CS-4451 Computer Security Ch1-15

Passwords provide strong protection.

False

RF signal "noise" that creates interference and prevents communications from occurring is called signal blocking.

False

RFID is commonly used to transmit information between networked computers.

False

Risk avoidance involves identifying the risk and making the decision to engage in the activity.

False

Type 1 hypervisors run on the host operating system.

False

Vishing is a false warning, often contained in an email message claiming to come from the IT department.

False

Voice recognition is identical to speech recognition.

False

With the Discretionary Access Control (DAC) Model, no object has an owner, the system has total control over that object.

False

Which of the following is not one of the four methods for classifying the various instances of malware by using the primary trait that the malware possesses?

Source

What social engineering principle convinces a victim an immediate action is needed?

Urgency

Which of the three compressions ensures that only authorized parties can view information?

Confidentiality

Which of the following is defined as a security analysis of the transaction within its approved context?

Content Inspection

Which of the following protocols is unsecured?

FTP (File Transfer Protocol)

A Local Group Policy (LGP) has more options than a Group Policy.

False

ACLs provide file system security for protecting files managed by the user.

False

Encryption is the practice of transforming information so that it is secure and cannot be accessed by unauthorized parties.

False

Select the term that best describes automated attack software.

Open-source intelligence

What specific way can disaster recovery plans be tested?

Tabletop exerises

A virus that infects an executable program file is known as?

Program virus

Which of the following is not one of the functions of a digital signature?

Protect the public key

A physical control attempts to discourage security violations before they occur.

false

A hardware security token is typically a small device with a window display.

true

Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year?

1,500,000

When using AES-CCMP, the AES-256 bit key requires how many rounds?

13

The SHA-1 hashing algorithm creates a digest that is how many bits in length?

160 bits

Which network address below is not a private IP address network?

172.63.255.0

According to the U.S. Bureau of Labor Statistics, what percentage of growth for Information Security Analysts is the available job outlook supposed to reach through 2024?

18

What is the maximum transmission power for IEEE WLANs?

200 mW

An administrator needs to examine FTP commands that are being passed to the server. What port should the administrator be monitoring?

21

What is the maximum number of characters that can exist within a SSID name?

32

After the DES (Data Encryption Standard) cipher was broken and no longer considered secure, what encryption algorithm was made as its successor?

3DES

What length SSL and TLS keys are generally considered to be strong?

4096

How many different Microsoft Windows file types can be infected with a virus?

50

If using the MD5 hashing algorithm, what is the length to which each message is padded?

512 bits

The Temporal Key Integrity Protocol (TKIP) encryption technology uses a MIC value that is what length?

64 bits

What is the maximum range of most Bluetooth 5 devices?

800 ft

What vendor neutral protocol implements support for VLAN tagging?

802.1Q

Select the option that best describes a policy:

A document that outlines specific requirements or rules that must be met.

What is an entry in an ACL known as?

ACE (Access Control Entry)

A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a:

ACL (Access Control List)

Which standard was approved by NIST in late 2000 as a replacement for DES (Data encryption standard)?

AES (Advanced Encryption Standard)

Which encryption protocol below is used in the WPA2 standard?

AES-CCMP

What protocol can be used by a host on a network to find the MAC address of another device based on an IP address?

ARP

Where are MAC addresses stored for future reference?

ARP cache

What type of an attack is being executed if an attacker substituted an invalid MAC address for the network gateway so no users can access external networks?

ARP poinsoning

Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?

Acceptable Use Policy (AUP)

What kind of policy defines the actions users may perform while accessing systems and networking equipment?

Acceptable Use Policy (AUP)

What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?

Access Control Model

What device acts like a wireless base station in a network, acting as a bridge between wireless and wired connections?

Access Point

What type of privileges to access hardware and software resources are granted to users or devices?

Access Rights

To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?

Account Expiration

Which of the following account lockout policy settings determines the number of failed login attempts before a lockout occurs?

Account lockout threshold

What type of scanner sends "Probes" to network devices and examine the responses received back to evaluate whether a specific device needs remediation?

Active

Slave devices that are connected to a Piconet and are sending transmissions are known as what?

Active slave

What type of software can be installed in an individuals web browser to prevent adds from playing?

Ad Blocking

What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period?

Advanced Persistent Threat (APT)

What kind of software program delivers advertising content in a matter that is unexpected and unwanted by the user, and is typically included in malware?

Adware

What type of network access control uses active directory to scan a device to verify that it is in compliance?

Agentless NAC

What type of switch is used to combine multiple network connections into a single link?

Aggregation switch

Which direction do access point antennas radiate their signals and where should they be located?

All directions and centrally located

In information security, which of the following is an example of a threat actor?

All of the above: -Force of nature such as a tornado that could destroy computer equipment -Virus that attacks a computer network -Person attempting to break into a secure computer network

In information security, what can constitute a loss?

All of the above: -Theft of information -Delay in transmitting information that results in a financial penalty -Loss of good will or reputation

Which term below describes the art of helping an adult learn?

Andragogical

Select the option that best describes an asset:

Any item that has a positive economic value.

Select the security tool that is an inventory of applications and associated components that have been pre-approved and authorized to be active and present on the device?

Application Whitelist

What type of cryptography uses two keys instead of just one, generating both a private and a public key?

Asymmetric

Select below the type of cluster where standby server exists only to take over for another server in the event of its failure.

Asymmetric server

What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

Auditory

During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

Authentication Request

Where does the supplicant send identity information?

Authenticator

Which option below is responsible for the issuing of EAP request packets?

Authenticator

What type of malicious software technology is used to download and install software without the user's interaction?

Automatic Download Software

What security goal do the following common controls address: Redundancy, fault tolerance, and patching?

Availability

Which of the following ensures that data is accessible to authorized users?

Availablity

DNS poisoning can be prevented using the latest edition of what software below?

BIND

What type of system security malware allows for access to a computer, program or service without authorization?

Backdoor

Which item below is the standard security checklist against which systems are evaluated for a security posture?

Baseline

What type of penetration testing technique is used if the tester has no prior knowledge of the network infrastructure that is being tested?

Black Box

What type of malware displays a screen and prevents the user from accessing the computer's resources?

Blocker Ransomware

What is a block cipher algorithm that operates on 64 bit blocks and can have a key length from 32 to 448 bits?

Blowfish

What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices?

Bluejacking

A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as which of the following terms?

Bluesnarfing

If Bob receives and encrypted reply message from Alice, whose private key is used to decrypt the received message?

Bob's Private key

When Bob needs to send Alice a message with a digital signature, whose privacy key is used to encrypt the hash?

Bob's private key

What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?

Bridge Trust

Which of the following are considered threat actors?

Brokers, competitors

What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file?

Brute Force

The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient, is known as:

Business Continuity Planning

When does a company need to identify mission-critical business functions and quantify the impact a loss of such functions may have on the organization in terms of its operational and financial position, what should be performed?

Business Impact Analysis

A US DOD smart card that is used for identification of active-duty and reserve military personnel along with civilian employees and special contractors is called:

CAC (common access card)

What encryption protocol is used for WPA2?

CCMP (Counter Mode w/ Cipher Block Chaining Message Authentication Protocol)

What technology uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security?

Captive Portal AP

What type of system is designed to collect and consolidate logs from multiple sources for easy analysis?

Centralized device log analyzer

What process links several certificates together to establish trust between all the certificates involved?

Certificate Chaining

A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?

Certificate Practice Statement (CPS)

Which of the following is considered to be a common security issue?

Certificate issues Authentication issues

Which of the following is the most secure form of IEEE 802.1x authentication?

Certificate-Based authentication

Select the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates.

Certification Authority

What term is used to describe a documentation of control over evidence, which is used to ensure that no unauthorized person was given the opportunity to corrupt the evidence?

Chain of Custody

Due to the potential impact of changes that can affect all users in an organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?

Change management team

What specific feature on an AP controls how much of the spectrum is available to transfer data?

Channel width

A list of the available non keyboard characters can be seen in Windows by opening what utility?

Charmap.exe

What policy is designed to ensure that all confidential or sensitive materials, either in paper form or electronic, are removed from a user's workspace and secured when the items not in use or when employees leave their workspace?

Clean Desk

Data that is in an unencrypted form is referred to as which of the following?

Cleartext

An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?

Closed port

Multiple sectors on a disk, when combined, are referred to as:

Cluster

Which type of biometrics is based on the perception, thought process, and understanding of the user?

Cognitive biometrics

Which of the following is a location that provides office space, but the customer must provide and install all the equipment needed to continue operations?

Cold Site

What type of structure is used to provide instructions to infected bot computers?

Command & Control

When using SNMPv1 or SNMPv2, what piece of information is needed to view information from an agent?

Community string

What type of control is designed to provide an alternative to normal controls that for some reason cannot be used?

Compensating Control

Using technology to search for computer evidence of a crime in order to retrieve information, even if it has been altered or erased, that can be used in pursuit of an attacker or criminal is an example of:

Computer Forensics

A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network?

Create a DMZ Add necessary hosts

The management in your corporate office needs to group users on the network together logically even though they are attached to separate network switches. How can this be done?

Create a VLAN and add the users' computers/ports to the correct VLAN

What term best describes managing the login credentials such as passwords in user accounts?

Credential Management

What are the two types of cross-site attacks?

Cross-site scripting attacks Cross-site request forgery attacks

What allows an application to implement an encryption algorithm for execution?

Crypto Service Providers

What type of ransomware was developed to block the user from accessing the computer and encrypts all the files on the user's device?

Crypto-Malware

The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?

DAP (Directory Access Protocol)

What type of attack is being performed when multiple computers overwhelm a system with fake requests?

DDos

Select the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree.

DNS

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

DNS

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

DNS poisoning

What process addresses how long data must be kept and how it is to be secured?

Data Retention

Which of the following is a system of security tools that are used to recognize and identify data that is critical to the organization and ensure that it is protected?

Data loss prevention

What term describes data actions being performed by endpoint devices, such as printing a report from a desktop computer?

Data-in-use

What term describes a layered security approach that provides the comprehensive protection?

Defense-in-Depth

Which data erasing method will permanently destroy a magnetic-based hard disk by reducing or eliminating the magnetic field?

Degaussing

When an attack is designed to prevent authorized users from accessing a system, it is called what kind of attack?

Denial of Service

What process will remove all private and public keys along with the user's identification information in the CA?

Destruction

What control is designed to identify any threat that has reached the system?

Detective control

Which key exchange requires Alice and Bob to each agree upon a large prime number and a related integer?

Diffie-Hellman

What is the US federal government standard for digital signatures?

Digital Signature Algorithm

Which of the following is a database stored on the network itself that contains information about users and network devices?

Directory Service

What type of element addresses the recovery of critical IT assets including systems, applications, database, storage, and network assets?

Disaster Recovery

Which access control model is considered to be the least restrictive?

Discretionary Access Control (DAC)

In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network?

Distributed

What type of trust model is used as the basis for most digital certificates used on the internet?

Distributed trust

Which of the following is a valid fundamental security principle?

Diversity Simplicity Layering

What attack occurs when a domain pointer that links a domain name to a specific web server is changed by a threat actor?

Domain hijacking

Which of the following certificates verifies the identity of the entity that has control over the domain name?

Domain validation digital certificate

Which term below describes the time it takes for a key to be pressed and then released?

Dwell time

What framework is used for transporting authentication protocols instead of authentication protocol itself?

EAP (Extensible Authentication Protocol)

Select the EAP (Extensible Authentication Protocol) supported by WPA2 (Wi-Fi Protected Access 2)Enterprise that securely tunnels any credential form for authentication using TLS (Transport Layer Security).

EAP-FAST

Select the EAP protocol that uses digital certificates for authentication.

EAP-TLS

What cryptographic method, first proposed in the mid 1980s, makes use of sloping curves instead of large prime numbers?

ECC (Eliptic-curve cryptography)

What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks?

Easter Egg

Which of the following is caused by a short-duration burst of energy by the source?

Electromagnetic Interference

What block cipher mode of operation uses the most basic approach where the plaintext is divided into blocks, and each block is then encrypted separately.

Electronic Code Block

Which of the following is the sudden flow of electric current between two objects?

Electrostatic Discharge

Which of the following are considered to be common asymmetric cryptographic algorithms?

Elliptic Curve Cryptography Digital Signature Algorithm

What type of threat is a threat related to the natural surroundings of an enterprise?

Environmental threat

Which of the following choices is not one of the four types of packets used by EAP?

Error

What type of access point is configured by an attacker in such a manner that it mimics an authorized access point?

Evil Twin

At what stage can a certificate no longer be used for any type of authentication?

Expiration

Which of the following is used to replicate attacks during a vulnerability assessment by providing a structure of exploits and monitoring tools?

Exploitation framework

Which of the following is an enhanced type of domain digital certificate?

Extended validation

What technology expands the normal capabilities of a web browser for a specific web page?

Extensions

What type of network is a private network that can also be accessed by authorized external customers, vendors, and partners?

Extranet

A DDos mitigator is a software device that identifies and blocks real-time distributed denial of service (DDos) attacks.

False

A SYN flood attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer.

False

A business continuity plan will help determine the mission-essential function or the activity that serves as the core purpose of the enterprise.

False

A business impact analysis may include succession planning or determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees.

False

A digital certificate is a technology used to associate a user's identity to a private key.

False

A legal stop order is a notification sent from the legal team to employees instructing them not to delete electronically stored information or paper documents that may be relevant to the incident.

False

A polymorphic virus changes its internal code to one of a set number of predefined mutations whenever it is executed.

False

A retina scanner has become the most common type of standard biometrics.

False

A risk management assessment is a systematic and methodical evaluation of the security posture of the enterprise.

False

A rootkit can hide its presence, but not the presence of other malware.

False

A virus self-replicates on the host computer and spreads to other computers by itself.

False

All modern operating systems include a hardware firewall, usually called a host-based firewall.

False

An agent may be a permanent NAC agent and reside on end devices until uninstalled, but it cannot be a dissolvable NAC agent.

False

An enterprise contingency plan is copying information to a different medium and storing it at an off-site location so that it can be used in the event of a disaster.

False

An intranet is a separate open network that anyone can access without prior authorization.

False

Asymmetric cryptographic algorithms are also known as private key cryptography.

False

Attribute-Based Access Control (ABAC) grants permissions by matching object labels with subject labels based on their respective levels.

False

Digital certificates should last forever.

False

Distributive allocation refers to "eliminating" the risk.

False

Forensics is the application of science to questions that are of interest to the technology professions.

False

GNU privacy guard (GPG) a proprietary software that runs on different operating systems.

False

Hash algorithms like MD5 and SHA are considered secure for creating digests because these hashing algorithms are designed to create a digest as strong as possible.

False

In a bluesnooping attack, the attacker copies emails, calendars, contact lists, cell phone pictures, or videos by connecting to the Bluetooth device without the owner's knowledge or permission.

False

In white box and gray box testing, the first task of the tester is to perform preliminary information gathering on their own from outside the organization, sometimes called open source intelligence (OSINT).

False

Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.

False

Many cloud providers allow customers to perform penetration tests and vulnerability scans without permission and whenever is necessary.

False

Netstat displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and DNS settings.

False

Nslookup displays detailed information about how a device is communicating with other network devices.

False

Obfuscation is making something well known or clear.

False

Root digital certificates should never be self-assigned.

False

S/MIME (Secure/Multipurpose Internet Mail Extensions) can be used when mail is accessed through a web browser.

False

Securing web applications is easier than protecting other systems.

False

Smart phones give the owner of the device the ability to download security updates.

False

Stream ciphers work on multiple characters at a time.

False

Successful attacks are not usually from software that is poorly designed and has architecture/design weaknesses.

False

The FIT calculation is another way of reporting MTTF.

False

The MAC address is a unique 64-bit number that is "burned" into the network interface card adapter when it is manufactured.

False

The OSI model breaks networking steps down into a series of six layers.

False

The Sarbanes-Oxley Act restricts electronic and paper data containing personally identifiable financial information.

False

The classification designation of government documents is typically Top Secret, Secret, Unusual, Confidential, and Classified

False

The current Bluetooth version is Bluetooth 6.

False

The malicious content of an XSS URL is confined to material posted on a website.

False

The most popular implementation of DNS is the Unix Internet Name Domain.

False

The return address is the only element that can be altered in a buffer overflow attack.

False

The second step in a vulnerability assessment is to determine the assets that need to be protected.

False

The security administrator reports directly to the CIO?

False

Trivial File Transfer Protocol (TFTP) uses more memory when compared to FTP.

False

Workgroup switches must work faster than core switches.

False

A metallic enclosure that prevents the entry or escape of an electromagnetic field is known as a:

Faraday cage

Which of the following self contained APs are autonomous, or independent, because they are separate from other network devices and even other autonomous APs?

Fat APS

What specific type of mechanism should be utilized by all types of training to provide input from participants on the trainings effectiveness so that any needed modifications can be made for future training?

Feedback Mechanism

What kind of slack is created from information stored on a hard drive, which can contain remnants of previously deleted files or data?

File Drive Slack

Which security procedure is being demonstrated if an administrator is using Wireshark to watch for specific inbound and outbound traffic?

Firewall monitoring

What is the name of a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user?

Forward Proxy Server

What data unit is associated with the Open Systems Interconnection layer two?

Frame

What term best describes when cryptography is applied to entire disks instead of individual files or groups of files?

Full disk encryption

What block cipher mode of operation encrypts plaintext and commutes a message authentication code to ensure that the message was created by the sender and that it was not tampered with during transmission?

Galois/Counter

What specific type of authentication can be based on where the user is located?

Geolocation

Which law requires banks and financial institutions to alert a customer and their policies and practices in disclosing customer information?

Gramm-Leach-Bliley

Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement?

Group-Based Access Control

A collection of suggestions that should be implemented is referred to as a:

Guideline

Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?

HIPAA

What type of message authentication code uses hashing to authenticate the sender by using both a hash function and a secret cryptographic key?

HMAC (Hashed Message Authentication Code)

What type of dedicated cryptographic processor that provides protection for cryptographic keys?

Hardware Security Module

Which of the following is more secure than software encryption?

Hardware encryption

What type of cryptographic algorithm creates a unique digital fingerprint of a set of data?

Hash

What is term for a network set up with intentional vulnerabilities?

Honeynet

Which is the term for a computer typically located in the area with limited security and loaded with software and data files that appear to be authenticate, yet they are imitations of real data files.

Honeypot

What term is used to describe the software agents that are used by NAC and installed on devices to gather information?

Host Agent Health Checks

Which of the following is a software-based application that runs on a local host computer that can detect an attack as it occurs?

Host-based Intrusion Detection System

An early networking device that functions at Layer 1 of the OSI model and added devices to a single segment is known as which of the following choices?

Hub

What is the main weakness associated with the use of passwords?

Human memory

What variation of a dictionary attack involves a dictionary attack combines with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backwards, slightly misspelling words, or including special characters?

Hybrid

When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems?

Hypervisor

What standard provides a greater degree of security by implementing port-based authentication and blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server?

IEEE 802.1x

The authentication header (AH) protocol is part of what encryption protocol suite below?

IPsec

What protocol below supports two encryption modes: transport and tunnel?

IPsec

What secure protocol is recommended for Network Address Translation (NAT)?

IPsec

Why is IPsec considered to be a transparent security protocol?

IPsec is designed to not require modifications of programs, or additional training, or additional client setup.

Which of the following is an agreement that is intended to minimize security risks for data transmitted across a network?

ISA

Which of the following is a common security framework?

ISO, COBIT, RFC

What type of planning do many enterprises participate in that addresses a future event or circumstance that might possibly occur but cannot be predicted with any certainty?

IT Contingency Planning

Which of the following is the goal of a vulnerability scan?

Identify vulnerabilities identify common misconfigurations identify a lack of security controls

What type of theft involves stealing another person's personal information, such as a Social Security Number, and then using the information to impersonate the victim, generally for financial gain?

Identity theft

What specific ways can a session token be transmitted?

In the URL In the header of the HTTP acquisition

What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

Incident Management

What can be defined as the planning, coordination, and communications functions that are needed to resolve an incident in an efficient manner?

Incident handling

Which term below is frequently used to describe the tasks of securing information that is in a digital format?

Information Security

In what type of cloud computing does the customer have some control over the operating systems, storage, and their installed applications?

Infrastructure as a service (IaaS)

What type of web server application attacks introduce new input to exploit a vulnerability?

Injection attacks

In cryptography, which of the 5 basic protections ensures that the information is correct and no unauthorized person or malicious software has altered the data.

Integrity

Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.

Integrity

What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?

Integrity

What social engineering principle frightens and coerces a victim by using threats?

Intimidation

What type of network is a private network that belongs to an organization that can only be accessed by approved internal users?

Intranet

What common method is used to ensure the security and integrity of a root CA?

Keep it in an offline state from the network.

Select the authentication system developed by MIT to verify the identity of network users.

Kerberos

The process by which keys are managed by a third party, such as a trusted CA, is known as?

Key Escrow

What term best represents the resiliency of a cryptographic key to attacks?

Key Strength

What type of spyware silently captures and stores each keystroke that a user types on the computer's keyboard?

Keylogger

What option below represents an example of behavioral biometrics?

Keystroke Dynamics

What type of learner learns best through hands-on approaches?

Kinesthetic

What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?

LDAP (Lightweight Directory Access Protocol) injection

When LDAP traffic is made secure by using Secure Socket Layer (SSL) or Transport Layer Security (TLS), what is the process called?

LDAPS

Which of the following are considered to be the primary payload capabilities found in malware?

Launch attacks delete data collect data

What level of security access should a computer user have to do their job?

Least amount

An administrator has two servers that host the same web content, but only one server is utilized at a given time. What can be configured that can help to evenly distribute work across the network, and make use of both servers in a manner that is transparent to the end user?

Load Balancing

What two locations can be a target for DNS poisoning?

Local host table external DNS server

What type of computer code is typically added to a legitimate program but lies dormant until a specific logical event triggers it?

Logic Bomb

To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 million. What was the name of this attack?

Love Bug

What type of additional attack does ARP spoofing rely on?

MAC spoofing

What describes an agreement between two or more parties and demonstrates a "convergence of will" between the parties so that they can work together?

MOU

When an attacker promotes themselves as reputable third-party advertisers to distribute their malware through the web ads, what type of attack is being performed?

Malvertising

What type of attack intercepts communication between parties to steal or manipulate the data?

Man-in-the-Browser

Which of the following are considered interception attacks?

Man-in-the-Middle Replay attacks

What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

Mandatory Access COntrol

What is used to create session keys?

Master secret

Which of the following is a basic measure of reliability for systems that cannot be repaired?

Mean Time To Failure (MTTF)

What value refers to the average amount of time until a component fails, cannot be repaired, and must be replaced?

Mean time between failures

What is the name for an image that consists of an evidence-grade backup because its accuracy meets evidence standards?

Mirror Image

If a user has more than one type of authentication credential, what type of authentication is being used?

Multifactor authentication

What secure protocol is recommended for time Synchronizations?

NTP (Network Time Protocol)

What term is used to describe state-sponsored attackers that are used for launching computer attacks against their foes?

Nation State Actors

What technology will examine the current state of a network device before allowing it to connect to the network and force any device that does not meet a specified set of criteria to connect only to a quarantine network?

Network Access Control

At what level of the OSI model does the IP Protocol function?

Network Layer

What hardware device can be inserted into a network to allow an administrator to monitor traffic?

Network Tap

Select the vulnerability scan type that will use only the available information to hypothesize the status of the vulnerability.

Non-intrusive

Which of the following is an input value that must be unique with some special scope, such as for a given period or an entire session?

Nonce

What Federated identity Management (FIM) relies on token credentials?

OAuth

What technology is an open source federation framework and supports the development of authorization protocols?

OAuth

Which of the following is a valid way to check the status of a certificate?

Online Certificate Status Protocol Certificate Revocation List

A port in what state below implies that an application or service assigned to that port is listening for any instructions?

Open port

The action that is taken by a subject over an object is called a:

Operation

Which threat category impacts the daily business of the organization?

Operational

User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

Orphaned

Bluetooth is an example of what type of technology below?

PAN (Personal Area Network)

When a private network uses a single public IP address, and each outgoing TCP packet uses a different port to allow for proper translation, what networking technology is in use?

PAT

Which EAP protocol creates an encrypted channel between the client authentication server and the client, and uses Microsoft Windows logins and passwords?

PEAP

What widely used commercial asymmetric cryptography software can be used for encrypting files and email messages.

PGP (Pretty Good Privacy)

Select the email protocols that are not secure?

POP IMAP

Authentication for WPA (Wi-Fi Protected Access)Personal is accomplished by using what type of key?

PSK (Pre-shared Key)

Which of the following refers to the start-up relationship between partners?

Partner on-boarding

What type of reconnaissance is a penetration tester performing if they are using tools that do not raise any alarms?

Passive

Which of the following options prevents a login after a set number of failed login attempts within a specific period and can also specify the length of time that the lockout is in force?

Password Lockout

Which of the following is a category of a group password setting in Microsoft Windows?

Password Policy Setting Account Lockout Policy

What is the end result of a penetration test?

Penetration Test Report

Which of the following is a public key system that generates random public keys that are different for each session?

Perfect forward secrecy

What process does a penetration tester rely on to access an even higher level of resources?

Persistence

If a network is completely isolated by an air gap from all other outside networks it is using what type of configuration?

Physical Network Segregation

If a penetration tester has gained access to a network and then tries to move around inside the network to other resources, what procedure is the tester performing?

Pivot

During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?

Port Scanner

If a network administrator needs to configure a switch to copy traffic that occurs on some or all ports to a designated monitoring port on a switch, what switch technology will need to be supported?

Port mirroring

What term is defined as the state or condition of being free from public attention to the degree that you determine?

Privacy

What type of assessment can determine if a system contains PII, whether a privacy impact assessment is required, and if any other privacy requirements apply to the IT system?

Privacy Threshold

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?

Privilege Escalation

An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

Protocol Analyzer

What specific science discipline do most social engineering attacks rely on when they are being used?

Psychology

What alternative term can be used to describe asymmetric cryptographic algorithms?

Public key cryptography

If a user uses the operating system's "delete" command to erase data, what type of data removal procedure was used?

Purging

Which of the following is usually addressed in a disaster recovery plan?

Purpose and Scope Restoration Procedures Recovery Team

What type of risk calculation uses an "educated guess" based on observation?

Qualitative Risk Calculation

Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?

RADIUS (Remote Authentication Dial-In User Service) port 1812 provides AAA

What type of a computer can forward RADIUS messages between RADIUS clients and RADIUS servers?

RADIUS Proxy

Which of the following is a system of hard drives based on redundancy and used for increased reliability and performance?

RAID (Redundant Array of Independent Disks)

What RAID type is based on striping, use multiple drives, and is not fault tolerant if one of the drives fails?

RAID 0

What RAID type below utilizes parity data across all drives instead of using a separate drive to hold parity error checking information?

RAID 5

When the remaining cluster space of a partially filled sector is padded with contents of RAM. What is the name for this type of scenario?

RAM Slack

Which hash algorithm's primary design feature is two different and independent parallel chains of computation, the result of which are then combined at the end of the process?

RIPEMD

Which of the following asymmetric cryptographic algorithms is most commonly used?

RSA (Rivest-Shamir-Adleman)

The use of what item below involves the creation of a large pre-generated data set of candidate digests?

Rainbow tables

Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:

Ransomware

What process periodically validates a user's account, access control, and membership role or inclusion in a specific group?

Recertification

Which type of attack below is similar to a passive man-in-the-middle attack?

Replay

Which of the following is a server that routes incoming requests coming from an external network to the correct internal server?

Reverse Proxy

What term can be described as a function of threats, consequences of those threats, and the resulting vulnerabilities?

Risk

An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point?

Rogue

Which access control model that uses access based on a user's job function within an organization?

Role Based Access Control

When using Role Based Access Control (RBAC), permissions are assigned to which of the following?

Roles

Which of the following certificates are self-assigned?

Root digital certificates

What device operates at the Network layer (layer 3) of the OSI model and forwards packets across computer networks?

Router

What kind of networking device forwards packets across different computer networks by reading destination addresses?

Router

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

Rule Based Access Control

What type of attack conducts a statistical analysis of the stolen passwords that is then used to create a mask to break the largest number of passwords?

Rule attack

Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.

SAML (Security Assertion Markup Language)

On an SDN network, what specific unit gives traffic the permission to flow through the network?

SDN controller

What is a service contract between a vendor and a client that specifies what services will be provided, the responsibility between each party, and any guarantees of service?

SLA

Which of the following protocols is used to manage network equipment and is supported by most network equipment manufacturers?

SNMP (SImple Network Management Protocol)

What language below is used to view and manipulate data that is stored in a relational database?

SQL

What secure protocol is recommended for voice and video?

SRTP (Secure real-time transfer protocol)

Select the secure alternative to the telnet protocol.

SSH

What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?

SSL

What hardware component can be inserted into a web server that contains one or more co-processors to handle SSl/TLS processing?

SSL/TLS accelerator

What specific type of hardware card inserts into a web server that contains one or more coprocessors to handle SSL/TLS processing?

SSL/TLS accelerator

An attack that takes advantage of the procedures for initiating a session is known as what type of an attack?

SYN flood attack

What can be used to increase the strength of hashed passwords?

Salt

What is the value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest?

Salt

What term best describes the ability to continue to function as the size or volume of the enterprise data center expands to meet the growing demands?

Scalability

Piconets in which connections exist between different piconets are known as which of the following terms?

Scatternet

Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so?

Script kiddies

What information security position reports to the CISO and supervises technicians, administrators, and security staff?

Security Manager

A written document that states how an organization plans to protect the company's information technology assets is a:

Security Policy

Which position below is considered an entry-level position for a person who has the necessary technical skills?

Security Technician

What type of authentication is based on what the user has?

Security token

What data unit is associated with the Open Systems Interconnection layer four?

Segment

A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?

Separation of Duties

A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as:

Service Level Agreement (SLA)

Which of the following accounts is a user account that is created explicitly to provide a security context for services running on a server?

Service account

What federation system technology uses federation standards to provide SSO and exchanging attributes?

Shibboleth

What type of radio frequency transmissions are used by Bluetooth devices?

Short-range radio

What type of monitoring compares network traffic, activities, transactions, or behavior against a database of known attack patterns?

Signature-based

What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it?

Silver Bullet

Which term below describes a component or entity in a system which, if it no longer functions, will disable an entire system?

Single Point of Failure

The use of one authentication credential to access multiple accounts or applications is referred to as which of the following?

Single Sign-on

What type of survey can help a network administrator make decisions about bands, channels, and widths when installing new access points?

Site

Which type of attack broadcasts a network request to multiple computers but changes the address from which the request came to the victim's computer?

Smurf attack

What term below is used to describe the process of gathering information for an attack by relying on the weaknesses of individuals?

Social Engineering

Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?

Social Media Network

Which cloud computing service model uses the cloud computing vendor to provide access to the vendor's software applications running on a cloud infrastructure?

Software as a Service (SaaS)

What type of phishing attack targets specific users?

Spear phishing

When VPN network traffic is routing only some traffic over the secure VPN while other traffic directly accesses the internet, what technology is being used?

Split tunneling

Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length?

Sponge

Select the term used to describe tracking software that is deployed without the consent or control of the user:

Spyware

What kind of biometrics utilizes a person's unique characteristics for authentication, such as fingerprints or unique characteristics of a person's face.

Standard biometrics

A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below?

Stateful packet filter

Which of the following groups categorize the risks associated with the use of private data?

Statistical Interference Associations with Groups Individual inconveniences and Identity Theft

Which threat category affects the long-term goals of the organization?

Strategic

What type of cipher takes one character and replaces it with one character, working one character at a time?

Stream Cipher

The simplest type of stream cipher, one in which one letter or character is exchanged for another, is known as what?

Substitution

Which of the following is a network that moves a product from the supplier to the customer and is comprised of vendors that supply raw material, manufacturers that convert the material into products, warehouses that store products, distribution centers that deliver them to retailers, and retailers who bring the product to the consumer?

Supply Chain

One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique?

Swiss Cheese

In which type of encryption is the same key used to encrypt and decrypt data?

Symmetric

Which major types of access involving system resources are controlled by ACLs?

System Access User Access Application Access

What is the name of an instruction that interrupts a program being executed and requests a service from the operating system?

System Call

A snapshot of the current state of a computer that contains all current settings and data is known as what option below:

System Image

What authentication service was developed by Cisco and is an authentication service commonly used on Unix devices that communicate by forwarding user authentication information to a centralized server?

TACACS (Terminal Access Controller Access-Control System)

What protocol suite below is the most commonly used protocol for LAN communications?

TCP/IP

What cryptographic transport algorithm is considered to be significantly more secure than SSL?

TLS

What technology uses a chip on the motherboard of the computer to provide cryptographic services?

TPM (trusted platform module)

What process describes using technology as a basis for controlling the access and usage of sensitive data?

Technical Controls

What specific issues are associated with log management?

The multiple devices generating logs the different log formats the fast network transfer speeds

What criteria must be met for an XXS attack to occur on a specific website?

The website must accept user input without validating it and use that input in a response.

When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?

Third-party

The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?

Threat modeling

What type of malicious software technology is used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information?

Tracking software

Which of the following is a two way relationship that is automatically created between parent and child domains in a Microsoft Active Directory Forest?

Transitive Trust

Which layer of the OSI model contains the TCP protocol, which is used for establishing connections and reliable data transport between devices?

Transport Layer

Select below the type of malware that appears to have a legitimate use, but contains something malicious.

Trojan

A DNS amplification attack floods an unsuspecting victim by redirecting valid responses to it.

True

A TOTP (time-based one-time password) changes after a set period.

True

A buffer overflow attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

True

A certificate repository (CR) is a publicly accessible centralized directory of digital certificates.

True

A collision attack is an attempt to find two input strings of a hash function that produce the same hash result.

True

A disaster recovery plan is developed for restoring the IT functions and services to their former state.

True

A privacy impact assessment is used to identify and mitigate privacy risks.

True

A remote access Trojan has the basic functionality of a Trojan but also gives the threat actor unauthorized remote access to the victim's computer by using specially configured communication protocols.

True

A security advantage of VLANS is that they can be used to prevent direct communication between servers.

True

A security control is any device or process that is used to reduce risk.

True

A snapshot of the data is essentially a series of "reference markers" of the data at a specific point in time.

True

A subject alternative name (SAN) digital certificate, is also known as a Unified Communications Certificate (UCC).

True

A subject's privilege over an object should follow the principle of least privilege.

True

A user electronically signs a Certificate Signing Request (CSR) by affixing their public key and then sending it to an intermediate certificate authority.

True

An incident response plan is a set of written instructions for reacting to a security incident.

True

Anomaly monitoring is designed for detecting statistical anomalies.

True

Assessing risk should include testing of technology assets to identify any vulnerabilities.

True

Authentication, Authorization, and Accounting are sometimes called AAA.

True

Authorization is granting permission for admittance.

True

Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.

True

Brute force attacks can be very slow because every character combination must be generated.

True

Ciphertext is the scrambled and unreadable output of encryption.

True

Determining vulnerabilities often depends on the background and experience of the assessor.

True

Each packet/datagram contains a source port and a destination port.

True

Employee onboarding refers to the tasks associated with hiring a new employee.

True

For IEEE WLANS, the maximum transmit power is 200 milliwatts (mW).

True

In an integer overflow attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.

True

In information technology, non-repudiation is the process of proving that a user performed an action.

True

JavaScipt cannot create separate stand-alone applications.

True

Keystroke dynamics uses two unique typing variables.

True

Most password attacks today are an offline attack.

True

NAT is not a specific device, technology, or protocol. It is a technique for substituting IP addresses.

True

Near Field Communication (NFC) is a set of standards used to establish communication between devices in very close proximity.

True

Once the malware reaches a system through circulation, then it must embed itself into that system.

True

One use of Data Loss Prevention (DLP) is blocking the copying of files to a USB flash drive.

True

Open ID connect is an authentication protocol that can be used in OAuth 2.0 as a standard means to obtain user identity.

True

Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.

True

Realistically, risks can never be entirely eliminated.

True

Resumption planning is used for the recovery of critical business functions separate from IT, such as resuming a critical manufacturing process.

True

Rule-Based access control can be changed by user.

True

SNMP (Simple Network Management Protocol)-managed devices must have an agent or a service that listens for commands and then executes them.

True

SSL v3.0 served as the basis for TLS v1.0

True

Social engineering impersonation means to masquerade as a real or fictitious character and then play out the role of that person on a victim.

True

Some CAs issue only entry-level certificates that provide domain -only validation.

True

Some cryptographic algorithms require that in addition to a key another value can or must be input.

True

TCP/IP uses a numeric value as an identifier to the applications and services on these systems.

True

The CompTIA+ certification is a vendor neutral credential.

True

The XOR cipher is based on the binary operation eXclusive OR that compares two bits.

True

To mitigate risk is the attempt to address risk by making the risk less serious.

True

Traditional network security devices can block traditional network attacks, but they cannot always block web application attacks.

True

Two types of malware have the primary trait of circulation. These are viruses and worms.

True

Vendor-specific guides are useful for configuring web servers, operating systems, applications servers, and network infrastructure devices.

True

Vulnerability scanning should be conducted on existing systems and particularly as new technology equipment is deployed.

True

Wireless data networks are particularly susceptible to known ciphertext attacks.

True

XSS is like a phishing attack but without needing to trick the user into visiting a malicious website.

True

If an attacker purchases and uses a URL that is similar in spelling and looks like a well-known web site in order for the attacker to gain web traffic to generate income, what type of attack are they using?

URL hijacking

How can an administrator keep devices powered when the power is interrupted?

Uninterruptable power supply

Which of the following is the process of running a user desktop inside a virtual machine that resides on a server?

VDI (Virtual Desktop Infrastructure)

How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to?

VLAN

What technology enables authorized users to use an unsecured public network, such as the internet as if it were a secure private network?

VPN

What dedicated hardware device aggregates hundreds or thousands of VPN connections?

VPN concentrator

What type of diversity is being implemented if a company is using multiple security products from different manufacturers?

Vendor Diversity

Which technology is a means of managing and presenting computer resources by function without regard to their physical layout or location?

Virtualization

What type of malware is heavily dependent on a user in order to spread?

Virus

Which of the following is malicious computer code that reproduces itself on the same computer?

Virus

What specific type of phishing attack uses the telephone to target the victim?

Vishing

What kind of data can be lost when a computer is turned off?

Volatile

What is another term used for security weakness?

Vulnerability

Which scan examines the current security, using a passive method?

Vulnerability Scan

What is the name of the process that basically takes a snapshot of the current security of an organization?

Vulnerability appraisal

Select the device that is designed to exclusively monitor the RF frequency for network transmissions.

WAP (Wireless Application Protocol)

What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?

Watering Hole

Select the technology that can be used to examine content through application-level filtering.

Web Security Gateway

What kind of digital certificate is typically used to ensure the authenticity of a web server to a client?

Web Server

Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses , and even the source code of custom applications?

White Box

Which of the following is a simpler subset of Directory Access Protocol (DAP)?

X.500Lite

The exchange of information among DNS servers regarding configured zones is known as:

Zone Transfer

A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:

a macro

Which of the following are key stretching password hash algorithms?

bcrypt, PBKDF2

Which of the following is a valid data sensitivity labeling and handling category?

confidential proprietary

What process describes anything premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents?

cyberterrorism

What are the planes used to allow SDN to virtualize parts of the physical network so that it can be more quickly and easily configured?

data plane, data plane

Select the specific type of interview that is usually conducted when an employee leaves the company:

exit interview

A private cloud is one in which the services and infrastructure are offered to all users with access provided remotely through the internet.

false

As security is increased, convenience is often increased.

false

Brokers steal new product research or a list of current customers to gain a competitive advantage.

false

Malware is software that enters a computer system with the user's knowledge or consent and then performs an unwanted and harmful action.

false

One of the first popular symmetric cryptography algorithms was RSA?

false

Which of the following is not a valid biometric disadvantage?

false error rate

What term is used to describe a group that is strongly motivated by idealogy, but is usually not considered to be well-defined and well-organized?

hacktivists

What type of computing environment allows servers, storage, and the supporting networking infrastructure to be shared by multiple enterprises over a remote network connection that had been contracted for a specific service?

hosted services

The use of a single authentication credential to access multiple networks is called:

identity management

The goal of redundancy is to reduce what variable?

mean time to recovery

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a:

password

A framework for all of the entities involved in digital certificates for digital certificate management is known as:

public key infrastructure

Which of the following describes various supporting structures for implementing security that provides a resource of how to create a secure IT environment?

reference architectures industry-standard frameworks

What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as a virus?

rootkit

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

session hijacking

What type of card contains an integrated circuit chip that can hold information, which then can be used as part of the authentication process?

smart card

In what type of cluster does every server perform useful work so that if one fails, the remaining servers take on the additional load?

symmetric server

A user or a process functioning on behalf of the user that attempts to access an object is known as:

the subject

A correlation engine aggregates and correlates content from different sources to uncover an attack.

true

A vulnerability is a flaw or weakness that allows a threat to bypass security.

true

FIle Integrity Check (FIC) is a service that can monitor any changes made to computer files, such as operating system files.

true

In an ad hoc mode, devices can only communicate between themselves and cannot connect to another network.

true

One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government.

true

Phishing is sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.

true

RF signals can be picked up from an open or misconfigured AP.

true

TCP/IP uses its own four-layer architecture that includes the Network Interface, Internet, Transport, and Application layers.

true

Wired Equivalent Privacy (WEP) is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information.

true

A location that has all the equipment installed but does not have active internet or telecommunications facilities, and does not have current backups of data, is an example of:

warm site

Which SQL injection statement example below could be used to discover the name of the table?

whatever' AND 1 = (SELECT COUNT(*) FROM tabname); --

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?

whatever' AND email IS NULL; --

Choose the SQL injection statement example below that could be used to find specific users:

whatever' OR full_name LIKE '%MIA%'