scanning of SharePoint document library. E. Scanning of shared drives. F. Scanning of HTTP user traffic. Correct Answer: BF

Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of.

A. Scarcity A. Scarcity B. Familiarity C. Intimidation D. Trust Correct Answer: A

An employee in the accounting department recently received a phishing email that instructed them to click a link in the email to view an important message from the IRS which threatened penalties if a response was not received by the end of the business day. The employee clicked on the link and the machine was infected with malware. Which of the following principles BEST describes why this social engineering ploy was successful?

A. Scarcity A. Scarcity B. Familiarity C. Social proof D. Urgency Correct Answer: A

Mobile tablets are used by employees on the sales floor to access customer data. Ann a customer recently reported that another customer was able to access her personal information on the tablet after the employee left the area. Which of the following would BEST prevent these issues from reoccurring?

A. Screen Locks A. Screen Locks B. Full-device encryption C. Application control D. Asset tracking Correct Answer: A

An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this?

A. TOTP A. TOTP B. Smart card C. CHAP D. HOTP Correct Answer: A

Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops?

A. TPM A. TPM B. HSM C. CPU D. FPU Correct Answer: A

Which of the following is the GREATEST security concern of allowing employees to bring in their personally owned tablets and connecting to the corporate network?

A. Tablet network connections are stored and accessible from the corporate network A. Tablet network connections are stored and accessible from the corporate network B. The company's attack surface increases with the non-corporate devices C. Personally purchased media may be available on the network for others to stream D. Encrypted tablets are harder to access to determine if they are infected Correct Answer: C

Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described?

A. Tailgating A. Tailgating B. Fencing C. Screening D. Mantrap Correct Answer: D

An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks?

A. Tailgating B. Shoulder surfing C. Impersonation D. Hoax Correct Answer: C

A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. Which of the following is the BEST approach for implementation of the new application on the virtual server?

A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location. B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application. C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location. D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application. Correct Answer: C

In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO).

A. Take hashes A. Take hashes B. Begin the chain of custody paperwork C. Take screen shots D. Capture the system image E. Decompile suspicious files Correct Answer: AD

A security administrator needs an external vendor to correct an urgent issue with an organization's physical access control system (PACS). The PACS does not currently have internet access because it is running a legacy operation system. Which of the following methods should the security administrator select the best balances security and efficiency?

A. Temporarily permit outbound internet access for the pacs so desktop sharing can be set up B. Have the external vendor come onsite and provide access to the PACS directly C. Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing D. Set up a web conference on the administrator's pc; then remotely connect to the pacs Correct Answer: C

A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability?

A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot the server and monitor for any changes B. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the patch, and monitor for any changes C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for any changes Correct Answer: C

Which of the following is a difference between TFTP and FTP?

A. TFTP is slower than FTP. A. TFTP is slower than FTP. B. TFTP is more secure than FTP. C. TFTP utilizes TCP and FTP uses UDP. D. TFTP utilizes UDP and FTP uses TCP. Correct Answer: D

Which of the following wireless security technologies continuously supplies new keys for WEP?

A. TKIP A. TKIP B. Mac filtering C. WPA2 D. WPA Correct Answer: A

Which of the following protocols provides transport security for virtual terminal emulation?

A. TLS A. TLS B. SSH C. SCP D. S/MIME Correct Answer: B

A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol?

A. TLS B. MPLS C. SCP D. SSH Correct Answer: A

A server administrator discovers the web farm is using weak ciphers and wants to ensure that only stronger ciphers are accepted. Which of the following ciphers should the administrator implement in the load balancer? (Select Two)

A. SHA-129 A. SHA-129 B. DES C. MD5 D. RC4 E. CRC-32 Correct Answer: AD

A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?

A. SHA-256 A. SHA-256 B. AES C. Diffie-Hellman D. 3DES Correct Answer: C

The security administration team at a company has been tasked with implementing a data-at-rest solution for its company storage. Due to the large amount of storage the Chief Information Officer (CISO) decides that a 128- bit cipher is needed but the CISO also does not want to degrade system performance any more than necessary. Which of the following encryptions needs BOTH of these needs?

A. SHA1 A. SHA1 B. DSA C. AES D. 3DES Correct Answer: C

Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?

A. SHA1 A. SHA1 B. MD2 C. MD4 D. MD5 Correct Answer: A

A Company transfers millions of files a day between their servers. A programmer for the company has created a program that indexes and verifies the integrity of each file as it is replicated between servers. The programmer would like to use the fastest algorithm to ensure integrity. Which of the following should the programmer use?

A. SHA1 A. SHA1 B. RIPEMD C. DSA D. MD5 Correct Answer: D

When information is shared between two separate organizations, which of the following documents would describe the sensitivity as well as the type and flow of the information?

A. SLA B. ISA C. BPA D. MOA Correct Answer: D

Which of the following risk concepts requires an organization to determine the number of failures per year?

A. SLE A. SLE B. ALE C. MTBF D. Quantitative analysis Correct Answer: B

A bank is planning to implement a third factor to protect customer ATM transactions. Which of the following could the bank implement?

A. SMS A. SMS B. Fingerprint C. Chip and Pin D. OTP Correct Answer: C

A system administrator has noticed network performance issues and wants to gather performance data from the gateway router. Which of the following can be used to perform this action?

A. SMTP A. SMTP B. iSCSI C. SNMP D. IPSec Correct Answer: C

A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?

A. SNMP A. SNMP B. SNMPv3 C. ICMP D. SSH Correct Answer: B

Joe, the chief technical officer (CTO) is concerned that the servers and network devices may not be able to handle the growing needs of the company. He has asked his network engineer to being monitoring the performance of these devices and present statistics to management for capacity planning. Which of the following protocols should be used to this?

A. SNMP A. SNMP B. SSH C. TLS D. ICMP Correct Answer: A

Joe, a company's network engineer, is concerned that protocols operating at the application layer of the OSI model are vulnerable to exploitation on the network. Which of the following protocols should he secure?

A. SNMP A. SNMP B. SSL C. ICMP D. NetBIOS Correct Answer: A

A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?

A. SNMPv3 A. SNMPv3 B. TFTP C. SSH D. TLS Correct Answer: A

During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?

A. SPIM A. SPIM B. Backdoor C. Logic bomb D. Rootkit Correct Answer: D

Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server?

A. SQL Injection A. SQL Injection B. Theft of the physical database server C. Cookies D. Cross-site scripting Correct Answer: A

Which of the following was launched against a company based on the following IDS log? 122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET /index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/ forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"

A. SQL injection A. SQL injection B. Buffer overflow attack C. XSS attack D. Online password crack Correct Answer: B

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: <HTML> <body onload="document.getElementByID('badForm').submit()"> <form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" > <input name="Perform Purchase" value="Perform Purchase"/> </form> </body> </HTML> Which of the following has MOST likely occurred?

A. SQL injection A. SQL injection B. Cookie stealing C. XSRF D. XSS Correct Answer: C

An attacker attempted to compromise a web form by inserting the following input into the username field: admin)(|(password=*)) Which of the following types of attacks was attempted?

A. SQL injection A. SQL injection B. Cross-site scripting C. Command injection D. LDAP injection Correct Answer: D

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

A. SQL injection A. SQL injection B. Session hijacking and XML injection C. Cookies and attachments D. Buffer overflow and XSS Correct Answer: A

A security administrator looking through IDS logs notices the following entry: (where [email protected] and passwd= 'or 1==1') Which of the following attacks had the administrator discovered?

A. SQL injection A. SQL injection B. XML injection C. Cross-site script D. Header manipulation Correct Answer: A

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. Which of the following was used to perform this attack?

A. SQL injection A. SQL injection B. XML injection C. Packet sniffer D. Proxy Correct Answer: B

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?

A. SQL injection B. Header manipulation C. Cross-site scripting D. Flash cookie exploitation Correct Answer: C

Which of the following techniques can be bypass a user or computer's web browser privacy settings? (Select Two)

A. SQL injection B. Session hijacking C. Cross-site scripting D. Locally shared objects E. LDAP injection Correct Answer: BC

Joe an application developer is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Joe filters client-side JAVA input. Which of the following is Joe attempting to prevent?

A. SQL injections A. SQL injections B. Watering holes C. Cross site scripting D. Pharming Correct Answer: C

Which of the following ports will be used for logging into secure websites?

A. 80 A. 80 B. 110 C. 142 D. 443 Correct Answer: D

Which of the following authentication protocols makes use of UDP for its services?

A. RADIUS A. RADIUS B. TACACS+ C. LDAP D. XTACACS Correct Answer: A

Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?

A. $500 A. $500 B. $5,000 C. $25,000 D. $50,000 Correct Answer: B

A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?

A. $7,000 A. $7,000 B. $10,000 C. $17,500 D. $35,000 Correct Answer: C

Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?

A. $1,500 A. $1,500 B. $3,750 C. $15,000 D. $75,000 Correct Answer: B

Sara, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong encryption with the FASTEST speed?

A. 3DES A. 3DES B. Blowfish C. Serpent D. AES256 Correct Answer: B

An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?

A. (Threats X vulnerability X asset value) x controls gap A. (Threats X vulnerability X asset value) x controls gap B. (Threats X vulnerability X profit) x asset value C. Threats X vulnerability X control gap D. Threats X vulnerability X asset value Correct Answer: D

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

A. 1 A. 1 B. 2 C. 3 D. 4 Correct Answer: C

Which of the following may be used with a BNC connector?

A. 10GBaseT A. 10GBaseT B. 1000BaseSX C. 100BaseFX D. 10Base2 Correct Answer: D

Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).

A. 110 A. 110 B. 137 C. 139 D. 143 E. 161 F. 443 Correct Answer: BC

An administrator is hardening systems and wants to disable unnecessary services. One Linux server hosts files used by a Windows web server on another machine. The Linux server is only used for secure file transfer, but requires a share for the Windows web server as well. The administrator sees the following output from a netstat -1p command: Which of the following processes can the administrator kill without risking impact to the purpose and function of the Linux or Windows servers? (Select Three)

A. 1488 B. 1680 C. 2120 D. 2121 E. 2680 F. 8217 Correct Answer: ADF

Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10. DIAGRAM PC1 PC2 [192.168.1.30]--------[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]---------[10.2.2.10] LOGS 10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN 10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK 10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK Given the above information, which of the following can be inferred about the above environment?

A. 192.168.1.30 is a web server. A. 192.168.1.30 is a web server. B. The web server listens on a non-standard port. C. The router filters port 80 traffic. D. The router implements NAT. Correct Answer: D

During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).

A. 21 A. 21 B. 22 C. 23 D. 69 E. 3389 F. SSH G. Terminal services H. Rlogin I. Rsync J. Telnet Correct Answer: BCFJ

Which of the following ports is used to securely transfer files between remote UNIX systems?

A. 21 A. 21 B. 22 C. 69 D. 445 Correct Answer: B

An employee needs to connect to a server using a secure protocol on the default port. Which of the following ports should be used?

A. 21 A. 21 B. 22 C. 80 D. 110 Correct Answer: B

Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?

A. 21 A. 21 B. 25 C. 80 D. 3389 Correct Answer: C

Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

A. 21/UDP A. 21/UDP B. 21/TCP C. 22/UDP D. 22/TCP Correct Answer: D

A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO).

A. 22 A. 22 B. 135 C. 137 D. 143 E. 443 F. 3389 Correct Answer: AF

Ann, a technician, is attempting to establish a remote terminal session to an end user's computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?

A. 22 A. 22 B. 139 C. 443 D. 3389 Correct Answer: D

A company uses SSH to support internal users. They want to block external SSH connections from reaching internal machines. Which of the following should be blocked on the firewall?

A. 22 A. 22 B. 23 C. 443 D. 8080 Correct Answer: A

A security technician has been tasked with opening ports on a firewall to allow users to browse the internet. Which of the following ports should be opened on the firewall? (Select Three)

A. 22 A. 22 B. 53 C. 80 D. 110 E. 443 F. 445 G. 8080 Correct Answer: CEG

Which of the following ports should be used by a system administrator to securely manage a remote server?

A. 22 A. 22 B. 69 C. 137 D. 445 Correct Answer: A

Which of the following ports is used for SSH, by default?

A. 23 A. 23 B. 32 C. 12 D. 22 Correct Answer: D

Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?

A. 25 A. 25 B. 53 C. 143 D. 443 Correct Answer: D

An administrator needs to allow both secure and regular web traffic into a network. Which of the following ports should be configured? (Select TWO)

A. 25 A. 25 B. 53 C. 80 D. 110 E. 143 F. 443 Correct Answer: CF

After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall?

A. 25 A. 25 B. 68 C. 80 D. 443 Correct Answer: B

An active directory setting restricts querying to only secure connections. Which of the following ports should be selected to establish a successful connection?

A. 389 A. 389 B. 440 C. 636 D. 3286 Correct Answer: C

Which of the following can be used for both encryption and digital signatures?

A. 3DES A. 3DES B. AES C. RSA D. MD5 Correct Answer: A

While testing a new host based firewall configuration a security administrator inadvertently blocks access to localhost which causes problems with applications running on the host. Which of the following addresses refer to localhost?

A. ::0 A. ::0 B. 127.0.0.0 C. 120.0.0.1 D. 127.0.0/8 E. 127::0.1 Correct Answer: C

A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?

A. A CRL A. A CRL B. Make the RA available C. A verification authority D. A redundant CA Correct Answer: A

A defense contractor wants to use one of its classified systems to support programs from multiple intelligence agencies. Which of the following MUST be in place between the intelligence agencies to allow this?

A. A DRP A. A DRP B. An SLA C. A MOU D. A BCP Correct Answer: C

The security administrator at ABC company received the following log information from an external party: 10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal 10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force 10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company's security administrator is unable to determine the origin of the attack?

A. A NIDS was used in place of a NIPS. A. A NIDS was used in place of a NIPS. B. The log is not in UTC. C. The external party uses a firewall. D. ABC company uses PAT. Correct Answer: D

An outside security consultant produces a report of several vulnerabilities for a particular server. Upon further investigation, it is determine that the vulnerability reported does not apply to the platform the server is running on. Which of the following should the consultant do in order to produce more accurate results?

A. A black box test should be used to increase the validity of the scan A. A black box test should be used to increase the validity of the scan B. Perform a penetration test in addition to a vulnerability scan C. Use banner grabbing to identify the target platform D. Use baseline reporting to determine the actual configuration Correct Answer: B

A new security policy being implemented requires all email within the organization be digitally signed by the author using PGP. Which of the following would needs to be created for each user?

A. A certificate authority A. A certificate authority B. A key escrow C. A trusted key D. A public and private key Correct Answer: A

A company executive's laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?

A. A comparison should have been created from the original system's file hashes A. A comparison should have been created from the original system's file hashes B. Witness testimony should have been taken by the administrator C. The company should have established a chain of custody tracking the laptop D. A system image should have been created and stored Correct Answer: D

An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important?

A. A full scan must be run on the network after the DAT file is installed. A. A full scan must be run on the network after the DAT file is installed. B. The signatures must have a hash value equal to what is displayed on the vendor site. C. The definition file must be updated within seven days. D. All users must be logged off of the network prior to the installation of the definition file. Correct Answer: B

A security analyst noticed a colleague typing the following command: `Telnet some-host 443' Which of the following was the colleague performing?

A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. D. A mistaken port being entered because telnet servers typically do not listen on port 443. Correct Answer: B

Which of the following is true about asymmetric encryption?

A. A message encrypted with the private key can be decrypted by the same key A. A message encrypted with the private key can be decrypted by the same key B. A message encrypted with the public key can be decrypted with a shared key. C. A message encrypted with a shared key, can be decrypted by the same key. D. A message encrypted with the public key can be decrypted with the private key. Correct Answer: D

A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure. Which of the following should the engineer choose to meet these requirements?

A. A mirrored striped array with parity A. A mirrored striped array with parity B. A mirrored mirror array C. A striped array D. A striped array with parity Correct Answer: B

The database server used by the payroll system crashed at 3 PM and payroll is due at 5 PM. Which of the following metrics is MOST important is this instance?

A. ARO A. ARO B. SLE C. MTTR D. MTBF Correct Answer: C

A switch is set up to allow only 2 simultaneous MAC addresses per switch port. An administrator is reviewing a log and determines that a switch ort has been deactivated in a conference room after it detected 3 or more MAC addresses on the same port. Which of the following reasons could have caused this port to be disabled?

A. A pc had a NIC replaced and reconnected to the switch A. A pc had a NIC replaced and reconnected to the switch B. An ip telephone has been plugged in C. A rouge access point was plugged in D. An arp attack was launched from a pc on this port Correct Answer: D

Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following will Joe need to use to BEST accomplish the objective?

A. A pre-shared private key A. A pre-shared private key B. His private key C. Ann's public key D. His public key Correct Answer: B

Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

A. A recent security breach in which passwords were cracked. A. A recent security breach in which passwords were cracked. B. Implementation of configuration management processes. C. Enforcement of password complexity requirements. D. Implementation of account lockout procedures. Correct Answer: A

The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?

A. A security group A. A security group B. A group policy C. Key escrow D. Certificate revocation Correct Answer: B

In which of the following scenarios would it be preferable to implement file level encryption instead of whole disk encryption?

A. A server environment where the primary security concern is integrity and not file recovery A. A server environment where the primary security concern is integrity and not file recovery B. A cloud storage environment where multiple customers use the same hardware but possess different encryption keys C. A SQL environment where multiple customers access the same database D. A large datacenter environment where each customer users dedicated hardware resources Correct Answer: B

Employees are reporting that they have been receiving a large number of emails advertising products and services. Links in the email direct the users' browsers to the websites for the items being offered. No reports of increased virus activity have been observed. A security administrator suspects that the users are the targets of:

A. A watering hole attack B. Spear phishing C. A spoofing attack D. A spam campaign Correct Answer: D

A review of the company's network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose?

A. ACL A. ACL B. IDS C. UTM D. Firewall Correct Answer: C

Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department's server, and the accounting department should not have access to the HR department's server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department's server and vice-versa?

A. ACLs A. ACLs B. VLANs C. DMZs D. NATS Correct Answer: B

A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

A. AES A. AES B. 3DES C. RC4 D. WPA2 Correct Answer: B

Which of the following provides additional encryption strength by repeating the encryption process with additional keys?

A. AES A. AES B. 3DES C. TwoFish D. Blowfish Correct Answer: B

Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption?

A. AES A. AES B. Blowfish C. RC5 D. 3DES Correct Answer: B

Which of the following can be implemented with multiple bit strength?

A. AES A. AES B. DES C. SHA-1 D. MD5 E. MD4 Correct Answer: A

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES A. AES B. MD5 C. SHA D. SHA-256 E. RSA Correct Answer: BC

A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO).

A. AES A. AES B. PGP C. SHA D. MD5 E. ECDHE Correct Answer: CD

An administrator wants to provide onboard hardware based cryptographic processing and secure key storage for full-disk encryption. Which of the following should the administrator use to fulfil the requirements?

A. AES B. TPM C. FDE D. PAM Correct Answer: B

A developer needs to utilize AES encryption in an application but requires the speed of encryption and decryption to be as fast as possible. The data that will be secured is not sensitive so speed is valued over encryption complexity. Which of the following would BEST satisfy these requirements?

A. AES with output feedback B. AES with cipher feedback C. AES with cipher block chaining D. AES with counter mode Correct Answer: B

After a few users report problems with the wireless network, a system administrator notices that a new wireless access point has been powered up in the cafeteria. The access point has the same SSID as the corporate network and is set to the same channel as nearby access points. However, the AP has not been connected to the Ethernet network. Which of the following is the MOST likely cause of the user's wireless problems?

A. AP channel bonding A. AP channel bonding B. An evil twin attack C. Wireless interference D. A rogue access point Correct Answer: B

An administrator performs a risk calculation to determine if additional availability controls need to be in place. The administrator estimates that a server fails and needs to be replaced once every 2 years at a cost of $8,000. Which of the following represents the factors that the administrator would use to facilitate this calculation?

A. ARO= 0.5; SLE= $4,000; ALE= $2,000 A. ARO= 0.5; SLE= $4,000; ALE= $2,000 B. ARO=0.5; SLE=$8,000; ALE=$4,000 C. ARO=0.5; SLE= $4,000; ALE=$8,000 D. ARO=2; SLE= $4,000; ALE=$8,000 E. ARO=2; SLE= $8,000; ALE= $16,000 Correct Answer: B

A corporate wireless guest network uses an open SSID with a captive portal to authenticate guest users. Guests can obtain their portal password at the service desk. A security consultant alerts the administrator that the captive portal is easily bypassed, as long as one other wireless guest user is on the network. Which of the following attacks did the security consultant use?

A. ARP poisoning B. DNS cache poisoning C. MAC spoofing D. Rouge DHCP server Correct Answer: C

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?

A. Accept the risk saving $10,000. A. Accept the risk saving $10,000. B. Ignore the risk saving $5,000. C. Mitigate the risk saving $10,000. D. Transfer the risk saving $5,000. Correct Answer: D

Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?

A. Acceptable Use Policy A. Acceptable Use Policy B. Physical security controls C. Technical controls D. Security awareness training Correct Answer: D

Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company's information systems?

A. Acceptable Use Policy A. Acceptable Use Policy B. Privacy Policy C. Security Policy D. Human Resource Policy Correct Answer: A

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).

A. Acceptable use of social media A. Acceptable use of social media B. Data handling and disposal C. Zero day exploits and viruses D. Phishing threats and attacks E. Clean desk and BYOD F. Information security awareness Correct Answer: DF

The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior?

A. Acceptable use policies A. Acceptable use policies B. Host-based firewalls C. Content inspection D. Application whitelisting Correct Answer: D

Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).

A. Acceptable use policy A. Acceptable use policy B. Risk acceptance policy C. Privacy policy D. Email policy E. Security policy Correct Answer: AC

A company is starting to allow employees to use their own personal without centralized management. Employees must contract IT to have their devices configured to use corporate email; access is also available to the corporate cloud-based services. Which of the following is the BEST policy to implement under these circumstances?

A. Acceptable use policy A. Acceptable use policy B. Security policy C. Group policy D. Business Agreement policy Correct Answer: A

The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?

A. Acceptable use policy A. Acceptable use policy B. Telecommuting policy C. Data ownership policy D. Non disclosure policy Correct Answer: A

Which of the following would be used to allow a subset of traffic from a wireless network to an internal network?

A. Access control list A. Access control list B. 802.1X C. Port security D. Load balancers Correct Answer: B

An administrator is implementing a new management system for the machinery on the company's production line. One requirement is that the system only be accessible while within the production facility. Which of the following will be the MOST effective solution in limiting access based on this requirement?

A. Access control list A. Access control list B. Firewall policy C. Air Gap D. MAC filter Correct Answer: A

Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?

A. Access control lists A. Access control lists B. Continuous monitoring C. Video surveillance D. Baseline reporting Correct Answer: B

The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to work and plug them directly into the network port under their desk. Which of the following should be configured on the network switch to prevent this from happening?

A. Access control lists A. Access control lists B. Loop protection C. Firewall rule D. Port security Correct Answer: D

Joe is a helpdesk specialist. During a routine audit, a company discovered that his credentials were used while he was on vacation. The investigation further confirmed that Joe still has his badge and it was last used to exit the facility. Which of the following access control methods is MOST appropriate for preventing such occurrences in the future?

A. Access control where the credentials cannot be used except when the associated badge is in the facility B. Access control where system administrators may limit which users can access their systems C. Access control where employee's access permissions is based on the job title D. Access control system where badges are only issued to cleared personnel Correct Answer: A

The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help?

A. Account Disablements A. Account Disablements B. Password Expiration C. Password Complexity D. Password Recovery Correct Answer: D

Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee's credential?

A. Account expiration A. Account expiration B. Password complexity C. Account lockout D. Dual factor authentication Correct Answer: A

A security administrator must implement all requirements in the following corporate policy: Passwords shall be protected against offline password brute force attacks. Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE).

A. Account lockout A. Account lockout B. Account expiration C. Screen locks D. Password complexity E. Minimum password lifetime F. Minimum password length Correct Answer: ADF

The chief security officer (CSO) has issued a new policy to restrict generic or shared accounts on company systems. Which of the following sections of the policy requirements will have the most impact on generic and shared accounts?

A. Account lockout A. Account lockout B. Password length C. Concurrent logins D. Password expiration Correct Answer: C

Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to BEST reduce these incidents?

A. Account lockout B. Group Based Privileges C. Least privilege D. Password complexity Correct Answer: A

A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?

A. Account lockout policy A. Account lockout policy B. Account password enforcement C. Password complexity enabled D. Separation of duties Correct Answer: D

Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions: Ann: read/write Sales Group: read IT Group: no access If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Joe?

A. Add Joe to the Sales group. A. Add Joe to the Sales group. B. Have the system administrator give Joe full access to the file. C. Give Joe the appropriate access to the file directly. D. Remove Joe from the IT group and add him to the Sales group. Correct Answer: C

An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?

A. Add reverse encryption A. Add reverse encryption B. Password complexity C. Increase password length D. Allow single sign on Correct Answer: B

A technician is investigating intermittent switch degradation. The issue only seems to occur when the building's roof air conditioning system runs. Which of the following would reduce the connectivity issues?

A. Adding a heat deflector A. Adding a heat deflector B. Redundant HVAC systems C. Shielding D. Add a wireless network Correct Answer: C

It is MOST important to make sure that the firewall is configured to do which of the following?

A. Alert management of a possible intrusion. A. Alert management of a possible intrusion. B. Deny all traffic and only permit by exception. C. Deny all traffic based on known signatures. D. Alert the administrator of a possible intrusion. Correct Answer: B

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?

A. All users have write access to the directory. A. All users have write access to the directory. B. Jane has read access to the file. C. All users have read access to the file. D. Jane has read access to the directory. Correct Answer: C

Sara, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Sara BEST accommodate the vendor?

A. Allow incoming IPSec traffic into the vendor's IP address. A. Allow incoming IPSec traffic into the vendor's IP address. B. Set up a VPN account for the vendor, allowing access to the remote site. C. Turn off the firewall while the vendor is in the office, allowing access to the remote site. D. Write a firewall rule to allow the vendor to have access to the remote site. Correct Answer: D

The security administrator receives a service ticket saying a host based firewall is interfering with the operation of a new application that is being tested in delevopment. The administrator asks for clarification on which ports need to be open. The software vendor replies that it could use up to 20 ports and many customers have disabled the host based firewall. After examining the system the administrator sees several ports that are open for database and application servers that only used locally. The vendor continues to recommend disabling the host based firewall. Which of the following is the best course of action for the administrator to take?

A. Allow ports used by the application through the network firewall B. Allow ports used externally through the host firewall C. Follow the vendor recommendations and disable the host firewall D. Allow ports used locally through the host firewall Correct Answer: D

Which of the following will help prevent smurf attacks?

A. Allowing necessary UDP packets in and out of the network A. Allowing necessary UDP packets in and out of the network B. Disabling directed broadcast on border routers C. Disabling unused services on the gateway firewall D. Flash the BIOS with the latest firmware Correct Answer: B

A security administrator is responsible for ensuring that there are no unauthorized devices utilizing the corporate network. During a routine scan, the security administrator discovers an unauthorized device belonging to a user in the marketing department. The user is using an android phone in order to browse websites. Which of the following device attributes was used to determine that the device was unauthorized?

A. An IMEI address A. An IMEI address B. A phone number C. A MAC address D. An asset ID Correct Answer: C

Which of the following is a vulnerability associated with disabling pop-up blockers?

A. An alert message from the administrator may not be visible A. An alert message from the administrator may not be visible B. A form submitted by the user may not open C. The help window may not be displayed D. Another browser instance may execute malicious code Correct Answer: D

An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns. Which of the following is an example of this threat?

A. An attacker using the phone remotely for spoofing other phone numbers A. An attacker using the phone remotely for spoofing other phone numbers B. Unauthorized intrusions into the phone to access data C. The Bluetooth enabled phone causing signal interference with the network D. An attacker using exploits that allow the phone to be disabled Correct Answer: B

In order to enter a high-security data center, users are required to speak the correct password into a voice recognition system. Ann, a member of the sales department, overhears the password and later speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center?

A. An authentication factor A. An authentication factor B. Discretionary Access C. Time of Day Restrictions D. Least Privilege Restrictions Correct Answer: A

Which of the following would provide the MOST objective results when performing penetration testing for an organization?

A. An individual from outside the organization would be more familiar with the system A. An individual from outside the organization would be more familiar with the system B. AN inside support staff member would know more about how the system could be compromised C. An outside company would be less likely to skew the results in favor if the organization D. An outside support staff member would be more likely to report accurate results due to familiarity with the system Correct Answer: C

A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?

A. Ann's user account has administrator privileges. A. Ann's user account has administrator privileges. B. Joe's user account was not added to the group policy. C. Ann's user account was not added to the group policy. D. Joe's user account was inadvertently disabled and must be re-created. Correct Answer: C

ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left?

A. Annual account review A. Annual account review B. Account expiration policy C. Account lockout policy D. Account disablement Correct Answer: B

A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).

A. Antenna placement A. Antenna placement B. Interference C. Use WEP D. Single Sign on E. Disable the SSID F. Power levels Correct Answer: AF

A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up. Which of the following BEST allows the analyst to restrict user access to approved devices?

A. Antenna placement A. Antenna placement B. Power level adjustment C. Disable SSID broadcasting D. MAC filtering Correct Answer: D

A network administrator noticed various chain messages have been received by the company. Which of the following security controls would need to be implemented to mitigate this issue?

A. Anti-spam A. Anti-spam B. Antivirus C. Host-based firewalls D. Anti-spyware Correct Answer: A

A security administrator wants to deploy security controls to mitigate the threat of company employees' personal information being captured online. Which of the following would BEST serve this purpose?

A. Anti-spyware A. Anti-spyware B. Antivirus C. Host-based firewall D. Web content filter Correct Answer: A

Which of the following is an example of a false positive?

A. Anti-virus identifies a benign application as malware. A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow. Correct Answer: A

A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

A. Antivirus A. Antivirus B. Pop-up blocker C. Spyware blocker D. Anti-spam Correct Answer: B

Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario?

A. Application Firewall A. Application Firewall B. Anomaly Based IDS C. Proxy Firewall D. Signature IDS Correct Answer: B

Which of the following security concepts identifies input variables which are then used to perform boundary testing?

A. Application baseline A. Application baseline B. Application hardening C. Secure coding D. Fuzzing Correct Answer: D

A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again?

A. Application configuration baselines A. Application configuration baselines B. Application hardening C. Application access controls D. Application patch management Correct Answer: D

A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?

A. Application control A. Application control B. Remote wiping C. GPS D. Screen-locks Correct Answer: B

During an application design, the development team specifics a LDAP module for single sign-on communication with the company's access control database. This is an example of which of the following?

A. Application control B. Data in-transit C. Identification D. Authentication Correct Answer: D

Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?

A. Application design A. Application design B. Application security C. Initial baseline configuration D. Management of interfaces Correct Answer: C

Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?

A. Application firewalls A. Application firewalls B. Manual updates C. Firmware version control D. Encrypted TCP wrappers Correct Answer: D

A security technician has removed the sample configuration files from a database server. Which of the following application security controls has the technician attempted?

A. Application hardening A. Application hardening B. Application baselines C. Application patch management D. Application input validation Correct Answer: A

A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks?

A. Application hardening A. Application hardening B. Application change management C. Application patch management D. Application firewall review Correct Answer: C

A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause?

A. Application hardening A. Application hardening B. False positive C. Baseline code review D. False negative Correct Answer: B

A security administrator is investigating a recent server breach. The breach occurred as a result of a zero-day attack against a user program running on the server. Which of the following logs should the administrator search for information regarding the breach?

A. Application log A. Application log B. Setup log C. Authentication log D. System log Correct Answer: A

Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?

A. Application patch management A. Application patch management B. Cross-site scripting prevention C. Creating a security baseline D. System hardening Correct Answer: D

Which of the following are unique to white box testing methodologies? (Select two)

A. Application program interface API testing A. Application program interface API testing B. Bluesnarfing C. External network penetration testing D. Function, statement and code coverage E. Input fuzzing Correct Answer: AD

Which of the following assets is MOST likely considered for DLP?

A. Application server content A. Application server content B. USB mass storage devices C. Reverse proxy D. Print server Correct Answer: B

The user of a news service accidently accesses another user's browsing history. From this the user can tell what competitors are reading, querying, and researching. The news service has failed to properly implement which of the following?

A. Application white listing A. Application white listing B. In-transit protection C. Access controls D. Full disk encryption Correct Answer: C

Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software?

A. Application white listing A. Application white listing B. Network penetration testing C. Application hardening D. Input fuzzing testing Correct Answer: C

Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network?

A. Application white listing A. Application white listing B. Remote wiping C. Acceptable use policy D. Mobile device management Correct Answer: D

Joe, a security technician, is configuring two new firewalls through the web on each. Each time Joe connects, there is a warning message in the browser window about the certificate being untrusted. Which of the following will allow Joe to configure a certificate for the firewall so that firewall administrators are able to connect both firewalls without experiencing the warning message?

A. Apply a permanent override to the certificate warning in the browser A. Apply a permanent override to the certificate warning in the browser B. Apply a wildcard certificate obtained from the company's certificate authority C. Apply a self-signed certificate generated by each of the firewalls D. Apply a single certificate obtained from a public certificate authority Correct Answer: C

Joe the system administrator has noticed an increase in network activity from outside sources. He wishes to direct traffic to avoid possible penetration while heavily monitoring the traffic with little to no impact on the current server load. Which of the following would be BEST course of action?

A. Apply an additional firewall ruleset on the user PCs. A. Apply an additional firewall ruleset on the user PCs. B. Configure several servers into a honeynet C. Implement an IDS to protect against intrusion D. Enable DNS logging to capture abnormal traffic Correct Answer: B

Which of the following tools would a security administrator use in order to identify all running services throughout an organization?

A. Architectural review A. Architectural review B. Penetration test C. Port scanner D. Design review Correct Answer: C

A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report?

A. Architecture evaluation B. Baseline reporting C. Whitebox testing D. Peer review Correct Answer: D

A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle. Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle?

A. Architecture review B. Risk assessment C. Protocol analysis D. Code review Correct Answer: D

Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

A. Armored virus A. Armored virus B. Polymorphic malware C. Logic bomb D. Rootkit Correct Answer: A

A systems administrator has made several unauthorized changes to the server cluster that resulted in a major outage. This event has been brought to the attention of the Chief Information Office (CIO) and he has requested immediately implement a risk mitigation strategy to prevent this type of event from reoccurring. Which of the following would be the BEST risk mitigation strategy to implement in order to meet this request?

A. Asset Management A. Asset Management B. Change Management C. Configuration Management D. Incident Management Correct Answer: B

A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company. Which of the following portions of the company's mobile device management configuration would allow the company data to be removed from the device without touching the new hire's data?

A. Asset control B. Device access control C. Storage lock out D. Storage segmentation Correct Answer: B

Which of the following is MOST critical in protecting control systems that cannot be regularly patched?

A. Asset inventory A. Asset inventory B. Full disk encryption C. Vulnerability scanning D. Network segmentation Correct Answer: B

A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?

A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator. B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll. C. Create two additional generic accounts, one for payroll and one for sales that users utilize. D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3. Correct Answer: D

An attacker captures the encrypted communication between two parties for a week, but is unable to decrypt the messages. The attacker then compromises the session key during one exchange and successfully compromises a single message. The attacker plans to use this key to decrypt previously captured and future communications, but is unable to. This is because the encryption scheme in use adheres to:

A. Asymmetric encryption B. Out-of-band key exchange C. Perfect forward secrecy D. Secure key escrow Correct Answer: C

A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?

A. Attach cable locks to each laptop A. Attach cable locks to each laptop B. Require each customer to sign an AUP C. Install a GPS tracking device onto each laptop D. Install security cameras within the perimeter of the café Correct Answer: A

Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

A. Attributes based A. Attributes based B. Implicit deny C. Role based D. Rule based Correct Answer: A

Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?

A. Authentication A. Authentication B. Blacklisting C. Whitelisting D. Acceptable use policy Correct Answer: C

Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).

A. Authentication A. Authentication B. Data leakage C. Compliance D. Malware E. Non-repudiation F. Network loading Correct Answer: BCD

Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?

A. Authentication server A. Authentication server B. Server certificate C. Key length D. EAP method Correct Answer: C

RADIUS provides which of the following?

A. Authentication, Authorization, Availability A. Authentication, Authorization, Availability B. Authentication, Authorization, Auditing C. Authentication, Accounting, Auditing D. Authentication, Authorization, Accounting Correct Answer: D

Anne an employee receives the following email: From: Human Resources To: Employee Subject: Updated employee code of conduct Please click on the following link: http//external.site.com/codeofconduct.exe to review the updated code of conduct at your earliest convenience. After clicking the email link, her computer is compromised. Which of the following principles of social engineering was used to lure Anne into clicking the phishing link in the above email?

A. Authority A. Authority B. Familiarity C. Intimidation D. Urgency Correct Answer: B

A company requires that all wireless communication be compliant with the Advanced encryption standard. The current wireless infrastructure implements WEP + TKIP. Which of the following wireless protocols should be implemented?

A. CCMP B. 802.1x C. 802.3 D. WPA2 E. AES Correct Answer: B

A recent audit of a company's identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario? (Select TWO).

A. Automatically disable accounts that have not been utilized for at least 10 days. A. Automatically disable accounts that have not been utilized for at least 10 days. B. Utilize automated provisioning and de-provisioning processes where possible. C. Request that employees provide a list of systems that they have access to prior to leaving the firm. D. Perform regular user account review / revalidation process. E. Implement a process where new account creations require management approval. Correct Answer: BD

Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?

A. Availability A. Availability B. Integrity C. Accounting D. Confidentiality Correct Answer: B

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?

A. Availability A. Availability B. Integrity C. Confidentiality D. Fire suppression Correct Answer: A

A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security administrator do in regards to the application?

A. Avoid the risk to the user base allowing them to re-enable their own accounts A. Avoid the risk to the user base allowing them to re-enable their own accounts B. Mitigate the risk by patching the application to increase security and saving money C. Transfer the risk replacing the application now instead of in five years D. Accept the risk and continue to enable the accounts each month saving money Correct Answer: D

A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

A. Backdoor A. Backdoor B. Spyware C. Logic bomb D. DDoS E. Smurf Correct Answer: B

Which of the following is a directional antenna that can be used in point-to-point or point-to-multi-point WiFi communication systems? (Select TWO).

A. Backfire A. Backfire B. Dipole C. Omni D. PTZ E. Dish Correct Answer: AE

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank's certificates are still valid?

A. Bank's CRL A. Bank's CRL B. Bank's private key C. Bank's key escrow D. Bank's recovery agent Correct Answer: A

Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario?

A. Baseline Reporting A. Baseline Reporting B. Capability Maturity Model C. Code Review D. Quality Assurance and Testing Correct Answer: C

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link?

A. Baseline reporting A. Baseline reporting B. Design review C. Code review D. SLA reporting Correct Answer: B

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

A. Baseline reporting A. Baseline reporting B. Input validation C. Determine attack surface D. Design reviews Correct Answer: D

A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system must also support non-repudiation. Which of the following implements all these requirements?

A. Bcrypt B. Blowfish C. PGP D. SHA Correct Answer: C

A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?

A. Bind server A. Bind server B. Apache server C. Exchange server D. RADIUS server Correct Answer: A

Which of the following types of security services are used to support authentication for remote users and devices?

A. Biometrics A. Biometrics B. HSM C. RADIUS D. TACACS Correct Answer: C

A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?

A. Biometrics A. Biometrics B. Mandatory access control C. Single sign-on D. Role-based access control Correct Answer: A

A project manager is working with an architectural firm that focuses on physical security. The project manager would like to provide requirements that support the primary goal of safely. Based on the project manager's desires, which of the following controls would the BEST to incorporate into the facility design?

A. Biometrics B. Escape routers C. Reinforcements D. Access controls Correct Answer: B

Which of the following are examples of detective controls?

A. Biometrics, motion sensors and mantraps. A. Biometrics, motion sensors and mantraps. B. Audit, firewall, anti-virus and biometrics. C. Motion sensors, intruder alarm and audit. D. Intruder alarm, mantraps and firewall. Correct Answer: C

The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?

A. Black box A. Black box B. Penetration C. Gray box D. White box Correct Answer: A

A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing?

A. Black box A. Black box B. Penetration C. Gray box D. White box Correct Answer: D

A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?

A. Black box testing A. Black box testing B. White box testing C. Gray box testing D. Design review Correct Answer: C

Joe, a security analyst, is attempting to determine if a new server meets the security requirements of his organization. As a step in this process, he attempts to identify a lack of security controls and to identify common misconfigurations on the server. Which of the following is Joe attempting to complete?

A. Black hat testing A. Black hat testing B. Vulnerability scanning C. Black box testing D. Penetration testing Correct Answer: B

A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?

A. Black listing applications A. Black listing applications B. Operating System hardening C. Mandatory Access Control D. Patch Management Correct Answer: B

Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device?

A. Block cipher A. Block cipher B. Elliptical curve cryptography C. Diffie-Hellman algorithm D. Stream cipher Correct Answer: B

Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)

A. Block level encryption B. SAML authentication C. Transport encryption D. Multifactor authentication E. Predefined challenge questions F. Hashing Correct Answer: BD

A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

A. Block port 23 on the L2 switch at each remote site A. Block port 23 on the L2 switch at each remote site B. Block port 23 on the network firewall C. Block port 25 on the L2 switch at each remote site D. Block port 25 on the network firewall Correct Answer: B

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?

A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS Correct Answer: B

An attacker Joe configures his service identifier to be the same as an access point advertised on a billboard. Joe then conducts a denial of service attack against the legitimate AP causing users to drop their connections and then reconnect to Joe's system with the same SSID. Which of the following Best describes this type of attack?

A. Bluejacking A. Bluejacking B. WPS attack C. Evil twin D. War driving E. Relay attack Correct Answer: C

Which of the following should be considered to mitigate data theft when using CAT5 wiring?

A. CCTV A. CCTV B. Environmental monitoring C. Multimode fiber D. EMI shielding Correct Answer: D

An attacker Joe configures his service identifier to be as an access point advertised on a billboard. Joe then conducts a denial of service attack against the legitimate AP causing users to drop their connections and then reconnect to Joe's system with the same SSID. Which of the following BEST describes this of attack?

A. Bluejacking A. Bluejacking B. WPS attack C. Evil twin D. War driving E. Replay attack Correct Answer: C

Which of the following is where an unauthorized device is found allowing access to a network?

A. Bluesnarfing A. Bluesnarfing B. Rogue access point C. Honeypot D. IV attack Correct Answer: B

Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed?

A. Bollards A. Bollards B. Video surveillance C. Proximity readers D. Fencing Correct Answer: B

Custody. Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?

A. Botnet A. Botnet B. Rootkit C. Adware D. Virus Correct Answer: C

Which of the following forms of software testing can best be performed with no knowledge of how a system is internally structured or functions? (Select Two.)

A. Boundary testing A. Boundary testing B. White box C. Fuzzing D. Black box E. Grey Box Correct Answer: CD

A security administrator is selecting an MDM solution for an organization, which has strict security requirements for the confidentiality of its data on end user devices. The organization decides to allow BYOD, but requires that users wishing to participate agree to the following specific device configurations; camera disablement, password enforcement, and application whitelisting. The organization must be able to support a device portfolio of differing mobile operating systems. Which of the following represents the MOST relevant technical security criteria for the MDM?

A. Breadth of support for device manufacturers' security configuration APIS B. Ability to extend the enterprise password polices to the chosen MDM C. Features to support the backup and recovery of the stored corporate data D. Capability to require the users to accept an AUP prior to device onboarding Correct Answer: B

Which of the following is a software vulnerability that can be avoided by using input validation?

A. Buffer overflow A. Buffer overflow B. Application fuzzing C. Incorrect input D. Error handling Correct Answer: C

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?

A. Buffer overflow A. Buffer overflow B. Cross-site scripting C. XML injection D. SQL injection Correct Answer: A

Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?

A. Buffer overflow A. Buffer overflow B. Pop-up blockers C. Cross-site scripting D. Fuzzing Correct Answer: A

Which of the following is the below pseudo-code an example of? IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

A. Buffer overflow prevention A. Buffer overflow prevention B. Input validation C. CSRF prevention D. Cross-site scripting prevention Correct Answer: B

Which of the following is the MOST specific plan for various problems that can arise within a system?

A. Business Continuity Plan A. Business Continuity Plan B. Continuity of Operation Plan C. Disaster Recovery Plan D. IT Contingency Plan Correct Answer: D

The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?

A. Business Impact Analysis A. Business Impact Analysis B. First Responder C. Damage and Loss Control D. Contingency Planning Correct Answer: B

In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?

A. Business Impact Analysis A. Business Impact Analysis B. IT Contingency Plan C. Disaster Recovery Plan D. Continuity of Operations Correct Answer: A

An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?

A. Business continuity planning A. Business continuity planning B. Quantitative assessment C. Data classification D. Qualitative assessment Correct Answer: C

The security administrator generates a key pair and sends one key inside a rest file to a third party. The third party sends back a signed file. In this scenario, the file sent by the administrator is a:

A. CA A. CA B. CRL C. KEK D. PKI E. CSR Correct Answer: E

Which of the following should a security technician implement to identify untrusted certificates?

A. CA A. CA B. PKI C. CRL D. Recovery agent Correct Answer: C

A security administrator would like to ensure that some members of the building's maintenance staff are only allowed access to the facility during weekend hours. Access to the facility is controlled by badge swipe and a man trap. Which of the following options will BEST accomplish this goal?

A. CCTV B. Security Guard C. Time of day restrictions D. Job rotation Correct Answer: C

A project manager is evaluating proposals for a cloud commuting project. The project manager is particularly concerned about logical security controls in place at the service provider's facility. Which of the following sections of the proposal would be MOST important to review, given the project manager's concerns?

A. CCTV monitoring B. Perimeter security lighting system C. Biometric access system D. Environmental system configuration Correct Answer: C

Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?

A. CCTV system access A. CCTV system access B. Dial-up access C. Changing environmental controls D. Ping of death Correct Answer: C

A company hosts a web server that requires entropy in encryption initialization and authentication. To meet this goal, the company would like to select a block cipher mode of operation that allows an arbitrary length IV and supports authenticated encryption. Which of the following would meet these objectives?

A. CFB A. CFB B. GCM C. ECB D. CBC Correct Answer: C

Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?

A. CHAP A. CHAP B. SAML C. Kerberos D. Diameter Correct Answer: D

A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend?

A. CHAP A. CHAP B. TOTP C. HOTP D. PAP Correct Answer: B

A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the following is the correct order in which Joe should collect the data?

A. CPU cache, paging/swap files, RAM, remote logging data B. RAM, CPU cache. Remote logging data, paging/swap files C. Paging/swap files, CPU cache, RAM, remote logging data D. CPU cache, RAM, paging/swap files, remote logging data Correct Answer: B

The security manager reports that the process of revoking certificates authority is too slow and should be automated. Which of the following should be used to automate this process?

A. CRL A. CRL B. GPG C. OCSP D. Key escrow Correct Answer: C

An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?

A. CRL A. CRL B. Non-repudiation C. Trust models D. Recovery agents Correct Answer: B

The key management organization has implemented a key escrowing function. Which of the following technologies can provide protection for the PKI's escrowed keys?

A. CRL A. CRL B. OCSP C. TPM D. HSM Correct Answer: A

A user tries to visit a web site with a revoked certificate. In the background a server from the certificate authority only sends the browser revocation information about the domain the user is visiting. Which of the following is being used by the certificate authority in this exchange?

A. CSR A. CSR B. Key escrow C. OCSP D. CRL Correct Answer: C

Joe, a user, reports to the system administrator that he is receiving an error stating his certificate has been revoked. Which of the following is the name of the database repository for these certificates?

A. CSR A. CSR B. OCSP C. CA D. CRL Correct Answer: D

An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA?

A. CSR A. CSR B. Recovery agent C. Private key D. CRL Correct Answer: A

A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable. Which of the following MUST be implemented to support this requirement?

A. CSR B. OCSP C. CRL D. SSH Correct Answer: C

Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help determine where the attack originated from?

A. Capture system image A. Capture system image B. Record time offset C. Screenshots D. Network sniffing Correct Answer: D

Which of the following must be kept secret for a public key infrastructure to remain secure?

A. Certificate Authority A. Certificate Authority B. Certificate revocation list C. Public key ring D. Private key Correct Answer: D

A new mobile banking application is being developed and uses SSL / TLS certificates but penetration tests show that it is still vulnerable to man-in-the-middle attacks, such as DNS hijacking. Which of the following would mitigate this attack?

A. Certificate revocation A. Certificate revocation B. Key escrow C. Public key infrastructure D. Certificate pinning Correct Answer: D

Which of the following identifies certificates that have been compromised or suspected of being compromised?

A. Certificate revocation list A. Certificate revocation list B. Access control list C. Key escrow registry D. Certificate authority Correct Answer: A

The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chain?

A. Certificate revocation list B. Intermediate authority C. Recovery agent D. Root of trust Correct Answer: B

After receiving the hard drive from detectives, the forensic analyst for a court case used a log to capture corresponding events prior to sending the evidence to lawyers. Which of the following do these actions demonstrate?

A. Chain of custody A. Chain of custody B. Order if volatility C. Data analysis D. Tracking man hours and expenses Correct Answer: A

The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved?

A. Chain of custody A. Chain of custody B. System image C. Take hashes D. Order of volatility Correct Answer: A

A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?

A. Chain of custody A. Chain of custody B. Tracking man hours C. Record time offset D. Capture video traffic Correct Answer: C

A company recently received accreditation for a secure network, In the accreditation letter, the auditor specifies that the company must keep its security plan current with changes in the network and evolve the systems to adapt to new threats. Which of the following security controls will BEST achieve this goal?

A. Change management A. Change management B. Group Policy C. Continuous monitoring D. Credential management Correct Answer: A

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?

A. Change management A. Change management B. Implementing policies to prevent data loss C. User rights and permissions review D. Lessons learned Correct Answer: D

Ann the IT director wants to ensure that as hoc changes are not making their way to the production applications. Which of the following risk mitigation strategies should she implement in her department?

A. Change management A. Change management B. Permission reviews C. Incident management D. Perform routine audits Correct Answer: A

A security administrator is required to submit a detailed implementation plan and back out plan to get approval prior to updating the firewall and other security devices. Which of the following types of risk mitigation strategies is being followed?

A. Change management A. Change management B. Routine audit C. Rights and permissions review D. Configuration management Correct Answer: D

A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following?

A. Change management procedures B. Job rotation policies C. Incident response management D. Least privilege access controls Correct Answer: A

A technician has been tasked with installing and configuring a wireless access point for the engineering department. After the AP has been installed, there have been reports the employees from other departments have been connecting to it without approval. Which of the following would BEST address these concerns?

A. Change the SSID of the AP so that it reflects a different department, obscuring its ownership A. Change the SSID of the AP so that it reflects a different department, obscuring its ownership B. Implement WPA2 encryption in addition to WEP to protect the data-in-transit C. Configure the AP to allow only to devices with pre-approved hardware addresses D. Lower the antenna's power so that it only covers the engineering department's offices Correct Answer: D

Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company's access point and finds no issues. Which of the following should the technician do?

A. Change the access point from WPA2 to WEP to determine if the encryption is too strong A. Change the access point from WPA2 to WEP to determine if the encryption is too strong B. Clear all access logs from the AP to provide an up-to-date access list of connected users C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap Correct Answer: C

Ann is traveling for business and is attempting to use the hotel's wireless network to check for new messages. She selects the hotel's wireless SSID from a list of networks and successfully connects. After opening her email client and waiting a few minutes, the connection times out. Which of the following should Ann do to retrieve her email messages?

A. Change the authentication method for her laptop's wireless card from WEP to WPA2 A. Change the authentication method for her laptop's wireless card from WEP to WPA2 B. Open a web browser and authenticate using the captive portal for the hotel's wireless network C. Contact the front desk and have the MAC address of her laptop added to the MAC filter on the hotel's wireless network D. Change the incoming email protocol from IMAP to POP3 Correct Answer: B

A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?

A. Change the encryption from TKIP-based to CCMP-based. A. Change the encryption from TKIP-based to CCMP-based. B. Set all nearby access points to operate on the same channel. C. Configure the access point to use WEP instead of WPA2. D. Enable all access points to broadcast their SSIDs. Correct Answer: A

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80 PERMIT TCP ANY ANY 443 Which of the following rules would accomplish this task? (Select TWO).

A. Change the firewall default settings so that it implements an implicit deny A. Change the firewall default settings so that it implements an implicit deny B. Apply the current ACL to all interfaces of the firewall C. Remove the current ACL D. Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53 E. Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53 F. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53 Correct Answer: AF

Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

A. Check the referrer field in the HTTP header A. Check the referrer field in the HTTP header B. Disable Flash content C. Use only cookies for authentication D. Use only HTTPS URLs Correct Answer: A

A datacenter has suffered repeated burglaries which led to equipment theft and arson. In the past, the thieves have demonstrated a determination to bypass any installed safeguards. After mantraps were installed to prevent tailgating, the thieves crashed through the wall of datacenter with a vehicle after normal business hours. Which of the following options could improve the safety and security of the datacenter further? (Select two)

A. Cipher locks A. Cipher locks B. CCTV C. Escape routes D. K rated fencing E. Fm200 fire suppression Correct Answer: AD

A software developer places a copy of the source code for a sensitive internal application on a company laptop to work remotely. Which of the following policies is MOST likely being violated?

A. Clean desk A. Clean desk B. Data handling C. Chain of custody D. Social media Correct Answer: B

Joe uses his badge to enter the server room, Ann follows Joe entering without using her badge. It is later discovered that Ann used a USB drive to remove confidential data from a server. Which of the following principles is potentially being violated? (Select TWO)

A. Clean desk policy A. Clean desk policy B. Least privilege C. Tailgating D. Zero-day exploits E. Data handling Correct Answer: CE

A webpage displays a potentially offensive advertisement on a computer. A customer walking by notices the displayed advertisement and files complaint. Which of the following can BEST reduce the likelihood of this incident occurring again?

A. Clean-desk policies A. Clean-desk policies B. Screen-locks C. Pop-up blocker D. Antispyware software Correct Answer: C

Certificates are used for: (Select TWO).

A. Client authentication. A. Client authentication. B. WEP encryption. C. Access control lists. D. Code signing. E. Password hashing. Correct Answer: AD

An administrator is having difficulty configuring WPA2 Enterprise using EAP-PEAP-MSCHAPv2. The administrator has configured the wireless access points properly, and has configured policies on the RADIUS server and configured settings on the client computers. Which of the following is missing?

A. Client certificates are needed A. Client certificates are needed B. A third party LEAP client must be installed C. A RADIUS server certificate is needed D. The use of CCMP rather than TKIP Correct Answer: A

Which of the following is described as an attack against an application using a malicious file?

A. Client side attack A. Client side attack B. Spam C. Impersonation attack D. Phishing attack Correct Answer: A

An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?

A. Cloud A. Cloud B. Trusted C. Sandbox D. Snapshot Correct Answer: C

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?

A. Cloud computing A. Cloud computing B. Full disk encryption C. Data Loss Prevention D. HSM Correct Answer: A

A company replaces a number of devices with a mobile appliance, combining several functions. Which of the following descriptions fits this new implementation? (Select TWO).

A. Cloud computing A. Cloud computing B. Virtualization C. All-in-one device D. Load balancing E. Single point of failure Correct Answer: CE

A hospital IT department wanted to secure its doctor's tablets. The IT department wants operating system level security and the ability to secure the data from alteration. Which of the following methods would MOST likely work?

A. Cloud storage A. Cloud storage B. Removal Media C. TPM D. Wiping Correct Answer: C

Which of the following is the BEST approach to perform risk mitigation of user access control rights?

A. Conduct surveys and rank the results. A. Conduct surveys and rank the results. B. Perform routine user permission reviews. C. Implement periodic vulnerability scanning. D. Disable user accounts that have not been used within the last two weeks. Correct Answer: B

Digital Signatures provide which of the following?

A. Confidentiality A. Confidentiality B. Authorization C. Integrity D. Authentication E. Availability Correct Answer: C

Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE).

A. Confidentiality A. Confidentiality B. Availability C. Integrity D. Authorization E. Authentication F. Continuity Correct Answer: ABC

A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?

A. Confidentiality A. Confidentiality B. Availability C. Succession planning D. Integrity Correct Answer: B

Sara, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days' hashes. Which of the following security concepts is Sara using?

A. Confidentiality A. Confidentiality B. Compliance C. Integrity D. Availability Correct Answer: C

Digital signatures are used for ensuring which of the following items? (Select TWO).

A. Confidentiality A. Confidentiality B. Integrity C. Non-Repudiation D. Availability E. Algorithm strength Correct Answer: BC

Which of the following encompasses application patch management?

A. Configuration management A. Configuration management B. Policy management C. Cross-site request forgery D. Fuzzing Correct Answer: A

A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack?

A. Configure MAC filtering on the switch. A. Configure MAC filtering on the switch. B. Configure loop protection on the switch. C. Configure flood guards on the switch. D. Configure 802.1x authentication on the switch. Correct Answer: C

A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data?

A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443. A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443. B. Configure a proxy server to log all traffic destined for ports 80 and 443. C. Configure a switch to log all traffic destined for ports 80 and 443. D. Configure a NIDS to log all traffic destined for ports 80 and 443. Correct Answer: B

Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company's security device. Which of the following might the administrator do in the short term to prevent the emails from being received?

A. Configure an ACL A. Configure an ACL B. Implement a URL filter C. Add the domain to a block list D. Enable TLS on the mail server Correct Answer: C

An organization is required to log all user internet activity. Which of the following would accomplish this requirement?

A. Configure an access list on the default gateway router. Configure the default gateway router to log all web A. Configure an access list on the default gateway router. Configure the default gateway router to log all web traffic to a syslog server B. Configure a firewall on the internal network. On the client IP address configuration, use the IP address of the firewall as the default gateway, configure the firewall to log all traffic to a syslog server C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server D. Configure an access list on the core switch, configure the core switch to log all web traffic to a syslog server Correct Answer: C

An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?

A. Configure each port on the switches to use the same VLAN other than the default one A. Configure each port on the switches to use the same VLAN other than the default one B. Enable VTP on both switches and set to the same domain C. Configure only one of the routers to run DHCP services D. Implement port security on the switches Correct Answer: D

Given the log output: Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source: 10.0.12.45] [localport: 23] at 00:15:23:431 CET Sun Mar 15 2015 Which of the following should the network administrator do to protect data security?

A. Configure port security for logons B. Disable telnet and enable SSH C. Configure an AAA server D. Disable password and enable RSA authentication Correct Answer: B

In the course of troubleshooting wireless issues from users a technician discovers that users are connecting to their home SSIDs which the technician scans but detects none of these SSIDs. The technician eventually discovers a rouge access point that spoofs any SSID request. Which of the following allows wireless use while mitigating this type of attack?

A. Configure the device to verify access point MAC addresses A. Configure the device to verify access point MAC addresses B. Disable automatic connection to known SSIDs C. Only connect to trusted wireless networks D. Enable MAC filtering on the wireless access point Correct Answer: A

A password audit has revealed that a significant percentage if end-users have passwords that are easily cracked. Which of the following is the BEST technical control that could be implemented to reduce the amount of easily "crackable" passwords in use?

A. Credential management A. Credential management B. Password history C. Password complexity D. Security awareness training Correct Answer: C

Ann a member of the Sales Department has been issued a company-owned laptop for use when traveling to remote sites. Which of the following would be MOST appropriate when configuring security on her laptop?

A. Configure the laptop with a BIOS password A. Configure the laptop with a BIOS password B. Configure a host-based firewall on the laptop C. Configure the laptop as a virtual server D. Configure a host based IDS on the laptop Correct Answer: A

Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router's logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer's reports?

A. Configure the router so that wireless access is based upon the connecting device's hardware address. A. Configure the router so that wireless access is based upon the connecting device's hardware address. B. Modify the connection's encryption method so that it is using WEP instead of WPA2. C. Implement connections via secure tunnel with additional software on the developer's computers. D. Configure the router so that its name is not visible to devices scanning for wireless networks. Correct Answer: A

Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

A. Connect the WAP to a different switch. A. Connect the WAP to a different switch. B. Create a voice VLAN. C. Create a DMZ. D. Set the switch ports to 802.1q mode. Correct Answer: B

A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?

A. Content filtering A. Content filtering B. IDS C. Audit logs D. DLP Correct Answer: D

After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. Which of the following controls support this goal?

A. Contingency planning A. Contingency planning B. Encryption and stronger access control C. Hashing and non-repudiation D. Redundancy and fault tolerance Correct Answer: B

A one time security audit revealed that employees do not have the appropriate access to system resources. The auditor is concerned with the fact that most of the accounts audited have unneeded elevated permission to sensitive resources. Which of the following was implemented to detect this issue?

A. Continuous monitoring A. Continuous monitoring B. Account review C. Group based privileges D. Credential management Correct Answer: B

In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered?

A. Continuous security monitoring A. Continuous security monitoring B. Baseline configuration and host hardening C. Service Level Agreement (SLA) monitoring D. Security alerting and trending Correct Answer: A

Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?

A. Create a VLAN for the SCADA A. Create a VLAN for the SCADA B. Enable PKI for the MainFrame C. Implement patch management D. Implement stronger WPA2 Wireless Correct Answer: A

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?

A. Create a VLAN without a default gateway. A. Create a VLAN without a default gateway. B. Remove the network from the routing table. C. Create a virtual switch. D. Commission a stand-alone switch. Correct Answer: C

A company is exploring the option of letting employees use their personal laptops on the internal network. Which of the following would be the MOST common security concern in this scenario?

A. Credential management A. Credential management B. Support ownership C. Device access control D. Antivirus management Correct Answer: D

A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?

A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080 A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080 B. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80 C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080 D. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80 Correct Answer: C

The security administrator has noticed cars parking just outside of the building fence line. Which of the following security measures can the administrator use to help protect the company's WiFi network against war driving? (Select TWO)

A. Create a honeynet B. Reduce beacon rate C. Add false SSIDs D. Change antenna placement E. Adjust power level controls F. Implement a warning banner Correct Answer: AE

The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action?

A. Create a single, shared user account for every system that is audited and logged based upon time of use. A. Create a single, shared user account for every system that is audited and logged based upon time of use. B. Implement a single sign-on application on equipment with sensitive data and high-profile shares. C. Enact a policy that employees must use their vacation time in a staggered schedule. D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes. Correct Answer: C

A company hired Joe, an accountant. The IT administrator will need to create a new account for Joe. The company uses groups for ease of management and administration of user accounts. Joe will need network access to all directories, folders and files within the accounting department. Which of the following configurations will meet the requirements?

A. Create a user account and assign the user account to the accounting group. A. Create a user account and assign the user account to the accounting group. B. Create an account with role-based access control for accounting. C. Create a user account with password reset and notify Joe of the account creation. D. Create two accounts: a user account and an account with full network administration rights. Correct Answer: B

An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will most likely fix the uploading issue for the users?

A. Create an ACL to allow the FTP service write access to user directories B. Set the Boolean selinux value to allow FTP home directory uploads C. Reconfigure the ftp daemon to operate without utilizing the PSAV mode D. Configure the FTP daemon to utilize PAM authentication pass through user permissions Correct Answer: A

A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often?

A. Create an incremental backup of an unpatched PC A. Create an incremental backup of an unpatched PC B. Create an image of a patched PC and replicate it to servers C. Create a full disk image to restore after each installation D. Create a virtualized sandbox and utilize snapshots Correct Answer: D

A system administrator has concerns regarding their users accessing systems and secured areas using others' credentials. Which of the following can BEST address this concern?

A. Create conduct policies prohibiting sharing credentials. A. Create conduct policies prohibiting sharing credentials. B. Enforce a policy shortening the credential expiration timeframe. C. Implement biometric readers on laptops and restricted areas. D. Install security cameras in areas containing sensitive systems. Correct Answer: C

An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting division require access to a server in the Sales division, but no users in the Human Resources division should have access to resources in any other division, nor should any users in the Sales division have access to resources in the Accounting division. Which of the following network segmentation schemas would BEST meet this objective?

A. Create two VLANS, one for Accounting and Sales, and one for Human Resources. A. Create two VLANS, one for Accounting and Sales, and one for Human Resources. B. Create one VLAN for the entire organization. C. Create two VLANs, one for Sales and Human Resources, and one for Accounting. D. Create three separate VLANS, one for each division. Correct Answer: D

A system administrator wants to use open source software but is worried about the source code being comprised. As a part of the download and installation process, the administrator should verify the integrity of the software by:

A. Creating a digital signature of the file before installation B. Using a secure protocol like HTTPS to download the file C. Checking the has against an official mirror that contains the same file D. Encryption any connections the software makes Correct Answer: C

Ann has recently transferred from the payroll department to engineering. While browsing file shares, Ann notices she can access the payroll status and pay rates of her new coworkers. Which of the following could prevent this scenario from occurring?

A. Credential management A. Credential management B. Continuous monitoring C. Separation of duties D. User access reviews Correct Answer: D

During a routine audit it is discovered that someone has been using a state administrator account to log into a seldom used server. The person used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could BEST prevent this from occurring again?

A. Credential management A. Credential management B. Group policy management C. Acceptable use policies D. Account expiration policies Correct Answer: D

Establishing a method to erase or clear memory is an example of securing which of the following?

A. Data in transit A. Data in transit B. Data at rest C. Data in use D. Data in motion Correct Answer: C

During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again?

A. Credential management B. Group policy management C. Acceptable use policy D. Account expiration policy Correct Answer: B

Which of the following is an example of multifactor authentication?

A. Credit card and PIN A. Credit card and PIN B. Username and password C. Password and PIN D. Fingerprint and retina scan Correct Answer: A

Which of the following attacks is generally initiated from a botnet?

A. Cross site scripting attack A. Cross site scripting attack B. HTTP header injection C. Distributed denial of service D. A war driving attack Correct Answer: C

Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO).

A. DAC A. DAC B. ALE C. SLE D. ARO E. ROI Correct Answer: BC

A security analyst is reviewing the following packet capture of an attack directed at a company's server located in the DMZ: Which of the following ACLs provides the BEST protection against the above attack and any further attacks from the same IP, while minimizing service interruption?

A. DENY TCO From ANY to 172.31.64.4 B. Deny UDP from 192.168.1.0/24 to 172.31.67.0/24 C. Deny IP from 192.168.1.10/32 to 0.0.0.0/0 D. Deny TCP from 192.168.1.10 to 172.31.67.4 Correct Answer: D

An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange?

A. DES B. Blowfish C. DSA D. Diffie-Hellman E. 3DES Correct Answer: D

Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches?

A. DIAMETER A. DIAMETER B. RADIUS C. TACACS+ D. Kerberos Correct Answer: C

An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?

A. DLP A. DLP B. Asset tracking C. HSM D. Access control Correct Answer: A

Which of the following offers the LEAST amount of protection against data theft by USB drives?

A. DLP A. DLP B. Database encryption C. TPM D. Cloud computing Correct Answer: D

The network security manager has been notified by customer service that employees have been sending unencrypted confidential information via email. Which of the following should the manager select to BEST detect and provide notification of these occurrences?

A. DLP A. DLP B. SSL C. DEP D. UTM Correct Answer: A

When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator's request?

A. DMZ A. DMZ B. Cloud services C. Virtualization D. Sandboxing Correct Answer: A

Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server. However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server?

A. DMZ A. DMZ B. Honeynet C. VLAN D. Honeypot Correct Answer: D

An administrator wants to configure a switch port so that it separates voice and data traffic. Which of the following MUST be configured on the switch port to enforce separation of traffic?

A. DMZ B. VLAN C. Subnetting D. NAC Correct Answer: B

Which of the following network design elements allows for many internal devices to share one public IP address?

A. DNAT A. DNAT B. PAT C. DNS D. DMZ Correct Answer: B

A security analyst has been investigating an incident involving the corporate website. Upon investigation, it has been determined that users visiting the corporate website would be automatically redirected to a, malicious site. Further investigation on the corporate website has revealed that the home page on the corporate website has been altered to include an unauthorized item. Which of the following would explain why users are being redirected to the malicious site?

A. DNS poisoning B. XSS C. Iframe D. Session hijacking Correct Answer: B

Joe a system architect wants to implement appropriate solutions to secure the company's distributed database. Which of the following concepts should be considered to help ensure data security? (Select TWO)

A. Data at rest B. Data in use C. Replication D. Wiping E. Retention F. Cloud Storage Correct Answer: AE

Which of the following is a security risk regarding the use of public P2P as a method of collaboration?

A. Data integrity is susceptible to being compromised. A. Data integrity is susceptible to being compromised. B. Monitoring data changes induces a higher cost. C. Users are not responsible for data usage tracking. D. Limiting the amount of necessary space for data storage. Correct Answer: A

Allowing unauthorized removable devices to connect to computers increases the risk of which of the following?

A. Data leakage prevention A. Data leakage prevention B. Data exfiltration C. Data classification D. Data deduplication Correct Answer: B

Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future?

A. Data loss prevention A. Data loss prevention B. Enforcing complex passwords C. Security awareness training D. Digital signatures Correct Answer: C

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company's rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?

A. Data ownership A. Data ownership B. Device access control C. Support ownership D. Acceptable use Correct Answer: A

A user has reported inadvertently sending an encrypted email containing PII to an incorrect distribution group. Which of the following potential incident types is this?

A. Data sharing A. Data sharing B. Unauthorized viewing C. Data breach D. Unauthorized access Correct Answer: B

Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system?

A. Database encryption A. Database encryption B. USB encryption C. Whole disk encryption D. TPM Correct Answer: D

A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?

A. Database field encryption A. Database field encryption B. File-level encryption C. Data loss prevention system D. Full disk encryption Correct Answer: A

End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:

A. Date of birth. A. Date of birth. B. First and last name. C. Phone number. D. Employer name. Correct Answer: A

A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network. Which of the following security measures did the technician MOST likely implement to cause this Scenario?

A. Deactivation of SSID broadcast B. Reduction of WAP signal output power C. Activation of 802.1X with RADIUS D. Implementation of MAC filtering E. Beacon interval was decreased Correct Answer: A

Public keys are used for which of the following?

A. Decrypting wireless messages A. Decrypting wireless messages B. Decrypting the hash of an electronic signature C. Bulk encryption of IP based email traffic D. Encrypting web browser traffic Correct Answer: B

A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage?

A. Deduplication is not compatible with encryption A. Deduplication is not compatible with encryption B. The exports are being stored on smaller SAS drives C. Encrypted files are much larger than unencrypted files D. The SAN already uses encryption at rest Correct Answer: C

Which of the following describes the purpose of an MOU?

A. Define interoperability requirements A. Define interoperability requirements B. Define data backup process C. Define onboard/offboard procedure D. Define responsibilities of each party Correct Answer: D

Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives?

A. Degaussing A. Degaussing B. Physical Destruction C. Lock up hard drives in a secure safe D. Wipe Correct Answer: B

Full disk encryption is MOST effective against which of the following threats?

A. Denial of service by data destruction A. Denial of service by data destruction B. Eavesdropping emanations C. Malicious code D. Theft of hardware Correct Answer: D

Ann a security technician receives a report from a user that is unable to access an offsite SSN server. Ann checks the firewall and sees the following rules: Allow TCP 80 Allow TCP 443 Deny TCP 23 Deny TCP 20 Deny TCP 21 Which of the following is preventing the users from accessing the SSH server?

A. Deny TCP 20 A. Deny TCP 20 B. Deny TCP 21 C. Deny TCP 23 D. Implicit deny Correct Answer: D

The use of social networking sites introduces the risk of:

A. Disclosure of proprietary information A. Disclosure of proprietary information B. Data classification issues C. Data availability issues D. Broken chain of custody Correct Answer: A

A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic. Which of the following would accomplish this task?

A. Deny TCP port 68 A. Deny TCP port 68 B. Deny TCP port 69 C. Deny UDP port 68 D. Deny UDP port 69 Correct Answer: D

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).

A. Deny incoming connections to the outside router interface. A. Deny incoming connections to the outside router interface. B. Change the default HTTP port C. Implement EAP-TLS to establish mutual authentication D. Disable the physical switch ports E. Create a server VLAN F. Create an ACL to access the server Correct Answer: EF

A security technician wants to implement stringent security controls over web traffic by restricting the client source TCP ports allowed through the corporate firewall. Which of the following should the technician implement?

A. Deny port 80 and 443 but allow proxies A. Deny port 80 and 443 but allow proxies B. Only allow port 80 and 443 C. Only allow ports above 1024 D. Deny ports 80 and allow port 443 Correct Answer: B

Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

A. Deploy a HIDS suite on the users' computer to prevent application installation A. Deploy a HIDS suite on the users' computer to prevent application installation B. Maintain the baseline posture at the highest OS patch level C. Enable the pop-up blockers on the user's browsers to prevent malware D. Create an approved application list and block anything not on it Correct Answer: D

Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

A. Deploy a HIDS suite on the users' computers to prevent application installation. A. Deploy a HIDS suite on the users' computers to prevent application installation. B. Maintain the baseline posture at the highest OS patch level. C. Enable the pop-up blockers on the users' browsers to prevent malware. D. Create an approved application list and block anything not on it. Correct Answer: D

A recent audit had revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).

A. Deploy a honeypot A. Deploy a honeypot B. Disable unnecessary services C. Change default password D. Implement an application firewall E. Penetration testing Correct Answer: BC

A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).

A. Deploy a honeypot A. Deploy a honeypot B. Disable unnecessary services C. Change default passwords D. Implement an application firewall E. Penetration testing Correct Answer: BC

A network administrator argues that WPA2 encryption is not needed, as MAC filtering is enabled on the access point. Which of the following would show the administrator that wpa2 is also needed?

A. Deploy an evil twin with mac filtering A. Deploy an evil twin with mac filtering B. Flood access point with random mac addresses C. Sniff and clone a mac address D. DNS poison the access point Correct Answer: C

A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran on the user's computers without exception. Which of the following should the administrator do to prevent all unapproved software from running on the user's computer?

A. Deploy antivirus software and configure it to detect and remove pirated software B. Configure the firewall to prevent the downloading of executable files C. Create an application whitelist and use OS controls to enforce it D. Prevent users from running as administrator so they cannot install software. Correct Answer: C

When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

A. Deploying identical application firewalls at the border A. Deploying identical application firewalls at the border B. Incorporating diversity into redundant design C. Enforcing application white lists on the support workstations D. Ensuring the systems' anti-virus definitions are up-to-date Correct Answer: B

Which of the following should an administrator implement to research current attack methodologies?

A. Design reviews A. Design reviews B. Honeypot C. Vulnerability scanner D. Code reviews Correct Answer: B

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).

A. Detect security incidents A. Detect security incidents B. Reduce attack surface of systems C. Implement monitoring controls D. Hardening network devices E. Prevent unauthorized access Correct Answer: AC

A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site do not record any footage. Which of the following types of controls was being used?

A. Detective A. Detective B. Corrective C. Deterrent D. Preventive Correct Answer: C

A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used?

A. Detective A. Detective B. Deterrent C. Corrective D. Preventive Correct Answer: C

A risk management team indicated an elevated level of risk due to the location of a corporate datacenter in a region with an unstable political climate. The chief information officer (CIO) accepts the recommendation to transition the workload to an alternate datacenter in a more stable region. Which of the following forms of risk mitigation has the CIO elected to pursue?

A. Deterrence A. Deterrence B. Transference C. Avoidance D. Acceptance E. sharing Correct Answer: C

A product manager is concerned about continuing operations at a facility located in a region undergoing significant political unrest. After consulting with senior management, a decision is made to suspend operations at the facility until the situation stabilizes. Which of the following risk management strategies BEST describes management's response?

A. Deterrence B. Mitigation C. Avoidance D. Acceptance Correct Answer: C

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

A. Develop a set of standards A. Develop a set of standards B. Separation of duties C. Develop a privacy policy D. User training Correct Answer: D

Key elements of a business impact analysis should include which of the following tasks?

A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes. B. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates. C. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management. D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential. Correct Answer: D

Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?

A. Digital Signatures A. Digital Signatures B. Hashing C. Secret Key D. Encryption Correct Answer: D

A project team is developing requirements of the new version of a web application used by internal and external users. The application already features username and password requirements for login, but the organization is required to implement multifactor authentication to meet regulatory requirements. Which of the following would be added requirements will satisfy the regulatory requirement? (Select THREE.)

A. Digital certificate A. Digital certificate B. Personalized URL C. Identity verification questions D. Keystroke dynamics E. Tokenized mobile device F. Time-of-day restrictions G. Increased password complexity H. Rule-based access control Correct Answer: ACE

A company must send sensitive data over a non-secure network via web services. The company suspects that competitors are actively trying to intercept all transmissions. Some of the information may be valuable to competitors, even years after it has been sent. Which of the following will help mitigate the risk in the scenario?

A. Digitally sign the data before transmission B. Choose steam ciphers over block ciphers C. Use algorithms that allow for PFS D. Enable TLS instead of SSL E. Use a third party for key escrow Correct Answer: A

A small IT security form has an internal network composed of laptops, servers, and printers. The network has both wired and wireless segments and supports VPN access from remote sites. To protect the network from internal and external threats, including social engineering attacks, the company decides to implement stringent security controls. Which of the following lists is the BEST combination of security controls to implement?

A. Disable SSID broadcast, require full disk encryption on servers, laptop, and personally owned electronic A. Disable SSID broadcast, require full disk encryption on servers, laptop, and personally owned electronic devices, enable MAC filtering on WAPs, require photographic ID to enter the building. B. Enable port security; divide the network into segments for servers, laptops, public and remote users; apply ACLs to all network equipment; enable MAC filtering on WAPs; and require two-factor authentication for network access. C. Divide the network into segments for servers, laptops, public and remote users; require the use of one time pads for network key exchange and access; enable MAC filtering ACLs on all servers. D. Enable SSID broadcast on a honeynet; install monitoring software on all corporate equipment' install CCTVs to deter social engineering; enable SE Linux in permissive mode. Correct Answer: B

While troubleshooting a new wireless 802.11 ac network an administrator discovers that several of the older systems cannot connect. Upon investigation the administrator discovers that the older devices only support 802.11 and RC4. The administrator does not want to affect the performance of the newer 802.11 ac devices on the network. Which of the following should the administrator do to accommodate all devices and provide the MOST security?

A. Disable channel bonding to allow the legacy devices and configure WEP fallback A. Disable channel bonding to allow the legacy devices and configure WEP fallback B. Configure the AP in protected mode to utilize WPA2 with CCMP C. Create a second SSID on the AP which utilizes WPA and TKIP D. Configure the AP to utilize the 5Gh band only and enable WEP Correct Answer: B

Joe, the systems administrator, is setting up a wireless network for his team's laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

A. Disable default SSID broadcasting. A. Disable default SSID broadcasting. B. Use WPA instead of WEP encryption. C. Lower the access point's power settings. D. Implement MAC filtering on the access point. Correct Answer: D

Log file analysis on a router reveals several unsuccessful telnet attempts to the virtual terminal (VTY) lines. Which of the following represents the BEST configuration used in order to prevent unauthorized remote access while maintaining secure availability for legitimate users?

A. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with RSA encryption A. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with RSA encryption B. Disable both telnet and SSH access to the VTY lines, requiring users to log in using HTTP C. Disable telnet access to the VTY lines, enable SHH access to the VTY lines with PSK encryption D. Disable telnet access to the VTY lines, enable SSL access to the VTY lines with RSA encryption Correct Answer: C

Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).

A. Disable the USB root hub within the OS. A. Disable the USB root hub within the OS. B. Install anti-virus software on the USB drives. C. Disable USB within the workstations BIOS. D. Apply the concept of least privilege to USB devices. E. Run spyware detection against all workstations. Correct Answer: AC

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

A. Disable the wired ports A. Disable the wired ports B. Use channels 1, 4 and 7 only C. Enable MAC filtering D. Disable SSID broadcast E. Switch from 802.11a to 802.11b Correct Answer: CD

Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again?

A. Disable the wireless access and implement strict router ACLs. A. Disable the wireless access and implement strict router ACLs. B. Reduce restrictions on the corporate web security gateway. C. Security policy and threat awareness training. D. Perform user rights and permissions reviews. Correct Answer: C

An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors' accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?

A. Disable unnecessary contractor accounts and inform the auditor of the update. A. Disable unnecessary contractor accounts and inform the auditor of the update. B. Reset contractor accounts and inform the auditor of the update. C. Inform the auditor that the accounts belong to the contractors. D. Delete contractor accounts and inform the auditor of the update. Correct Answer: A

A network security engineer notices unusual traffic on the network from a single IP attempting to access systems on port 23. Port 23 is not used anywhere on the network. Which of the following should the engineer do to harden the network from this type of intrusion in the future?

A. Disable unnecessary services on servers A. Disable unnecessary services on servers B. Disable unused accounts on servers and network devices C. Implement password requirements on servers and network devices D. Enable auditing on event logs Correct Answer: A

Which of the following provides the HIGHEST level of confidentiality on a wireless network?

A. Disabling SSID broadcast A. Disabling SSID broadcast B. MAC filtering C. WPA2 D. Packet switching Correct Answer: C

A security architect wishes to implement a wireless network with connectivity to the company's internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?

A. Disabling SSID broadcasting A. Disabling SSID broadcasting B. Implementing WPA2 - TKIP C. Implementing WPA2 - CCMP D. Filtering test workstations by MAC address Correct Answer: A

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?

A. Disabling unnecessary accounts A. Disabling unnecessary accounts B. Rogue machine detection C. Encrypting sensitive files D. Implementing antivirus Correct Answer: B

A company's password and authentication policies prohibit the use of shared passwords and transitive trust. Which of the following if implemented would violate company policy? (Select TWO)

A. Discretionary access control A. Discretionary access control B. Federation C. Single sign-on D. TOTP E. Two-factor authentication Correct Answer: AC

During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend during the audit out brief?

A. Discretionary access control for the firewall team B. Separation of duties policy for the firewall team C. Least privilege for the firewall team D. Mandatory access control for the firewall team Correct Answer: B

A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?

A. DoS A. DoS B. Account lockout C. Password recovery D. Password complexity Correct Answer: B

The Chief Security Officer (CSO) for a datacenter in a hostile environment is concerned about protecting the facility from car bomb attacks. Which of the following BEST would protect the building from this threat? (Select two.)

A. Dogs A. Dogs B. Fencing C. CCTV D. Guards E. Bollards F. Lighting Correct Answer: BE

A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a computer in the office building. Any attempt to authenticate from a location other than the office building should be rejected. Which of the following MUST the technician implement?

A. Dual factor authentication B. Transitive authentication C. Single factor authentication D. Biometric authentication Correct Answer: B

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?

A. Dual-factor authentication A. Dual-factor authentication B. Multifactor authentication C. Single factor authentication D. Biometric authentication Correct Answer: C

Several bins are located throughout a building for secure disposal of sensitive information. Which of the following does this prevent?

A. Dumpster diving A. Dumpster diving B. War driving C. Tailgating D. War chalking Correct Answer: A

A systems administrator is configuring a new file server and has been instructed to configure writeable to by the department manager, and read only for the individual employee. Which of the following is the name for the access control methodology used?

A. Duty separation A. Duty separation B. Mandatory C. Least privilege D. Role-based Correct Answer: D

An organization has an internal PKI that utilizes client certificates on each workstation. When deploying a new wireless network, the security engineer has asked that the new network authenticate clients by utilizes the existing client certificates. Which of the following authentication mechanisms should be utilized to meet this goal?

A. EAP-FAST A. EAP-FAST B. LEAP C. PEAP D. EAP-TLS Correct Answer: B

Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?

A. EAP-MD5 A. EAP-MD5 B. WEP C. PEAP-MSCHAPv2 D. EAP-TLS Correct Answer: C

Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?

A. EAP-TLS A. EAP-TLS B. EAP-FAST C. PEAP-CHAP D. PEAP-MSCHAPv2 Correct Answer: D

While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing?

A. EAP-TLS A. EAP-TLS B. PEAP C. WEP D. WPA Correct Answer: C

Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?

A. ECC A. ECC B. RSA C. SHA D. 3DES Correct Answer: D

The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur?

A. EMI emanations A. EMI emanations B. Static electricity C. Condensation D. Dry-pipe fire suppression Correct Answer: B

Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall?

A. Egress traffic is more important than ingress traffic for malware prevention B. To rebalance the amount of outbound traffic and inbound traffic C. Outbound traffic could be communicating to known botnet sources D. To prevent DDoS attacks originating from external network Correct Answer: B

The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the following is the team performing?

A. Grey box testing A. Grey box testing B. Black box testing C. Penetration testing D. White box testing Correct Answer: B

Which of the following BEST describes a protective countermeasure for SQL injection?

A. Eliminating cross-site scripting vulnerabilities A. Eliminating cross-site scripting vulnerabilities B. Installing an IDS to monitor network traffic C. Validating user input in web applications D. Placing a firewall between the Internet and database servers Correct Answer: C

An agent wants to create fast and efficient cryptographic keys to use with Diffie-Hellman without using prime numbers to generate the keys. Which of the following should be used?

A. Elliptic curve cryptography A. Elliptic curve cryptography B. Quantum cryptography C. Public key cryptography D. Symmetric cryptography Correct Answer: D

Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised?

A. Elliptic curve cryptography. A. Elliptic curve cryptography. B. Perfect forward secrecy. C. Steganography. D. Quantum cryptography. Correct Answer: D

Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability?

A. Email Encryption A. Email Encryption B. Steganography C. Non Repudiation D. Access Control Correct Answer: C

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

A. Email scanning A. Email scanning B. Content discovery C. Database fingerprinting D. Endpoint protection Correct Answer: D

A company has identified a watering hole attack. Which of the following Best describes this type of attack?

A. Emails are being spoofed to look like they are internal emails A. Emails are being spoofed to look like they are internal emails B. A cloud storage site is attempting to harvest user IDS and passwords C. An online news site is hosting ads in iframes from another site D. A local restaurant chains online menu is hosting malicious code Correct Answer: C

Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information?

A. Employ encryption on all outbound emails containing confidential information. A. Employ encryption on all outbound emails containing confidential information. B. Employ exact data matching and prevent inbound emails with Data Loss Prevention. C. Employ hashing on all outbound emails containing confidential information. D. Employ exact data matching and encrypt inbound e-mails with Data Loss Prevention. Correct Answer: A

An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process?

A. Employee is required to share their password with authorized staff prior to leaving the firm A. Employee is required to share their password with authorized staff prior to leaving the firm B. Passwords are stored in a reversible form so that they can be recovered when needed C. Authorized employees have the ability to reset passwords so that the data is accessible D. All employee data is exported and imported by the employee prior to them leaving the firm Correct Answer: C

Ann, a security administrator, has concerns regarding her company's wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be. Which of the following would BEST alleviate Ann's concerns with minimum disturbance of current functionality for clients?

A. Enable MAC filtering on the wireless access point. A. Enable MAC filtering on the wireless access point. B. Configure WPA2 encryption on the wireless access point. C. Lower the antenna's broadcasting power. D. Disable SSID broadcasting. Correct Answer: C

Ann a new small business owner decides to implement WiFi access for her customers. There are several other businesses nearby who also have WiFi hot spots. Ann is concerned about security of the wireless network and wants to ensure that only her customers have access. Which of the following choices BEST meets her intent of security and access?

A. Enable port security A. Enable port security B. Enable WPA C. Disable SSID broadcasting D. Enable WEP Correct Answer: B

An administrator has concerns regarding the traveling sales team who works primarily from smart phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft?

A. Enable screensaver locks when the phones are not in use to prevent unauthorized access B. Configure the smart phones so that the stored data can be destroyed from a centralized location C. Configure the smart phones so that all data is saved to removable media and kept separate from the device D. Enable GPS tracking on all smart phones so that they can be quickly located and recovered Correct Answer: A

Users are trying to communicate with a network but are unable to do so. A network administrator sees connection attempts on port 20 from outside IP addresses that are being blocked. How can the administrator resolve this?

A. Enable stateful FTP on the firewall A. Enable stateful FTP on the firewall B. Enable inbound SSH connections C. Enable NETBIOS connections in the firewall D. Enable HTTPS on port 20 Correct Answer: A

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files?

A. Enable verbose system logging B. Change the permissions on the user's home directory C. Implement remote syslog D. Set the bash_history log file to "read only" Correct Answer: C

A company needs to provide web-based access to shared data sets to mobile users, while maintaining a standardized set of security controls. Which of the following technologies is the MOST appropriate storage?

A. Encrypted external hard drives A. Encrypted external hard drives B. Cloud storage C. Encrypted mobile devices D. Storage Area Network Correct Answer: B

Matt, an administrator, is concerned about the wireless network being discovered by war driving. Which of the following can be done to mitigate this?

A. Enforce a policy for all users to authentic through a biometric device. A. Enforce a policy for all users to authentic through a biometric device. B. Disable all SSID broadcasting. C. Ensure all access points are running the latest firmware. D. Move all access points into public access areas. Correct Answer: B

Pete, the system administrator, has concerns regarding users losing their company provided smartphones. Pete's focus is on equipment recovery. Which of the following BEST addresses his concerns?

A. Enforce device passwords. A. Enforce device passwords. B. Use remote sanitation. C. Enable GPS tracking. D. Encrypt stored data. Correct Answer: C

The systems administrator notices that many employees are using passwords that can be easily guessed or are susceptible to brute force attacks. Which of the following would BEST mitigate this risk?

A. Enforce password rules requiring complexity. A. Enforce password rules requiring complexity. B. Shorten the maximum life of account passwords. C. Increase the minimum password length. D. Enforce account lockout policies. Correct Answer: A

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users' home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO).

A. Enforcing SELinux in the OS kernel is role-based access control A. Enforcing SELinux in the OS kernel is role-based access control B. Enforcing SELinux in the OS kernel is rule-based access control C. The policy added by the root user is mandatory access control D. Enforcing SELinux in the OS kernel is mandatory access control E. The policy added by the root user is role-based access control F. The policy added by the root user is rule-based access control Correct Answer: DF

What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?

A. Enticement A. Enticement B. Entrapment C. Deceit D. Sting Correct Answer: A

A security technician would like an application to use random salts to generate short lived encryption leys during the secure communication handshake process to increase communication security. Which of the following concepts would BEST meet this goal?

A. Ephemeral keys A. Ephemeral keys B. Symmetric Encryption Keys C. AES Encryption Keys D. Key Escrow Correct Answer: B

Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?

A. Error and exception handling A. Error and exception handling B. Application hardening C. Application patch management D. Cross-site script prevention Correct Answer: B

A user has an Android smartphone that supports full device encryption. However when the user plus into a computer all of the files are immediately accessible. Which of the following should the user do to enforce full device confidentiality should the phone be lost or stolen?

A. Establish a PIN passphrase A. Establish a PIN passphrase B. Agree to remote wipe terms C. Generate new media encryption keys D. Download the encryption control app from the store Correct Answer: A

A review of administrative access has discovered that too many accounts have been granted administrative rights. Which of the following will alert the security team when elevated access is applied?

A. Establishing user access reviews A. Establishing user access reviews B. Establishing user based privileges C. Establishing monitoring on accounts D. Establishing group based privileges Correct Answer: C

After disabling SSID broadcast, a network administrator still sees the wireless network listed in available networks on a client laptop. Which of the following attacks may be occurring?

A. Evil Twin B. ARP spoofing C. Disassociation flooding D. Rogue access point E. TKIP compromise Correct Answer: A

Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?

A. Evil twin A. Evil twin B. DNS poisoning C. Vishing D. Session hijacking Correct Answer: B

A chief information officer (CIO) is concerned about PII contained in the organization's various data warehouse platforms. Since not all of the PII transferred to the organization is required for proper operation of the data warehouse application, the CIO requests the in needed PII data be parsed and securely discarded. Which of the following controls would be MOST appropriate in this scenario?

A. Execution of PII data identification assessments B. Implementation of data sanitization routines C. Encryption of data-at-rest D. Introduction of education programs and awareness training E. Creation of policies and procedures Correct Answer: E

A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?

A. Identification A. Identification B. Authorization C. Access control D. Authentication Correct Answer: A

A chief information security officer (CISO) is providing a presentation to a group of network engineers. In the presentation, the CISO presents information regarding exploit kits. Which of the following might the CISO present?

A. Exploit kits are tools capable of taking advantage of multiple CVEs A. Exploit kits are tools capable of taking advantage of multiple CVEs B. Exploit kits are vulnerability scanners used by penetration testers C. Exploit kits are WIFI scanning tools that can find new honeypots D. Exploit kits are a new type of malware that allow attackers to control their computers Correct Answer: A

A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?

A. External penetration test A. External penetration test B. Internal vulnerability scan C. External vulnerability scan D. Internal penetration test Correct Answer: C

A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?

A. Eye Witness A. Eye Witness B. Data Analysis of the hard drive C. Chain of custody D. Expert Witness Correct Answer: C

Which of the following is the MOST secure protocol to transfer files?

A. FTP A. FTP B. FTPS C. SSH D. TELNET Correct Answer: B

A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO).

A. FTP service should be disabled A. FTP service should be disabled B. HTTPS service should be disabled C. SSH service should be disabled D. HTTP service should disabled E. Telnet service should be disabled Correct Answer: CD

Encryption of data at rest is important for sensitive information because of which of the following?

A. Facilitates tier 2 support, by preventing users from changing the OS A. Facilitates tier 2 support, by preventing users from changing the OS B. Renders the recovery of data harder in the event of user password loss C. Allows the remote removal of data following eDiscovery requests D. Prevents data from being accessed following theft of physical equipment Correct Answer: D

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?

A. Failed authentication attempts A. Failed authentication attempts B. Network ping sweeps C. Host port scans D. Connections to port 22 Correct Answer: D

Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user?

A. Failure to capture A. Failure to capture B. Type II C. Mean time to register D. Template capacity Correct Answer: B

A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO).

A. Fault tolerance A. Fault tolerance B. Encryption C. Availability D. Integrity E. Safety F. Confidentiality Correct Answer: DE

Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following?

A. Fault tolerance A. Fault tolerance B. Succession planning C. Business continuity testing D. Recovery point objectives Correct Answer: B

A company is installing a new security measure that would allow one person at a time to be authenticated to an area without human interaction. Which of the following does this describe?

A. Fencing A. Fencing B. Mantrap C. A guard D. Video surveillance Correct Answer: B

After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?

A. Fencing A. Fencing B. Proximity readers C. Video surveillance D. Bollards Correct Answer: D

Joe a network administrator is setting up a virtualization host that has additional storage requirements. Which of the following protocols should be used to connect the device to the company SAN? (Select Two)

A. Fibre channel A. Fibre channel B. SCP C. iSCSI D. FDDI E. SSL Correct Answer: AC

A team of firewall administrators have access to a `master password list' containing service account passwords. Which of the following BEST protects the master password list?

A. File encryption A. File encryption B. Password hashing C. USB encryption D. Full disk encryption Correct Answer: A

Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement?

A. File encryption A. File encryption B. Printer hardening C. Clean desk policies D. Data loss prevention Correct Answer: D

Which of the following can be used to ensure that sensitive records stored on a backend server can only be accessed by a front end server with the appropriate record key?

A. File encryption A. File encryption B. Storage encryption C. Database encryption D. Full disk encryption Correct Answer: A

In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?

A. Identification A. Identification B. Authorization C. Authentication D. Multifactor authentication Correct Answer: C

One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

A. File level encryption with alphanumeric passwords A. File level encryption with alphanumeric passwords B. Biometric authentication and cloud storage C. Whole disk encryption with two-factor authentication D. BIOS passwords and two-factor authentication Correct Answer: C

An administrator is testing the collision resistance of different hashing algorithms. Which of the following is the strongest collision resistance test?

A. Find two identical messages with different hashes B. Find two identical messages with the same hash C. Find a common has between two specific messages D. Find a common hash between a specific message and a random message Correct Answer: A

Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task?

A. Fingerprinting and password crackers A. Fingerprinting and password crackers B. Fuzzing and a port scan C. Vulnerability scan and fuzzing D. Port scan and fingerprinting Correct Answer: D

Which of the following is an effective way to ensure the BEST temperature for all equipment within a datacenter?

A. Fire suppression A. Fire suppression B. Raised floor implementation C. EMI shielding D. Hot or cool aisle containment Correct Answer: D

The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO).

A. Fire- or water-proof safe. A. Fire- or water-proof safe. B. Department door locks. C. Proximity card. D. 24-hour security guard. E. Locking cabinets and drawers. Correct Answer: AE

A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

A. Firewall A. Firewall B. Application C. IDS D. Security Correct Answer: D

Which of the following devices is MOST likely being used when processing the following? 1 PERMIT IP ANY ANY EQ 80 2 DENY IP ANY ANY

A. Firewall A. Firewall B. NIPS C. Load balancer D. URL filter Correct Answer: A

Pete, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal?

A. Firewall A. Firewall B. Switch C. URL content filter D. Spam filter Correct Answer: C

While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy. Which of the following tool or technology would work BEST for obtaining more information on this traffic?

A. Firewall logs B. IDS logs C. Increased spam filtering D. Protocol analyzer Correct Answer: B

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?

A. Firmware version control B. Manual software upgrades C. Vulnerability scanning D. Automatic updates E. Network segmentation F. Application firewalls Correct Answer: AD

A company has several public conference room areas with exposed network outlets. In the past, unauthorized visitors and vendors have used the outlets for internet access. The help desk manager does not want the outlets to be disabled due to the number of training sessions in the conference room and the amount of time it takes to get the ports either patched in or enabled. Which of the following is the best option for meeting this goal?

A. Flood guards A. Flood guards B. Port security C. 802.1x D. Loop protection E. IPSec Correct Answer: C

Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown?

A. Folder encryption A. Folder encryption B. File encryption C. Whole disk encryption D. Steganography Correct Answer: C

Who should be contacted FIRST in the event of a security breach?

A. Forensics analysis team A. Forensics analysis team B. Internal auditors C. Incident response team D. Software vendors Correct Answer: C

A portable data storage device has been determined to have malicious firmware. Which of the following is the BEST course of action to ensure data confidentiality?

A. Format the device B. Re-image the device C. Perform virus scan in the device D. Physically destroy the device Correct Answer: C

Mandatory vacations are a security control which can be used to uncover which of the following?

A. Fraud committed by a system administrator A. Fraud committed by a system administrator B. Poor password security among users C. The need for additional security staff D. Software vulnerabilities in vendor code Correct Answer: A

An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. Which of the following strategies would the administrator MOST likely implement?

A. Full backups on the weekend and incremental during the week A. Full backups on the weekend and incremental during the week B. Full backups on the weekend and full backups every day C. Incremental backups on the weekend and differential backups every day D. Differential backups on the weekend and full backups every day Correct Answer: A

A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?

A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware. B. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops. C. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access. D. Laptops that are placed in a sleep mode allow full data access when powered back on. Correct Answer: D

Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Select TWO).

A. Full device encryption A. Full device encryption B. Screen locks C. GPS D. Asset tracking E. Inventory control Correct Answer: AB

A way to assure data at-rest is secure even in the event of loss or theft is to use:

A. Full device encryption. A. Full device encryption. B. Special permissions on the file system. C. Trusted Platform Module integration. D. Access Control Lists. Correct Answer: A

To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following?

A. Full disk encryption A. Full disk encryption B. Application isolation C. Digital rights management D. Data execution prevention Correct Answer: A

A security architect is designing an enterprise solution for the sales force of a corporation which handles sensitive customer data. The solution must allow users to work from remote offices and support traveling users. Which of the following is the MOST appropriate control for the architect to focus onto ensure confidentiality of data stored on laptops?

A. Full-disk encryption B. Digital sign C. Federated identity management D. Cable locks Correct Answer: A

Which of the following automated or semi-automated software testing techniques relies on inputting large amounts of random data to detect coding errors or application loopholes?

A. Fuzzing A. Fuzzing B. Black box C. Fault injection D. SQL injection Correct Answer: A

Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

A. Fuzzing A. Fuzzing B. Patch management C. Error handling D. Strong passwords Correct Answer: C

Which of the following application security testing techniques is implemented when an automated system generates random input data?

A. Fuzzing A. Fuzzing B. XSRF C. Hardening D. Input validation Correct Answer: A

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operation would meet this integrity-only requirement?

A. GMAC B. PCBC C. CBC D. GCM E. CFB Correct Answer: A

An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?

A. Generate a new private key based on AES. A. Generate a new private key based on AES. B. Generate a new public key based on RSA. C. Generate a new public key based on AES. D. Generate a new private key based on RSA. Correct Answer: D

Jo an employee reports to the security manager that several files in a research and development folder that only JOE has access to have been improperly modified. The modified data on the files in recent and the modified by account is Joe's. The permissions on the folder have not been changed, and there is no evidence of malware on the server hosting the folder or on Joe's workstation. Several failed login attempts to Joe's account were discovered in the security log of the LDAP server. Given this scenario, which of the following should the security manager implement to prevent this in the future?

A. Generic account prohibition B. Account lockout C. Password complexity D. User access reviews Correct Answer: B

Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?

A. Gray Box Testing A. Gray Box Testing B. Black Box Testing C. Business Impact Analysis D. White Box Testing Correct Answer: A

A security director has contracted an outside testing company to evaluate the security of a newly developed application. None of the parameters or internal workings of the application have been provided to the testing company prior to the start of testing. The testing company will be using:

A. Gray box testing A. Gray box testing B. Active control testing C. White box testing D. Black box testing Correct Answer: D

A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients. Which of the following is being used?

A. Gray box vulnerability testing B. Passive scan C. Credentialed scan D. Bypassing security controls Correct Answer: A

The Quality Assurance team is testing a third party application. They are primarily testing for defects and have some understanding of how the application works. Which of the following is the team performing?

A. Grey box testing A. Grey box testing B. White box testing C. Penetration testing D. Black box testing Correct Answer: A

A new intern was assigned to the system engineering department, which consists of the system architect and system software developer's teams. These two teams have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of the following methods should the system administrator implement?

A. Group based privileges A. Group based privileges B. Generic account prohibition C. User access review D. Credential management Correct Answer: A

A security administrator wants to deploy a physical security control to limit an individual's access into a sensitive area. Which of the following should be implemented?

A. Guards A. Guards B. CCTV C. Bollards D. Spike strip Correct Answer: A

Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?

A. HIDS A. HIDS B. Firewall C. NIPS D. Spam filter Correct Answer: C

Joe, a network security engineer, has visibility to network traffic through network monitoring tools. However, he's concerned that a disgruntled employee may be targeting a server containing the company's financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe's suspicion?

A. HIDS A. HIDS B. HIPS C. NIPS D. NIDS Correct Answer: A

Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?

A. HIPS on each virtual machine A. HIPS on each virtual machine B. NIPS on the network C. NIDS on the network D. HIDS on each virtual machine Correct Answer: A

A software developer utilizes cryptographic functions to generate codes that verify message integrity. Due to the nature if the data that is being sent back and forth from the client application to the server, the developer would like to change the cryptographic function to one that verities both authentication and message integrity. Which of the following algorithms should the software developer utilize?

A. HMAC A. HMAC B. SHA C. Two Fish D. RIPEMD Correct Answer: D

The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?

A. HPM technology A. HPM technology B. Full disk encryption C. DLP policy D. TPM technology Correct Answer: C

Which of the following security architecture elements also has sniffer functionality? (Select TWO).

A. HSM A. HSM B. IPS C. SSL accelerator D. WAP E. IDS Correct Answer: BE

A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening' state. No other ports are open. Which of the following services should be disabled to ensure secure communications?

A. HTTPS A. HTTPS B. HTTP C. RDP D. TELNET Correct Answer: B

Users in the HR department were recently informed that they need to implement a user training and awareness program which is tailored to their department. Which of the following types of training would be the MOST appropriate for this department?

A. Handing PII A. Handing PII B. Risk mitigation C. Input validation D. Hashing Correct Answer: A

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

A. Hard drive encryption A. Hard drive encryption B. Infrastructure as a service C. Software based encryption D. Data loss prevention Correct Answer: A

Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?

A. Hardware integrity A. Hardware integrity B. Data confidentiality C. Availability of servers D. Integrity of data Correct Answer: B

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?

A. Hardware load balancing A. Hardware load balancing B. RAID C. A cold site D. A host standby Correct Answer: B

Which of the following devices is BEST suited for servers that need to store private keys?

A. Hardware security module A. Hardware security module B. Hardened network firewall C. Solid state disk drive D. Hardened host firewall Correct Answer: A

Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?

A. Implement WPA A. Implement WPA B. Disable SSID C. Adjust antenna placement D. Implement WEP Correct Answer: A

While working on a new project a security administrator wants to verify the integrity of the data in the organizations archive library. Which of the following is the MOST secure combination to implement to meet this goal? (Select TWO)

A. Hash with SHA A. Hash with SHA B. Encrypt with Diffie-Hellman C. Hash with MD5 D. Hash with RIPEMD E. Encrypt with AES Correct Answer: CD

Which of the following are MOST susceptible to birthday attacks?

A. Hashed passwords B. Digital certificates C. Encryption passwords D. One time passwords Correct Answer: A

Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program?

A. Hashing A. Hashing B. Key escrow C. Non-repudiation D. Steganography Correct Answer: A

Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device's removable media in the event that the device is lost or stolen?

A. Hashing A. Hashing B. Screen locks C. Device password D. Encryption Correct Answer: D

Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?

A. Hashing A. Hashing B. Stream ciphers C. Steganography D. Block ciphers Correct Answer: A

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

A. Hashing A. Hashing B. Transport encryption C. Digital signatures D. Steganography Correct Answer: D

An administrator receives a security alert that appears to be from one of the company's vendors. The email contains information and instructions for patching a serious flaw that has not been publicly announced. Which of the following can an employee use to validate the authenticity if the email?

A. Hashing algorithm A. Hashing algorithm B. Ephemeral Key C. SSL certificate chain D. Private key E. Digital signature Correct Answer: E

a malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?

A. Header manipulation B. Cookie hijacking C. Cross-site scripting D. Xml injection Correct Answer: D

While rarely enforced, mandatory vacation policies are effective at uncovering:

A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems. A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems. B. Collusion between two employees who perform the same business function. C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team. D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight. Correct Answer: D

Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime. Which of the following BEST describes the type of system Ann is installing?

A. High availability A. High availability B. Clustered C. RAID D. Load balanced Correct Answer: A

A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?

A. High availability A. High availability B. Load balancing C. Backout contingency plan D. Clustering Correct Answer: A

Purchasing receives a phone call from a vendor asking for a payment over the phone. The phone number displayed on the caller ID matches the vendor's number. When the purchasing agent asks to call the vendor back, they are given a different phone number with a different area code. Which of the following attack types is this?

A. Hoax A. Hoax B. Impersonation C. Spear phishing D. Whaling Correct Answer: B

Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?

A. Hoax A. Hoax B. Phishing C. Vishing D. Whaling Correct Answer: C

Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?

A. Honeynet A. Honeynet B. Vulnerability scanner C. Port scanner D. Protocol analyzer Correct Answer: A

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

A. Honeypot A. Honeypot B. Port scanner C. Protocol analyzer D. Vulnerability scanner Correct Answer: C

Which of the following is true about the CRL?

A. It should be kept public A. It should be kept public B. It signs other keys C. It must be kept secret D. It must be encrypted Correct Answer: A

A government agency wants to ensure that the systems they use have been deployed as security as possible. Which of the following technologies will enforce protections on these systems to prevent files and services from operating outside of a strict rule set?

A. Host based Intrusion detection B. Host-based firewall C. Trusted OS D. Antivirus Correct Answer: B

After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

A. Host based firewall A. Host based firewall B. Initial baseline configurations C. Discretionary access control D. Patch management system Correct Answer: D

A security analyst has a sample of malicious software and needs to know what the sample in a carefully controlled and monitored virtual machine to observe the software's behavior. After the software has run, the analyst returns the virtual machines OS to a pre-defined know good state using what feature of virtualization?

A. Host elasticity A. Host elasticity B. Antivirus C. sandbox D. snapshots Correct Answer: D

The security administrator runs an rpm verify command which records the MD5 sum, permissions, and timestamp of each file on the system. The administrator saves this information to a separate server. Which of the following describes the procedure the administrator has performed?

A. Host software base-lining A. Host software base-lining B. File snapshot collection C. TPM D. ROMDB verification Correct Answer: D

A security engineer is reviewing log data and sees the output below: POST: /payload.php HTTP/1.1 HOST: localhost Accept: */* Referrer: http://localhost/***** HTTP/1.1 403 Forbidden Connection: close Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log?

A. Host-based Intrusion Detection System B. Web application firewall C. Network-based Intrusion Detection System D. Stateful Inspection Firewall E. URL Content Filter Correct Answer: B

A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use. Which of the following controls would BEST address this security concern?

A. Host-based firewall A. Host-based firewall B. Cable locks C. Locking cabinets D. Surveillance video Correct Answer: C

A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?

A. Host-based firewall A. Host-based firewall B. IDS C. IPS D. Honeypot Correct Answer: B

The IT department has been tasked with reducing the risk of sensitive information being shared with unauthorized entities from computers it is saved on, without impeding the ability of the employees to access the internet. Implementing which of the following would be the best way to accomplish this objective?

A. Host-based firewalls A. Host-based firewalls B. DLP C. URL filtering D. Pop-up blockers Correct Answer: B

Each server on a subnet is configured to only allow SSH access from the administrator's workstation. Which of the following BEST describes this implementation?

A. Host-based firewalls A. Host-based firewalls B. Network firewalls C. Network proxy D. Host intrusion prevention Correct Answer: A

The datacenter design team is implementing a system, which requires all servers installed in racks to face in a predetermined direction. AN infrared camera will be used to verify that servers are properly racked. Which of the following datacenter elements is being designed?

A. Hot and cold aisles A. Hot and cold aisles B. Humidity control C. HVAC system D. EMI shielding Correct Answer: A

Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services?

A. Hot site A. Hot site B. Warm site C. Cold site D. Mobile site Correct Answer: D

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into?

A. IaaS A. IaaS B. MaaS C. SaaS D. PaaS Correct Answer: B

In an effort to test the effectiveness of an organization's security awareness training, a penetrator tester crafted an email and sent it to all of the employees to see how many of them clicked on the enclosed links. Which of the following is being tested?

A. How many employees are susceptible to a SPAM attack B. How many employees are susceptible to a cross-site scripting attack C. How many employees are susceptible to a phishing attack D. How many employees are susceptible to a vishing attack Correct Answer: A

When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation?

A. Humidity sensors A. Humidity sensors B. EMI shielding C. Channel interference D. Cable kinking Correct Answer: B

Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords?

A. Hybrid A. Hybrid B. Birthday attack C. Dictionary D. Rainbow tables Correct Answer: D

Which of the following types of cloud computing would be MOST appropriate if an organization required complete control of the environment?

A. Hybrid Cloud A. Hybrid Cloud B. Private cloud C. Community cloud D. Community cloud E. Public cloud Correct Answer: B

Which of the following would be MOST appropriate if an organization's requirements mandate complete control over the data and applications stored in the cloud?

A. Hybrid cloud A. Hybrid cloud B. Community cloud C. Private cloud D. Public cloud Correct Answer: C

Which of the following protocols allows for secure transfer of files? (Select TWO).

A. ICMP A. ICMP B. SNMP C. SFTP D. SCP E. TFTP Correct Answer: CD

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices?

A. ICMP is being blocked A. ICMP is being blocked B. SSH is not enabled C. DNS settings are wrong D. SNMP is not configured properly Correct Answer: A

A router was shut down as a result of a DoS attack. Upon review of the router logs, it was determined that the attacker was able to connect to the router using a console cable to complete the attack. Which of the following should have been implemented on the router to prevent this attack? (Select two)

A. IP ACLs should have been enabled on the console port on the router A. IP ACLs should have been enabled on the console port on the router B. Console access to the router should have been disabled C. Passwords should have been enabled on the virtual terminal interfaces on the router D. Virtual terminal access to the router should have been disabled E. Physical access to the router should have been restricted Correct Answer: BE

While responding to an incident on a new Windows server, the administrator needs to disable unused services. Which of the following commands can be used to see processes that are listening on a TCP port?

A. IPCONFIG B. Netstat C. PSINFO D. Net session Correct Answer: B

Configuring the mode, encryption methods, and security associations are part of which of the following?

A. IPSec A. IPSec B. Full disk encryption C. 802.1x D. PKI Correct Answer: A

A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?

A. IPsec A. IPsec B. SFTP C. BGP D. PPTP Correct Answer: A

A company's legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO).

A. IPv6 A. IPv6 B. SFTP C. IPSec D. SSH E. IPv4 Correct Answer: AC

A company has decided to move large data sets to a cloud provider in order to limit the costs of new infrastructure. Some of the data is sensitive and the Chief Information Officer wants to make sure both parties have a clear understanding of the controls needed to protect the data. Which of the following types of interoperability agreement is this?

A. ISA A. ISA B. MOU C. SLA D. BPA Correct Answer: A

A company has experienced problems with their ISP, which has failed to meet their informally agreed upon level of service. However the business has not negotiated any additional formal agreements beyond the standard customer terms. Which of the following is the BEST document that the company should prepare to negotiate with the ISP?

A. ISA A. ISA B. SLA C. MOU D. PBA Correct Answer: B

Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users?

A. IV attack A. IV attack B. Evil twin C. War driving D. Rogue access point Correct Answer: B

Sara, a security administrator, is noticing a slow down in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?

A. IV attack A. IV attack B. Interference C. Blue jacking D. Packet sniffing Correct Answer: A

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?

A. IV attack A. IV attack B. WEP cracking C. WPA cracking D. Rogue AP Correct Answer: C

After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?

A. IV attack A. IV attack B. War dialing C. Rogue access points D. War chalking Correct Answer: D

Which of the following is the difference between identification and authentication of a user?

A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system. A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system. B. Identification tells who the user is and authentication proves it. C. Identification proves who the user is and authentication is used to keep the users data secure. D. Identification proves who the user is and authentication tells the user what they are allowed to do. Correct Answer: B

Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?

A. Identify user habits A. Identify user habits B. Disconnect system from network C. Capture system image D. Interview witnesses Correct Answer: C

After installing a new Linux system the administrator runs a command that records the size, permissions, and MD5 sum of all the files on the system. Which of the following describes what the administrator is doing?

A. Identifying vulnerabilities A. Identifying vulnerabilities B. Design review C. Host software baselining D. Operating system hardening Correct Answer: C

Which of the following pseudocodes can be used to handle program exceptions?

A. If program detects another instance of itself, then kill program instance. A. If program detects another instance of itself, then kill program instance. B. If user enters invalid input, then restart program. C. If program module crashes, then restart program module. D. If user's input exceeds buffer length, then truncate the input. Correct Answer: C

In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise. Which of the following is MOST important to the security manager?

A. Impact A. Impact B. SLE C. ALE D. ARO Correct Answer: B

The Chief Information Officer (CIO) has asked a security analyst to determine the estimated costs associated with each potential breach of their database that contains customer information. Which of the following is the risk calculation that the CIO is asking for?

A. Impact A. Impact B. SLE C. ARO D. ALE Correct Answer: B

Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe, Ann notices a spreadsheet open on Joe's computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation?

A. Impersonation A. Impersonation B. Dumpster diving C. Tailgating D. Shoulder surfing Correct Answer: D

An attacker went to a local bank and collected disposed paper for the purpose of collecting data that could be used to steal funds and information from the bank's customers. This is an example of:

A. Impersonation A. Impersonation B. Whaling C. Dumpster diving D. Hoaxes Correct Answer: C

A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

A. Implement Group Policy to add the account to the users group on the hosts A. Implement Group Policy to add the account to the users group on the hosts B. Add the account to the Domain Administrator group C. Add the account to the Users group on the hosts D. Implement Group Policy to add the account to the Power Users group on the hosts. Correct Answer: A

An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts. A. Implement IIS hardening by restricting service accounts. B. Implement database hardening by applying vendor guidelines. C. Implement perimeter firewall rules to restrict access. D. Implement OS hardening by applying GPOs. Correct Answer: D

Which of the following best practices makes a wireless network more difficult to find?

A. Implement MAC filtering A. Implement MAC filtering B. UseWPA2-PSK C. Disable SSID broadcast D. Power down unused WAPs Correct Answer: C

Which of the following would Pete, a security administrator, do to limit a wireless signal from penetrating the exterior walls?

A. Implement TKIP encryption A. Implement TKIP encryption B. Consider antenna placement C. Disable the SSID broadcast D. Disable WPA Correct Answer: B

A security administrator is reviewing logs and notices multiple attempts to access the HVAC controls by a workstation with an IP address from the open wireless network. Which of the following would be the best way to prevent this type of attack from occurring again?

A. Implement VLANs to separate the HVAC A. Implement VLANs to separate the HVAC B. Enable WPA2 security for the wireless network C. Install a HIDS to protect the HVAC system D. Enable Mac filtering for the wireless network Correct Answer: D

Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?

A. Implement a HIDS to protect the SCADA system A. Implement a HIDS to protect the SCADA system B. Implement a Layer 2 switch to access the SCADA system C. Implement a firewall to protect the SCADA system D. Implement a NIDS to protect the SCADA system Correct Answer: C

A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day. Which of the following could the security administrator implement to reduce the risk associated with the finding?

A. Implement a clean desk policy B. Security training to prevent shoulder surfing C. Enable group policy based screensaver timeouts D. Install privacy screens on monitors Correct Answer: C

An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?

A. Implement a password expiration policy. A. Implement a password expiration policy. B. Implement an account expiration date for permanent employees. C. Implement time of day restrictions for all temporary employees. D. Run a last logon script to look for inactive accounts. Correct Answer: D

A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

A. Implement a virtual firewall A. Implement a virtual firewall B. Install HIPS on each VM C. Virtual switches with VLANs D. Develop a patch management guide Correct Answer: C

A company has had their web application become unavailable several times in the past few months due to increased demand. Which of the following should the company perform to increase availability?

A. Implement a web application firewall to prevent DDoS attacks' A. Implement a web application firewall to prevent DDoS attacks' B. Configure the firewall to work with the IPS to rate limit customer requests C. Implement a load balancer to distribute traffic based on back end server utilization D. Configure the web server to detect race conditions and automatically restart the web services Correct Answer: C

A web administrator has just implemented a new web server to be placed in production. As part of the company's security plan, any new system must go through a security test before it is placed in production. The security team runs a port scan resulting in the following data: 21 tcp open FTP 23 tcp open Telnet 22 tcp open SSH 25 UDP open smtp 110 tcp open pop3 443 tcp open https Which of the following is the BEST recommendation for the web administrator?

A. Implement an IPS A. Implement an IPS B. Disable unnecessary services C. Disable unused accounts D. Implement an IDS E. Wrap TELNET in SSL Correct Answer: B

Ann a user has been promoted from a sales position to sales manager. Which of the following risk mitigation strategies would be MOST appropriate when a user changes job roles?

A. Implement data loss prevention B. Rest the user password C. User permissions review D. Notify incident management Correct Answer: C

The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window?

A. Implement deduplication at the network level between the two locations B. Implement deduplication on the storage array to reduce the amount of drive space needed C. Implement deduplication on the server storage to reduce the data backed up D. Implement deduplication on both the local and remote servers Correct Answer: B

An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft?

A. Implement full disk encryption A. Implement full disk encryption B. Store on encrypted removable media C. Utilize a hardware security module D. Store on web proxy file system Correct Answer: C

A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?

A. Implement privacy policies A. Implement privacy policies B. Enforce mandatory vacations C. Implement a security policy D. Enforce time of day restrictions Correct Answer: B

The chief security officer (CSO) has reported a rise in data loss but no break-ins have occurred. By doing which of the following would the CSO MOST likely to reduce the number of incidents?

A. Implement protected distribution B. Employ additional firewalls C. Conduct security awareness training D. Install perimeter barricades Correct Answer: C

The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing which of the following is the CSO most likely to reduce the number of incidents?

A. Implement protected distribution B. Empty additional firewalls C. Conduct security awareness training D. Install perimeter barricades Correct Answer: A

A security administrator has concerns that employees are installing unapproved applications on their company provide smartphones. Which of the following would BEST mitigate this?

A. Implement remote wiping user acceptance policies A. Implement remote wiping user acceptance policies B. Disable removable storage capabilities C. Implement an application whitelist D. Disable the built-in web browsers Correct Answer: C

A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis?

A. Insufficient encryption methods A. Insufficient encryption methods B. Large scale natural disasters C. Corporate espionage D. Lack of antivirus software Correct Answer: D

A new employee has been hired to perform system administration duties across a large enterprise comprised of multiple separate security domains. Each remote location implements a separate security domain. The new employee has successfully responded to and fixed computer issues for the main office. When the new employee tries to perform work on remote computers, the following messages appears. You need permission to perform this action. Which of the following can be implemented to provide system administrators with the ability to perform administrative tasks on remote computers using their uniquely assigned account?

A. Implement transitive trust across security domains B. Enable the trusted OS feature across all enterprise computers C. Install and configure the appropriate CA certificate on all domain controllers D. Verify that system administrators are in the domain administrator group in the main office Correct Answer: A

Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?

A. Implement voice encryption, pop-up blockers, and host-based firewalls. A. Implement voice encryption, pop-up blockers, and host-based firewalls. B. Implement firewalls, network access control, and strong passwords. C. Implement screen locks, device encryption, and remote wipe capabilities. D. Implement application patch management, antivirus, and locking cabinets. Correct Answer: C

A system administrator is implementing a firewall ACL to block specific communication to and from a predefined list of IP addresses, while allowing all other communication. Which of the following rules is necessary to support this implementation?

A. Implicit allow as the last rule B. Implicit allow as the first rule C. Implicit deny as the first rule D. Implicit deny as the last rule Correct Answer: C

Given the following set of firewall rules: From the inside to outside allow source any destination any port any From inside to dmz allow source any destination any port tcp-80 From inside to dmz allow source any destination any port tcp-443 Which of the following would prevent FTP traffic from reaching a server in the DMZ from the inside network?

A. Implicit deny A. Implicit deny B. Policy routing C. Port forwarding D. Forwarding proxy Correct Answer: A

An administrator, Ann, wants to ensure that only authorized devices are connected to a switch. She decides to control access based on MAC addresses. Which of the following should be configured?

A. Implicit deny A. Implicit deny B. Private VLANS C. Flood guard D. Switch port security Correct Answer: D

A security administrator implements access controls based on the security classification of the data and needto- know information. Which of the following BEST describes this level of access control?

A. Implicit deny A. Implicit deny B. Role-based Access Control C. Mandatory Access Controls D. Least privilege Correct Answer: C

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

A. Implicit deny A. Implicit deny B. VLAN management C. Port security D. Access control lists Correct Answer: D

In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?

A. Import the recipient's public key A. Import the recipient's public key B. Import the recipient's private key C. Export the sender's private key D. Export the sender's public key Correct Answer: A

The administrator installs database software to encrypt each field as it is written to disk. Which of the following describes the encrypted data?

A. In-transit B. In-use C. Embedded D. At-rest Correct Answer: B

A security analyst, while doing a security scan using packet c capture security tools, noticed large volumes of data images of company products being exfiltrated to foreign IP addresses. Which of the following is the FIRST step in responding to scan results?

A. Incident identification B. Implement mitigation C. Chain of custody D. Capture system image Correct Answer: B

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

A. Incident management A. Incident management B. Clean desk policy C. Routine audits D. Change management Correct Answer: D

Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?

A. Incident management A. Incident management B. Server clustering C. Change management D. Forensic analysis Correct Answer: C

Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO).

A. Increase password complexity A. Increase password complexity B. Deploy an IDS to capture suspicious logins C. Implement password history D. Implement monitoring of logins E. Implement password expiration F. Increase password length Correct Answer: AF

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack?

A. Integer overflow attack B. Smurf attack C. Replay attack D. Buffer overflow attack E. Cross-site scripting attack Correct Answer: C

Ann, a security administrator, is strengthening the security controls of the company's campus. Her goal is to prevent people from accessing open locations that are not supervised, such as around the receiving dock. She is also concerned that employees are using these entry points as a way of bypassing the security guard at the main entrance. Which of the following should Ann recommend that would BEST address her concerns?

A. Increase the lighting surrounding every building on campus A. Increase the lighting surrounding every building on campus B. Build fences around campus with gate entrances C. Install cameras to monitor the unsupervised areas D. Construct bollards to prevent vehicle entry in non-supervised areas Correct Answer: B

A system administrator wants to configure a setting that will make offline password cracking more challenging. Currently the password policy allows upper and lower case characters a minimum length of 5 and a lockout after 10 invalid attempts. Which of the following has the GREATEST impact on the time it takes to crack the passwords?

A. Increase the minimum password length to 8 while keeping the same character set A. Increase the minimum password length to 8 while keeping the same character set B. Implement an additional password history and reuse policy C. Allow numbers and special characters in the password while keeping the minimum length at 5 D. Implement an account lockout policy after three unsuccessful logon attempts Correct Answer: D

A security administrator is concerned about the strength of user's passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

A. Increase the password length requirements A. Increase the password length requirements B. Increase the password history C. Shorten the password expiration period D. Decrease the account lockout time Correct Answer: C

Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?

A. Increased availability of network services due to higher throughput A. Increased availability of network services due to higher throughput B. Longer MTBF of hardware due to lower operating temperatures C. Higher data integrity due to more efficient SSD cooling D. Longer UPS run time due to increased airflow Correct Answer: B

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?

A. Information Security Awareness A. Information Security Awareness B. Social Media and BYOD C. Data Handling and Disposal D. Acceptable Use of IT Systems Correct Answer: A

After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points: Corpnet Coffeeshop FreePublicWifi Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?

A. Infrastructure as a Service A. Infrastructure as a Service B. Load balancer C. Evil twin D. Virtualized network Correct Answer: C

An IT director is looking to reduce the footprint of their company's server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement?

A. Infrastructure as a Service A. Infrastructure as a Service B. Storage as a Service C. Platform as a Service D. Software as a Service Correct Answer: A

When designing a corporate NAC solution, which of the following is the MOST relevant integration issue?

A. Infrastructure time sync A. Infrastructure time sync B. End user mobility C. 802.1X supplicant compatibility D. Network Latency E. Network Zoning Correct Answer: D

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

A. Initial baseline configuration snapshots A. Initial baseline configuration snapshots B. Firewall, IPS and network segmentation C. Event log analysis and incident response D. Continuous security monitoring processes Correct Answer: D

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

A. Input validation A. Input validation B. Exception handling C. Application hardening D. Fuzzing Correct Answer: D

A company's security administrator wants to manage PKI for internal systems to help reduce costs. Which of the following is the FIRST step the security administrator should take?

A. Install a registration server. A. Install a registration server. B. Generate shared public and private keys. C. Install a CA D. Establish a key escrow policy. Correct Answer: C

A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future?

A. Install host-based firewalls on all computers that have an email client installed B. Set the email program default to open messages in plain text C. Install end-point protection on all computers that access web email D. Create new email spam filters to delete all messages from that sender Correct Answer: C

A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access?

A. Intrusion Prevention Systems A. Intrusion Prevention Systems B. MAC filtering C. Flood guards D. 802.1x Correct Answer: D

A video surveillance audit recently uncovered that an employee plugged in a personal laptop and used the corporate network to browse inappropriate and potentially malicious websites after office hours. Which of the following could BEST prevent a situation like this form occurring again?

A. Intrusion detection A. Intrusion detection B. Content filtering C. Port security D. Vulnerability scanning Correct Answer: C

A distributed denial of service attack can BEST be described as:

A. Invalid characters being entered into a field in a database application. A. Invalid characters being entered into a field in a database application. B. Users attempting to input random or invalid data into fields within a web browser application. C. Multiple computers attacking a single target in an organized attempt to deplete its resources. D. Multiple attackers attempting to gain elevated privileges on a target system. Correct Answer: C

Which of the following is the MOST important step for preserving evidence during forensic procedures?

A. Involve law enforcement A. Involve law enforcement B. Chain of custody C. Record the time of the incident D. Report within one hour of discovery Correct Answer: B

Which of the following is true about the recovery agent?

A. It can decrypt messages of users who lost their private key. A. It can decrypt messages of users who lost their private key. B. It can recover both the private and public key of federated users. C. It can recover and provide users with their lost or private key. D. It can recover and provide users with their lost public key. Correct Answer: A

Which statement is TRUE about the operation of a packet sniffer?

A. It can only have one interface on a management network. A. It can only have one interface on a management network. B. They are required for firewall operation and stateful inspection. C. The Ethernet card must be placed in promiscuous mode. D. It must be placed on a single virtual LAN interface. Correct Answer: C

A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?

A. It can protect multiple domains B. It provides extended site validation C. It does not require a trusted certificate authority D. It protects unlimited subdomains Correct Answer: B

Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter with Chain Block Message Authentication Code)?

A. It enables the ability to reverse the encryption with a separate key A. It enables the ability to reverse the encryption with a separate key B. It allows for one time pad inclusions with the passphrase C. Counter mode alternates between synchronous and asynchronous encryption D. It allows a block cipher to function as a steam cipher Correct Answer: D

Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? PERMIT TCP ANY HOST 192.168.0.10 EQ 80 PERMIT TCP ANY HOST 192.168.0.10 EQ 443

A. It implements stateful packet filtering. A. It implements stateful packet filtering. B. It implements bottom-up processing. C. It failed closed. D. It implements an implicit deny. Correct Answer: D

An administrator is investigating a system that may potentially be compromised and sees the following log entries on the router. *Jul 15 14:47:29.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 3 packets. *Jul 15 14:47:38.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 6 packets. *Jul 15 14:47:45.779: %Router1: list 101 permitted TCP 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 8 packets. Which of the following BEST describes the compromised system?

A. It is running a rogue web server A. It is running a rogue web server B. It is being used in a man-in-the-middle attack C. It is participating in a botnet D. It is an ARP poisoning attack Correct Answer: C

An administrator is investigating a system that may potentially be compromised, and sees the following log entries on the router. *Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 3 packets. *Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 6 packets. *Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 10.10.1.5 (6667), 8 packets. Which of the following BEST describes the compromised system?

A. It is running a rogue web server A. It is running a rogue web server B. It is being used in a man-in-the-middle attack C. It is participating in a botnet D. It is an ARP poisoning attack Correct Answer: C

In regards to secure coding practices, why is input validation important?

A. It mitigates buffer overflow attacks. A. It mitigates buffer overflow attacks. B. It makes the code more readable. C. It provides an application configuration baseline. D. It meets gray box testing standards. Correct Answer: A

A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos?

A. It provides authentication services B. It uses tickets to identify authenticated users C. It provides single sign-on capability D. It uses XML for cross-platform interoperability Correct Answer: B

Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?

A. It should be enforced on the client side only. A. It should be enforced on the client side only. B. It must be protected by SSL encryption. C. It must rely on the user's knowledge of the application. D. It should be performed on the server side. Correct Answer: D

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future?

A. Job rotation A. Job rotation B. Separation of duties C. Mandatory Vacations D. Least Privilege Correct Answer: B

A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the supervisor terminates an employee as a result of the suspected data loss. During the investigation, the supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following?

A. Job rotation B. Log failure C. Lack of training D. Insider threat Correct Answer: B

Prior to leaving for an extended vacation, Joe uses his mobile phone to take a picture of his family in the house living room. Joe posts the picture on a popular social media site together with the message: "Heading to our two weeks vacation to Italy." Upon returning home, Joe discovers that the house was burglarized. Which of the following is the MOST likely reason the house was burglarized if nobody knew Joe's home address?

A. Joe has enabled the device access control feature on his mobile phone. A. Joe has enabled the device access control feature on his mobile phone. B. Joe's home address can be easily found using the TRACEROUTE command. C. The picture uploaded to the social media site was geo-tagged by the mobile phone. D. The message posted on the social media site informs everyone the house will be empty. Correct Answer: C

Which of the following types of authentication packages user credentials in a ticket?

A. Kerberos A. Kerberos B. LDAP C. TACACS+ D. RADIUS Correct Answer: A

Jane, a security administrator, has been tasked with explaining authentication services to the company's management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company's environment?

A. Kerberos A. Kerberos B. Least privilege C. TACACS+ D. LDAP Correct Answer: A

A technician has deployed a new VPN concentrator. The device needs to authenticate users based on a backend directory service. Which of the following services could be run on the VPN concentrator to perform this authentication?

A. Kerberos A. Kerberos B. RADIUS C. GRE D. IPSec Correct Answer: B

A system administrator is configuring shared secrets on servers and clients. Which of the following authentication services is being deployed by the administrator? (Select two.)

A. Kerberos A. Kerberos B. RADIUS C. TACACS+ D. LDAP E. Secure LDAP Correct Answer: BD

Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of TLS?

A. Kerberos A. Kerberos B. TACACS+ C. RADIUS D. LDAP Correct Answer: D

An information bank has been established to store contacts, phone numbers and other records. An application running on UNIX would like to connect to this index server using port 88. Which of the following authentication services would this use this port by default?

A. Kerberos A. Kerberos B. TACACS+ C. Radius D. LDAP Correct Answer: A

Which of the following authentication services uses a default TCP port of 88?

A. Kerberos A. Kerberos B. TACACS+ C. SAML D. LDAP Correct Answer: A

Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?

A. Key escrow A. Key escrow B. Non-repudiation C. Multifactor authentication D. Hashing Correct Answer: B

A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity?

A. Key escrow A. Key escrow B. Private key verification C. Public key verification D. Certificate revocation list Correct Answer: D

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the following can be implemented to enable users to share encrypted data while abiding by company policies?

A. Key escrow B. Digital signatures C. PKI D. Hashing Correct Answer: B

A company is implementing a system to transfer direct deposit information to a financial institution. One of the requirements is that the financial institution must be certain that the deposit amounts within the file have not been changed. Which of the following should be used to meet the requirement?

A. Key escrow B. Perfect forward secrecy C. Transport encryption D. Digital signatures E. File encryption Correct Answer: D

A company has a corporate infrastructure where end users manage their own certificate keys. Which of the following is considered the MOST secure way to handle master keys associated with these certificates?

A. Key escrow with key recovery A. Key escrow with key recovery B. Trusted first party C. Personal Identity Verification D. Trusted third party Correct Answer: A

A Windows- based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?

A. Kill all system processes A. Kill all system processes B. Enable the firewall C. Boot from CD/USB D. Disable the network connection Correct Answer: C

A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?

A. Kill all system processes A. Kill all system processes B. Enable the firewall C. Boot from CD/USB D. Disable the network connection Correct Answer: C

An application developer needs to allow employees to use their network credentials to access a new application being developed. Which of the following should be configured in the new application to enable this functionality?

A. LDAP A. LDAP B. ACLs C. SNMP D. IPSec Correct Answer: A

Which of the following authentication services combines authentication and authorization in a use profile and use UDP?

A. LDAP A. LDAP B. Kerberos C. TACACS+ D. RADIUS Correct Answer: D

A software company sends their offsite backup tapes to a third party storage facility. TO meet confidentiality the tapes should be:

A. Labeled A. Labeled B. Hashed C. Encrypted D. Duplicated Correct Answer: A

Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees' computers?

A. Least privilege accounts A. Least privilege accounts B. Host-based firewalls C. Intrusion Detection Systems D. Application white listing Correct Answer: D

Which of the following should a company deploy to prevent the execution of some types of malicious code?

A. Least privilege accounts A. Least privilege accounts B. Host-based firewalls C. Intrusion Detection systems D. Application white listing Correct Answer: B

An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).

A. Length of password A. Length of password B. Password history C. Minimum password age D. Password expiration E. Password complexity F. Non-dictionary words Correct Answer: BC

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?

A. Lessons Learned A. Lessons Learned B. Eradication C. Recovery D. Preparation Correct Answer: D

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?

A. Lessons Learned A. Lessons Learned B. Preparation C. Eradication D. Identification Correct Answer: B

A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?

A. Leverage role-based access controls. A. Leverage role-based access controls. B. Perform user group clean-up. C. Verify smart card access controls. D. Verify SHA-256 for password hashes. Correct Answer: B

The help desk is experiencing a higher than normal amount of calls from users reporting slow response from the application server. After analyzing the data from a packet capturing tool, the head of the network engineering department determines that the issue is due, in part from the increase of personnel recently hired to perform application development. Which of the following would BEST assist in correcting this issue?

A. Load balancer A. Load balancer B. Spam filter C. VPN Concentrator D. NIDS Correct Answer: A

Joe has hired several new security administrators and have been explaining the4 design of the company's network. He has described the position and descriptions of the company's firewalls, IDS sensors, antivirus server, DMZs, and HIPS. Which of the following best describes the incorporation of these elements?

A. Load balancers B. Defense in depth C. Network segmentation D. UTM security appliance Correct Answer: B

Which of the following provides data the best fault tolerance at the LOWEST cost?

A. Load balancing A. Load balancing B. Clustering C. Server virtualization D. RAID 6 Correct Answer: D

A university has a building that holds the power generators for the entire campus. A risk assessment was completed for the university and the generator building was labeled as a high risk. Fencing and lighting was installed to reduce risk. Which of the following security goals would this meet?

A. Load balancing A. Load balancing B. Non-repudiation C. Disaster recovery D. Physical security Correct Answer: D

Which of the following is primarily used to provide fault tolerance at the application level? (Select TWO)

A. Load balancing A. Load balancing B. RAID array C. RAID 6 D. Server clustering E. JBOD array Correct Answer: BD

While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?

A. Log Analysis A. Log Analysis B. VLAN Management C. Network separation D. 802.1x Correct Answer: D

The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?

A. Log audits A. Log audits B. System hardening C. Use IPS/IDS D. Continuous security monitoring Correct Answer: D

In an environment where availability is critical such as Industrial control and SCADA networks, which of the following technologies in the MOST critical layer of defense for such systems?

A. Log consolidation A. Log consolidation B. Intrusion Prevention system C. Automated patch deployment D. Antivirus software Correct Answer: B

Which of the following is a best practice for error and exception handling?

A. Log detailed exception but display generic error message A. Log detailed exception but display generic error message B. Display detailed exception but log generic error message C. Log and display detailed error and exception messages D. Do not log or display error or exception messages Correct Answer: A

Which of the following is an attack designed to activate based on time?

A. Logic Bomb A. Logic Bomb B. Backdoor C. Trojan D. Rootkit Correct Answer: A

Which of the following BEST describes malware that tracks a user's web browsing habits and injects the attacker's advertisements into unrelated web pages? (Select TWO)

A. Logic bomb A. Logic bomb B. Backdoor C. Ransomware D. Adware E. Botnet F. Spyware Correct Answer: CD

Which of the following is an attack designed to activate based on date?

A. Logic bomb A. Logic bomb B. Backdoor C. Trojan D. Rootkit Correct Answer: A

One month after a software developer was terminated the helpdesk started receiving calls that several employees' computers were being infected with malware. Upon further research, it was determined that these employees had downloaded a shopping toolbar. It was this toolbar that downloaded and installed the errant code. Which of the following attacks has taken place?

A. Logic bomb A. Logic bomb B. Cross-site scripting C. SQL injection D. Malicious add-on Correct Answer: A

During a routine configuration audit, a systems administrator determines that a former employee placed an executable on an application server. Once the system was isolated and diagnosed, it was determined that the executable was programmed to establish a connection to a malicious command and control server. Which of the following forms of malware is best described in the scenario?

A. Logic bomb A. Logic bomb B. Rootkit C. Back door D. Ransomware Correct Answer: C

Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

A. Logic bomb A. Logic bomb B. Worm C. Trojan D. Adware Correct Answer: C

Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met?

A. Logic bomb B. Trojan C. Scareware D. Ransomware Correct Answer: A

A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:

A. Logic bomb. A. Logic bomb. B. Backdoor. C. Adware application. D. Rootkit. Correct Answer: B

Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

A. Logical token A. Logical token B. Performance monitor C. Public key infrastructure D. Trusted platform module Correct Answer: B

Which of the following is a management control?

A. Logon banners A. Logon banners B. Written security policy C. SYN attack prevention D. Access Control List (ACL) Correct Answer: B

Ann, a security administrator is hardening the user password policies. She currently has the following in place. Passwords expire every 60 days Password length is at least eight characters Passwords must contain at least one capital letter and one numeric character Passwords cannot be reused until the password has been changed eight times She learns that several employees are still using their original password after the 60-day forced change. Which of the following can she implement to BEST mitigate this?

A. Lower the password expiry time to every 30days instead of every 60 days A. Lower the password expiry time to every 30days instead of every 60 days B. Require that the password contains at least one capital, one numeric, and one special character C. Change the re-usage time from eight to 16 changes before a password can be repeated D. Create a rule that users can only change their passwords once every two weeks Correct Answer: D

While responding to an incident on a Linux server, the administrator needs to disable unused services. Which of the following commands can be used to see processes that are listening on a TCP port?

A. Lsof A. Lsof B. Tcpdump C. Top D. Ifconfig Correct Answer: A

Data confidentiality must be enforces on a secure database. Which of the following controls meets this goal? (Select TWO)

A. MAC A. MAC B. Lock and key C. Encryption D. Non-repudiation E. Hashing Correct Answer: CE

Which of the following means of wireless authentication is easily vulnerable to spoofing?

A. MAC Filtering A. MAC Filtering B. WPA - LEAP C. WPA - PEAP D. Enabled SSID Correct Answer: A

Which of the following provides the strongest authentication security on a wireless network?

A. MAC filter A. MAC filter B. WPA2 C. WEP D. Disable SSID broadcast Correct Answer: B

Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server?

A. MAC filter list A. MAC filter list B. Recovery agent C. Baselines D. Access list Correct Answer: C

A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on:

A. MAC filtering. A. MAC filtering. B. System hardening. C. Rogue machine detection. D. Baselining. Correct Answer: D

A local hospital with a large four-acre campus wants to implement a wireless network so that doctors can use tablets to access patients' medical data. The hospital also wants to provide guest access to the internet for hospital patients and visitors in select areas. Which of the following areas should be addressed FIRST?

A. MAC filters A. MAC filters B. Site Survey C. Power level controls D. Antenna types Correct Answer: B

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?

A. MAC spoofing B. Pharming C. Xmas attack D. ARP poisoning Correct Answer: A

While performing surveillance activities an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security controls?

A. MAC spoofing B. Pharming C. Xmas attack D. ARP poisoning Correct Answer: D

A security administrator has been asked to implement a VPN that will support remote access over IPSEC. Which of the following is an encryption algorithm that would meet this requirement?

A. MD5 B. AES C. UDP D. PKI Correct Answer: B

A forensics analyst is tasked identifying identical files on a hard drive. Due to the large number of files to be compared, the analyst must use an algorithm that is known to have the lowest collision rate. Which of the following should be selected?

A. MD5 B. RC4 C. SHA-128 D. AES-256 Correct Answer: C

In an effort to reduce data storage requirements, a company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

A. MD5 B. SHA C. RIPEMD D. AES Correct Answer: B

A company wants to prevent end users from plugging unapproved smartphones into PCs and transferring data. Which of the following would be the BEST control to implement?

A. MDM A. MDM B. IDS C. DLP D. HIPS Correct Answer: C

Which of the following should identify critical systems and components?

A. MOU B. BPA C. ITCP D. BCP Correct Answer: D

A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?

A. MPLS should be run in IPVPN mode. A. MPLS should be run in IPVPN mode. B. SSL/TLS for all application flows. C. IPSec VPN tunnels on top of the MPLS link. D. HTTPS and SSH for all application flows. Correct Answer: C

A security administrator is reviewing the company's data backup plan. The plan implements nightly offsite data replication to a third party company. Which of the following documents specifies how much data can be stored offsite, and how quickly the data can be retrieved by the company from the third party?

A. MTBF A. MTBF B. SLA C. RFQ D. ALE Correct Answer: B

An intrusion has occurred in an internet facing system. The security administrator would like to gather forensic evidence while the system is still in operation. Which of the following procedures should the administrator perform FIRST on the system?

A. Make a drive image A. Make a drive image B. Take hashes of system data C. Collect information in RAM D. Capture network traffic Correct Answer: D

A server administrator notes that a fully patched application often stops running due to a memory error. When reviewing the debugging logs they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describes?

A. Malicious add-on A. Malicious add-on B. SQL injection C. Cross site scripting D. Zero-day Correct Answer: D

Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?

A. Malicious code on the local system A. Malicious code on the local system B. Shoulder surfing C. Brute force certificate cracking D. Distributed dictionary attacks Correct Answer: A

Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?

A. Malicious logic A. Malicious logic B. Cross-site scripting C. SQL injection D. Buffer overflow Correct Answer: D

Users can authenticate to a company's web applications using their credentials form a popular social media site. Which of the following poses the greatest risk with this integration?

A. Malicious users can exploit local corporate credentials with their social media credentials A. Malicious users can exploit local corporate credentials with their social media credentials B. Changes to passwords on the social media site can be delayed from replicating to the company C. Data loss from the corporate servers can create legal liabilities with the social media site D. Password breaches to the social media affect the company application as well Correct Answer: D

Users can authenticate to a company's web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration?

A. Malicious users can exploit local corporate credentials with their social media credentials A. Malicious users can exploit local corporate credentials with their social media credentials B. Changes to passwords on the social media site can be delayed from replicating to the company C. Data loss from the corporate servers can create legal liabilities with the social media site D. Password breaches to the social media site affect the company application as well Correct Answer: D

A news and weather toolbar was accidently installed into a web browser. The toolbar tracks users online activities and sends them to a central logging server. Which of the following attacks took place?

A. Man-in-the-browser B. Flash cookies C. Session hijacking D. Remote code execution E. Malicious add-on Correct Answer: E

A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room?

A. Man-in-the-middle A. Man-in-the-middle B. Tailgating C. Impersonation D. Spoofing Correct Answer: C

Which of the following access control methodologies provides an individual with the most restrictive access rights to successfully perform their authorized duties?

A. Mandatory Access Control B. Rule Based Access Control C. Least Privilege D. Implicit Deny E. Separation of Duties Correct Answer: C

One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?

A. Mandatory access A. Mandatory access B. Rule-based access control C. Least privilege D. Job rotation Correct Answer: C

Ann the security administrator has been reviewing logs and has found several overnight sales personnel are accessing the finance department's network shares. Which of the following security controls should be implemented to BEST remediate this?

A. Mandatory access A. Mandatory access B. Separation of duties C. Time of day restrictions D. Role based access Correct Answer: C

A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?

A. Mandatory access control A. Mandatory access control B. Discretionary access control C. Rule based access control D. Role based access control Correct Answer: A

A group of users from multiple departments are working together on a project and will maintain their digital output in a single location. Which of the following is the BEST method to ensure access is restricted to use by only these users?

A. Mandatory access control A. Mandatory access control B. Rule-based access C. Group based privileges D. User assigned privileges Correct Answer: D

Which of the following access controls enforces permissions based on data labeling at specific levels?

A. Mandatory access control A. Mandatory access control B. Separation of duties access control C. Discretionary access control D. Role based access control Correct Answer: A

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented?

A. Mandatory access control B. Discretionary access control C. Role based access control D. Rule-based access control Correct Answer: B

Ann has read and written access to an employee database, while Joe has only read access. Ann is leaving for a conference. Which of the following types of authorization could be utilized to trigger write access for Joe when Ann is absent?

A. Mandatory access control B. Role-based access control C. Discretionary access control D. Rule-based access control Correct Answer: D

After an audit, it was discovered that the security group memberships were not properly adjusted for employees' accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).

A. Mandatory access control enforcement. A. Mandatory access control enforcement. B. User rights and permission reviews. C. Technical controls over account management. D. Account termination procedures. E. Management controls over account management. F. Incident management and response plan. Correct Answer: BE

A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies?

A. Mandatory access controls B. Disable remote login C. Host hardening D. Disabling services Correct Answer: C

Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern?

A. Mandatory vacations A. Mandatory vacations B. Time of day restrictions C. Least privilege D. Separation of duties Correct Answer: D

Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?

A. Matt should implement access control lists and turn on EFS. A. Matt should implement access control lists and turn on EFS. B. Matt should implement DLP and encrypt the company database. C. Matt should install Truecrypt and encrypt the company server. D. Matt should install TPMs and encrypt the company database. Correct Answer: B

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).

A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements. A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements. B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. C. Developed recovery strategies, test plans, post-test evaluation and update processes. D. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential. E. Methods to review and report on system logs, incident response, and incident handling. Correct Answer: AB

A company has recently begun to provide internal security awareness for employees. Which of the following would be used to demonstrate the effectiveness of the training?

A. Metrics A. Metrics B. Business impact analysis C. Certificate of completion D. Policies Correct Answer: C

During a recent audit, the auditors cited the company's current virtual machine infrastructure as a concern. The auditors cited the fact that servers containing sensitive customer information reside on the same physical host as numerous virtual machines that follow less stringent security guild lines. Which of the following would be the best choice to implement to address this audit concern while maintain the current infrastructure?

A. Migrate the individual virtual machines that do not contain sensitive data to separate physical machines A. Migrate the individual virtual machines that do not contain sensitive data to separate physical machines B. Implement full disk encryption on all servers that do not contain sensitive customer data C. Move the virtual machines that contain the sensitive information to a separate host D. Create new VLANs and segment the network according to the level of data sensitivity Correct Answer: D

Which of the following MOST interferes with network-based detection techniques?

A. Mime-encoding A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts Correct Answer: B

Company policy requires employees to change their passwords every 60 days. The security manager has verified all systems are configured to expire passwords after 60 days. Despite the policy and technical configuration, weekly password audits suggest that some employees have had the same weak passwords in place longer than 60 days. Which of the following password parameters is MOST likely misconfigured?

A. Minimum lifetime A. Minimum lifetime B. Complexity C. Length D. Maximum lifetime Correct Answer: B

A system administrator must configure the company's authentication system to ensure that users will be unable to reuse the last ten passwords within a six months period. Which of the following settings must be configured? (Select Two)

A. Minimum password age B. Password complexity C. Password history D. Minimum password length E. Multi-factor authentication F. Do not store passwords with reversible encryption Correct Answer: AC

Which of the following is BEST described by a scenario where management chooses not to implement a security control for a given risk?

A. Mitigation A. Mitigation B. Avoidance C. Acceptance D. Transference Correct Answer: C

In which of the following steps of incident response does a team analyse the incident and determine steps to prevent a future occurrence?

A. Mitigation A. Mitigation B. Identification C. Preparation D. Lessons learned Correct Answer: D

Which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?

A. Mitigation A. Mitigation B. Identification C. Preparation D. Lessons learned Correct Answer: D

A web startup wants to implement single sign-on where its customers can log on to the site by suing their personal and existing corporate email credentials regardless of which company they work for. Is this directly supported by SAML?

A. Mo not without extensive partnering and API integration with all required email providers A. Mo not without extensive partnering and API integration with all required email providers B. Yes SAML is a web based single sign-on implementation exactly fir this purpose C. No a better approach would be to use required email providers LDAP or RADIUS repositories D. Yes SAML can use oauth2 to provide this functionality out of the box Correct Answer: B

Which of the following types of encryption will help in protecting files on a PED?

A. Mobile device encryption A. Mobile device encryption B. Transport layer encryption C. Encrypted hidden container D. Database encryption Correct Answer: A

Which of the following technologies when applied to android and iOS environments, can an organization use to add security restrictions and encryption to existing mobile applications? (Select Two)

A. Mobile device management A. Mobile device management B. Containerization C. Application whitelisting D. Application wrapping E. Mobile application store Correct Answer: AC

A bank chief information security officer (CISO) is responsible for a mobile banking platform that operates natively on iOS and Andriod. Which of the following security controls helps protect the associated publicly accessible API endpoints?

A. Mobile device management A. Mobile device management B. Jailbreak detection C. Network segmentation D. Application firewalls Correct Answer: D

After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO)

A. Monitor VPN client access B. Reduce failed login out settings C. Develop and implement updated access control policies D. Review and address invalid login attempts E. Increase password complexity requirements F. Assess and eliminate inactive accounts Correct Answer: EF

A company has been attacked and their website has been altered to display false information. The security administrator disables the web server service before restoring the website from backup. An audit was performed on the server and no other data was altered. Which of the following should be performed after the server has been restored?

A. Monitor all logs for the attacker's IP A. Monitor all logs for the attacker's IP B. Block port 443 on the web server C. Install and configure SSL to be used on the web server D. Configure the web server to be in VLAN 0 across the network Correct Answer: B

A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this goal?

A. Monitoring event logs daily A. Monitoring event logs daily B. Disabling unnecessary services C. Deploying a content filter on the network D. Deploy an IDS on the network Correct Answer: B

Separation of duties is often implemented between developers and administrators in order to separate which of the following?

A. More experienced employees from less experienced employees A. More experienced employees from less experienced employees B. Changes to program code and the ability to deploy to production C. Upper level management users from standard development employees D. The network access layer from the application access layer Correct Answer: B

A security manager received reports of several laptops containing confidential data stolen out of a lab environment. The lab is not a high security area and is secured with physical key locks. The security manager has no information to provide investigators related to who may have stolen the laptops. Which of the following should the security manager implement to improve legal and criminal investigations in the future?

A. Motion sensors B. Mobile device management C. CCTV D. Cable locks E. Full-disk encryption Correct Answer: C

A breach at a credit card company resulted in customers credit card information being exposed . The company has conducted a full forensic investigation and identified the source of the breach. Which of the following should the company do NEXT?

A. Move to the incident identification phase A. Move to the incident identification phase B. Implement the risk assessment plan C. Implement damage and loss control procedures D. Implement first responder processes Correct Answer: C

A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?

A. Multi-factor authentication A. Multi-factor authentication B. Smart card access C. Same Sign-On D. Single Sign-On Correct Answer: D

Joe, a user, wants to protect sensitive information stored on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive information within the hidden volume. This is an example of which of the following? (Select TWO).

A. Multi-pass encryption A. Multi-pass encryption B. Transport encryption C. Plausible deniability D. Steganography E. Transitive encryption F. Trust models Correct Answer: CD

An administrator deploys a WPA2 Enterprise wireless network with EAP-PEAP-MSCHAPv2. The deployment is successful and company laptops are able to connect automatically with no user intervention. A year later, the company begins to deploy phones with wireless capabilities. Users report that they are receiving a warning when they attempt to connect to the wireless network from their phones. Which of the following is the MOST likely cause of the warning message?

A. Mutual authentication on the phone is not compatible with the wireless network B. The phones do not support WPA2 Enterprise wireless networks C. User certificates were not deployed to the phones D. The phones' built in web browser is not compatible with the wireless network E. Self-signed certificates were used on the RADIUS servers Correct Answer: B

Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?

A. NAC B. VLAN C. DMZ D. Subnet Correct Answer: C

A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?

A. NAT A. NAT B. NIPS C. NAC D. DMZ Correct Answer: C

Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?

A. NAT A. NAT B. Virtualization C. NAC D. Subnetting Correct Answer: D

A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?

A. NAT and DMZ A. NAT and DMZ B. VPN and IPSec C. Switches and a firewall D. 802.1x and VLANs Correct Answer: D

Which of the following protocols is used by IPv6 for MAC address resolution?

A. NDP A. NDP B. ARP C. DNS D. NCP Correct Answer: A

A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?

A. NIDS A. NIDS B. CCTV C. Firewall D. NIPS Correct Answer: B

According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?

A. NIDS A. NIDS B. DMZ C. NAT D. VLAN Correct Answer: D

The chief information officer (CIO) of a major company intends to increase employee connectivity and productivity by issuing employees mobile devices with access to their enterprise email, calendar, and contacts. The solution the CIO intends to use requires a PKI that automates the enrollment of mobile device certificates. Which of the following, when implemented and configured securely, will meet the CIO's requirement?

A. OCSP A. OCSP B. SCEP C. SAML D. OSI Correct Answer: B

Which of the following is used to inform users of the repercussions of releasing proprietary information?

A. OLA A. OLA B. SLA C. NDA D. MOU Correct Answer: C

A security administrator wants to implement a solution which will allow some applications to run under the user's home directory and only have access to files stored within the same user's folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?

A. OS Virtualization A. OS Virtualization B. Trusted OS C. Process sandboxing D. File permission Correct Answer: C

Joe a technician is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?

A. OS hardening A. OS hardening B. Application control C. Virtualization D. Sandboxing Correct Answer: C

Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?

A. OS hardening A. OS hardening B. Application control C. Virtualization D. Sandboxing Correct Answer: C

A company is concerned that a compromised certificate may result in a man-in-the-middle attack against backend financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which of the following technologies provides the FASTEST revocation capability?

A. Online Certificate Status Protocol (OCSP) A. Online Certificate Status Protocol (OCSP) B. Public Key Cryptography (PKI) C. Certificate Revocation Lists (CRL) D. Intermediate Certificate Authority (CA) Correct Answer: A

The system administrator is reviewing the following logs from the company web server: 12:34:56 GET /directory_listing.php?user=admin&pass=admin1 12:34:57 GET /directory_listing.php?user=admin&pass=admin2 12:34:58 GET /directory_listing.php?user=admin&pass=1admin 12:34:59 GET /directory_listing.php?user=admin&pass=2admin Which of the following is this an example of?

A. Online rainbow table attack A. Online rainbow table attack B. Offline brute force attack C. Offline dictionary attack D. Online hybrid attack Correct Answer: D

A system administrator is conducting baseline audit and determines that a web server is missing several critical updates. Which of the following actions should the administrator perform first to correct the issue?

A. Open a service ticket according to the patch management plan A. Open a service ticket according to the patch management plan B. Disconnect the network interface and use the administrative management console to perform the updates C. Perform a backup of the server and install the require patches D. Disable the services for the web server but leave the server alone pending patch updates Correct Answer: A

A program displays: ERROR: this program has caught an exception and will now terminate. Which of the following is MOST likely accomplished by the program's behavior?

A. Operating system's integrity is maintained A. Operating system's integrity is maintained B. Program's availability is maintained C. Operating system's scalability is maintained D. User's confidentiality is maintained Correct Answer: A

Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive. Which of the following procedures did Joe follow?

A. Order of volatility B. Chain of custody C. Recovery procedure D. Incident isolation Correct Answer: A

Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following?

A. Output sanitization A. Output sanitization B. Input validation C. Application hardening D. Fuzzing Correct Answer: B

Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?

A. PAT A. PAT B. NAP C. DNAT D. NAC Correct Answer: A

A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company's server over a public unencrypted communication channel. Which of the following implements the required secure key negotiation? (Select TWO).

A. PBKDF2 A. PBKDF2 B. Symmetric encryption C. Steganography D. ECDHE E. Diffie-Hellman Correct Answer: DE

A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company's gateway firewall?

A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443 A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443 B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443 Correct Answer: D

Which of the following are restricted to 64-bit block sizes? (Select TWO).

A. PGP A. PGP B. DES C. AES256 D. RSA E. 3DES F. AES Correct Answer: BE

Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that had changed since last night's integrity scan. Which of the following could the technician use to prepare the report? (Select TWO).

A. PGP A. PGP B. MD5 C. ECC D. AES E. Blowfish F. HMAC Correct Answer: BF

A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option?

A. PGP, because it employs a web-of-trust that is the most trusted form of PKI. A. PGP, because it employs a web-of-trust that is the most trusted form of PKI. B. PGP, because it is simple to incorporate into a small environment. C. X.509, because it uses a hierarchical design that is the most trusted form of PKI. D. X.509, because it is simple to incorporate into a small environment. Correct Answer: B

A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people's first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?

A. PII A. PII B. PCI C. Low D. Public Correct Answer: A

When employees that use certificates leave the company they should be added to which of the following?

A. PKI A. PKI B. CA C. CRL D. TKIP Correct Answer: C

An administrator has to determine host operating systems on the network and has deployed a transparent proxy. Which of the following fingerprint types would this solution use?

A. Packet A. Packet B. Active C. Port D. Passive Correct Answer: D

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?

A. Packet Filter Firewall A. Packet Filter Firewall B. Stateful Firewall C. Proxy Firewall D. Application Firewall Correct Answer: B

Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network. Which of the following has been reported by the vulnerability scan?

A. Passive scan A. Passive scan B. Active scan C. False positive D. False negative Correct Answer: D

An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).

A. Password Complexity A. Password Complexity B. Password Expiration C. Password Age D. Password Length E. Password History Correct Answer: AD

The help desk is receiving numerous password change alerts from users in the accounting department. These alerts occur multiple times on the same day for each of the affected users' accounts. Which of the following controls should be implemented to curtail this activity?

A. Password Reuse B. Password complexity C. Password History D. Password Minimum age Correct Answer: D

A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO).

A. Password age A. Password age B. Password hashing C. Password complexity D. Password history E. Password length Correct Answer: AD

A security administrator is reviewing the below output from a password auditing tool: P@ss. @pW1. S3cU4 Which of the following additional policies should be implemented based on the tool's output?

A. Password age A. Password age B. Password history C. Password length D. Password complexity Correct Answer: C

A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select Three)

A. Password complexity policies B. Hardware tokens C. Biometric systems D. Role-based permissions E. One time passwords F. Separation of duties G. Multifactor authentication H. Single sign-on I. Lease privilege Correct Answer: DFI

When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann's workstation. Which of the following could have prevented this from happening?

A. Password complexity policy A. Password complexity policy B. User access reviews C. Shared account prohibition policy D. User assigned permissions policy Correct Answer: A

A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine. Which of the following can be implemented to reduce the likelihood of this attack going undetected?

A. Password complexity rules B. Continuous monitoring C. User access reviews D. Account lockout policies Correct Answer: B

A malicious individual used an unattended customer service kiosk in a busy store to change the prices of several products. The alteration was not noticed until several days later and resulted in the loss of several thousand dollars for the store. Which of the following would BEST prevent this from occurring again?

A. Password expiration A. Password expiration B. Screen locks C. Inventory control D. Asset tracking Correct Answer: B

An incident occurred when an outside attacker was able to gain access to network resources. During the incident response, investigation security logs indicated multiple failed login attempts for a network administrator. Which of the following controls, if in place could have BEST prevented this successful attack?

A. Password history A. Password history B. Password complexity C. Account lockout D. Account expiration Correct Answer: C

An organizations' security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?

A. Password history A. Password history B. Password complexity C. Password length D. Password expiration Correct Answer: A

A recent online password audit has identified that stale accounts are at risk to brute force attacks. Which the following controls would best mitigate this risk?

A. Password length A. Password length B. Account disablement C. Account lockouts D. Password complexity Correct Answer: C

A system administrator wants to prevent password compromises from offline password attacks. Which of the following controls should be configured to BEST accomplish this task? (Select TWO)

A. Password reuse A. Password reuse B. Password length C. Password complexity D. Password history E. Account lockouts Correct Answer: CE

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

A. Password reuse A. Password reuse B. Phishing C. Social engineering D. Tailgating Correct Answer: D

A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).

A. Patch Audit Policy A. Patch Audit Policy B. Change Control Policy C. Incident Management Policy D. Regression Testing Policy E. Escalation Policy F. Application Audit Policy Correct Answer: BD

Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?

A. Patch management A. Patch management B. Application fuzzing C. ID badge D. Application configuration baseline Correct Answer: B

A software security concern when dealing with hardware and devices that have embedded software or operating systems is:

A. Patching may not always be possible A. Patching may not always be possible B. Configuration support may not be available C. These is no way to verify if a patch is authorized or not D. The vendor may not have a method for installation of patches Correct Answer: D

A company has had several security incidents in the past six months. It appears that the majority of the incidents occurred on systems with older software on development workstations. Which of the following should be implemented to help prevent similar incidents in the future?

A. Peer code review A. Peer code review B. Application whitelisting C. Patch management D. Host-based firewall Correct Answer: C

A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

A. Peer review B. Component testing C. Penetration testing D. Vulnerability testing Correct Answer: D

A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following?

A. Peer to Peer A. Peer to Peer B. Mobile devices C. Social networking D. Personally owned devices Correct Answer: C

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

A. Penetration test A. Penetration test B. Code review C. Baseline review D. Design review Correct Answer: C

Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?

A. Penetration test A. Penetration test B. Code review C. Vulnerability scan D. Brute Force scan Correct Answer: C

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?

A. Penetration test A. Penetration test B. Vulnerability scan C. Load testing D. Port scanner Correct Answer: B

A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

A. Penetration testing A. Penetration testing B. WAF testing C. Vulnerability scanning D. White box testing Correct Answer: C

A security administrator wishes to protect session leys should a private key become discovered. Which of the following should be enabled in IPSec to allow this?

A. Perfect forward secrecy A. Perfect forward secrecy B. Key escrow C. Digital signatures D. CRL Correct Answer: B

A company used a partner company to develop critical components of an application. Several employees of the partner company have been arrested for cybercrime activities. Which of the following should be done to protect the interest of the company?

A. Perform a penetration test against the application A. Perform a penetration test against the application B. Conduct a source code review of the application C. Perform a baseline review of the application D. Scan the application with antivirus and anti-spyware products. Correct Answer: A

A security engineer would like to analyze the effect of deploying a system without patching it to discover potential vulnerabilities. Which of the following practices would best allow for this testing while keeping the corporate network safe?

A. Perform grey box testing of the system to verify the vulnerabilities on the system A. Perform grey box testing of the system to verify the vulnerabilities on the system B. Utilize virtual machine snapshots to restore from compromises C. Deploy the system in a sandbox environment on the virtual machine D. Create network ACLs that restrict all incoming connections to the system Correct Answer: C

A company exchanges information with a business partner. An annual audit of the business partner is conducted against the SLA in order to verify:

A. Performance and service delivery metrics B. Backups are being performed and tested C. Data ownership is being maintained and audited D. Risk awareness is being adhered to and enforced Correct Answer: A

The sales force in an organization frequently travel to remote sites and requires secure access to an internal server with an IP address of 192.168.0.220. Assuming services are using default ports, which of the following firewall rules would accomplish this objective? (Select Two)

A. Permit TCP 20 any 192.168.0.200 A. Permit TCP 20 any 192.168.0.200 B. Permit TCP 21 any 192.168.0.200 C. Permit TCP 22 any 192.168.0.200 D. Permit TCP 110 any 192.168.0.200 E. Permit TCP 139 any 192.168.0.200 F. Permit TCP 3389 any 192.168.0.200 Correct Answer: CF

The BEST methods for a web developer to prevent the website application code from being vulnerable to crosssite request forgery (XSRF) are to: (Select TWO).

A. Permit redirection to Internet-facing web URLs. A. Permit redirection to Internet-facing web URLs. B. Ensure all HTML tags are enclosed in angle brackets, e.g., "<" and ">". C. Validate and filter input on the server side and client side. D. Use a web proxy to pass website requests between the user and the application. E. Restrict and sanitize use of special characters in input and URLs. Correct Answer: CE

A company's BYOD policy requires the installation of a company provide mobile agent on their on their personally owned devices which would allow auditing when an employee wants to connect a device to the corporate email system. Which of the following concerns will MOST affect the decision to use a personal device to receive company email?

A. Personal privacy A. Personal privacy B. Email support C. Data ownership D. Service availability Correct Answer: A

In order to gain an understanding of the latest attack tools being used in the wild, an administrator puts a Unix server on the network with the root users password to set root. Which of the following best describes this technique?

A. Pharming A. Pharming B. Honeypot C. Gray box testing D. phishing Correct Answer: B

Which of the following exploits either a host file on a target machine or vulnerabilities on a DNS server in order to carry out URL redirection?

A. Pharming A. Pharming B. Spoofing C. Vishing D. Phishing Correct Answer: B

Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?

A. Phishing A. Phishing B. Shoulder surfing C. Impersonation D. Tailgating Correct Answer: C

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?

A. Phishing A. Phishing B. Tailgating C. Pharming D. Vishing Correct Answer: D

Which of the following attacks targets high level executives to gain company information?

A. Phishing A. Phishing B. Whaling C. Vishing D. Spoofing Correct Answer: B

An organization receives an email that provides instruction on how to protect a system from being a target of new malware that is rapidly infecting systems. The incident response team investigates the notification and determines it to invalid and notifies users to disregard the email. Which of the following Best describes this occurrence?

A. Phishing B. Scareware C. SPAM D. Hoax Correct Answer: D

Two organizations want to share sensitive data with one another from their IT systems to support a mutual customer base. Both organizations currently have secure network and security policies and procedures. Which of the following should be the PRIMARY security considerations by the security managers at each organization prior to sharing information? (Select THREE)

A. Physical security controls A. Physical security controls B. Device encryption C. Outboarding/Offboarding D. Use of digital signatures E. SLA/ISA F. Data ownership G. Use of smartcards or common access cards H. Patch management Correct Answer: BEF

A network technician has received comments from several users that cannot reach a particular website. Which of the following commands would provide the BEST information about the path taken across the network to this website?

A. Ping A. Ping B. Netstat C. telnet D. tracert Correct Answer: D

Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity?

A. Place a full-time guard at the entrance to confirm user identity. A. Place a full-time guard at the entrance to confirm user identity. B. Install a camera and DVR at the entrance to monitor access. C. Revoke all proximity badge access to make users justify access. D. Install a motion detector near the entrance. Correct Answer: B

To mitigate the risk of intrusion, an IT Manager is concerned with using secure versions of protocols and services whenever possible. In addition, the security technician is required to monitor the types of traffic being generated. Which of the following tools is the technician MOST likely to use?

A. Port scanner A. Port scanner B. Network analyzer C. IPS D. Audit Logs Correct Answer: B

Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?

A. Port security A. Port security B. Flood guards C. Loop protection D. Implicit deny Correct Answer: D

A network was down for several hours due to a contractor entering the premises and plugging both ends of a network cable into adjacent network jacks. Which of the following would have prevented the network outage? (Select Two)

A. Port security B. Loop Protection C. Implicit deny D. Log analysis E. Mac Filtering F. Flood Guards Correct Answer: AF

A company uses port security based on an approved MAC list to secure its wired network and WPA2 to secure its wireless network. Which of the following prevents an attacker from learning authorized MAC addresses?

A. Port security prevents access to any traffic that might provide an attacker with authorized MAC addresses A. Port security prevents access to any traffic that might provide an attacker with authorized MAC addresses B. Port security uses certificates to authenticate devices and is not part of a wireless protocol C. Port security relies in a MAC address length that is too short to be cryptographically secure over wireless networks D. Port security encrypts data on the network preventing an attacker form reading authorized MAC addresses Correct Answer: A

A security manager is discussing change in the security posture of the network, if a proposed application is approved for deployment. Which of the following is the MOST important the security manager must rely upon to help make this determination?

A. Ports used by new application A. Ports used by new application B. Protocols/services used by new application C. Approved configuration items D. Current baseline configuration Correct Answer: B

Which of the following is replayed during wireless authentication to exploit a weal key infrastructure?

A. Preshared keys A. Preshared keys B. Ticket exchange C. Initialization vectors D. Certificate exchange Correct Answer: B

Which of the following can Pete, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program?

A. RAID A. RAID B. Clustering C. Redundancy D. Virtualization Correct Answer: B

A penetration tester is measuring a company's posture on social engineering. The penetration tester sends a phishing email claiming to be from IT asking employees to click a link to update their VPN software immediately. Which of the following reasons would explain why this attack could be successful?

A. Principle of Scarcity A. Principle of Scarcity B. Principle of Intimidation C. Principle of Urgency D. Principle of liking Correct Answer: C

Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?

A. Privacy Policy A. Privacy Policy B. Least Privilege C. Acceptable Use D. Mandatory Vacations Correct Answer: D

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

A. Privacy Policy A. Privacy Policy B. Security Policy C. Consent to Monitoring Policy D. Acceptable Use Policy Correct Answer: D

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

A. Private hash A. Private hash B. Recovery agent C. Public key D. Key escrow E. CRL Correct Answer: BD

When using PGP, which of the following should the end user protect from compromise? (Select TWO).

A. Private key A. Private key B. CRL details C. Public key D. Key password E. Key escrow F. Recovery agent Correct Answer: AD

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

A. Privilege escalation A. Privilege escalation B. Advanced persistent threat C. Malicious insider threat D. Spear phishing Correct Answer: B

An attacker has gained access to the company's web server by using the administrator's credentials. The attacker then begins to work on compromising the sensitive data on other servers. Which off the following BEST describes this type of attack?

A. Privilege escalation B. Client-side attack C. Man-in-the-middle D. Transitive access Correct Answer: B

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

A. Procedure and policy management A. Procedure and policy management B. Chain of custody management C. Change management D. Incident management Correct Answer: D

Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?

A. Product baseline report A. Product baseline report B. Input validation C. Patch regression testing D. Code review Correct Answer: D

A system administrator has been instructed by the head of security to protect their data at-rest. Which of the following would provide the strongest protection?

A. Prohibiting removable media A. Prohibiting removable media B. Incorporating a full-disk encryption system C. Biometric controls on data center entry points D. A host-based intrusion detection system Correct Answer: B

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen: `Please only use letters and numbers on these fields' Which of the following is this an example of?

A. Proper error handling A. Proper error handling B. Proper input validation C. Improper input validation D. Improper error handling Correct Answer: B

In performing an authorized penetration test of an organization's system security, a penetration tester collects information pertaining to the application versions that reside on a server. Which of the following is the best way to collect this type of information?

A. Protocol analyzer A. Protocol analyzer B. Banner grabbing C. Port scanning D. Code review Correct Answer: B

A corporation has experienced several media leaks of proprietary data on various web forums. The posts were made during business hours and it is believed that the culprit is posting during work hours from a corporate machine. The Chief Information Officer (CIO) wants to scan internet traffic and keep records for later use in legal proceedings once the culprit is found. Which of the following provides the BEST solution?

A. Protocol analyzer A. Protocol analyzer B. NIPS C. Proxy server D. HIDS Correct Answer: A

Ann, a system analyst, discovered the following log. Which of the following or techniques does this indicate? {bp1@localmachine}$ Is-al Total 12 Drwxrwxr-x

A. Protocol analyzer A. Protocol analyzer B. Port scanner C. Vulnerability D. Banner grabbing Correct Answer: A

Which of the following devices would be the MOST efficient way to filter external websites for staff on an internal network?

A. Protocol analyzer A. Protocol analyzer B. Switch C. Proxy D. Router Correct Answer: C

Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal. Which of the following kind of IDS is in use?

A. Protocol based A. Protocol based B. Heuristic based C. Signature based D. Anomaly based Correct Answer: D

Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?

A. Proxies A. Proxies B. Load balancers C. Protocol analyzer D. VPN concentrator Correct Answer: A

One of the senior managers at a company called the help desk to report to report a problem. The manager could no longer access data on a laptop equipped with FDE. The manager requested that the FDE be removed and the laptop restored from a backup. The help desk informed the manager that the recommended solution was to decrypt the hard drive prior to reinstallation and recovery. The senior manager did not have a copy of the private key associated with the FDE on the laptop. Which of the following tools or techniques did the help desk use to avoid losing the data on the laptop?

A. Public key A. Public key B. Recovery agent C. Registration details D. Trust Model Correct Answer: B

Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

A. Public keys, one time A. Public keys, one time B. Shared keys, private keys C. Private keys, session keys D. Private keys, public keys Correct Answer: D

A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?

A. Put the VoIP network into a different VLAN than the existing data network. B. Upgrade the edge switches from 10/100/1000 to improve network speed C. Physically separate the VoIP phones from the data network D. Implement flood guards on the data network Correct Answer: A

Upper management decides which risk to mitigate based on cost. This is an example of:

A. Qualitative risk assessment A. Qualitative risk assessment B. Business impact analysis C. Risk management framework D. Quantitative risk assessment Correct Answer: D

Encryption used by RADIUS is BEST described as:

A. Quantum A. Quantum B. Elliptical curve C. Asymmetric D. Symmetric Correct Answer: D

During a Linux security audit at a local college, it was noted that members of the dean's group were able to modify employee records in addition to modifying student records, resulting in an audit exception. The college security policy states that the dean's group should only have the ability to modify student records. Assuming that the correct user and group ownerships are in place, which of the following sets of permissions should have been assigned to the directories containing the employee records?

A. R-x---rwx B. Rwxrwxrwx C. Rwx----wx D. Rwxrwxr— Correct Answer: B

An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?

A. RADIUS A. RADIUS B. Kerberos C. TACACS+ D. LDAP Correct Answer: D

Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company's new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors. Ann knows she needs a method of secure centralized access to the company's network resources. Which of the following is the BEST service for Ann to implement?

A. RADIUS A. RADIUS B. LDAP C. SAML D. TACACS+ Correct Answer: A

Which of the following is an authentication method that can be secured by using SSL?

A. RADIUS A. RADIUS B. LDAP C. TACACS+ D. Kerberos Correct Answer: B

Which of the following authentication services uses a ticket granting system to provide access?

A. RADIUS A. RADIUS B. LDAP C. TACACS+ D. Kerberos Correct Answer: D

Which of the following authentication methods requires the user, service provider and an identity provider to take part in the authentication process?

A. RADIUS A. RADIUS B. SAML C. Secure LDAP D. Kerberos Correct Answer: A

A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

A. RADIUS A. RADIUS B. SAML C. TACACS+ D. LDAP Correct Answer: D

Which of the following authentication services should be replaced with a more secure alternative?

A. RADIUS A. RADIUS B. TACACS C. TACACS+ D. XTACACS Correct Answer: B

An administrator would like users to authenticate to the network using only UDP protocols. Which of the following would meet this goal?

A. RADIUS A. RADIUS B. TACACS+ C. Kerberos D. 802.1x Correct Answer: A

A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?

A. RADIUS A. RADIUS B. TACACS+ C. Kerberos D. LDAP Correct Answer: B

Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?

A. Remote wiping enabled for all removable storage devices A. Remote wiping enabled for all removable storage devices B. Full-disk encryption enabled for all removable storage devices C. A well defined acceptable use policy D. A policy which details controls on removable storage use Correct Answer: D

A user has called the help desk to report an enterprise mobile device was stolen. The technician receiving the call accesses the MDM administration portal to identify the device's last known geographic location. The technician determines the device is still communicating with the MDM. After taking note of the last known location, the administrator continues to follow the rest of the checklist. Which of the following identifies a possible next step for the administrator?

A. Remotely encrypt the device A. Remotely encrypt the device B. Identify the mobile carrier's IP address C. Reset the device password D. Issue a remote wipe command Correct Answer: D

A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?

A. Remove all previous smart card certificates from the local certificate store. A. Remove all previous smart card certificates from the local certificate store. B. Publish the new certificates to the global address list. C. Make the certificates available to the operating system. D. Recover the previous smart card certificates. Correct Answer: B

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

A. Remove the staff group from the payroll folder A. Remove the staff group from the payroll folder B. Implicit deny on the payroll folder for the staff group C. Implicit deny on the payroll folder for the managers group D. Remove inheritance from the payroll folder Correct Answer: B

A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?

A. Replace FTP with SFTP and replace HTTP with TLS B. Replace FTP with FTPS and replaces HTTP with TFTP C. Replace FTP with SFTP and replace HTTP with Telnet D. Replace FTP with FTPS and replaces HTTP with IPSec Correct Answer: B

A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access. Which of the following is the BEST approach to implement this process?

A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site. B. Require the customer to physically come into the company's main office so that the customer can be authenticated prior to their password being reset. C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password. D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login. Correct Answer: D

An administrator has concerns regarding the company's server rooms Proximity badge readers were installed, but it is discovered this is not preventing unapproved personnel from tailgating into these area. Which of the following would BEST address this concern?

A. Replace proximity readers with turn0based key locks A. Replace proximity readers with turn0based key locks B. Install man-traps at each restricted area entrance C. Configure alarms to alert security when the areas are accessed D. Install monitoring cameras at each entrance Correct Answer: B

A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?

A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna. A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna. B. Change the encryption used so that the encryption protocol is CCMP-based. C. Disable the network's SSID and configure the router to only access store devices based on MAC addresses. D. Increase the access point's encryption from WEP to WPA TKIP. Correct Answer: B

Which of the following attacks involves the use of previously captured network traffic?

A. Replay A. Replay B. Smurf C. Vishing D. DDoS Correct Answer: A

Which of the following attacks initiates a connection by sending specially crafted packets in which multiple TCP flags are set to 1?

A. Replay A. Replay B. Smurf C. Xmas D. Fraggle Correct Answer: C

Ann is concerned that the application her team is currently developing is vulnerable to unexpected user input that could lead to issues within the memory is affected in a detrimental manner leading to potential exploitation. Which of the following describes this application threat?

A. Replay attack A. Replay attack B. Zero-day exploit C. Distributed denial of service D. Buffer overflow Correct Answer: C

A network engineer is configuring a VPN tunnel connecting a company's network to a business partner. Which of the following protocols should be used for key exchange?

A. SHA-1 A. SHA-1 B. RC4 C. Blowfish D. Diffie-Hellman Correct Answer: A

Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts? Host 192.168.1.123 [00: 00: 01]Successful Login: 015 192.168.1.123 : local [00: 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124 [00: 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124 [00: 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124 [00: 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124

A. Reporting A. Reporting B. IDS C. Monitor system logs D. Hardening Correct Answer: D

During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem best be revisited?

A. Reporting B. Preparation C. Mitigation D. Lessons learned Correct Answer: A

An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?

A. Require IPSec with AH between the servers A. Require IPSec with AH between the servers B. Require the message-authenticator attribute for each message C. Use MSCHAPv2 with MPPE instead of PAP D. Require a long and complex shared secret for the servers Correct Answer: A

A security administrator wishes to prevent certain company devices from using specific access points, while still allowing them on others. All of the access points use the same SSID and wireless password. Which of the following would be MOST appropriate in this scenario?

A. Require clients to use 802.1x with EAPOL in order to restrict access A. Require clients to use 802.1x with EAPOL in order to restrict access B. Implement a MAC filter on the desired access points C. Upgrade the access points to WPA2 encryption D. Use low range antennas on the access points that ne4ed to be restricted Correct Answer: B

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening. In order to implement a true separation of duties approach the bank could:

A. Require the use of two different passwords held by two different individuals to open an account B. Administer account creation on a role based access control approach C. Require all new accounts to be handled by someone else other than a teller since they have different duties D. Administer account creation on a rule based access control approach Correct Answer: C

Ann a network administrator has been tasked with strengthening the authentication of users logging into systems in area containing sensitive information. Users log in with usernames and passwords, following by a retinal scan. Which of the following could she implement to add an additional factor of authorization?

A. Requiring PII usage A. Requiring PII usage B. Fingerprint scanner C. Magnetic swipe cards D. Complex passphrases Correct Answer: B

Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?

A. Restoration and recovery strategies A. Restoration and recovery strategies B. Deterrent strategies C. Containment strategies D. Detection strategies Correct Answer: C

Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it?

A. Retention of user keys A. Retention of user keys B. Increased logging on access attempts C. Retention of user directories and files D. Access to quarantined files Correct Answer: A

A security administrator is designing an access control system, with an unlimited budget, to allow authenticated users access to network resources. Given that a multifactor authentication solution is more secure, which of the following is the BEST combination of factors?

A. Retina scanner, thumbprint scanner, and password A. Retina scanner, thumbprint scanner, and password B. Username and password combo, voice recognition scanner, and retina scanner C. Password, retina scanner, and proximity reader D. One-time password pad, palm-print scanner, and proximity photo badges Correct Answer: B

Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases?

A. Reuse B. Length C. History D. Complexity Correct Answer: D

A recent review of accounts on various systems has found that after employees' passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).

A. Reverse encryption A. Reverse encryption B. Minimum password age C. Password complexity D. Account lockouts E. Password history F. Password expiration Correct Answer: BE

A recent review of accounts on various systems has found that after employees passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO)

A. Reverse encryption B. Minimum password age C. Password complexity D. Account lockouts E. Password history F. Password expiration Correct Answer: BE

A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

A. Review all user permissions and group memberships to ensure only the minimum set of permissions A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively. C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced. D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources. Correct Answer: A

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data?

A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud. Correct Answer: C

A company's application is hosted at a data center. The data center provides security controls for the infrastructure. The data center provides a report identifying serval vulnerabilities regarding out of date OS patches. The company recommends the data center assumes the risk associated with the OS vulnerabilities. Which of the following concepts is being implemented?

A. Risk Transference A. Risk Transference B. Risk Acceptance C. Risk Avoidance D. Risk Deterrence Correct Answer: A

Deploying compensating security controls is an example of:

A. Risk avoidance A. Risk avoidance B. Risk mitigation C. Risk transference D. Risk acceptance Correct Answer: B

During a code review a software developer discovers a security risk that may result in hundreds of hours of rework. The security team has classified these issues as low risk. Executive management has decided that the code will not be rewritten. This is an example of:

A. Risk avoidance B. Risk transference C. Risk mitigation D. Risk acceptance Correct Answer: D

A company that has a mandatory vacation policy has implemented which of the following controls?

A. Risk control A. Risk control B. Privacy control C. Technical control D. Physical control Correct Answer: A

Identifying residual risk is MOST important to which of the following concepts?

A. Risk deterrence A. Risk deterrence B. Risk acceptance C. Risk mitigation D. Risk avoidance Correct Answer: B

Identifying residual is MOST important to which of the following concepts?

A. Risk deterrence A. Risk deterrence B. Risk acceptance C. Risk mitigation D. Risk avoidance Correct Answer: C

Which of the following is BEST carried out immediately after a security breach is discovered?

A. Risk transference A. Risk transference B. Access control revalidation C. Change management D. Incident management Correct Answer: D

Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?

A. Risk transference A. Risk transference B. Change management C. Configuration management D. Access control revalidation Correct Answer: B

A network administrator has identified port 21 being open and the lack of an IDS as a potential risk to the company. Due to budget constraints, FTP is the only option that the company can is to transfer data and network equipment cannot be purchased. Which of the following is this known as?

A. Risk transference A. Risk transference B. Risk deterrence C. Risk acceptance D. Risk avoidance Correct Answer: C

Which of the following BEST describes the type of attack that is occurring?

A. Smurf Attack A. Smurf Attack B. Man in the middle C. Backdoor D. Replay E. Spear Phishing F. Xmas Attack G. Blue Jacking H. Ping of Death Correct Answer: A

A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test. Which of the following has the administrator been tasked to perform?

A. Risk transference B. Penetration test C. Threat assessment D. Vulnerability assessment Correct Answer: D

A technician reports a suspicious individual is seen walking around the corporate campus. The individual is holding a smartphone and pointing a small antenna, in order to collect SSIDs. Which of the following attacks is occurring?

A. Rogue AP A. Rogue AP B. Evil Twin C. Man-in-the-middle D. War driving Correct Answer: D

A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following. SSID State Channel Level Computer AreUs1 connected 1 70dbm Computer AreUs2 connected 5 80dbm Computer AreUs3 connected 3 75dbm Computer AreUs4 connected 6 95dbm Which of the following is this an example of?

A. Rogue access point A. Rogue access point B. Near field communication C. Jamming D. Packet sniffing Correct Answer: A

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

A. Rogue access point A. Rogue access point B. Zero day attack C. Packet sniffing D. LDAP injection Correct Answer: D

Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels?

A. Role Based Access Controls A. Role Based Access Controls B. Mandatory Access Controls C. Discretionary Access Controls D. Access Control List Correct Answer: B

Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed?

A. Role-based A. Role-based B. Mandatory C. Discretionary D. Rule-based Correct Answer: C

Which of the following types of malware is designed to provide access to a system when normal authentication fails?

A. Rootkit A. Rootkit B. Botnet C. Backdoor D. Adware Correct Answer: C

After an audit, it was discovered that an account was not disabled in a timely manner after an employee has departed from the organization. Which of the following did the organization fail to properly implement?

A. Routine account audits A. Routine account audits B. Account management processes C. Change management processes D. User rights and permission reviews Correct Answer: A

Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees?

A. Routine audits A. Routine audits B. Account expirations C. Risk assessments D. Change management Correct Answer: A

Requiring technicians to report spyware infections is a step in which of the following?

A. Routine audits A. Routine audits B. Change management C. Incident management D. Clean desk policy Correct Answer: C

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?

A. Routine log audits A. Routine log audits B. Job rotation C. Risk likelihood assessment D. Separation of duties Correct Answer: A

An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?

A. Routing A. Routing B. DMZ C. VLAN D. NAT Correct Answer: C

A programmer must write a piece of code to encrypt passwords and credit card information used by an online shopping cart. The passwords must be stored using one-way encryption, while credit card information must be stored using reversible encryption. Which of the following should be used to accomplish this task? (Select TWO)

A. SHA for passwords A. SHA for passwords B. 3DES for passwords C. RC4 for passwords D. AES for credit cards E. MD5 for credit cards F. HMAC for credit cards Correct Answer: BD

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

A. Rule 1: deny from inside to outside source any destination any service smtp B. Rule 2: deny from inside to outside source any destination any service ping C. Rule 3: deny from inside to outside source any destination {blocked sites} service http-https D. Rule 4: deny from any to any source any destination any service any Correct Answer: C

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

A. Rule based access control A. Rule based access control B. Mandatory access control C. User assigned privilege D. Discretionary access control Correct Answer: D

A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?

A. Rule based access control A. Rule based access control B. Role based access control C. Discretionary access control D. Mandatory access control Correct Answer: A

Joe, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using?

A. SAML A. SAML B. LDAP C. iSCSI D. Two-factor authentication Correct Answer: B

Which of the following authentication services uses a default TCP of 389?

A. SAML A. SAML B. TACACS+ C. Kerberos D. LDAP Correct Answer: D

A company would like to implement two-factor authentication for its vulnerability management database to require system administrators to use their token and random PIN codes. Which of the following authentication services accomplishes this objective?

A. SAML A. SAML B. TACACS+ C. Kerberos D. RADIUS Correct Answer: D

A security analyst is working on a project team responsible for the integration of an enterprise SSO solution. The SSO solution requires the use of an open standard for the exchange of authentication and authorization across numerous web based applications. Which of the following solutions is most appropriate for the analyst to recommend in this scenario?

A. SAML A. SAML B. XTACACS C. RADIUS D. TACACS+ E. Secure LDAP Correct Answer: A

A security administrator is troubleshooting an authentication issues using a network sniffer. The security administrator reviews a packet capture of the authentication process and notices that authentication is performed using extensible markup over SOAP. Which of the following authentication services is the security administrator troubleshooting?

A. SAML A. SAML B. XTACACS C. Secure LDAP D. RADIUS Correct Answer: A

Which of the following is commonly used for federated identity management across multiple organizations?

A. SAML B. Active Directory C. Kerberos D. LDAP Correct Answer: A

A Chief Executive Officer (CEO) is steering company towards cloud computing. The CEO is requesting a federated sign-on method to have users sign into the sales application. Which of the following methods will be effective for this purpose?

A. SAML B. RADIUS C. Kerberos D. LDAP Correct Answer: A

Which of the following is a proprietary protocol commonly used for router authentication across an enterprise?

A. SAML B. TACACS C. LDAP D. RADIUS Correct Answer: B

A security analyst needs to logon to the console to perform maintenance on a remote server. Which of the following protocols would provide secure access?

A. SCP A. SCP B. SSH C. SFTP D. HTTPS Correct Answer: B

A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet?

A. SCP A. SCP B. SSH C. SFTP D. SSL Correct Answer: B

A security administrator wishes to implement a secure a method of file transfer when communicating with outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select TWO)

A. SCP B. TFTP C. SNMP D. FTP E. SMTP F FTPS Correct Answer: A

Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?

A. SFTP A. SFTP B. HTTPS C. TFTP D. TLS Correct Answer: D

Which of the following protocols encapsulates an IP packet with an additional IP header?

A. SFTP A. SFTP B. IPSec C. HTTPS D. SSL Correct Answer: B

Which of the following is used to verify data integrity?

A. SHA A. SHA B. 3DES C. AES D. RSA Correct Answer: A

When creating a public / private key pair, for which of the following ciphers would a user need to specify the key strength?

A. SHA A. SHA B. AES C. DES D. RSA Correct Answer: D

A security analyst must ensure that the company's web server will not negotiate weak ciphers with connecting web browsers. Which of the following supported list of ciphers MUST the security analyst disable? (Select THREE)

A. SHA A. SHA B. AES C. RIPMED D. NULL E. DES F. MD5 G. TWOFISH Correct Answer: AEF

Joe a user upon arriving to work on Monday morning noticed several files were deleted from the system. There were no records of any scheduled network outages or upgrades to the system. Joe notifies the security department of the anomaly found and removes the system from the network. Which of the following is the NEXT action that Joe should perform?

A. Screenshots of systems A. Screenshots of systems B. Call the local police C. Perform a backup D. Capture system image Correct Answer: A

A user contacts the help desk after being unable to log in to a corporate website. The user can log into the site from another computer in the next office, but not from the PC. The user's PC was able to connect earlier in the day. The help desk has user restart the NTP service. Afterwards the user is able to log into the website. The MOST likely reason for the initial failure was that the website was configured to use which of the following authentication mechanisms?

A. Secure LDAP B. RADIUS C. NTLMv2 D. Kerberos Correct Answer: D

A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task?

A. Secure coding A. Secure coding B. Fuzzing C. Exception handling D. Input validation Correct Answer: B

Joe a technician initiated scans if the company's 10 routers and discovered that half if the routers were not changed from their default configuration prior installed on the network. Which of the following would address this?

A. Secure router configuration A. Secure router configuration B. Implementing 802.1x C. Enabling loop protection D. Configuring port security Correct Answer: A

Deploying a wildcard certificate is one strategy to:

A. Secure the certificate's private key. A. Secure the certificate's private key. B. Increase the certificate's encryption key length. C. Extend the renewal date of the certificate. D. Reduce the certificate management burden. Correct Answer: D

The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is:

A. Security awareness training. A. Security awareness training. B. BYOD security training. C. Role-based security training. D. Legal compliance training. Correct Answer: A

In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?

A. Security control frameworks A. Security control frameworks B. Best practice C. Access control methodologies D. Compliance activity Correct Answer: B

During a company-wide initiative to harden network security, it is discovered that end users who have laptops cannot be removed from the local administrator group. Which of the following could be used to help mitigate the risk of these machines becoming compromised?

A. Security log auditing A. Security log auditing B. Firewalls C. HIPS D. IDS Correct Answer: B

Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

A. Security logs A. Security logs B. Protocol analyzer C. Audit logs D. Honeypot Correct Answer: D

A major security risk with co-mingling of hosts with different security requirements is:

A. Security policy violations. A. Security policy violations. B. Zombie attacks. C. Password compromises. D. Privilege creep. Correct Answer: A

One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do?

A. Segment the network A. Segment the network B. Use 802.1X C. Deploy a proxy sever D. Configure ACLs E. Write an acceptable use policy Correct Answer: A

A technician wants to secure communication to the corporate web portal, which is currently using HTTP. Which of the following is the FIRST step the technician should take?

A. Send the server's public key to the CA A. Send the server's public key to the CA B. Install the CA certificate on the server C. Import the certificate revocation list into the server D. Generate a certificate request from the server Correct Answer: D

Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following?

A. Sender's private key A. Sender's private key B. Recipient's public key C. Sender's public key D. Recipient's private key Correct Answer: B

Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?

A. Separation of Duties A. Separation of Duties B. Mandatory Vacations C. Discretionary Access Control D. Job Rotation Correct Answer: A

A resent OS patch caused an extended outage. It took the IT department several hours to uncover the cause of the issue due to the system owner who installed the patch being out of the office. Which of the following could help reduce the likelihood of this situation occurring in the future?

A. Separation of duties A. Separation of duties B. Change management procedures C. Incident management procedures D. User rights audits and reviews Correct Answer: B

Joe processes several requisitions during the day and during the night shift they are approved by Ann. This is an example of which of the following?

A. Separation of duties A. Separation of duties B. Discretionary access C. Mandatory access D. Time of day restrictions Correct Answer: B

Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO).

A. Separation of duties A. Separation of duties B. Job rotation C. Mandatory vacation D. Time of day restrictions E. Least privilege Correct Answer: AE

A penetration tester was able to obtain elevated privileges on a client workstation and multiple servers using the credentials of an employee. Which of the following controls would mitigate these issues? (Select TWO)

A. Separation of duties A. Separation of duties B. Least privilege C. Time of day restrictions D. Account expiration E. Discretionary access control F. Password history Correct Answer: BD

A recent audit has revealed that several users have retained permissions to systems they should no longer have rights to after being promoted or changed job positions. Which of the following controls would BEST mitigate this issue?

A. Separation of duties A. Separation of duties B. User account reviews C. Group based privileges D. Acceptable use policies Correct Answer: A

Which of the following provides the BEST application availability and is easily expanded as demand grows?

A. Server virtualization A. Server virtualization B. Load balancing C. Active-Passive Cluster D. RAID 6 Correct Answer: B

An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents would this concern MOST likely be addressed?

A. Service level agreement B. Interconnection security agreement C. Non-disclosure agreement D. Business process analysis Correct Answer: A

A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?

A. Service level agreements A. Service level agreements B. Interoperability agreements C. Privacy considerations D. Data ownership Correct Answer: C

Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?

A. Session Key A. Session Key B. Public Key C. Private Key D. Digital Signature Correct Answer: C

An administrator needs to protect against downgrade attacks due to various vulnerabilities in SSL/TLS. Which of the following actions should be performed? (Select TWO)

A. Set minimum protocol supported B. Request a new certificate from the CA C. Configure cipher order D. Disable flash cookie support E. Re-key the SSL certificate F. Add the old certificate to the CRL Correct Answer: CE

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:

A. Set up a honeypot and place false project documentation on an unsecure share. A. Set up a honeypot and place false project documentation on an unsecure share. B. Block access to the project documentation using a firewall. C. Increase antivirus coverage of the project servers. D. Apply security updates and harden the OS on all project servers. Correct Answer: A

One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have BEST kept this incident from occurring?

A. Set up a protocol analyzer A. Set up a protocol analyzer B. Set up a performance baseline C. Review the systems monitor on a monthly basis D. Review the performance monitor on a monthly basis Correct Answer: B

A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results. Which of the following is the best method for collecting this information?

A. Set up the scanning system's firewall to permit and log all outbound connections B. Use a protocol analyzer to log all pertinent network traffic C. Configure network flow data logging on all scanning system D. Enable debug level logging on the scanning system and all scanning tools used. Correct Answer: A

A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange?

A. Symmetric A. Symmetric B. Session-based C. Hashing D. Asymmetric Correct Answer: A

Human Resources suspect an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?

A. Shared accounts should be prohibited. A. Shared accounts should be prohibited. B. Account lockout should be enabled C. Privileges should be assigned to groups rather than individuals D. Time of day restrictions should be in use Correct Answer: A

Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks?

A. Shoulder surfing A. Shoulder surfing B. Dumpster diving C. Tailgating D. Spoofing Correct Answer: B

An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?

A. Shoulder surfing A. Shoulder surfing B. Dumpster diving C. Whaling attack D. Vishing attack Correct Answer: A

At the outside break area, an employee, Ann, asked another employee to let her into the building because her badge is missing. Which of the following does this describe?

A. Shoulder surfing A. Shoulder surfing B. Tailgating C. Whaling D. Impersonation Correct Answer: B

Which of the following can only be mitigated through the use of technical controls rather that user security training?

A. Shoulder surfing A. Shoulder surfing B. Zero-day C. Vishing D. Trojans Correct Answer: B

Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection?

A. Sign in and sign out logs A. Sign in and sign out logs B. Mantrap C. Video surveillance D. HVAC Correct Answer: B

The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?

A. Signature Based IDS A. Signature Based IDS B. Heuristic IDS C. Behavior Based IDS D. Anomaly Based IDS Correct Answer: A

A security administrator needs to implement a system that detects possible intrusions based upon a vendor provided list. Which of the following BEST describes this type of IDS?

A. Signature based B. Heuristic C. Anomaly-based D. Behavior-based Correct Answer: A

Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?

A. Signature based IPS A. Signature based IPS B. Signature based IDS C. Application based IPS D. Anomaly based IDS Correct Answer: D

A certificate authority takes which of the following actions in PKI?

A. Signs and verifies all infrastructure messages A. Signs and verifies all infrastructure messages B. Issues and signs all private keys C. Publishes key escrow lists to CRLs D. Issues and signs all root certificates Correct Answer: D

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?

A. Single sign on A. Single sign on B. IPv6 C. Secure zone transfers D. VoIP Correct Answer: C

A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?

A. Site visit to the backup data center A. Site visit to the backup data center B. Disaster recovery plan review C. Disaster recovery exercise D. Restore from backup Correct Answer: C

Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of?

A. Size of the files A. Size of the files B. Availability of the files C. Accessibility of the files from her mobile device D. Sensitivity of the files Correct Answer: D

Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type?

A. Smartcard A. Smartcard B. Token C. Discretionary access control D. Mandatory access control Correct Answer: A

Timestamps and sequence numbers act as countermeasures against which of the following types of attacks?

A. Smurf A. Smurf B. DoS C. Vishing D. Replay Correct Answer: D

Which of the following attacks impact the availability of a system? (Select TWO).

A. Smurf A. Smurf B. Phishing C. Spim D. DDoS E. Spoofing Correct Answer: AD

The Chief Information Officer (CIO) receives an anonymous threatening message that says "beware of the 1st of the year". The CIO suspects the message may be from a former disgruntled employee planning an attack. Which of the following should the CIO be concerned with?

A. Smurf Attack A. Smurf Attack B. Trojan C. Logic bomb D. Virus Correct Answer: C

An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several releases behind the version with all current security fixes. Which of the following should the administrator implement?

A. Snapshots A. Snapshots B. Sandboxing C. Patch management D. Intrusion detection system Correct Answer: C

Which device monitors network traffic in a passive manner?

A. Sniffer A. Sniffer B. IDS C. Firewall D. Web browser Correct Answer: A

Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic?

A. Sniffer A. Sniffer B. Router C. Firewall D. Switch Correct Answer: C

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements?

A. Sniffers A. Sniffers B. NIDS C. Firewalls D. Web proxies E. Layer 2 switches Correct Answer: C

A security assurance officer is preparing a plan to measure the technical state of a customer's enterprise. The testers employed to perform the audit will be given access to the customer facility and network. The testers will not be given access to the details of custom developed software used by the customer. However the testers with have access to the source code for several open source applications and pieces of networking equipment used at the facility, but these items will not be within the scope of the audit. Which of the following BEST describes the appropriate method of testing or technique to use in this scenario? (Select TWO)

A. Social engineering A. Social engineering B. All source C. Black box D. Memory dumping E. Penetration Correct Answer: CE

A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive's laptop they notice several pictures of the employee's pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match. Which of the following describes how the employee is leaking these secrets?

A. Social engineering A. Social engineering B. Steganography C. Hashing D. Digital signatures Correct Answer: B

XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?

A. Social media policy A. Social media policy B. Data retention policy C. CCTV policy D. Clean desk policy Correct Answer: D

Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?

A. Social networking use training A. Social networking use training B. Personally owned device policy training C. Tailgating awareness policy training D. Information classification training Correct Answer: D

A company's business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?

A. Software as a Service A. Software as a Service B. DMZ C. Remote access support D. Infrastructure as a Service Correct Answer: A

The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO's direction but has mandated that key authentication systems be run within the organization's network. Which of the following would BEST meet the CIO and CRO's requirements?

A. Software as a Service A. Software as a Service B. Infrastructure as a Service C. Platform as a Service D. Hosted virtualization service Correct Answer: A

Which of the following is required to allow multiple servers to exist on one physical server?

A. Software as a Service (SaaS) A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Virtualization D. Infrastructure as a Service (IaaS) Correct Answer: C

Which of the following offerings typically allows the customer to apply operating system patches?

A. Software as a service A. Software as a service B. Public Clouds C. Cloud Based Storage D. Infrastructure as a service Correct Answer: D

A user Ann has her assigned token but she forgotten her password. Which of the following appropriately categorizes the authentication factor that will fail in this scenario?

A. Something you do A. Something you do B. Something you know C. Something you are D. Something you have Correct Answer: B

Internet banking customers currently use an account number and password to access their online accounts. The bank wants to improve security on high value transfers by implementing a system which call users back on a mobile phone to authenticate the transaction with voice verification. Which of the following authentication factors are being used by the bank?

A. Something you know, something you do, and something you have A. Something you know, something you do, and something you have B. Something you do, somewhere you are, and something you have C. Something you are, something you do and something you know D. Something you have, something you are, and something you know Correct Answer: C

A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?

A. Spam filter A. Spam filter B. Digital signatures C. Antivirus software D. Digital certificates Correct Answer: B

Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).

A. Spam filter A. Spam filter B. Load balancer C. Antivirus D. Proxies E. Firewall F. NIDS G. URL filtering Correct Answer: DEG

Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?

A. Spam filter A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer Correct Answer: B

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Which of the following will BEST mitigate the risk if implemented on the switches?

A. Spanning tree A. Spanning tree B. Flood guards C. Access control lists D. Syn flood Correct Answer: A

Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the office. Which of the following describes the type of attack that was occurring?

A. Spear phishing A. Spear phishing B. Packet sniffing C. Impersonation D. MAC flooding Correct Answer: B

A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user's host: Old `hosts' file: 127.0.0.1 localhost New `hosts' file: 127.0.0.1 localhost 5.5.5.5 www.comptia.com Which of the following attacks has taken place?

A. Spear phishing A. Spear phishing B. Pharming C. Phishing D. Vishing Correct Answer: B

An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims. This describes which of the following?

A. Spear phishing A. Spear phishing B. Phishing C. Smurf attack D. Vishing Correct Answer: A

A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?

A. Spoof the MAC address of an observed wireless network client A. Spoof the MAC address of an observed wireless network client B. Ping the access point to discover the SSID of the network C. Perform a dictionary attack on the access point to enumerate the WEP key D. Capture client to access point disassociation packets to replay on the local PC's loopback Correct Answer: A

A security administrator develops a web page and limits input into the fields on the web page as well as filters special characters in output. The administrator is trying to prevent which of the following attacks?

A. Spoofing A. Spoofing B. XSS C. Fuzzing D. Pharming Correct Answer: B

An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause?

A. Spyware A. Spyware B. Trojan C. Privilege escalation D. DoS Correct Answer: D

A network administrator was to implement a solution that will allow authorized traffic, deny unauthorized traffic and ensure that appropriate ports are being used for a number of TCP and UDP protocols. Which of the following network controls would meet these requirements?

A. Stateful firewall A. Stateful firewall B. Web security gateway C. URL filter D. proxy server E. web application firewall Correct Answer: A

A company hires a penetration testing team to test its overall security posture. The organization has not disclosed any information to the penetration testing team and has allocated five days for testing. Which of the following types of testing will the penetration testing team have to conduct?

A. Static analysis A. Static analysis B. Gray Box C. White box D. Black box Correct Answer: D

A security analyst has a sample of malicious software and needs to know what the sample does. The analyst runs the sample in a carefully-controlled and monitored virtual machine to observe the software's behavior. The approach of malware analysis can BEST be described as:

A. Static testing A. Static testing B. Security control testing C. White box testing D. Sandboxing Correct Answer: D

Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A?

A. Steganography A. Steganography B. Hashing C. Encryption D. Digital Signatures Correct Answer: D

Which of the following is the BEST technology for the sender to use in order to secure the in-band exchange of a shared key?

A. Steganography A. Steganography B. Hashing algorithm C. Asymmetric cryptography D. Steam cipher Correct Answer: C

Company XYZ has suffered leaks of internally distributed confidential documents. Ann the network security analyst has been tasked to track down the culprit. She has decided to embed a four letter string of characters in documents containing proprietary information. Which of the following initial steps should Ann implement before sending documents?

A. Store one of the documents in a honey pot A. Store one of the documents in a honey pot B. Start antivirus scan on all the suspected computers C. Add a signature to the NIDS containing the four letter string D. Ask employees to report suspicious behaviors Correct Answer: C

The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following?

A. Stream ciphers A. Stream ciphers B. Transport encryption C. Key escrow D. Block ciphers Correct Answer: B

A company often processes sensitive data for the government. The company also processes a large amount of commercial work and as such is often providing tours to potential customers that take them into various workspaces. Which of the following security methods can provide protection against tour participants viewing sensitive information at minimal cost?

A. Strong passwords B. Screen protectors C. Clean-desk policy D. Mantraps Correct Answer: C

Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?

A. Structured walkthrough A. Structured walkthrough B. Full Interruption test C. Checklist test D. Tabletop exercise Correct Answer: A

Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?

A. Subnetting A. Subnetting B. NAT C. Quality of service D. NAC Correct Answer: C

A technician installed two ground plane antennae on 802.11n bridges connecting two buildings 500 feet apart. After configuring both radios to work at 2.4ghz and implementing the correct configuration, connectivity tests between the two buildings are unsuccessful. Which of the following should the technician do to resolve the connectivity problem?

A. Substitute wireless bridges for wireless access points A. Substitute wireless bridges for wireless access points B. Replace the 802.11n bridges with 802.11ac bridges C. Configure both bridges to use 5GHz instead of 2.4GHz D. Replace the current antennae with Yagi antennae Correct Answer: D

Which of the following is being tested when a company's payroll server is powered off for eight hours?

A. Succession plan A. Succession plan B. Business impact document C. Continuity of operations plan D. Risk assessment plan Correct Answer: C

A company's chief information officer (CIO) has analyzed the financial loss associated with the company's database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?

A. Succession plan A. Succession plan B. Continuity of operation plan C. Disaster recovery plan D. Business impact analysis Correct Answer: D

Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?

A. Succession planning A. Succession planning B. Disaster recovery C. Separation of duty D. Removing single loss expectancy Correct Answer: A

After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?

A. Succession planning A. Succession planning B. Disaster recovery plan C. Information security plan D. Business impact analysis Correct Answer: B

In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?

A. Supervisor A. Supervisor B. Administrator C. Root D. Director Correct Answer: B

Three of the primary security control types that can be implemented are.

A. Supervisory, subordinate, and peer. A. Supervisory, subordinate, and peer. B. Personal, procedural, and legal. C. Operational, technical, and management. D. Mandatory, discretionary, and permanent. Correct Answer: C

When implementing a mobile security strategy for an organization which of the following is the MOST influential concern that contributes to that organization's ability to extend enterprise policies to mobile devices?

A. Support for mobile OS B. Support of mobile apps C. Availability of mobile browsers D. Key management for mobile devices Correct Answer: D

Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?

A. Switches A. Switches B. Protocol analyzers C. Routers D. Web security gateways Correct Answer: B

Which of the following technologies uses multiple devices to share work?

A. Switching A. Switching B. Load balancing C. RAID D. VPN concentrator Correct Answer: B

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as:

A. Symmetric cryptography. A. Symmetric cryptography. B. Private key cryptography. C. Salting. D. Rainbow tables. Correct Answer: C

A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?

A. Symmetric encryption A. Symmetric encryption B. Non-repudiation C. Steganography D. Hashing Correct Answer: C

Which of the following is a hardware-based security technology included in a computer?

A. Symmetric key A. Symmetric key B. Asymmetric key C. Whole disk encryption D. Trusted platform module Correct Answer: D

An SSL session is taking place. After the handshake phase has been established and the cipher has been selected, which of the following are being used to secure data in transport? (Select TWO)

A. Symmetrical encryption A. Symmetrical encryption B. Ephemeral Key generation C. Diffie-Hellman D. AES E. RSA F. Asymmetrical encryption Correct Answer: CE

An administrator is configuring a new Linux web server where each user account is confined to a cheroot jail. Which of the following describes this type of control?

A. SysV B. Sandbox C. Zone D. Segmentation Correct Answer: B

Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate?

A. System image capture A. System image capture B. Record time offset C. Order of volatility D. Chain of custody Correct Answer: D

A security manager is preparing the training portion of an incident plan. Which of the following job roles should receive training on forensics, chain of custody, and the order of volatility?

A. System owners B. Data custodians C. First responders D. Security guards Correct Answer: C

A security administrator is reviewing the company's continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?

A. Systems should be restored within six hours and no later than two days after the incident. A. Systems should be restored within six hours and no later than two days after the incident. B. Systems should be restored within two days and should remain operational for at least six hours. C. Systems should be restored within six hours with a minimum of two days worth of data. D. Systems should be restored within two days with a minimum of six hours worth of data. Correct Answer: C

Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?

A. TACACS A. TACACS B. XTACACS C. RADIUS D. TACACS+ Correct Answer: D

Which of the following would be used when a higher level of security is desired for encryption key storage?

A. TACACS+ A. TACACS+ B. L2TP C. LDAP D. TPM Correct Answer: D

Which of the following is an authentication service that uses UDP as a transport medium?

A. TACACS+ A. TACACS+ B. LDAP C. Kerberos D. RADIUS Correct Answer: D

Which of the following authentication methods can use the SCTP and TLS protocols for reliable packet transmissions?

A. TACACS+ A. TACACS+ B. SAML C. Diameter D. Kerberos Correct Answer: C

Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?

A. TACACS+ A. TACACS+ B. Secure LDAP C. RADIUS D. Kerberos Correct Answer: D

Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens?

A. TACACS+ A. TACACS+ B. Smartcards C. Biometrics D. Kerberos Correct Answer: A

A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should be opened? (Select TWO).

A. TCP 21 A. TCP 21 B. TCP 23 C. TCP 53 D. UDP 23 E. UDP 53 Correct Answer: CE

An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE).

A. TCP 22 A. TCP 22 B. TCP 23 C. TCP 25 D. TCP 53 E. TCP 110 F. TCP 143 G. TCP 445 Correct Answer: CEF

An organization currently uses FTP for the transfer of large files, due to recent security enhancements, is now required to use a secure method of file transfer and is testing both SFTP and FTPS as alternatives. Which of the following ports should be opened on the firewall in order to test the two alternatives? (Select Two)

A. TCP 22 A. TCP 22 B. TCP 25 C. TCP 69 D. UDP 161 E. TCP 990 F. TCP 3380 Correct Answer: AE

Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?

A. TCP 23 A. TCP 23 B. UDP 69 C. TCP 22 D. TCP 21 Correct Answer: C

Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?

A. TCP port 443 and IP protocol 46 A. TCP port 443 and IP protocol 46 B. TCP port 80 and TCP port 443 C. TCP port 80 and ICMP D. TCP port 443 and SNMP Correct Answer: B

An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?

A. TCP/IP A. TCP/IP B. SSL C. SCP D. SSH Correct Answer: B

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?

A. TCP/IP socket design review A. TCP/IP socket design review B. Executable code review C. OS Baseline comparison D. Software architecture review Correct Answer: C

An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?

A. Testing controls A. Testing controls B. Risk assessment C. Signed AUP D. Routine audits Correct Answer: A

A worker dressed in a fire suppression company's uniform asks to be let into the server room to perform the annual check in the fire extinguishers. The system administrator allows the worker into the room, only to discover hours later that the worker was actually a penetration tester. Which of the following reasons allowed the penetration tester to access the server room?

A. Testing the fire suppression system represented a critical urgency A. Testing the fire suppression system represented a critical urgency B. The pen tester assumed the authority of a reputable company C. The pen tester used an intimidation technique on the administrator D. The administrator trusted that the server room would remain safe Correct Answer: B

Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).

A. Tethering A. Tethering B. Screen lock PIN C. Remote wipe D. Email password E. GPS tracking F. Device encryption Correct Answer: CF

A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?

A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues. B. Obtain the vendor's email and phone number and call them back after identifying the number of systems affected by the patch. C. Give the caller the database version and patch level so that they can receive help applying the patch. D. Call the police to report the contact about the database systems, and then check system logs for attack attempts. Correct Answer: A

Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO).

A. The CA's public key A. The CA's public key B. Ann's public key C. Joe's private key D. Ann's private key E. The CA's private key F. Joe's public key Correct Answer: DF

A risk assessment team is concerned about hosting data with a cloud service provider (CSP) which of the following findings would justify this concern?

A. The CPS utilizes encryption for data at rest and in motion A. The CPS utilizes encryption for data at rest and in motion B. The CSP takes into account multinational privacy concerns C. The financial review indicates the company is a startup D. SLA state service tickets will be resolved in less than 15 minutes Correct Answer: B

In which of the following scenarios is PKI LEAST hardened?

A. The CRL is posted to a publicly accessible location. A. The CRL is posted to a publicly accessible location. B. The recorded time offsets are developed with symmetric keys. C. A malicious CA certificate is loaded on all the clients. D. All public keys are accessed by an unauthorized user. Correct Answer: C

Which of the following is an example of a false negative?

A. The IDS does not identify a buffer overflow. A. The IDS does not identify a buffer overflow. B. Anti-virus identifies a benign application as malware. C. Anti-virus protection interferes with the normal operation of an application. D. A user account is locked out after the user mistypes the password too many times. Correct Answer: A

Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank's website, but not login. Which is the following is MOST likely the issue?

A. The IP addresses of the clients have change A. The IP addresses of the clients have change B. The client certificate passwords have expired on the server C. The certificates have not been installed on the workstations D. The certificates have been installed on the CA Correct Answer: C

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

A. To ensure proper use of social media A. To ensure proper use of social media B. To reduce organizational IT risk C. To detail business impact analyses D. To train staff on zero-days Correct Answer: B

A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue?

A. The SSID broadcast is disabled. A. The SSID broadcast is disabled. B. The company is using the wrong antenna type. C. The MAC filtering is disabled on the access point. D. The company is not using strong enough encryption. Correct Answer: A

A network security administrator is trying to determine how an attacker gained access to the corporate wireless network. The network is configured with SSID broadcast disabled. The senior network administrator explains that this configuration setting would only have determined an unsophisticated attacker because of which of the following?

A. The SSID can be obtained with a wireless packet analyzer A. The SSID can be obtained with a wireless packet analyzer B. The required information can be brute forced over time C. Disabling the SSID only hides the network from other WAPs D. The network name could be obtained through a social engineering campaign Correct Answer: A

The fundamental information security principals include confidentiality, availability and which of the following?

A. The ability to secure data against unauthorized disclosure to external sources A. The ability to secure data against unauthorized disclosure to external sources B. The capacity of a system to resist unauthorized changes to stored information C. The confidence with which a system can attest to the identity of a user D. The characteristic of a system to provide uninterrupted service to authorized users Correct Answer: B

The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure?

A. The access rules on the IDS A. The access rules on the IDS B. The pop up blocker in the employee's browser C. The sensitivity level of the spam filter D. The default block page on the URL filter Correct Answer: D

The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment?

A. The administrator will need to deploy load balancing and clustering. A. The administrator will need to deploy load balancing and clustering. B. The administrator may spend more on licensing but less on hardware and equipment. C. The administrator will not be able to add a test virtual environment in the data center. D. Servers will encounter latency and lowered throughput issues. Correct Answer: B

Which of the following BEST describes a SQL Injection attack?

A. The attacker attempts to have the receiving server pass information to a back-end database from which it A. The attacker attempts to have the receiving server pass information to a back-end database from which it can compromise the stored information. B. The attacker attempts to have the receiving server run a payload using programming commonly found on web servers. C. The attacker overwhelms a system or application, causing it to crash and bring the server down to cause an outage. D. The attacker overwhelms a system or application, causing it to crash, and then redirects the memory address to read from a location holding the payload. Correct Answer: A

The system administrator has been notified that many users are having difficulty connecting to the company's wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?

A. The certificate used to authenticate users has been compromised and revoked. A. The certificate used to authenticate users has been compromised and revoked. B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access. C. An attacker has gained access to the access point and has changed the encryption keys. D. An unauthorized access point has been configured to operate on the same channel. Correct Answer: D

A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?

A. The certificate will be added to the Certificate Revocation List (CRL). A. The certificate will be added to the Certificate Revocation List (CRL). B. Clients will be notified that the certificate is invalid. C. The ecommerce site will not function until the certificate is renewed. D. The ecommerce site will no longer use encryption. Correct Answer: B

After correctly configuring a new wireless enabled thermostat to control the temperature of the company's meeting room, Joe, a network administrator determines that the thermostat is not connecting to the internetbased control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

A. The company implements a captive portal B. The thermostat is using the incorrect encryption algorithm C. the WPA2 shared likely is incorrect D. The company's DHCP server scope is full Correct Answer: C

Ann a new security specialist is attempting to access the internet using the company's open wireless network. The wireless network is not encrypted: however, once associated, ANN cannot access the internet or other company resources. In an attempt to troubleshoot, she scans the wireless network with NMAP, discovering the only other device on the wireless network is a firewall. Which of the following BEST describes the company's wireless network solution?

A. The company uses VPN to authenticate and encrypt wireless connections and traffic A. The company uses VPN to authenticate and encrypt wireless connections and traffic B. The company's wireless access point is being spoofed C. The company's wireless network is unprotected and should be configured with WPA2 D. The company is only using wireless for internet traffic so it does not need additional encryption Correct Answer: A

Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason?

A. The company wireless is using a MAC filter. A. The company wireless is using a MAC filter. B. The company wireless has SSID broadcast disabled. C. The company wireless is using WEP. D. The company wireless is using WPA2. Correct Answer: A

During an office move a sever containing the employee information database will be shut down and transported to a new location. Which of the following would BEST ensure the availability of the employee database should happen to the server during the move?

A. The contents of the database should be encrypted; the encryption key should be stored off-site A. The contents of the database should be encrypted; the encryption key should be stored off-site B. A hash of the database should be taken and stored on an external drive prior to the move C. The database should be placed on a drive that consists of a RAID array prior to the move D. A backup of the database should be stored on an external hard drive prior to the move Correct Answer: D

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp's debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?

A. The data should be encrypted prior to transport A. The data should be encrypted prior to transport B. This would not constitute unauthorized data sharing C. This may violate data ownership and non-disclosure agreements D. Acme Corp should send the data to ABC Services' vendor instead Correct Answer: C

After a new RADIUS server is added to the network, an employee is unable to connect to the company's WPA2-Enterprise WIFI network, which is configured to prompt for the employee's network username and password. The employee reports receiving an error message after a brief connection attempt, but is never prompted for credentials. Which of the following issues could be causing the problem?

A. The employee's account is locked out in the directory service A. The employee's account is locked out in the directory service B. The new RADIUS server is overloading the wireless access point C. The new RADIUS server's certificate is not trusted by the employee's PC D. The employee's account is disabled in the RADIUS server's local database Correct Answer: A

Joe a sales employee is connecting to a wireless network and has entered the network information correctly. His computer remains connected to the network but he cannot access any resources on the network. Which of the following is the MOST likely cause of this issue?

A. The encryption is too strong A. The encryption is too strong B. The network SSID is disabled C. MAC filtering is enabled D. The wireless antenna power is set too low Correct Answer: D

Which of the following is a best practice when a mistake is made during a forensics examination?

A. The examiner should verify the tools before, during, and after an examination. A. The examiner should verify the tools before, during, and after an examination. B. The examiner should attempt to hide the mistake during cross-examination. C. The examiner should document the mistake and workaround the problem. D. The examiner should disclose the mistake and assess another area of the disc. Correct Answer: C

The security administrator installed a newly generated SSL certificate onto the company web server. Due to a misconfiguration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised?

A. The file containing the recovery agent's keys. A. The file containing the recovery agent's keys. B. The file containing the public key. C. The file containing the private key. D. The file containing the server's encrypted passwords. Correct Answer: B

Which of the following BEST describes the weakness in WEP encryption?

A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived. B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key. C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions. D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key. Correct Answer: D

Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?

A. To ensure that false positives are identified A. To ensure that false positives are identified B. To ensure that staff conform to the policy C. To reduce the organizational risk D. To require acceptable usage of IT systems Correct Answer: C

Some customers have reported receiving an untrusted certificate warning when visiting the company's website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?

A. The intermediate CA certificates were not installed on the server. A. The intermediate CA certificates were not installed on the server. B. The certificate is not the correct type for a virtual server. C. The encryption key used in the certificate is too short. D. The client's browser is trying to negotiate SSL instead of TLS. Correct Answer: A

The incident response team has received the following email message. From: [email protected] To: [email protected] Subject: Copyright infringement A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT. After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident. 09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john 09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne 10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov 11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?

A. The logs are corrupt and no longer forensically sound. A. The logs are corrupt and no longer forensically sound. B. Traffic logs for the incident are unavailable. C. Chain of custody was not properly maintained. D. Incident time offsets were not accounted for. Correct Answer: D

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68. Which of the following replies has the administrator received?

A. The loopback address A. The loopback address B. The local MAC address C. IPv4 address D. IPv6 address Correct Answer: D

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

A. The malicious user has access to the WPA2-TKIP key. A. The malicious user has access to the WPA2-TKIP key. B. The wireless access point is broadcasting the SSID. C. The malicious user is able to capture the wired communication. D. The meeting attendees are using unencrypted hard drives. Correct Answer: C

A classroom utilizes workstations running virtualization software for a maximum of one virtual machine per working station. The network settings on the virtual machines are set to bridged. Which of the following describes how the switch in the classroom should be configured to allow for the virtual machines and host workstation to connect to network resources?

A. The maximum-mac settings of the ports should be set to zero A. The maximum-mac settings of the ports should be set to zero B. The maximum-mac settings of the ports should be set to one C. The maximum-mac settings of the ports should be set to two D. The maximum mac settings of the ports should be set to three Correct Answer: A

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?

A. The network uses the subnet of 255.255.255.128. A. The network uses the subnet of 255.255.255.128. B. The switch has several VLANs configured on it. C. The sub-interfaces are configured for VoIP traffic. D. The sub-interfaces each implement quality of service. Correct Answer: B

A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?

A. The new virtual server's MAC address was not added to the ACL on the switch A. The new virtual server's MAC address was not added to the ACL on the switch B. The new virtual server's MAC address triggered a port security violation on the switch C. The new virtual server's MAC address triggered an implicit deny in the switch D. The new virtual server's MAC address was not added to the firewall rules on the switch Correct Answer: A

Which of the following best describes the initial processing phase used in mobile device forensics?

A. The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device B. The removable data storage cards should be processed first to prevent data alteration when examining the mobile device C. The mobile device should be examined first, then removable storage and lastly the phone without removable storage should be examined again D. The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately. Correct Answer: A

Which of the following explains the difference between a public key and a private key?

A. The public key is only used by the client while the private key is available to all. A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. D. The private key is only used by the client and kept secret while the public key is available to all. Correct Answer: D

When employing PKI to send signed and encrypted data the individual sending the data must have: (Select TWO)

A. The receiver's private key A. The receiver's private key B. The root certificate C. The sender's private key D. The sender's public key E. The receiver's public key Correct Answer: CE

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

A. The request needs to be sent to the incident management team. A. The request needs to be sent to the incident management team. B. The request needs to be approved through the incident management process. C. The request needs to be approved through the change management process. D. The request needs to be sent to the change management team. Correct Answer: C

The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following?

A. The risks associated with the large capacity of USB drives and their concealable nature A. The risks associated with the large capacity of USB drives and their concealable nature B. The security costs associated with securing the USB drives over time C. The cost associated with distributing a large volume of the USB pens D. The security risks associated with combining USB drives and cell phones on a network Correct Answer: A

Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?

A. The security company is provided with all network ranges, security devices in place, and logical maps of the A. The security company is provided with all network ranges, security devices in place, and logical maps of the network. B. The security company is provided with no information about the corporate network or physical locations. C. The security company is provided with limited information on the network, including all network diagrams. D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams. Correct Answer: B

A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12?

A. The server's network switch port must be enabled for 802.11x on VLAN 12. A. The server's network switch port must be enabled for 802.11x on VLAN 12. B. The server's network switch port must use VLAN Q-in-Q for VLAN 12. C. The server's network switch port must be 802.1q untagged for VLAN 12. D. The server's network switch port must be 802.1q tagged for VLAN 12. Correct Answer: D

A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled?

A. The supervisor should be allowed to have access to the spreadsheet files, and their membership in the A. The supervisor should be allowed to have access to the spreadsheet files, and their membership in the human resources group should be terminated. B. The supervisor should be removed from the human resources group and added to the accounting group. C. The supervisor should be added to the accounting group while maintaining their membership in the human resources group. D. The supervisor should only maintain membership in the human resources group. Correct Answer: C

Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?

A. The system is running 802.1x. A. The system is running 802.1x. B. The system is using NAC. C. The system is in active-standby mode. D. The system is virtualized. Correct Answer: D

When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results?

A. The user is attempting to highjack the web server session using an open-source browser. A. The user is attempting to highjack the web server session using an open-source browser. B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks. C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website. D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website. Correct Answer: D

A company requires that all users enroll in the corporate PKI structure and digitally sign all emails. Which of the following are primary reasons to sign emails with digital certificates? (Select TWO)

A. To establish non-repudiation A. To establish non-repudiation B. To ensure integrity C. To prevent SPAM D. To establish data loss prevention E. To protect confidentiality F. To establish transport encryption Correct Answer: BE

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring?

A. The user is encrypting the data in the outgoing messages. A. The user is encrypting the data in the outgoing messages. B. The user is using steganography. C. The user is spamming to obfuscate the activity. D. The user is using hashing to embed data in the emails. Correct Answer: B

Which of the following could cause a browser to display the message below? "The security certificate presented by this website was issued for a different website's address."

A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs. A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs. B. The website is using a wildcard certificate issued for the company's domain. C. HTTPS://127.0.01 was used instead of HTTPS://localhost. D. The website is using an expired self signed certificate. Correct Answer: C

A user of the wireless network is unable to gain access to the network. The symptoms are: 1.) Unable to connect to both internal and Internet resources 2.) The wireless icon shows connectivity but has no network access The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to authenticate. Which of the following is the MOST likely cause of the connectivity issues?

A. The wireless signal is not strong enough B. A remote DDoS attack against the RADIUS server is taking place C. The user's laptop only supports WPA and WEP D. The DHCP scope is full E. The dynamic encryption key did not update while the user was offline Correct Answer: A

A password history value of three means which of the following?

A. Three different passwords are used before one can be reused. A. Three different passwords are used before one can be reused. B. A password cannot be reused once changed for three years. C. After three hours a password must be re-entered to continue. D. The server stores passwords in the database for three days. Correct Answer: A

In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?

A. Three factor A. Three factor B. Single factor C. Two factor D. Four factor Correct Answer: B

Which of the following BEST explains the use of an HSM within the company servers?

A. Thumb drives present a significant threat which is mitigated by HSM. A. Thumb drives present a significant threat which is mitigated by HSM. B. Software encryption can perform multiple functions required by HSM. C. Data loss by removable media can be prevented with DLP. D. Hardware encryption is faster than software encryption. Correct Answer: D

An organization is implementing a password management application which requires that all local administrator passwords be stored and automatically managed. Auditors will be responsible for monitoring activities in the application by reviewing the logs. Which of the following security controls is the BEST option to prevent auditors from accessing or modifying passwords in the application?

A. Time of day restrictions A. Time of day restrictions B. Create user accounts for the auditors and assign read-only access C. Mandatory access control D. Role-based access with read-only Correct Answer: D

Which of the following security concepts can prevent a user from logging on from home during the weekends?

A. Time of day restrictions A. Time of day restrictions B. Multifactor authentication C. Implicit deny D. Common access card Correct Answer: A

An audit has revealed that database administrators are also responsible for auditing database changes and backup logs. Which of the following access control methodologies would BEST mitigate this concern?

A. Time of day restrictions B. Principle of least privilege C. Role-based access control D. Separation of duties Correct Answer: D

After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?

A. Time-of-day restrictions B. Change management C. Periodic auditing of user credentials D. User rights and permission review Correct Answer: D

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the organization incurs in this situation in the future?

A. Time-of-day restrictions B. User access reviews C. Group-based privileges D. Change management policies Correct Answer: B

After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).

A. To allow load balancing for cloud support A. To allow load balancing for cloud support B. To allow for business continuity if one provider goes out of business C. To eliminate a single point of failure D. To allow for a hot site in case of disaster E. To improve intranet communication speeds Correct Answer: BC

Which of the following best describes the reason for using hot and cold aisles?

A. To ensure air exhaust from one aisle doesn't blow into the air intake of the next aisle A. To ensure air exhaust from one aisle doesn't blow into the air intake of the next aisle B. To ensure the dewpoint stays low enough that water doesn't condensate on equipment C. To decrease amount of power wiring that is run to each aisle D. Too maintain proper humidity in the datacenter across all aisles Correct Answer: A

The below report indicates that the system is MOST likely infected by which of the following? Protocol LOCAL IP FOREIGN IP STATE TCP 0.0.0:445 0.0.0.0:0 Listening TCP 0.0.0.0:3390 0.0.0.0:0 Listening

A. Trojan A. Trojan B. Worm C. Logic bomb D. Spyware Correct Answer: A

Why would a technician use a password cracker?

A. To look for weak passwords on the network A. To look for weak passwords on the network B. To change a user's passwords when they leave the company C. To enforce password complexity requirements D. To change users passwords if they have forgotten them Correct Answer: A

LDAP and Kerberos are commonly used for which of the following?

A. To perform queries on a directory service A. To perform queries on a directory service B. To store usernames and passwords for Federated Identity C. To sign SSL wildcard certificates for subdomains D. To utilize single sign-on capabilities Correct Answer: D

Which of the following BEST represents the goal of a vulnerability assessment?

A. To test how a system reacts to known threats A. To test how a system reacts to known threats B. To reduce the likelihood of exploitation C. To determine the system's security posture D. To analyze risk mitigation strategies Correct Answer: C

On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue?

A. Too many incorrect authentication attempts have caused users to be temporarily disabled. A. Too many incorrect authentication attempts have caused users to be temporarily disabled. B. The DNS server is overwhelmed with connections and is unable to respond to queries. C. The company IDS detected a wireless attack and disabled the wireless network. D. The Remote Authentication Dial-In User Service server certificate has expired. Correct Answer: D

Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?

A. Train employees on correct data disposal techniques and enforce policies. A. Train employees on correct data disposal techniques and enforce policies. B. Only allow employees to enter or leave through one door at specified times of the day. C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance. D. Train employees on risks associated with social engineering attacks and enforce policies. Correct Answer: D

A security administrator is installing a single camera outside in order to detect unauthorized vehicles in the parking lot. Which of the following is the MOST important consideration when deploying a CCTV camera to meet the requirement?

A. Training A. Training B. Expense C. Resolution D. Field of view Correct Answer: C

A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?

A. Training staff on security policies A. Training staff on security policies B. Establishing baseline reporting C. Installing anti-malware software D. Disabling unnecessary accounts/services Correct Answer: B

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

A. Transitive access B. Spoofing C. Man-in-the-middle D. Replay Correct Answer: C

A user authenticates to a local directory server. The user then opens a virtualization client to connect to a virtual server. Instead of supplying a username/password combination, the user simply checks a use directory credentials checkbox to authenticate to the virtual server. Which of the following authentication types has been utilized?

A. Transitive trust A. Transitive trust B. Common access card C. Multifactor authentication D. Single sign-on Correct Answer: B

An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient. Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement?

A. Transitive trust B. Symmetric encryption C. Two-factor authentication D. Digital signatures E. One-time passwords Correct Answer: D

Which of the following describes the implementation of PAT?

A. Translating the source and destination IPS, but not the source and destination ports A. Translating the source and destination IPS, but not the source and destination ports B. A one to one persistent mapping between on private IP and one Public IP C. Changing the priority of a TCP stream based on the source address D. Associating multiple public IP addresses with one private address Correct Answer: D

A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights?

A. Transport encryption A. Transport encryption B. IPsec C. Non-repudiation D. Public key infrastructure Correct Answer: D

Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?

A. Transport encryption A. Transport encryption B. Steganography C. Hashing D. Digital signature Correct Answer: B

Which of the following is the FIRST step in a forensics investigation when a breach of a client's workstation has been confirmed?

A. Transport the workstation to a secure facility A. Transport the workstation to a secure facility B. Analyze the contents of the hard drive C. Restore any deleted files and / or folders D. Make a bit-for-bit copy of the system Correct Answer: D

A user, Ann, is reporting to the company IT support group that her workstation screen is blank other than a window with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Ann's workstation?

A. Trojan A. Trojan B. Spyware C. Adware D. Ransomware Correct Answer: D

A rogue programmer included a piece of code in an application to cause the program to halt at 2:00 PM on Monday afternoon when the application is most utilized. This is Which of the following types of malware?

A. Trojan A. Trojan B. Virus C. Logic Bomb D. Botnets Correct Answer: C

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?

A. True negatives A. True negatives B. True positives C. False positives D. False negatives Correct Answer: C

A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements?

A. Trust model A. Trust model B. Key escrow C. OCSP D. PKI Correct Answer: A

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

A. Trust model A. Trust model B. Public Key Infrastructure C. Private key D. Key escrow Correct Answer: D

When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?

A. Trust models A. Trust models B. CRL C. CA D. Recovery agent Correct Answer: C

An organization uses a Kerberos-based LDAP service for network authentication. The service is also utilized for internal web applications. Finally access to terminal applications is achieved using the same authentication method by joining the legacy system to the Kerberos realm. This company is using Kerberos to achieve which of the following?

A. Trusted Operating System B. Rule-based access control C. Single sign on D. Mandatory access control Correct Answer: C

Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?

A. Two factor authentication A. Two factor authentication B. Identification and authorization C. Single sign-on D. Single factor authentication Correct Answer: A

Which of the following protocols provides for mutual authentication of the client and server?

A. Two-factor authentication A. Two-factor authentication B. Radius C. Secure LDAP D. Biometrics Correct Answer: C

The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types?

A. Two-factor authentication A. Two-factor authentication B. Single sign-on C. Multifactor authentication D. Single factor authentication Correct Answer: D

A security manager installed a standalone fingerprint reader at the data center. All employees that need to access the data center have been enrolled to the reader and local reader database is always kept updates. When an employee who has been enrolled uses the fingerprint reader the door to the data center opens. Which of the following does this demonstrate? (Select THREE)

A. Two-factor authentication A. Two-factor authentication B. Single sign-on C. Something you have D. Identification E. Authentication F. Authorization Correct Answer: ADE

An organization is moving its human resources system to a cloud services provider. The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?

A. Two-factor authentication B. Account and password synchronization C. Smartcards with PINS D. Federated authentication Correct Answer: D

The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?

A. TwoFish A. TwoFish B. SHA-512 C. Fuzzy hashes D. HMAC Correct Answer: C

Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?

A. Twofish A. Twofish B. Diffie-Hellman C. ECC D. RSA Correct Answer: C

A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?

A. Typo squatting A. Typo squatting B. Session hijacking C. Cross-site scripting D. Spear phishing Correct Answer: A

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

A. Unified Threat Management A. Unified Threat Management B. Virtual Private Network C. Single sign on D. Role-based management Correct Answer: A

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

A. Unified Threat Management A. Unified Threat Management B. Virtual Private Network C. Single sign on D. Role-based management Correct Answer: A

Which of the following is the MOST likely cause of users being unable to verify a single user's email signature and that user being unable to decrypt sent messages?

A. Unmatched key pairs A. Unmatched key pairs B. Corrupt key escrow C. Weak public key D. Weak private key Correct Answer: A

During a recent investigation, an auditor discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. Which of the following is MOST likely to protect the SCADA systems from misuse?

A. Update anti-virus definitions on SCADA systems A. Update anti-virus definitions on SCADA systems B. Audit accounts on the SCADA systems C. Install a firewall on the SCADA network D. Deploy NIPS at the edge of the SCADA network Correct Answer: D

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

A. Upgrade the authentication system to use biometrics instead. A. Upgrade the authentication system to use biometrics instead. B. Temporarily disable password complexity requirements. C. Set a temporary password that expires upon first use. D. Retrieve the user password from the credentials database. Correct Answer: C

A company wishes to prevent unauthorized employee access to the data center. Which of the following is the MOST secure way to meet this goal?

A. Use Motion detectors to signal security whenever anyone entered the center A. Use Motion detectors to signal security whenever anyone entered the center B. Mount CCTV cameras inside the center to monitor people as they enter C. Install mantraps at every entrance to the data center in conjunction with their badges D. Place biometric readers at the entrances to verify employees' identity Correct Answer: C

An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?

A. Use a honeypot B. Disable unnecessary services C. Implement transport layer security D. Increase application event logging Correct Answer: B

A security administrator finds that an intermediate CA within the company was recently breached. The certificates held on this system were lost during the attack, and it is suspected that the attackers had full access to the system. Which of the following is the NEXT action to take in this scenario?

A. Use a recovery agent to restore the certificates used by the intermediate CA A. Use a recovery agent to restore the certificates used by the intermediate CA B. Revoke the certificate for the intermediate CA C. Recover the lost keys from the intermediate CA key escrow D. Issue a new certificate for the root CA Correct Answer: B

An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?

A. Use a stateful firewall A. Use a stateful firewall B. Enable MAC filtering C. Upgrade to WPA2 encryption D. Force the WAP to use channel 1 Correct Answer: B

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?

A. Use certificates signed by the company CA B. Use a signing certificate as a wild card certificate C. Use certificates signed by a public ca D. Use a self-signed certificate on each internal server Correct Answer: A

An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions. Which of the following database designs provides the BEST security for the online store?

A. Use encryption for the credential fields and hash the credit card field A. Use encryption for the credential fields and hash the credit card field B. Encrypt the username and hash the password C. Hash the credential fields and use encryption for the credit card field D. Hash both the credential fields and the credit card field Correct Answer: C

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO's requirements?

A. Username and password A. Username and password B. Retina scan and fingerprint scan C. USB token and PIN D. Proximity badge and token Correct Answer: C

Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option?

A. Use hardware already at an offsite location and configure it to be quickly utilized. A. Use hardware already at an offsite location and configure it to be quickly utilized. B. Move the servers and data to another part of the company's main campus from the server room. C. Retain data back-ups on the main campus and establish redundant servers in a virtual environment. D. Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy. Correct Answer: A

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate-based authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?

A. Use of OATH between the user and the service and attestation from the company domain B. Use of active directory federation between the company and the cloud-based service C. Use of smartcards that store x.509 keys, signed by a global CA D. Use of a third-party, SAML-based authentication service for attestation Correct Answer: B

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

A. User Awareness A. User Awareness B. Acceptable Use Policy C. Personal Identifiable Information D. Information Sharing Correct Answer: C

A file on a Linux server has default permissions of rw-rw-r--. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?

A. User ownership information for the file in question A. User ownership information for the file in question B. Directory permissions on the parent directory of the file in question C. Group memberships for the group owner of the file in question D. The file system access control list (FACL) for the file in question Correct Answer: C

Privilege creep among long-term employees can be mitigated by which of the following procedures?

A. User permission reviews A. User permission reviews B. Mandatory vacations C. Separation of duties D. Job function rotation Correct Answer: A

The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager?

A. User permissions A. User permissions B. Policy enforcement C. Routine audits D. Change management Correct Answer: C

The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?

A. User permissions reviews A. User permissions reviews B. Incident response team C. Change management D. Routine auditing Correct Answer: D

A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies?

A. User rights and permissions review A. User rights and permissions review B. Change management C. Data loss prevention D. Implement procedures to prevent data theft Correct Answer: A

Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?

A. User rights and permissions review A. User rights and permissions review B. Configuration management C. Incident management D. Implement security controls on Layer 3 devices Correct Answer: A

Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?

A. User rights reviews A. User rights reviews B. Incident management C. Risk based controls D. Annual loss expectancy Correct Answer: A

An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

A. User rights reviews A. User rights reviews B. Least privilege and job rotation C. Change management D. Change Control Correct Answer: A

Which of the following BEST describes part of the PKI process?

A. User1 decrypts data with User2's private key A. User1 decrypts data with User2's private key B. User1 hashes data with User2's public key C. User1 hashes data with User2's private key D. User1 encrypts data with User2's public key Correct Answer: D

An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?

A. Using a software file recovery disc A. Using a software file recovery disc B. Mounting the drive in read-only mode C. Imaging based on order of volatility D. Hashing the image after capture Correct Answer: B

A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery?

A. Utilizing a single question for password recovery B. Sending a PIN to a smartphone through text message C. Utilizing CAPTCHA to avoid brute force attacks D. Use a different e-mail address to recover password Correct Answer: B

The systems administrator wishes to implement a hardware-based encryption method that could also be used to sign code. They can achieve this by:

A. Utilizing the already present TPM. A. Utilizing the already present TPM. B. Configuring secure application sandboxes. C. Enforcing whole disk encryption. D. Moving data and applications into the cloud. Correct Answer: A

The network manager has obtained a public IP address for use with a new system to be available via the internet. This system will be placed in the DMZ and will communicate with a database server on the LAN. Which of the following should be used to allow fir proper communication between internet users and the internal systems?

A. VLAN A. VLAN B. DNS C. NAT D. HTTP E. SSL Correct Answer: C

Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of misconfigurations or faults?

A. VLAN A. VLAN B. Protocol security C. Port security D. VSAN Correct Answer: D

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

A. VLAN A. VLAN B. Subnet C. VPN D. DMZ Correct Answer: D

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

A. VLAN A. VLAN B. Subnetting C. DMZ D. NAT Correct Answer: C

Which of the following design components is used to isolate network devices such as web servers?

A. VLAN A. VLAN B. VPN C. NAT D. DMZ Correct Answer: D

A BYOD policy in which employees are able to access the wireless guest network is in effect in an organization. Some users however are using the Ethernet port in personal laptops to the wired network. Which of the following could an administrator use to ensure that unauthorized devices are not allowed to access the wired network?

A. VLAN access rules configured to reject packets originating from unauthorized devices A. VLAN access rules configured to reject packets originating from unauthorized devices B. Router access lists configured to block the IP addresses of unauthorized devices C. Firewall rules configured to block the MAC addresses of unauthorized devices D. Port security configured shut down the port when unauthorized devices connect Correct Answer: D

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected?

A. VPN A. VPN B. VLAN C. WPA2 D. MAC filtering Correct Answer: B

The public key is used to perform which of the following? (Select THREE).

A. Validate the CRL A. Validate the CRL B. Validate the identity of an email sender C. Encrypt messages D. Perform key recovery E. Decrypt messages F. Perform key escrow Correct Answer: BCE

Which of the following should be done before resetting a user's password due to expiration?

A. Verify the user's domain membership. A. Verify the user's domain membership. B. Verify the user's identity. C. Advise the user of new policies. D. Verify the proper group membership. Correct Answer: B

Which of the following access methods uses radio frequency waves for authentication?

A. Video surveillance A. Video surveillance B. Mantraps C. Proximity readers D. Biometrics Correct Answer: C

Which of the following is considered an environmental control?

A. Video surveillance A. Video surveillance B. Proper lighting C. EMI shielding D. Fencing Correct Answer: C

Company A and Company B both supply contractual services to a fast paced and growing auto parts manufacturer with a small local Area Network (LAN) at its local site. Company A performs in-house billing and invoices services for the local auto parts manufactacturer. Company B provides in-house parts and widgets services for the local auto parts manufacturers. Which of the following is the BEST method to mitigate security risk within the environment?

A. Virtual Private Network A. Virtual Private Network B. Role-Based access C. Network segmentation D. Public Key Infrastructure Correct Answer: C

A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements?

A. Virtual desktop infrastructure (IDI) B. WS-security and geo-fencing C. A hardware security module (HSM) D. RFID tagging system E. MDM software F. Security Requirements Traceability Matrix (SRTM) Correct Answer: E

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).

A. Virtual switch A. Virtual switch B. NAT C. System partitioning D. Access-list E. Disable spanning tree F. VLAN Correct Answer: AF

Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?

A. Virtualization A. Virtualization B. Remote access C. Network access control D. Blade servers Correct Answer: A

A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?

A. Virtualization A. Virtualization B. Subnetting C. IaaS D. SaaS Correct Answer: A

Which of the following malware types typically allows an attacker to monitor a user's computer, is characterized by a drive-by download, and requires no user interaction?

A. Virus A. Virus B. Logic bomb C. Spyware D. Adware Correct Answer: C

Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?

A. Viruses are a subset of botnets which are used as part of SYN attacks. A. Viruses are a subset of botnets which are used as part of SYN attacks. B. Botnets are a subset of malware which are used as part of DDoS attacks. C. Viruses are a class of malware which create hidden openings within an OS. D. Botnets are used within DR to ensure network uptime and viruses are not. Correct Answer: B

A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?

A. Vishing A. Vishing B. Phishing C. Whaling D. SPAM E. SPIM Correct Answer: B

A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal?

A. Visitor logs A. Visitor logs B. Firewall C. Hardware locks D. Environmental monitoring Correct Answer: C

Joe, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system. Which of the following does he need to estimate NEXT in order to complete his risk calculations?

A. Vulnerabilities A. Vulnerabilities B. Risk C. Likelihood D. Threats Correct Answer: A

When an authorized application is installed on a server, the application triggers an alert on the HIDS. This is known as a:

A. Vulnerability A. Vulnerability B. False negative C. False positive D. Threat vector Correct Answer: C

Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?

A. Vulnerability assessment A. Vulnerability assessment B. Black box testing C. White box testing D. Penetration testing Correct Answer: A

A company is rolling out a new e-commerce website. The security analyst wants to reduce the risk of the new website being comprised by confirming that system patches are up to date, application hot fixes are current, and unneeded ports and services have been disabled. To do this, the security analyst will perform a:

A. Vulnerability assessment A. Vulnerability assessment B. White box test C. Penetration test D. Peer review Correct Answer: A

An administrator is concerned that a company's web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?

A. Vulnerability scan A. Vulnerability scan B. Risk assessment C. Virus scan D. Network sniffer Correct Answer: A

Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?

A. Vulnerability scanner A. Vulnerability scanner B. Honeynet C. Protocol analyzer D. Port scanner Correct Answer: B

Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

A. Vulnerability scanning A. Vulnerability scanning B. Port scanning C. Penetration testing D. Black box Correct Answer: A

Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following?

A. Vulnerability scanning A. Vulnerability scanning B. SQL injection C. Penetration testing D. Antivirus update Correct Answer: A

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?

A. WAF A. WAF B. NIDS C. Routers D. Switches Correct Answer: A

Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?

A. WEP A. WEP B. MAC filtering C. Disabled SSID broadcast D. TKIP Correct Answer: B

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?

A. WEP A. WEP B. WPA2 CCMP C. Disable SSID broadcast and increase power levels D. MAC filtering Correct Answer: B

Which of the following is a concern when encrypting wireless data with WEP?

A. WEP displays the plain text entire key when wireless packet captures are reassembled A. WEP displays the plain text entire key when wireless packet captures are reassembled B. WEP implements weak initialization vectors for key transmission C. WEP uses a very weak encryption algorithm D. WEP allows for only four pre-shared keys to be configured Correct Answer: B

Which of the following cryptographic methods is most secure for a wireless access point?

A. WPA with LEAP A. WPA with LEAP B. TKIP C. WEP with PSK D. WPA2 with PSK Correct Answer: D

A security administrator discovered that all communication over the company's encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee's credentials. Which of the following technology is MOST likely in use on the company's wireless?

A. WPA with TKIP A. WPA with TKIP B. VPN over open wireless C. WEP128-PSK D. WPA2-Enterprise Correct Answer: C

By hijacking unencrypted cookies an application allows an attacker to take over existing web sessions that do not use SSL or end to end encryption. Which of the following choices BEST mitigates the security risk of public web surfing? (Select TWO)

A. WPA2 A. WPA2 B. WEP C. Disabling SSID broadcasting D. VPN E. Proximity to WIFI access point Correct Answer: AD

A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?

A. WPA2 A. WPA2 B. WPA C. IPv6 D. IPv4 Correct Answer: C

RC4 is a strong encryption protocol that is generally used with which of the following?

A. WPA2 CCMP A. WPA2 CCMP B. PEAP C. WEP D. EAP-TLS Correct Answer: C

A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?

A. WPA2 CCMP A. WPA2 CCMP B. WPA C. WPA with MAC filtering D. WPA2 TKIP Correct Answer: A

A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement?

A. WPA2 over EAP-TTLS A. WPA2 over EAP-TTLS B. WPA-PSK C. WPA2 with WPS D. WEP over EAP-PEAP Correct Answer: D

Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4 protocol. Which of the following is a wireless encryption solution that the technician should implement while ensuring the STRONGEST level of security?

A. WPA2-AES A. WPA2-AES B. 802.11ac C. WPA-TKIP D. WEP Correct Answer: C

A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented?

A. WPA2-CCMP with 802.1X A. WPA2-CCMP with 802.1X B. WPA2-PSK C. WPA2-CCMP D. WPA2-Enterprise Correct Answer: D

DRAG DROP A security administrator is given the security and availability profiles for servers that are being deployed. Match each RAID type with the correct configuration and MINIMUM number of drives. Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions: All drive definitions can be dragged as many times as necessary Not all placeholders may be filled in the RAID configuration boxes If parity is required, please select the appropriate number of parity checkboxes Server profiles may be dragged only once Instructions: If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue. Select and Place:Section: Application, Data and Host Security Explanation Explanation/Reference: RAID-0 is known as striping. It is not a fault tolerant solution but does improve disk performance for read/write operations. Striping requires a minimum of two disks and does not use parity. RAID-0 can be used where performance is required over fault tolerance, such as a media streaming server. RAID-1 is known as mirroring because the same data is written to two disks so that the two disks have identical data. This is a fault tolerant solution that halves the storage space. A minimum of two disks are used in mirroring and does not use parity. RAID-1 can be used where fault tolerance is required over performance, such as on an authentication server. RAID-5 is a fault tolerant solution that uses parity and striping. A minimum of three disks are required for RAID- 5 with one disk's worth of space being used for parity information. However, the parity information is distributed across all the disks. RAID-5 can recover from a sing disk failure. RAID-6 is a fault tolerant solution that uses dual parity and striping. A minimum of four disks are required for RAID-6. Dual parity allows RAID-6 to recover from the simultaneous failure of up to two disks. Critical data should be stored on a RAID-6 system. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 34-36, 234-235 Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following is an authentication method Jane should use?

A. WPA2-PSK A. WPA2-PSK B. WEP-PSK C. CCMP D. LEAP Correct Answer: D

After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting?

A. WPA2-PSK requires a supplicant on the mobile device. A. WPA2-PSK requires a supplicant on the mobile device. B. Hardware address filtering is blocking the device. C. TCP/IP Port filtering has been implemented on the SOHO router. D. IP address filtering has disabled the device from connecting. Correct Answer: B

A security administrator is using a software program to test the security of a wireless access point. After running the program for a few hours, the access point sends the wireless secret key back to the software program. Which of the following attacks is this an example of?

A. WPS A. WPS B. IV C. Deauth D. Replay Correct Answer: C

Which of the following attacks allows access to contact lists on cellular phones?

A. War chalking A. War chalking B. Blue jacking C. Packet sniffing D. Bluesnarfing Correct Answer: D

A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?

A. War chalking A. War chalking B. Bluejacking C. War driving D. Bluesnarfing Correct Answer: B

Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate?

A. War dialing A. War dialing B. War chalking C. War driving D. Bluesnarfing Correct Answer: A

The practice of marking open wireless access points is called which of the following?

A. War dialing A. War dialing B. War chalking C. War driving D. Evil twin Correct Answer: B

Which of the following would MOST likely involve GPS?

A. Wardriving A. Wardriving B. Protocol analyzer C. Replay attack D. WPS attack Correct Answer: A

Which of the following disaster recovery strategies has the highest cost and shortest recovery time?

A. Warm site A. Warm site B. Hot site C. Cold site D. Co-location site Correct Answer: B

Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?

A. Warm site A. Warm site B. Load balancing C. Clustering D. RAID Correct Answer: C

The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand?

A. Warm site implementation for the datacenter A. Warm site implementation for the datacenter B. Geographically disparate site redundant datacenter C. Localized clustering of the datacenter D. Cold site implementation for the datacenter Correct Answer: B

Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?

A. Water base sprinkler system A. Water base sprinkler system B. Electrical C. HVAC D. Video surveillance Correct Answer: C

An employee attempts to go to a well-known bank site using the company-standard web browser by correctly typing in the address of the site into the web browser. The employee is directed to a website that looks like the bank's site but is not the actual bank site. The employee's user name and password are subsequently stolen. This is an example of which of the following?

A. Watering hole attack A. Watering hole attack B. Cross-site scripting C. DNS poisoning D. Man-in-the-middle attack Correct Answer: C

A company recently experienced several security breaches that resulted in confidential data being infiltrated form the network. The forensic investigation revealed that the data breaches were caused by an insider accessing files that resided in shared folders who then encrypted the data and sent it to contacts via third party email. Management is concerned that other employees may also be sending confidential files outside of the company to the same organization. Management has requested that the IT department implement a solution that will allow them to: Track access and sue of files marked confidential, provide documentation that can be sued for investigations, prevent employees from sending confidential data via secure third party email, identify other employees that may be involved in these activities. Which of the following would be the best choice to implement to meet the above requirements?

A. Web content filtering capable of inspe4cting and logging SSL traffic used by third party webmail providers A. Web content filtering capable of inspe4cting and logging SSL traffic used by third party webmail providers B. Full disk encryption on all computers with centralized event logging and monitoring enabled C. Host based firewalls with real time monitoring and logging enabled D. Agent-based DLP software with correlations and logging enabled Correct Answer: D

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

A. Web of trust A. Web of trust B. Non-repudiation C. Key escrow D. Certificate revocation list Correct Answer: C

Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?

A. Whaling A. Whaling B. Impersonation C. Privilege escalation D. Spear phishing Correct Answer: A

The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail. Which of the following BEST describes this attack?

A. Whaling A. Whaling B. Vishing C. Spear phishing D. Impersonation Correct Answer: A

Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period?

A. When creating the account, set the account to not remember password history. A. When creating the account, set the account to not remember password history. B. When creating the account, set an expiration date on the account. C. When creating the account, set a password expiration date on the account. D. When creating the account, set the account to have time of day restrictions. Correct Answer: B

A security administrator must implement a system that will support and enforce the following file system access control model: FILE NAME SECURITY LABEL Employees.doc Confidential Salary.xls Confidential OfficePhones.xls Unclassified PersonalPhones.xls Restricted Which of the following should the security administrator implement?

A. White and black listing A. White and black listing B. SCADA system C. Trusted OS D. Version control Correct Answer: C

Which of the following is the MOST intrusive type of testing against a production system?

A. White box testing A. White box testing B. War dialing C. Vulnerability testing D. Penetration testing Correct Answer: D

A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement?

A. Whitelisting B. Anti-malware C. Application hardening D. Blacklisting E. Disable removable media Correct Answer: D

After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe's desktop remain encrypted when moved to external media or other network based storage?

A. Whole disk encryption A. Whole disk encryption B. Removable disk encryption C. Database record level encryption D. File level encryption Correct Answer: D

Users report that after downloading several applications, their systems' performance has noticeably decreased. Which of the following would be used to validate programs prior to installing them?

A. Whole disk encryption A. Whole disk encryption B. SSH C. Telnet D. MD5 Correct Answer: D

Which of the following is built into the hardware of most laptops but is not setup for centralized management by default?

A. Whole disk encryption A. Whole disk encryption B. TPM encryption C. USB encryption D. Individual file encryption Correct Answer: B

A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?

A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised. Correct Answer: A

Using a protocol analyzer, a security consultant was able to capture employee's credentials. Which of the following should the consultant recommend to the company, in order to mitigate the risk of employees credentials being captured in the same manner in the future?

A. Wiping of remnant data A. Wiping of remnant data B. Hashing and encryption of data in-use C. Encryption of data in-transit D. Hashing of data at-rest Correct Answer: B

A technician has been assigned a service request to investigate a potential vulnerability in the organization's extranet platform. Once the technician performs initial investigative measures, it is determined that the potential vulnerability was a false-alarm. Which of the following actions should the technician take in regards to the findings?

A. Write up the findings and disable the vulnerability rule in future vulnerability scans A. Write up the findings and disable the vulnerability rule in future vulnerability scans B. Refer the issue to the server administrator for resolution C. Mark the finding as a false-negative and close the service request D. Document the results and report the findings according to the incident response plan Correct Answer: D

Attempting to inject 50 alphanumeric key strokes including spaces into an application input field that only expects four alpha characters in considered which of the following attacks?

A. XML injection A. XML injection B. Buffer overflow C. LDAP Injection D. SQL injection Correct Answer: D

A programmer has allocated a 32 bit variable to store the results of an operation between two user supplied 4 byte operands. To which of the following types of attack is this application susceptible?

A. XML injection A. XML injection B. Command injection C. Integer overflow D. Header manipulation Correct Answer: C

Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe's browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this impersonation?

A. XML injection A. XML injection B. Directory traversal C. Header manipulation D. Session hijacking Correct Answer: D

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

A. XSRF Attacks A. XSRF Attacks B. Fuzzing C. Input Validations D. SQL Injections Correct Answer: B

A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: 10.10.3.16 10.10.3.23 212.178.24.26 217.24.94.83 These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring?

A. XSS A. XSS B. DDoS C. DoS D. Xmas Correct Answer: B

Pete, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board. INSERT INTO message `<script>source=http://evilsite</script> This is an example of which of the following?

A. XSS attack A. XSS attack B. XML injection attack C. Buffer overflow attack D. SQL injection attack Correct Answer: A

Joe a system administrator receives reports that users attempting to reach the corporate website are arriving at an unfamiliar website instead. An investigation by a forensic analyst found that the name server log has several corporate IP addresses that were changed using Joe's credentials. Which of the following is this attack called?

A. Xmas attack A. Xmas attack B. DNS poisoning C. Web server attack D. Spoofing attack Correct Answer: B

Which of the following may cause Jane, the security administrator, to seek an ACL work around?

A. Zero day exploit A. Zero day exploit B. Dumpster diving C. Virus outbreak D. Tailgating Correct Answer: A

A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?

A. Zero-day A. Zero-day B. Buffer overflow C. Cross site scripting D. Malicious add-on Correct Answer: B

A malicious individual is attempting to write too much data to an application's memory. Which of the following describes this type of attack?

A. Zero-day A. Zero-day B. SQL injection C. Buffer overflow D. XSRF Correct Answer: C

A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?

A. Zero-day A. Zero-day B. Trojan C. Virus D. Rootkit Correct Answer: C

The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which of the following has happened on the workstation?

A. Zero-day attack A. Zero-day attack B. Known malware infection C. Session hijacking D. Cookie stealing Correct Answer: A

Malware that changes its binary pattern on specific dates at specific times to avoid detection is known as a (n):

A. armored virus B. logic bomb C. polymorphic virus D. Trojan Correct Answer: C

A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:

A. attack surface. A. attack surface. B. application hardening effectiveness. C. application baseline. D. OS hardening effectiveness. Correct Answer: A

A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:

A. badge reader was improperly installed. A. badge reader was improperly installed. B. system was designed to fail open for life-safety. C. system was installed in a fail closed configuration. D. system used magnetic locks and the locks became demagnetized. Correct Answer: B

Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?

A. badlog A. badlog B. faillog C. wronglog D. killlog Correct Answer: B

The security administrator is analyzing a user's history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user's history log shows evidence that the user attempted to escape the rootjail?

A. cd ../../../../bin/bash A. cd ../../../../bin/bash B. whoami C. ls /root D. sudo -u root Correct Answer: A

An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this?

A. certificate, private key, and intermediate certificate chain A. certificate, private key, and intermediate certificate chain B. certificate, intermediate certificate chain, and root certificate C. certificate, root certificate, and certificate signing request D. certificate, public key, and certificate signing request Correct Answer: A

Which of the following firewall rules only denies DNS zone transfers?

A. deny udp any any port 53 A. deny udp any any port 53 B. deny ip any any C. deny tcp any any port 53 D. deny all dns packets Correct Answer: C

A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:

A. escalation and notification. A. escalation and notification. B. first responder. C. incident identification. D. incident mitigation. Correct Answer: A

An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:

A. it is being caused by the presence of a rogue access point. A. it is being caused by the presence of a rogue access point. B. it is the beginning of a DDoS attack. C. the IDS has been compromised. D. the internal DNS tables have been poisoned. Correct Answer: B

Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?

A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password B. line console 0 password password line vty 0 4 password P@s5W0Rd C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd D. line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd Correct Answer: C

Input validation is an important security defense because it:

A. rejects bad or malformed data. A. rejects bad or malformed data. B. enables verbose error reporting. C. protects mis-configured web servers. D. prevents denial of service attacks. Correct Answer: A

An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:

A. stateful firewall A. stateful firewall B. packet-filtering firewall C. NIPS D. NAT Correct Answer: D

The common method of breaking larger network address space into smaller networks is known as:

A. subnetting. A. subnetting. B. phishing. C. virtualization. D. packet filtering. Correct Answer: A

A website is breached, exposing the usernames and MD5 password hashes of its entire user base. Many of these passwords are later cracked using rainbow tables. Which of the following actions could have helped prevent the use of rainbow tables on the password hashes?

A. use salting when computing MD5 hashes of the user passwords A. use salting when computing MD5 hashes of the user passwords B. Use SHA as a hashing algorithm instead of MD% C. Require SSL for all user logins to secure the password hashes in transit D. Prevent users from using a dictionary word in their password Correct Answer: B


संबंधित स्टडी सेट्स

APUSH Chapter 13-17 Exam questions

View Set

Insurance exam review 9. Life Insurance

View Set

Chapter 21: Care of the Normal Newborn

View Set

International Business Final Exam

View Set

Unit 1: Sexuality -STI HPV (Human Papillomavirus)

View Set

5.4.2 Standard Deviation and Variance

View Set

Health Assessment - Chapter Nineteen

View Set

U.S. History - Chapter 15 - Reconstruction ERA

View Set

Chapter 1 and 2 practice questions

View Set