Security + Cram Quizzes and Answers
5. Which of the following is the preferred type of encryption used in SaaS platforms? A. Application level B. HSM level C. Media level D. Database level
A. In a SaaS environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data from the user all the way to storage. Answer B is incorrect because an HSM solution is mainly found in private data centers that manage and offload cryptography with dedicated hardware appliances. Answer C is incorrect because encryption of a complete virtual machine on IaaS could be considered media encryption. Answer D is incorrect because, due to the complexity involved, data should be encrypted at the application layer in cloud implementations rather than being encrypted within a database.
4. Which of the following is needed to establish effective security baselines for host systems? (Choose two correct answers.) A. Cable locks B. Mandatory settings C. Standard application suites D. Decentralized administration
B and C. To establish effective security baselines, enterprise network security management requires a measure of commonality between the systems. Mandatory settings, standard application suites, and initial setup configuration details all factor into the security stance of an enterprise network. Answer A is incorrect because cable locks have nothing to do with effective security baselines. Answer D is incorrect because decentralized management does not have anything to do with security baselines.
3. Which one of the following is a best practice to prevent code injection attacks? A. Session cookies B. Input validation C. Implementing the latest security patches D. Using unbound variables
B. Input validation is the one of the most important countermeasures to prevent code injection attacks. Answer A is incorrect because session cookies pertain to maintaining state within a visit to a website. Answer C is incorrect. Although making sure that systems are patched is a good practice, it is not specifically a best practice to prevent code injection attacks. Answer D is incorrect because proper input validation to prevent code injection would rely on bound variables.
Quiz 2 1. Which type of fire extinguisher would be best for putting out burning wires? A. Foam B. Carbon dioxide C. Sodium chloride D. Copper powder
B. The carbon-dioxide extinguisher replaces the Halon extinguisher for putting out electrical (Class C) fires. Answer A is incorrect because foam is used for Class A fires (trash, wood, and paper). Answers C and D are incorrect because both sodium chloride and copper-based dry powder extinguishers are used for Class D (combustible materials) fires.
3. If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must benrestored following a disaster on Friday? A. 1 B. 2 C. 5 D. 6
B. With a differential backup scheme, only the last full and last differential backup need to be restored, making answer C incorrect as well. Daily full backups would require only the last full backup, making answer A incorrect in this configuration. Answer D is correct in an incremental rather than a differential backup setting, where the last full and all intervening incremental backups must be restored for recovery.
6. Which standard port is used to establish a web connection using the 40-bit RC4 encryption protocol? A. 21 B. 80 C. 443 D. 8,250
C. A connection using HTTPS is made using the RC4 cipher and port 443. Answer A is incorrect because port 21 is used for FTP connections. Answer B is incorrect because port 80 is used for unsecure plain-text HTTP communications. Answer D is incorrect because port 8,250 is not designated to a particular TCP/IP protocol.
Chapter 4 Quiz 1 1. Which of the following individual items are examples of PII? (Choose all correct answers.) A. Social Security number B. Home address C. Gender D. State of residence
A and B. Examples of PII are name, address, phone number, fax number, email address, financial profiles, Social Security number, and credit card information. PII is not limited to these examples and includes any other personal information that is linked or linkable to an individual. Answers C and D are incorrect because individually they are not considered to be PII, but when combined with other information, may become PII.
3. Technology controls consist of which of the following? (Select two correct answers.) A. Type of control B. Control points C. Policy templates D. Physical barriers
A and B. Technology controls consist of the type of control and the control points. For example, encryption may be used on devices such as laptop or desktop hard drives. Answer C is incorrect because policy templates are used to enforce polices not technology controls. Answer D is incorrect because physical barriers are not technology controls.
Quiz 2 1. You want to implement non-vendor-specific strong authentication protocols for wireless communications. Which of the following would best meet your requirements? (Select two correct answers.) A. EAP B. PEAP C. LEAP D. WEP
A and B. The IEEE specifies 802.1X and EAP as the standard for secure wireless networking, and PEAP is standards based. PEAP provides mutual authentication and uses a certificate for server authentication by the client, while users have the convenience of entering password-based credentials. Answer C is incorrect because LEAP is a Cisco proprietary protocol. Answer D is incorrect because WEP is the most basic form of encryption that can be used on 802.11- based wireless networks to provide privacy of data sent between a wireless client and its access point.
4. Which of the following are steps to mitigate XSS attacks? (Choose two correct answers.) A. Set the HTTPOnly flag on the session cookie B. Always include a default value and character limitations C. Never insert untrusted data except in allowed locations D. Hardcode the authentication credentials into the application
A and C. The first rule of mitigating XSS errors is to never insert untrusted data except in allowed locations. It is also good practice to set the HTTPOnly flag on the session cookie. Answer B is incorrect because it describes input validation coding practices. Answer D is incorrect because common practices such as hardcoding credentials into an application are addressed in secure coding practices.
5. Your company is in the process of setting up a management system on your network, and you want to use SNMP. You have to allow this traffic through the router. Which UDP ports do you have to open? (Choose two correct answers.) A. 161 B. 139 C. 138 D. 162
A and D. UDP ports 161 and 162 are used by SNMP. Answer B is incorrect because UDP port 139 is used by the NetBIOS session service. Answer C is incorrect because port 138 is used to allow NetBIOS traffic for name resolution.
2. Which of the following information should be collected when collecting volatile data? (Select all correct answers.) A. System date and time B. Current network connections C. Current open ports and applications listening on those ports D. Full disk image
A, B, and C. The following volatile information should be collected: system date and time, current network connections, current open ports and applications listening on those ports, and applications currently running. Answer D is incorrect because a full disk image is not volatile data.
2. Which of the following uses a secure cryptoprocessor to authenticate hardware devices such as PC or laptop? A. Trusted Platform Module B. Full disk encryption C. File-level encryption D. Public key infrastructure
A. A TPM refers to a secure cryptoprocessor used to authenticate hardware devices such as PC or laptop. The idea behind a TPM is to allow any encryptionenabled application to take advantage of the chip. Answer B is incorrect because full-disk encryption involves encrypting the operating system partition on a computer and then booting and running with the system drive encrypted at all times. Answer C is incorrect because in file- or folder-level encryption, individual files or directories are encrypted by the file system itself. Answer D is incorrect because PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
3. An initialization vector should be which of the following? A. Unique and unpredictable B. Unique and predictable C. Repeatable and random D. Repeatable and unique
A. An IV should be unique and unpredictable. Answers B, C, and D are incorrect.
2. Which of the following could prevent unauthorized or unintentional access or escalation of privileges? A. Auditing network logons B. Auditing process tracking C. Auditing replace a process-level token D. Auditing bypass traverse checking
A. Auditing logging on or off the network could prevent unauthorized or unintentional access or escalation of privileges. Answer B is incorrect because auditing process tracking is more closely associated with auditing a developer's computer. Answers C and D are incorrect. These events are never audited, mainly because they are used by processes.
3. Which one of the following best provides an example of detective controls versus prevention controls? A. IDS/camera versus IPS/guard B. IDS/IPS versus camera/guard C. IPS/camera versus IDS/guard D. IPS versus guard
A. Both IDS and a camera are examples of detective controls, whereas IPS and a guard are examples of prevention controls. Answers B, C, and D are incorrect because they do not properly align the detective control against the prevention control.
2. Which of the following types of attacks can result from the length of variables not being properly checked in the code of a program? A. Buffer overflow B. Replay C. Spoofing D. Denial of service
A. Buffer overflows result from programming flaws that allow for too much data to be sent. When the program does not know what to do with all this data, it crashes, leaving the machine in a state of vulnerability. Answer B is incorrect because a replay attack records and replays previously sent valid messages. Answer C is incorrect because spoofing involves modifying the source address of traffic or the source of information. Answer D is incorrect because the purpose of a DoS attack is to deny the use of resources or services to legitimate users.
Chapter 5 Quiz 1 1. Which one of the following is designed to execute malicious actions when a certain event occurs or a specific time period elapses? A. Logic bomb B. Spyware C. Botnet D. DDoS
A. Logic bombs are designed to execute malicious actions when a certain event occurs or a specific time period elapses. Spyware, botnets, and DDoS are all threats but do not execute malicious code after a specific event or period.
2. Eliminating email to avoid the risk of email-borne viruses is an effective solution but not likely to be a realistic approach for which of the following? A. Risk avoidance B. Risk transference C. Risk acceptance D. Risk mitigation
A. Risk avoidance is the elimination of the vulnerability that gives rise to a particular risk so that it is avoided altogether. This is the most effective solution, but often not possible due to organizational requirements. Answer B is incorrect because risk transference is moving the risk to hosted providers who assume the responsibility for recovery and restoration or by acquiring insurance to cover the costs emerging from a risk. Answer C is incorrect because risk acceptance is recognizing a risk, identifying it, and then accepting that it is sufficiently unlikely or of such limited impact that corrective controls are not warranted. Answer D is incorrect because risk mitigation involves the reduction in likelihood or impact of a risk's exposure by putting systems and policies into place to mitigate a risk by protecting against the exploitation of vulnerabilities.
Quiz 2 1. A vulnerability assessment revealed that legacy internal heart monitors of a hospital's intensive care unit (ICU) are visibly exposed to the Internet. Which of the following should be implemented? A. Network segmentation B. Code wrappers C. Control diversity D. Manual updates
A. Sensitive internal devices should not be exposed to the Internet. There is a segmentation problem with the way the ICU devices are protected. Network segmentation is one of the most effective controls an organization can implement to mitigate the effect of a network intrusion. In sensitive systems such as SCADA networks, applying segmentation in layers, from the data link layer through the application layer, can go a long way toward protecting vital infrastructure services. Answer B is incorrect because wrappers are used in several types of implementations such as smart grids, integration of legacy systems, and reducing the risk of web-based attacks. Answer C is incorrect because control diversity refers to having multiple versions of software packages in which redundant software versions are different. Answer D is incorrect because manual updates, although inconvenient, may also be necessary when the system contains sensitive data and is segmented.
3. Which of the following is a nonproprietary protocol that provides authentication and authorization in addition to accounting of access requests against a centralized service for authorization of access requests? A. TACACS+ B. SAML C. Secure LDAP D. XTACACS
A. TACACS+, released as an open standard, is a protocol that provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests. TACACS+ is similar to RADIUS but uses TCP instead of RADIUS's UDP transport. Answer B is incorrect because SAML is an XML framework for creating and exchanging security information between online partners. Answer C is incorrect because secure LDAP is a way to make LDAP traffic confidential and secure by using SSL/TLS technology. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.
Quiz 2 1. If the organization requires a switch feature that makes additional checks in Layer 2 networks to prevent STP issues, which of the following safeguards should you implement? A. Loop protection B. Flood guard C. Implicit deny D. Port security
A. The loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with DoS attacks. Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logins explicitly granted access. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.
6. Which of the following are steps that can be taken to harden NoSQL databases? (Choose two correct answers.) A. Binding the interface to multiple IP addresses B. Encrypting data in the application prior to database writes C. Changing the default database ports D. Setting the default encryption to SSL
B and C. Best practices for protecting NoSQL databases include changing the default ports, binding the interface to only one IP, and encrypting data in the application prior to writing it to the database. Answer A is incorrect because it is recommended to bind the interface to only one IP address, not to multiple IP addresses. Answer D is incorrect because encryption is not built in to NoSQL databases. Confidentiality and integrity have to be provided entirely by the application accessing the data.
3. Which of the following are steps an organization can take to be sure compliance and performance standards are met in third-party or partner agreements? (Select two correct answers.) A. Implement an acceptable use policy B. Take appropriate action if the relationship presents elevated risk C. Review third-party arrangements and performance annually D. Sign a data ownership agreement
B and C. Some additional steps an organization can take to ensure compliance and performance standards are met include approving and reviewing third-party arrangements and performance annually, maintaining an updated list of all thirdparty relationships and reviewing the list periodically, taking appropriate action with any relationship that presents elevated risk, and reviewing all contracts for compliance with expectations and obligations. Answer A is incorrect because an acceptable use policy is geared toward terms a user must agree to follow in order to be provided with access service. Answer D is incorrect because a data ownership agreement is an agreement offered by some cloud service providers that specifically identifies the data owner and outlines ownership of relevant data.
5. Which of the following is needed to implement an effective BYOD program? (Choose two correct answers.) A. Key management B. Legal considerations C. Infrastructure considerations D. Storage limitations
B and C. To establish an effective BYOD program, all legal concerns should be addressed prior to program implementation. Implementing a BYOD program requires planning and understanding of the access methods and device management options for the devices. Answer A is incorrect because key management is intended to provide a single point of management for keys and to enable users to manage the life cycle of keys and to store them securely, while also making key distribution easier. Answer D is incorrect because storage limitations are not a primary consideration in BYOD.
5. Which of the following procedures should be used to properly protect a host from malware? (Choose two correct answers.) A. Web tracking software B. Antivirus software C. Content filtering software D. Pop-up blocking software
B and D. All host devices must have some type of malware protection. A necessary software program for protecting the user environment is antivirus software. Antivirus software is used to scan for malicious code in email and downloaded files. Anti-spam and anti-spyware software can add another layer of defense to the infrastructure. Pop-up blocking software programs are available through browsers. Answer A is incorrect because web tracking software merely tracks the sites a person visited. Answer C is incorrect because content filtering is done at the server level to keep host machines from accessing certain content.
2. Which of the following parties are typically notified first when a confirmed incident has occurred? (Select two correct answers.) A. Press B. CISO C. End users D. Legal
B and D. The exact reporting requirements vary among organizations, but parties that are typically notified include the CIO, CISO, other internal incident response team members, human resources, public affairs, legal department, and law enforcement when necessary. Answer A is incorrect because the press is not normally notified when an incident occurs. Answer C is incorrect because the users are not normally notified initially when an incident occurs.
3. Which of the following are uses for proxy servers? (Choose all correct answers.) A. Intrusion detection B. Internet connectivity C. Load balancing D. Web content caching
B, C, and D. You can place proxy servers between the private network and the Internet for Internet connectivity or internally for web content caching. If the organization is using the proxy server for both Internet connectivity and web content caching, you should place the proxy server between the internal network and the Internet, with access for users who are requesting the web content. In some proxy server designs, the proxy server is placed in parallel with IP routers. This allows for network load balancing by forwarding of all HTTP and FTP traffic through the proxy server and all other IP traffic through the router. Answer A is incorrect because proxy servers are not used for intrusion detection.
3. Which of the following federal laws address privacy, data protection, and breach notification? (Select all correct answers.) A. Sarbanes-Oxley Act B. HIPAA C. Gramm-Leach-Bliley Act D. Children's Online Privacy Protection Act
B, C, and D. Federal laws addressing privacy, data protection, and breach notification include HIPAA and HITECH, Gramm-Leach-Bliley Act, Fair Credit Reporting Act, and Children's Online Privacy Protection Act. Answer A is incorrect because the Sarbanes-Oxley Act covers responsibilities of a public corporation's board of directors and adds criminal penalties for certain misconduct.
2. You have recently had some security breaches in the network. You suspect the cause might be a small group of employees. You want to implement a solution that monitors the internal network activity and incoming external traffic. Which of the following devices would you use? (Choose two correct answers.) A. A router B. A network-based IDS C. A firewall D. A host-based IDS
B, D. Because you want to monitor both types of traffic, the IDSs should be used together. Network-based IDSs monitor the packet flow and try to locate packets that are not allowed for one reason or another and might have gotten through the firewall. Host-based IDSs monitor communications on a host-byhost basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity. Answer A is incorrect because a router forwards information to its destination on the network or the Internet. A firewall protects computers and networks from undesired access by the outside world; therefore, Answer C is incorrect.
Chapter 1 Quiz 1 You want to implement a solution that offers a single point of policy control and management for web-based content access. Which of the following devices would best fit this requirement? A. Proxy gateway B. Web security gateway C. Application-level gateway D. URL filtering
B. A web security gateway offers a single point of policy control and management for web-based content access. Answer A is too generic to be a proper answer. Answer C is incorrect because, although an application-level gateway understands services and protocols, the requirement is specifically for webbased content. Answer D is incorrect because content filtering reports only on violations identified in the specified applications listed for the filtering application.
Quiz 5 1. Which of the following is a communications mechanism defined in incident response preparation? A. Blank removable media B. War room C. Documentation for OSs D. Images of clean OS and application installations
B. Communication mechanisms include a war room (for central communication and coordination) and a secure storage facility for evidence and other sensitive materials. Answer A is incorrect because blank removable media is part of incident analysis hardware and software. Answer C is incorrect because documentation for operating systems is part of incident analysis resources. Answer D is incorrect because incident mitigation software includes access to images of clean OS and application installations.
Chapter 9 Quiz 1 1. Your organization is exploring data-loss prevention solutions. The proposed solution is an endpoint solution. This solution is targeting which of the following data states? A. In-motion B. In-use C. At-rest D. At-flux
B. Protection of data in-use is considered to be an endpoint solution, and the application is run on end-user workstations or servers in the organization. Answer A is incorrect because protection of data in-motion is considered to be a network solution, and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer C is incorrect because protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer D is incorrect because there is no such data state.
2. An organization that relies heavily on cloud and SaaS service providers, such as Salesforce.com, WebEx, and Google, would have security concerns about which of the following? A. TACACS+ B. SAML C. Secure LDAP D. XTACACS
B. SAML is an XML framework for creating and exchanging security information between online partners. The weakness in the SAML identity chain is the integrity of users. To mitigate risk, SAML systems need to use timed sessions, HTTPS, and SSL/TLS. Answer A is incorrect because the TACACS+ protocol provides authentication and authorization in addition to accounting of access requests against a centralized service for authorization of access requests. Answer C is incorrect because secure LDAP is a way to make LDAP traffic confidential and secure by using SSL/TLS technology. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.
You are setting up a web server that needs to be accessed by both the employees and external customers. What type of architecture should you implement? A. VLAN B. DMZ C. NAT D. VPN
B. A DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer A is incorrect. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer C is incorrect because NAT acts as a liaison between an internal network and the Internet. Answer D is incorrect because a VPN is a network connection that allows you access via a secure tunnel created through an Internet connection.
3. You are troubleshooting connectivity issues on the network. Which of the following would be most helpful in determining where the connectivity issues lie? A. SNMP B. ICMP C. SSL D. IPsec
B. Traceroute uses an ICMP echo request packet to find the path between two addresses. Answer A is incorrect because SNMP is an application layer protocol whose purpose is to collect statistics from TCP/IP devices. SNMP is used for monitoring the health of network equipment, computer equipment, and devices such as uninterruptible power supplies (UPS). Answer C is incorrect because SSL is a public key-based security protocol that is used by Internet services and clients for authentication, message integrity, and confidentiality. Answer D is incorrect because IPsec authentication and encapsulation standard is widely used to establish secure VPN communications.
2. Which of the following requires that users remove sensitive and confidential materials from workspaces and items that are not in use are locked when employees leave their workstation? A. Data handling policy B. Clean desk policy C. Tailgating training D. Phishing attack training
B. A clean desk policy requires that users remove sensitive and confidential materials from workspaces and items that are not in use are locked when an employees leave their workstation. Answer A is incorrect because a data handling policy should address legal or regulatory requirements for accessing, transporting, storing, or disposing of data and data storage devices. Answer C is incorrect because tailgating involves following an authorized individual in closely avoiding having to provide personal authorization credentials. Answer D is incorrect because phishing attacks training teaches users to avoid the natural response of opening everything that seems to be coming from their family members, boss, or co-workers.
Quiz 4 1. What is the term given to a rogue access point in which they serve as a man in the middle from which further attacks can be carried out? A. War driving B. Evil twin C. War twinning D. Twin driving
B. An evil twin is a rogue access point used for malicious purposes, in which the attacker is acting as a man in the middle. War driving refers to the act of traveling around looking for unsecured wireless devices, and so answer A is incorrect. Answers C and D are both incorrect.
2. Which of the principles of security is supported by hashing? A. Confidentiality B. Integrity C. Availability D. Safety
B. Commonly used methods to protect data integrity include hashing the data you receive and comparing it with the hash of the original message. Answer A is incorrect because confidentiality involves protecting against unauthorized access. Availability is concerned with ensuring that access to services and data is protected against disruption, making answer C incorrect. Answer D is incorrect because safety addresses physical security risks.
2. An application that is used on a regular basis has vulnerability in the current version that will not be fixed until the next software update, 6 months from now. Which of the following implementations would mitigate this vulnerability? A. Firmware version control B. Control diversity C. Manual updates D. Control redundancy
B. Control diversity refers to having multiple versions of software packages in which redundant software versions are different. With diverse versions, one hopes that any faults each particular version contains will be sufficiently covered by maintaining multiple versions. Rolling back to an earlier version that does not contain the vulnerability of the current version may be the best option. Answer A is incorrect because firmware version control is important in systems like gaming consoles because many vulnerabilities cannot be fixed via firmware updates, leaving a system vulnerable until a new console is released. Answer C is incorrect because manual updates, although inconvenient, may also be necessary when the system contains sensitive data and is segmented. Answer D is incorrect because control redundancy is replication of a component in identical copies to compensate for random hardware failures.
Chapter 7 Quiz 1 1. Which of the following is a process by which semi-random data is injected into a program or protocol stack for detecting bugs? A. Cross-site scripting B. Fuzzing C. Input validation D. Cross-site request forgery
B. Fuzzing is a process by which semi-random data is injected into a program or protocol stack for detecting bugs. The idea behind fuzzing is based on the assumption that there are bugs within every program. Answer A is incorrect because XSS vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer C is incorrect because input validation tests whether an application properly handles input from a source outside the application destined for internal processing. Answer D, XSRF, is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated.
2. Which of the following is included in hardening a host operating system? A. A policy for antivirus updates B. An effective system for file-level security C. An efficient method to connect to remote sites D. A policy for remote wipe
B. Hardening of the operating system includes planning against both accidental data deletions and directed attacks, such as the use of fault-tolerant hardware and software solutions. In addition, it is important to implement an effective system for file-level security, including encrypted file support and secured file system selection that allows the proper level of access control. Answer A is incorrect because it is a host protection measure, not an OS hardening measure. Answer C is incorrect because this is a secure communication measure. Answer D is incorrect because this is a feature associated with data security, not with host hardening.
3. Which of the following policies addresses access rights for user accounts mandating that only the minimum permissions necessary to perform work are assigned to a user? A. Acceptable use B. Least privilege C. Job rotation D. Privacy policy
B. Least privilege addresses access rights for user accounts mandating that only the minimum permissions necessary to perform work should be assigned to a user. Answer A is incorrect because an organization's acceptable use policy provides details that specify what users may do with their network access. Answer C is incorrect because job rotation requires rotating administrative users between roles to improve awareness of the mandates of each role while also ensuring that fraudulent activity cannot be sustained. Answer D is incorrect because privacy policy describes federal and state legislation requiring owners of commercial websites or online services to post how they collect and protect personal data.
2. Which of the following is the initial phase of allowing new partners to access a portion of your infrastructure? A. Off-boarding B. On-boarding C. Signing a data sharing agreement D. Signing a business associate agreement
B. On-boarding is the initial phase of allowing new partners to access a portion of your infrastructure. Answer A is incorrect because off-boarding is the process used when a collaborative project ends or a merger is complete. Answer C is incorrect because a data sharing agreement is a formal contract that clearly documents the data being shared and how the data can be used, specifically addressing data confidentiality. Answer D is incorrect because a business associate agreement is a contract signed between a HIPAA-covered entity and a HIPAA business associate and protects PHI in accordance with HIPAA guidelines.
Chapter 6 Quiz 1 1. To harden a system, which one of the following is a critical step? A. Isolate the system in a below-freezing environment B. Disable all unnecessary ports and services C. Disable the WWW service D. Isolate the system physically from other critical systems
B. One of the most critical steps with regard to system hardening includes disabling unnecessary ports and services. Answer A is incorrect because keeping systems in below-freezing environments is not considered an approach to system hardening, nor is it even good for the systems. Answer C is incorrect because although the web service might be an unnecessary port, it is not considered unnecessary if the system is a web server. Answer D is also incorrect because doing such is not a generally accepted critical step for system hardening.
Quiz 3 1. Which of the following is an effective way to get information in crowded places such as airports, conventions, or supermarkets? A. Vishing B. Shoulder surfing C. Reverse social engineering D. Phishing
B. Shoulder surfing uses direct-observation techniques. It gets its name from looking over someone's shoulder to get information. Answer A is incorrect because vishing uses a phone to obtain information. Answer C is incorrect because reverse social engineering involves an attacker convincing the user that she is a legitimate IT authority, causing the user to solicit her assistance. Answer D is incorrect because phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity via an electronic communication, usually an email.
3. The ASHRAE recommends humidity levels in which range? A. 25% to 40% B. 40% to 55% C. 55% to 70% D. 70% to 85%
B. The Air-Conditioning Engineers (ASHRAE) recommendation for optimal humidity levels between 40% and 55% to minimize electrostatic discharge and condensation. Answer A is incorrect because it specifies a range too low that would be dangerous for static discharge, whereas answers C and D are incorrect because they represent too high a humidity level that would be susceptible to the buildup of condensation on cool components and boards.
4. Which of the following standards is used in HSMs? A. PKCS #7 B. PKCS #11 C. AES D. EFS
B. The PKCS #11 standard provides for access to public and private asymmetric keys, symmetric keys, X.509 certificates, and application data. PKCS #11 is the de facto standard for platform applications, although some newer HSMs include more advanced authentication and authorization models. Answer A is incorrect because PKCS #7, Cryptographic Message Syntax Standard, describes the syntax for data streams, such as digital signatures, that may have cryptography applied to them. Answer C is incorrect because AES is most commonly found on USB drive encryption. Answer D is incorrect because EFS is the Encrypting File System available in newer Microsoft operating systems.
3. Which of the following provides a clear record of the path evidence takes from acquisition to disposal? A. Video capture B. Chain of custody C. Hashes D. Witness statements
B. The chain of custody provides a clear record of the path evidence takes from acquisition to disposal. Answer A is incorrect because videotaping the actual entrance of a forensics team into the area helps refute claims that evidence was planted at the scene. Answer C is incorrect because hashes allow validation that the forensic analysis itself has not produced unexpected modifications of evidentiary data. Answer D is incorrect because witnesses provide statements about what they saw, when, where, and how.
2. Which of the following is included in a BYOD policy? A. Key management B. Data ownership C. Credential management D. Transitive trusts
B. When formulating a BYOD policy, the organization should clearly state who owns the data stored on the device, specifically addressing what data belongs to the organization. Answer A is incorrect because key management is intended to provide a single point of management for keys and to enable users to manage the life cycle of keys and to store them securely, while also making key distribution easier. Answer C is incorrect because the use of credentials is to validate the identities of users, applications, and devices. Answer D is incorrect because transitive trusts enable decentralized authentication through trusted agents.
3. Which one of the following is not a type of phishing attack? A. Spear phishing B. Wishing C. Whaling D. Smishing
B. Wishing is not a type of phishing attack. Answers A, C, and D are incorrect because these all do describe a type of phishing attack. Spear phishing is targeted. Whaling is spear phishing that specifically targets high-profile personnel. Smishing is SMS-based phishing.
5. Which of the following are steps that can be taken to harden DNS services? (Choose two correct answers.) A. Anonymous access to share files of questionable or undesirable content should be limited. B. Regular review of networks for unauthorized or rogue servers. C. Technologies that allow dynamic updates must also include access control and authentication. D. Unauthorized zone transfers should also be restricted.
C and D. Planning to harden DNS server solutions should include redundant hardware and software solutions and regular backups to protect against loss of name registrations. Technologies that allow dynamic updates must also include access control and authentication to ensure that registrations are valid. Unauthorized zone transfers should also be restricted to prevent DNS poisoning attacks. Answer A is incorrect because it is a hardening practice for FTP services. Answer B is incorrect because it is a hardening practice for DHCP services.
3. Which one of the following is not true of port scanners? A. They are useful for nefarious purposes. B. They can be standalone or part of a vulnerability assessment solution. C. They allow interaction with the attacker to enable logging. D. They can provide operating system information.
C. A system that allows interaction with an attacker to enable logging describes a function of a honeypot. Answers A, B, and D are incorrect in that each of these describes functions of a port scanner.
2. Which one of the following is not an example of a denial-of-service attack? A. Fraggle B. Smurf C. Gargomel D. Teardrop
C. A Gargomel attack, although cool sounding, does not actually exist. Fraggle, Smurf, and Teardrop are names of specific denial-of-service attacks; therefore, answers A, B, and D are incorrect.
Quiz 2 1. Which of the following methods would be the most effective method to physically secure computers that are used in a lab environment that is not frequently used? A. Security cables B. Server cages C. Locked cabinet D. Hardware dongles
C. A locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular daily basis. Vendors provide solutions such as a security cabinet locker that secures CPU towers. The housing is made of durable, heavy-duty steel for strength. Answer A is incorrect because security cables with combination locks can provide such security and are easy to use but are used mostly to secure laptops and leave the equipment exposed. Answer B is incorrect because secure computer towers and server cages are designed to bolt to the floor and are meant to be used in an environment that is static. Answer D is incorrect because a hardware dongle, also known as a software copy protection dongle, is used for license enforcement.
3. Which of the following is a reason to conduct a penetration test? A. To passively test security controls B. To identify the vulnerabilities C. To test the adequacy of security measures put in place D. To steal data for malicious purposes
C. A penetration test helps quantify the adequacy of security measures put in place and to create understanding of the effect that a threat might have against the environment. Answers A and B are incorrect because these describe the purpose of a vulnerability scan. Answer D is incorrect. A penetration test is a "friendly" attack to help safeguard an organization from a real attack. A penetration test, even one that is successful in deeply penetrating an organization, should never maliciously harm critical assets and intellectual property.
Quiz 4 1. Which of the principles of security is supported by redundancy? A. Confidentiality B. Integrity C. Availability D. Sanitization
C. Availability is concerned with ensuring that access to services and data is protected against disruption including disasters and other events that could require redundancy. Answer A is incorrect because confidentiality involves protecting against unauthorized access. Integrity is concerned with preventing unauthorized modification, making answer B incorrect. Answer D is incorrect because sanitization involves the destruction or overwriting of data to protect confidentiality.
Quiz 4 1. In which of the following type of analysis might an examiner have difficulty proving that the evidence is original? A. Disk to image file B. Disk to disk image C. Big data D. Log files
C. Because big data is unstructured and in diverse environments, the examiner may have difficulty proving that the evidence is original because there is neither a validating hash nor a forensic image of the device. Answer A is incorrect because disk to image files are hashed to prove originality. Answer B is incorrect because disk to disk images are hashed to prove originality. Answer D is incorrect because in cases where logs may be needed as court evidence, organizations can collect copies of the original log files, the centralized log files, and interpreted log data.
2. Reviews of architecture, design, and code, as well as baseline reporting and understanding attack surface, are all considered which one of the following? A. Control procedure techniques to protect against insider threats B. Countermeasures designed to eliminate risk C. Techniques for assessing threats and vulnerabilities D. Design procedures for creating sustainable and usable applications
C. Each of these is considered an assessment technique, part of an overall risk management program designed to assess threats and vulnerabilities to ensure that systems are designed securely within the goals of an organization. Answers A, B, and D specifically relate to techniques for assessing threats and vulnerabilities.
Chapter 2 Quiz 1 1. Which of the following is the correct address size for IPv6 addresses? A. 32 bit B. 64 bit C. 128 bit D. 256 bit
C. IPv6 increases the address size from IPv4 32 bits to 128 bits. Answers A, B, and D are incorrect because IPv6 addresses sizes are 128 bit.
2. An organization would limit resource availability to only specific traffic through the use of which of the following access control practices? A. Loop protection B. Flood guard C. Implicit deny D. Port security
C. Implicit deny is an access control practice wherein resource availability is restricted to only those logins explicitly granted access. Answer A is incorrect because the loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with DoS attacks. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.
Chapter 8 Quiz 1 1. Which of the follow methods would be the most effective method to automate management of mobile devices, such as tracking inventory, changing configurations, updating, and enforcing policies? A. Mobile application management B. Onboarding C. Mobile device management D. Device access controls
C. MDM allows the enrollment of enterprise devices for management functions such as provisioning devices, tracking inventory, changing configurations, updating, managing applications, and enforcing policies. Answer A is incorrect because mobile application management focuses on application management. Answer B is incorrect because onboarding is a term describing the process of registering an asset and provisioning the asset so that it can be used to access the corporate network. Answer D is incorrect because device access controls are used to control network access, not to manage devices.
4. An organization is looking for a mobile solution that will allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Which of the following fulfills this requirement? A. GPS tracking B. Remote wipe C. Voice encryption D. Passcode policy
C. Mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer A is incorrect because if a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because remote wipe allows the handheld's data to be remotely deleted if the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.
2. Which of the following best describes packet sniffing? A. Packet sniffing allows an attacker to capture and decrypt data into readable text. B. Packet sniffing allows an attacker to smell which network components are transmitting sensitive data. C. Packet sniffing allows an attacker to capture and decode data from its raw form into readable text. D. Packet sniffing allows an attacker to encode and transmit packets to disrupt network services.
C. Packet sniffing is best described as the process of capturing and decoding data from its raw form into readable text. Answer A is incorrect. Encryption protects against revealing information through packet sniffing. Answers B and D are also incorrect.
2. Which type of fault-tolerant RAID configuration provides the lowest disk usage fraction? A. RAID 0 B. RAID 3 C. RAID 1 D. RAID 5
C. RAID 1 (mirroring/duplexing) provides the lowest fraction of total storage for use because every byte of data is written to two devices equally. Answer A is incorrect because RAID 0 does not offer fault protection and spans multiple drives with up to 100% disk usage. RAID 3 and RAID 5 are both incorrect because they both have fault tolerance but have a higher disk use fraction through the use of a parity bit (fixed in RAID 3, distributed in RAID 5) allowing recovery from the loss of a single drive across an array of three or more drives.
Chapter 3 Quiz 1 1. Which of the following designates the amount of data loss that is sustainable and up to what point in time data recovery could happen before business is disrupted? A. RTO B. MTBF C. RPO D. MTTF
C. RPO is the amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds business continuity planning's maximum allowable threshold. Simply put, RPO specifies the allowable data loss. It determines up to what point in time data recovery could happen before business is disrupted. Answer A is incorrect because RTO is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. Answer B is incorrect because MTBF is the average amount of time that passes between hardware component failures, excluding time spent waiting for or being repaired. Answer D is incorrect because MTTF is the length of time a device or product is expected to last in operation.
Chapter 10 Quiz 1 1. Which of the following would be implemented for secure communications if the organization is using an application that authenticates with Active Directory Domain Services (AD DS) through simple BIND? A. TACACS+ B. SAML C. Secure LDAP D. XTACACS
C. Reasons for enabling LDAP over SSL/TLS, also known as LDAPS, include protection of the authentication session when an application authenticates with AD DS through simple BIND. Answer A is incorrect because the TACACS+ protocol provides authentication and authorization in addition to accounting of access requests against a centralized service for authorization of access requests. Answer B is incorrect because SAML is an XML framework for creating and exchanging security information between online partners. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.
2. At your place of employment, you are rushing to the door with your arms full of bags. As you approach, the woman before you scans her badge to gain entrance while holding the door for you, but not without asking to see your badge. What did she just prevent? A. Phishing B. Whaling C. Tailgating D. Door diving
C. Tailgating involves following closely behind someone with authorized physical access in order to gain access to the environment. Answers A and B are incorrect because these describe methods of acquiring sensitive information by masquerading as a trustworthy source. Answer D is also incorrect.
2. Which type of "something you have" factor is employed by U.S. federal governmental employees and contractors under HSPD 12? A. Smart card B. CAC C. PIV D. SecurID
C. The PIV card is used by U.S. federal employees and contractors under HSPD 12. Answer A is incorrect because A, B, and C are all smart card variations, but only C is specifically used for federal employees and contractors under HSPD 12. Answer B is incorrect because the CAC is used by U.S. military, military reserve, and military contractors. Answer D is incorrect because the RSA SecurID is an example of a time-shifting key token.
2. You are setting up a switched network and want to group users by department. Which technology would you implement? A. DMZ B. VPN C. VLAN D. NAT
C. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer A is incorrect because a DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer B is incorrect because a VPN is a network connection that allows you access via a secure tunnel created through an Internet connection. Answer D is incorrect because NAT acts as a liaison between an internal network and the Internet.
Quiz 3 1. Which recovery site has only power, telecommunications, and networking active all the time? A. Hot site B. Cold site C. Warm site D. Shielded site
C. The warm site has basics such as power, networking, and telecommunications active all the time. Although alternative computers may be present, they will not be loaded and operations as in a hot site, making Answer A incorrect. Answer B is incorrect because a cold site generally only includes power and physical space when not in use. Answer D is incorrect because any of the recovery site types might or might not be shielded against electromagnetic interference.
4. You want to be sure that the NetBIOS ports that are required for certain Windows network functions have been secured. Which of the following ports would you check? A. 25/110/143 B. 161/162 C. 137/138/139 D. 20/21
C. There are NetBIOS ports that are required for certain Windows network functions, such as file sharing, which are 137, 138, and 139. Answer A is incorrect because these ports are used for email. Answer B is incorrect because these ports are used for SNMP. Answer D is incorrect because these ports are used for FTP.
2. Which one of the following passwords is the most complex? A. @nn1e B. Encryption1 C. 8!m1cT85 D. M!X@199
C. This password is at least eight characters and contains a combination of mix-cased characters, numbers, and symbols. Answer B is incorrect because it does not contain a special character, despite being over eight characters long. In addition, it includes a word found in a dictionary. Answers A and D are also incorrect. These do not contain eight characters or use mix-cased letters.
Quiz 5 1. Spyware is most likely to use which one of the following types of cookies? A. Session B. Transport C. Tracking D. Poisonous
C. Whereas cookies generally provide benefits to the end users, spyware would be most likely to use a tracking cookie. A tracking cookie is a particular type of permanent cookie that stays around, whereas a session cookie stays around only for the particular visit to a website. Therefore, answer A is incorrect. Answers B and D are not types of cookies and are incorrect.
2. You are conducting a penetration test on a software application for a client. The client provides you with details around some of the source code and development process. What type of test will you likely be conducting? A. Black box B. Vulnerability C. White box D. Answers A and C
C. White box testing is more transparent. Because you are provided with source code, you have more knowledge about the system before beginning your penetration testing. Answer A is incorrect because black box testing assumes no prior knowledge, and answer B is incorrect because this refers to a weakness; therefore, answer D is also incorrect.
3. You are implementing network access to a new business partner that will work with the development team on a new product. Which of the following would best mitigate risk associated with allowing this new partner access to the network? A. Log analysis B. ACLs C. Network segmentation D. VPN implementation
C. With interconnected networks, the potential for damage greatly increases because one compromised system on one network can easily spread to other networks. Networks that are shared by partners, vendors, or departments should have clear separation boundaries. Answer A is incorrect because logging is the process of collecting data to be used for monitoring and auditing purposes. Answer B is incorrect because access control generally refers to the process of making resources available to accounts that should have access, while limiting that access to only what is required. Answer D is incorrect because implementing a VPN does not separate the networks.
2. Joe tricks Jane into submitting a request via link in an HTML email. Jane is authenticated with the application when she clicks the link. As a result, money is transferred to Joe's account. Which of the following attacks has occurred? A. Buffer overflow B. Cross-site scripting C. Cross-site request forgery D. Input validation error
C. XSRF is an attack in which the end user executes unwanted actions on a web application while she is currently authenticated. Answer A is incorrect because a buffer overflow is the direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect because XSS vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer D is incorrect because input validation errors are a result of improper field checking in the code.
4. The organization is interested in using a vendor SaaS application but is concerned about the lack of cloud security. What type of cloud architecture would be the most appropriate? A. Public B. Private C. Hybrid D. Community
C. A hybrid cloud environment is the best choice when an organization offers services that need to be configured for diverse vertical markets or wants to use a SaaS application but is concerned about security. Answer A is incorrect because using a public cloud increases the concern about security. Answer B is incorrect because a private cloud would not allow the public vendor SaaS implementation. Answer D is incorrect because a community cloud provides collaborative business processes in a cloud environment.
3. Which of the following technologies would be used by a hotel for guest acceptance of an acceptable use policy? A. Site survey B. MAC filtering C. VPN over wireless D. Captive portal
D. A captive portal web page can be used to require authentication, require payment for usage, or display some type of policy or agreement. Answer A is incorrect because a site survey is used to optimize network layout within each unique wireless location. Answer B is incorrect because MAC filtering is a security access control method whereby the MAC address is used to determine access to the network. Answer C is incorrect because the use of a VPN over public Wi-Fi hotspots can increase privacy and provide data protection, but is not used to force acceptance of an acceptable use policy.
3. Which of the following is most likely to use firmware version control as an alternate security method? A. SCADA systems B. Mainframes C. Android D. Gaming consoles
D. Most gaming consoles only run signed code, encrypt memory, and use firmware updates to patch vulnerabilities. Answer A is incorrect because SCADA systems would most likely use network segmentation. Answer B is incorrect because mainframes would most likely use security layers. Answer C is incorrect because Android would most likely use security layers.
Quiz 2 1. You're the security administrator for a bank. The users are complaining about the network being slow. It is not a particularly busy time of the day, however. You capture network packets and discover that hundreds of ICMP packets have been sent to the host. What type of attack is likely being executed against your network? A. Spoofing B. Man-in-the-middle C. Password attack D. Denial-of-service
D. A ping flood is a DoS attack that attempts to block service or reduce activity on a host by sending ping requests directly to the victim using ICMP. Spoofing involves modifying the source address of traffic or source of information. A man-in-the-middle attack is commonly used to gather information in transit between two hosts. A password attack attempts to gain unauthorized access by going after the authentication control for an account. Answers A, B, and C are incorrect.
2. What is the plenum? A. A mesh enclosure designed to block EMI B. A mechanism for controlling condensation C. A type of dry-pipe fire control system D. A mechanism for thermal management
D. A plenum is the space below a raised floor or above a drop ceiling that can be used in hot-aisle/cold-aisle server rooms to efficiently manage thermal dissipation. Answer A is incorrect because a grounded mesh enclosure for EMI shielding is called a Faraday cage. Answer B is incorrect because management of condensation is handled as part of the HVAC function as air is cooled. Answer C is incorrect because a dry-pipe system is a fire extinguishing system that uses pressurized air as a triggering mechanism for water.
Quiz 3 1. After conducting a vulnerability assessment, which of the following is the best action to perform? A. Disable all vulnerable systems until mitigating controls can be implemented B. Contact the network team to shut down all identified open ports C. Immediately conduct a penetration test against identified vulnerabilities D. Organize and document the results based on severity
D. After an assessment, the results should be organized based on the severity of the risk to the organization. Answer A is incorrect. Although in rare situations this might be appropriate on a case-by-case basis, this would otherwise be considered extreme. Answer B is incorrect. Many ports are required to be opened for a network to function. Answer C is incorrect. Although a penetration test might and often does follow a vulnerability scan, it is not necessary to do this immediately and certainly not against all identified vulnerabilities.
Quiz 2 1. An organization is partnering with another organization that requires shared systems. Which of the following documents would outline how the shared systems interface? A. SLA B. BPA C. MOU D. ISA
D. An ISA is an agreement between organizations that have connected IT systems. Answer A is incorrect because an SLA is contract between a service provider and a customer that specifies the nature of the service to be provided and the level of service that the provider will offer to the customer. Answer B is incorrect because a BPA is a contract that establishes partner profit percentages, partner responsibilities, and exit strategies for partners. Answer C is incorrect because an MOU is a document that outlines the terms and details of an agreement between parties, including of each party's requirements and responsibilities.
3. An organization is looking to add a layer of security and maintain strict control over the apps employees are approved to use. Which of the following fulfills this requirement? A. Black listing B. Encryption C. Lockout D. White listing
D. Application white listing permits only known good apps. When security is a concern, white listing applications is a better option because it allows organizations to maintain strict control over the apps employees are approved to use. Answer A is incorrect because although black listing is an option, it is not as effective as white listing. Answer B is incorrect because encryption has nothing to do with restricting application usage. Answer C is incorrect because lockout has to do with number of times a user can enter a passcode.
2. Which of the following technologies would be selected when looking to reduce a vulnerability to replay attacks by using 128-bit keys with a 48-bit initialization vector (IV)? A. EAP B. PEAP C. LEAP D. WEP
D. CCMP uses 128-bit keys with a 48-bit IV that reduces vulnerability to replay attacks. Answer A is incorrect because ICMP is a network troubleshooting protocol. Answer B is incorrect because WEP is the most basic form of encryption that can be used on 802.11-based wireless networks. Answer C is incorrect because WPA protects networks by incorporating a set of enhanced security features. WPA-protected networks require users to enter a passkey in order to access a wireless network.
Quiz 3 1. Which of the following would be used to detect and prevent unauthorized transmission of confidential information? A. Change management B. Incident management C. Auditing D. Data-loss prevention
D. DLP is a way of detecting and preventing confidential data from being exfiltrated physically or logically from an organization by accident or on purpose. DLP systems are basically designed to detect and prevent unauthorized use and transmission of confidential information based on one of the three states of data. Answer A is incorrect because change management provides specific details when system changes are made, such as the files being replaced, the configuration being changed, and the machines or operating systems affected. Answer B is incorrect because incident management includes preparation, roles, rules, and procedures for incident response and how to maintain business continuity while defending against further attacks. Answer C is incorrect because auditing is used to detect unauthorized or unintentional access or escalation of privileges.
3. Which of the following are used to ensure employees are kept as safe possible during potentially disastrous events? A. Lighting B. Fencing C. Control testing D. Drill scenarios
D. Drill scenarios are used to ensure employees are kept as safe possible during potentially disastrous scenarios. Answer A is incorrect a fence keeps out unwanted vehicles and people. Answer B incorrect because proper lighting ensures that the safety and security of both people and property is not compromised. Answer C is incorrect because security control testing is used for program effectiveness and measuring program goals against standards.
Quiz 3 1. You are the administrator of a small organization with 50 users. Which IPv4 internal address range should you use on the network? A. 10.x.x.x B. 172.16.x.x C. 172.31.x.x D. 192.168.x.x
D. In a Class C network, valid host IDs are from 192.168.0.1 to 192.168.255.254,allowing for a maximum of 254 hosts on the network. Answer A is incorrect because it is a Class A address. Valid host IDs are from 10.0.0.1 to 10.255.255.254, which allows a much higher number of IP addresses than are possibly needed. Answers B and C are incorrect because they are both Class B addresses; valid host IDs are from 172.16.0.1 through 172.31.255.254, which allows a much higher number of IP addresses than are possibly needed.
3. Users received a spam email from an unknown source and chose the option in the email to unsubscribe and are now getting more spam as a result. Which one of the following is most likely the reason? A. The unsubscribe option does not actually do anything. B. The unsubscribe request was never received. C. Spam filters were automatically turned off when making the selection to unsubscribe. D. They confirmed that they are a "live" email address.
D. Often, an option to opt out of further email does not unsubscribe users, but rather means "send me more spam" because it has been confirmed that the email address is not dormant. This is less likely to occur with email a user receives that he or she opted into in the first place, however. Answers A, B, and C are incorrect because these are less likely and not the best choices.
3. Which of the following is one of the biggest challenges associated with database encryption? A. Weak authentication components B. Platform support C. Multitenancy D. Key management
D. One of the biggest challenges associated with database encryption is key management. Answer A is incorrect because lack of management software and weak authentication components are associated with hardware hard drive encryption. Answer B is incorrect because cost and platform support are concerns with smartphone encryption products. Answer C is incorrect because multitenancy is a security issue related to cloud computing implementations.
2. Which one of the following best describes a polymorphic virus? A. A virus that infects EXE files B. A virus that attacks the boot sector and then attacks the system files C. A virus inserted into a Microsoft Office document such as Word or Excel D. A virus that changes its form each time it is executed
D. Polymorphic viruses can change their form each time they are run. The other answers describe different types of viruses—program, multipartite, and macro, respectively.
3. Which of the following is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected? A. Public data B. Confidential data C. Sensitive data D. Private data
D. Private data is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected. Answer A is incorrect because the unauthorized disclosure, alteration, or destruction of public data would result in little or no risk to the organization. Answer B is incorrect because confidential information is internal information that defines the way in which the organization operates. Security should be high. Answer C is incorrect because sensitive data is considered confidential data.
Quiz 2 1. Which one of the following is used to capture network traffic? A. Honeynet B. Vulnerability scanner C. Honeypot D. Protocol analyzer
D. Protocol analyzers and sniffers are tools used to capture network traffic. Answer B is incorrect because a vulnerability scanner is used to scan and test for known vulnerabilities. Answers A and C are incorrect because these are mechanisms used to trap or deter attackers using an isolated system that appears to be a valuable target.
2. Which of the following protocols runs on port 22 and protects the authenticity and confidentiality of file transfer data in transit? A. 32 bit B. 64 bit C. 128 bit D. 256 bit
D. SCP runs on port 22 and protects the authenticity and confidentiality of the data in transit. Answer A is incorrect because DHCP is used to automatically assign IP addresses. Answer B is incorrect because SSL is a public key-based security protocol that is used by Internet services and clients for authentication, message integrity, and confidentiality. The standard port for SSL is port 443. Answer C is incorrect because in FTP the data is not protected.
Quiz 2 1. If you have a smart card that contains details of your iris coloring and retinal patterns, which two types of authentication would be involved in a successful access request? A. Something you have and something you do B. Something you do and something you are C. Something you are and something you know D. Something you have and something you are
D. The smart card is an example of "something you have," and the biometric measures are an example of "something you are." Answer A is incorrect because there are no biometrics relating to "something you do," only simple measurements of bodily configuration. Answer B is incorrect for the same reason; there is no "something you do" metric present. Answer C is incorrect because no PIN or password is employed as a "something you know" factor.
3. Which of the following are steps to mitigate XSRF attacks? A. Hardcode the authentication credentials into the application B. Always include a default value and character limitations C. Set the HTTPOnly flag on the session cookie D. Add a token for every POST or GET request that is initiated from the browser to the server
D. To mitigate XSRF attacks, the most common solution is to add a token for every POST or GET request that is initiated from the browser to the server. Answer A is incorrect because common practices such as hardcoding credentials into an application are addressed in secure coding practices. Answer B is incorrect because it describes input validation coding practices. Answer C is incorrect because setting the HTTPOnly flag on the session cookie is used to mitigate XSS attacks.
4. Which of these is not a concern for environmental monitoring systems? A. Able to sustain operations during an environmental disaster B. Able to communicate even if the email service was involved C. Able to reach responders in a timely manner D. Include signage noting live or automated review only
D. Video surveillance might require signage noting whether cameras are monitored live or not, to avoid a legal complaint if someone tries unsuccessfully to signal for aid during an emergency. Answers A, B, and C are valid concerns because environmental monitoring systems must be able to operate even during a disaster and communicate with responders in a timely manner even if the servers hosting the usual communication services (email, SMS, and so on) are involved in the disaster.
3. An organization is looking to add a layer of security and improve enterprise desktop management. Which of the following fulfills this requirement? A. Roaming profiles B. Network storage policies C. VPN remote access D. Desktop virtualization
D. Virtualization adds a layer of security and improves enterprise desktop management and control with faster deployment of desktops and fewer support calls due to application conflicts. Answer A is incorrect because roaming profiles do not add a layer of security. Answer B is incorrect because network storage policies have nothing to do with desktop management. Answer C is incorrect because VPN remote access will not improve enterprise desktop management.
5. Using a combination of firewalls, intrusion detection systems, content filters, encryption, and auditing procedures in the organization for protection against intrusions is an example of which of the following? A. Public B. Private C. Hybrid D. Community
D. Layered security is based on the premise that by implementing security at different levels or layers to form a complete security strategy, better protection is provided than by implementing an individual security defense. Answer A is incorrect. Defense in depth is rooted in military strategy and requires a balanced emphasis on people, technology, and operations to maintain information assurance (IA). Answer B is incorrect because infrastructure-as-a-service is the delivery of computer infrastructure in a hosted service model over the Internet. Answer C is incorrect because a community cloud provides collaborative business processes in a cloud environment.