Practice Test B
You've been hired as a security consultant for a company that's beginning to implement handheld devices, such as smartphones. You're told that the company must use an asymmetric system. Which security standard will be best for you to implement
ECC
A security analyst is examining a database server to verify that the correct security measures are in place to protect the data. In which, some of the fields consist of data like people's first name, last name, home address, date of birth, and mother's last name. Which of the following illustrates this type of data
PII
Which of the following threat actors is an unskilled individual who uses tools or programs developed by others to attack computer systems and networks
Script kiddies
In an organization, several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following will be best to prevent this situation from occurring in the future
Security awareness training
Smith works as a network administrator for an organization. He sets up a DNS server on the network and enables DNS service on all computers. However, DNS is not working properly. Which of the following commands should Smith use to verify the DNS configuration
nslookup
You have a lock at your office door. Often you share your keys with some of your trusted colleagues. This is an example of ____
symmetric key sharing
Maria works as a network administrator for an organization that has a TCP/IP-based network, which is connected to the Internet through a firewall. A user complains that he is unable to access one of the site. However, he can access all other sites. Which of the following tools will help her to diagnose the problem
tracert
Which of the following Windows RRAS authentication protocols uses completely unencrypted passwords
PAP
To increase security, TKIP places a wrapper around the WEP encryption with a key based on things such as the MAC address of the host device and the serial number of the packet. What is the size of the wrapper
128-bit
Rose works as a security technician for a company. She is unable to manage a remote server. For enabling this, which of the following ports should be activated on the firewall for remote server management? Each correct answer represents a complete solution. Choose two
3389 22
In an organization, the users usually connect to wireless APs and have speed of 11 Mbps. Which of the following WLAN standards is in use
802.11b
Joe, a security administrator, wants to control traffic on a layer 3 device to support FTP from a new remote site. Which of the following would Joe implement to accomplish this
Access control list
The XYZ medical billing company needs to create a privacy policy for patient data. Hector has been tasked with formulating such a policy. Which of the following types of control is a privacy policy
Administrative
Ann, a network administrator, is worried about the threat of malware on the network. She wants every workstation to install software that will detect worms and Trojan horses. What type of software should she install
Antivirus
As part of the process of calculating risk, Demetrius wants to know the cost of a single breach. What formula should he use for this
Asset Value (AV) * Exposure Factor (EF)
Raul is looking for a cryptography algorithm used for customers' shopping on his company's web site. It is important that users are able to encrypt transmissions without concern over cryptographic key exchange. Which type of cryptography should he use
Asymmetric
Ron, an employee, oversees finding a new web hosting provider and has noticed that the potential choices list an uptime of 99.999 percent. Which term best describes this
Availability
In the case of a major business interruption, the security analysis team has documented the following objectives: expected loss of earnings, potential fines, and potential consequence to customer service. Which of the following documents would include the details of the above mentioned objectives
BIA
A company has received recent reports of equipment thefts from its workstations. Which physical security methods can be used to prevent this from happening? Each correct answer represents a complete solution. Choose all that apply
Biometric lock Mantrap Cipher lock
A smartphone is disk encrypted and screen-lock protected. Which of the following attacks can be used to steal data from it
Bluesnarfing
Loy, a security administrator, wants to successfully recover a user's forgotten password on a password protected file. Which of the following techniques can he use to accomplish this task
Brute-force
Max, a security analyst, is concerned that the application his team is currently developing is vulnerable to unexpected user input that could lead to issues within the memory. Due to which, it is affected in a harmful manner leading to potential exploitation. Which of the following describes this application threat
Buffer overflow
While performing a vulnerability check of a web application, you found that the programmer has allocated 32 bytes for a string variable. He has not performed any check to ensure that more than 32 bytes is not stored in the variable. To which of the following attacks is the application vulnerable
Buffer overflow
Rex, a forensic analyst, received a hard drive from detectives. After receiving, he used a log to capture corresponding events before sending the evidence to lawyers for a court case. Which of the following do these actions indicate
Chain of custody
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers of the district, they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client
Cold site
Which of the following is the process of investigating a computer system for clues about an event
Computer forensics
Virtualization that does not utilize hypervisors can be accomplished using which of the following
Container
Which of the following helps in reducing electronic noise from devices that would divulge intelligence about systems and information
TEMPEST
Which of the following attacks allows an attacker to enter the malicious data into a Website
Cross-site scripting
Which algorithm is used to create a temporary secure session for the exchange of key information
KEA
You are a security administrator for an online share trading portal. The trading portal is closed for customers during weekends. You notice that the portal is receiving large number of traffic from various external networks during a weekend. Which type of attack are you most likely facing
DDoS
You are the security administrator for a consulting firm. One of your clients' needs to encrypt traffic. However, he has specific requirements for the encryption algorithm. It must be a symmetric key block cipher. Which of the following should you choose for this client
DES
You are concerned about outside attackers penetrating your network via your company Web server. You wish to place your Web server between two firewalls. One firewall between the Web server and the outside world. The other between the Web server and your network. What is this called
DMZ
A company wants to direct secure transactions of large data files. Before encrypting and exchanging the data files, the company wants to make sure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange
Diffie-Hellman
You are responsible for security at a defense contracting firm. You're evaluating various possible encryption algorithms to use. One of the algorithms you're examining is not integer-based, uses shorter keys, and is public key-based. What type of algorithm is it
Elliptic curve
You want to use some amalgamation of computer hardware and software to perform particular functions within a larger system. Which of the following will you use to achieve this
Embedded system
After recovering from a data violation in which customer data was lost, the working team meets with the CSO (Chief Security Officer) to find better ways to protect the privacy of customer data. Which of the following will help the working team members to achieve this goal
Encryption and stronger access control
Rex, a security administrator, has a firewall with an outside network connected to the Internet and an inside network connected to the business network. Which of the following should the administrator change to divert traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080
Establish a static PAT from port 80 on the outside network to the internal network on port 8080.
Pete, a security manager, wants to have a backup plan in case power is lost for more than a few hours. Which of the following solutions should he implement
Generator
Your company decides to purchase a cloud computing service. Which of the following is highly ensured in the cloud computing environment
High availability of data
The security team of an organization has trapped an attacker in an isolated environment where they are being monitored. The team has also tricked the attacker into believing that they are causing damage to the organization's systems. Which of the following practices is used by the security team
Honeypot
Which of the following statements are true about asymmetric encryption? Each correct answer represents a complete solution. Choose two
In asymmetric encryption, the public key is distributed and the private key is available only to the recipient of the message. It uses a public key and a private key pair for data encryption.
A security administrator wants an employee who uses email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. In this scenario, a security administrator is concerned about which of the following types of security control
Integrity
Which of the following statements are true about the RSA algorithm? Each correct answer represents a complete solution. Choose three
It is an asymmetric algorithm. It uses large integers as the basis for the process. It works with both encryption and digital signatures.
Jennifer, a technician, has assigned a task to implement a new network based anti-virus product. For this, she has to assess all potential problems with the new system, so that she can prepare an analysis for the CIO. What problem might occur due to false positives
It is possible that a file will be mistakenly treated as a virus.
Which of the following statements are true about incremental backups? Each correct answer represents a complete solution. Choose two
It is the fastest method of backing up data. It backs up only the files changed since the most recent backup and clears the archive bit.
Bob is a network engineer with over 10 years of experience, and multiple industry certifications including CompTIA Security+. He is very well versed in security and networking. His current job responsibility is to handle the email servers of his company. His account is only a member of the email server admins group, and not the domain admins group. What is this an example of
Least privileges
In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence
Lessons learned
Max, a network administrator, wants to make sure that only those computers that he has authorized can connect on his network. What is the most appropriate security measure he will recommend
MAC filtering
You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a 128-bit hash value. Which of the following should you use
MD5
Juan is a computer forensics investigator. He has just received a Windows 7 computer suspected of containing evidence of identity theft. Which of the following should be done first
Make a bit stream copy of the hard drive.
An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to
Multifactor
The use of single sign-on eliminates the need for which of the following items
Multiple usernames and passwords
You have put various security devices on your network. Which of the following network devices can detect the suspicious behavior, but cannot react to it
NIDS
You want to stop malicious traffic from affecting your company's web servers. Which of the following will help you accomplish the task
NIPS
Sia, a cybersecurity analyst, wants to use a command utility to identify open ports and running services on a host along with the application associated with those services and port. Which of the following should she use to achieve this
Netstat
Penetration or vulnerability testing takes a passive approach rather than trying to break into the network is known as which one of the following
Nonintrusive testing
A network administrator wants to implement the multifactor authentication technique to secure the company's data center. Which of the following possible methods should the administrator use? Each correct answer represents a complete solution. Choose two
Password and fingerprint scan Retina scan and PIN
Smith, a security technician, has been given a task to identify, locate, and resolve security issues of the server. Which of the following tools will he use? Each correct answer represents a complete solution. Choose two
Port scanner Protocol analyzer
Rex, a security administrator, wants to prevent unwanted people from viewing the data on mobile devices if the device is left unattended. Which of the following should he implement to achieve this
Screen lock
Which of the following can be used to determine whether accounts have been established properly and verify that permission creep isn't occurring
Privilege audit
Which of the following RAID best represents disk striping with parity and contains a minimum of three disks
RAID 5
Which access control method is primarily concerned with the role that individuals have in the organization
RBAC
Which of the following is a collection of documents that details standards and protocols for Internet-related technologies
RFC
Eric is a security administrator of uCertify Inc. John, a sales manager, reports Eric about an e-mail through which an attacker is asking for money to decrypt the source code that he has encrypted. Which of the following types of threat is it
Ransomware
Rex, a software developer, during a code review notices a security risk that may result in hundreds of hours of rework. The security team has classified these issues as low risk. So, the management has decided that the code will not be rewritten. This is an example of which of the following risk response techniques
Risk acceptance
Which of the following is a process of shifting the risk to a third party, together with the ownership of the response
Risk transference
Which of the following provides real-time analysis of security alerts generated by applications and devices
SIEM
Which component of an IDS collects data
Sensor
Which of the following is used to prevent the electronic emissions of a computer from being used by unauthorized users
Shielding
Joe, a security administrator, wants to enhance the security of an organization by providing hardware based cryptographic processing and secure key storage for full-disk encryption. Which of the following should he implement to achieve this
TPM
What encryption process uses one message to hide another
Steganography
Brena, a security analyst, notices that external users are constantly reporting that a web application is slow and frequently times out when attempting to submit information. Which of the following software development best practices will she implement to prevent this issue
Stress testing
Arthur plans on gaining physical access to your server room by walking through the front door right behind someone else while pretending to use crutches. Which form of social engineering does this entail
Tailgating
Rick and Sasha are security guards of your organization. They are on duty at the data center gate. As the number of staff is quite high, this location has lots of traffic. The guards must be concerned for which of the following attacks
Tailgating
You are revising the acceptable use policies for your company. Which of the following items should be covered by your company's acceptable use policy? Each correct answer represents a complete solution. Choose two
The specific permitted and prohibited uses of Web pages including what pages, types of pages, and purposes that Web pages can be used for. The specific permitted and prohibited uses and purposes of email.
You work as a security administrator of Tech Perfect Inc. You decide to use the RAID 5 volume disk configuration on one of your servers that run Windows Server 2008 for fault tolerance. What is the minimum number of disk drives required for implementing RAID 5 volumes
Three
Azim is beginning an investigation of a suspect computer with a Windows operating system. He takes several screenshots of the computer with the task manager window open before shutting it down to make a copy of the drive. What is the best reason to do this
To show running processes on the machine
You work as a network administrator for an organization. The organization wants to ensure that the server room should be highly secured. To implement this, the organization wants that anyone who has right to authenticate himself should enter a password, which changes at every 60 seconds. Which of the following identification and authentication techniques will you select to accomplish the task
Token
Mary has found a project risk that could harm project team members. She does not want to accept any risk where someone could be harmed on this project, so she employs a professional vendor to complete the critical part of the project work. This workaround to the risk event is known as what type of risk response
Transference
You're concerned about the operating systems on your servers, especially on your Web server. Which of the following critical operating system hardening techniques would you implement on your Web server? Each correct answer represents a complete solution. Choose two
Update patches. Shut down unneeded services.
Mark needs to have hosted server operating systems isolated from each other to prevent a security breach of one operating system from spreading to another. What is the most cost effective way for him to do this
Use virtualization to host operating systems
Emily works as a network administrator for uCertify Inc. She has been given a task to extend network segment through which employees working from home will transmit data securely across the Internet. Which of the following will help her to complete the task
VPN
A companies headquarter is connected to its remotely located branch offices by creating secure tunnels across the Internet. The terminating end at the headquarter requires heavy data processing. Which of the following devices should be used for this purpose
VPN concentrator
Rena works as a security manager for a company. She's working in a partly equipped office space which accommodates some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is she working
Warm
John wishes to configure his network so that only the appropriate servers are located in the DMZ. Which of the following servers would he most likely put into a DMZ
Web Server
An organization has recently launched a new billing invoice website for a few key vendors. Emily, a security analyst, is receiving calls that the website is performing slowly and the pages sometimes display time out errors. The analyst discovers the website is receiving millions of requests, causing the service to become unavailable. Which of the following should she implement to maintain the availability of the website
Whitelisting
What type of program exists primarily to propagate and spread itself to other systems
Worm
An attacker exploits actual code of an application and uses a security hole to carry out an attack before the application vendor knows about the vulnerability. Which of the following types of attacks is this
Zero-day
Adrian knows the host names of all the computers on his network. He wants to find the IP addresses of these computers. Which of the following TCP/IP utilities can he use to find the IP addresses of these computers remotely from his computer? Each correct answer represents a complete solution. Choose two
ping tracert