Network Security Final
You want to increase the security of your network by allowing only authenticated users to access network devices through a switch. Which of the following should you implement? 802.1x Port security Spanning tree IPsec
802.1x
What is a cookie? A file saved on your hard drive that tracks website preferences and use. A malicious program that runs when you read an email attachment. A malicious program that disguises itself as a useful program. An executable file that runs in the background and tracks internet use.
A file saved on your hard drive that tracks website preferences and use.
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of common user names and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? A strong password policy 3DES encryption AES encryption VLANs
A strong password policy
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter? False negative False positive Error rate False acceptance
False negative
Which of the following government acts protects medical records and personal health information? FACTA FISMA HIPAA ACA
HIPAA
Which of the following authentication methods uses tickets to provide single sign-on? PKI Kerberos 802.1x MS-CHAP
Kerberos
To prevent server downtime, which of the following components should be installed redundantly in a server system? CD or DVD drive RAM modules Power supply Floppy disk drive
Power supply
What does hashing of log files provide? Confidentiality to prevent unauthorized reading of the files Proof that the files have not been altered Sequencing of files and log entries to recreate a timeline of events Preventing the system from running when the log files are full Preventing log files from being altered or overwritten
Proof that the files have not been altered
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is used? RBAC MAC DAC DACL
RBAC
Which of the following is an entity that accepts and validates information contained within a request for a certificate? Certificate authority Registration authority Recovery agent Enrollment agent
Registration authority
Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network? IaaS PaaS SaaS DaaS
SaaS
A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission? Receiver's private key Receiver's public key Sender's private key Sender's public key
Sender's public key
Which of the following solutions would you implement to eliminate switching loops? Inter-vlan routing Spanning tree Auto-duplex CSMA/CD
Spanning tree
The success of asymmetric encryption is dependent upon which of the following? The integrity of the individuals who created the cryptosystem The secrecy of the algorithm The complexity of the cipher text The secrecy of the key
The secrecy of the key
A user has just authenticated using Kerberos. Which object is issued to the user immediately following login? Digital certificate Digital signature Ticket granting ticket Client-to-server ticket
Ticket granting ticket
A honeypot is used for which purpose? To entrap intruders To prevent sensitive data from being accessed To delay intruders in order to gather auditing data To disable an intruder's system
To delay intruders in order to gather auditing data
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need? Port scanner Protocol analyzer Vulnerability scanner Network mapper
Vulnerability scanner
If your mission-critical services have a maximum tolerable downtime (MTD) (or a recovery time objective [RTO]) of 36 hours, what is the optimum form of recovery site? Cold Hot Warm Mobile
Warm
Daily backups are completed at the ABD company location, and only a weekly backup is maintained at another network location. Which of the following disaster recovery strategies is ABD using? Hot spare Hot site Cold site Warm site HSTG
Warm site
Which standard is most widely used for certificates? HTTP 1.1 X.509 SSL v.3.0 802.1x
X.509
You are the administrator for a small company. You need to add a new group of users to the system. The group's name is sales. Which command will accomplish this? addgroup sales groupadd -r sales groupadd sales addgroup -x sales
groupadd sales
Your network uses the following backup strategy: • Full backups every Sunday night • Differential backups Monday through Saturday nights On Thursday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data? 1 2 3 4 5
2
Which of the following ports does FTP use to establish sessions and manage traffic? 20, 21 80, 443 25, 110 135 - 139
20, 21
You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5? 2 3 4 5 6
3
Your network uses the following backup strategy: • Full backups every Sunday night • Incremental backups Monday night through Saturday night On a Thursday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data? 1 2 3 4 5
4
Which of the following ports are used with TACACS? 22 49 50 and 51 1812 and 1813 3389
49
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port does this action use? 60 80 389 443 636 2208
636
You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible? 3DES SHA-1 RSA AES
AES
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login? Account policy Access token Cookie Proxy
Access token
While browsing the internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of? Adware Worm Zombie Logic bomb
Adware
Which of the following measures are you most likely to implement to protect against a worm or Trojan horse? Firewall IPsec Anti-virus software Password policy
Anti-virus software
What is another name for a logic bomb? Pseudo flaw Asynchronous attack DNS poisoning Trojan horse
Asynchronous attack
A recreation of historical events is made possible through? Audits Audit trails Penetration testing Incident reports
Audit trails
Which of the following is the term for the process of validating a subject's identity? Authentication Identification Authorization Auditing
Authentication
A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources? Identity proofing and authentication Identity proofing and authorization Authentication and authorization Authentication and accounting Authorization and accounting
Authentication and authorization
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent? Backdoor Privilege escalation Weak passwords Buffer overflow
Backdoor
What does a differential backup do during the backup? Backs up all files with the archive bit set and resets the archive bit. Backs up all files regardless of the archive bit and does not reset the archive bit. Backs up all files with the archive bit set and does not reset the archive bit. Backs up all files regardless of the archive bit and resets the archive bit.
Backs up all files with the archive bit set and does not reset the archive bit.
Audit trails produced by auditing activities are which type of security control? Preventative Directive Deterrent Detective
Detective
Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt or a local copy of a security accounts database? Brute force Asynchronous Dictionary Salami
Dictionary
Which backup strategy backs up only files that have the archive bit set, but does not mark them as having been backed up? Full Incremental Differential Normal
Differential
What should you do to a user account if the user goes on an extended vacation? Delete the account Monitor the account more closely Remove all rights from the account Disable the account
Disable the account
Which of the following actions should you take to reduce the attack surface of a server? Install anti-malware software Disable unused services Install the latest patches and hotfixes Install a host-based IDS
Disable unused services
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data? Input validation Application hardening Process spawning Error and exception handling
Input validation
Which of the following is not true concerning symmetric key cryptography? Both parties share the same key (which is kept secret). Before communications begin, both parties must exchange the shared secret key. Key management is easy when implemented on a large scale. The key is not shared with other communication partners. Each pair of communicating entities requires a unique shared key.
Key management is easy when implemented on a large scale.
In which type of attack does the attacker have access to both the plaintext and the resulting cipher text, but does not have the ability to encrypt the plain text? Brute force Chosen cipher Chosen plaintext Known plaintext
Known plaintext
Which of the following authentication mechanisms is designed to protect a nine-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash? NTLM NTLMv2 LANMAN LDAP
LANMAN
Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature? Sam's public key Sam's private key Mary's public key Mary's private key
Mary's private key
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure? Promiscuous mode Mirroring Bonding Spanning tree
Mirroring
Which of the following is the star property of the Bell-LaPadula security model? No read up No write down No read down No write up
No write down
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities? OVAL Retina MBSA OSSTMM
OVAL
How many keys are used with symmetric key cryptography? One Two Four Five
One
What is another term for the type of login credentials provided by a token device? Biometric One-time password Mutual authentication Two-factor authentication
One-time password
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. Which step must be taken to ensure that the information is useful in maintaining a secure environment? The accounting department must compress the logs on a quarterly basis. All files must be verified with the IDS checksum. Periodic reviews must be conducted to detect malicious activity or policy violations. All logs should be deleted and refreshed monthly
Periodic reviews must be conducted to detect malicious activity or policy violations.
If you lose your wallet or purse and it ends up in the wrong hands, several pieces of information could be used to do personal harm to you. These pieces of information include the following: • Name and address • Driver license number • Credit card numbers • Date of birth Which of the following classifications does this information fall into? Personally identifiable information Proprietary information Private internal information Private restricted information
Personally identifiable information
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure? Port authentication Mirroring Bonding Spanning tree VLANs
Port authentication
What is the primary security feature that can be designed into a network's infrastructure to protect and support availability? Periodic backups Redundancy Fiber optic cables Switches instead of hubs
Redundancy
Even if you perform regular backups, what must be done to ensure that you are protected against data loss? Store the backup media in an onsite fireproof vault Regularly test restoration procedures Restrict restoration privileges to system administrators Write-protect all backup media
Regularly test restoration procedures
What does a remote access server use for authorization? Remote access policies User names and passwords CHAP or MS-CHAP SLIP or PPP
Remote access policies
What is the primary distinguishing characteristic between a worm and a logic bomb? Spreads via emai l Incidental damage to resources Self-replication Masquerades as a useful program
Self-replication
If a message sender encrypts a message with a key and a message receiver decrypts it using the same key, which type of key exchange is taking place? Asymmetric Digital signature Symmetric Counter mode
Symmetric
Which of the following is a standard for sending log messages to a central logging server? OVAL Nmap Syslog LC4
Syslog
Which of the following is not a form of biometric? Fingerprint Token device Face recognition Retina scan
Token device
Which of the following is used for identification? Password PIN User name Cognitive question
User name
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file? You can prove the source of the file. Your copy is the same as the copy posted on the website. No one has read the file contents as it was downloaded. You will be the only one able to open the downloaded file.
Your copy is the same as the copy posted on the website.
What is the primary purpose of a certificate? Identity proofing Code verification Prevention of malicious code Declaration of intent
dentity proofing
You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use? newpasswd Research gpasswd research gpasswd Research groupmod -p Research
gpasswd Research
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use? groupmod -R temp_sales groupmod -n temp_sales groupdel temp_sales newgroup -R temp_sales
groupdel temp_sales
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this? groupadd -c marketing sales grpchange marketing sales grpconv marketing sales groupmod -n marketing sales
groupmod -n marketing sales
A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent? Logic bomb Trojan horse Spyware Botnet
Botnet
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity? Spam Replay attack Sniffing Impersonation
Spam
A smart card can be used to store all but which of the following items? Digital signature Biometric template original Cryptography keys Identification codes
Biometric template original
If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition? Adaptive chosen ciphertext attack Meet-in-the-middle attack Birthday attack Statistical attack
Birthday attack
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose? EFS VPN IPsec BitLocker
BitLocker
Which chage option keeps a user from changing their password every two weeks? -m 33 -M 33 -W 33 -a 33
-m 33
Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. On a Wednesday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data? 1 2 3 4 5 6
1
You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close? 67, 68 135, 137-139 161, 162 389, 636
135, 137-139
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions? 443 80 23 21 69
443
Which of the following best describes Active Directory? An administratively-defined collection of network resources that share a common directory database and security policies A group of related domains that share the same contiguous DNS namespace A centralized database that contains user account and security information A collection of related domain trees that establishes the relationship between trees that have different DNS namespaces
A centralized database that contains user account and security information
Which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure? A web service application programming interface A cloud access security broker A co-located cloud computer service A cloud storage gateway
A cloud access security broker
Which of the following are disadvantages to server virtualization? A compromised host system might affect multiple servers Increased hardware costs A compromised guest system might affect multiple servers Systems are isolated from each other and cannot interact with other systems
A compromised host system might affect multiple servers
You want email sent from users in your organization to be encrypted to make messages more secure. Which of the following is an option you can use to enhance the encryption of email messages? A symmetric key exchange An asymmetric key exchange A hashing service provider A cryptographic service provider
A cryptographic service provider
Which of the following would you find on a CPS? A list of issued certificates A list of revoked certificates A declaration of the security that the organization is implementing for all certificates A description of the format for a certificate
A declaration of the security that the organization is implementing for all certificates
Which of the following are disadvantages of server virtualization? A failure in one hardware component could affect multiple servers. Increased hardware costs. A compromise of a guest system might affect multiple servers. Systems are isolated from each other and cannot interact with other systems
A failure in one hardware component could affect multiple servers.
Users in the Sales department perform many of their daily tasks, such as emailing and creating sales presentations, on personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information on the organization's network. Your job is to implement a solution that can insiders from accessing sensitive information on personal devices. Which of the following should you implement? A mobile device management infrastructure A network access control solution An acceptable use policy A guest wireless network that is isolated from your organization's production network
A guest wireless network that is isolated from your organization's production network
What is a PKI? A program that generates key pairs. An algorithm for encrypting and decrypting data. A hierarchy of computers for issuing certificates. A protocol that defines secure key exchange
A hierarchy of computers for issuing certificates.
Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utilized to conduct a single coordinated attack. What is this type of attack usually called? A highly centralized attack A brute force attack A highly distributed attack A smartnet attack
A highly distributed attack
Which of the following best describes the contents of the CRL? The current status of all certificates issued by a CA A list of all expired and revoked certificates A list of all revoked certificates The archived private keys of all issued certificates
A list of all revoked certificates
Which of the following describes a configuration baseline? A collection of security settings that can be automatically applied to a device A set of performance statistics that identifies normal operating performance The minimum services required for a server to function A list of common security settings that a group or all devices share
A list of common security settings that a group or all devices share
Which of the following is an appropriate definition of a VLAN? A physical collection of devices that belong together and are connected to the same wire or physical switch. A logical grouping of devices based on service need, protocol, or other criteria. A device used to filter WAN traffic. A device used to route traffic between separate networks
A logical grouping of devices based on service need, protocol, or other criteria.
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement? A network access control solution An acceptable use policy A guest wireless network that is isolated from your organization's production network A mobile device management infrastructure
A mobile device management infrastructure
Which of the following is the strongest form of multi-factor authentication? A password and a biometric scan Two passwords A password, a biometric scan, and a token device Two-factor authentication
A password, a biometric scan, and a token device
What is mutual authentication? A process by which each party in an online communication verifies the identity of each other party. The use of two or more authentication factors. Deploying CHAP and EAP on remote access connections. Using a CA (certificate authority) to issue certificates.
A process by which each party in an online communication verifies the identity of each other party.
Which of the following describes a logic bomb? A program that performs a malicious activity at a specific time or after a triggering event. A type of malicious code similar to a virus whose primary purpose is to duplicate itself and spread, while not necessarily intentionally damaging or destroying resources. A program that appears to be a legitimate application, utility, game, or screensaver that performs malicious activities surreptitiously. A program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found.
A program that performs a malicious activity at a specific time or after a triggering event.
What type of key or keys are used in symmetric cryptography? Two unique sets of key pairs A single key pair A shared private key A unique key for each participant
A shared private key
Which of the following best describes high amplification when applied to hashing algorithms? A small change in the message results in a big change in the hash value. Dissimilar messages frequently result in the same hash value. Reversing the hashing function does not recover the original message. Hashes produced by two different parties using the same algorithm result in the same hash value
A small change in the message results in a big change in the hash value.
Which of the following is an example of two-factor authentication? A user name and a password A pass phrase and a PIN A token device and a PIN A fingerprint and a retina scan
A token device and a PIN
Which of the following is the best example of remote access authentication? A user connects to a computer on the LAN using Remote Desktop. A user accesses a shared folder on a server. A user establishes a dial-up connection to a server to gain access to shared resources. A user logs on to an e-commerce site that use SSL.
A user establishes a dial-up connection to a server to gain access to shared resources.
What is the main difference between a worm and a virus? A worm tries to gather information, while a virus tries to destroy data. A worm can replicate itself, while a virus requires a host for distribution. A worm requires an execution mechanism to start, while a virus can start itself. A worm is restricted to one system, while a virus can spread from system to system.
A worm can replicate itself, while a virus requires a host for distribution.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use? Active Directory Users and Computers Group Policy Management Console and Group Policy Management Editor ADSI Edit Active Directory Sites and Services Active Directory Domains and Trusts
ADSI Edit
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices? MAC spoofing ARP spoofing/poisoning DNS poisoning Cross-site scripting
ARP spoofing/poisoning
What is the most important aspect of a biometric device? Enrollment time Accuracy Size of the reference profile Throughput
Accuracy
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are running. Which process did the administrator use in the penetration test in this scenario? Passive fingerprinting Active fingerprinting Network enumeration Firewalking
Active fingerprinting
You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do? Remove Mark Mangum from the Managers group. Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions. Configure NTFS permissions for Confidential.xls to allow Read only. Add Mark Mangum to the ACL for the Reports directory with Deny permissions.
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl. You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do? Add kenyan.msn.pl to the email blacklist Add pl to the email blacklist Add youneedit.com.pl to the email blacklist Add msn.pl to the email blacklist
Add kenyan.msn.pl to the email blacklist
Which of the following strategies can protect against a rainbow table password attack? Encrypt the password file with one-way encryption Educate users to resist social engineering attacks Add random bits to the password before hashing takes place Enforce strict password restrictions
Add random bits to the password before hashing takes place
You manage several Windows systems. Desktop users access an in-house application that is hosted on your intranet web server. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do? Change the filter level in Pop-up Blocker to High. Add the URL of the website to the Local intranet zone. Change the filter level in Pop-up Blocker to Medium. In Internet Options, use the Privacy tab to turn off Pop-up Blocker
Add the URL of the website to the Local intranet zone.
A private key has been stolen. Which action should you take to deal with this crisis? Delete the public key Add the digital certificate to the CRL Place the private key in escrow Recover the private key from escrow
Add the digital certificate to the CRL
You manage several Windows systems. All computers are members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do? Add the internal website to the Trusted sites zone. Open Credential Manager and modify your credentials. Add the internal website to the Local intranet zone. Create a complex password for your user account.
Add the internal website to the Local intranet zone.
Your organization provides its sales force with Windows 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in a cloud-based Windows Intune account. One of your sales representatives left his notebook at a customer's site. The device contains sensitive information, and you want to change the password to prevent the data from being compromised. Which Intune portal should you use to remotely change the password? Account portal Admin portal Company portal Security portal
Admin portal
Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account. One of your sales representatives left her tablet at an airport. The device contains sensitive information, and you need to remove it in case the device is compromised. Which Intune portal should you use to perform a remote wipe? Account portal Admin portal Company portal Security portal
Admin portal
What does the netstat -a command show? All listening sockets All connected hosts All listening and non-listening sockets All network users
All listening and non-listening sockets
You want to allow e-commerce websites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings? Allow first party cookies, but block third-party cookies Block cross-site scripting (XSS) Enable the phishing filter to check all embedded links in webpages you visit Prevent ActiveX controls and Java on linked websites
Allow first party cookies, but block third-party cookies
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened? Imposing granular access control via ACLs Logging all activity Hosting all shared resources on a single centralized and secured server Allowing NetBIOS traffic outside of your secured network
Allowing NetBIOS traffic outside of your secured network
Which of the following is a mathematical attack that targets the complexity of a cryptosystem's algorithm? Birthday attack Analytic attack Brute force attack Replay attack
Analytic attack
You want to implement an IDS system that uses rules or statistical analysis to detect attacks. Which type of IDS should you deploy? Signature HIDS Anomaly NIDS
Anomaly
You are concerned about protecting your network from network-based attacks from the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use? Signature-based IDS Anomaly-based IDS Antivirus scanner Network-based firewall Host-based firewall
Anomaly-based IDS
A PKI is an implementation for managing which type of encryption? Asymmetric Symmetric Hashing Steganography
Asymmetric
Which of the following statements about the use of anti-virus software is correct? Once installed, anti-virus software needs to be updated on a monthly basis. If servers on a network have anti-virus software installed, workstations do not need anti-virus software installed. Anti-virus software should be configured to download updated virus definition files as soon as they become available. If you install anti-virus software, you no longer need a firewall on your network.
Anti-virus software should be configured to download updated virus definition files as soon as they become available.
What is the most common form of host based-IDS that employs signature or pattern matching detection methods? Antivirus software Firewalls Honeypots Motion detectors
Antivirus software
Which of the following is the best recommendation for applying hotfixes to your servers? Apply hotfixes immediately as they are released Apply only the hotfixes that affect to software running on your systems Wait until a hotfix becomes a patch, then apply it Apply all hotfixes before applying the corresponding service pack
Apply only the hotfixes that affect to software running on your systems
Which of the following statements is true when comparing symmetric and asymmetric cryptography? Symmetric key cryptography uses a public and private key pair. Asymmetric key cryptography is used to distribute symmetric keys. Asymmetric key cryptography is quicker than symmetric key cryptography while processing large amounts of data. Symmetric key cryptography should be used for large, expanding environments.
Asymmetric key cryptography is used to distribute symmetric keys.
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity? Audit trail Syslog Chain of custody CPS (certificate practice statement)
Audit trail
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance? Scanning CompSec Auditing Phishing
Auditing
When two different messages produce the same hash value, what has occurred? Birthday attack Collision Hash value High amplification
Collision
What does an incremental backup do during the backup? Backs up all files regardless of the archive bit and resets the archive bit. Backs up all files with the archive bit set and resets the archive bit. Backs up all files with the archive bit set and does not reset the archive bit. Backs up all files regardless of the archive bit and does not reset the archive bit.
Backs up all files with the archive bit set and resets the archive bit.
Which of the following attacks typically takes the longest amount of time to complete? Dictionary attack Replay attack Impersonation attack Brute force attack
Brute force attack
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack? Backdoor Session hijacking Buffer overflow Privilege escalation
Buffer overflow
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack? Denial of service Dictionary Buffer overflow Superzapping
Buffer overflow
What is the most common attack waged against Web servers? Brute force Data diddling Birthday Buffer overflow
Buffer overflow
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle? Time of check/time of use (TOC/TOU) Data diddling Smurf Buffer overflow
Buffer overflow
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target? Data diddling Buffer overflow TOC/TOU Covert channel exploitation
Buffer overflow
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default? PAP CHAP EAP Certificates
CHAP
Certificates can be invalidated by the trusted third party that originally issued the certificate. What is the name of the mechanism that is used to distribute information about invalid certificates? ACL TACACS CRL One-way function
CRL
Which of the following is used in conjunction with a local security authority to generate the private and public key pair used in asymmetric cryptography? OCSP CSP CRL CA CPS
CSP
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources? RBAC MAC DAC TBAC
DAC
In which form of key management solution is key recovery possible? Hierarchical Public Decentralized Centralized
Centralized
Which of the following conditions does not result in a certificate being added to the certificate revocation list? Private key compromise Invalid identity credentials Committing a crime using the certificate Certificate expiration
Certificate expiration
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented? MAC DAC RBAC (based on roles) RBAC (based on rules)
DAC
You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port on the router. The web-based management interface uses the default user name of cusadmin and a password of highspeed. What should you do to increase the security of this device? Change the user name. Change the user name and create a more complex password. Create a more complex password. Remove any backdoors that might have been created by a programmer.
Change the user name and create a more complex password.
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext. Which type of attack is this? Brute force Chosen cipher Chosen plaintext Known plaintext
Chosen plaintext
To help prevent browser attacks, users of public computers should do which of the following? Clear the browser cache Ensure that public login credentials are unique Not use any public computer that has been used in the last 30 minutes Turn the public computer off immediately after use
Clear the browser cache
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? Server-side scripts ActiveX CGI Client-side scripts
Client-side scripts
Which of the following is not true regarding cloud computing? The term cloud is used as a metaphor for the internet. Typical cloud computing providers deliver common business applications online that are accessed from another web service or software like a web browser. Cloud computing requires end user to have knowledge of the physical location and configuration of the system that delivers the services. Cloud computing is software, data access, computation, and storage services provided to clients through the internet.
Cloud computing requires end user to have knowledge of the physical location and configuration of the system that delivers the services.
Which of the following network strategies connects multiple servers together so that if one server fails, the others immediately take over its tasks, preventing a disruption in service? Adapter bonding Mirroring Storage Area Networks (SANs) Clustering
Clustering
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario? Baseline reporting Fuzzing Code review Configuration testing
Code review
Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet? Cognitive Dynamic One-time Pass phrase
Cognitive
Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present? Hot site Warm site Cold site Reciprocal agreement
Cold site
What does an IDS that uses signature recognition use to identify attacks? Comparison to a database of known attacks Exceeding threshold values Statistical analysis to find unusual deviations Comparison of current statistics to past statistics
Comparison to a database of known attacks
For users on your network, you want to automatically lock user accounts if four incorrect passwords are used within 10 minutes. What should you do? Configure account expiration in the user accounts Configure day/time restrictions in the user accounts Configure account lockout policies in Group Policy Configure password policies in Group Policy Configure the enable/disable feature in the user accounts
Configure account lockout policies in Group Policy
You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. What should you do? Configure account lockout policies in Group Policy Configure expiration settings in the user accounts Configure account policies in Group Policy Configure day/time settings in the user accounts
Configure account policies in Group Policy
You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal? Confidentiality Integrity Availability Non-repudiation
Confidentiality
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again? Carefully review open firewall ports and close any unnecessary ports Configure the software to automatically download the virus definition files as soon as they become available Create a scheduled task to run sfc.exe daily Switch to a more reliable anti-virus software
Configure the software to automatically download the virus definition files as soon as they become available
Question 98 of 258 You have hired 10 new temporary workers who will be with the company for 3 months. How can you make sure that these users can only log on during regular business hours? Configure day/time restrictions in the user accounts Configure account expiration in the user accounts Configure account policies in Group Policy Configure account lockout in Group Policy
Configure day/time restrictions in the user accounts
The Brewer-Nash security model is designed primarily to prevent which activity? Inference attacks Conflicts of interest Denial of service attacks False acceptance
Conflicts of interest
You manage your company's website. The website uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage and a single connection to your ISP. You want to provide redundancy so that a failure in a single component does not cause the website to be unavailable. What should you add to your configuration to accomplish this? On each server, add a second network connection to connect the server to the shared storage device. Connect one server through a different ISP to the internet. On each server, add a second network connection to the internet. Reconfigure the disk array in a RAID 1+0 configuration.
Connect one server through a different ISP to the internet.
The Clark-Wilson security model is primarily based on which element? Dynamic access controls Controlled intermediary access applications A matrix A directed graph
Controlled intermediary access applications
Which of the following is a text file provided by a website to a client that is stored on a user's hard drive in order to track and record information about the user? Mobile code Certificate Cookie Digital signature
Cookie
Use of which of the following is a possible violation of privacy? Cookies VPNs FTP HTTP
Cookies
Which of the following is considered an out-of-band distribution method for private key encryption? Using a key distribution algorithm Copying the key to a USB drive Sending a secured email Using a private fiber network
Copying the key to a USB drive
You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain. But you want users in the Administrators OU to have a different set of internet options. What should you do? Create a GPO computer policy for the Administrators OU. Create a GPO user policy for the Administrators OU. Create a Local Group policy on the computers used by members of the Administrators OU. Create a GPO user policy for the domain.
Create a GPO user policy for the Administrators OU.
Which access control type is used to implement short-term repairs to restore basic functionality following an attack? Detective Corrective Recovery Compensative
Corrective
You manage an Active Directory domain. All users in the domain are required by a GPO linked to the domain to use passwords with at least eight characters, but you want to ensure that users in the Administrators OU are required to use passwords with at least 10 characters. What should you do? Create a GPO user policy for the Administrators OU. Create a GPO computer policy for the Administrators OU. Create a Local Group policy on the computers used by members of the Administrators OU. Create a GPO computer policy for the domain.
Create a GPO computer policy for the Administrators OU.
You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take? Create a GPO user policy for the Development OU. Create a GPO computer policy for the computers in the Development OU. Create a GPO folder policy for the folders containing the files. Create a GPO computer policy for the Computers container.
Create a GPO computer policy for the computers in the Development OU.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members in the Directors OU. What should you do? Create a granular password policy for Matt. Apply the new policy directly to Matt's user account. Remove Matt from the DirectorsGG group. Create a granular password policy for Matt. Create a new group and make Matt a member of the group. Apply the new policy directly to the new group. Make sure the new policy has a higher precedence value than the value for the existing policy. Create a granular password policy for Matt. Apply the new policy directly to Matt's user account. Edit the existing password policy. Define exceptions for the required settings. Apply the exceptions to Matt's user account.
Create a granular password policy for Matt. Apply the new policy directly to Matt's user account.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which should you do? Create a granular password policy. Apply the policy to the Directors OU. Create a granular password policy. Apply the policy to all users in the Directors OU. Create a granular password policy. Apply the policy to all users in the widgets.com domain. Create a granular password policy. Create a distribution group. Apply the policy to the group. Add all users in the Directors OU to the group.
Create a granular password policy. Apply the policy to all users in the Directors OU.
You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future? Store the logs in an offsite facility. Encrypt the logs. Make two copies of each log and store each copy in a different location. Create a hash of each log.
Create a hash of each log.
Which of the following functions are performed by the TPM? Perform bulk encryption Encrypt network data using IPSec Create a hash of system components Provide authentication credentials
Create a hash of system components
Hashing algorithms are used to perform what activity? Encrypt bulk data for communications exchange Create a message digest Provide a means for exchanging small amounts of data securely over a public network Provide for non-repudiation
Create a message digest
What is the primary function of the IKE protocol used with IPsec? Create a security association between communicating partners. Encrypt packet contents. Provide authentication services. Provide both authentication and encryption. Ensure dynamic key rotation and select initialization vectors (IVs).
Create a security association between communicating partners.
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this? Create a security group for the managers. addall users as members of the group. Add the group to the file's DACL. Add each user account to the file's DACL. Create a distribution group for the managers. Add all users as members of the group. Add the group to the file's DACL. Add one manager to the DACL that grants all permissions. Have this user add other managers as required.
Create a security group for the managers. ad all users as members of the group.
A manager has told you she is concerned about her employees writing their passwords for websites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could you use to prevent this behavior? Local Users and Groups Key Management Service Computer Management Credential Manager
Credential Manager
A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario? Credentialed scan Non-credentialed scan TCP SYN scan Ping scan
Credentialed scan
Which of the following encryption mechanisms offers the least security because of weak keys? AES TwoFish IDEA DES
DES
Which of the following is the weakest symmetric encryption method? AES 3DES DES Twofish Blowfish
DES
Which of the following is not an important aspect of password management? Prevent use of personal information in a password. Enable account lockout. Train users to create complex passwords that are easy to remember. Always store passwords in a secure medium.
Enable account lockout.
Which protocol should you disable on the user access ports of a switch? TCP DTP PPTP IPsec
DTP
When you dispose of a computer or sell used hardware and it is crucial that none of the data on the hard disks can be recovered. Which of the following actions can you take to ensure that no data is recoverable? Reformat all the hard disks in the computer. Damage the hard disks so badly that all data remanence is gone. Delete all files from all the hard disks in the computer. Encrypt all the data on the hard disks
Damage the hard disks so badly that all data remanence is gone.
Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization? Data loss prevention Data transmission security Data hashing Public key cryptography
Data loss prevention
You have a computer with three hard disks. • A RAID 0 volume uses space on Disk 1 and Disk 2. • A RAID 1 volume uses space on Disk 2 and Disk 3. Disk 2 fails. Which of the following is true? Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not. Data on the RAID 0 volume is accessible; data on the RAID 1 volume is not. Data on both volumes is still accessible. Data on both volumes is not accessible.
Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not.
Which of the following defines an object as an entity in the context of access control? Data, applications, systems, networks, and physical space. Users, applications, or processes that need to be given access. Policies, procedures, and technologies that are implemented within a system. Resources, policies, and systems.
Data, applications, systems, networks, and physical space.
Which of the following are subject to SQL injection attacks? Web servers serving static content Browsers that allow client-side scripts Database servers ActiveX controls
Database servers
Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure? Organization Delegation Decentralization Replication Scalability
Decentralization
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system? Repository Definition Library Threat agent Asset risk
Definition
What is the purpose of audit trails? Prevent security breaches Detect security-violating events Problem correction Restore systems to normal operations
Detect security-violating events
When securing a newly deployed server, which of the following rules of thumb should be followed? Disable all unused services Determine unneeded services and their dependencies before altering the system Disable each service in turn and then test the system for negative effects Disable all services not associated with supporting shared network services
Determine unneeded services and their dependencies before altering the system
Which of the following best describes the concept of a virtual LAN? Devices connected by a transmission medium other than cable (i.e. microwave, radio transmissions) Devices in separate networks (i.e. different network addresses) logically grouped as if they were in the same network Devices on the same network logically grouped as if they were on separate networks Devices connected through the Internet that can communicate without using a network address Devices on different networks that can receive multicast packets
Devices on the same network logically grouped as if they were on separate networks
Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5, or any other symmetric cryptography solution? Merkle-Hellman Knapsack Diffie-Hellman Elliptical Curve RSA
Diffie-Hellman
At the end of the cryptographic process, output is generated. With one type of output, simple character changes in the plaintext will cause several characters to change in the cipher text. What type of output is this? Diffusion Collision Encryption Hashing
Diffusion
Which of the following is a direct protection of integrity? Digital envelope Digital signature Symmetric encryption Asymmetric encryption
Digital signature
What is the most obvious means of providing non-repudiation in a cryptography system? Public keys Hashing values Digital signatures Shared secret keys
Digital signatures
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred? Drive-by download DLL injection SQL injection Trojan horse
Drive-by download
You manage your company's website. The Web1 server hosts the website. This server has the following configuration: • Dual core processor • Dual power supplies • RAID 5 volume • One RAID controller • Two 1000 Mbps network adapters Which component is a single point of failure for the website? Disk storage Network adapter Power supply Disk controller
Disk controller
Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with no need for the provider to have access to the stored data. You are implementing the following measures to secure your cloud storage: • Verifying that security controls are the same as in a physical datacenter. • Using data classification policies. • Assigning information into categories that determine storage, handling, and access requirements. • Assigning information classification based on information sensitivity and criticality. Which of the following is another security measure you can implement? Creating versioned copies of your cloud data. Disposing of data when it is no longer needed by using specialized tools. Configuring redundancy and distribution of data. Configuring distributed resources to act as one in a federated architecture.
Disposing of data when it is no longer needed by using specialized tools.
Which of the following security measures encrypts the entire contents of a hard drive? BIOS password Chassis intrusion detection Trusted Platform Module (TPM) Hard disk password DriveLock
DriveLock
A birthday attack focuses on what? Encrypted files Hashing algorithms VPN links E-commerce
E-commerce
Which of the following security solutions would prevent a user from reading a file that she did not create? EFS VPN IPsec BitLocker
EFS
Which form of asymmetric cryptography is based upon Diffie-Hellman? RSA Merkle-Hellman Knapsack ECC El Gamal
El Gamal
What is the most common means of virus distribution? Floppy disks Email Music downloaded from the internet Commercial software CDs
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do? Enable the TPM in the BIOS Disable USB devices in the BIOS Use a PIN instead of a startup key Save the startup key to the boot partition
Enable the TPM in the BIOS
DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied? Network DLP Endpoint DLP File-level DLP Cloud DLP
Endpoint DLP
Which of the following DLP implementations can be used to monitor and control access to the physical devices on workstations or servers? Network DLP Endpoint DLP File-level DLP Cloud DLP
Endpoint DLP
Which of the following is an example of a statistical attack against a cryptosystem? Attempting every possible key pattern Exploiting faulty implementation of an algorithm in software Exploiting a computer's inability to produce random numbers Intercepting messages between two communication partners and modifying the content
Exploiting a computer's inability to produce random numbers
Which of the following is a secure alternative to FTP that uses SSL for encryption? SFTP SCP FTPS RCP
FTPS
You have configured an NIDS to monitor network traffic. Which of the following describes an attack that is not detected by the NIDS device? False positive False negative Negative Positive
False negative
Which of the following is not an advantage when using an internal auditor to examine security systems and relevant documentation? An internal auditor has knowledge of the inner workings of the organization. Findings in the audit and subsequent summations are viewed objectively. An internal auditor is familiar with organizational goals. Orientation time is minimized.
Findings in the audit and subsequent summations are viewed objectively.
Which of the following identifies an operating system or network service based on its response to ICMP messages? Port scanning Fingerprinting Firewalking Social engineering
Fingerprinting
You are interested in identifying the source of potential attacks that have recently been directed against your network but which have been successfully blocked. Which log would you check? Firewall Application Security Performance
Firewall
You have heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log would you monitor? Application Security Firewall System
Firewall
You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the Internet. Which log would you check to see if this is happening? Application Firewall Security System
Firewall
Which backup strategy backs up all files from a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up? Incremental Full Differential Copy
Full
Which of the following enters random data to the inputs of an application? Fuzzing Application hardening Validation rules Routines
Fuzzing
What is the main function of a TPM hardware chip? Perform bulk encryption in a hardware processor Control access to removable media Generate and store cryptographic keys Provide authentication credentials on a hardware device
Generate and store cryptographic keys
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smart phone was never misplaced prior to the attack. Which security weakness is the most likely cause of the security breach? Sideloaded apps were installed on her smart phone. Weak passwords were used on her smart phone. Geo-tagging was enabled on her smart phone. An Xmas Tree attack was executed on her smart phone
Geo-tagging was enabled on her smart phone.
Your organization uses the following tape rotation strategy for its backup tapes: 1. The first set of tapes is used for daily backups. 2. At the end of each week, the latest daily backup tape is promoted to the weekly backup tape. 3. At the end of the each month, one of the weekly backup tapes is promoted to the monthly backup tape. What kind of backup tape rotation strategy is being used? Incremental Differential Grandfather Incremented tape
Grandfather
For users who are members of the sales team, you want to force computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use? Group Policy Account restrictions Account policies File screens
Group Policy
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers? Group Policy NTFS permissions Account restrictions Account policies
Group Policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply them to multiple computers. Which tool is your best choice for accomplishing this task? WSUS Security Templates Group Policy Security Configuration and Analysis
Group Policy
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sublayer for security? SMTP SSH DNS HTTPS
HTTPS
Which of the following protocols uses port 443? S/MIME SSH S-HTTP HTTPS
HTTPS
Which protocol is used to securely browse a website? SSH UDP SIP HTTPS ARP
HTTPS
Which of the following symmetric cryptography systems does not support a variable block size? RC5 IDEA AES Rijndael
IDEA
By definition, what is the process of reducing security exposure and tightening security controls? Social engineering Hardening Active scanning Passive reconnaissance
Hardening
Which of the following is used to verify that a downloaded file has not been altered? Hash Symmetric encryption Asymmetric encryption Private key
Hash
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do? Manually refresh Group Policy settings on his computer Add his user account to the ACL for the shared folder Manually refresh Group Policy settings on the file server Have Marcus log off and log back in
Have Marcus log off and log back in
What do host-based intrusion detection systems often rely upon to perform detection activities? Network traffic Host system auditing capabilities External sensors Remote monitoring tools
Host system auditing capabilities
You have been asked to deploy a network solution that includes an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose? Hot spare Hot site Cold site Warm site HSTG
Hot site
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)? Hotfix Service pack Targeted software patch Kernel fix kit
Hotfix
Which of the following password attacks adds appendages to known dictionary words? Brute force Dictionary Hybrid Analytic
Hybrid
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines? Virtual switch Virtual router Virtual firewall Hypervisor
Hypervisor
What is the default encryption algorithm used by SSH (Secure Shell) to protect data traffic between a client and the controlled server? DES IDEA AES Blowfish
IDEA
Which of the following devices is capable of detecting and responding to security threats? IDS IPS DNS server Multi-layer switch
IPS
Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic? TCP IPsec SSL L2TP
IPsec
Computer policies include a special category called user rights. Which action does user rights allow an administrator to perform? Set ACL rights for users on specified computers in an OU. Designate a basic set of rights for all users in an OU. Specify the registry settings for all users in an OU. Identify users who can perform maintenance tasks on computers in an OU.
Identify users who can perform maintenance tasks on computers in an OU.
To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where? Identifying data and a secret key request to the subordinate distribution authority (DA) Identifying data with the 3DES block cipher to the hosting certificate authority (CA) Identifying data and a certification request to the registration authority (RA) Identifying data with the MAC and IP addresses to the root certificate authority (CA)
Identifying data and a certification request to the registration authority (RA)
Which statement is true regarding application of GPO settings? If a setting is defined in the Local Group policy on the computer and not defined in the GPO linked to the OU, the setting is not applied. If a setting is not defined in the Local Group policy and is defined in the GPO linked to the OU, the setting is not applied. If a setting is defined in the Local Group policy on the computer and defined differently in the GPO linked to the OU, the Local Group Policy setting is applied. If a setting is defined in the Local Group policy on the computer and not defined in the GPO linked to the OU, the setting is applied.
If a setting is defined in the Local Group policy on the computer and not defined in the GPO linked to the OU, the setting is applied.
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do? Implement BitLocker without a TPM. Have each user encrypt user files with EFS. Have each user encrypt the entire volume with EFS. Implement BitLocker with a TPM.
Implement BitLocker with a TPM.
You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which should you do? Create a new domain. Move the contents of the Directors OU to the new domain. Configure the necessary password policy on the domain. Implement a granular password policy for the users in the Directors OU. In Active Directory Users and Computers, select all user accounts in the Directors OU. Edit the user account properties to require the longer password. Create a GPO linked to the Directors OU. Configure the password policy in the new GPO.
Implement a granular password policy for the users in the Directors OU.
Which form of cryptanalysis focuses on weaknesses in software, the protocol, or the encryption algorithm? Analytic attack Statistical attack Implementation attack Ciphertext only attack
Implementation attack
An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit? Implementing client-side validation. Using the latest browser version and patch level. Installing antivirus, anti-spyware, pop-up blockers, and firewall software. Implementing a script blocker.
Implementing client-side validation.
You have decided to perform a double-blind penetration test. Which of the following actions would you perform first? Inform senior management Perform operational reconnaissance Engage in social engineering Run system fingerprinting software
Inform senior management
Which of the following attacks, if successful, causes a switch to function like a hub? ARP poisoning MAC flooding MAC spoofing Replay
MAC flooding
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario? Buffer overflow Watering hole Integer overflow URL hijacking
Integer overflow
Which of the following symmetric block ciphers does not use a variable block length? Advanced Encryption Standard (AES) International Data Encryption Algorithm (IDEA) Ron's Cipher v5 (RC5) Elliptic Curve (EC)
International Data Encryption Algorithm (IDEA)
You notice a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices? Internet of things Internet of smart devices Dynamic environment The smartnet
Internet of things
Which of the following is not true concerning a padded cell? Transfers attackers into a simulated, safe environment Is often placed inside a honeypot Contains no critical data Monitors the attacker's actions
Is often placed inside a honeypot
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file? It has been moved to a secure folder on your computer. It has been deleted from your system. The infection has been removed, and the file has been saved to a different location. The file extension has been changed to prevent it from running.
It has been moved to a secure folder on your computer.
Which aspect of a certificate makes it a reliable and useful mechanism for proving the identity of a person, system, or service on the internet? It uses electronic signatures. It provides ease of use. It is a trusted third-party. It is a digital mechanism, rather than a physical one
It is a trusted third-party.
Which of the following best describes spyware? It monitors user actions that denote personal preferences, then sends pop-ups and ads to the user that match their tastes. It is a program that attempts to damage a computer system and replicate itself to other computer systems. It is a malicious program disguised as legitimate software. It monitors the actions you take on your machine and sends the information back to its originating source.
It monitors the actions you take on your machine and sends the information back to its originating source.
When should a hardware device be replaced in order to minimize downtime? Once every year Just before it's MTBF is reached Only after its first failure When its performance drops below 75% efficiency
Just before it's MTBF is reached
Which of the following is an example of a single sign-on authentication solution? Biometrics RADIUS Digital certificates Kerberos
Kerberos
When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred? Key clustering Statistical Analytic Replay
Key clustering
You are concerned that if a private key is lost, all documents encrypted using your private key will be inaccessible. Which service should you use to solve this problem? Key escrow OCSP RA CSP
Key escrow
You are concerned about the strength of your cryptographic keys, so you implement a system that does the following: • The initial key is fed into the input of the bcrypt utility on a Linux workstation. • The bcrypt utility produces an enhanced key that is 128 bits long. The resulting enhanced key is much more difficult to crack than the original key. Which kind of encryption mechanism was used in this scenario? Ephemeral keys Perfect forward secrecy Key stretching DHE
Key stretching
When is the best time to apply for a certificate renewal? Near the end of the certificate's valid lifetime Immediately after a certificate is issued Just after a certificate expires After a certificate has been revoked
Near the end of the certificate's valid lifetime
Within the /etc/security/limits.conf file, you notice the following entry: @guests hard maxlogins 3 What effect does this line have on the Linux system? Limits the number of logins from the Guest group to three. Limits concurrent logins from the same user to three. Limits the maximum file size that the Guest group can create to 3GB. Limits the total amount of memory used by the Guest group to 3 MB
Limits the number of logins from the Guest group to three.
You have a web server on your network that hosts the public website for your company. You want to make sure that the website will continue to be available even if a NIC, hard drive, or other problem prevents the server from responding. Which solution should you implement? Load balancing NIC teaming QoS Traffic shaping
Load balancing
You manage a server that runs your company website. The web server has reached its capacity, and the number of client requests is greater than the server can handle. You would like to find a solution so that a second server can respond to requests for website content. Which solution should you implement? Load balancing Traffic shaper QoS Ethernet bonding
Load balancing
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario? Buffer overflow Header manipulation Zero-day Locally shared object (LSO) exploit
Locally shared object (LSO) exploit
Which of the following is the single best rule to enforce when designing complex passwords? Computer-generated passwords Longer passwords Maximum password age Force use of all four types of characters (uppercase, lowercase, numbers, symbols)
Longer passwords
In which form of access control environment is access controlled by rules rather than identity? DAC MAC ACL Most client-server environments
MAC
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity? MAC RBAC TBAC DAC
MAC
Which of the following is the weakest hashing algorithm? SHA-1 DES MD5 AES
MD5
You have two folders that contain documents used by various departments: • The Development group has been given the Write permission to the Design folder. • The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do? Add Mark's user account directly to the ACL for both the Design and Products folders. Make Mark a member of the Development and Sales groups. Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder. Make Mark a member of the Development group; add Mark's user account directly to the ACL for the Products folder
Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
Which of the following best describes one-factor authentication? Only Type 1 authentication credentials are accepted. Only a single authentication credential is submitted. A user name without any additional credentials is accepted. Multiple authentication credentials may be required, but they are all of the same type.
Multiple authentication credentials may be required, but they are all of the same type
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon. Which solution should you implement? NTFS and share permissions NTFS permissions and file screens Share permissions and quotas Share permissions and file screens
NTFS and share permissions
DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property? Endpoint DLP File-level DLP Network DLP Cloud DLP
Network DLP
Your network devices are categorized into the following zone types: • No-trust zone • Low-trust zone • Medium-trust zone • High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network? Network segmentation Virtual local area networking Trust zone networking Network firewalling
Network segmentation
You are the network administrator of a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work? Yes. This strategy will be successful. No. Permissions are not copied when a user account is copied. No. Active Directory does not permit you to copy an existing user account. No. Making a copy of an existing user causes both accounts to have the same security identifier (SID).
No. Permissions are not copied when a user account is copied.
When a sender encrypts a message using their own private key, what security service is being provided to the recipient? Integrity Non-repudiation Confidentiality Availability
Non-repudiation
You have a web server that will be used for secure transactions for customers who access your company's website over the internet. The web server requires a certificate to support SSL. Which method would you use to get a certificate for the server? Create your own internal PKI to issue certificates Have the server generate its own certificate Obtain a certificate from a public PKI Run a third party tool to generate the certificate
Obtain a certificate from a public PKI
Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments? Certificate Revocation List Key Escrow Private Key Recovery Online Certificate Status Protocol
Online Certificate Status Protocol
SHA-1 uses which of the following bit length hashing algorithms? Only 128-bit Only 160-bit 128-bit, 160-bit, 192-bit, 224-bit, and 256-bit 224-bit, 256-bit, 384-bit, and 512-bit
Only 160-bit
Which of the following are backed up during a differential backup? Only files that have changed since the last full or differential backup. Only files that have changed since the last full or incremental backup. Only files that have been added since the last full or incremental backup. Only files that have changed since the last full backup.
Only files that have changed since the last full backup.
Which of the following are backed up during an incremental backup? Only files that have changed since the last full backup. Only files that have changed since the last full or incremental backup. Only files that have changed since the last full or differential backup. Only files that are new since the last full or incremental backup.
Only files that have changed since the last full or incremental backup.
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to? Open SMTP relay Phishing Sniffing Viruses
Open SMTP relay
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access? Install a VPN Define user accounts for all external visitors Open ports 20 and 21 for inbound and outbound connections Move the FTP outside of the firewall
Open ports 20 and 21 for inbound and outbound connections
Which of the following is a mechanism for granting and validating certificates? RADIUS PKI Kerberos AAA
PKI
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model? PaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. PaaS delivers software applications to the client either over the internet or on a local area network. PaaS stores and provides data from a centralized location without the need for local collection and storage PaaS delivers everything a developer needs to build an application onto the cloud infrastructure.
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure.
What type of password is maryhadalittlelamb? Pass phrase Cognitive Static Composition
Pass phrase
Which of the following is an example of Type 1 authentication? User name Pass phrase Smart card Retina scan
Pass phrase
A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try to determine which operating systems are running on network hosts. Which process did the administrator use in the penetration test in this scenario? Active fingerprinting Network enumeration Passive fingerprinting Firewalking
Passive fingerprinting
Which of the following is the most common form of authentication? Photo ID Fingerprint Digital certificate on a smart card Password
Password
Which of the following is most vulnerable to a brute force attack? Password authentication Biometric authentication Two-factor authentication Challenge-response token authentication
Password authentication
Which of the following is not a characteristic of Kerberos? Symmetric key cryptography Data encryption standard Peer-to-peer relationships between entities End-to-end security
Peer-to-peer relationships between entities
Which of the following uses hacking techniques to proactively discover internal vulnerabilities? Reverse engineering Penetration testing Inbound scanning Passive reconnaissance
Penetration testing
Your disaster recovery plan calls for tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you choose a method that uses the fewest tapes, but also allows you to quickly back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups? Perform a full backup once per week and a differential backup the other days of the week. Perform a full backup each day of the week. Perform a full backup once per week and an incremental backup the other days of the week. Perform a full backup once per month and an incremental backup the other days of the month. Perform a full backup once per year and a differential backup for the rest of the days in the year.
Perform a full backup once per week and a differential backup the other days of the week.
Which of the following methods should you use to prevent SQL injection attacks? Prevent running client-side scripts Prevent running server-side scripts Perform input validation Disallow CGI scripts on the server Disable unsigned add-ons for the browser
Perform input validation
You suspect that your Web server has been the target of a denial of service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine? Firewall Performance Security System
Performance
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred? Open SMTP relay Virus Phishing Buffer overflow
Phishing
Which phase or step of a security assessment is a passive activity? Enumeration Reconnaissance Privilege escalation Vulnerability mapping
Reconnaissance
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing? Anti-adware Pop-up blocker Anti-spyware Anti-virus Phishing filter
Pop-up blocker
Which of the following terms describes the actual time required to successfully recover operations in the event of an incident? Recovery Time Objective (RTO) Recovery Point Objective (RPO) Mean Time to Repair (MTTR) Maximum Tolerable Downtime (MTD)
Recovery Time Objective (RTO)
Which of the following identifies someone who can retrieve private keys from storage? Registration authority Certificate authority Enrollment agent Recovery agent
Recovery agent
Question 184 of 212 The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored? Corrective Preventative Directive Detective
Preventative
Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? Public keys Cryptographic algorithm Private keys Hash values
Private keys
Which of the following is an advantage of a virtual browser? Protects the host operating system from malicious downloads Prevents adware and spyware that monitors your internet activity Prevents phishing and drive-by downloads Filters internet content based on ratings
Protects the host operating system from malicious downloads
Which of the following is NOT a feature of the cloud storage model of data storage? Highly durable through the creation of versioned copies. Highly fault tolerant through redundancy and distribution of data. Made up of many distributed resources that act as one federated or a cooperative storage cloud architecture. Provides access control to the file system stored in the cloud.
Provides access control to the file system stored in the cloud.
Which of the following data destruction techniques uses a punch press or hammer system to crush a hard disk? Shredding Pulping Purging Pulverizing Degaussing
Pulverizing
Which of the following drive configurations is fault tolerant? Disk striping RAID 0 Expanded volume set RAID 5
RAID 5
What option is an advantage RAID 5 has over RAID 1? RAID 5 provides redundancy; RAID 1 does not. RAID 5 improves performance over RAID 1. RAID 5 continues to operate with a failure in two disks; RAID 1 can only operate with a failure of one disk. RAID 5 provides redundancy for the disk controller.
RAID 5 improves performance over RAID 1.
Which of the following can be classified as a stream cipher? Blowfish Twofish RC4 AES
RC4
Which of the following symmetric cryptography systems can have a key size of 0 bits? DES RC5 IDEA AES
RC5
Which version of the Rivest cipher is a block cipher that supports variable bit length keys and variable bit block sizes? RC5 RC4 RC2 RSA
RC5
Which form of alternate site is the cheapest, but may not allow an organization to recover before reaching their maximum tolerable downtime? Hot site Service bureau Warm site Reciprocal agreement
Reciprocal agreement
A router access control list uses information in a packet, such as the destination IP address and port number, to make allow or deny forwarding decisions. This is an example of which kind of access control model? RSBAC RBAC DAC MAC
RSBAC
Which of the following password attacks uses preconfigured matrices of hashed dictionary words? Dictionary Brute force Hybrid Rainbow table
Rainbow table
You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact? Recovery agent Certification Authority Registration Authority Enrollment agent
Recovery agent
Telnet is inherently insecure because its communications is in plaintext and easily intercepted. Which of the following is an acceptable alternative to Telnet? SLIP SHTTP Remote Desktop SSH
SSH
Which of the following is a characteristic of a virus? Capable of replicating itself Is remotely controlled by a central command Requires an activation mechanism to run Requires administrative privileges to install
Requires an activation mechanism to run
Which of the following network services or protocols uses TCP/IP port 22? TFTP NNTP SSH IMAP4
SSH
Which of the following protocols can be used to securely manage a network device from a remote connection? SSH Telnet SFTP TLS
SSH
A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state? Restore the full backup and the last differential backup Restore the full backup and the last incremental backup Restore the full backup and all differential backups Restore the full backup and all incremental backups
Restore the full backup and the last differential backup
You recently discovered that several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files? Stealth Polymorphic Retro Slow
Retro
What form of access control is based on job descriptions? Discretionary access control (DAC) Mandatory access control (MAC) Role-based access control (RBAC) Location-based access control (LBAC)
Role-based access control (RBAC)
Which access control model manages rights and permissions based on job descriptions and responsibilities? Discretionary access control (DAC) Role-based access control (RBAC) Mandatory access control (MAC) Task-based access control (TBAC)
Role-based access control (RBAC)
Which of the following is the most frequently used symmetric key stream cipher? Ron's Cipher v4 (RC4) Advanced Encryption Standard (AES) Ron's Cipher v2 (RC2) Blowfish
Ron's Cipher v4 (RC4)
In the certificate authority trust model known as a hierarchy, where does trust start? Root CA Issuing CA Third party CA Registration authority
Root CA
Which of the following is undetectable software that allows administrator-level access? Spyware Rootkit Worm Logic bomb Trojan horse
Rootkit
Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message? Sam's public key Sam's private key Mary's public key
Sam's public key
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software? Trojan horse Botnet Rootkit Privilege escalation Spyware
Rootkit
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk.Which of the following actions would best protect your system? Configure the browser to block all cookies and pop-ups Run the browser in protected mode Run the browser within a virtual environment Change the security level for the internet zone to High
Run the browser within a virtual environment
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred? Buffer overflow DLL injection SQL injection Cross-site scripting
SQL injection
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose? AES SSH IPsec S/MIME
S/MIME
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose? SASL Simple EAP Mutual
SASL
Which of the following is a disadvantage of software-defined networking (SDN)? SDN creates centralized management. SDN gathers network information and statistics. SDN facilitates communication between hardware from different vendors. SDN standards are still being developed.
SDN standards are still being developed.
Which of the following does not or cannot produce a hash value of 128 bits? MD5 SHA-1 RIPEMD MD2
SHA-1
Which of the following is the strongest hashing algorithm? LANMAN NTLM MD5 SHA-1
SHA-1
SFTP uses which mechanism to provide security for authentication and data transfer? IPsec Token devices Multi-factor authentication SSL SSH
SSH
FTPS uses which mechanism to provide security for authentication and data transfer? IPsec Token devices Multi-factor authentication SSL
SSL
Which protocol does HTTPS use to offer greater security in web transactions? Kerberos SSL IPsec User name and password authentication
SSL
You are purchasing a hard disk from an online retailer over the internet. What does your browser use to ensure that others cannot see your credit card number on the internet? VPN PPTP SSL IPsec
SSL
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls? PPTP L2TP SSL IPsec PPPoE
SSL
You maintain a network with four servers. Currently, users must provide authentication credentials whenever they access a different server. Which solution allows users to supply authentication credentials once for all servers? RADIUS TACACS+ SSO 802.1x Digital certificates
SSO
SSL (Secure Sockets Layer) operates at which layer of the OSI model? Application Presentation Session Transport
Session
What is the effect of the following command? chage -M 60 -W 10 jsmith Sets the password for jsmith to expire after 6 days and gives a warning 10 days before it expires. Deletes the jsmith user account after 60 days and gives a warning 10 days before it expires. Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires. Forces jsmith to keep the password 60 days before changing it and gives a warning 10 days before changing it. Sets the password for jsmith to expire after 6 days and gives a warning 10 days before it expires.
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.
Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is most likely preventing her from accessing this system? She is still a member of the Project Management group, which has been denied permission to this system. However, being a member of the Managers group should allow her to access this system. Allow permissions always override Deny permissions. There must be an explicit permission entry that is preventing her from accessing the management system. She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions. Her user object has been assigned an explicit Deny permission to the performance management system. Her user object has been assigned an explicit Allow permission to the performance management system, but she inherits the Deny permission assigned to the Project Management group (which she still belongs to). Inherited Deny permissions override explicit Allow permissions.
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.
Your organization's security policy specifies that any mobile device that connects to your internal network must have Remote Wipe enabled, regardless of ownership. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. our organization recently purchased several Windows RT tablets. Which should you do? Implement Remote Wipe group policies in your domain. Enable Remote Wipe local group policies on each device. Sign up for a Windows Intune account to manage the tablets. Go to Settings Charm > Change PC settings > Privacy and enable the Remote Wipe setting.
Sign up for a Windows Intune account to manage the tablets.
Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon? Smart card Biometric WAP Security policy SSID
Smart card
Which of the following is not true of smart cards? Smart cards use PKI technology to store digital signatures, cryptography keys, and identification codes. Smart cards a powered internally by a small battery. Smart cards are generally considered to be tamper-proof. Smart cards have their own processor, allowing the card itself to perform its own cryptographic functions.
Smart cards a powered internally by a small battery.
What type of attack is most likely to succeed with communications between instant messaging clients? Sniffing Denial of service Brute force password attack DNS poisoning
Sniffing
Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network? Control layer networking Load balancing software Software-defined networking Infrastructure software networking
Software-defined networking
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario? Open SMTP relay Spam Phishing Repudiation attack
Spam
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens? Salami attack Data diddling Virus hoax Spamming
Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims? Brute force Trojan horse Hijacking Spamming
Spamming
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support? Spanning tree Mirroring PoE Trunking OSPF
Spanning tree
What type of malware monitors your actions? Virus Worm Spyware Trojan horse
Spyware
Which type of virus conceals its presence by intercepting system requests and altering service outputs? Polymorphic Stealth Slow Retro
Stealth
What form of cryptography is best suited for bulk encryption because it is so fast? Hashing cryptography Public key cryptography Symmetric key cryptography Asymmetric cryptography
Symmetric key cryptography
Which of the following forms of cryptography is best implemented in hardware? Symmetric block Symmetric stream Asymmetric Public key
Symmetric stream
Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check? System Performance Firewall Security
System
You are teaching new users about security and passwords. Which of the following is the best example of a secure password? 8181952 Stiles_2031 JoHnSmITh T1a73gZ9!
T1a73gZ9!
Which of the following protocols can be used to centralize remote access authentication? EAP CHAP TACACS Kerberos SESAME
TACACS
Which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets? TCP connect scan TCP SYN scan TCP FIN scan TCP ACK scan
TCP SYN scan
Encryption is which type of access control? Administrative Physical Technical Restrictive
Technical
What is the primary purpose of penetration testing? Test the effectiveness of your security perimeter Evaluate newly deployed firewalls Assess the skill level of new IT security staff Infiltrate a competitor's network
Test the effectiveness of your security perimeter
You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix? Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself. Apply the hotfix immediately to all servers. Test the hotfix and then apply it to all servers Test the hotfix and then apply it to the server that had the problem.
Test the hotfix and then apply it to all servers
An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CAs. What is the next step in verifying the server's identity? The domain on the server certificate must match the CA's domain name. The post-master secret must initiate subsequent communication. The CA's public key must validate the CA's digital signature on the server certificate. The master secret is generated from common key code.
The CA's public key must validate the CA's digital signature on the server certificate.
If a user's BYOD device, such as a tablet or phone, is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a network access control (NAC) system. How does an NAC protect your network from being infected by a BYOD device? The NAC forces BYOD devices to connect to a guest network that is isolated from your production network. The NAC specifies which apps can be used while the BYOD device is connected to the organization's network. The NAC remediates devices before allowing them to connect to your network. The NAC notifies users that personally-owned devices are subject to random searches if brought on site.
The NAC remediates devices before allowing them to connect to your network.
Software-defined networking (SDN) uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device. Which of the following best describes an SDN controller? The SDN controller is hardware. The SDN controller is software. The SDN controller is a virtual networking device. The SDN controller is a networking protocol.
The SDN controller is software.
Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security settings on your computer? The Microsoft Management Console snap-in The NSA Template snap-in The Active Directory Security Template snap-in The Security Configuration and Analysis snap-in
The Security Configuration and Analysis snap-in
You have implemented account lockout with a clipping level of 4. What will be the effect of this setting? The account will be locked after four incorrect attempts. Locked accounts will remain locked for four hours. Incorrect login attempts during the past four hours will be tracked. Password hashes will be generated using a salt value of four.
The account will be locked after four incorrect attempts.
Which of the following best describes a side-channel attack? The attack targets the key containing a small data set. The attack is based on information gained from the physical implementation of a cryptosystem. The attack targets a weakness in the software, protocol, or encryption algorithm. The attack exploits weaknesses in a cryptosystem, such as inability to produce random numbers or floating point errors.
The attack is based on information gained from the physical implementation of a cryptosystem.
Which action is taken when the private key associated with a digital certificate becomes compromised? The CA retracts all previously issued copies of the certificate. The RA requests a reissued digital signature based on the existing private key. All certificates are revoked from parties known to possess the matching public key The certificate is revoked and added to the Certificate Revocation List.
The certificate is revoked and added to the Certificate Revocation List.
Certificate revocation should occur under all but which of the following conditions? The certificate owner has committed a crime while using the certificate The certificate owner has changed their business name The certificate owner has moved their website to a new domain name The certificate owner has held the certificate beyond the established lifetime timer
The certificate owner has held the certificate beyond the established lifetime timer
You have opted to use software-defined networking (SDN) to manage, control, and make changes to your network. You want to be able to use software to configure and intelligently control the network, rather than relying on the individual static configuration files that are located on each network device. SDN consists of three layers: • Application layer • Control layer Physical layer Which of the following describes what the SDN control layer does to networking devices that comprise the physical layer? The control layer removes the control plane from networking devices and creates a virtual control plane for each device. The control layer interfaces with the control plane in each networking device and creates a virtual control plane. The control layer removes the control plane from networking devices and creates a single control plane. The control layer uses southbound APIs to communicate with the control plane in each networking device and creates a single control plane
The control layer removes the control plane from networking devices and creates a single control plane.
When using SSL authentication, what does the client verify first when checking a server's identity? The certificate must be non-expiring and self-signed by the sysadmin. The current date and time must fall within the server's certificate validity period. All DNS resolution must point to the corporate intranet routers. Master secrets are verifiable from asymmetric keys.
The current date and time must fall within the server's certificate validity period.
The mathematical algorithm used to generate time-based one-time passwords (TOTP) uses a shared secret and a counter to generate unique one-time passwords. Which event causes the counter to increment when creating TOTP passwords? The creation of a new one-time password A signal from the TPM chip on the system motherboard The passage of time A value set in a hidden CPU register
The passage of time
Which of the following defines the crossover error rate for evaluating biometric systems? The rate of people who are given access that should be denied access. The rate of people who are denied access that should be allowed access. The number of subjects or authentication attempts that can be validated. The point where the number of false positives matches the number of false negatives in a biometric system.
The point where the number of false positives matches the number of false negatives in a biometric system.
Which of the following would require that a certificate be placed on the CRL? The certificate validity period is exceeded. The private key is compromised. The signature key size is revealed. The encryption key algorithm is revealed
The private key is compromised.
Which of the following describes the worst possible action by an IDS? The system detected a valid attack and the appropriate alarms and notifications were generated. The system correctly deemed harmless traffic as inoffensive and let it pass. The system identified harmless traffic as offensive and generated an alarm. The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Which of the following best describes an audit daemon? The driver responsible for accepting audit records from the audit kernel. The trusted utility that runs a background process whenever auditing is enabled. The interface that allows the administrator to handle, set up, initialize, and modify subsystem parameters. The component that examines audit trails from current or previous audit sessions and reduces or compresses them for archival.
The trusted utility that runs a background process whenever auditing is enabled.
Which of the following is not true regarding cookies? They can retain connection and session information They can collect user information They operate within a security sandbox They can help a hacker spoof a user's identity
They operate within a security sandbox
Why are brute force attacks always successful? They test every possible valid combination. They are fast. They are platform independent. They can be performed in a distributed parallel processing environment.
They test every possible valid combination.
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system? Coupon Voucher Ticket Hashkey
Ticket
You want to use a vulnerability scanner to check a system for known security risks. What should you do first? Perform a port scan Inform senior management of your actions Update the scanner definition files Apply all known patches to the system
Update the scanner definition files
Why should backup media be stored offsite? To reduce the possibility of theft To comply with government regulation To prevent the same disaster from affecting both the network and the backup media To improve the efficiency of the restoration process
To prevent the same disaster from affecting both the network and the backup media
What is the purpose of key escrow? To collect additional fees over the life of a public digital certificate To provide a means for recovery from a lost private key To provide a means for legal authorities to access confidential data To grant the certificate authority full control over the communication environment
To provide a means for legal authorities to access confidential data
Which of the following is an example of three-factor authentication? Photo ID, smart card, fingerprint Smart card, digital certificate, PIN Token device, keystroke analysis, cognitive question Pass phrase, palm scan, voice recognition
Token device, keystroke analysis, cognitive question
You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? Update the signature files Check for backdoors Generate a new baseline Modify clipping levels
Update the signature files
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? Outlook Express Worm ActiveX control Trojan horse
Trojan horse
How many keys are used with Public Key cryptography? One Two Three Four
Two
How many keys are used with asymmetric (public key) cryptography? One Two Three Four
Two
Which of the following is stronger than any biometric authentication factor? A 47-character password Two-factor authentication A dynamic asynchronous token device without a PIN A USB device hosting PKI certificates
Two-factor authentication
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: • www.videoshare.com • www.vidshar.com • www.vidsshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario? Command injection Buffer overflow Watering hole Typosquatting
Typosquatting
If your anti-virus software does not detect and remove a virus, what should you try first? Update your virus detection software. Search for and delete the file you believe to be infected. Set the read-only attribute of the file you believe to be infected. Scan the computer using another virus detection program.
Update your virus detection software.
You are concerned that an attacker can gain access to your Web server, make modifications to the system, and alter the log files to hide his actions. Which of the following actions would best protect the log files? Encrypt the log files Configure permissions on the log files to prevent access Use syslog to send log entries to another server Take a hash of the log files
Use syslog to send log entries to another server
Which security mechanism uses a unique list that meets the following specifications: • The list is embedded directly in the object itself • The list defines which subjects have access to certain objects • The list specifies the level or type of access allowed to certain objects Mandatory access control Kerberos Hashing User ACL
User ACL
Which of the following information is typically not included in an access token? User security identifier Group membership User account password User rights
User account password
Which of the following identification and authentication factors are often well-known or easy to discover by others on the same network or system? User name Password PGP secret key Biometric reference profile
User name
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration? The password must contain 10 or more characters. Users cannot change the password for 10 days. The password must be entered within 10 minutes of the login prompt being displayed. Users must change the password at least every 10 days. The previous 10 passwords cannot be reused.
Users cannot change the password for 10 days.
Which of the following describes Privilege auditing? An employee is granted the minimum privileges required to perform the duties of her position. Users' and groups' rights and privileges are checked to guard against creeping privileges. No single user is granted sufficient privileges to compromise the security of an entire environment. Users' activities are logged to document incidents for security investigations and incident response.
Users' and groups' rights and privileges are checked to guard against creeping privileges
Which of the following is not a countermeasure against dictionary attacks? Avoiding common words Using short passwords Using three or four different keyboard character types (lowercase, uppercase, numerals, and symbols) Avoiding industry acronyms
Using short passwords
Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination? Virtual switch Virtual router Virtual firewall Hypervisor
Virtual switch
What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found? Virus Trojan horse Windows Messenger Java applet
Virus
What is the main difference between vulnerability scanning and penetration testing? Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools. The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack a system. Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing begins with no knowledge of the system
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.
You manage a website for your company. The website uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point of failure? Network adapter Website storage Power supply Web server
Website storage
Sensitive data is monitored by the data loss prevention (DLP) system in four different states. Which of the following is NOT one of the states monitored by DLP? While in use on endpoint systems. While in motion as it is transmitted over the network. While a file with sensitive data is being created. While at rest on a storage medium. While being transmitted to or from cloud-based systems.
While a file with sensitive data is being created.
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use? Wireshark OVAL Nessus Nmap
Wireshark
Which of the following is an example of a decentralized privilege management solution? Active Directory Workgroup RADIUS TACACS+
Workgroup
Which of the following is not an example of a single sign-on solution? Kerberos Directory services Workgroup Scripted access
Workgroup
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information? XSS SQL injection DLL injection Drive-by download
XSS
Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy? Mobile devices are immune to malware threats. You can't use domain-based group policies to enforce security settings on mobile devices. It is difficult for users to connect personal mobile devices to your organization's corporate network. Anti-malware software isn't available for most mobile device operating systems.
You can't use domain-based group policies to enforce security settings on mobile devices.
Which of the following is NOT an advantage of using cloud storage? Your organization can copy virtual machine images from the cloud to on-premises locations. Your organization can import a virtual machine image from an on-premises location to the cloud image library. Your organization can use cloud storage as a natural disaster backup. Your organization can purchase additional storage capacity when needed. Your organization can choose between off-premises and on-premises cloud storage options.
Your organization can purchase additional storage capacity when needed.
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack? Full-knowledge team Zero-knowledge team Partial-knowledge team Split-knowledge team
Zero-knowledge team
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports? netstat nmap traceroute nslookup
nmap
A user with the account name larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage files in the system in the very near future. Which of the following commands will disable or remove the user account from the system and remove his home directory? userdel larry userdel -r larry userdel -home larry userdel -h larry
userdel -r larry
You have performed an audit and have found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account? usermod -l joer usermod -d joer usermod -L joer usermod -u joer
usermod -L joer
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the following commands will accomplish this? usermod -l kscott kjones usermod -u kjones kscott usermod -l kjones kscott usermod -u kscott kjones
usermod -l kjones kscott
Network-based intrusion detection is most suited to detect and prevent which types of attacks? Buffer overflow exploitation of software Application implementation flaw Bandwidth-based denial of service Brute force password attack
Bandwidth-based denial of service
Network-based intrusion detection is most suited to detect and prevent which types of attacks? Buffer overflow exploitation of software Application implementation flaws Bandwidth-based denial of service Brute force password attack
Bandwidth-based denial of service
Which is a typical goal of MAC spoofing? Bypassing 802.1x port-based security Causing a switch to enter fail open mode Causing incoming packets to broadcast to all ports Rerouting local switch traffic to a specified destination
Bypassing 802.1x port-based security
You have a small network of devices connected using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do? Manually set the MAC address of Host C to the MAC address of Host A Configure the default gateway address on hosts A and B with the IP address of Host C Configure port mirroring Connect hosts A and B together on the same switch port through a hub
Configure port mirroring
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the Internet. What can you do? Configure port security on the switch. Remove the hub and place each library computer on its own access port. Create a VLAN for each group of four computers. Create static MAC addresses for each computer and associate it with a VLAN.
Configure port security on the switch.
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration? Configure remote access clients as RADIUS clients. Configure the remote access servers as RADIUS servers. Configure the remote access servers as RADIUS clients. Obtain certificates from a public or private PKI.
Configure the remote access servers as RADIUS clients.
Which of the following applications typically use 802.1x authentication? (Select two.) Controlling access through a wireless access point Controlling access through a switch Controlling access through a router Authenticating remote access clients Authenticating VPN users through the Internet
Controlling access through a wireless access point Controlling access through a switch
You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connecting to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if they are compromised? Create a VLAN to use as a no-trust network zone for these static systems to connect to. Create a VLAN to use as a high-trust network zone for these static systems to connect to. Create a VLAN to use as a low-trust network zone for these static systems to connect to. Create a VLAN to use as a medium-trust network zone for these static systems to connect to.
Create a VLAN to use as a low-trust network zone for these static systems to connect to.
Which of the following is a characteristic of TACACS+? Requires that authentication and authorization are combined in a single server Uses UDP ports 1812 and 1813 Encrypts the entire packet, not just authentication packets Supports only TCP/IP
Encrypts the entire packet, not just authentication packets
You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device? False positive False negative Negative Positive
False positive
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist? Block Flag Tarpit Drop
Flag
You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the attacker's methods. Which should you implement? Honeynet NIDS NIPS Extranet
Honeynet
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? Network-based IDS VPN concentrator Port scanner Host-based IDS Protocol analyzer
Host-based IDS
Which of the following devices can monitor a network and detect potential security attacks? IDS Proxy CSU/DSU DNS server Load balancer
IDS
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations? Firewall Switch Padded cell IDS
IDS
Which security mechanism can be used to detect attacks that originate on the internet or from within an internal trusted subnet? Firewall IDS Security alarm Biometric system
IDS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? IDS IPS Packet sniffer Port scanner
IPS
Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881-6889 by default. When you check your perimeter firewall configuration, only ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic using ports 6881-6889 has been blocked. What should you do? Implement an application control solution. Determine that the accused employee is innocent and being framed. Block all outbound ports in the perimeter firewall. Call Human Resources and have the employee fired for violation of the security policy.
Implement an application control solution.
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do? Implement an application-aware IDS in front of the web server Implement an application-aware IPS in front of the web server Install an anti-malware scanner on the web server Implement a packet-filtering firewall in front of the web server Implement a stateful firewall in front of the web server
Implement an application-aware IPS in front of the web server
You have worked as the network administrator for a company for seven months. One day, all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation that propagated to the server. You successfully restore all files from backup, but your boss is adamant that this situation does not reoccur. What should you do? Disconnect the user from the internet. Install a network virus detection software solution. Allow users to access the internet only from terminals that are not attached to the main network. Install a firewall.
Install a network virus detection software solution.
You want to check a server for user accounts that have weak passwords. Which tool should you use? John the Ripper Retina OVAL Nessus
John the Ripper
Which of the following protocols uses port 88? PPTP LDAP L2TP Kerberos TACACS
Kerberos
Which of the following describes a false positive when using an IPS device? Malicious traffic not being identified Malicious traffic masquerading as legitimate traffic Legitimate traffic being flagged as malicious The source address matching the destination address The source address identifying a non-existent host
Legitimate traffic being flagged as malicious
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? Use a Telnet client to access the router configuration. Change the default administrative user name and password. Use encrypted type 7 passwords. Move the router to a secure server room. Use TFTP to back up the router configuration to a remote location.
Move the router to a secure server room.
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP? Three-way handshake Hashed shared secret Mutual authentication Certificate-based authentication
Mutual authentication
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? Ping scanner OVAL Port scanner Network mapper
Network mapper
A security administrator needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use? Credentialed scan Non-credentialed scan Port scan Network mapping scan
Non-credentialed scan
Which of the following can make passwords useless on a router? Not controlling physical access to the router Using the MD5 hashing algorithm to encrypt the password Storing the router configuration file to a secure location Using SSH to connect to a router remotely
Not controlling physical access to the router
You have a network with three remote access servers, a RADIUS server used for authentication and authorization, and a second RADIUS server used for accounting. Where should you configure remote access policies? On the RADIUS server used for accounting On one of the remote access servers On each of the remote access servers On the RADIUS server used for authentication and authorization
On the RADIUS server used for authentication and authorization
Which of the following authentication protocols transmits passwords in cleartext, and is, therefore, considered too insecure for modern networks? CHAP PAP EAP RADIUS
PAP
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use? Packet sniffer Load tester Throughput tester Event log System log
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use? Port scanner Packet sniffer IDS IPS Throughput tester
Packet sniffer
What common design feature among instant messaging clients make them less secure than other means of communicating over the internet? Real-time communication Transfer of text and files Freely available for use Peer-to-peer networking
Peer-to-peer networking
CHAP performs which of the following security functions? Protects user names Links remote systems together Periodically verifies the identity of a peer using a three-way handshake Allows the use of biometric devices
Periodically verifies the identity of a peer using a three-way handshake
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use? Packet sniffer Port scanner IDS IPS System logs
Port scanner
Instant messaging does not provide which of the following? Real-time communications Ease of file transfers Privacy Indication of when you are online
Privacy
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? Man-in-the-middle attack Social engineering Smurf attack Privilege escalation
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions? Privilege escalation Social engineering Replay Impersonation
Privilege escalation
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation, not to other devices. Which feature should you configure? Promiscuous mode Mirroring Bonding Spanning tree
Promiscuous mode
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are encrypted. Which tool should you use? Performance monitor Systems monitor Vulnerability scanner Protocol analyzer
Protocol analyzer
You want to identify traffic that is generated and sent through the network by a specific application running on a device. Which tool should you use? Certifier Toner probe TDR Protocol analyzer Multimeter
Protocol analyzer
Which of the following are differences between RADIUS and TACACS+? RADIUS uses TCP; TACACS+ uses UDP. RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password. RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. RADIUS supports more protocols than TACACS+.
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.
You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement? PPP RAS ISDN RIP
RAS
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible. Which type of connection will you need? Remote access Internet Virtual private network Intranet
Remote access
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches? Use a port scanner to check for open ports Update the vulnerability scanner definition files Document your actions Run the vulnerability assessment again
Run the vulnerability assessment again
Which of the following is the most common detection method used by an IDS? Signature Anomaly Behavior Heuristic
Signature
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches? Trunking Spanning tree PoE 802.1x Bonding
Spanning tree
A virtual LAN can be created using which of the following? Switch Router Gateway Hub
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to? Switch port MAC address IP address Host name
Switch port
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch? Trunk ports Uplink ports Any port not assigned to a VLAN Gigabit and higher Ethernet ports Each port can only be a member of a single VLAN
Trunk ports
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? Use an SSH client to access the router configuration. Use encrypted type 7 passwords. Move the router to a secure data center. Use SCP to back up the router configuration to a remote location.
Use SCP to back up the router configuration to a remote location.
Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication? Use SSL Add SASL and use TLS Use Kerberos Use IPsec and certificates
Use SSL
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device? Use an SSH client to access the router configuration. Use a stronger administrative password. Use a web browser to access the router configuration using an HTTP connection. Move the device to a secure data center.
Use a stronger administrative password.
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the most important aspect of maintaining network security against this type of attack? User education and training Identifying inherent vulnerabilities Documenting all network assets in your organization Identifying a network baseline Network segmentation
User education and training
You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation? VLAN Spanning tree Port security VPN
VLAN
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented? VLAN Spanning tree Port security VPN
VLAN
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement? Port authentication VLANs NAT DMZ
VLANs
Based on the VLAN configuration shown in the diagram above, which of the following is not true? Workstations in VLAN1 are able to communicate with workstations in VLAN2 because they are connected to the same physical switch. FastEthernet ports 0/1 and 0/2 are members of VLAN1. FastEthernet ports 0/3 and 0/4 are members of VLAN2. This configuration create two broadcast domains. VLAN1 and VLAN2 are separate broadcast domains. VLAN1 is one of the default VLANs on the switch. VLAN2 had to be manually configured.
Workstations in VLAN1 are able to communicate with workstations in VLAN2 because they are connected to the same physical switch.
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN? You can control broadcast traffic and create a collision domain for just the wireless guest devices. You can load-balance wireless guest network traffic to have a lower priority than the rest of the traffic on the network. You can create a wireless guest network more affordably with a VLAN than you can with a router. You can control security by isolating wireless guest devices within this VLAN.
You can control security by isolating wireless guest devices within this VLAN.
Which of the following is not an administrative benefit of implementing VLANs? You can simplify device moves. You can control broadcast traffic and create collision domains based on logical criteria. You can control security by isolating traffic within a VLAN. You can simplify routing traffic between separate networks. You can load-balance network traffic.
You can simplify routing traffic between separate networks.
In which of the following situations would you use port security? You want to prevent sniffing attacks on the network. You want to restrict the devices that could connect through a switch port. You want to control the packets sent and received by a router. You want to prevent MAC address spoofing.
You want to restrict the devices that could connect through a switch port.