TEST DAY!

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What can attackers accomplish using malicious port scanning? A. "Fingerprint" of the operating system B. Topology of the network C. All the computer names on the network D. All the usernames and passwords

A. "Fingerprint" of the operating system

From the list of ports, select two that are used for e-mail. (Select the two best answers.) A. 110 B. 3389 C. 143 D. 389

A. 110 C. 143

Which port number is ultimately used by SCP? A. 22 B. 23 C. 25 D. 443

A. 22

You have been tasked to access an older network device. Your only option is to use Telnet. Which port would need to be open on the network device by default? A. 3389 B. 161 C. 135 D. 23

A. 3389

Which TCP port does LDAP use? A. 389 B. 80 C. 443 D. 143

A. 389

Which port number does the Domain Name System use? A. 53 B. 80 C. 110 D. 88

A. 53

Which of the following is the best example of a strong password? A. A 14-character sequence of numbers, letters, and symbols B. The name of your pet C. The last four digits of your Social Security number D. A 15-character sequence of letters only

A. A 14-character sequence of numbers, letters, and symbols

What are some of the drawbacks to using a HIDS instead of a NIDS on a server? (Select the two best answers.) A. A HIDS may use a lot of resources, which can slow server performance. B. A HIDS cannot detect operating system attacks. C. A HIDS has a low level of detection of operating system attacks. D. A HIDS cannot detect network attacks.

A. A HIDS may use a lot of resources, which can slow server performance D. A HIDS cannot detect network attacks.

You are in charge of decreasing the chance of social engineering in your organization. Which of the following should you implement? A. A two-factor authentication scheme B. Vulnerability assessment C. Security awareness training D. Risk assessment

A. A two-factor authentication scheme C. Security awareness training

Imagine that you are an attacker. Which would be most desirable when attempting to compromise encrypted data? A. A weak key B. The algorithm used by the encryption protocol C. Captured traffic D. A block cipher

A. A weak key

One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next? A. ACLs B. NIDS C. AV definitions D. FTP permissions

A. ACLs

The IT director asks you to set up a system that will encrypt credit card data. She wants you to use the most secure symmetric algorithm with the least amount of CPU usage. Which of the following algorithms should you select? A. AES B. SHA-1 C. 3DES D. RSA

A. AES

When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization? A. AES B. 3DES C. SHA-512 D. MD5

A. AES

Which of the following protocols does the 802.11i standard support? A. AES B. RSA C. TKIP D. ECC E. DES

A. AES C. TKIP

Employees are asked to sign a document that describes the methods of accessing a company's servers. Which of the following best describes this document? A. Acceptable use policy B. Chain of custody C. Incident response D. Privacy Act of 1974

A. Acceptable use policy

What would you use to control the traffic that is allowed in or out of a network? (Select the best answer.) A. Access control lists B. Firewall C. Address Resolution Protocol D. Discretionary access control

A. Access control lists

A user attempts to log in to the network three times and fails each time. After the third time, the user is not allowed to attempt to log in for 30 minutes. What setting is this known as? A. Account lockout duration B. Account lockout threshold C. Password complexity requirements D. Minimum password age

A. Account lockout duration

You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security device needs to be configured to disable false alarms in the future? (Select the best answer.) A. Anomaly-based IDS B. Signature-based IPS C. Signature-based IDS D. UTM E. SIEM

A. Anomaly-based IDS

Which of the following will allow the triggering of a security alert because of a tracking cookie? A. Anti-spyware application B. Anti-spam software C. Network-based firewall D. Host-based firewall

A. Anti-spyware application

You are the network security administrator for your organization. You are in charge of deploying 50 new computers on the network. Which of the following should be completed first? A. Apply a baseline configuration B. Install operating system updates C. Install the latest spyware D. Install a spreadsheet program

A. Apply a baseline configuration

Which of the following best describes the proper method and reason to implement port security? A. Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network. B. Apply a security control that ties specific ports to end-device IP addresses, and prevents additional devices from being connected to the network. C. Apply a security control that ties specific ports to end-device MAC addresses, and prevents all devices from being connected to the network. D. Apply a security control that ties specific ports to end-device IP addresses, and prevents all devices from being connected to the network.

A. Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network.

Which of these is an example of social engineering? A. Asking for a username and password over the phone B. Using someone else's unsecured wireless network C. Hacking into a router D. Virus

A. Asking for a username and password over the phone

Which of the following is used when performing a quantitative risk analysis? A. Asset value B. Surveys C. Focus group D. Best practice

A. Asset value

Which of the following is used when performing a quantitative risk analysis? A. Asset value B. Surveys C. Focus groups D. Best practices

A. Asset value

Which of the following encryption concepts is PKI based on? A. Asymmetric B. Symmetric C. Elliptical curve D. Quantum

A. Asymmetric

Which of the following is the most complicated centralized key management scheme? A. Asymmetric B. Symmetric C. Whole disk encryption D. Steganography

A. Asymmetric

You have collected login information, file access information, security log files, and unauthorized security violations. What is this collection known as? A. Audit trail B. Audit C. Access control list D. Security log

A. Audit trail

One of your co-workers complains to you that he cannot see any security events in the Event Viewer. What are three possible reasons for this? (Select the three best answers.) A. Auditing has not been turned on. B. The log file is only 10 MB. C. The co-worker is not an administrator. D. Auditing for an individual object has not been turned on.

A. Auditing has not been turned on. C. The co-worker is not an administrator. D. Auditing for an individual object has not been turned on.

RAID is most concerned with what? A. Availability B. Baselining C. Confidentiality D. Integrity

A. Availability

Mark works for a financial company. He has been tasked to protect customer data. He decides to install a mantrap and an HVAC system in the data center. Which of the following concepts has he addressed? (choose 2) A. Availability B. Integrity C. Confidentiality D. Recovery E. Accountability

A. Availability C. Confidentiality

Which action should be taken to protect against a complete disaster in the case that a primary company's site is permanently lost? A. Back up all data to tape, and store those tapes at a sister site in another city. B. Back up all data to tape, and store those tapes at a sister site across the street. C. Back up all data to disk, and store the disk in a safe deposit box at the administrator's home. D. Back up all data to disk, and store the disk in a safe in the building's basement.

A. Back up all data to tape, and store those tapes at a sister site in another city.

You are contracted to conduct a forensic analysis of the computer. What should you do first? A. Back up the system B. Analyze the files C. Scan for viruses D. Make changes to the operating system

A. Back up the system

Which of the following requires a baseline? (Select the two best answers.) A. Behavior-based monitoring B. Performance Monitor C. Anomaly-based monitoring D. Signature-based monitoring

A. Behavior-based monitoring C. Anomaly-based monitoring

Which of the following are PII that are used in conjunction with each other? A. Birthday B. Full name C. Favorite food D. Marital status E. Pet's name

A. Birthday B. Full name

What type of attack sends two different messages using the same hash function, which end up causing a collision? A. Birthday attack B. Bluesnarfing C. Man-in-the-middle attack D. Logic bomb

A. Birthday attack

Which of the following are Bluetooth threats? (Select the two best answers.) A. Bluesnarfing B. Blue bearding C. Bluejacking D. Distributed denial-of-service

A. Bluesnarfing C. Bluejacking

A group of compromised computers that have software installed by a worm or Trojan is known as which of the following? A. Botnet B. Virus C. Rootkit D. Zombie

A. Botnet

Which of the following methods can be used by a security administrator to recover a user's forgotten password from a password-protected file? A. Brute-force B. Packet sniffing C. Social engineering D. Cognitive password

A. Brute-force

A NOP slide is an indication of what kind of attack? A. Buffer overflow B. SQL injection C. XSS D. Smurf attack

A. Buffer overflow

Which of the following describes an application that accepts more input than it was originally expecting? A. Buffer overflow B. Denial of service (DoS) C. Sandbox D. Brute force

A. Buffer overflow

Heaps and stacks can be affected by which of the following attacks? A. Buffer overflows B. Rootkits C. SQL injection D. Cross-site scripting

A. Buffer overflows

Your company has a mix of on-premises infrastructure and cloud-provider infrastructure and needs to extend the reach of its security policies beyond the internal infrastructure. Which of the following would be the BEST solution for the company to consider? A. CASB B. SaaS C. PaaS D. MaaS

A. CASB

Which of the following protocols or services uses port 19? A. CHARGEN B. Echo C. Telnet D. SMTP

A. CHARGEN

What should you publish a compromised certificate to? A. CRL B. CA C. PKI D. AES

A. CRL

You are in charge of PKI certificates. What should you implement so that stolen certificates cannot be used? A. CRL B. CAD C. CA D. CRT

A. CRL

Stephen has been instructed to update all three routers' firmware for his organization. Where should he document his work? A. Change management system B. Router system log C. Event Viewer D. Chain of custody

A. Change management system

You have been tasked with blocking DNS requests and zone transfers coming from outside IP addresses. You analyze your organization's firewall and note that it implements an implicit allow and currently has the following ACL configured for the external interface: permit TCP any any 80 permit TCP any any 443 Which of the following rules would accomplish your goal? (Select the two best answers.) A. Change the implicit rule to an implicit deny B. Remove the current ACL C. Add the following ACL at the top of the current ACL: deny TCP any any 53 D. Add the following ACL at the bottom of the current ACL: deny ICMP any any 53 E. Apply the current ACL to all interfaces of the firewall F. Add the following ACL at the bottom of the current ACL: deny IP any any 53

A. Change the implicit rule to an implicit deny F. Add the following ACL at the bottom of the current ACL: deny IP any any 53

A hash algorithm has the capability to avoid the same output from two guessed inputs. What is this known as? A. Collision resistance B. Collision strength C. Collision cipher D. Collision metric

A. Collision resistance

Specific secure data is only supposed to be viewed by certain authorized users. What concept ensures this? A. Confidentiality B. Integrity C. Availability D. Authenticity

A. Confidentiality

What are two ways to secure the computer within the BIOS? (Select the two best answers.) A. Configure a supervisor password. B. Turn on BIOS shadowing. C. Flash the BIOS. D. Set the hard drive first in the boot order.

A. Configure a supervisor password. D. Set the hard drive first in the boot order.

Your organization hires temporary users to assist with end-of-year resources and calculations. All the temporary users need access to the same domain resources. These "temps" are hired for a specific period of time with a set completion date. Users log on to a Windows domain controlled by a Windows Server domain controller. Your job is to make sure that the accounts can be used only during the specific period of time for which the temps are hired. The solution you select should require minimal administrative effort and upkeep. Of the following, what is the best solution? A. Configure expiration dates for the temp user accounts B. Configure password expiration dates for temp user accounts C. Configure a domain password policy for the temp user accounts D. Configure a local password policy on the computers used by temp user accounts E. Delete the temp user accounts at the end the work period

A. Configure expiration dates for the temp user accounts

You are the security administrator for your organization. You have just identified a malware incident. Of the following, what should be your first response? A. Containment B. Removal C. Recovery D. Monitoring

A. Containment

Which of the following will an Internet filtering appliance analyze? (Select the three best answers.) A. Content B. Certificates C. Certificate revocation lists D. URLs

A. Content B. Certificates D. URLs

What is a device doing when it actively monitors data streams for malicious code? A. Content inspection B. URL filtering C. Load balancing D. NAT

A. Content inspection

Which of the following is the best practice to secure log files? A. Copy the log files to a server in a remote location. B. Log all failed and successful login attempts. C. Increase the size of the log files. D. Perform hashing of the log files.

A. Copy the log files to a server in a remote location.

There is an important upcoming patch to be released. You are required to test the installation of the patch a dozen times before the patch is distributed to the public. What should you perform to test the patching process quickly and often? A. Create a virtualized sandbox and utilize snapshots B. Create an image of a patched PC and replicate it to the servers C. Create an incremental backup of an unpatched PC D. Create a full disk image to restore after each installation

A. Create a virtualized sandbox and utilize snapshots

Your network is a Windows domain controlled by a Windows Server domain controller. Your goal is to configure user access to file folders shared to the network. In your organization, directory access is dependent upon a user's role in the organization. You need to keep to a minimum the administrative overhead needed to manage access security. You need to be able to quickly modify a user's permissions if that user is assigned to a different role. A user can be assigned to more than one role within the organization. What solutions should you implement? (Select the two best answers.) A. Create security groups and assign access permissions based on organizational roles B. Place users in OUs based on organizational roles C. Create an OU for each organizational role and link GPOs to each OU D. Place users' computers in OUs based on user organizational roles E. Assign access permission explicitly by user account

A. Create security groups and assign access permissions based on organizational roles C. Create an OU for each organizational role and link GPOs to each OU

Of the following, what is the most common problem associated with UTP cable? A. Crosstalk B. Data emanation C. Chromatic dispersion D. Vampire tapping

A. Crosstalk

Which of the following is the weakest encryption type? A. DES B. RSA C. AES D. SHA

A. DES

Which of the following is an area of the network infrastructure that enables a person to put public-facing systems into it without compromising the entire infrastructure? A. DMZ B. VLAN C. VPN D. NAT

A. DMZ

Which of the following should be placed between the LAN and the Internet? A. DMZ B. HIDS C. Domain controller D. Extranet

A. DMZ

Which of the following would you set up in a multifunction SOHO router? A. DMZ B. DOS C. OSI D. ARP

A. DMZ

A coworker goes to a website but notices that the browser brings her to a different website and that the URL has changed. What type of attack is this? A. DNS poisoning B. Denial of service C. Buffer overflow D. ARP poisoning

A. DNS poisoning

What is the most commonly seen security risk of using coaxial cable? A. Data that emanates from the core of the cable B. Crosstalk between the different wires C. Chromatic dispersion D. Jamming

A. Data that emanates from the core of the cable

Which of the following is the first step in creating a security baseline? A. Define a security policy B. Install software patches C. Perform vulnerability testing D. Mitigate risk

A. Define a security policy

What is a default rule found in a firewall's ACL? A. Deny all B. Permit all C. netsh advfirewall firewall D. add address=192.168.0.0/16

A. Deny all

What kind of security control do computer security audits fall under? A. Detective B. Preventive C. Corrective D. Protective

A. Detective

You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution? A. Device encryption B. Remote wipe C. Screen locks D. AV software

A. Device encryption

Which wireless configurations can be easily circumvented using a network sniffer? (select 2) A. Disabled SSID B. EAP-TLS C. WPA2 D. MAC filtering E. WEP with 802.1X

A. Disabled SSID D. MAC filtering

Which of the following are components of hardening an operating system? A. Disabling unnecessary services B. Configuring the desktop C. Applying patches D. Adding users to the administrators group E. Enabling services

A. Disabling unnecessary services C. Applying patches

Your organization already has a policy in place that bans flash drives. What other policy could you enact to reduce the possibility of data leakage? A. Disallow the saving of data to a network share B. Enforce that all work files have to be password protected C. Disallow personal music devices D. Allow unencrypted HSMs

A. Disallow the saving of data to a network share

You have been tasked with sending a decommissioned SSL certificate server's hard drives to be destroyed by a third-party company. What should you implement before sending the drives out? (Select the two best answers.) A. Disk wiping B. Data retention policies C. Removable media encryption D. Full disk encryption E. Disk hashing

A. Disk wiping D. Full disk encryption

Your boss has instructed you to shred some confidential documents. Which threat does this mitigate? A. Dumpster diving B. Tailgating C. Shoulder surfing D. Baiting

A. Dumpster diving

Which of the following are symmetric encryption algorithms? A. ECC B. AES C. RSA D. DES E. RC4 F. Diffie-Hellman G. 3DES

A. ECC B. AES C. RSA D. 3DES

Your organization's server uses a public, unencrypted communication channel. You are required to implement protocols that allow clients to securely negotiate encryption keys with the server. What protocols should you select? (Select the two best answers.) A. ECDHE B. PBKDF2 C. Steganography D. Diffie-Hellman E. Symmetric encryption

A. ECDHE D. Diffie-Hellman

Which option enables you to hide the bootmgr file? A. Enable Hide Protected Operating System Files B. Enable Show Hidden Files and Folders C. Disable Hide Protected Operating System Files D. Remove the -R Attribute

A. Enable Hide Protected Operating System Files

A user can enter improper input into a new computer program and is able to crash the program. What has your organization's programmer most likely failed to implement? A. Error handling B. CRC C. SDLC D. Data formatting

A. Error handling

Your organization must achieve compliance for PCI and SOX. Which of the following would best allow the organization to achieve compliance and ensure security? (Select the three best answers.) A. Establish a company framework B. Compartmentalize the network C. Centralize management of all devices on the network D. Apply technical controls to meet compliance regulations E. Establish a list of users that must work with each regulation F. Establish a list of devices that must meet regulations

A. Establish a company framework B. Compartmentalize the network D. Apply technical controls to meet compliance regulations

As a security administrator, you must be constantly vigilant and always be aware of the security posture of your systems. Which of the following supports this goal? A. Establishing baseline reporting B. Disabling unnecessary services C. Training staff on security policies D. Installing anti-malware applications

A. Establishing baseline reporting

You scan the network and find a counterfeit access point that is using the same SSID as an already existing access point. What is this an example of? A. Evil twin B. War-driving C. AP isolation D. Rogue access point

A. Evil twin

Which of the following would a DMZ typically contain? A. FTP server B. SQL server C. Customer account database D. User workstations

A. FTP server

What is the best way to utilize FTP sessions securely? A. FTPS B. FTP passive C. FTP active D. TFTP

A. FTPS

Which of the following results occurs when a biometric system identifies a legitimate user as unauthorized? A. False rejection B. FAR C. False acceptance D. CER E. False exception

A. False rejection

What would be an example of a device used to shield a server room from data emanation? A. Faraday cage B. TEMPEST C. EMI D. Crosstalk

A. Faraday cage

Which device's log file will show access control lists and who was allowed access and who wasn't? A. Firewall B. Smartphone C. Performance Monitor D. IP proxy

A. Firewall

Which of the following security technologies should you provide to allow users remote access to your network? (choose 2) A. Firewall B. Subnetting C. NAT D. VPN E. NAC

A. Firewall D. VPN

In addition to bribery and forgery, which of the following are the most common techniques that attackers use to socially engineer people? (Select the two best answers.) A. Flattery B. Assuming a position of authority C. Dumpster diving D. WHOIS search

A. Flattery C. Dumpster diving

To protect against malicious attacks, what should you think like? A. Hacker B. Network admin C. Spoofer D. Auditor

A. Hacker

Which of the following best describes a TPM? A. Hardware chip that stores keys B. High-speed secure removable storage device C. Third-party certificate authority D. USB encryption

A. Hardware chip that stores keys

You have implemented a technology that enables you to review logs from computers located on the Internet. The information gathered is used to find out about new malware attacks. What have you implemented? A. Honeynet B. Protocol analyzer C. Firewall D. Proxy

A. Honeynet

Which of the following environmental variables reduces the possibility of static discharges (ESD)? A. Humidity B. Temperature C. EMI D. RFI

A. Humidity

Which of the following is usually used with L2TP? A. IPsec B. SSH C. PHP D. SHA

A. IPsec

Which of the following security actions should be completed before a user is given access to the network? A. Identification and authentication B. Authentication and authorization C. Identification and authorization D. Authentication and biometrics

A. Identification and authentication

You are attempting to establish host-based security for your organization's workstations. Which of the following is the best way to do this? A. Implement OS hardening by applying GPOs B. Implement database hardening by applying vendor guidelines. C. Implement web server hardening by restricting service accounts. D. Implement firewall rules to restrict access.

A. Implement OS hardening by applying GPOs

Of the following backup types, which describes the backup of files that have changed since the last full or incremental backup? A. Incremental B. Differential C. Full D. Copy

A. Incremental

Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption? A. Individually encrypted files will remain encrypted if they are copied to external drives. B. It reduces the processing overhead necessary to access encrypted files. C. NTFS permissions remain intact when files are copied to an external drive. D. Double encryption doubles the bit strength of the encrypted file

A. Individually encrypted files will remain encrypted if they are copied to external drives.

What types of technologies are used by external motion detectors? (Select the two best answers.) A. Infrared B. RFID C. Gamma rays D. Ultrasonic

A. Infrared

What's the best way to prevent SQL injection attacks on web applications? A. Input validation B. Host-based firewall C. Add HTTPS pages D. Update the web server

A. Input validation

Which of the following invalidates SQL injection attacks that were launched from a lookup field of a web server? A. Input validation B. Security template C. NIDS D. Buffer overflow protection

A. Input validation

Which of the following should be implemented to harden an operating system? (Select the two best answers.) A. Install the latest updates. B. Install Windows Defender. C. Install a virtual operating system. D. Execute PHP scripts.

A. Install the latest updates. B. Install Windows Defender.

Jake is in the process of running a bulk data update. However, the process writes incorrect data throughout the database. What has been compromised? A. Integrity B. Confidentiality C. Availability D. Accountability

A. Integrity

The honeypot concept is enticing to administrators because A. It enables them to observe attacks. B. It traps an attacker in a network. C. It bounces attacks back at the attacker. D. It traps a person physically between two locked doors.

A. It enables them to observe attacks.

Which of the following would you make use of when performing a qualitative risk analysis? A. Judgment B. Asset value C. Threat frequency D. SLE

A. Judgment

Users on your network are identified with tickets. Which of the following systems is being used? A. Kerberos B. RADIUS C. TACACS+ D. LDAP

A. Kerberos

Which of the following network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource, and uses a Key Distribution Center (KDC)? A. Kerberos B. RADIUS C. TACACS+ D. PKI

A. Kerberos

During a software development review, the cryptographic engineer advises the project manager that security can be improved by significantly slowing down the runtime of the hashing algorithm and increasing entropy by passing the input and salt back during each iteration. Which of the following best describes what the engineer is trying to achieve? A. Key stretching B. Confusion C. Diffusion D. Root of Trust E. Monoalphabetic cipher F. PRNG G. Pass the hash

A. Key stretching

Which of the following enables an attacker to float a domain registration for a maximum of five days? A. Kiting B. DNS poisoning C. Domain hijacking D. Spoofing

A. Kiting

Which of the following protocols creates an unencrypted tunnel? A. L2TP B. PPTP C. IPsec D. VPN

A. L2TP

NTLM is for the most part backward compatible and is an improved version of which of the following? A. LANMAN B. AES C. MD5 D. passwd

A. LANMAN

When using the mandatory access control model, what component is needed? A. Labels B. Certificates C. Tokens D. RBAC

A. Labels

Which of the following would an antivirus program most likely not detect? (Select the two best answers.) A. Logic bomb B. Worm C. Virus D. Trojan E. Pharming

A. Logic bomb E. Pharming

You receive complaints about network connectivity being disrupted. You suspect that a user connected both ends of a network cable to two different ports on a switch. What can be done to prevent this? A. Loop protection B. DMZ C. VLAN segregation D. Port forwarding

A. Loop protection

Your organization has a policy that states that user passwords must be at least 16 characters. Your computers use NTLM2 authentication for clients. Which of the following hash algorithms will be used for password authentication? A. MD5 B. AES C. LM hash D. SHA

A. MD5

An employee of your organization was escorted off of the premises for suspicion of fraudulent activity, but the employee had been working for two hours before leaving. You have been asked to find out what files have changed since last night's integrity scan. Which protocols could you use to perform your task? (Select the two best answers.) A. MD5 B. ECC C. AES D. PGP E. HMAC F. Blowfish

A. MD5 E. HMAC

What is software that is designed to infiltrate a computer system without the user's knowledge or consent? A. Malware B. Privilege escalation C. Whitelists D. HIDS

A. Malware

Your boss speculates that an employee in a sensitive position is committing fraud. What is the best way to identify if this is true? A. Mandatory vacations B. Separation of duties C. Due diligence D. Acceptable usage policy

A. Mandatory vacations

You need to protect your data center from unauthorized entry at all times. Which is the best type of physical security to implement? A. Mantrap B. Video surveillance C. Nightly security guards D. 802.1X

A. Mantrap

Rick is reviewing the logs of a host-based IDS. They show that the computer has been compromised by a botnet and is communicating with a master server. If Rick needs to power the computer off, which of the following types of data will be unavailable? A. Memory, system processes, and network processes B. Memory, archival storage, and temporary files C. Swap files, system processes, and the master boot record D. The system disk, e-mail, and log files

A. Memory, system processes, and network processes

Your boss needs you to implement a password policy that prevents a user from reusing the same password. To be effective, the policy must be implemented in conjunction with the password history policy. Which of the following is the best method? A. Minimum age B. Expiration time C. Password length D. Lockout time

A. Minimum age

The IT director asks you to create a solution to protect your network from Internet-based attacks. The solution should include pre-admission security checks and automated remediation and should also integrate with existing network infrastructure devices. Which of the following solutions should you implement? A. NAC B. NAT C. VLAN D. Subnetting

A. NAC

Which of the following security applications cannot proactively detect computer anomalies? A. NIDS B. HIPS C. Antivirus software D. Personal software firewall

A. NIDS

Which of the following will identify a Smurf attack? A. NIDS B. Firewall C. Content filter D. Load balancer

A. NIDS

Which of the following would you most likely find in a buffer overflow attack? A. NOP instructions B. Sequence numbers C. IV length D. Set flags

A. NOP instructions

A customer's SD card uses FAT32 as its file system. What file system can you upgrade it to when using the convert command? A. NTFS B. HPFS C. ext4 D. NFS

A. NTFS

You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance? A. Network mapper B. Protocol analyzer C. Port scanner D. Vulnerability scanner

A. Network mapper

Which of the following is used to validate whether trust is in place and accurate by retuning responses of "good," "unknown," or "revoked"? A. OCSP B. PKI C. CRL D. RA

A. OCSP

Which of the following has schemas written in XML? A. OVAL B. 3DES C. WPA D. PAP

A. OVAL

Why do attackers often target nonessential services? (Select the two best answers.) A. Often they are not configured correctly. B. They are not monitored as often. C. They are not used. D. They are not monitored by an IDS.

A. Often they are not configured correctly. B. They are not monitored as often.

Which of the following combines the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext? A. One-time pad B. Obfuscation C. PBKDF2 D. ECDH

A. One-time pad

E-mail servers can be maliciously exploited in many ways, for example, spoofing e-mail messages. Which of the following is a common component that attackers would use to spoof e-mails? A. Open relay B. Web proxy C. Session hijacking D. Logic bomb

A. Open relay

Of the following definitions, which would be an example of eavesdropping? A. Overhearing parts of a conversation B. Monitoring network traffic C. Another person looking through your files D. A computer capturing information from a sender

A. Overhearing parts of a conversation

Which of the following requires a CA during the authentication process? A. PEAP-TLS B. FTPS explicit C. FTPS implicit D. MD5

A. PEAP-TLS

A user is required to have a password that is 14 characters or more. What is this an example of? A. Password length B. Password recovery C. Password complexity D. Password expiration

A. Password length

Your organization has enacted a policy where employees are required to create passwords with at least 15 characters. What type of policy does this define? A. Password length B. Password expiration C. Minimum password age D. Password complexity

A. Password length

Which of the following methods is the most closely associated with DLL injection? A. Penetration testing B. Vulnerability assessment C. Performance monitoring D. Auditing

A. Penetration testing

You have established a baseline for your server. Which of the following is the best tool to use to monitor any changes to that baseline? A. Performance Monitor B. Anti-spyware C. Antivirus software D. Vulnerability assessments software

A. Performance Monitor

Jason is a security administrator for a company of 4000 users. He wants to store 6 months of security logs to a logging server for analysis. The reports are required by upper management due to legal obligations but are not time-critical. When planning for the requirements of the logging server, which of the following should not be implemented? A. Performance baseline and audit trails B. Time stamping and integrity of the logs C. Log details and level of verbose logging D. Log storage and backup requirements

A. Performance baseline and audit trails

Which of the following tools uses ICMP as its main underlying protocol? A. Ping scanner B. Port scanner C. Image scanner D. Barcode scanner

A. Ping scanner

Which of the following ports is required by an e-commerce web server running SSL? A. Port 443 inbound B. Port 80 inbound C. Port 80 outbound D. Port 443 outbound

A. Port 443 inbound

Which of the following are requirements for a cold site? A. Power and connectivity B. Redundant servers and networking devices C. Close proximity to the data center D. Patched and updated client computers

A. Power and connectivity

In a public key infrastructure setup, which of the following should be used to encrypt the signature of an e-mail? A. Private key B. Public key C. Shared key

A. Private key

Your boss wants you to set up an authentication scheme in which employees will use smart cards to log in to the company network. What kind of key should be used to accomplish this? A. Private key B. Public key C. Cipher key D. Shared key

A. Private key

Which of the following can be described as the act of exploiting a bug or flaw in software to gain access to resources that normally would be protected? A. Privilege escalation B. Chain of custody C. Default account D. Backdoor

A. Privilege escalation

You are the network security administrator for your organization. You recently audited a server and found that a user logged in to the server with a regular account, executed a program, and performed activities that should be available only to an administrator. What type of attack does this describe? A. Privilege escalation B. Backdoor C. Trojan horse D. Brute-force

A. Privilege escalation

Which of the following can determine which flags are set in a TCP/IP handshake? A. Protocol analyzer B. Port scanner C. SYN/ACK D. Performance Monitor

A. Protocol analyzer

Which of the following enables a person to view the IP headers on a data packet? A. Protocol analyzer B. NIDS C. Firewall D. L2 switch

A. Protocol analyzer

You suspect a broadcast storm on the LAN. Which tool is required to diagnose which network adapter is causing the storm? A. Protocol analyzer B. Firewall C. Port scanner D. Network intrusion detection system E. Port mirror

A. Protocol analyzer

You work as a network administrator for your organization and need a tool to capture ICMP, HTTP, FTP, and other packets of information. Which of the following tools should you use? A. Protocol analyzer B. Penetration tester C. Vulnerability scanner D. Port scanner

A. Protocol analyzer

In which two environments would social engineering attacks be most effective? (Select the two best answers.) A. Public building with shared office space B. Company with a dedicated IT staff C. Locked building D. Military facility E. An organization whose IT personnel have little training

A. Public building with shared office space E. An organization whose IT personnel have little training

When a user's web browser communicates with a CA, what PKI element does the CA require from the browser? A. Public key B. Private key C. Symmetric key D. Secret key

A. Public key

Why do hackers often target nonessential services? A. Quite often, they are not configured correctly. B. They are not monitored as often. C. They are not used. D. They are not monitored by an IDS.

A. Quite often, they are not configured correctly. B. They are not monitored as often.

You have been tasked with increasing the level of server fault tolerance, but you have been given no budget to perform the task. Which of the following should you implement to ensure that servers' data can withstand hardware failure? A. RAID B. Hardware load balancing C. A cold site D. Towers of Hanoi

A. RAID

Which of the following is not a valid cryptographic hash function? A. RC4 B. SHA-512 C. MD5 D. RIPEMD

A. RC4

Which of the following defines a business goal for system restoration and acceptable data loss? A. RPO B. Warm site C. MTBF D. MTTR

A. RPO

When creating a public/private key pair, which of the following would an admin need to specify key strength? A. RSA B. AES C. DES D. SHA

A. RSA

Which one of the following is the most common encryption protocol used for key exchange during a secure web session? A. RSA B. AES C. SHA D. PKI

A. RSA

A user receives an encrypted message that was encrypted using asymmetric cryptography. What does this recipient need to decrypt the message? A. Recipient's private key B. Recipient's public key C. Sender's private key D. Sender's public key

A. Recipient's private key

You have been given the task of scanning for viruses on a PC. What is the best of the following methods? A. Recovery environment B. Dual-boot into Linux C. Command Prompt only D. Boot into Windows normally

A. Recovery environment

A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do? A. Remote wipe B. GPS tracking C. Implement encryption D. Turn on screen locks

A. Remote wipe

A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device? (Select the two best answers.) A. Remote wipe B. E-mail password C. GPS D. Tethering E. Encryption F. Screen lock

A. Remote wipe E. Encryption

Which of the following attacks is best described as an attacker capturing part of a communication, and then later sending some or all of that communication to a server while pretending to be the original client? A. Replay attack B. TCP/IP hijacking C. Backdoor D. Man-in-the-middle attack

A. Replay attack

You are the systems administrator for your organization. Human resources notifies you that a particular user has been terminated. What should you do? A. Retain the user's data for a specific amount of time. B. Delete the user's account. C. Delete the user's data. D. Disable the user's account.

A. Retain the user's data for a specific amount of time. D. Disable the user's account.

A company has a high attrition rate. What should you ask the network administrator to do first? (Select the best answer.) A. Review user permissions and access control lists. B. Review group policies. C. Review Performance logs. D. Review the Application log.

A. Review user permissions and access control lists.

Identifying residual risk is considered to be the most important task when dealing with which of the following? A. Risk acceptance B. Risk deterrence C. Risk avoidance D. Risk mitigation

A. Risk acceptance

You are implementing a new enterprise database server. After you evaluate the product with various vulnerability scans you determine that the product is not a threat in of itself but it has the potential to introduce new vulnerabilities to your network. Which assessment should you now take into consideration while you continue to evaluate the database server? A. Risk assessment B. Code assessment C. Vulnerability assessment D. Threat assessment

A. Risk assessment

Your boss asks you to purchase additional insurance in an effort to reduce risk. What is this an example of? A. Risk transference B. Risk elimination C. Risk acceptance D. Risk avoidance

A. Risk transference

Which of the following is an unauthorized wireless router that allows access to a secure network? A. Rogue AP B. Evil twin C. War-driving D. AP isolation

A. Rogue AP

You have been commissioned by a customer to implement a network access control model that limits remote users' network usage to normal business hours only. You create one policy that applies to all the remote users. What access control model are you implementing? A. Role-based access control B. Mandatory access control C. Discretionary access control D. Rule-based access control

A. Role-based access control

In an environment where administrators, the accounting department, and the marketing department all have different levels of access, which of the following access control models is being used? A. Role-based access control (RBAC) B. Mandatory access control (MAC) C. Discretionary access control (DAC) D. Rule-based access control (RBAC)

A. Role-based access control (RBAC)

Which of the following access control methods uses rules to govern whether object access will be allowed? (Select the best answer.) A. Rule-based access control B. Role-based access control C. Discretionary access control D. Mandatory access control E. Attribute-based access control

A. Rule-based access control

You are in charge of the disaster recovery plan for your organization. What can you do to make sure that the DRP can be implemented quickly and correctly? A. Run a test of the recovery plan B. Send the plan to management for approval C. Distribute copies of the plan to key personnel D. Store the recovery plan in a secure area

A. Run a test of the recovery plan

Which protocol is based on SSH? A. SFTP B. TFTP C. FTP D. FTPS

A. SFTP

As a network administrator, one of your jobs is to deal with Internet service providers. You want to ensure that a provider guarantees end-to-end traffic performance. What is this known as? A. SLA B. VPN C. DRP D. WPA

A. SLA

You have three e-mail servers. What is it called when one server forwards e-mail to another? A. SMTP relay B. Buffer overflows C. POP3 D. Cookies

A. SMTP relay

The IT director has asked you to install agents on several client computers and monitor them from a program at a server. What is this known as? A. SNMP B. SMTP C. SMP D. Performance Monitor

A. SNMP

Which of the following is the best option if you are trying to monitor network devices? A. SNMP B. Telnet C. FTPS D. IPsec

A. SNMP

Which of the following makes use of three components: a managed device, an agent, and a network management system? A. SNMP B. Wireshark C. Performance Monitor

A. SNMP

Which of these governs the disclosure of financial data? A. SOX B. HIPAA C. GLB D. Top secret

A. SOX

Which of the following network protocols sends data between two computers while using a secure channel? A. SSH B. SMTP C. SNMP D. P2P

A. SSH

Your organization has several separate logins necessary to gain access to several different sets of resources. What access control method could solve this problem? A. SSO B. Two-factor authentication C. Biometrics D. Smart card

A. SSO

What kind of attack would a flood guard protect a network from? A. SYN attack B. Xmas attack C. MITM attack D. Botnet

A. SYN attack

Which one of the following attacks misuses the Transmission Control Protocol three-way handshake process in an attempt to overload network servers so that authorized users are denied access to network resources? A. SYN attack B. Man-in-the-middle attack C. Teardrop attack D. Smurf attack

A. SYN attack

To find out when a computer was shut down, which log file would an administrator use? A. Security B. System C. Application D. DNS

A. Security

Your organization has several building keys circulating among various executive and human resources employees. You are concerned that the keys could be easily lost, stolen, or duplicated, so you have decided to implement an additional security control based on facial recognition. Which of the following will address this goal? A. Security guard B. Fingerprint scanner C. Mantraps D. Proximity readers

A. Security guard

You are designing security for an application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. What access control method should you use? A. Separation of duties B. Implicit deny C. Job rotation D. Least privilege

A. Separation of duties

What are two ways to secure a Microsoft-based web browser? (Select the two best answers.) A. Set the Internet zone's security level to High. B. Disable the pop-up blocker. C. Disable ActiveX controls. D. Add malicious sites to the Trusted Sites zone.

A. Set the Internet zone's security level to High. C. Disable ActiveX controls.

A wireless network switch has connectivity issues but only when the air-conditioning system is running. What can be added to fix the problem? A. Shielding B. A wireless network C. A key deflector D. Redundant air-conditioning systems

A. Shielding

Which of the following environmental controls is part of the TEMPEST standards? A. Shielding B. Fire suppression C. HVAC D. Biometrics

A. Shielding

You have been ordered to implement a secure shredding system as well as privacy screens. What two attacks is your organization attempting to mitigate? A. Shoulder surfing B. Impersonation C. Phishing D. Dumpster diving E. Tailgating

A. Shoulder surfing

What should be incorporated with annual awareness security training? A. Signing of a user agreement B. Implementation of security controls C. User rights and permissions review D. Succession planning

A. Signing of a user agreement

Of the following, what two authentication mechanisms require something you physically possess? (Select the two best answers.) A. Smart card B. Certificate C. USB flash drive D. Username and password

A. Smart card C. USB flash drive

Give two examples of hardware devices that can store keys. (Select the two best answers.) A. Smart card B. Network adapter C. PCI Express card D. USB flash drive

A. Smart card D. USB flash drive

What devices will not be able to communicate in a Faraday cage? (Select the two best answers.) A. Smartphones B. Servers C. Tablets D. Switches

A. Smartphones C. Tablets

User education can help to defend against which of the following? (Select the three best answers.) A. Social engineering B. Phishing C. Rainbow tables D. Dumpster diving

A. Social engineering B. Phishing D. Dumpster diving

What type of cloud service is webmail known as? A. Software as a Service B. Remote Desktop C. Platform as a Service D. Infrastructure as a Service

A. Software as a Service

A proximity card is an example of what? A. Something a user has B. Something a user is C. Something a user knows D. Something a user does

A. Something a user has

An attacker uses a method that is meant to obtain information from a specific person. What type of attack is this? A. Spear phishing B. DNS poisoning C. Pharming D. Fraggle

A. Spear phishing

One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive-by download of unwanted software occurred. What does the download most likely contain? A. Spyware B. DDoS C. Smurf D. Backdoor E. Logic bomb

A. Spyware

Which of the following statements best describes a static NAT? A. Static NAT uses a one-to-one mapping. B. Static NAT uses a many-to-many mapping. C. Static NAT uses a one-to-many mapping. D. Static NAT uses a many-to-one mapping.

A. Static NAT uses a one-to-one mapping.

Which of the following describes hiding data within other files? A. Steganography B. PKI C. Encryption D. Nonrepudiation

A. Steganography

You want to reduce network traffic on a particular network segment to limit the amount of user visibility. Which of the following is the best device to use in this scenario? A. Switch B. Hub C. Router D. Firewall

A. Switch

Which type of encryption technology is used with the BitLocker application? A. Symmetric B. Asymmetric C. Hashing D. WPA2

A. Symmetric

You need to encrypt and send a large amount of data. Which of the following would be the best option? A. Symmetric encryption B. Hashing algorithm C. Asymmetric encryption D. PKI

A. Symmetric encryption

Which of the following log files identifies when a computer was last shut down? A. System B. Security C. Application D. Directory Services

A. System

HIDS and NIDS are similar intrusion detection systems. However, one is for individual computers, and the other is for networks. Which of the following would a HIDS be installed to monitor? A. System files B. CPU performance C. Network adapter performance D. Temporary Internet files

A. System files

You are reviewing your organization's continuity plan, which specifies an RTO of six hours and an RPO of two days. Which of the following is the plan describing? A. Systems should be restored within six hours and no later than two days after the incident B. Systems should be restored within two days and should remain operational for at least six hours. C. Systems should be restored within six hours with a maximum of two days' worth of data latency. D. Systems should be restored within two days with a minimum of six hours' worth of data.

A. Systems should be restored within six hours and no later than two days after the incident

What is the most secure method of authentication and authorization in its default form? A. TACACS B. Kerberos C. RADIUS D. LDAP

A. TACACS

You need to control access to a network through a Cisco router. Which of the following authentication services should you use? A. TACACS+ B. SSH C. Telnet D. SNMP

A. TACACS+

Which of the following attacks involve intercepting a session and modifying network packets? A. TCP/IP hijacking B. Denial of service C. Man-in-the-middle attack D. DNS poisoning E. Null session

A. TCP/IP hijacking C. Man-in-the-middle attack

Which of the following answers are not part of IPsec? (Select the two best answers.) A. TKIP B. Key exchange C. AES D. Authentication header

A. TKIP C. AES

Which of the following is embedded and contains a storage root key? A. TPM B. HSM C. EFS D. BitLocker

A. TPM

Which of the following would be considered detrimental effects of a virus hoax? (Select the two best answers.) A. Technical support resources are consumed by increased user calls. B. Users are at risk for identity theft. C. Users are tricked into changing the system configuration. D. The e-mail server capacity is consumed by message traffic.

A. Technical support resources are consumed by increased user calls. C. Users are tricked into changing the system configuration.

On Monday, all employees of your organization report that they cannot connect to the corporate wireless network, which uses 802.1X with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the most likely cause of the problem? A. The Remote Authentication Dial-In User Service certificate has expired. B. The DNS server is overwhelmed with connections and is unable to respond to queries. C. There have been too many incorrect authentication attempts and this caused users to be temporarily disabled. D. The company IDS detected a wireless attack and disabled the wireless network.

A. The Remote Authentication Dial-In User Service certificate has expired.

Your boss wants you to properly log what happens on a database server. What are the most important concepts to think about while you do so? (Select the two best answers.) A. The amount of virtual memory that you will allocate for this task B. The amount of disk space you will require C. The information that will be needed to reconstruct events later D. Group Policy information

A. The amount of virtual memory that you will allocate for this task

You are surprised to notice that a co-worker's computer is communicating with an unknown IRC server and is scanning other systems on the network. None of this was scheduled by anyone in your organization, and the user appears to be unaware of what is transpiring. What is the most likely cause? A. The computer is part of a botnet. B. The computer is infected with a worm. C. The computer is infected with spyware. D. The computer is infected with a rootkit.

A. The computer is part of a botnet.

Last week, one of the users in your organization encrypted a file with a private key. This week the user left the organization, and unfortunately the systems administrator deleted the user's account. What are the most probable outcomes of this situation? (Select the two best answers.) A. The data is not recoverable. B. The former user's account can be re-created to access the file. C. The file can be decrypted with a PKI. D. The data can be decrypted using the recovery agent. E. The data can be decrypted using the root user account.

A. The data is not recoverable. D. The data can be decrypted using the recovery agent.

Which of the following is a best practice when a mistake is made during a forensic examination? A. The examiner should document the mistake and work around the problem. B. The examiner should attempt to hide the mistake during the examination. C. The examiner should disclose the mistake and assess another area of the disc. D. The examiner should verify the tools before, during, and after an examination.

A. The examiner should document the mistake and work around the problem.

You are in charge of recycling computers. Some of the computers have hard drives that contain personally identifiable information (PII). What should be done to the hard drive before it is recycled? A. The hard drive should be sanitized. B. The hard drive should be reformatted. C. The hard drive should be destroyed. D. The hard drive should be stored in a safe area.

A. The hard drive should be sanitized.

What does steganography replace in graphic files? A. The least significant bit of each byte B. The most significant bit of each byte C. The least significant byte of each bit D. The most significant byte of each bit

A. The least significant bit of each byte

In a discretionary access control model, who is in charge of setting permissions to a resource? A. The owner of the resource B. The administrator C. Any user of the computer D. The administrator and the owner

A. The owner of the resource

Analyze the following network traffic logs depicting communications between Computer1 and Computer2 on opposite sides of a router. The information was captured by the computer with the IPv4 address 10.254.254.10. Computer1 Computer2 [192.168.1.105]------[INSIDE 192.168.1.1 router OUTSIDE 10.254.254.1] -----[10.254.254.10] LOGS 7:58:36 SRC 10.254.254.1:3030, DST 10.254.254.10:80, SYN 7:58:38 SRC 10.254.254.10:80, DST 10.254.254.1:3030, SYN/ACK 7:58:40 SRC 10.254.254.1:3030, DST 10.254.254.10:80, ACK Given the information, which of the following can you infer about the network communications? A. The router implements NAT. B. The router filters port 80 traffic. C. 192.168.1.105 is a web server. D. The web server listens on a nonstandard port.

A. The router implements NAT.

Which of the following factors should you consider when evaluating assets to a company? (Select the two best answers.) A. Their value to the company B. Their replacement cost C. Where they were purchased from D. Their salvage value

A. Their value to the company B. Their replacement cost

Kerberos uses which of the following? (Select the two best answers.) A. Ticket distribution service B. The Faraday cage C. Port 389 D. Authentication service

A. Ticket distribution service D. Authentication service

Which of the following might a public key be used to accomplish? A. To decrypt the hash of a digital signature B. To encrypt web browser traffic C. To digitally sign a message D. To decrypt wireless messages

A. To decrypt the hash of a digital signature

You are a forensics investigator. What is the most important reason for you to verify the integrity of acquired data? A. To ensure that the data has not been tampered with B. To ensure that a virus cannot be copied to the target media C. To ensure that the acquired data is up to date D. To ensure that the source data will fit on the target media

A. To ensure that the data has not been tampered with

Why would an attacker use steganography? A. To hide information B. For data integrity C. To encrypt information D. For wireless access

A. To hide information

Why would you use a vulnerability scanner? A. To identify open ports on a computer B. To identify remote access policies C. To crack passwords D. To see whether passwords are sent as clear text

A. To identify open ports on a computer

Which of the following is a security reason to implement virtualization in your network? A. To isolate network services and roles B. To analyze network traffic C. To add network services at lower costs D. To centralize patch management

A. To isolate network services and roles

Why would a system administrator have both a user-level account and an administrator-level account? A. To prevent privilege escalation B. To prevent admin account lockout C. To prevent password sharing D. To prevent loss of access through implicit deny

A. To prevent privilege escalation

What is the purpose of a chain of custody as it is applied to forensic image retention? A. To provide documentation as to who handled the evidence B. To provide a baseline reference C. To provide proof the evidence hasn't been tampered with D. To provide data integrity

A. To provide documentation as to who handled the evidence

In an attempt to collect information about a user's activities, which of the following will be used by spyware? A. Tracking cookie B. Session cookie C. Shopping cart D. Persistent cookie

A. Tracking cookie

You want to secure data passing between two points on an IP network. What is the best method to protect from all but the most sophisticated APTs? A. Transport encryption B. Key escrow C. Block ciphers D. Stream ciphers

A. Transport encryption

One of your users complains that files are being randomly renamed and deleted. The last action the user took was to download and install a new screensaver on the computer. The user says that the file activity started immediately after installation of the screensaver. Which of following would be the best description for this screensaver? A. Trojan horse B. Logic bomb C. Virus D. Worm

A. Trojan horse

Which of these is a security component of Windows? A. UAC B. UPS C. Gadgets D. Control Panel

A. UAC

You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate with each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What is the best method to accomplish this? A. Use a virtual switch. B. Remove the virtual network from the routing table. C. Use a standalone switch. D. Create a VLAN without any default gateway.

A. Use a virtual switch.

The fundamental difference between symmetric key systems and asymmetric key systems is that symmetric key systems do which of the following? A. Use the same key on each end B. Use different keys on each end C. Use multiple keys for non-repudiation purposes D. Use public key cryptography

A. Use the same key on each end

Which of the following is the most common authentication model? A. Username and password B. Biometrics C. Key cards D. Tokens

A. Username and password

You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. Which of the following network design elements would most likely be used? A. VLAN B. DMZ C. NAT D. Routing

A. VLAN

You have been tasked with providing a staff of 250 employees secure remote access to your corporate network. Which of the following is the best solution? A. VPN concentrator B. Web security gateway C. Web proxy D. Software-based firewall

A. VPN concentrator

What are the best ways for a web programmer to prevent website application code from being vulnerable to XSRF attacks? (Select the two best answers.) A. Validate input on the client and the server side B. Ensure HTML tags are enclosed within angle brackets C. Permit URL redirection D. Restrict the use of special characters in form fields E. Use a web proxy to pass website requests between the user and the application

A. Validate input on the client and the server side D. Restrict the use of special characters in form fields

Which of the following best describes a protective countermeasure for SQL injection? A. Validating user input within web-based applications B. Installing an IDS to monitor the network C. Eliminating XSS vulnerabilities D. Implementing a firewall server between the Internet and the database server

A. Validating user input within web-based applications

Which of the following are good practices for tracking user identities? (Select the two best answers.) A. Video cameras B. Key card door access systems C. Sign-in sheets D. Security guards

A. Video cameras B. Key card door access systems

Eric wants to install an isolated operating system. What is the best tool to use? A. Virtualization B. UAC C. HIDS D. NIDS

A. Virtualization

Sandy is comparing six different computers on a network. She wants to know which of the systems is more susceptible to attack. Which is the best tool for her to use? A. Vulnerability scanner B. Port scanner C. Ping scanner D. Baseline reporting

A. Vulnerability scanner

Which of the following is the least secure type of wireless encryption? A. WEP 64-bit B. WEP 128-bit C. WPA with TKIP D. WPA2 with AES

A. WEP 64-bit

Your boss has asked you to reduce an AP's power setting and place the AP in the center of your building. What reconnaissance method is your boss trying to prevent? A. War-driving B. Evil twin C. Rogue AP D. RF interference

A. War-driving

Which of these is a true statement concerning active interception? A. When a computer is put between a sender and receiver B. When a person overhears a conversation C. When a person looks through files D. When a person hardens an operating system

A. When a computer is put between a sender and receiver

Which type of malware does not require a user to execute a program to distribute the software? A. Worm B. Virus C. Trojan horse D. Stealth

A. Worm

Which of the following defines the difference between a Trojan horse and a worm? (Select the best answer.) A. Worms self-replicate but Trojan horses do not. B. The two are the same. C. Worms are sent via e-mail; Trojan horses are not. D. Trojan horses are malicious attacks; worms are not.

A. Worms self-replicate but Trojan horses do not.

During an audit of your servers, you have noticed that most servers have large amounts of free disk space and have low memory utilization. Which of the following statements will be correct if you migrate some of the servers to a virtual environment? A. You might end up spending more on licensing, but less on hardware and equipment. B. You will need to deploy load balancing and clustering. C. Your baselining tasks will become simpler. D. Servers will encounter latency and lowered throughput

A. You might end up spending more on licensing, but less on hardware and equipment.

You have been tasked by your boss with calculating the annualized loss expectancy (ALE) for a $5000 server that crashes often. In the past year, the server crashed 10 times, requiring a reboot each time, which resulted in a 10% loss of functionality. What is the ALE of the server? A. $500 B. $5000 C. $10,000 D. $50,000

B. $5000

You are the systems administrator for your organization. You have been tasked to block database ports at the firewall. Which port should you block? A. 3389 B. 1433 C. 443 D. 53

B. 1433

Which of the following equations represents the complexity of a password policy that enforces a lowercase password using the letters a through z, where "n" is the password length? A. n2 * 26 B. 26^2 C. n26 D. 2n * 26

B. 26^2

Which of the following inbound ports must be opened on a server to allow a user to log in remotely? A. 53 B. 3389 C. 389 D. 636

B. 3389

Which of the following authentication protocols makes use of a supplicant, authenticator, and authentication server? A. Kerberos B. 802.1X C. RADIUS D. LDAP

B. 802.1X

Your organization has several conference rooms with wired RJ45 jacks that are used by employees and guests. The employees need to access internal organizational resources, but the guests only need to access the Internet. Which of the following should you implement? A. VPN and IPsec B. 802.1X and VLANs C. Switches and a firewall D. NAT and DMZ

B. 802.1X and VLANs

To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented? A. Data connection capabilities should be disabled. B. A password should be set on the smartphone. C. Smartphone data should be encrypted. D. Smartphone should be only for company use.

B. A password should be set on the smartphone.

Which of the following is a disadvantage of PGP? A. Weak encryption can be easily broken B. A recipient must trust a public key that is received. C. Private keys can be compromised. D. Man-in-the-middle attacks are common.

B. A recipient must trust a public key that is received.

What is the main difference between a secure hash and secure encryption? A. A secure hash can be reversed. B. A secure hash cannot be reversed. C. Secure encryption can be reversed. D. Secure encryption cannot be reversed

B. A secure hash cannot be reversed.

Which of the following best describes an IPS? A. A system that identifies attacks B. A system that stops attacks in progress C. A system that is designed to attract and trap attackers D. A system that logs attacks for later analysis

B. A system that stops attacks in progress

Robert needs to access a resource. In the DAC model, what is used to identify him or other users? A. Roles B. ACLs C. MAC D. Rules

B. ACLs

Which of the following encryption protocols is the strongest and can encrypt data with the least amount of CPU usage? A. DES B. AES C. 3DES D. RC4

B. AES

You have been tasked to implement an encryption algorithm that has a key length of 128 bits. Which of the following is the only solution? A. SHA B. AES C. 3DES D. DES

B. AES

Sherry must prevent users from accessing the network after 6 p.m. She must also prevent them from accessing the accounting department's shares at all times. Which of the following should Sherry implement? (choose 2) A. Single sign-on B. Access control lists C. MAC D. Job rotation E. Time of day restrictions

B. Access control lists E. Time of day restrictions

In the DAC model, how are permissions identified? A. Role membership. B. Access control lists. C. They are predefined. D. It is automatic.

B. Access control lists.

Alice wishes to send a file to Bob using a PKI. Which of the following types of keys should Alice use to sign the file? A. Alice's private key B. Alice's public key C. Bob's public key D. Bob's private key

B. Alice's public key

In the event that a mobile device is stolen, what two security controls can prevent data loss? (Select the two best answers.) A. GPS B. Asset tracking C. Screen locks D. Inventory control E. Full device encryption

B. Asset tracking E. Full device encryption

Which of the following is a record of the tracked actions of users? A. Performance Monitor B. Audit trails C. Permissions D. System and event logs

B. Audit trails

Which of the following is not a record of the tracked actions of users? A. Previous logon notification B. Audit trails C. Application log D. Security log

B. Audit trails

Which of the following concepts can ease administration but can be the victim of a malicious attack? A. Zombies B. Backdoors C. Buffer overflow D. Group Policy

B. Backdoors

After auditing an FTP server, you note that the server has an average of 100 concurrent connections. Where should you look to determine whether this is normal or whether your FTP server is being attacked? A. Secure code review B. Baseline reporting C. Security policy D. DRP

B. Baseline reporting

Why should penetration testing only be done during controlled conditions? A. Because vulnerability scanners can cause network flooding. B. Because penetration testing actively tests security controls and can cause system instability. C. Because white-box penetration testing cannot find zero-day attacks. D. Because penetration testing passively tests security controls and can cause system instability.

B. Because penetration testing actively tests security controls and can cause system instability.

What is it called when a hashing algorithm creates the same hash from two different messages? A. Collision B. Birthday attack C. Rainbow tables D. MD5

B. Birthday attack

A network stream of data needs to be encrypted. Jason, a security administrator, selects a cipher that will encrypt 128 bits at a time before sending the data across the network. Which of the following has Jason chosen? A. Stream cipher B. Block cipher C. Hashing algorithm D. RC4

B. Block cipher

Which of the following is the unauthorized access of information from a Bluetooth device? A. Bluejacking B. Bluesnarfing C. Deep Blue D. The Blues Brothers

B. Bluesnarfing

Your boss's smartphone is encrypted and has screen lock protection, yet data was still stolen from it. How is this possible? A. Botnet B. Bluesnarfing C. SIM cloning D. GPS tracking

B. Bluesnarfing

In a PKI, what is responsible for verifying certificate contents? A. Key escrow B. CA C. CRL D. Recovery agent

B. CA

You are required to renew an SSL certificate for a web server. Which of the following should you submit to the certificate authority? A. Private key B. CSR C. CRL D. RA

B. CSR

What two items are included in a digital certificate? (Select the two best answers.) A. User's private key B. Certificate authority's digital signature C. The user's public key D. Certificate authority's IP address

B. Certificate authority's digital signature C. The user's public key

You are told by your manager to keep evidence for later use at a court proceeding. Which of the following should you document? A. Disaster recovery plan B. Chain of custody C. Key distribution center D. Auditing

B. Chain of custody

Which of the following reduces the chances of a single point of failure on a server when it fails? A. Virtualization B. Clustering C. RAID D. Cold site

B. Clustering

Which of the following best describes a backdoor? A. Code inserted into software that initiates one of several types of functions when specific criteria are met B. Computer programs used to bypass normal authentication or other security mechanisms in place C. Code that restricts access to a computer and makes demands for money D. A group of compromised computers

B. Computer programs used to bypass normal authentication or other security mechanisms in place

The IT director asks you to protect a server's data from unauthorized access and disclosure. What is this an example of? A. Integrity B. Confidentiality C. Availability D. Non-repudiation

B. Confidentiality

You are the network security administrator. One of the system administrators reports to you that an unauthorized user has accessed the network. What should you do first? A. Contact the police. B. Contain the problem. C. Determine the monetary impact. D. Notify management.

B. Contain the problem.

As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet? A. Instant messaging B. Cookies C. Group policies D. Temporary files

B. Cookies

Which of the following attacks uses a JavaScript image tag in an e-mail? A. SQL injection B. Cross-site scripting C. Cross-site request forgery D. Directory traversal E. Null pointer dereference

B. Cross-site scripting

Which of the following web application security weaknesses can be mitigated by preventing the usage of HTML tags? A. SQL injection B. Cross-site scripting C. LDAP injection D. Rootkits

B. Cross-site scripting

Your organization is attempting to reduce risk concerning the use of unapproved USB devices to copy files. What could you implement as a security control to help reduce risk? A. IDS B. DLP C. Content filtering D. Auditing

B. DLP

When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this? A. DoS B. DNS poisoning C. Modified hosts file D. Domain name kiting

B. DNS poisoning C. Modified hosts file

A person attempts to access a server during a zone transfer to get access to a zone file. What type of server are they trying to manipulate? A. Proxy server B. DNS server C. File server D. Web server

B. DNS server

Which of the following methods will identify which services are running on a computer? A. Calculate risk B. Determine open ports C. Review baseline reporting D. Review firewall logs

B. Determine open ports

Which of the following is most likely to result in data loss? A. Accounting personnel transferring confidential staff information with SFTP B. Developers copying data from production to test environments with USB sticks C. Encrypted backup tapes left unattended at reception for offsite storage D. Back office staff updating details on a mainframe with SSH

B. Developers copying data from production to test environments with USB sticks

What are the two ways in which you can stop employees from using USB flash drives? (Select the two best answers.) A. Utilize RBAC. B. Disable USB devices in the BIOS. C. Disable the USB root hub. D. Enable MAC filtering.

B. Disable USB devices in the BIOS. C. Disable the USB root hub.

You have been asked by an organization to help correct problems with users unknowingly downloading malicious code from websites. Which of the following should you do to fix this problem? A. Install a network-based intrusion detection system B. Disable unauthorized ActiveX controls C. Implement a policy to minimize the problem D. Use virtual machines

B. Disable unauthorized ActiveX controls

Your web server that conducts online transactions crashed, so you examine the HTTP logs and see that a search string was executed by a single user masquerading as a customer. The crash happened immediately afterward. What type of network attack occurred? A. DDoS B. DoS C. MAC spoofing D. MITM E. DNS amplification attack

B. DoS

You go out the back door of your building and notice someone looking through your company's trash. If this person were trying to acquire sensitive information, what would this attack be known as? A. Browsing B. Dumpster diving C. Phishing D. Hacking

B. Dumpster diving

Which of the following uses Transport Layer Security and does not work well in enterprise scenarios because certificates must be configured or managed on both the client side and server side? A. Transitive trust B. EAP-TLS C. EAP-TTLS D. EAP-FAST E. Kerberos

B. EAP-TLS

Which of the following is not a symmetric key algorithm? A. RC4 B. ECC C. 3DES D. Rijndael

B. ECC

You are tasked with selecting an asymmetric encryption method that allows for the same level of encryption strength, but with a lesser key length than is typically necessary. Which encryption method fulfills your requirement? A. RSA B. ECC C. DHE D. Twofish

B. ECC

Which of the following should be considered to mitigate data theft when using Cat 6 wiring? A. Multimode fiber B. EMI shielding C. CCTV D. Passive scanning

B. EMI shielding

What are kernel-level rootkits designed to do to a computer? (select two) A. Make a computer susceptible to pop-ups B. Extract confidential information C. Hide evidence of an attacker's presence D. Hide backdoors into the computer E. Crack the user's password

B. Extract confidential information C. Hide evidence of an attacker's presence

A critical system in the server room was never connected to a UPS. The security administrator for your organization has initiated an authorized service interruption of the server to fix the problem. Which of the following best describes this scenario? A. Succession planning B. Fault tolerance C. Continuity of operations D. Disaster recovery

B. Fault tolerance

Your manager has asked you to run cables for your network through a boiler room where there is a furnace and air conditioning equipment. These devices are known to cause interference. Which of the following types of cabling will have the best chance of preventing interference when working in this area? A. UTP B. Fiber-optic C. STP D. Coaxial

B. Fiber-optic

Which of the following cables suffers from chromatic dispersion if the cable is too long? A. Twisted-pair cable B. Fiber-optic cable C. Coaxial cable D. USB cables

B. Fiber-optic cable

Your organization currently uses two-factor authentication but wants to install a third factor of authentication. The existing system uses passwords and software-based PKI tokens. Which of the following would provide a third factor of authentication? A. Elliptic curve B. Fingerprint scanner C. Passphrases D. Four-digit pin codes

B. Fingerprint scanner

Which device uses stateful packet inspection? A. Switch B. Firewall C. Bridge D. IDS

B. Firewall

Which of the following devices should you employ to protect your network? (Select the best answer.) A. Protocol analyzer B. Firewall C. DMZ D. Proxy server

B. Firewall

You suspect that files are being illegitimately copied to an external location. The file server that the files are stored on does not have logging enabled. Which log should you access to find out more about the files that are being copied illegitimately? A. DNS log B. Firewall log C. Antivirus log D. System log

B. Firewall log

James has detected an intrusion in his company network. What should he check first? A. DNS logs B. Firewall logs C. The Event Viewer D. Performance logs

B. Firewall logs

Jennifer has been tasked with configuring multiple computers on the WLAN to use RDP on the same wireless router. Which of the following might be necessary to implement? A. Enable a DMZ for each wireless computer. B. Forward each computer to a different RDP port. C. Turn off port forwarding for each computer. D. Turn on AP isolation on the wireless router.

B. Forward each computer to a different RDP port.

You have implemented a security technique where an automated system generates random input data to test an application. What have you put into practice? A. XSRF B. Fuzzing C. Hardening D. Input validation

B. Fuzzing

Your high-tech server room needs a quality fire suppression system. What is the most appropriate type of fire suppression system to install? A. Dry chemical suppression B. Gaseous fire suppression C. Wet chemical suppression D. Dry-pipe sprinkler system

B. Gaseous fire suppression

Your company needs to have a backup plan in case power is lost for more than a few hours. Which of the following solutions should you implement? A. UPS B. Generator C. Warm site D. Redundant power supplies

B. Generator

Which of the following is a concern based on a user taking pictures with a smartphone? A. Application whitelisting B. Geotagging C. BYOD D. MDM

B. Geotagging

An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to source code. What type of test are you running? A. White-box B. Gray-box C. Black-box D. SDLC

B. Gray-box

You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing? A. White-box B. Gray-box C. Black-box D. Passive vulnerability scan

B. Gray-box

Which device is used to encrypt the authentication process? A. WPA B. HSM C. Enigma machine D. Smart card

B. HSM

Of the following, which type of device attempts to serve client requests without the user actually contacting the remote server? A. IP proxy B. HTTP proxy C. Firewall D. DMZ

B. HTTP proxy

Which of the following protocols uses port 443? A. SFTP B. HTTPS C. SSHTP D. SSLP

B. HTTPS

You have been asked by your boss to protect the confidentiality of sensitive data entered into a database table. What is the best method to use? A. Encryption B. Hashing C. Secure Copy D. Biometrics

B. Hashing

Of the following, which is a collection of servers that was set up to attract attackers? A. DMZ B. Honeypot C. Honeynet D. VLAN

B. Honeypot

Which of the following would be installed on a single computer to prevent intrusion? A. Network firewall B. Host-based firewall C. Host intrusion detection system D. VPN concentrator

B. Host-based firewall

You want to prevent any intrusions to a single computer. What is the best solution? A. VPN concentrator B. Host-based firewall C. Host-based intrusion detection D. Network firewall

B. Host-based firewall

You need to regulate cooling in your data center. What is the best environmental control to use? A. EMI shielding B. Hot and cold aisles C. Fire suppression D. Video surveillance

B. Hot and cold aisles

James wants to set up a VPN connection between his main office and a satellite office. Which protocol should he use? A. 802.1X B. IPsec C. RDP D. Telnet

B. IPsec

Your organization has decided to move large sets of sensitive data to a SaaS cloud provider in order to limit storage and infrastructure costs. Your CIO requires that both the cloud provider and your organization have a clear understanding of the security controls that will be implemented to protect the sensitive data. What kind of agreement is this? A. SLA B. ISA C. MoU D. BPA

B. ISA

Your boss (the IT director) wants to move several internally developed software applications to an alternate environment, supported by a third party, in an effort to reduce the footprint of the server room. Which of the following is the IT director proposing? A. PaaS B. IaaS C. SaaS D. Community cloud

B. IaaS

The IT director asks you to perform a risk assessment of your organization's network. Which of the following should you do first? A. Identify vulnerabilities B. Identify organizational assets C. Identify threats and threat likelihood D. Identify potential monetary impact

B. Identify organizational as

Where is the optimal place to have a proxy server? A. In between two private networks B. In between a private network and a public network C. In between two public networks D. On all of the servers

B. In between a private network and a public network

One of the developers in your organization installs a new application in a test system to test its functionality before implementing into production. Which of the following is most likely affected? A. Application security B. Initial baseline configuration C. Application design D. Baseline comparison

B. Initial baseline configuration

Which of the following programming techniques can stop buffer overflow attacks? A. SQL injection attack B. Input validation C. Sandbox D. Backdoor analysis

B. Input validation

Which of the following is a step in deploying a WPA2-Enterprise wireless network? A. Install a DHCP server on the authentication server B. Install a digital certificate on the authentication server C. Install an encryption key on the authentication server D. Install a token on the authentication server

B. Install a digital certificate on the authentication server

Some of the employees in your organization complain that they are receiving e-mail loaded with advertisements. What should you do? A. Install anti-spyware. B. Install anti-spam. C. Install antivirus. D. Install a HIDS.

B. Install anti-spam.

You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do? A. Install antivirus software. B. Install pop-up blockers. C. Install screensavers. D. Install a host-based firewall.

B. Install pop-up blockers.

A user receives an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts? A. Confidentiality B. Integrity C. Remediation D. Availability

B. Integrity

Carl is the security administrator for a transportation company. Which of the following should he encrypt to protect the data on a smartphone? (Select the two best answers.) A. Public keys B. Internal memory C. Master boot record (MBR) D. Steganographic images E. Removable memory cards

B. Internal memory E. Removable memory cards

A client contracts you to prevent users from accessing inappropriate websites. Which of the following technologies should you implement? A. NIDS B. Internet content filter C. Honeypot D. IP proxy

B. Internet content filter

Why is fiber-optic cable considered to be more secure than Category 6 twisted-pair cable? A. It is made of glass instead of copper. B. It is hard to tap. C. It is not susceptible to interference. D. It is more difficult to install.

B. It is hard to tap.

In a scenario where data integrity is crucial to the organization, which of the following is true about input validation regarding client/server applications? A. It must rely on the user's knowledge of the application. B. It should be performed on the server side. C. It should be performed on the client side only. D. It must be protected by SSL.

B. It should be performed on the server side.

Jeff wants to employ a Faraday cage. What will this accomplish? A. It will increase the level of wireless encryption. B. It will reduce data emanations. C. It will increase EMI. D. It will decrease the level of wireless emanations.

B. It will reduce data emanations.

One of the accounting people is forced to change roles with another accounting person every three months. What is this an example of? A. Least privilege B. Job rotation C. Mandatory vacation D. Separation of duties

B. Job rotation

You are in charge of training a group of technicians on the authentication method their organization uses. The organization currently runs an Active Directory infrastructure. Which of the following best correlates to the host authentication protocol used within that organization's IT environment? A. TACACS+ B. Kerberos C. LDAP D. 802.1X

B. Kerberos

You have completed the deployment of PKI within your organization's network. Legally you are required to implement a way to provide decryption keys to a governmental third party on an as-needed basis. Which of the following should you implement? A. Additional certificate authority B. Key escrow C. Recovery agent D. Certificate registration

B. Key escrow

Critical equipment should always be able to get power. What is the correct order of devices that your critical equipment should draw power from? A. Generator, line conditioner, UPS battery B. Line conditioner, UPS battery, generator C. Generator, UPS battery, line conditioner D. Line conditioner, generator, USP battery

B. Line conditioner, UPS battery, generator

What are the minimum requirements for a cold site? A. Location near the data center that meets power requirements B. Location that meets power and connectivity requirements C. Location with all required equipment loaded with all updates D. Location with duplicate systems

B. Location that meets power and connectivity requirements

A virus is designed to format a hard drive on a specific day. What kind of threat is this? A. Botnet B. Logic bomb C. Spyware D. Adware

B. Logic bomb

A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer? A. IP address B. MAC address C. Computer name D. NetBIOS name

B. MAC address

If a switch enters fail-open mode because its CAM table memory has been filled, then it will cease to function properly as a switch. What type of attack could cause this? A. Double tagging B. MAC flooding C. Physical tampering D. DoS

B. MAC flooding

While running a new network line, you find an active network switch above the ceiling tiles of the CEO's office with cables going in various directions. What attack is occurring? A. Impersonation B. MAC flooding C. Packet sniffing D. Spear phishing

B. MAC flooding

Which of the following describes key escrow? A. Maintains a secured copy of the user's private key for the purpose of recovering the CRL B. Maintains a secured copy of the user's private key for the purpose of recovering the key if it is lost C. Maintains a secured copy of the user's public key for the purpose of recovering messages if the key is lost D. Maintains a secured copy of the user's public key for the purpose of increasing network performance

B. Maintains a secured copy of the user's private key for the purpose of recovering the key if it is lost

You have critical backups that are made at night and taken to an offsite location. Which of the following would allow for a minimal amount of downtime in the case of a disaster? A. Have a backup server at the offsite location. B. Make the offsite location into a hot site. C. Make the offsite location into a warm site. D. Make the offsite location into a cold site.

B. Make the offsite location into a hot site.

A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following would best describe this level of access control? A. Least privilege B. Mandatory access control C. Role-based access control D. Implicit deny

B. Mandatory access control

You and several others on the IT team are deciding on an access control model. The IT director wants to implement the strictest access control model available, ensuring that data is kept as secure as possible. Which of the following access control models should you and your IT team implement? A. Discretionary access control B. Mandatory access control C. Role-based access control D. Rule-based access control

B. Mandatory access control

Which of the following is the greatest security risk of two or more companies working together under a memorandum of understanding? A. An MoU between two parties cannot be held to the same legal standards as a SLA. B. MoUs are generally loose agreements that do not have strict guidelines governing the transmission of sensitive data. C. Budgetary considerations may not have been written into the MoU. D. MoUs have strict policies concerning services performed between entities.

B. MoUs are generally loose agreements that do not have strict guidelines governing the transmission of sensitive data.

A DDoS attack can be best defined as what? A. Privilege escalation B. Multiple computers attacking a single server C. A computer placed between a sender and receiver to capture data D. Overhearing parts of a conversation

B. Multiple computers attacking a single server

Which of these hides an entire network of IP addresses? A. SPI B. NAT C. SSH D. FTP

B. NAT

What is the best (most secure) file system to use in Windows? A. FAT B. NTFS C. DFS D. FAT32

B. NTFS

Of the following, what is the worst place to store a backup tape? A. Near a bundle of fiber-optic cables B. Near a power line C. Near a server D. Near an LCD screen

B. Near a power line

Which layer of the OSI model does IPsec operate at? A. Data link B. Network C. Transport D. Application

B. Network

Which of the following can enable you to find all the open ports on an entire network? A. Protocol analyzer B. Network scanner C. Firewall D. Performance monitor

B. Network scanner

Which of the following tools can find the open ports on a network? A. Performance monitor B. Network scanner C. Protocol analyzer D. Password cracker

B. Network scanner

Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails? A. Authenticity B. Non-repudiation C. Confidentiality D. Integrity

B. Non-repudiation

Which of the following are certificate-based authentication mapping schemes? (Select the two best answers.) A. One to-many mapping B. One-to-one mapping C. Many-to-many mapping D. Many-to-one mapping

B. One-to-one mapping D. Many-to-one mapping

Your Internet café operates a public wireless hotspot. Which of the following should you implement? A. Disable the SSID B. Open system authentication C. MAC filter D. Reduce the power level

B. Open system authentication

Russ is using only documentation to test the security of a system. What type of testing methodology is this known as? A. Active security analysis B. Passive security analysis C. Hybrid security analysis D. Hands-on security analysis

B. Passive security analysis

An example of a program that does comparative analysis is what? A. Protocol analyzer B. Password cracker C. Port scanner D. Event Viewer

B. Password cracker

Which of the following methods should you use to fix a single security issue on a computer? A. Configuration baseline B. Patch C. Service pack D. Patch management

B. Patch

The IT director is worried about OS vulnerabilities. What suggestion should you give as the best way to mitigate this threat? A. Locking cabinet B. Patch management C. Anti-spam software D. Encryption

B. Patch management

Which of the following would not be considered part of a disaster recovery plan? A. Hot site B. Patch management software C. Backing up computers D. Tape backup

B. Patch management software

You have been given ten hard drives that need to be decommissioned. What is the first thing you should do? A. Format the hard drive. B. Perform a bit-level erasure or overwrite the drive. C. Contact a waste disposal facility. D. Burn the hard drives in an incinerator.

B. Perform a bit-level erasure or overwrite the drive.

You are logging a server. What security measures should you implement? A. Perform CRCs B. Perform hashing of the log files C. Apply retention policies on the log files D. Collect temporary files

B. Perform hashing of the log files C. Apply retention policies on the log files

Which of the following requires special handling and policies for data retention and distribution? (Select the two best answers.) A. Phishing B. Personal electronic devices C. SOX D. PII

B. Personal electronic devices D. PII

Which of the following social engineering attacks relies on impersonation in an attempt to gain personal information? A. Hoaxes B. Phishing C. Dumpster diving D. Shoulder surfing

B. Phishing

Your organization has implemented cloud computing. Which of the following security controls do you no longer possess? A. Logical control of data B. Physical control of data C. Administrative control of data D. Executive control of data

B. Physical control of data

Don must configure his firewall to support TACACS+. Which port(s) should he open on the firewall? A. Port 53 B. Port 49 C. Port 161 D. Port 22

B. Port 49

As you review your firewall log, you see the following information. What type of attack is this? S=207.50.135.54:53 - D=10.1.1.80:0 S=207.50.135.54:53 - D=10.1.1.80:1 S=207.50.135.54:53 - D=10.1.1.80:2 S=207.50.135.54:53 - D=10.1.1.80:3 S=207.50.135.54:53 - D=10.1.1.80:4 S=207.50.135.54:53 - D=10.1.1.80:5 A. Denial-of-service B. Port scanning C. Ping scanning D. DNS spoofing

B. Port scanning

Which of the following tools can be used to check network traffic for clear-text passwords? A. Password cracker B. Protocol analyzer C. Port scanner D. Performance monitor

B. Protocol analyzer

You have been contracted to determine if network activity spikes are related to an attempt by an attacker to breach the network. The customer wants you to identify when the activity occurs and what type of traffic causes the activity. Which type of tool should you use? A. Network mapper B. Protocol analyzer C. System Monitor D. Performance Monitor

B. Protocol analyzer

Your boss has asked you to implement a solution that will monitor users and limit their access to external websites. Which of the following is the best solution? A. NIDS B. Proxy server C. Block all traffic on port 80 D. Honeypot

B. Proxy server

Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? (Select the three best answers.) A. AV software B. Proxy server C. Spam filter D. Load balancer E. Firewall F. URL filter G. NIDS

B. Proxy server E. Firewall F. URL filter

For a user to obtain a certificate from a certificate authority, the user must present two items. The first is proof of identity. What is the second? A. Password B. Public key C. Private key D. Authentication

B. Public key

Which of the following asymmetric keys is used to encrypt data to be decrypted by an intended recipient only? A. Secret key B. Public key C. Private key D. Session key

B. Public key

You have been asked to set up authentication through PKI, and encryption of a database using a different cryptographic process to decrease latency. What encryption types should you use? A. Public key encryption to authenticate users and public keys to encrypt the database B. Public key encryption to authenticate users and private keys to encrypt the database C. Private key encryption to authenticate users and private keys to encrypt the database D. Private key encryption to authenticate users and public keys to encrypt the database

B. Public key encryption to authenticate users and private keys to encrypt the database

Which method would you use if you were disposing hard drives as part of a company computer sale? A. Destruction B. Purging C. Clearing D. Formatting

B. Purging

Your organization uses VoIP. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic? A. NAT B. QoS C. NAC D. Subnetting

B. QoS

To show risk from a monetary standpoint, which of the following should risk assessments be based upon? A. Survey of loss, potential threats, and asset value B. Quantitative measurement of risk, impact, and asset value C. Complete measurement of all threats D. Qualitative measurement of risk and impact

B. Quantitative measurement of risk, impact, and asset value

Which of the following only encrypts the password portion of a packet between the client and server? A. TACACS B. RADIUS C. TACACS+ D. XTACACS

B. RADIUS

One of your database servers is mission-critical. You cannot afford any downtime. What is the best item to implement to ensure minimal downtime of the server and ensure fault tolerance of the data stored on the database server? A. UPS B. RAID C. Redundant server D. Spare parts

B. RAID

Which of the following RAID versions offers the least amount of performance degradation when a disk in the array fails? A. RAID 0 B. RAID 1 C. RAID 4 D. RAID 5

B. RAID 1

Which of the following encryption algorithms is used to encrypt and decrypt data? A. SHA-256 B. RC5 C. MD5 D. NTLM

B. RC5

You have been tasked with investigating a compromised web server and just finished analyzing the logs of a firewall. You see the following open inbound ports appear in the log: 22, 25, 445, 514, 1433, 3225, 3389 Of the following answers, which was most likely used to access the server remotely? A. HTTP B. RDP C. LDAP D. HTTPS E. Telnet F. Syslog

B. RDP

Your server room has most items bolted down to the floor, but some items - such as network testing tools - can be easily removed from the room. Which security control can you implement to allow for automated notification of the removal of an item from the server room? A. Environmental monitoring B. RFID C. EMI shielding D. CCTV

B. RFID

Which of the following algorithms depends on the inability to factor large prime numbers? A. AES B. RSA C. Elliptic curve D. Diffie-Hellman

B. RSA

Which of the following encryption algorithms are supported by the IEEE 802.11i standard? A. TKIP B. RSA C. ECC D. AES

B. RSA

Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers? A. SHA-1 B. RSA C. WPA D. Symmetric

B. RSA

Which the following algorithms is used by the protocol TLS to establish a session key? A. AES B. RSA C. RC4 D. HTTPS E. SSL

B. RSA

The IT director tasks you to set up a backup plan to ensure that your organization can be back up and running within hours if a disaster occurs. Which of the following should you implement? A. Hot site B. Redundant servers C. Cold site D. Tape backup

B. Redundant servers

Your company has six web servers. You are implementing load balancing. What is this an example of? A. UPS B. Redundant servers C. RAID D. Warm site

B. Redundant servers

Your Windows domain has additional servers configured as member servers. Your job is to minimize the risk of unauthorized persons logging on locally to the member servers. Your solution should have a minimal impact on local management and administration and should not limit administrator access. Which of the following are the best solutions? A. Disable account lockout policies. B. Require strong passwords. C. Rename the local default accounts. D. Configure all services to run under the context of the Local System account. E. Disable the local default accounts. F. Provide backdoors into the member servers.

B. Require strong passwords. C. Rename the local default accounts.

Susan is in charge of installing a business-critical application on an Internet-facing server. She is going to update the application to the most current version. What other security control should she perform in conjunction with the update? A. Run a port scan of the application server. B. Review and apply vendor-provided hardening documentation. C. Configure the firewall to prevent the application from auto-updating. D. Configure the firewall to allow the application to auto-update.

B. Review and apply vendor-provided hardening documentation.

You have implemented an X.509 PKI. One of the private keys has been compromised before the certificate's regular expiration date. What should you do? A. Validate the certificate. B. Revoke the certificate. C. Register the certificate. D. Put the certificate in escrow.

B. Revoke the certificate

You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst finds hidden processes that are running on the server. Which of the following has most likely been installed on the server? A. Spam B. Rootkit C. Backdoor D. Logic bomb E. Ransomware

B. Rootkit

Eliot just finished taking a forensic image of a server's memory. What should he employ to ensure image integrity? A. Compress the image B. Run the image through SHA-2. C. Run the image through AES-128. D. Make a duplicate of the image.

B. Run the image through SHA-2.

Which of the following is a trusted OS implementation used to prevent malicious code from executing on Linux platforms? A. System File Checker (SFC) B. SELinux C. Tripwire D. vmlinuz

B. SELinux

Which of the following protocols allow for the secure transfer of files? (Select the two best answers.) A. SNMP B. SFTP C. TFTP D. SCP E. ICMP

B. SFTP D. SCP

The IT director recommends that you require your service provider to give you an end-to-end traffic performance guarantee. What document will include this guarantee? A. Chain of custody B. SLA C. DRP D. Incident response procedures

B. SLA

In what way can you gather information from a remote printer? A. HTTP B. SNMP C. CA D. SMTP

B. SNMP

You need to monitor network devices on your network. Which of the following protocols will best help you complete this task? A. ICMP B. SNMP C. SMTP D. NetBIOS

B. SNMP

Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP? A. SMTP B. SPA C. SAP D. Exchange

B. SPA

What is a secure way to remotely administer Linux systems? A. SCP B. SSH C. SNMP D. SFTP

B. SSH

Which of the following, when removed, can increase the security of a wireless access point? A. MAC filtering B. SSID C. WPA D. Firewall

B. SSID

Which of the following misuses the Transmission Control Protocol handshake process? A. Man-in-the-middle attack B. SYN attack C. WPA attack D. Replay attack

B. SYN attack

Which of the following individuals uses code with little knowledge of how it works? A. Hacktivist B. Script kiddie C. APT D. Insider

B. Script kiddie

You are attempting to apply corporate security settings to a workstation. Which of the following would be the best solution? A. Hotfix B. Security template C. Patch D. Services.msc

B. Security template

What does isolation mode on an AP provide? A. Hides the SSID B. Segments each wireless user from every other wireless user C. Stops users from communicating with the AP D. Stops users from connecting to the Internet

B. Segments each wireless user from every other wireless user

You have been hired by an organization to design the security for its banking software. You need to implement a system where tasks involving the transfer of money require action by more than one user. Activities should be logged and audited often. What access control method should you implement? A. Job rotation B. Separation of duties C. Implicit deny D. Least privilege

B. Separation of duties

Which of the following is the most secure type of cabling? A. Unshielded twisted-pair B. Shielded twisted-pair C. Coaxial D. Category 6

B. Shielded twisted-pair

Several users complain they are encountering intermittent loss of network connectivity. The computers are wired to the LAN, and no wireless devices are being used. What should you implement? A. Data emanation B. Shielding C. HVAC D. Faraday cage

B. Shielding

Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this? A. Anomaly-based IDS B. Signature-based IDS C. Behavior-based IDS D. Heuristic-based IDS

B. Signature-based IDS

Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this? A. Anomaly-based IDS B. Signature-based IDS C. Behavior-based IDS D. Inline IDS

B. Signature-based IDS

Michael's company has a single web server that is connected to three other distribution servers. What is the greatest risk involved in this scenario? A. Fraggle attack B. Single point of failure C. Denial-of-service attack D. Man-in-the-middle attack

B. Single point of failure

Before gaining access to the data center, you must swipe your finger on a device. What type of authentication is this? A. Biometrics B. Single sign-on C. Multifactor D. Tokens

B. Single sign-on

Greg needs to centralize the authentication of multiple networking systems against a single user database. What is he trying to implement? A. Access control list B. Single sign-on C. Multifactor authentication D. Common Access Card

B. Single sign-on

Robert has been asked to make sure that a server is highly available. He must ensure that hard drive failure will not affect the server. Which of the following methods allows for this? (choose 2) A. True clustering B. Software RAID 1 C. Load balancing D. Hardware RAID 5 E. Software RAID 0

B. Software RAID 1 D. Hardware RAID 5

In biometrics, what aspect of human authentication does a thumbprint scanner test for? A. Something a user knows B. Something a user is C. Something a user has D. Something a user does

B. Something a user is

Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat? A. Spyware B. Spam C. Viruses D. Botnets

B. Spam

An employee has been terminated from your organization. What can ensure that the organization continues to have access to the employee's private keys? A. Store the keys in a CRL B. Store the keys in escrow C. Delete the employee's user account D. Retain the employee's token

B. Store the keys in escrow

Your web server's private key has been compromised by a malicious intruder. What, as the security administrator, should you do? A. Issue a new CA. B. Submit the public key to the CRL. C. Submit the private key to the CRL. D. Use key escrow.

B. Submit the public key to the CRL.

In a secure environment, which authentication mechanism performs better? A. RADIUS because it encrypts client/server passwords B. TACACS+ because it encrypts client/server negotiation dialogs C. TACACS+ because it is a remote access authentication service D. RADIUS because it is a remote access authentication service

B. TACACS+ because it encrypts client/server negotiation dialogs

Which of the following transport protocols and port numbers does Secure Shell use? A. UDP port 69 B. TCP port 22 C. TCP port 389 D. UDP port 53

B. TCP port 22

You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement? A. HSM B. TPM C. HIDS D. USB encryption

B. TPM

Your network has a DHCP server, AAA server, LDAP server, and e-mail server. Instead of authenticating wireless connections locally at the WAP, you want to utilize RADIUS for the authentication process. When you configure the WAP's authentication screen, what server should you point to, and which port should you use? A. The DHCP server and port 67 B. The AAA server and port 1812 C. The LDAP server and port 389 D. The e-mail server and port 143

B. The AAA server and port 1812

What ensures that a CRL is authentic and has not been modified? A. The CRL can be accessed by anyone. B. The CRL is digitally signed by the CA C. The CRL is always authentic. D. The CRL is encrypted by the CA.

B. The CRL is digitally signed by the CA

Of the following, which two security measures should be implemented when logging a server? (Select the two best answers.) A. Cyclic redundancy checks B. The application of retention policies on log files C. Hashing of log files D. Storing of temporary files

B. The application of retention policies on log files C. Hashing of log files

Which of the following statements is correct about IPsec authentication headers? A. The authentication information is a keyed hash based on half of the bytes in the packet. B. The authentication information is a keyed hash based on all the bytes in the packet. C. The authentication information hash will remain the same even if the bytes change on transfer. D. The authentication header cannot be used in combination with the IP Encapsulating Security Payload.

B. The authentication information is a keyed hash based on all the bytes in the packet.

You are a security administrator for a midsized company that uses several applications on its client computers. After the installation of a specialized program on one computer, a software application executed an online activation process. Then, a few months later, the computer experienced a hardware failure. A backup image of the operating system was restored on a newer revision of the same brand and model computer. After that restoration, the specialized program no longer works. Which of the following is the most likely cause of the problem? A. The restored image backup was encrypted with the wrong key. B. The hash key summary of the hardware and the specialized program no longer match. C. The specialized program is no longer able to perform remote attestation due to blocked ports. D. The binary files used by the specialized program have been modified by malware.

B. The hash key summary of the hardware and the specialized program no longer match.

How do most network-based viruses spread? A. By optical disc B. Through e-mail C. By USB flash drive D. By instant messages

B. Through e-mail

What is the purpose of LDAP authentication services? A. To prevent multifactor authentication B. To act as a single point of management C. To implement MAC D. To issue one-time passwords

B. To act as a single point of management

What is the primary purpose of network address translation (NAT)? A. To hide the public network from internal hosts B. To convert IP addresses into domain names C. To cache web pages D. To hide internal hosts from the public network

B. To convert IP addresses into domain names

Why would you implement password masking? A. To deter tailgating B. To deter shoulder surfing C. To deter impersonation D. To deter hoaxes

B. To deter shoulder surfing

In a wireless network, why is an SSID used? A. To secure the wireless access point B. To identify the network C. To encrypt data D. To enforce MAC filtering

B. To identify the network

Virtualization is a broad term that includes the use of virtual machines and the extraction of computer resources. Which of the following is the best security reason for using virtualization of network servers? A. To centralize patch management B. To isolate network services and roles C. To add network services D. To analyze network traffic

B. To isolate network services and roles

Why would you deploy a wildcard certificate? A. To extend the renewal date of the certificate B. To reduce the burden of certificate management C. To increase the certificate's encryption key length D. To secure the certificate's private key

B. To reduce the burden of certificate management

What are the best reasons to use an HSM? A. To recover keys B. To store keys C. For a CRL D. To generate keys E. To transfer keys to the hard drive

B. To store keys D. To generate keys

What are LDAP and Kerberos commonly used for? A. To sign SSL wildcard certificates B. To utilize single sign-on capabilities C. To perform queries on a directory service D. To store usernames and passwords in a FIM system

B. To utilize single sign-on capabilities

What is the main reason to frequently view the logs of a DNS server? A. To create aliases B. To watch for unauthorized zone transfers C. To defend against denial-of-service attacks D. To prevent domain name kiting

B. To watch for unauthorized zone transfers

Which of the following gives the user a one-time password? A. PIV B. Tokens C. Single sign-on D. Biometrics

B. Tokens

You are using the following backup scheme: A full backup is made every Friday night at 6 p.m., and differential backups are made every other night at 6 p.m. Your database server fails on a Thursday afternoon at 4 p.m. How many tapes will you need to restore the database server? A. One B. Two C. Three D. Four

B. Two

What device should be used to ensure that a server does not shut down when there is a power outage? A. RAID 1 box B. UPS C. Redundant NIC D. Hot site

B. UPS

Which of the following should be performed on a computer to protect the OS from malicious software? A. Install a perimeter firewall B. Update HIPS signatures C. Update NIDS signatures D. Disable unused services E. Disable DEP settings

B. Update HIPS signatures D. Disable unused services

You have been tasked with protecting an operating system from malicious software. What should you do? (Select the two best answers.) A. Disable the DLP. B. Update the HIPS signatures. C. Install a perimeter firewall. D. Disable unused services. E. Update the NIDS signatures.

B. Update the HIPS signatures. D. Disable unused services.

A coworker has installed an SMTP server on the company firewall. What security principle does this violate? A. Chain of custody B. Use of a device as it was intended C. Man trap D. Use of multifunction network devices

B. Use of a device as it was intended

Which of the following would a routine system audit most likely include? A. Penetration testing B. User rights and permissions reviews C. Security policy development D. Port scanning

B. User rights and permissions reviews

You have been instructed to install an intrusion detection system that can protect a database server and the rest of the network. You cannot afford to use any more resources on the database server. You decide to implement a network intrusion detection system. Why is this superior to a host-based intrusion detection system? (two best answers) A. A HIDS is not reliable when it comes to detecting attacks. B. Usually, a HIDS cannot detect network attacks. C. A HIDS cannot be updated. D. A HIDS can negatively impact system performance.

B. Usually, a HIDS cannot detect network attacks. D. A HIDS can negatively impact system performance.

You suspect that an unauthorized person has accessed your server room. Which of the following would be the best proof of this? A. Card key log B. Video surveillance C. Security log D. Security guard testimony

B. Video surveillance

The IT director asks you to determine if weak passwords are used by any of the users on your network. You run a password-cracking program to determine this. What is this an example of? A. Antivirus scanning B. Vulnerability assessment C. Fingerprinting D. Baselining

B. Vulnerability assessment

Your organization does business with in a TEMPEST-certified building. What attack does this help to prevent? A. Weak encryption B. War-driving C. Bluejacking D. Bluesnarfing

B. War-driving

In Windows, which of the following commands will not show the version number? A. Systeminfo B. Wf.msc C. Winver D. Msinfo32.exe

B. Wf.msc

When is it appropriate to use vulnerability scanners to identify any potential holes in your security design? A. When testing disaster mitigation planning B. When testing to identify known potential security risks inherent to your design C. When testing the network's response to specific attacks D. When testing the automatic detection and alerts of your network

B. When testing to identify known potential security risks inherent to your design

Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason? A. Virus B. Worm C. Zombie D. PHP script

B. Worm

Which of the following firewall rules only denies DNS zone transfers? A. deny IP any any B. deny TCP any any port 53 C. deny UDP any any port 53 D. deny all dns packets

B. deny TCP any any port 53

Your network uses the subnet mask 255.255.255.224. Which of the following IPv4 addresses are able to communicate with each other? (Select the two best answers.) A. 10.36.36.126 B. 10.36.36.158 C. 10.36.36.166 D. 10.36.36.184 E. 10.36.36.224

C. 10.36.36.166 D. 10.36.36.184

Which of the following is a private IPv4 address? A. 11.16.0.1 B. 127.0.0.1 C. 172.16.0.1 D. 208.0.0.1

C. 172.16.0.1

Which of the following is a Class B private IP address? A. 10.254.254.1/16 B. 192.168.1.1/16 C. 172.16.1.1/16 D. 169.254.50.1/24

C. 172.16.1.1/16

For a remote tech to log in to a user's computer in another state, what inbound port must be open on the user's computer? A. 21 B. 389 C. 3389 D. 8080

C. 3389

Which port number does the protocol LDAP use when it is secured? A. 389 B. 443 C. 636 D. 3389

C. 636

You have been asked to set up a web server that will service regular HTTP requests as well as HTTP Secure requests. Which of the following ports would you use by default? A. 21 B. 25 C. 80 D. 135 E. 443 F. 445

C. 80 E. 443

Which of the following ports is used by Kerberos by default? A. 21 B. 80 C. 88 D. 443

C. 88

Which port does Kerberos use by default? A. 21 B. 80 C. 88 D. 389

C. 88

Your data center has highly critical information. Because of this you want to improve upon physical security. The data center already has a video surveillance system. What else can you add to increase physical security? (Select the two best answers.) A. A software-based token system B. Access control lists C. A mantrap D. Biometrics

C. A mantrap D. Biometrics

Which statement best applies to the term Java applet? A. It decreases the usability of web-enabled systems. B. It is a programming language. C. A web browser must have the capability to run Java applets. D. It uses digital signatures for authentication.

C. A web browser must have the capability to run Java applets.

What is the main difference between a worm and a virus. A. A virus is easily removed. B. A worm is undetectable. C. A worm is self-replicating. D. A virus is larger.

C. A worm is self-replicating.

You are attempting to move data to a USB flash drive. Which of the following enables a rapid and secure connection? A. SHA-2 B. 3DES C. AES-256 D. MD5

C. AES-256

Which of the following does the discretionary access control model use to identify users who have permissions to a resource? A. Roles that users have in the organization B. Predefined access privileges C. Access control lists D. Security labels

C. Access control lists

Jane is a systems administrator and must revoke the access of a user who has been terminated. Which policy must she implement? A. Password recovery B. Password expiration C. Account disablement D. Account lockout

C. Account disablement

You are consulting for a small organization that relies on employees who work from home and on the road. An attacker has compromised the network by denying remote access to the company using a script. Which of the following security controls did the attacker exploit? A. Password complexity B. DoS C. Account lockout D. Password length

C. Account lockout

Which of the following is the best description of a security advantage when using a standardized server image? A. All antivirus software will be current. B. All current updates for the OS will already have been applied. C. All mandated security configurations will already have been applied to the OS. D. OS licensing will be easier to track.

C. All mandated security configurations will already have been applied to the OS.

Which of the following types of firewalls provides inspection of data at layer 7 of the OSI model? A. Network address translation B. Stateful inspection C. Application-proxy D. Circuit-level gateway

C. Application-proxy

You are the network administrator for your organization and are in charge of many servers, including one web server. Which of the following is the best way to reduce vulnerabilities on your web server? A. Enable auditing and review log files B. Block DNS on port 80 C. Apply updates and patches D. Use a 24/7 packet sniffer

C. Apply updates and patches

The university science lab is normally locked when no one is using it. The professor of the science department has a key to unlock the door. Other faculty members are given keys to lock the door only. What type of key structure is this? A. Symmetric B. Key escrow C. Asymmetric D. Secret keys

C. Asymmetric

Which of the following is the verification of a person's identity? A. Authorization B. Accountability C. Authentication D. Password

C. Authentication

Which of the following is the final step a user needs to take before that user can access domain resources? A. Verification B. Validation C. Authorization D. Authentication

C. Authorization

Which of the following does the A in CIA stand for when it comes to IT security? (Select the best answer.) A. Accountability B. Assessment C. Availability D. Auditing

C. Availability

You are in charge of your organization's backup plan. You need to make sure that the data backups are available in case of a disaster. However, you need to keep the plan as inexpensive as possible. Which of the following solutions should you implement? A. Implement a hot site B. Implement a cold site C. Back up data to removable media and store a copy offsite D. Implement a remote backup solution

C. Back up data to removable media and store a copy offsite

A security assessment of an existing application has never been made. Which of the following is the best assessment technique to use to identify an application's security posture? A. Functional testing B. Threat modeling C. Baseline reporting D. Protocol analysis

C. Baseline reporting

Of the following, which is not a logical method of access control? A. Username/password B. Access control lists C. Biometrics D. Software-based policy

C. Biometrics

Which of the following might be used to start a DDoS attack? A. Spyware B. Worm C. Botnet D. Rootkit

C. Botnet

What are recovery point objectives and recovery time objectives related to? A. Risk managem B. Succession planning C. Business impact analysis D. Single points of failure

C. Business impact analysis

Of the following, which type of fire suppression can prevent damage to computers and servers? A. Class A B. Water C. CO2 D. ABC extinguishers

C. CO2

Where would you store a revoked certificate? A. Key escrow B. Recovery agent C. CRL D. PKI

C. CRL

Which of the following might be included in Microsoft Security Bulletins? A. PHP B. CGI C. CVE D. TLS

C. CVE

Which of the following is the best fire suppression system to use if you do not want any equipment to be damaged? A. Wet pipe sprinkler B. Deluge sprinkler C. Carbon dioxide D. Wet chemical fire extinguisher

C. Carbon dioxide

Which of the following will a Faraday cage prevent the usage of? A. USB flash drives B. Uninterruptible power supplies C. Cell phones D. Wired keyboards

C. Cell phones

To prevent ad hoc configuration issues on your wireless network, what method should you implement? A. Incident management strategy B. Auditing strategy C. Change management strategy D. Patch management strategy

C. Change management strategy

If a fire occurs in the server room, which device is the best method to put it out? A. Class A extinguisher B. Class B extinguisher C. Class C extinguisher D. Class D extinguisher

C. Class C extinguisher

Your boss has tasked you with ensuring that reclaimed space on a hard drive has been sanitized while the computer is in use. What job should you perform? A. Individual file encryption B. Full disk encryption C. Cluster tip wiping D. Storage retention

C. Cluster tip wiping

Your company expects its employees to behave in a certain way. How could a description of this behavior be documented? A. Chain of custody B. Separation of duties C. Code of ethics D. Acceptable use policy

C. Code of ethics

You check the application log of your web server and see that someone attempted unsuccessfully to enter the text below into an HTML form field. Which attack was attempted? test; etc/passwd A. SQL injection B. Code injection C. Command injection D. Buffer overflow

C. Command injection

Which of the following is the greatest risk when it comes to removable storage? A. Integrity of data B. Availability of data C. Confidentiality of data D. Accountability of data

C. Confidentiality of data

Which of the following encompasses application patch management? A. Policy management B. Fuzzing C. Configuration management D. Virtualization

C. Configuration management

Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer? A. Router B. Firewall C. Content filter D. NIDS

C. Content filter

Which of the following techniques enables an already secure organization to assess security vulnerabilities in real time? A. Baselining B. ACLs C. Continuous monitoring D. Video surveillance

C. Continuous monitoring

Which of the following is the best practice to implement when securing logs files? A. Log all failed and successful login attempts. B. Deny administrators access to log files. C. Copy the logs to a remote log server. D. Increase security settings for administrators.

C. Copy the logs to a remote log server.

Your organization uses a SOHO wireless router all-in-one device. The network has five wireless BYOD users and two web servers that are wired to the network. What should you configure to protect the servers from the BYOD users' devices? (Select the two best answers.) A. Implement EAP-TLS B. Change the default HTTP port C. Create a VLAN for the servers D. Deny incoming connections to the outside router interface E. Disable physical ports F. Create an ACL to access the servers

C. Create a VLAN for the servers F. Create an ACL to access the servers

What key combination helps to secure the logon process? A. Windows+R B. Ctrl+Shift+Esc C. Ctrl+Alt+Del D. Alt+F4

C. Ctrl+Alt+Del

A security analyst wants to ensure that all external traffic is able to access an organization's front-end servers but also wants to protect access to internal resources. Which network design element is the best option for the security analyst? A. VLAN B. Virtualization C. DMZ D. Cloud computing

C. DMZ

A Uniform Resource Locator (URL) is a type of Uniform Resource Identifier (URI) that specifies where an identified resource is available. When a user attempts to go to a website, she notices the URL has changed. Which attack is the most likely cause of the problem? A. Denial of service B. ARP poisoning C. DNS poisoning D. DLL injection

C. DNS poisoning

Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for? A. Availability of virtual machines B. Integrity of data C. Data confidentiality D. Hardware integrity

C. Data confidentiality

You have found vulnerabilities in your SCADA system. Unfortunately, changes to the SCADA system cannot be made without vendor approval, which can take months to obtain. Which of the following is the best way to protect the SCADA system in the interim? A. Install a firewall in the SCADA network B. Update AV definitions on the SCADA system C. Deploy a NIPS at the edge of the SCADA network D. Enable auditing of accounts on the SCADA system

C. Deploy a NIPS at the edge of the SCADA network

Which of the following best describes a NIDS? A. Used to attract and trap potential attackers B. Filters out various types of Internet activities such as websites accessed C. Detects malicious network activities such as port scans and DoS attacks D. Redirects malicious traffic

C. Detects malicious network activities such as port scans and DoS attacks

You perform a risk assessment for your organization. What should you do during the impact assessment? A. Determine actions that can be taken to mitigate any potential threat B. Determine how likely it is that a threat might actually occur C. Determine the potential monetary costs related to a threat D. Determine how well the organization is prepared to manage the threat

C. Determine the potential monetary costs related to a threat

You are the security administrator for your company. You have been informed by human resources that one of the employees in accounting has been terminated. What should you do? A. Delete the user account. B. Speak to the employee's supervisor about the person's data. C. Disable the user account. D. Change the user's password.

C. Disable the user account.

An administrator wants to reduce the size of the attack surface of a Windows Server. Which of the following is the best answer to accomplish this? A. Update antivirus software. B. Install updates. C. Disable unnecessary services. D. Install network intrusion detection systems.

C. Disable unnecessary services.

You have been tasked with securing a switch from physical access. Which of the following should you implement first? A. Set up access control lists. B. Check the baseline configuration. C. Disable unused ports. D. Disable unnecessary accounts.

C. Disable unused ports.

When you arrive at work in the morning, you discover that the server room has been the victim of a fire, and all the servers have been rendered useless. Which of the following is the most important item to have to ensure that your organization can recover from this disaster? A. Warm site B. Offsite backup C. Disaster recovery plan D. Fault-tolerant servers

C. Disaster recovery plan

Which of the following can allow the owner to restrict access to resources according to the identity of the user? A. Mandatory access control B. Role-based access control C. Discretionary access control D. CRL

C. Discretionary access control

You want to stop malicious eavesdroppers from capturing network traffic. What should you implement? A. Hot and cold aisles B. Video surveillance C. EMI shielding D. HVAC shielding

C. EMI shielding

You scan your network and find a rogue AP with the same SSID used by your network. What type of attack is occurring? A. War-driving B. Bluesnarfing C. Evil twin D. IV attack

C. Evil twin

Which of the following descriptions is true concerning external security testing? A. External security testing is conducted from outside the building where an organization's servers are hosted. B. External security testing is conducted from outside the perimeter switch but inside the border router. C. External security testing is conducted from outside the organization's security perimeter. D. External security testing is conducted from outside the perimeter switch but inside the organization's firewall.

C. External security testing is conducted from outside the organization's security perimeter.

Which of the following is the most secure protocol for transferring files? A. FTP B. SSH C. FTPS D. Telnet

C. FTPS

What type of cabling is the most secure for networks? A. STP B. UTP C. Fiber-optic D. Coaxial

C. Fiber-optic

Which of the following cable media is the least susceptible to a tap? A. Coaxial cable B. Twisted-pair cable C. Fiber-optic cable D. CATV cable

C. Fiber-optic cable

Which of the following would fall into the category of "something a person is"? A. Passwords B. Passphrases C. Fingerprints D. Smart cards

C. Fingerprints

Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what? A. Port security B. Content inspection C. Firewall rules D. Honeynet

C. Firewall rules

Which of the following attacks is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19? A. Teardrop B. IP spoofing C. Fraggle D. Replay

C. Fraggle

Which of the following threats is not associated with Bluetooth? A. Discovery mode B. Bluesnarfing C. Fraggle attack D. Bluejacking

C. Fraggle attack

An attacker has identified and exploited several vulnerabilities in a closed-source application that your organization has developed. What did the attacker implement? A. Secure code review B. Vulnerability testing C. Fuzzing D. Compiling

C. Fuzzing

Of the following, what is the best option to implement if you want to be able to recover a lost laptop? A. Remote wipe B. HIDS C. GPS D. Whole disk encryption

C. GPS

Which of the following tape backup methods enables daily backups, weekly full backups, and monthly full backups? A. Towers of Hanoi B. Incremental C. Grandfather-father-son D. Differential E. Snapshot

C. Grandfather-father-son

When it comes to security policies, what should HR personnel be trained in? A. Maintenance B. Monitoring C. Guidelines and enforcement D. Vulnerability assessment

C. Guidelines and enforcement

Which of the following uses an asymmetric key to open a session, and then establishes a symmetric key for the remainder of the session? A. TLS B. SFTP C. HTTPS D. SSL E. TFTP

C. HTTPS

Which of the following is the least volatile when performing incident response procedures? A. RAM B. Registers C. Hard drive D. RAID cache

C. Hard drive

A security administrator analyzed the following logs: Host: 10.248.248.67 [02: 15: 11]Successful Login: 045 10.248.248.67:local [02: 15: 16]Unsuccessful Login: 067 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 072 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 058 208.159.67.23: RDP 10.248.248.67 [02: 15: 16]Unsuccessful Login: 094 208.159.67.23: RDP 10.248.248.67 What should the security administrator implement as a mitigation method against further attempts? A. System log monitoring B. IDS C. Hardening D. Reporting

C. Hardening

Which of the following best describes the baseline process of securing a device within a network infrastructure? A. Active prevention B. Enumerating C. Hardening D. Passive detection

C. Hardening

The security administrator has added the following information to a SOHO router: PERMIT 00:1C:C0:A2:56:18 DENY 01:23:6D:A9:55:EC Now, a mobile device user reports a problem connecting to the network. What is preventing the user from connecting? A. Port filtering has been implemented. B. IP address filtering has been implemented. C. Hardware address filtering has been implemented. D. WPA2-PSK requires a supplicant on the mobile device.

C. Hardware address filtering has been implemented.

How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.) A. Have the user contact the webmaster. B. Have the user check for HTTPS://. C. Have the user click the padlock in the browser and verify the certificate. D. Have the user call the ISP.

C. Have the user click the padlock in the browser and verify the certificate.

You oversee compliance with financial regulations for credit card transactions. You need to block out certain ports on the individual computers that do these transactions. What should you implement to best achieve your goal? A. HIPS B. Antivirus updates C. Host-based firewall D. NIDS

C. Host-based firewall

You are developing a security plan for your organization. Which of the following is an example of a physical control? A. Password B. DRP C. ID card D. Encryption

C. ID card

Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses? A. HTTP proxy B. Protocol analyzer C. IP proxy D. SMTP proxy E. PAC

C. IP proxy

You ping a hostname on the network and receive a response including the address 2001:4560:0:2001::6A. What type of address is listed within the response? A. MAC address B. Loopback address C. IPv6 address D. IPv4 address

C. IPv6 address

Which of the following attacks involves the interception of authentication traffic on a wireless network? A. Evil twin B. Replay attack C. IV attack D. Near field communication

C. IV attack

The helpdesk department for your organization reports that there are increased calls from clients reporting malware-infected computers. Which of the following steps of incident response is the most appropriate as a first response? A. Recovery B. Lessons learned C. Identification D. Containment E. Eradication

C. Identification

Two items are needed before a user can be given access to the network. What are these two items? A. Authentication and authorization B. Authorization and identification C. Identification and authentication D. Password and authentication

C. Identification and authentication

Virtualization technology is often implemented as operating systems and applications that run in software. Often, it is implemented as a virtual machine. Of the following, which can be a security benefit when using virtualization? A. Patching a computer will patch all virtual machines running on the computer. B. If one virtual machine is compromised, none of the other virtual machines can be compromised. C. If a virtual machine is compromised, the adverse effects can be compartmentalized. D. Virtual machines cannot be affected by hacking techniques.

C. If a virtual machine is compromised, the adverse effects can be compartmentalized.

Which of the following will stop network traffic when the traffic is not identified in the firewall ruleset? A. Explicit allow B. Explicit deny C. Implicit deny D. Access control lists

C. Implicit deny

You are analyzing why the incident response team of your organization could not identify a recent incident that occurred. Review the e-mail below and then answer the question that follows. E-mail from the incident response team: A copyright infringement alert was triggered by IP address 11.128.50.1 at 02: 30: 01 GMT. After reviewing the following logs for IP address 11.128.50.1 we cannot correlate and identify the incident. - 02: 25: 23 11.128.50.1 http://externalsite.com/login.asp?user=steve - 02: 30: 15 11.128.50.1 http://externalsite.com/login.asp?user=amy - 03: 30: 01 11.128.50.1 http://externalsite.com/access.asp?file=movie.mov - 03: 31: 08 11.128.50.1 http://externalsite.com/download.asp?movie.mov=ok Why couldn't the incident response team identify and correlate the incident? A. The logs are corrupt. B. The chain of custody was not properly maintained. C. Incident time offsets were not accounted for. D. Traffic logs for the incident are not available.

C. Incident time offsets were not accounted for.

Which of the following techniques supports availability when considering a vendor-specific vulnerability in critical industrial control systems? A. Verifying that antivirus definitions are up to date B. Deploying multiple firewalls at the network perimeter C. Incorporating diversity into redundant design D. Enforcing application whitelists

C. Incorporating diversity into redundant design

To code applications in a secure manner, what is the best practice to use? A. Cross-site scripting B. Flash version 3 C. Input validation D. HTML version 5

C. Input validation

You want to curtail users from e-mailing confidential data outside your organization. Which of the following would be the best method? A. Block port 110 on the firewall. B. Prevent the usage of USB flash drives. C. Install a network-based DLP device. D. Implement PGP.

C. Install a network-based DLP device.

Which of the following is the most effective way of preventing adware? A. Install an antivirus program B. Install a host-based intrusion detection system C. Install a pop-up blocker D. Install a firewall

C. Install a pop-up blocker

Of the following, what is the service provided by message authentication code? A. Confidentiality B. Fault tolerance C. Integrity D. Data recovery

C. Integrity

What does a virtual private network use to connect one remote host to another? (Select the best answer.) A. Modem B. Network adapter C. Internet D. Cell phone

C. Internet

If your ISP blocks objectionable material, what device would you guess has been implemented? A. Proxy server B. Firewall C. Internet content filter D. NIDS

C. Internet content filter

Which of the following statements is true about a certificate revocation list? A. It should be kept secret. B. It must be encrypted. C. It should be kept public. D. It should be used to sign other keys.

C. It should be kept public.

You review the system logs for your organization's firewall and see that an implicit deny is within the ACL. Which is an example of an implicit deny? A. When an access control list is used as a secure way of moving traffic from one network to another. B. Implicit deny will deny all traffic from one network to another. C. Items not specifically given access are denied by default. D. Everything will be denied because of the implicit deny.

C. Items not specifically given access are denied by default.

Which of the following characterizations best suits the term Java applets? A. Java applets include a digital signature. B. Java applets allow for customized controls and icons. C. Java applets need to have virtual machine web browser support. D. Java applets are the same as ActiveX controls.

C. Java applets need to have virtual machine web browser support.

In an attempt to detect fraud and defend against it, your company cross-trains people in each department. What is this an example of? A. Separation of duties B. Chain of custody C. Job rotation D. Least privilege

C. Job rotation

Your organization implements a policy in which accounting staff needs to be cross-trained in various banking software to detect possible fraud. What is this an example of? A. Separation of duties B. Least privilege C. Job rotation D. Due care

C. Job rotation

Which of the following authentication models places importance on a ticket-granting server? A. PAP B. CHAP C. Kerberos D. RADIUS

C. Kerberos

Which of the following authentication systems makes use of a Key Distribution Center? A. Security tokens B. CHAP C. Kerberos D. Certificates

C. Kerberos

An administrator configures Unix accounts to authenticate to a non-Unix server on the internal network. The configuration file incorporates the following information: DC=ServerName and DC=COM. Which service is being used? A. SAML B. RADIUS C. LDAP D. TACACS+

C. LDAP

Which of the following is a secure wireless authentication method that uses a RADIUS server for the authenticating? A. CCMP B. WEP-PSK C. LEAP D. WPA2-PSK

C. LEAP

Your organization wants to improve its security posture by addressing risks uncovered by a recent penetration test. Which of the following is most likely to affect the organization on a day-to-day basis? A. Large-scale natural disaster B. Corporate espionage C. Lack of antivirus software D. Insufficient encryption

C. Lack of antivirus software

Hardware-based encryption devices such as hardware security modules (HSMs) are sometimes deployed by organizations more slowly than in other organizations. What is the best reason for this? A. RBAC B. USB removable encryption C. Lack of management software D. Multifactor authentication

C. Lack of management software

Which of the following is a technical control? A. Disaster recovery plan B. Baseline configuration development C. Least privilege implementation D. Categorization of system security

C. Least privilege implementation

Which of the following uses multiple computers to share work? A. RAID B. VPN concentrator C. Load balancing D. Switching

C. Load balancing

You have several unused USB flash drives, three laptops, and two HSMs that contain sensitive data. What is the best way to prevent the theft of these devices? A. GPS tracking B. Encryption C. Locking cabinet D. Hashing

C. Locking cabinet

What kind of threat is a virus that is designed to format a computer's hard drive on a specific calendar day? A. Bot B. Spyware C. Logic bomb D. Adware

C. Logic bomb

Which of the following will most likely enable an attacker to force a switch to function like a hub? A. DNS spoofing B. ARP poisoning C. MAC flooding D. DNS poisoning

C. MAC flooding

Which of the following is a room or "closet" where wiring and circuits merge, creating a potential attack point? A. SATCOM B. NFC C. MDF D. TEMPEST

C. MDF

Which of the following about authentication is false? A. RADIUS is a client-server system that provides authentication, authorization, and accounting services. B. PAP is insecure because usernames and passwords are sent as clear text. C. MS-CHAPv2 is not capable of mutual authentication of the client and server. D. CHAP is more secure than PAP because it encrypts usernames and passwords.

C. MS-CHAPv2 is not capable of mutual authentication of the client and server.

When authenticating with PEAP, what is used to provide mutual authentication between peer computers? A. MSCHAPv110-056 B. MD5 C. MSCHAPv2 D. EAP

C. MSCHAPv2

Which of the following types of scanners can locate a rootkit on a computer? A. Image scanner B. Barcode scanner C. Malware scanner D. Adware scanner

C. Malware scanner

Which of the following can prevent tailgating? A. Video cameras B. Biometrics C. Mantraps D. Proximity cards

C. Mantraps

User awareness and training can help with which of the following? A. Compliance with legislative and vendor software best practices B. Enforcement of physical security requirements C. Minimizing organizational risk caused by users D. Identifying DoS attacks

C. Minimizing organizational risk caused by users

To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this? A. Biometrics B. Domain logon C. Multifactor D. Single sign-on

C. Multifactor

What is MAC filtering a form of? A. VPN B. NAT C. NAC D. DMZ

C. NAC

Which of the following devices would detect but not react to suspicious behavior on the network? (Select the most accurate answer.) A. NIPS B. Firewall C. NIDS D. HIDS E. UTM

C. NIDS

Which of the following will detect malicious packets and discard them? A. Proxy server B. NIDS C. NIPS D. PAT

C. NIPS

Which of the following is a vulnerability assessment tool? A. John the Ripper B. Aircrack-ng C. Nessus D. Cain & Abel

C. Nessus

Where would you turn off file sharing in Windows? A. Control Panel B. Local Area Connection C. Network and Sharing Center D. Firewall properties

C. Network and Sharing Center

Which of the following tools require a computer with a network adapter that can be placed in promiscuous mode? A. Password cracker B. Vulnerability scanner C. Network mapper D. Protocol analyzer E. Port scanner

C. Network mapper D. Protocol analyzer

You have been contracted to conduct a forensics analysis on a server. Which of the following should you do first? A. Analyze temporary files B. Run an antivirus scan C. Obtain a binary copy of the system D. Search for spyware

C. Obtain a binary copy of the system

You want to secure your data to retain it over the long term. What is the best way to do this? A. Onsite clustering B. Virtualization C. Offsite backup D. RAID 5 onsite backup

C. Offsite backup

Where are software firewalls usually located? A. On routers B. On servers C. On clients D. On every computer

C. On clients

Which of the following encryption protocols uses a PSK? A. TPM B. CRL C. PGP D. DLP

C. PGP

Which of the following protocols is not used to create a VPN tunnel and not used to encrypt VPN tunnels? A. PPTP B. L2TP C. PPP D. IPsec

C. PPP

Which of the following cloud computing services offers easy-to-configure operating systems? A. SaaS B. IaaS C. PaaS D. VM

C. PaaS

Which of the following are the best options when it comes to increasing the security of passwords? (Select the two best answers.) A. Password age B. Password expiration C. Password complexity D. Password history E. Password length

C. Password complexity E. Password length

Users are required to change their passwords every 30 days. Which policy should be configured? A. Password length B. Password recovery C. Password expiration D. Account lockout

C. Password expiration

Kate is allowed to perform a self-service password reset. What is this an example of? A. Password expiration B. Password length C. Password recovery D. Password complexity

C. Password recovery

Which of the following should you implement to fix a single security issue on the computer? A. Service pack B. Support website C. Patch D. Baseline

C. Patch

Which of the following is one example of verifying new software changes on a test system A. Application hardening B. Virtualization C. Patch management D. HIDS

C. Patch management

The IT director asks you to configure security for your network. The network is isolated from the Internet by a perimeter network. The perimeter network contains three web servers and a network intrusion detection system. You need to test the network's capability to detect and respond to a denial-of-service attack against the applications running on the web servers. What method should you use? A. Port scanning B. Vulnerability scanning C. Penetration testing D. Network analysis

C. Penetration testing

You are configuring security for a network that is isolated from the Internet by a perimeter network. You need to test the network's ability to detect and respond to a DoS attack. What should you implement? A. Port scanning B. Network packet analysis C. Penetration testing D. Vulnerability scanning

C. Penetration testing

Of the following, which is the best way for a person to find out what security holes exist on the network? A. Run a port scan. B. Use a network sniffer. C. Perform a vulnerability assessment. D. Use an IDS solution.

C. Perform a vulnerability assessment.

What is it known as when traffic to a website is redirected to another, illegitimate site? A. Phishing B. Whaling C. Pharming D. Spim

C. Pharming

Turnstiles, double entry doors, and security guards are all preventative measures for what kind of social engineering? A. Dumpster diving B. Impersonation C. Piggybacking D. Eavesdropping

C. Piggybacking

Your boss asks you to implement multifactor authentication. Which of the following should you use? A. Username and password B. Common Access Card C. Pin number and smart card D. ACL entry and password

C. Pin number and smart card

You are the security administrator working for a large corporation with many remote workers. You are tasked with deploying a remote access solution for both staff and contractors. Company management favors Remote Desktop Services because of its ease of use. Your current risk assessment suggests that you protect Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should you choose? A. Change remote desktop to a non-standard port, and implement password complexity for the entire Active Directory domain. B. Distribute new IPsec VPN client software to applicable parties, and then virtualize the remote desktop services functionality. C. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication. D. Deploy a remote desktop server on your internal LAN, and require an Active Directory integrated SSL connection for access.

C. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.

John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required for SSL transactions? A. Port 80 inbound B. Port 80 outbound C. Port 443 inbound D. Port 443 outbound

C. Port 443 inbound

Which of the following methods could identify when an unauthorized access has occurred? A. Two-factor authentication B. Session termination C. Previous logon notification D. Session lock

C. Previous logon notification

Users are required to log in to the network. They use a smart card to do so. Which type of key does the smart card use to log in to the network? A. Cipher key B. Shared key C. Private key D. Public key

C. Private key

Which tool would you use if you want to view the contents of a packet? A. TDR B. Port scanner C. Protocol analyzer D. Loopback adapter

C. Protocol analyzer

You are designing the environmental controls for a server room that contains several servers and other network devices. What roles will an HVAC system play in this environment? (Select the two best answers.) A. Shield equipment from EMI B. Provide isolation in case of a fire C. Provide an appropriate ambient temperature D. Maintain appropriate humidity levels E. Vent fumes from the server room

C. Provide an appropriate ambient temperature D. Maintain appropriate humidity levels

Which of the following solutions should be used by heavily utilized networks? A. VPN concentrator B. Remote access C. Provider cloud D. Telephony

C. Provider cloud

Which of the following is used to cache content? A. Firewall B. Load balancer C. Proxy D. VPN concentrator

C. Proxy

Which of the following types of keys are stored in a CRL? A. Private keys only B. TPM keys C. Public and private keys D. Public keys only

C. Public and private keys

Two computers are attempting to communicate with the SSL protocol. Which two types of keys will be used? (Select the two best answers.) A. Recovery key B. Session key C. Public key D. Key card

C. Public key

In this scenario, your organization and a sister organization use multiple certificate authorities (CAs). Which component of PKI is necessary for one CA to know whether to accept or reject certificates from another CA? A. CRL B. Key escrow C. RA D. Recovery agent

C. RA

Which of the following is an authentication system that uses UDP as the transport mechanism? A. LDAP B. Kerberos C. RADIUS D. TACACS+

C. RADIUS

To determine network access requirements, a person working in HR has been tasked with assigning users in Accounting the same job function. What is this an example of? A. MAC B. DAC C. RBAC D. ACL

C. RBAC

Which of the following protocols are you observing in the packet capture below? 16:42:01 - SRC 192.168.1.5:3389 - DST 10.254.254.57:8080 - SYN/ACK A. HTTP B. HTTPS C. RDP D. SFTP

C. RDP

You are tasked with ensuring that messages being sent and received between two systems are both encrypted and authenticated. Which of the following protocols accomplishes this? A. Diffie-Hellman B. BitLocker C. RSA D. SHA-384

C. RSA

Your company has a fiber-optic connection to the Internet. Which of the following can enable your network to remain operational even if the fiber-optic line fails? A. Redundant network adapters B. RAID 5 C. Redundant ISP D. UPS

C. Redundant ISP

Your CFO's smartphone holding classified data has been stolen. What is the best way to reduce data leakage? A. Inform law enforcement. B. Track the device with GPS. C. Remotely sanitize the device. D. Use strong encryption.

C. Remotely sanitize the device.

Your network is an Active Directory domain controlled by a Windows Server domain controller. The Finance group has read permission to the Reports and History shared folders and other shared folders. The Accounting group has read and write permissions to the Reports, AccountRecs, and Statements shared folders. Several users are members of both the Finance and Accounting groups. All the folders are located on a file server. The Everyone group is granted the Full Control NTFS permission for each folder through inheritance, but non-administrative users do not have the right to log on locally at the server. Access to the shared folders is managed through share permissions. It is determined that the Finance group should no longer have read access to the Reports folder. This change should not affect access permissions granted through membership in other groups. What is the best solution to the problem? A. Deny the read permission to the Finance group for the Reports folder B. Deny the read permission individually for each member of the Finance group for the Reports folder C. Remove the read permission from the Finance group for the Reports folder D. Delete the Finance group

C. Remove the read permission from the Finance group for the Reports folder

What is the best definition for ARP? A. Resolves IP addresses to DNS names B. Resolves IP addresses to hostnames C. Resolves IP addresses to MAC addresses D. Resolves IP addresses to DNS addresses

C. Resolves IP addresses to MAC addresses

What should you do to make sure that a compromised PKI key cannot be used again? A. Renew the key. B. Reconfigure the key. C. Revoke the key. D. Create a new key.

C. Revoke the key.

Which of the following enables an attacker to hide the presence of malicious code by altering Registry entries? A. Worm B. Logic bomb C. Rootkit D. Trojan

C. Rootkit

You investigate an executive's laptop and find a system-level kernel module that is modifying the operating system's functions. What is this an example of? A. Logic bomb B. Virus C. Rootkit D. Worm

C. Rootkit

Alice has read and write access to a database. Bob, her subordinate, only has read access. Alice needs to leave to go to a conference. Which access control type should you implement to trigger write access for Bob when Alice is not onsite? A. Discretionary access control B. Mandatory access control C. Rule-based access control D. Role-based access control E. Attribute-based access control

C. Rule-based access control

Which of the following details one of the primary benefits of using S/MIME? A. S/MIME expedites the delivery of e-mail messages. B. S/MIME enables users to send e-mail messages with a return receipt. C. S/MIME enables users to send both encrypted and digitally signed e-mail messages. D. S/MIME enables users to send anonymous e-mail messages.

C. S/MIME enables users to send both encrypted and digitally signed e-mail messages.

Which is the most secure option when transferring files from one host to another? A. FTP B. TFTP C. SFTP D. Telnet

C. SFTP

You need to protect passwords. Which of the following protocols is not recommended because it can supply passwords over the network? A. DNS B. ICMP C. SNMP D. Kerberos

C. SNMP

You have been tasked with providing daily network usage reports of layer 3 devices without compromising any data during the information gathering process. Which of the following protocols should you select to provide for secure reporting in this scenario? A. ICMP B. SNMP C. SNMPv3 D. SSH

C. SNMPv3

In an environment where the transmission and storage of PII data needs to be encrypted, what methods should you select? (Select the two best answers.) A. TFTP B. TKIP C. SSH D. PGP E. SNMP F. NTLM

C. SSH D. PGP

The IT director has asked you to set up an authentication model in which users can enter their credentials one time, yet still access multiple server resources. What type of authentication model should you implement? A. Smart card and biometrics B. Three-factor authentication C. SSO D. VPN

C. SSO

What is it known as when a web script runs in its own environment and does not interfere with other processes? A. Quarantine B. Honeynet C. Sandbox D. VPN

C. Sandbox

Users in your organization receive an e-mail encouraging them to click a link to obtain exclusive access to the newest version of a popular smartphone. What is this an example of? A. Trust B. Intimidation C. Scarcity D. Familiarity

C. Scarcity

Which of the following should occur first when developing software? A. Fuzzing B. Penetration testing C. Secure code review D. Patch management

C. Secure code review

Which two options can prevent unauthorized employees from entering a server room? (Select the two best answers.) A. Bollards B. CCTV C. Security guard D. 802.1X E. Proximity reader

C. Security guard E. Proximity reader

You are setting up auditing on a Windows computer. If set up properly, which log should have entries? A. Application log B. System log C. Security log D. Maintenance log

C. Security log

Which of the following should be done if an audit recording fails? A. Stop generating audit records. B. Overwrite the oldest audit records. C. Send an alert to the administrator. D. Shut down the server.

C. Send an alert to the administrator.

Which of the following persons is ultimately in charge of deciding how much residual risk there will be? A. Chief security officer B. Security administrator C. Senior management D. Disaster recovery plan coordinator

C. Senior management

Which layer of the OSI model is where SSL provides encryption? A. Network B. Transport C. Session D. Application

C. Session

If a person takes control of a session between a server and a client, it is known as what type of attack? A. DDoS B. Smurf C. Session hijacking D. Malicious software

C. Session hijacking

Which of following is the most basic form of IDS? A. Anomaly-based B. Behavioral-based C. Signature-based D. Statistical-based

C. Signature-based

A man pretending to be a data communications repair technician enters your building and states that there is networking trouble and he needs access to the server room. What is this an example of? A. Man-in-the-middle attack B. Virus C. Social engineering D. Chain of custody

C. Social engineering

Which of the following should you install to stop unwanted and unsolicited e-mails? A. Spyware definitions B. Pop-up blockers C. Spam filters D. Virus definitions

C. Spam filters

What is another term for secret key encryption? A. PKI B. Asymmetrical C. Symmetrical D. Public key

C. Symmetrical

What is secret key encryption also called? A. Asymmetrical encryption B. One-way function C. Symmetrical encryption D. Quantum encryption

C. Symmetrical encryption

Your organization is designing two new systems. They require emphasis on the following: System A requires high availability. System B requires high security. Which configuration should you select? A. System A and System B both fail open. B. System A fails closed. System B fails open. C. System A fails open. System B fails closed. D. System A and System B both fail closed.

C. System A fails open. System B fails closed.

When attempting to grant access to remote users, which protocol uses separate, multiple-challenge responses for each of the authentication, authorization, and audit processes? A. RADIUS B. TACACS C. TACACS+ D. LDAP

C. TACACS+

The organization you work for, a video streaming company, hired a security consultant to find out how customer credit card information was stolen. He determined that it was stolen while in transit from gaming consoles. What should you implement to secure this data in the future? A. Firmware updates B. WAF C. TCP Wrapper D. IDS

C. TCP Wrapper

Which of the following is a detective security control? A. Bollards B. Firewall C. Tape backup D. CCTV

C. Tape backup

Jason needs to add several users to a group. Which of the following will help him to get the job done faster? A. Propagation B. Inheritance C. Template D. Access control lists

C. Template

Which of the following services uses port 49? A. File Transfer Protocol B. Post Office Protocol version 3 C. Terminal Access Controller Access-Control System Plus D. Domain Name System

C. Terminal Access Controller Access-Control System Plus

Tom is getting reports from several users that they are unable to download specific items from particular websites, although they can access other pages of those websites. Also, they can download information from other websites just fine. Tom's IDS is also sending him alarms about possible malicious traffic on the network. What is the most likely cause why the users cannot download the information they want? A. The firewall is blocking web activity. B. The NIDS is blocking web activity from those specific websites. C. The NIPS is blocking web activity from those specific websites. D. The router is blocking web activity.

C. The NIPS is blocking web activity from those specific websites.

A computer that is connected to an NAC-enabled network is not asked for the proper NAC credentials. What is a possible reason for this? A. The computer is not patched. B. The computer doesn't have the latest antivirus definitions. C. The computer is missing the authentication agent. D. The computer does not have the latest SP.

C. The computer is missing the authentication agent.

A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened? A. The computer is infected with spyware. B. The computer is infected with a virus. C. The computer is now part of a botnet. D. The computer is now infected with a rootkit.

C. The computer is now part of a botnet.

Malware can use virtualization techniques. Why would this be difficult to detect? A. A portion of the malware might have already been removed by an IDS. B. The malware might be using a Trojan. C. The malware could be running at a more privileged level than the computer's antivirus software. D. The malware might be running in the command-line.

C. The malware could be running at a more privileged level than the computer's antivirus software.

What can happen if access mechanisms to data on an encrypted USB hard drive are not implemented correctly? A. Data on the USB drive can be corrupted. B. Data on the hard drive can be vulnerable to log analysis. C. The security controls on the USB drive can be bypassed. D. User accounts can be locked out.

C. The security controls on the USB drive can be bypassed.

An attacker gained access to your server room by physically removing the proximity reader from the wall near the entrance. This caused the electronic locks on the door to release. Why did the locks release? A. The proximity reader was improperly installed. B. The system used magnetic locks and the locks became demagnetized. C. The system was designed to fail-open for life safety. D. The system was installed in a fail-close configuration.

C. The system was designed to fail-open for life safety.

Which of the following is the strongest password? A. |ocrian# B. Marqu1sD3S0d C. This1sV#ryS3cure D. Thisisverysecure

C. This1sV#ryS3cure

Which of the following is an example of two-factor authentication? A. L2TP and IPsec B. Username and password C. Thumbprint and key card D. Client and server

C. Thumbprint and key card

Which of the following is the best reason to perform a penetration test? A. To identify all vulnerabilities and weaknesses within your network B. To passively test security controls C. To determine the potential impact of a threat against your network D. To find the security posture of the network

C. To determine the potential impact of a threat against your network

What is the main purpose of a physical access log? A. To enable authorized employee access B. To show who exited the facility C. To show who entered the facility D. To prevent unauthorized employee access

C. To show who entered the facility

What is one reason to implement security logging on a DNS server? A. To perform penetration testing on the server B. To prevent DNS DoS C. To watch for unauthorized zone transfers D. To measure server performance

C. To watch for unauthorized zone transfers

Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer? A. Worm B. Virus C. Trojan D. Spam

C. Trojan

The server room is on fire. What should the HVAC system do? A. Increase the humidity. B. Increase the heat. C. Turn off. D. Turn on the AC.

C. Turn off.

What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented? A. Man-in-the-middle B. TCP/IP hijacking C. UDP attack D. ICMP flood

C. UDP attack

Which of the following would most likely be considered for DLP? A. Proxy server B. Print server C. USB mass storage device D. Application server content

C. USB mass storage device

You want to mitigate the possibility of privilege creep among your long-term users. What procedure should you employ? A. Mandatory vacations B. Job rotation C. User permission reviews D. Separation of duties

C. User permission reviews

What would you implement to separate two departments? A. MAC filtering B. Cloud computing C. VLAN D. SaaS

C. VLAN

You get an automated call from what appears to be your bank. The recording asks you to state your name, state your birthday, and enter your bank account number to validate your identity. What type of attack has been perpetuated against you? A. Pharming B. Phishing C. Vishing D. Spoofing

C. Vishing

You are configuring an 802.11n wireless network. You need to have the best combination of encryption and authorization. Which of the following options should you select? A. WPA2-PSK B. WEP and 802.1X C. WPA-Enterprise D. WPA and TKIP

C. WPA-Enterprise

Which of the following is the most secure protocol to use when accessing a wireless network? A. WEP B. WPA C. WPA2 D. TKIP

C. WPA2

A targeted e-mail attack is received by your organization's CFO. What is this an example of? A. Vishing B. Phishing C. Whaling D. Spear phishing

C. Whaling

A security administrator for your organization utilized a heuristic system to detect an anomaly in a desktop computer's baseline. The admin was able to detect an attack even though the signature-based IDS and antivirus software did not detect it. Upon further review, it appears that the attacker had downloaded an executable file on the desktop computer from a USB port, and executed it triggering a privilege escalation. What type of attack has occurred? A. Directory traversal B. XML injection C. Zero day D. Baiting

C. Zero day

Which of the following computer security threats can be updated automatically and remotely? (Select the best answer.) A. Virus B. Worm C. Zombie D. Malware

C. Zombie

The main objective of risk management in an organization is to reduce risk to a level _____________. (Fill in the blank.) A. the organization will mitigate B. where the ARO equals the SLE C. the organization will accept D. where the ALE is lower than the SLE

C. the organization will accept

Which port and transport mechanism protocol must be opened on a firewall to allow incoming SFTP connections? A. 21 and UDP B. 22 and UDP C. 21 and TCP D. 22 and TCP

D. 22 and TCP

Your organization wants to implement a secure e-mail system using the POP3 and SMTP mail protocols. All mail connections need to be secured with SSL. Which of the following ports should you be using? (Select the two best answers.) A. 25 B. 110 C. 143 D. 465 E. 993 F. 995

D. 465 F. 995

What port and transport mechanism does TFTP use by default? A. 68 and TCP B. 69 and TCP C. 68 and UDP D. 69 and UDP

D. 69 and UDP

Which of the following permits or denies access to resources through the use of ports? A. Hub B. 802.11n C. 802.11x D. 802.1X

D. 802.1X

Of the following, which statement correctly describes the difference between a secure cipher and a secure hash? A. A hash produces a variable output for any input size; a cipher does not. B. A cipher produces the same size output for any input size; a hash does not. C. A hash can be reversed; a cipher cannot. D. A cipher can be reversed; a hash cannot.

D. A cipher can be reversed; a hash cannot.

What does it mean if a hashing algorithm creates the same hash for two different downloads? A. A hash is not encrypted. B. A hashing chain has occurred. C. A one-way hash has occurred. D. A collision has occurred.

D. A collision has occurred.

Which type of vulnerability assessments software can check for weak passwords on the network? A. Wireshark B. Antivirus software C. Performance Monitor D. A password cracker

D. A password cracker

Which of the following is the strongest password? A. password B. Apassword C. Apassword123 D. A#password123

D. A#password123

What needs to be configured to offer remote access to a network? A. Tokens B. Biometrics C. Supplicants D. ACLs

D. ACLs

A malicious computer is sending data frames with false hardware addresses to a switch. What is happening? A. DNS poisoning B. pWWN spoofing C. MAC spoofing D. ARP poisoning

D. ARP poisoning

What key combination should be used to close a pop-up window? A. Windows+R B. Ctrl+Shift+Esc C. Ctrl+Alt+Del D. Alt+F4

D. Alt+F4

A systems administrator must configure access to the corporate network such that users always have access without the need to periodically disconnect and reconnect. Which of the following best describes the type of connection that should be configured? A. Federated identify management B. Kerberos C. Generic Routing Encapsulation D. Always-on VPN E. PPTP

D. Always-on VPN

You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem? A. Antivirus B. Anti-spyware C. Host-based firewalls D. Anti-spam

D. Anti-spam

Many third-party programs have security settings disabled by default. What should you as the security administrator do before deploying new software? A. Network penetration testing B. Input validation C. Application whitelisting D. Application hardening

D. Application hardening

You have disabled all unnecessary services on a domain controller. What is this an example of? A. Secure code review B. Baselining C. Patch management strategy D. Application hardening

D. Application hardening

You ran a penetration test against your two database servers and found out that each of them could be compromised with the default database user account and password. Which of the following did you forget to do to your database servers? A. OS hardening B. Patch management C. Virtualization D. Application hardening

D. Application hardening

Which of the following is a type of malware that is difficult to reverse engineer? A. Logic bomb B. Worm C. Backdoor D. Armored virus

D. Armored virus

Which of the following types of viruses hides its code to mask itself? A. Stealth virus B. Polymorphic virus C. Worm D. Armored virus

D. Armored virus

What two security precautions can best help to protect against wireless network attacks? A. Authentication and WEP B. Access control lists and WEP C. Identification and WPA2 D. Authentication and WPA

D. Authentication and WPA

Which of the following defines the main difference between identification and authentication? A. Authentication verifies the identity of a user requesting credentials, whereas identification verifies a set of credentials. B. Authentication verifies a set of credentials, whereas identification verifies the identity of the network. C. Authentication verifies a user ID that belongs to a specific user, whereas identification verifies the identity of a user group. D. Authentication verifies a set of credentials, whereas identification verifies the identity of a user requesting credentials.

D. Authentication verifies a set of credentials, whereas identification verifies the identity of a user requesting credentials.

In the event of a short-term power loss to the server room, what should be powered on first in order to establish DNS services? A. Apache server B. Exchange server C. RADIUS D. BIND server

D. BIND server

What is another name for a malicious attacker? A. White hat B. Penetration tester C. Fuzzer D. Black hat

D. Black hat

Your organization's network has a main office and has two remote sites that connect back to the main office solely. You have been tasked with blocking Telnet access into the entire network. Which would be the best way to go about this? A. Block port 25 on the main office's firewall. B. Block port 25 on each of the L2 switches at the remote sites. C. Block port 23 on each of the L2 switches at the remote sites. D. Block port 23 on the main office's firewall.

D. Block port 23 on the main office's firewall.

Which of the following is not an example of malicious software? A. Rootkits B. Spyware C. Viruses D. Browser

D. Browser

An attacker takes advantage of a vulnerability in programming that allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? A. Directory traversal B. Command injection C. XSS D. Buffer overflow E. Zero day attack

D. Buffer overflow

You have analyzed what you expect to be malicious code. The results show that JavaScript is being utilized to send random data to a separate service on the same computer. What attack has occurred? A. DoS B. SQL injection C. LDAP injection D. Buffer overflow

D. Buffer overflow

Which of the following is a type of photo ID that is used by government officials to gain access to secure locations? A. Biometrics B. DAC C. RSA tokens D. CAC

D. CAC

Which authentication method completes the following in order: logon request, encrypts value response, server, challenge, compare encrypts results, and authorize or fail referred to? A. Security tokens B. Certificates C. Kerberos D. CHAP

D. CHAP

A recent security audit has uncovered an increase in the number MITM attacks during the certificate validation process. Which of the following is a way to add security to the certificate validation process to help detect and block many types of MITM attacks by adding an extra step beyond normal X.509 certificate validation? A. OID stapling B. SSH C. S/MIME D. Certificate pinning

D. Certificate pinning

What should you be concerned with when transferring evidence? A. Change management B. Job rotation C. Due diligence D. Chain of custody

D. Chain of custody

One of the developers for your company asks you what he should do before making a change to the code of a program's authentication. Which of the following processes should you instruct him to follow? A. Chain of custody B. Incident response C. Disclosure reporting D. Change management

D. Change management

You are in charge of installing patches to servers. Which of the following processes should you follow before installing a patch? A. Due process B. Separation of duties C. Fault tolerance D. Change management

D. Change management

Which one of the following can monitor and protect a DNS server? A. Ping the DNS server. B. Block port 53 on the firewall. C. Purge PTR records daily. D. Check DNS records regularly.

D. Check DNS records regularly

Which of the following fire extinguishers should be used to put out magnesium- or titanium-based metal fires? A. Class A B. Class B C. Class C D. Class D

D. Class D

Which of the following will help to prevent data theft? A. Password history B. GPS tracking C. Video surveillance D. Clean desk policy

D. Clean desk policy

What is documentation that describes minimum expected behavior known as? A. Need to know B. Acceptable usage C. Separation of duties D. Code of ethics

D. Code of ethics

Which of the following methods will best verify that a download from the Internet has not been modified since the manufacturer released it? A. Compare the final LANMAN hash with the original B. Download the patch file over an AES encrypted VPN connection C. Download the patch file through an SSL connection. D. Compare the final MD5 hash with the original.

D. Compare the final MD5 hash with the original.

Which of the following would lower the level of password security? A. After a set number of failed attempts, the server will lock the user out, forcing her to call the administrator to re-enable her account. B. Passwords must be greater than eight characters and contain at least one special character. C. All passwords are set to expire after 30 days. D. Complex passwords that users cannot change are randomly generated by the administrator.

D. Complex passwords that users cannot change are randomly generated by the administrator.

In information security, what are the three main goals? (Select the three best answers.) A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk Assessment F. Availability

D. Confidentiality B. Integrity F. Availability

What are the three main goals of information security? A. Auditing B. Integrity C. Non-repudiation D. Confidentiality E. Risk assessment F. Availability

D. Confidentiality B. Integrity F. Availability

Which of the following deals with the standard load for a server? A. Patch management B. Group Policy C. Port scanning D. Configuration baseline

D. Configuration baseline

Your organization uses a third-party service provider for some of its systems and IT infrastructure. Your IT director wants to implement a governance, risk, and compliance (GRC) system that will oversee the third party and promises to provide overall security posture coverage. Which of the following is the most important activity that should be considered? A. Baseline configuration B. SLA monitoring C. Security alerting and trending D. Continuous security monitoring

D. Continuous security monitoring

In your organization's network you have VoIP phones and PCs connected to the same switch. Which of the following is the best way to logically separate these device types while still allowing traffic between them via an ACL? A. Install a firewall and connect it to the switch. B. Create and define two subnets, configure each device to use a dedicated IP address, and then connect the whole network to a router. C. Install a firewall and connect it to a dedicated switch for each type of device. D. Create two VLANs on the switch connected to a router.

D. Create two VLANs on the switch connected to a router.

One of your servers (10.254.254.201) is only allowing slow and intermittent connections to clients on the network. You check the logs of the server and see a large number of connections from the following IP addresses: 10.254.254.38 10.254.254.79 10.254.254.102 11.57.86.86 198.155.201.214 212.119.64.32 The connections from these six hosts are overloading the server and causing it to stop responding to requests from clients. What type of attack is happening? A. Xmas tree B. XSS C. DoS D. DDoS

D. DDoS

Which type of attack uses more than one computer? A. Virus B. DoS C. Worm D. DDoS

D. DDoS

Your organization has suffered from several data leaks as a result of social engineering attacks that were conducted over the phone. Your boss wants to reduce the risk of another leak by incorporating user training. Which of the following is the best method for reducing data leaks? A. Social media and BYOD B. Acceptable use C. Information security awareness D. Data handling and disposal

D. Data handling and disposal

Rick has a local computer that uses software to generate and store key pairs. What type of PKI implementation is this? A. Distributed key B. Centralized C. Hub and spoke D. Decentralized

D. Decentralized

Your boss asks you to limit the wireless signal of a WAP from going outside the building. What should you do? A. Put the antenna on the exterior of the building. B. Disable the SSID. C. Enable MAC filtering. D. Decrease the power levels of the WAP.

D. Decrease the power levels of the WAP.

Your LAN is isolated from the Internet by a perimeter network. You suspect that someone is trying to gather information about your LAN. The IT director asks you to gather as much information about the attacker as possible while preventing the attacker from knowing that the attempt has been detected. What is the best method to accomplish this? A. Deploy a DMZ B. Deploy a proxy server in the perimeter network C. Deploy a NIPS outside the perimeter network D. Deploy a honeypot in the perimeter network

D. Deploy a honeypot in the perimeter network

Your boss asks you to replace the current RADIUS authentication system with a more secure system. Your current RADIUS solution supports EAP, and your new solution should do the same. Which of the following is the best option and would offer the easiest transition? A. CHAP B. SAML C. Kerberos D. Diameter

D. Diameter

Your organization uses a type of cryptography that provides good security but uses smaller key sizes and utilizes logarithms that are calculated against a finite field. Which type of cryptography does your organization use? A. Quantum cryptography B. Diffie-Hellman C. RSA D. Elliptic curve

D. Elliptic curve

After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next? A. Leave the ports open and monitor them for malicious attacks. B. Run the port scan again. C. Close all ports. D. Examine the services and/or processes that use those ports.

D. Examine the services and/or processes that use those ports.

To achieve multifactor security, what should you implement to accompany password usage and smart cards? A. Badge readers B. Passphrases C. Hard tokens D. Fingerprint readers

D. Fingerprint readers

You are a security tester for a penetration testing security company. You are currently testing a website and you perform the following manual query: http://www.davidlprowse.com/cookies.jsp?products=5%20and%201=1 The following response is received in the payload: "ORA-000001: SQL command not properly ended" Based on the query and the response, what technique are you employing? A. Cross-site scripting B. SQL injection C. Privilege escalation D. Fingerprinting E. Remote code execution F. Zero day

D. Fingerprinting

Which of the following devices would most likely have a DMZ interface? A. Switch B. VoIP phone C. Proxy server D. Firewall

D. Firewall

A co-worker's laptop has been compromised. What is the best way to mitigate data loss? A. Common Access Card B. Strong password C. Biometric authentication D. Full disk encryption

D. Full disk encryption

What would you use a TPM for? A. Input validation B. System hardening C. Cloud computing D. Full disk encryption

D. Full disk encryption

A security administrator is required to submit a new CSR to a CA. What is the first step? A. Generate a new private key based on AES B. Generate a new public key based on RSA C. Generate a new public key based on AES D. Generate a new private key based on RSA

D. Generate a new private key based on RSA

Your organization's servers and applications are being audited. One of the IT auditors tests an application as an authenticated user. Which of the following testing methods is being used? A. White-box B. Penetration testing C. Black-box D. Gray-box

D. Gray-box

You are in charge of monitoring a workstation for application activity and/or modification. Which of the following types of systems should you use? A. RADIUS B. NIDS C. OVAL D. HIDS

D. HIDS

Randy needs an external add-on solution that can provide encryption and integrate with his existing database server. Which of the following would meet his needs? A. TPM B. FDE C. CAC D. HSM

D. HSM

Which of the following is a removable device that can be used to encrypt in a high-availability, clustered environment? A. Biometrics B. Cloud computer C. TPM D. HSM

D. HSM

Which of the following will provide an integrity check? A. Public key B. Private key C. WEP D. Hash

D. Hash

What should a disaster recovery plan (DRP) contain? A. Hierarchical access control lists B. Single points of failure C. Hierarchical list of hot sites D. Hierarchical list of critical systems

D. Hierarchical list of critical systems

Which of the following can facilitate a full recovery within minutes? A. Warm site B. Cold site C. Reestablishing a mirror D. Hot site

D. Hot site

You see a network address in the command-line that is composed of a long string of letters and numbers. What protocol is being used? A. IPv4 B. ICMP C. IPv3 D. IPv6

D. IPv6

In which of the following phases of identification and authentication does proofing occur? A. Verification B. Authentication C. Authorization D. Identification

D. Identification

What is the deadliest risk of a virtual computer? A. If a virtual computer fails, all other virtual computers immediately go offline. B. If a virtual computer fails, the physical server goes offline. C. If the physical server fails, all other physical servers immediately go offline. D. If the physical server fails, all the virtual computers immediately go offline.

D. If the physical server fails, all the virtual computers immediately go offline.

You administer a bulletin board system for a rock and roll band. While reviewing logs for the board, you see one particular IP address posting spam multiple times per day. What is the best way to prevent this type of problem? A. Block the IP address of the user. B. Ban the user. C. Disable ActiveX. D. Implement CAPTCHA.

D. Implement CAPTCHA.

Your organization wants you to set up a wireless router so that only certain wireless clients can access the wireless network. Which of the following is the best solution? A. Disable the SSID broadcast. B. Enable 802.11n only. C. Configure AP isolation. D. Implement MAC filtering.

D. Implement MAC filtering.

Which of the following is likely to be the last rule contained within the ACLs of a firewall? A. Time of day restrictions B. Explicit allow C. IP allow any D. Implicit deny

D. Implicit deny

Improper use of P2P and social networking software may result in which of the following? A. Data loss prevention B. Denial of service C. Shoulder surfing D. Information disclosure

D. Information disclosure

When it comes to information security, what is the I in CIA? A. Insurrection B. Information C. Indigestion D. Integrity

D. Integrity

What are two reasons to use a digital signature? A. Non-repudiation B. Availability C. Confidentiality D. Integrity E. Encryption

D. Integrity A. Non-repudiation

Which of the following statements best defines a computer virus? A. It is a find mechanism, initiation mechanism, and can propagate. B. It is a search mechanism, connection mechanism, and can integrate. C. It is a learning mechanism, contamination mechanism, and can exploit. D. It is a replication mechanism, activation mechanism, and has an objective.

D. It is a replication mechanism, activation mechanism, and has an objective.

Password-cracking tools are easily available over the Internet. Which of the following is a password-cracking tool? A. AirSnort B. Nessus C. Wireshark D. John the Ripper

D. John the Ripper

Your organization has a PKI. Data loss is unacceptable. What method should you implement? A. CR B. Web of trust C. CA D. Key escrow

D. Key escrow

Which of the following concepts does the Diffie-Hellman algorithm rely on? A. Usernames and passwords B. VPN tunneling C. Biometrics D. Key exchange

D. Key exchange

Study the following items carefully. Which one permits a user to "float" a domain registration for a maximum of 5 days? A. DNS poisoning B. Domain hijacking C. Domain spoofing D. Kiting E. DNS amplification

D. Kiting

Which of the following is used to implement an unencrypted tunnel between two networks? A. HTTPS B. PPTP C. AES D. L2TP E. Always-on VPN

D. L2TP

What is the most common reason that social engineering succeeds? A. Lack of vulnerability testing B. People sharing passwords C. Lack of auditing D. Lack of user awareness

D. Lack of user awareness

Which of the following concepts best describes the mandatory access control model? A. Bell-LaPadula B. Clark-Wilson C. Biba D. Lattice

D. Lattice

You are the security administrator for the company ABC Accounting, Inc. The IT director has given rights to you that allow you to review logs and update network devices only. Other rights are given out to network administrators for the areas that fall within their job description. What kind of access control is this? A. Job rotation B. Discretionary C. Mandatory vacation D. Least privilege

D. Least privilege

Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks? A. VPN concentrator B. Protocol analyzer C. Proxy server D. Load balancer

D. Load balancer

Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows? A. RAID 6 B. Server virtualization C. Multi-CPU motherboards D. Load balancing

D. Load balancing

What is a malicious attack that executes at the same time every week? A. Virus B. Worm C. Ransomware D. Logic bomb

D. Logic bomb

What should you configure to improve wireless security? A. Enable the SSID B. IP spoofing C. Remove repeaters D. MAC filtering

D. MAC filtering

Which of the following is vulnerable to spoofing? A. WPA-LEAP B. WPA-PEAP C. Enabled SSID D. MAC filtering

D. MAC filtering

Which of the following anomalies can a protocol analyzer detect? A. Disabled network adapters B. Decryption of encrypted network traffic C. Passive sniffing of network traffic D. Malformed or fragmented packets

D. Malformed or fragmented packets

Virtualized browsers can protect the OS that they are installed within from which of the following? A. DDoS attacks against the underlying OS B. Phishing and spam attacks C. Man-in-the-middle attacks D. Malware installation from Internet websites

D. Malware installation from Internet websites

You surmise that a user's session was interrupted by an attacker who inserted malicious code into the network traffic. What attack has occurred? A. DoS B. Spoofing C. Phishing D. Man-in-the-middle

D. Man-in-the-middle

Of the following access control models, which uses object labels? (Select the best answer.) A. Discretionary access control B. Role-based access control C. Rule-based access control D. Mandatory access control E. Attribute-based access control

D. Mandatory access control

Which of the following statements regarding the MAC model is true? A. Mandatory access control is a dynamic model. B. Mandatory access control enables an owner to establish access privileges to a resource. C. Mandatory access control is not restrictive. D. Mandatory access control users cannot share resources dynamically.

D. Mandatory access control users cannot share resources dynamically.

You are in the middle of the information gathering stage of the planning and deployment of a role-based access control model. Which of the following is most likely required? A. Clearance levels of personnel B. Rules under which certain systems can be accessed C. Group-based privileges already in place D. Matrix of job titles with required privileges

D. Matrix of job titles with required privileges

Which of the following access control methods is best described as providing a username, password, and biometric thumbprint scan to gain access to a network? A. Biometrics B. Three-way handshake C. Mutual authentication D. Multifactor

D. Multifactor

Which of the following is not an advantage of NTFS over FAT32? A. NTFS supports file encryption. B. NTFS supports larger file sizes. C. NTFS supports larger volumes. D. NTFS supports more file formats.

D. NTFS supports more file formats.

In a classified environment, clearance to top secret information that enables access to only certain pieces of information is known as what? A. Separation of duties B. Chain of custody C. Non-repudiation D. Need to know

D. Need to know

Which command would display the following output? Active Connections Proto Local Address Foreign Address State TCP WorkstationA:1395 8.15.228.165:http ESTABLISHED A. Ping B. Ipconfig C. Nbtstat D. Netstat

D. Netstat

When is a system completely secure? A. When it is updated B. When it is assessed for vulnerabilities C. When all anomalies have been removed D. Never

D. Never

Which of the following is not one of the steps of the incident response process? A. Eradication B. Recovery C. Containment D. Non-repudiation

D. Non-repudiation

The IT director wants you to use a cryptographic algorithm that cannot be decoded by being reversed. Which of the following would be the best option? A. Asymmetric B. Symmetric C. PKI D. One-way function

D. One-way function

What is the best action to take when you conduct a corporate vulnerability assessment? A. Document your scan results for the change control board. B. Examine vulnerability data with a network sniffer. C. Update systems. D. Organize data based on severity and asset value.

D. Organize data based on severity and asset value.

Which of the following does not apply to an X.509 certificate? A. Certificate version B. The issuer of the certificate C. Public key information D. Owner's symmetric key

D. Owner's symmetric key

Which security measure should be included when implementing access control? A. Disabling SSID broadcast B. Time-of-day restrictions C. Changing default passwords D. Password complexity requirements

D. Password complexity requirements

What tool can alert you if a server's processor trips a certain threshold? A. TDR B. Password cracker C. Event Viewer D. Performance Monitor

D. Performance Monitor

Network utilization is the ratio of current network traffic to the maximum amount of traffic that a network adapter or specific port can handle. Which of the following can help you to determine whether current network utilization is abnormal? A. Security log B. Vulnerability assessment C. Penetration testing D. Performance baseline

D. Performance baseline

You've created a baseline for your Windows Server file server. Which of the following tools can best monitor changes to your system baseline? A. Key management software B. Resource planning software C. Antivirus software D. Performance monitoring software

D. Performance monitoring software

One of your users complains that he received an e-mail from a mortgage company asking for personal information. The user does not recognize this mortgage company as the company with which he first applied for a mortgage for his house. What is the best way to describe this e-mail? A. Hoax B. Spam C. Denial of service D. Phishing

D. Phishing

Which of the following is a common symptom of spyware? A. Infected files B. Computer shuts down C. Applications freeze D. Pop-up windows

D. Pop-up windows

You are tasked with implementing an access point to gain more wireless coverage. What should you look at first? A. SSID B. Radio frequency C. Encryption type D. Power levels

D. Power levels

How are permissions defined in the mandatory access control model? A. Access control lists B. User roles C. Defined by the user D. Predefined access privileges

D. Predefined access privileges

Which of the following methods can possibly identify when an unauthorized access has occurred? A. Session lock mechanism B. Session termination mechanism C. Two-factor authentication D. Previous logon notification

D. Previous logon notification

Your organization asks you to design a web-based application. It wants you to design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk if an attack occurs. Which of the following security concepts does this describe? A. Implicit deny B. Mandatory access control C. Separation of duties D. Principle of least privilege

D. Principle of least privilege

Tim needs to collect data from users who utilize an Internet-based application. Which of the following should he reference before doing so? A. Secure code review B. SOX C. Acceptable use policy D. Privacy policy

D. Privacy policy

What kind of attack enables an attacker to access administrator-level resources using a Windows service that uses the local system account? A. Trojan B. Spyware C. Spam D. Privilege escalation

D. Privilege escalation

You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in? A. Half-duplex mode B. Full-duplex mode C. Auto-configuration mode D. Promiscuous mode

D. Promiscuous mode

Many companies send passwords via clear text. Which of the following can view these passwords? A. Rainbow table B. Port scanner C. John the Ripper D. Protocol analyzer

D. Protocol analyzer

Which tool can be instrumental in capturing FTP GET requests? A. Vulnerability scanner B. Port scanner C. Performance Monitor D. Protocol analyzer

D. Protocol analyzer

A customer has asked you to implement a solution to hide as much information about the internal structure of the network as possible. The customer also wants to minimize traffic with the Internet and does not want to increase security risks to the internal network. Which of the following solutions should you implement? A. NIDS B. Firewall C. Protocol analyzer D. Proxy server

D. Proxy server

One of your co-workers has been issued a new smart card because the old one has expired. The co-worker can connect to the computer network but is unable to send digitally signed or encrypted e-mail. What does the security administrator need to perform? A. Make certificates available to the operating system B. Recover the previous smart card certificates C. Remove all previous smart card certificates from the local certificate store D. Publish new certificates to the global address list

D. Publish new certificates to the global address list

You are tasked with setting up a wireless network that uses 802.1X for authentication. You set up the wireless network using WPA2 and CCMP; however, you don't want to use a PSK for authentication. Which of the following options would support 802.1X authentication? A. Kerberos B. CAC card C. Pre-shared key D. RADIUS

D. RADIUS

WEP improperly uses an encryption protocol and therefore is considered to be insecure. What encryption protocol does it use? A. AES B. RSA C. RC6 D. RC4

D. RC4

Which of the following provides a user with a rolling password for one-time use? A. PIV card B. CAC card C. Multifactor authentication D. RSA tokens

D. RSA tokens

Which of the following threats has the highest probability of being increased by the availability of devices such as USB flash drives on your network? A. Introduction of new data on the network B. Increased loss of business data C. Loss of wireless connections D. Removal of PII data

D. Removal of PII data

What is a definition of implicit deny? A. Everything is denied by default B. All traffic from one network to another is denied. C. ACLs are used to secure the firewall. D. Resources that are not given access are denied by default.

D. Resources that are not given access are denied by default.

What is a definition of implicit deny? A. Everything is denied by default. B. All traffic from one network to another is denied. C. ACLs are used to secure the firewall. D. Resources that are not given access are denied by default.

D. Resources that are not given access are denied by default.

What is the best way to test the integrity of a company's backed up data? A. Conduct another backup B. Use software to recover deleted files C. Review written procedures D. Restore part of the backup

D. Restore part of the backup

In which of the following ways can risk not be managed? A. Risk transfer B. Risk mitigation C. Risk acceptance D. Risk elimination

D. Risk elimination

Your organization (ABC-Services Corp.) has three separate wireless networks used for varying purposes. You conducted a site survey and found the following information from your scans: SSID - State - Channel - Level ABC-WAP1 - Connected - 1 - 80 dbm ABC-WAP2 - Connected - 6 - 90 dbm ABC-WAP3 - Connected - 11 - 75 dbm ABC-WAP4 - Connected - 4 - 65 dbm What is occurring here? A. Jamming B. Packet sniffing C. Near field communication D. Rogue access point

D. Rogue access point

To be proactive, you use your vehicle to take several war-driving routes each month through your company's campus. Recently you have found a large number of unauthorized devices. Which of the following security breaches have you most likely encountered? A. Bluejacking B. Interference C. IV attack D. Rogue access points

D. Rogue access points

Which of the following access control models would be found in a firewall? A. Mandatory access control B. Discretionary access control C. Role-based access control D. Rule-based access control

D. Rule-based access control

Which of the following protocols operates at the highest layer of the OSI model? A. IPsec B. TCP C. ICMP D. SCP

D. SCP

You analyze the network and see that a lot of data is being transferred on port 22. Which of the following set of protocols is most likely being used? A. SSL and SFTP B. SCP and Telnet C. FTP and TFTP D. SCP and SFTP

D. SCP and SFTP

MD5 can be manipulated by creating two identical hashes using two different messages, resulting in a collision. This is difficult (if impossible) to do with SHA-256. Why is this? A. SHA-256 has greater collision strength than MD5. B. MD5 has greater collision resistance than SHA-256. C. MD5 has greater collision strength than SHA-256. D. SHA-256 has greater collision resistance than MD5.

D. SHA-256 has greater collision resistance than MD5.

A security auditing consultant has completed a security assessment and gives the following recommendations: 1. Implement fencing and additional lighting around the perimeter of the building. 2. Digitally sign new releases of software. Categorically, what is the security consultant recommending? (Select the two best answers.) A. Encryption B. Availability C. Confidentiality D. Safety E. Fault tolerance F. Integrity

D. Safety

What is the technique of adding text to a password when it is hashed? A. Rainbow tables B. Symmetric cryptography C. NTLMv2 D. Salting

D. Salting

Tara has written an application and is ready to go through the hardening process. Which of the following could be considered a hardening process of the SDLC? A. Disabling unnecessary services B. Application patching management schedule C. Disabling unnecessary accounts D. Secure coding concepts

D. Secure coding concepts

Which of the following log files should show attempts at unauthorized access? A. DNS B. System C. Application D. Security

D. Security

You are in charge of auditing resources and the changes made to those resources. Which of the following log files will show any unauthorized changes to those resources? A. System log file B. Application log file C. Directory Services log file D. Security log file

D. Security log file

Which password management system best provides for a system with a large number of users? A. Locally saved passwords management system B. Synchronized passwords management system C. Multiple access methods management system D. Self-service password reset management system

D. Self-service password reset management system

Your company has 1000 users. Which of the following password management systems will work best for your company? A. Multiple access methods B. Synchronize passwords C. Historical passwords D. Self-service password resetting

D. Self-service password resetting

One of the users in your organization is attempting to access a secure website. However, the certificate is not recognized by his web browser. Which of the following is the most likely reason? A. Weak certificate cipher B. No key escrow was implemented C. Intermittent Internet connection D. Self-signed certificate

D. Self-signed certificate

An IDS looks for patterns to aid in detecting attacks. What are these patterns known as? A. Anomalies B. Viruses C. Malware D. Signatures

D. Signatures

Your organization provides employee badges that are encoded with a private encryption key and specific personal information. The encoding is used to provide access to the organization's network. What type of authentication method is being used? A. Token B. Biometrics C. Kerberos D. Smart card

D. Smart card

What are two examples of common single sign-on authentication configurations? (Select the two best answers.) A. Biometrics-based B. Multifactor authentication C. Kerberos-based D. Smart card-based

D. Smart card-based C. Kerberos-based

What would a password be characterized as? A. Something a user has B. Something a user is C. Something a user does D. Something a user knows

D. Something a user knows

Which of the following is not a common criteria when authenticating users? A. Something you do B. Something you are C. Something you know D. Something you like

D. Something you like

Which of the following targets specific people? A. Pharming B. Phishing C. Vishing D. Spear phishing

D. Spear phishing

Making data appear as if it is coming from somewhere other than its original source is known as what? A. Hacking B. Phishing C. Cracking D. Spoofing

D. Spoofing

What is it known as when an attacker provides falsified information? A. Aliasin B. Flooding C. Redirecting D. Spoofing

D. Spoofing

Which of the following is a type of packet filtering used by firewalls that retains memory of the packets that pass through the firewall? A. Stateless packet filtering B. Circuit-level gateway C. NAT filtering D. Stateful packet inspection

D. Stateful packet inspection

What kind of monitoring methodology does an antivirus program use? A. Anomaly-based B. Behavior-based C. Signature-based D. Statistical-based

D. Statistical-based

You find out that confidential information is being encoded into graphic files in a form of security through obscurity. What have you encountered? A. Digital signature B. Non-repudiation C. Confidentiality D. Steganography

D. Steganography

You look through some graphic files and discover that confidential information has been encoded into the files. These files are being sent to a sister company outside your organization. What is this an example of? A. Confidentiality B. Cryptography C. Digital signature D. Steganography

D. Steganography

Which of the following is used by PGP to encrypt the session key before it is sent? A. Asymmetric key distribution system B. Asymmetric scheme C. Symmetric key distribution system D. Symmetric scheme

D. Symmetric scheme

Which of the following needs to be backed up on a domain controller to recover Active Directory? A. User data B. System files C. Operating system D. System State

D. System State

Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches? A. Kerberos B. RADIUS C. Captive portal D. TACACS+

D. TACACS+

In a secure environment, which authentication mechanism performs better? A. RADIUS because it is a remote access authentication service. B. RADIUS because it encrypts client-server passwords. C. TACACS+ because it is a remote access authentication service. D. TACACS+ because it encrypts client-server negotiation dialogues.

D. TACACS+ because it encrypts client-server negotiation dialogues.

Of the following, which best describes the difference between RADIUS and TACACS+? A. RADIUS is a remote access authentication service B. RADIUS separates authentication, authorization, and auditing capabilities. C. TACACS+ is a remote access authentication service. D. TACACS+ separates authentication, authorization, and auditing capabilities.

D. TACACS+ separates authentication, authorization, and auditing capabilities.

Which of the following is an example of a nonessential protocol? A. DNS B. ARP C. TCP D. TFTP

D. TFTP

You are attempting to prevent unauthorized access to the desktop computers on your network. You decide to have the computers' operating systems lock after 5 minutes of inactivity. What type of security control is this? A. Detective B. Operational C. Management D. Technical

D. Technical

Which law protects your Social Security number and other pertinent information? A. HIPAA B. SOX C. The National Security Agency D. The Gramm-Leach-Bliley Act

D. The Gramm-Leach-Bliley Act

One of the users in your organization informs you that her 802.11n network adapter is connecting and disconnecting to and from an access point that was recently installed. The user has Bluetooth enabled on the laptop. A neighboring company had its wireless network compromised last week. Which of the following is the most likely cause of the disconnections? A. The attacker that compromised the neighboring company is running a war-driving attack. B. A Bluetooth device is interfering with the user's laptop. C. An attacker in your organization is attempting a bluejacking attack. D. The new access point was not properly configured and is interfering with another access point.

D. The new access point was not properly configured and is interfering with another access point.

A visitor plugs her laptop into the network in the conference room and attempts to start a presentation that requires Internet access. The user gets a warning on the screen saying that her antivirus software is not up to date. As a result, the visitor is unable to access the Internet. What is the most likely cause of this? A. The security posture on the network is disabled, and remediation must take place before the user can access the Internet. B. The IDS blocked access to the network. C. The IPS prevented access to the network. D. The security posture on the network is enabled, and remediation must take place before the user can access the Internet.

D. The security posture on the network is enabled, and remediation must take place before the user can access the Internet.

Which of following log files would be the most useful in determining which internal user was the source of an attack that compromised another computer on the same network? A. Directory Services logs B. The attacking computer's audit logs C. The firewall logs D. The target computer's audit logs

D. The target computer's audit logs

Michael has just completed monitoring and analyzing a web server. Which of the following indicates that the server might have been compromised? A. The web server is sending hundreds of UDP packets. B. The web server has a dozen connections to inbound port 80. C. The web server has a dozen connections to inbound port 443. D. The web server is showing a drop in CPU speed and hard disk speed.

D. The web server is showing a drop in CPU speed and hard disk speed.

Why would a security administrator use a vulnerability scanner? (Select the best answer.) A. To identify remote access policies B. To analyze protocols C. To map the network D. To find open ports on a server

D. To find open ports on a server

What is the best reason for security researchers to use virtual machines? A. To offer a secure virtual environment where they can conduct online deployments B. To offer an environment where they can discuss security research C. To offer an environment where network applications can be tested D. To offer an environment where malware might be executed but with minimal risk to equipment

D. To offer an environment where malware might be executed but with minimal risk to equipment

A thumb drive has been used to compromise systems and enable unauthorized access. What kind of malware was most likely installed to the thumb drive? A. Bot B. Logic bomb C. Virus D. Trojan

D. Trojan

One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer? A. Worm B. Logic bomb C. Spyware D. Trojan

D. Trojan

To prevent electrical damage to a computer and its peripherals, the computer should be connected to what? A. Power strip B. Power inverter C. AC to DC converter D. UPS

D. UPS

A systems administrator requires an all-in-one device that combines various levels of defense into one solution. She requires a single device that sits last on the network before the Internet connection. Which of the following would be the best solution? A. Circuit-level gateway B. DLP C. WIDS D. UTM

D. UTM

You are contracted with a customer to protect its user data. The customer requires the following: ~Easy backup of all user data ~Minimizing the risk of physical data theft ~Minimizing the impact of failure on any one file server Which of the following solutions should you implement? A. Back up user files to USB hard disks attached to the customer's systems. Store the USB hard disks in a secure area after hours. B. Use file servers with removable hard disks. Secure the hard disks in a separate area after hours. C. Use internal hard disks installed in file servers. Lock the file servers in a secure area. D. Use file servers attached to a NAS. Lock the file servers and NAS in a secure area.

D. Use file servers attached to a NAS. Lock the file servers and NAS in a secure area.

Ann has been asked by her boss to periodically ensure that a domain controller/DNS server maintains the proper security configuration. Which of the following should she review? A. Firewall logs B. NIPS logs C. WINS configuration D. User rights

D. User rights

Which of the following technologies was originally designed to decrease broadcast traffic and reduce the likelihood of having information compromised by network sniffers? A. DMZ B. VPN C. RADIUS D. VLAN

D. VLAN

What is the best way to prevent ARP poisoning across a network? A. MAC flooding B. Log analysis C. Loop protection D. VLAN segregation

D. VLAN segregation

A programmer wants to prevent cross-site scripting. Which of the following should the programmer implement? A. Validation of input to remove bit code B. Validation of input to remove shell scripts C. Validation of input to remove batch files D. Validation of input to remove hypertext

D. Validation of input to remove hypertext

The IT director asks you to verify that the organization's virtualization technology is implemented securely. What should you do? A. Verify that virtual machines are multihomed B. Perform penetration testing on virtual machines C. Subnet the network so that each virtual machine is on a different network segment D. Verify that virtual machines have the latest updates and patches installed

D. Verify that virtual machines have the latest updates and patches installed

A hacker develops a piece of malicious code that is not designed to automatically spread from one system to another. Instead, it is designed to spread from one file to another file on the individual computer. What type of malware is this? A. Worm B. Trojan C. Botnet D. Virus

D. Virus

You have identified a security threat on a server, but you have decided not to exploit it. What method have you implemented? A. Penetration test B. Risk mitigation C. NIDS D. Vulnerability scan

D. Vulnerability scan

You have received several reports from users of corrupted data. You patched the affected systems but are still getting reports of corrupted data. Which of the following methods should you use to help identify the problem? A. Data integrity check B. Penetration testing C. Hardware baseline review D. Vulnerability scan

D. Vulnerability scan

Which of the following is a passive attempt at identifying weaknesses? A. Port scanning B. Penetration testing C. DoS attack D. Vulnerability scanning

D. Vulnerability scanning

Which of the following can be implemented in hardware or software to protect a web server from XSS attacks? A. Flood guard B. IDS C. URL content filter D. WAF

D. WAF

Your boss asks you to install a wireless access point and set up a new wireless network. Which protocol offers the best wireless security? A. WPA B. SSH C. WEP D. WPA2

D. WPA2

If you were to deploy your wireless devices inside a TEMPEST-certified building, what could you prevent? A. Bluesnarfing B. Weak encryption C. Bluejacking D. War-driving

D. War-driving

The security company you work for has been contracted to discern the security level of a software application. The company building the application has given you the login details, production documentation, a test environment, and the source code. Which of the following testing types has been offered to you? A. Black box B. Red teaming C. Gray box D. White box

D. White box

What is the greatest benefit of using S/MIME? A. You can send e-mails with a return receipt. B. You can send anonymous e-mails. C. It expedites the delivery of your e-mails. D. You can encrypt and digitally sign e-mail messages.

D. You can encrypt and digitally sign e-mail messages.

Bob wants to send an encrypted e-mail to Alice. Which of the following will Alice need to use to verify the validity of Bob's certificate? (Select the two best answers.) A. Bob's private key B. Alice's private key C. The CA's private key D. Bob's public key E. Alice's public key F. The CA's public key

E. Alice's public key

Which of the following offer the best protection against brute-forcing passwords? (Select the two best answers.) A. MD5 B. SHA2 E. PBKDF2 D. AES E. PBKDF2 F. CHAP

E. PBKDF2 E. PBKDF2


Set pelajaran terkait

2. Ética de la persona (conciencia moral, libertad y responsabilidad, virtudes, las bienaventuranzas)

View Set

BIOL200 - Introduction to Cell Biology and Genetics

View Set

Chapter 9 Milady Nail Structure and Growth

View Set

SOC ch. 17 Science, the Environment, & society, SOC. Ch.15 Authority and State & Ch.11Health and Society, Chapter 17, SOC 16, 11, 17, Sociology Chapter 11, General Sociology: Chapter 11, Chapter 11, SOCI 101 QUIZ 11, cH11, Sociology Chapter 11 Health

View Set

chapter 3 life policy provisions, riders and options

View Set