BACS EXAM #2 Review

Ace your homework & exams now with Quizwiz!

3.2.4 1) Hashing algorithms are used to perform what activity?

Create a message digest

Establish a baseline for all systems

Manage Your Network

Establish an update management process

Manage Your Network

Create a list of all devices

Map Your Network

Create a list of all protocols being used on the network

Map Your Network

Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH

You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5?

3

An attacker uses an exploit to push a modified hosts file to client systems. This host file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario? (Select two)

1) DNS poisoning 2) Pharming

The PGP or Pretty Good Privacy encryption utility relies upon what algorithms? (Select two)

1) IDEA 2) 3DES

A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?

Botnet

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?

Browsing the organization's Website

Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. Wednesday morning the storage system fails. How many restore operations will you need to perform to recover all of the data?

1

Which of the following describes an IPv6 address (Select two)

1) 128-bit address 2) Eight hexadecimal quartets

You've decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration? (Select two)

1) 172.17.0.0 2) 172.17.128.0

Which of the following correctly describe the most common format for expressing IPv6 addresses? (Select two)

1) 32 numbers, grouped using colons 2) Hexadecimal numbers

Which of the following are valid IPv6 addresses?

1) 6384:1319:7700:7631:446A:5511:8940:2552 2) 141:0:0:0:15:0:0:1

If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's logon credentials, which of the following is true? (Select two)

1) A collision was discovered 2) The discovered password will allow the attacker to log on as the user, even if it is not the same as the user's password

Which of the following algorithms are used in symmetric encryption? (Select three)

1) AES 2) Blowfish 3) 3DES

Which of the following are true concerning the Advanced Encryption Standard (AES) symmetric block cipher? (Select two)

1) AES uses a variable-length block and key length (128-, 192-, or 256-bit keys) 2) AES uses the Rijndael block cipher

You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security? (Select two:)

1) Apply all patches and updates 2) Change default account passwords

Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two)

1) CO2 2) Halon

Which of the following are advantages of virtualization? (Select two)

1) Centralized administration 2) Easy migration of systems to different hardware

You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems versions and editions. Currently all of your testing virtual machines are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could possible adversly impact other network hostsif mistakes or errors exist in the code. To prevent this, you decide to isolate the virtual machine from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two)

1) Connect the virtual network interfaces in the virtual machines to the virtual switch 2) Create a new virtual switch configured for host-only (internal) networking

Which of the following applications typically use 802.1x authentication? (Select two)

1) Controlling access through a switch 2) Controlling access through a wireless access point

You are responsible for maintaining Windows workstation operating systems in your organization. Recently an update from Microsoft was automatically installed on your workstations that caused an application that was developed in-house to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations. Currently, all of your testing virtual machines do not have a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates. What should you do? (Select two)

1) Create a new virtual switch configured for bridged (external) networking 2) Connect the virtual network interfaces in the virtual machines to the virtual switch

You have been recently hired as the new network administrator for a startup company. The compnay's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network Plan for the network. You have already completed the first and second milestones where documentation procedures were identified and the network was mapped. You are now working on the third milestone where you must identify ways to protect the network. Which tasks should you complete as a part of this milestone? (Select two)

1) Identify and document each user on the network 2) Physically secure high-value systems

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents Which of the following is true in this scenario? (Select two)

1) If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, it will be saved in an unencrypted state 2) Only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it by default

Which of the following are true concerning the Virtual Desktop Infrastructure (VDI)? (Select two)

1) In the event of a widespread malware infection, the administrator can quickly re-image all user desktops on a few central servers 2) User desktop environments are centrally hosted on servers instead of on individual desktop systems

3.3.5 Which of the following are true of Triple DES (3DES)? (Select two)

1) Is used in IPSec 2) Uses a 168-bit key

In a cryptographic system, what properties should the initialization vector have? (Select two)

1) Large 2) Unpredictable

Which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (Select two)

1) MS-CHAP 2) CHAP

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. Which system components are encrypted in this scenario? (Select two)

1) Master boot record 2) C:\ volume

Which of the following activities are considered passive in regards to the functioning of an intusion detection systme? (Select two)

1) Monitoring the audit trails on a server 2) Listening to network traffic

An active IDS system often performs which of the following actions? (Select two)

1) Perform reverse lookups to identify an intruder 2) Update filters to block suspect traffic

Besides protecting a computer from under voltages, a typical UPS also performs which two actions:

1) Protects from over voltages 2) Conditions the power signal

Which of the following algorithms are used in asymmetric encryption? (Select two)

1) RSA 2) Diffie-Hellman

Which of the following mechanisms can you use to add encryption to e-mail? (Select two)

1) S/MIME 2) PGP

2.13.5 Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two)

1) TACACS+ 2) RADIUS

You are implementing a Fibre Channel SAN that will be used by the database servers in your organization. You are concerned about security, so your design specifies that SAN hosts must authenticate with each other beore a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted. Which of the following are true in this scenario? (Select two)

1) The Diffie-Hellman Challenge Authentication Protocol Handshake Authentication Protocol (DH-CHAP) can be used to mutually authenticate SAN hosts 2) The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit

What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack? (Select two)

1) The IDS logs all pertinent data about the intrusion 2) An alert is generated and delivered via e-mail, the console, or an SNMP trap

You suspect that an Xmas tree attack is occuring on a system. Which of the following could result if you do not stop the attack? (Select two)

1) The threat agent will obtain information about open ports on the system 2) The system will unavailable to respond to legitimate requests

Which of the following are characteristics of TACACS+? (Select two)

1) Uses TCP 2) Allows for a possible of three different servers, one each for authentication, authorization and accounting

Which of the following are characteristics of ECC? (Select two)

1) Uses a finite set of values within an algebraic field 2) Asymmetric encryption

Which of the following items are contained in a digital certificate? (Select two)

1) Validity period 2) Public Key

Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two)

1) WSUS 2) Group Policy

Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data? *** Network backup strategy: → Full backups every Sunday night → Differential backups Monday through Saturday nights

2

Thursday morning the storage system fails. How many restore operations will you need to perform to recover all of the data? *** Network backup strategy: → Full backups every Sunday night → Incremental backups Monday through Saturday nights

4

What is the recommended humidity level for server rooms?

50%

You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch. Which of the following should you implement?

802.1x

Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of 127.0.0.1?

::1

9.5.11 Which of the following are disadvantages to server virtualization?

A compromise of the host system might affect multiple servers

Which of the following would you find on a CPS?

A declaration of the security that the organization is implementing for all certificates

Which of the following are disadvantages to server virtualization?

A failure in one hardware component could affect multiple servers

Which of the following describes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server

What is a cookie?

A file saved on your hard drive that tracks Web site preferences and use

What is a PKI?

A hierarchy of computers for issuing certificates

Which of the following describes a configuration baseline?

A list of common security settings that a group or all devices share

Which of the following best describes a logic bomb?

A program that performs a malicious activity at a specific time or after a triggering event

What type of key or keys are used in symmetric cryptography?

A shared private key

Which of the following best describes high amplification when applied to hashing algorithms?

A small change in the message results in a big change in the hash value

Which of the following is the best example of remote access authentication?

A user establishes a dial-up connection to a server to gain access to shared resources

8.1.7 What is the main difference between a worm and a virus?

A worm can replicate itself, while a virus requires a host for distribution

A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible?

AES

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP poisoning

Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices

ARP spoofing/poisoning

Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources following logon?

Access token

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do to help reduce problems?

Add a separate A/C unit in the server room

9.3.8) You have been getting a lot of phishing e-mails sent from the domain kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl. You want to make sure that these e-mails never reach your Inbox,but that e-mails from other senders are not affected. What should you do?

Add kenyan.msn.pl to the e-mail blacklist

You manage several Windows systems. Desktop users access an in-house application that is hosted on your intranet Web server. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?

Add the URL of the Web site to the Local intranet zone

You manage several Windows systems. All computers are members of a domain. You use an internal Web site that uses Integrated Windows Authentication. You attempt to connect to the Web site and are prompted for authentication. You verify that your user account has permission to access the Web site. You need to ensure that you are automatically authenticated when you connect to the Web site. What should you do?

Add the internal Web site to the Local intranet zone

While browsing the Internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of?

Adware

What will the netstat -a command show?

All listening and non-listening sockets

You want to allow e-commerce Web sites that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicity visit. How should you configure the browser settings?

Allow first party cookies but block third-party cookies

Community cloud

Allows cloud services to be shared by several organizations

Which of the following best describes the ping of death?

An ICMP packet that is larger than 65,536 bytes

When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?

An unauthorized user gaining access to sensitive resources

Which of the following is a form of mathematical attack against the complexity of a cryptosystem's algorithm?

Analytic attack

7.6.7 You are concerned about protecting your network from network-based attacks from the Internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?

Anomaly based IDS

What is the most common form of host based IDS that employs signature or pattern matching detection methods?

Anti-virus software

Which of the following measures are you most likely to implement to protect against a worm or Trojan horse?

Anti-virus software

Which of the following statements about the use of anti-virus software is correct?

Anti-virus software should be configured to download updated virus definition files as soon as they become available

Which of the following is the best recommendation for applying hotfixes to your servers?

Apply only the hotfixes that apply to software running on your systems

A PKI is a method for managing which type of encryption?

Asymmetric

What form of cryptography is scalable for use in very large and ever-expanding environments where data is frequently exchanged between different communication partners?

Asymmetric cryptography

Which of the following statements is true when comparing symmetric and asymmetric cryptography?

Asymmetric key cryptography is used to distribute symmetric keys

What is another name for a logic bomb?

Asynchronous attack

Radius is primarily used for what purpose?

Authenticating remote clients before access to the network is granted

What are the most common network traffic packets captured and used in a replay attack?

Authentication

Which of the following is the term for the process of validating a subject's identity?

Authentication

A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?

Authentication and authorization

Developers in your company have created a Web application that interfaces with a database server. During development, programmers created a special user account that bypasses the normal security. What is this an example of?

Backdoor

While developing a network application, a programmer adds functionality that allows her to access the running program, without authentication, to capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent?

Backdoor

NetBus and Back Orifice are remote control tools. They allow you to connect to a remote system over a network and operate it as if you were sitting at its local keyboard. Unfortunately, these two programs are also examples of what type of security concern?

Backdoor trojans

What does a differential backup do during the backup?

Backs up all files with the archive bit set; does not reset the archive bit

What does an incremental backup do during the backup?

Backs up all files with the archive bit set; resets the archive bit

If two different messages or files produce the same hashing digest, then a collision has occurred. What form of cryptographic attack exploits this condition?

Birthday attack

You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which solution would you choose? 1) IPSec 2) EFS 3) VPN 4) BitLocker

BitLocker

Which of the following attacks will typically take the longest amount of time to complete?

Brute force attack

In business continuity planning, what is the primary focus of the scope?

Business processes

Which is a typical goal of MAC spoofing?

Bypassing 802.1x port-based security

Which of the following is a high-security identification, as well as authentication, to gain access? A) Mousetrap B) Fencing C) Mantrap D) Hot aisle

C) Mantrap

On the outer edge of physical security is the first barrier to entry. This barrier is known as a(n) ___________. A) Blockade B) Door C) Perimeter D) Stop

C) Perimeter

You've been drafted for the safety committee. One of your first tasks is to inventory all of the fire extinguishers and make certain that the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires? A) Type A B) Type B C) Type C D) Type D

C) Type C

Which of the following is the best description of shoulder surfing? A) Following someone through a door they just unlocked B) Figuring out how to unlock a secured area C) Watching someone enter important information D) Stealing information from someone's desk

C) Watching someone enter important information

Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?

CHAP

Which of the following generates the key pair used in asymmetric cryptography?

CSP

Console port

Cannot be sniffed

Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?

Carbon dioxide (CO2)

In what form of key management solution is key recovery possible?

Centralized

Which of the following conditions does not result in a certificate being added to the certificate revocation list?

Certificate expiration

What is the primary function of the IKE protocol used with IPSec?

Create a security association between communicating partners

Which of the following is the best description of tailgating? A) Sitting close to someone in a meeting B) Stealing information from someone's desk C) Figuring out how to unlock a secured area D) Following someone through a door they just unlocked

D) Following someone through a door they just unlocked

When securing a newly deployed server, which of the following rules of thumb should be followed?

Determine the unneeded services and their dependencies before altering the system

Which of the following best describes the concept of a virtual LAN?

Devices on the same network logically grouped as if they were on seperate net

Which type of attack employs a list of pre-defined passwords that it tries against a logon prompt or a local copy of a security accounts database?

Dictionary

Implement the principle of least privelege

Control Your Network

The Clark-Wilson model is primarily based on?

Controlled intermediary access applications

Which of the following is a text file provided by a Web site to a client that is stored on a user's hard drive in order to track and record information about the user?

Cookie

9.2.13 Use of which of the following is a possible violation of privacy?

Cookies

Which of the following is considered an out-of-band distribution method for private-key encryption?

Copying the key to a USB drive

A customer just received a phone bill on which there are charges for unauthorized services. This customer is victim to which type of attack?

Cramming

Which of the following phone attacks adds unauthorized charges to a telephone bill?

Cramming

Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting cipher text. What type of attack is this?

Chosen plaintext

Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?

Class C

To help prevent browser attacks, users of public computers should do which of the following?

Clear the browser cache

Which of the following is not true regarding cloud computing?

Cloud computing requires end-user knowledge of the physical location and configuration of the system that delivers the services

Which of the following network strategies connects multiple servers toether such that if one server fails, the others immediately take over its tasks, preventing a distuption in service?

Clustering

During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?

Code review

Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?

Cold site

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?

Collect and destroy all old plan copies

When two different messages produce the same hash value, what has occurred?

Collision

Which of the following is not a reason to use subnets on a network?

Combine different media type on the same subnet

You create a new doccument and save it to a hard drive on a file server on your company's network. Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing what security goal?

Confidentiality

You have decided to implement a remote access solution that uses multiple remote servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration?

Configure the remote access servers as RADIUS clients

The Brewer-Nash model is designed primarily to prevent?

Conflicts of interest

You manage the website for your company. The website uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage, and a single connection to your ISP. You want to provide redundancy such that failure in a single component does not cause the website to be unavailable. What should you add to your configuration to accomplish this?

Connect one server through a different ISP to the Internet

Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all of the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire? A) Based B) Overhead sprinklers C) Overhauling worn motors D) Humidity control

D) Gas based

Which of the following will not reduce EMI? A) Physical location B) Physical shielding C) Overhauling worn motors D) Humidity control

D) Humidity control

Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources

DAC

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

DAC

Which of the following is not a protection against session hijacking?

DCHP reservations

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

DDoS

Which of the following encryption mechanisms offers the least security because of weak keys?

DES

Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning

While using the Internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the Web server, the correct site is displayed. Which type of attack has likely occurred?

DNS poisoning

Which protocol should you disable on the user access ports of a switch?

DTP

Which of the following defines an object as used in access control?

Data, applications, systems, networks, and physical space

Which backup strategy backs up only files which have the archive bit set, but does not mark them as having been backed up?

Differential

Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5 or any other symmetric cryptography solution?

Diffie-Hellman

Which of the following is a direct protection of integrity?

Digital signature

8.3.11) Which of the following actions should you take to reduce the attack surface of a server?

Disable unused services

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?

Disconnect the intruder

You manage the website for your company. The Web1 server hosts the website. This server has the following configuration: → Dual core processor → Dual power supplies → RAID 5 volume → One RAID controller → Two 1000 Mbps network adapters. Which component is a single point of failure for the website?

Disk controller

Which of the following security measures encrypts the entire contents of a hard drive?

DriveLock

What is the most common means of virus distribution?

E-mail

Secure Multi-Purpose Internet Mail Extensions (S/MIME) is used to protect what?

E-mail attachments

Implements the Diffie-Hellman key exchange protocol using elliptic curve cryptography

ECDH

Which of the following security solutions would prevent a user from reading a file which she did not create?

EFS

Which of the following statementsabout ESD is not correct?

ESD is much more likely to occur when the relative humidity is above 50%

Which form of asymmetric cryptography is based upon Diffie-Hellman?

El Gamal

10.3.10 1) You would like to implement BitLocker to encrypt data on a hard disk even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?

Enable the TPM in the BIOS

Which of the following is a characteristic of TACACS+?

Encrypts the entire packet, not just authentication packets

Exist only for the lifetime or a specific communication session

Ephemeral keys

What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization

Which of the following is a valid IPv6 address?

FECO::AB:9007

Which of the following is a secure to FTP that uses SSL for encryption?

FTPS

You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is not detectedby the NIDS device?

False negative

Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?

Identity

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?

Implement BitLocker with a TPM

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?

Man-in-the-middle attack

Which backup strategy backs up all files from a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up?

Full

9.6.12) Which of the following will enter random data to the inputs of an application?

Fuzzing

3.6.4 What is the main function of a TPM hardware chip?

Generate and store cryptographic keys

Your organization uses the following tape rotation strategy for its backup tapes: 1) The first set of tapes is used for daily backups 2) At the end of each week, the latest daily backup tape is promoted to be the weekly backup tape 3) At the end of the each month, one of the weekly backup tapes is promoted to be the monthly backup tape What kind of backup tape rotation strategy is being used?

Grandfather

You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use?

Group Policy

By definition, what is the process of reducing security exposure and tightening security controls?

Hardening

Which of the following is used to verify that a downloaded file has not been altered?

Hash

A birthday attack focuses on what?

Hashing algorithms

When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?

Hijacking

You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the methods of attack that are being deployed. What should you implement?

Honeynet

What do host based intrusion detection systems often rely upon to perform their detection activities?

Host system auditing capabilities

You have been asked to deploy a network solution that requires an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?

Hot site

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?

Hotfix

Which of the following password attacks adds appendages to known dictionary words?

Hybrid

What is the default encryption algorithm usedby SSH (Secure Shell) to protect data traffic between a client and the controlled server?

IDEA

Which of the following devices is capable of detecting and responding to security threats?

IPS

6.4.9 Which of the following is the best count is the best countermeasure against man-in-the-middle attacks?

IPSec

Which of the following network layer protocols provides authentication and encryption services for IP based network traffic?

IPSec

Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic?

IPSec (Internet Protocol Security)

MTTR

Identifies the average amount of time to repair a failed component or to restore operations

MTBF

Identifies the average lifetime of a system or component

MTD

Identifies the length of time an organization can survive with a specified service, asset, or process down.

To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where should it be submitted?

Identifying data and a certification request to the registration authority (RA)

Your organization uses a Web server to host an e-commerce site. Because this Web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the Web server. The security control must be able to identify malicious payloads and block them.

Implement an application-aware IPS in front of the Web server

To increase your ability to recover from a disaster, where should you store backup tapes?

In a safety deposit box at a bank

The sender's key is sent to a recipient using a Diffie-Hellman key exchange

In-band distribution

The sender's key is sent to the recipient using public-key cryptography

In-band distribution

Which of the following is the most effective protection against IP packet spoofing on a private network?

Ingress and egress filters

Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data?

Input validation

Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running. What should you do?

Install shielded cables near the elevator

Hybrid cloud

Integrates one loud services with other cloud services

Which of the following symmetric block ciphers does not use a variable block length?

International Data Encryption Algorithm (IDEA)

Sandboxing

Isolating a virtual machine from the physical network

You have installed anti-malware software that checks for viruses in e-mail attachments. You configure the software to quarantine any files with problems. You receive an e-mail with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file?

It has been moved to a secure folder on your computer

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source

When should a hardware device be replaced in order to minimize downtime?

Just before it's MTBF is reached

5.2.4) Which of the following is the most important thing to do to prevent console access to the router?

Keep the router in a locked room

When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred?

Key clustering

Which of the following is not true concerning symmetric key cryptography?

Key management is easy when implemented on a large scale

You are concerned about the strength of your cryptographic keys, so you implement a system that does the following: → The initial key is fed into the input of the bcrypt utility on a Linux workstation → The bcrypt utility produces an enhanced key that is 128 bits long. The resulting enhanced key is much more difficult to crack than the original key. Which kind of encryption mechanism used in this scenario?

Key stretching

In which type of attack does the attacker have access to both the plain text and the resulting cipher text, but does not have the ability to encrypt the plain text?

Known plaintext

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Land attack

When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?

Land attack

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious

You have a Web server on your network that hosts the public Web site for your company. You want to make sure that the Web site will continue to be available even if a NIC, hard drive, or other problem prevents the server from responding. Which solution should you implement?

Load balancing

In which form of access control environment is access controlled b rules rather than by identity?

MAC

Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?

MAC

7.3.3 Which of the following attacks, if successful, causes a switch to function like a hub?

MAC flooding

Which of the following is the weakest hashing algorithm?

MD5

What is the primary goal of business continuity planning?

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

5.3.6) You walk by the server room and notice a fire has started. What should you do first?

Make sure everyone has cleared the area

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature?

Mary's private key

MTTF

Measures the average time to failure of a system or a component

4.3.4 When recovery is being performed due to a disaster, which services are to be stabilized first?

Mission critical

Flexibility

Moving virtual machines between hypervisor hosts

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Mutual authentication

When is the best time to apply for a certificate renewal?

Near the end of the certificate's valid lifetime

Routers operate at what level of the Open System Interconnect model?

Network layer

When is a BCP or DRP design and development actually completed

Never

2.1.6) Which is the star property of Bell-LaPulda

No write down

Which type of active scan turns off all flags in a TCP header?

Null

You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?

Obtain a certificate from a public PKI

How many keys are used with symmetric key cryptography?

One

Which of the following encryption methods combines a random value with the plain text to produce the cipher text?

One-time pad

What technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large complex environments?

Online Certificate Status Protocol

SHA-1 uses which of the following bit length hashing algorithms

Only 160-bit

Which of the following are backed up during a differential backup?

Only files that have changed since the last full backup

Which of the following are backed up during an incremental backup?

Only files that have changed since the last full or incremental backup

You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send e-mail messages. Which type of e-mail attack is this server susceptible to?

Open SMTP relay

The sender's key is burned to a CD and handed to the recipient

Out-of-band distribution

The sender's key is copied to a USB drive and handed to the recipient

Out-of-band distribution

Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks?

PAP

Which of the following best describes the Platform as a Service (PaaS) cloud computing service model?

PaaS delivers everything a developer needs to build an application onto the cloud infrastructure

A Smurf attack requires all but which of the following elements to be implemented?

Padded cell

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting the availability of the network. Which of the following should you implement?

Positive pressure system

Use timestamps on all documents

Prepare to Document

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

Private keys

Telnet is inherently insecure because its communications is in plain text and easily intercepted. Which of the following is an acceptable alternative to Telnet

SSH

Uses no deterministic algorithm when generating public keys

Perfect forward secrecy

The disaster recovery plan calls for having tape backups stored at a different location. The location is a safe deposit box at the local bank. Because of tis, the disaster recovery plan specifies to choose a method that uses the fewest tapes, but is also quick to back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups?

Perform a full backup once a week with a differential backup the other days of the week

Server consolidation

Performing a physical-to-virtual migration (P2V)

CHAP performs which of the following security functions?

Periodically verifies the identity of a peer using a three-way handshake

Users in your organization receive e-mail messages informing them that suspicious activity has been detected on thei bank account. They are directed to click a link in the e-mail to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain. What kind of attack has occurred?

Phishing

Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwith than the attacker?

Ping Flood

Which of the following ports are used with TACACS?

Port 49

7.2.6 A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occured?

Privilege escalation

An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?

Privilege escalation

Identify the choke points on the network

Protect Your Network

Segregate and isolate networks

Protect Your Network

What is the primary use of Secure Electronic Transaction (SET)?

Protect credit card information transmissions

Which of the following is an advantage of a virtual browser?

Protects the host operating system from malicious downloads

Private cloud

Provides cloud services to a single organization

Public cloud

Provides cloud services to just about anyone

Which of the following are differences between RADIUS and TACACS+?

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers

Which of the following drive configurations is fault tolerant?

RAID 5

What is an advantage of RAID 5 over RAID 1?

RAID 5 improves performance over RAID 1

You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?

RBAC

Which of the following can be classified as a "stream cipher"?

RC4

Which version of the Rivest Cipher is a block cipher that supports variable bit length keys and variable bit block sizes?

RC5

Which public key encryption system does PGP (Pretty Good Privacy) use for key exchange and digital signatures?

RSA

4.2.4 Make sure that remote access connections are secure

Reach Your Network

Remove insecure protocols

Reach Your Network

10.1.10 Which form of alternate site is the cheapest but may not allow an organization to recover before reaching their maximum tolerable downtime?

Reciprocal agreement

Which of the following terms describes the actual time required to successfully recover operations in the event of an incident?

Recovery Time Objective (RTO)

You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact?

Recovery agent

Which of the following is an entity that accepts and validates information contained within a request for a certificate?

Registration authority

10.2.10) Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Regularly test restoration procedures

What does a remote access server use for authentication?

Remote access policies

A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state?

Restore the full backup and the last differential backup

You recently discovered several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files?

Retro

Which access control model manages rights and permissions based on job descriptions and responsibilities?

Role Based Access Control (RBAC)

What form of access control is based on job descriptions?

Role-based access control (RBAC)

You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following best describes this software?

Rootkit

You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might get installed while browsing websites and could compromise your system or pose a confidentiality risk. Which of the following would best protect your system?

Run the browser within a virtual environment

You want to use a protocol for encrypting e-mails that uses a PKI with X.509 certificates. Which method should you choose?

S/MIME

Which of the following does not or cannot produce a hash value of 128-bits?

SHA-1

Which of the following is the strongest hashing algorithm?

SHA-1

10.4.9 You are purchasing a hard disk over the Internet from an online retailer. What does your browser use to ensure that others cannot see your credit card number on the Internet?

SSL

Which protocol does HTTPS use to offer greater security in Web transactions?

SSL

Which security mechanism can be used to harden or protect e-commerce traffic from Web servers?

SSL

Which of the following is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet?

SYN flood

10.5.4 Which of the following cloud computing solutions will deliver software applications to a client either over the Internet or on a local area network?

SaaS

Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message?

Sam's public key

The strength of a cryptosystem is dependent upon which of the following?

Secrecy of the key

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What msut the receiver use to access the hashin value to verify the integrity of the transmission?

Sender's public key

SSL (Secure Sockets Layer) operates at which layer of the OSI model?

Session

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?

Signature based

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

What is modified in the most common form of spoofing on a typical IP packet?

Source address

An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario?

Spam

Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?

Spamming

Which of the following solutions would you implement to eliminate switching loops?

Spanning tree

You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support?

Spanning tree

A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on the Internet-facing interface. This is an example of what form attack?

Spoofing

The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing?

The testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies

Can be reused by multiple communication sessions

Static keys

Which form of cryptanalysis focuses on the weaknesses in the supporting computing platform as a means to exploit and defeat encryption?

Statistical attack

Which type of virus intercepts system requests and alters service outputs to conceal its presence?

Stealth

What is the cryptography mechanism which hides secret communications within various forms of data?

Steganography

6.1.9 Which of the following best describes the purpose of using subnets?

Subnets divide an IP network address into multiple network addresses

The Enigma machine, a cryptographic tool introduced in 1944 and used in WW2, encrypted messages by replacing characters for plain text. Which type of cipher does the Enigma machine use?

Substiution

Which of the following is the least effective power loss protection for computer systems?

Surge protector

7.5.12) A virtual LAN can be created using which of the following?

Switch

When configuring VLANs on a switch, what is used to identify VLAN membership of a device?

Switch port

What form of cryptography is not scalable as a stand-alone system for use in very large and ever expanding environments where data is frequently exchanged between different communication partners?

Symmetric cryptography

Which of the following protocols can be used to centralize remote access authentication?

TACACS

Which of the following communications encryption mechanisms have a specific version for wireless communications?

TLS (Transport Layer Security)

Which of the following technologies is based upon SSL (Secure Sockets Layer)?

TLS (Transport Layer Security)

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered?

Tabletop exercise

In which of the following Denial of Service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?

Teardrop

You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix?

Test the hotfix, then apply it to all servers

6.3.8 Which of the following is the main difference between a DoS attack and a DDoS attack?

The DDoS attack uses zombie computers

Soft zoning

The SAN fabric naming service is configured such that a SAN host can view only the names o storage devices that are in the same zone

7.7.4) Hard zoning

The SAN switch is configured with ACLs to restrict communications between SAN hosts and storage devices

Which of the following best describes a side-channel attack?

The attack is based on information gained from the physical implementation of a cryptosystem

When using SSL authentication, what does the client verify first when checking a server's identity?

The current data and time must fall within the server's certificate validity period

Which of the following is not true regarding cookies?

They operate within a security sandbox

Why are brute force attacks always successful?

They test every possible valid combination

A honey pot is used for what purpose?

To delay intruders in order to gather auditing data

Why should backup media be stored offsite?

To prevent the same disaster from affecting both the network and the backup media

3.5.8) What is the purpose of key escrow?

To provide a means for legal authorities to access confidential data

HTTP

Transfers data in clear text

Telnet

Transfers data in clear text

3.1.5 1) Which type of cipher changes the position of the characters in a plain text message?

Transposition

What is a program that appears to be a legitimate application, utility, game or screensaver and that performs malicious activities surreptitously?

Trojan horse

When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?

Trunk ports

Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet?

Trusted third-party

3.4.3 How many keys are used with asymmetric or public key cryptography?

Two

How many keys are used with Public Key Cryptography?

Two

You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?

Update the signature files

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device?

Use a stronger administrative password

You have 5 salesmen who workout of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?

Use cable locks to chain the laptops to the desks

Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?

User ACL

2.3.5) Which of the following information is typically not included in an access token?

User account password

Which of the following is used for identification?

Username

Which of the folowing is not true in regards to S/MIME

Uses IDEA encryption

7.4.3) SSL

Uses public-key cryptography

SSH

Uses public-key cryptography

Testing

Verifying that security controls are working as designed

Which connectivity method seeds voice phone calls using the TCP/IP protocol over digital data lines?

VoIP

5.6.3 The presence of unapproved modems on desktop systems give rise to the LAN being vulnerable to which of the following?

War dialing

Daily backups are done at the ABD company location and only a weekly backup is maintained at another network location. Which of the following disaster recovery strategies is ABD using?

Warm site

Bob Jones used the RC5 cryptosystem to encrypt a sensitive and confidential file on his notebook. He used 32 bit blocks, a 64 bit key, and he only used the selected key once. He moved the key onto a USB hard drive which was stored in a safety deposit box. Bob's notebook was stolen. Within a few days Bob discovered the contents of his encrypted file on the Internet. What is the primary reason why Bob's file was opened so quickly?

Weak key

HTTPS (Hypertext Transfer Protocol over Secure Sockets Layer)

Web

You manage a Web site for your company. The Web site uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply. Considering the availability of your website, which component represents a single point failure?

Website storage

In which of the following situations would you use port security?

You want to restrict the devices that could connect through a switch port

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file?

Your copy is the same as the copy posted on the website

Port zoning

Zone membership and access to SAN storage is based on the switch port a SAN host is connected to

Which of the following protocols can TLS use for key exchange?

→ Diffie-Hellman → RSA

As network administrator you are asked to recommend a secure method of transferring data between hosts on a network. Which of the following protocols would you recommend?

→ SCP → SFTP

SFTP uses which mechanism to provide security for authentication and data transfer?

→ SSH

Which of the following protocols are often added to other protocols to provide secure transmission of data?

→ SSL → TLS

You are implementing an iSCSI SAN that will be used by the file servers in your organization. You are concerned about security, so your design specifies that iSCSI initiators and targets must authenticate with each other before a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted. Which of the following are true in the scenario?

→ The Challenge-Handshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts → The Internet Protocol Security (IPsec) protocol can be used to encrypt data in transit

Which command should you use to display both listening and non-listening sockets on your Linux system?

netstat -a

You need to enumerate the devices on your network and display the configuration details on the network. Which of the following utilities should you choose?

nmap

You need to increase the security of your Linux system finding and closing open ports. Which of the following commands should you use to locate open ports?

nmap

8.6.4) Which command should you use to scan for open TCP ports on your Linux system?

nmap -sT

IPSec is implemented through two seperate protocols. What are these protocols called?

→ AH → ESP


Related study sets

HIM 151 Chapter 7 AMBULATORY AND OTHER MEDICARE-MEDICAID REIMBURSEMENT SYSTEMS

View Set

Journaling Accrued Salaries Expenses

View Set

Basic Nutrition Chapter 14: Vitamins and Minerals

View Set

Switzerland & Eastern Europe - Advanced Somm Quiz

View Set

Chapter 10: Principles and Practices of Rehabilitation

View Set

Understanding Proofs and Constructions Unit Test 96%

View Set