JCCC Cyber Security Fundamentals Chapter Tests (Except Chpt6)
Which of the following is not a valid cryptographic hash function?
RC4
Which of the following is not a common criteria when authenticating users?
Something you like
Making data appear as if it is coming from somewhere other than its original source is known as what?
Spoofing
What can attackers accomplish using malicious port scanning?
"Fingerprint" of the operating system
Which of the following computer security threats can be updated automatically and remotely? (Select the best answer)
Zombie
You check the application log of your web server and see that someone attempted unsuccessfully to enter the text below into an HTML form field. Which attack was attempted?test; etc/passwd
Command injection
Which of the following methods will best verify that a download from the Internet has not been modified since the manufacturer released it?
Compare the final MD5 hash with the original.
Which of the following would lower the level of password security?
Complex passwords that users cannot change are randomly generated by the administrator.
Which of the following is the greatest risk when it comes to removable storage?
Confidentiality of data
Which of the following deals with the standard load for a server?
Configuration baseline
Which of the following encompasses application patch management?
Configuration management
What are two ways to secure the computer within the BIOS? (Select the two best answers).
Configure a supervisor password Set the hard drive first in the boot order.
You are the security administrator for your organization. You have just identified a malware incident. Of the following, what should be your first response?
Containment
Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer?
Content filter
What is a device doing when it actively monitors data streams for malicious code?
Content inspection
Which of the following techniques enables an already secure organization to assess security vulnerabilities in real time
Continuous monitoring
What is the best definition for ARP?
Resolves ip addresses to MAC addresses
Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?
Signature based IDS
One of the developers in your organization installs a new application in a test system to test its functionality before implementing into production. Which of the following is most likely affected?
Initial baseline configuration
To code applications in a secure manner, what is the best practice to use?
Input validation
What's the best way to prevent SQL injection attacks on web applications?
Input validation
Which of the following should be implemented to harden an operating system? (Select the two best answers.)
Install Windows Defender. Install the latest updates.
You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do?
Install pop-up blockers
A user receive an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts?
Integrity
When it comes to information security, what is the I in CIA?
Integrity
In information security, what are the three main goals? (Select the three best answers)
Integrity Confidentiality Availability
Carl is the security administrator for a transportation company. Which of the following should he encrypt to protect the data on a smartphone? (Select the two best answers.)
Internal memory Removable memory cards
What does a virtual private network use to connect one remote host to another? (Select the best answer.)
Internet
If your ISP blocks objectionable material, what device would you guess has been implemented?
Internet content filter
What should you configure to improve wireless security?
MAC filtering
Which of the following is used when performing a quantitative risk analysis?
Asset value
Which of the following is used by PGP to encrypt the session key before it is sent?
Symmetric scheme
What is another term for secret key encryption?
Symmetrical
To find out when a computer was shut down, which log file would an administrator use?
System
Rick has a local computer that uses software to generate and store key pairs. What type of PKI implementation is this?
Decentralized
Which of the following requires special handling and policies for data retention and distribution? (Select the two best answers.)
Personal electronic devices PII
Turnstiles, double entry doors, and security guards are all preventative measures for what kind of social engineering?
Piggybacking
Which of the following tools uses ICMP as its main underlying protocol?
Ping scanner
Where is the optimal place to have a proxy server?
In between a private network and a public network
Which of the following might a public key be used to accomplish?
To decrypt the hash of a digital signature
You are a forensics investigator. What is the most important reason for you to verify the integrity of acquired data?
To ensure that the data has not been tampered with
Why would you implement password masking?
To deter shoulder surfing
Why would a security administrator use a vulnerability scanner? (Select the best answer.)
To find open ports on a server
Why would an attacker use steganography?
To hide information
In a wireless network, why is an SSID used?
To identify the network
Which of the following answers are not part of IPsec? (Select the two best answers.)
AES TKIP
Which of the following is a security reason to implement virtualization in your network?
To isolate network services and roles
Which of the following is a concern based on a user taking pictures with a smartphone?
Geotagging
What key combination helps to secure the logon process?
Ctrl+Alt+Del
Your boss asks you to limit the wireless signal of a WAP from going outside the building. What should you do?
Decrease the power levels of the WAP.
Which of the following is the weakest encryption type?
DES
Of the following backup types, which describes the backup of files that have changed since the last full or incremental backup?
Incremental
Which of the following is a common symptom of spyware?
Pop-up windows
Which two options can prevent unauthorized employees from entering a server room? (Select the two best answers.)
Proximity reader Security guard
What is the main purpose of a physical access log?
To show who entered the facility
What is the main reason to frequently view the logs of a DNS server?
To watch for unauthorized zone transfers
Which port number is ultimately used by SCP?
22
For a remote tech to log in to a user's computer in another state, what inbound port must be open on the user's computer?
3389 (if the only available tool is RDP, there are many available)
Which TCP port does LDAP use?
389
You have analyzed what you expect to be malicious code. The results show that JavaScript is being utilized to send random data to a separate service on the same computer. What attack has occurred?
Buffer overflow
Heaps and stacks can be affected by which of the following attacks?
Buffer overflows
A hash algorithm has the capability to avoid the same output from two guessed inputs. What is this known as?
Collision resistance
In an attempt to collect information about a user's activities, which of the following will be used by spyware?
Tracking cookie
From the list of ports, select two that are used for e-mail. (Select the two best answers.
143 110
Which port number does the Domain Name System use?
53
Which port number does the protocol LDAP use when it is secured?
636
Which of the following permits or denies access to resources through the use of ports?
802.1X
Which of the following ports is used by Kerberos by default?
88
Your organization wants to implement a secure e-mail system using the POP3 and SMTP mail protocols. All mail connections need to be secured with SSL. Which of the following ports should you be using? (Select the two best answers.)
995 465
What are some of the drawbacks to using HIDS instead of a NIDS on a server? (Select the two best answers)
A HIDS may use a lot of resources, which can slow server performance. A HIDS cannot detect network attacks
Of the following, which statement correctly describes the difference between a secure cipher and a secure hash?
A cipher can be reversed; a hash cannot.
What does it mean if a hashing algorithm creates the same hash for two different downloads?
A collision has occurred.
Your data center has highly critical information. Because of this you want to improve upon physical security. The data center already has a video surveillance system. What else can you add to increase physical security? (Select the two best answers.)
A mantrap Biometrics
Which type of vulnerability assessments software can check for weak passwords on the network?
A password cracker
To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented?
A password should be set on the smartphone.
Your boss wants you to set up an authentication scheme in which employees will use smart cards to log in to the company network. What kind of key should be used to accomplish this?
A private key
Which of the following best describes an IPS?
A system that stops attacks in progress
Imagine that you are an attacker. Which would be most desirable when attempting to compromise encrypted data?
A weak key
Which of the following types of viruses hides its code to mask itself?
Armored virus
Which of these is an example of social engineering?
Asking for a username and password over the phone
Robert needs to access a resource. In the DAC model, what is used to identify him or other users?
ACLs
One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next?
ACLs (access control lists)
When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization?
AES
You are attempting to move data to a USB flash drive. Which of the following enables a rapid and secure connection?
AES-256
Employees are asked to sign a document that describes the methods of accessing a company's servers. Which of the following best describes this document?
Acceptable use policy
In the DAC model, how are permissions identified?
Access control lists
What would you use to control the traffic that is allowed in or out of a network? (Select the best answer.)
Access control lists
You are consulting for a small organization that relies on employees who work from home and on the road. An attacker has compromised the network by denying remote access to the company using a script. Which of the following security controls did the attacker exploit?
Account lockout
What key combination should be used to close a pop-up window?
Alt+F4
In which two environments would social engineering attacks be most effective? (Select the two best answers.)
An organization whose IT personnel have little training Public building with shared office space
You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security device needs to be configured to disable false alarms in the future? (Select the best answer.)
Anomaly-based IDS
You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem?
Anti-spam
Which of the following will allow the triggering of a security alert because of a tracking cookie?
Anti-spyware application
Many third-party programs have security settings disabled by default. What should you as the security administrator do before deploying new software?
Application hardening
Which of the following best describes the proper method and reason to implement port security?
Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network.
Which of the following encryption concepts is PKI based on?
Asymmetric
Which of the following is a record of the tracked actions of users?
Audit trails
One of your co-workers complains to you that he cannot see any security events in the Event Viewer. What are three possible reasons for this? (Select the three best answers.)
Auditing for an individual object has not been turned on. The co-worker is not an administrator. Auditing has not been turned on.
Which of the following is the verification of a person's identity?
Authentication
What two security precautions can best help to protect against wireless network attacks?
Authentication and WPA
Kerberos uses which of the following? (Select the two best answers.)
Authentication service Ticket distribution service
Which of the following is the final step a user needs to take before that user can access domain resources?
Authorization
Which of the following does the A in CIA stand for when it comes to IT security? (select the best answer.)
Availability
Which action should be taken to protect against a complete disaster in the case that a primary company's site is permanently lost?
Back up all data to tape, and store those tapes at a sister site in another city.
Which of the following concepts can ease administration but can be the victim of a malicious attack?
Backdoors
Why should penetration testing only be done during controlled conditions?
Because penetration testing actively tests security controls and can cause system instability.
Which of the following requires a baseline? (Select the two best answers.)
Behavior-based monitoring Anomaly-based monitoring
Before gaining access to the data center, you must swipe your finger on a device. What type of authentication is this?
Biometrics
Of the following, which is not a logical method of access control?
Biometrics
What type of attack sends two different messages using the same hash function, which end up causing a collision?
Birthday attack
A network stream of data needs to be encrypted. Jason, a security administrator, selects a cipher that will encrypt 128 bits at a time before sending the data across the network. Which of the following has Jason chosen?
Block cipher
Which of the following is the unauthorized access of information from a Bluetooth device?
Bluesnarfing
Which of the following are Bluetooth threats? (Select the two best answers.)
Bluesnarfing Bluejacking
A group of compromised computers that have software installed by a worm or Trojan is known as which of the following?
Botnet
Which of the following is not an example of malicious software?
Browser
Which of the following methods can be used by a security administrator to recover a user's forgotten password from a password-protected file?
Brute-force
An attacker takes advantage of a vulnerability in programming that allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated?
Buffer overflow
If a fire occurs in the server room, which device is the best method to put it out?
Class C extinguisher
What is documentation that describes minimum expected behavior known as?
Code of ethics
Your company expects its employees to behave in a certain way. How could a description of this behavior be documented?
Code of ethics
Which of the following is a detective security control?
CCTV
Which authentication method completes the following in order: logon request, encrypts value response, server, challenge, compare encrypted results, and authorize or fail referred to?
CHAP
Which of the following about authentication is false?
CHAPv2 is not capable of mutual authentication of the client and server.
Of the following, which type of fire suppression can prevent damage to computers and servers?
CO2
What should you publish a compromised certificate to?
CRL
You are in charge of PKI certificates. What should you implement so that stolen certificates cannot be used?
CRL
What two items are included in a digital certificate? (Select the two best answers.)
Certificate authority's digital signature The user's public key
You are told by your manager to keep evidence for later use at a court proceeding. Which of the following should you document?
Chain of custody
One of the developers for your company asks you what he should do before making a change to the code of a program's authentication. Which of the following processes should you instruct him to follow?
Change management
Which one of the following can monitor and protect a DNS server?
Check DNS records regularly
Your organization uses a third-party service provider for some of its systems and IT infrastructure. Your IT director wants to implement a governance, risk, and compliance (GRC) system that will oversee the third party and promises to provide overall security posture coverage. Which of the following is the most important activity that should be considered?
Continuous security monitoring
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet?
Cookies
Which of the following is the best practice to implement when securing logs files?
Copy the logs to a remote log server.
Which of the following firewall rules only denies DNS zone transfers?
Deny TCP any any port 53
What kind of security control do computer security audits fall under?
Detective
You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution?
Device encyption
What are two ways to secure a Microsoft-based web browser? (Select the two best answers.)
Disable ActiveX controls. Set the Internet zone's security level to High.
What are the two ways in which you can stop employees from using USB flash drives (select two).
Disable the SB root hub Disable USB devices in the BIOS
You are the security administrator for your company. You have been informed by human resources that one of the employees in accounting has been terminated. What should you do?
Disable the user account
An administrator wants to reduce the size of the attack surface of a Windows Server. Which of the following is the best answer to accomplish this?
Disable unnecessary services
Your organization already has a policy in place that bans flash drives. What other policy could you enact to reduce the possibility of data leakage?
Disallow personal music devices
Your web server that conducts online transactions crashed, so you examine the HTTP logs and see that a search string was executed by a single user masquerading as a customer. The crash happened immediately afterward. What type of network attack occurred?
DoS (Denial of Service)
You go out the back door of your building and notice someone looking through your company's trash. If this person were trying to acquire sensitive information, what would this attack be known as?
Dumpster diving
How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)
Have the user click the padlock in the browser and verify the certificate
Two items are needed before a user can be given access to the network. What are these two items?
Identification and authentication
Which of the following attacks uses a JavaScript image tag in an e-mail?
Cross-site scripting
Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption?
Individual encrypted files will remain encrypted if they are copied to external drives.
What types of technologies are used by external motion detectors? (Select the two best answers.)
Infrared Ultrasonic
Of the following, what is the most common problem associated with UTP cable?
Crosstalk
Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for?
Data confidentiality
What is the most commonly seen security risk of using coaxial cable?
Data that emanates from the core of the cable
Which type of attack uses more than one computer?
DDoS
A person attempts to access a server during a zone transfer to get access to a zone file. What type of server is that person trying to manipulate?
DNS Server
A coworker goes to a website but notices that the browser brings her to a different website and that the URL has changed. What type of attack is this?
DNS poisoning
Which of the following is not a symmetric key algorithm?
ECC
You are tasked with selecting an asymmetric encryption method that allows for the same level of encryption strength, but with a lesser key length than is typically necessary. Which encryption method fulfills your requirement?
ECC
Which of the following should be considered to mitigate data theft when using Cat 6 wiring?
EMI shielding
Which option enables you to hide the bootmgr file?
Enable Hide Protected Operating System Files
A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device? (Select the two best answers.)
Encryption Remote wipe
You scan your network and find a rogue AP with the same SSID used by your network. What type of attack is occurring?
Evil twin
After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?
Examine the services and/or processes that use those ports.
What is the best way to utilize FTP sessions securely?
FTPS
Which of the following is the most secure protocol for transferring files?
FTPS
Which of the following results occurs when a biometric system identifies a legitimate user as unauthorized?
False rejection
What type of cabling is the most secure for networks?
Fiber-optic
Which of the following cable media is the least susceptible to a tap?
Fiber-optic cable
Of the following, which two security measures should be implemented when logging a server? (Select the two best answers.)
Hashing of log files The application of retention policies on log files
Which of the following would fall into the category of "something a person is"?
Fingerprints
Which device's log file will show access control lists and who was allowed access and who wasn't?
Firewall
Which of the following devices should you employ to protect your network? (Select the best answer.)
Firewall
James has detected an intrusion in his company network. What should he check first?
Firewall logs
Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what?
Firewall rules
Which of the following cables suffers from chromatic dispersion if the cable is too long?
Fiver-optic cable
In addition to bribery and forgery, which of the following are the most common techniques that attackers use to socially engineer people? (Select the two best answers.)
Flattery Dumpster diving
Which of the following attacks is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19?
Fraggle
You have implemented a security technique where an automated system generates random input data to test an application. What have you put into practice?
Fuzzing
Which of the following tape backup methods enables daily backups, weekly full backups, and monthly full backups?
Grandfather-father-son
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to source code. What type of test are you running?
Gray-box
You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing?
Gray-box
Your organization's servers and applications are being audited. One of the IT auditors tests an application as an authenticated user. Which of the following testing methods is being used?
Gray-box
When it comes to security policies, what should HR personnel be trained in?
Guidelines and enforcement
Which of the following protocols uses port 443?
HTTPS
Which of the following uses an asymmetric key to open a session, and then establishes a symmetric key for the remainder of the session?
HTTPS
To protect malicious attacks, what should you think like?
Hacker
Which of the following is the least volatile when performing incident response procedures?
Hard drive
Which of the following will provide an integrity check?
Hash
You have implemented a technology that enables you to review logs from computers located on the Internet. The information gathered is used to find out about new malware attacks. What have you implemented?
Honeynet
Of the following, which is a collection of servers that was set up to attract attackers?
Honeypot
You oversee compliance with financial regulations for credit card transactions. You need to block out certain ports on the individual computers that do these transactions. What should you implement to best achieve your goal?
Host-based firewall
Which of the following can facilitate a full recovery within minutes?
Hot site
Which of the following environmental variables reduces the possibility of static discharges (ESD)?
Humidity
You are developing a security plan for your organization. Which of the following is an example of a physical control?
ID card
Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses?
IP Proxy
Which of the following is usually used with L2TP?
IPsec
Virtualization technology is often implemented as operating systems and applications that run in software. Often, it is implemented as a virtual machine. Of the following, which can be a security benefit when using virtualization?
If a virtual machine is compromised, the adverse effects can be compartmentalized.
What is the deadliest risk of a virtual computer?
If the physical server fails, all the virtual computers immediately go offline.
You administer a bulletin board system for a rock and roll band. While reviewing logs for the board, you see one particular IP address posting spam multiple times per day. What is the best way to prevent this type of problem?
Implement CAPTCHA.
You are attempting to establish host-based security for your organization's workstations. Which of the following is the best way to do this?
Implement OS hardening by applying GPOs.
Which of the following is likely to be the last rule contained within the ACLs of a firewall?
Implicit deny
The honeypot concept is enticing to administrators because
It enables them to observe attacks.
Jeff wants to employ a Faraday cage. What will this accomplish?
It will reduce data emanations.
In an attempt to detect fraud and defend against it, your company cross-trains people in each department. What is this an example of?
Job rotation
One of the accounting people is forced to change roles with another accounting person every three months. What is this an example of?
Job rotation
Which of the following would you make use of when performing a qualitative risk analysis?
Judgement
What is the most secure method of authentication and authorization in its default form?
Kerberos
Which of the following authentication systems makes use of a Key Distribution Center?
Kerberos
You are in charge of training a group of technicians on the authentication method their organization uses. The organization currently runs an Active Directory infrastructure. Which of the following best correlates to the host authentication protocol used within that organization's IT environment?
Kerberos
Which of the following concepts does the Diffie-Hellman algorithm rely on?
Key exchange
Which of the following enables an attacker to float a domain registration for a maximum of five days?
Kiting
Which of the following protocols creates an unencrypted tunnel?
L2TP
When using the mandatory access control model, what component is needed?
Labels
What is the most common reason that social engineering succeeds?
Lack of user awareness
Which of the following is a technical control?
Least privilege implementation
Critical equipment should always be able to get power. What is the correct order of devices that your critical equipment should draw power from?
Line conditioner, UPS battery, generator
Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows?
Load balancing
Which of the following uses multiple computers to share work?
Load balancing
What is a malicious attack that executes at the same time every week?
Logic Bomb
A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer?
MAC address
Which of the following is a room or "closet" where wiring and circuits merge, creating a potential attack point?
MDF
Which of the following describes key escrow?
Maintains a secured copy of the user's private key for the purpose of recovering the key if it is lost
Virtualized browsers can protect the OS that they are installed within from which of the following?
Malware installation from Internet websites
Which of the following types of scanners can locate a rootkit on a computer?
Malware scanner
A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following would best describe this level of access control?
Mandatory access control
Of the following access control models, which uses object labels? (Select the best answer.)
Mandatory access control
Which of the following statements regarding the MAC model is true?
Mandatory access control users cannot share resources dynamically.
You need to protect your data center from unauthorized entry at all times. Which is the best type of physical security to implement?
Mantrap
When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this?
Modified hosts file DNS poisoning
To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this?
Multifactor
A DDoS attack can be best defined as what?
Multiple computers attacking a single server
Which of the following devices would detect but not react to suspicious behavior on the network? (Select the most accurate answer.)
NIDS (network intrusion detection system)
Which of the following will detect malicious packets and discard them?
NIPS (network intrusion protection system)
A customer's SD card uses FAT32 as its file system. What file system can you upgrade it to when using the convert command?
NTFS
What is the best (most secure) file system to use in Windows?
NTFS
Which of the following is not an advantage of NTFS over FAT32?
NTFS supports more file formats.
Of the following, what is the worst place to store a backup tape?
Near a power line
In a classified environment, clearance to top secret information that enables access to only certain pieces of information is known as what?
Need to know
Which of the following is a vulnerability assessment tool?
Nessus
Which layer of the OSI model does IPsec operate at?
Network
Where would you turn off file sharing in Windows?
Network and sharing center
You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance?
Network mapper
Which of the following can enable you to find all the open ports on an entire network?
Network scanner
When is a system completely secure?
Never
Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails?
Non-repudiation
Which of the following is not one of the steps of the incident response process?
Non-repudiation
Which of the following has schemas written in XML?
OVAL
Why do attackers often target nonessential services? (Select the two best answers.)
Often they are not configured correctly. They are not monitored as often.
Where are software firewalls usually located?
On clients
Jason is a security administrator for a company of 4000 users. He wants to store 6 months of security logs to a logging server for analysis. The reports are required by upper management due to legal obligations but are not time-critical. When planning for the requirements of the logging server, which of the following should not be implemented?
Performance baseline and audit trails
Which of the following combines the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext?
One-time pad
Which of the following are certificate-based authentication mapping schemes? (Select the two best answers.)
One-to-one mapping Many-to-one mapping
The IT director wants you to use a cryptographic algorithm that cannot be decoded by being reversed. Which of the following would be the best option?
One-way function
What is the best action to take when you conduct a corporate vulnerability assessment?
Organize data based on severity and asset value.
Of the following definitions, which would be an example of eavesdropping?
Overhearing parts of a conversation
Which of the following does not apply to an X.509 certificate?
Owner's symmetric key
Which of the following protocols is not used to create a VPN tunnel and not used to encrypt VPN tunnels?
PPP
A security admin is running a security analysis where information about a target system is gained without engaging or exploiting the system. Which of the following describes this type of analysis? (Select the best answer.)
Passive reconnaissance
Russ is using only documentation to test the security of a system. What type of testing methodology is this known as?
Passive security analysis
Which security measure should be included when implementing access control?
Password complexity requirements
An example of a program that does comparative analysis is what?
Password cracker
Users are required to change their passwords every 30 days. Which policy should be configured?
Password expiration
Your organization has enacted a policy where employees are required to create passwords with at least 15 characters. What type of policy does this define?
Password length
Which of the following should you implement to fix a single security issue on the computer?
Patch
Which of the following is one example of verifying new software changes on a test system?
Patch management
Which of the following would not be considered part of a disaster recovery plan?
Patch management software
Of the following, which is the best way for a person to find out what security holes exist on the network?
Perform a vulnerability assessment.
What tool can alert you if a server's processor trips a certain threshold?
Performance Monitor
You have established a baseline for your server. Which of the following is the best tool to use to monitor any changes to that baseline?
Performance Monitor
John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required for SSL transactions?
Port 443 inbound
Don must configure his firewall to support TACACS+. Which port(s) should he open on the firewall?
Port 49
As you review your firewall log, you see the following information. What type of attack is this? Click here to view code image S=207.50.135.54:53 - D=10.1.1.80:0S=207.50.135.54:53 - D=10.1.1.80:1S=207.50.135.54:53 - D=10.1.1.80:2S=207.50.135.54:53 - D=10.1.1.80:3S=207.50.135.54:53 - D=10.1.1.80:4S=207.50.135.54:53 - D=10.1.1.80:5
Port scanning
How are permissions defined in the mandatory access control model?
Predefined access privileges
Which of the following methods could identify when an unauthorized access has occurred?
Previous logon notification
In a public key infrastructure setup, which of the following should be used to encrypt the signature of an e-mail?
Private key
Which of the following can be described as the act of exploiting a bug or flaw in software to gain access to resources that normally would be protected?
Privilege escalation
You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in?
Promiscuous mode
Many companies send passwords via clear text. Which of the following can view these passwords?
Protocol analyzer
Which of the following can determine which flags are set in a TCP/IP handshake?
Protocol analyzer
Which tool can be instrumental in capturing FTP GET requests?
Protocol analyzer
Which tool would you use if you want to view the contents of a packet?
Protocol analyzer
You suspect a broadcast storm on the LAN. Which tool is required to diagnose which network adapter is causing the storm?
Protocol analyzer
Your boss has asked you to implement a solution that will monitor users and limit their access to external websites. Which of the following is the best solution?
Proxy server
When a user's web browser communicates with a CA, what PKI element does the CA require from the browser?
Public key
You have been asked to set up authentication through PKI, and encryption of a database using a different cryptographic process to decrease latency. What encryption types should you use?
Public key encryption to authenticate users and private keys to encrypt the database
Which method would you use if you were disposing hard drives as part of a company computer sale?
Purging
To show risk from a monetary standpoint, which of the following should risk assessments be based upon?
Quantitative measurement of risk, impact, and asset value
Which of the following is an authentication system that uses UDP as the transport mechanism?
RADIUS
You are tasked with setting up a wireless network that uses 802.1X for authentication. You set up the wireless network using WPA2 and CCMP; however, you don't want to use a PSK for authentication. Which of the following options would support 802.1X authentication?
RADIUS
You have been tasked with increasing the level of server fault tolerance, but you have been given no budget to perform the task. Which of the following should you implement to ensure that servers' data can withstand hardware failure?
RAID
Which of the following RAID versions offers the least amount of performance degradation when a disk in the array fails?
RAID1
WEP improperly uses an encryption protocol and therefore is considered to be insecure. What encryption protocol does it use?
RC4
Which of the following encryption algorithms is used to encrypt and decrypt data?
RC5
Which of the following protocols are you observing in the packet capture below? Click here to view code image 16:42:01 - SRC 192.168.1.5:3389 - DST 10.254.254.57:8080 - SYN/ACK
RDP (:3389)
Which of the following defines a business goal for system restoration and acceptable data loss?
RPO
Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers?
RSA
You are tasked with ensuring that messages being sent and received between two systems are both encrypted and authenticated. Which of the following protocols accomplishes this?
RSA
You have been given the task of scanning for viruses on a PC. What is the best of the following methods?
Recovery environment
Your company has a fiber-optic connection to the Internet. Which of the following can enable your network to remain operational even if the fiber-optic line fails?
Redundant ISP
Your company has six web servers. You are implementing load balancing. What is this an example of?
Redundant servers
A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do?
Remote wipe
Which of the following is the best option if you are trying to monitor network devices?
SNMP
What is a definition of implicit deny?
Resources that are not given access are denied by default.
What is the best way to test the integrity of a company's backed up data?
Restore part of the backup
A company has a high attrition rate. What should you ask the network administrator to do first? (Select the best answer.)
Review user permissions and access control lists.
What should you do to make sure that a compromised PKI key cannot be used again?
Revoke the key
You are implementing a new enterprise database server. After you evaluate the product with various vulnerability scans you determine that the product is not a threat in of itself but it has the potential to introduce new vulnerabilities to your network. Which assessment should you now take into consideration while you continue to evaluate the database server?
Risk assessment
Which of the following is an unauthorized wireless router that allows access to a secure network?
Rogue AP
In an environment where administrators, the accounting department, and the marketing department all have different levels of access, which of the following access control models is being used?
Role-based access control (RBAC)
You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst find hidden processes that are running on the server. Which of the following has most likely been installed on the server?
Rootkit
Which of the following access control methods uses rules to govern whether object access will be allowed? (Select the best answer.)
Rule-based access control
Which of the following access control models would be found in a firewall?
Rule-based access control
Which of the following details one of the primary benefits of using S/MIME?
S/MIME enables users to send both encrypted and digitally signed e-mail messages.
Which of the following protocols allow for the secure transfer of files? (Select the two best answers.)
SCP SFTP
As a network administrator, one of your jobs is to deal with Internet service providers. You want to ensure that a provider guarantees end-to-end traffic performance. What is this known as?
SLA
You have three e-mail servers. What is it called when one server forwards e-mail to another?
SMTP relay
In what way can you gather information from a remote printer?
SNMP
The IT director has asked you to install agents on several client computers and monitor them from a program at a server. What is this known as?
SNMP
You have been tasked with providing daily network usage reports of layer 3 devices without compromising any data during the information gathering process. Which of the following protocols should you select to provide for secure reporting in this scenario?
SNMPv3
Which of these governs the disclosure of financial data?
SOX
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?
SPA
What is a secure way to remotely administer Linux systems?
SSH
Which of the following network protocols sends data between two computers while using a secure channel?
SSH
Which of the following, when removed, can increase the security of a wireless access point?
SSID
The IT director has asked you to set up an authentication model in which users can enter their credentials one time, yet still access multiple server resources. What type of authentication model should you implement?
SSO (single sign-on)
Which of the following misuses the Transmission Control Protocol handshake process?
SYN attack
What is it known as when a web script runs in its own environment and does not interfere with other processes?
Sandbox
Which of the following individuals uses code with little knowledge of how it works?
Script Kiddie
Which of the following should occur first when developing software?
Secure code review
Which of the following log files should show attempts at unauthorized access?
Security
You are setting up auditing on a Windows computer. If set up properly, which log should have entries?
Security log
What does isolation mode on an AP provide?
Segments each wireless user from every other wireless user
Which password management system best provides for a system with a large number of users?
Self-service password reset management system
Your company has 1000 users. Which of the following password management systems will work best for your company?
Self-service password resetting
Which of the following should be done if an audit recording fails?
Send an alert to the administrator.
Which of the following persons is ultimately in charge of deciding how much residual risk there will be?
Senior management
Which layer of the OSI model is where SSL provides encryption?
Session
If a person takes control of a session between a server and a client, it is known as what type of attack?
Session hijacking
Two computers are attempting to communicate with the SSL protocol. Which two types of keys will be used? (Select the two best answers.)
Session key Public key
Which of the following is the most secure type of cabling?
Shielded twisted-pair
A wireless network switch has connectivity issues but only when the air-conditioning system is running. What can be added to fix the problem?
Shielding
You have been ordered to implement a secure shredding system as well as privacy screens. What two attacks is your organization attempting to mitigate?
Shoulder surfing Dumpster diving
Which of following is the most basic form of IDS?
Signature-based
Michael's company has a single web server that is connected to three other distribution servers. What is the greatest risk involved in this scenario?
Single point of failure
Your organization provides employee badges that are encoded with a private encryption key and specific personal information. The encoding is used to provide access to the organization's network. What type of authentication method is being used?
Smart card
Give two examples of hardware devices that can store keys. (Select the two best answers.)
Smart card USB flash drive
Of the following, what two authentication mechanisms require something you physically possess? (Select the two best answers.)
Smart card USB flash drive
What are two examples of common single sign-on authentication configurations? (Select the two best answers.)
Smart card-based Kerberos-based
What devices will not be able to communicate in a Faraday cage? (Select the two best answers.)
Smartphones Tablets
A man pretending to be a data communications repair technician enters your building and states that there is networking trouble and he needs access to the server room. What is this an example of?
Social engineering
User education can help to defend against which of the following? (Select the three best answers.)
Social engineering Dumpster diving Phishing
Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat?
Spam
Which of the following targets specific people?
Spear phishing
One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive--by download of unwanted software occurred. What does the download most likely contain?
Spyware
Which type of encryption technology is used with the BitLocker application?
Symmetric
You need to encrypt and send a large amount of data. Which of the following would be the best option?
Symmetric encryption
Which of the following needs to be backed up on a domain controller to recover Active Directory?
System State
When attempting to grant access to remote users, which protocol uses separate, multiple-challenge responses for each of the authentication, authorization, and audit processes?
TACACS+
Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches?
TACACS+
In a secure environment, which authentication mechanism performs better?
TACACS+ because it encrypts client-server negotiation dialogues.
Of the following, which best describes the difference between RADIUS and TACACS+?
TACACS+ separates authentication, authorization, and auditing capabilities.
Which of the following is an example of a nonessential protocol?
TFTP
You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement?
TPM
You are attempting to prevent unauthorized access to the desktop computers on your network. You decide to have the computers' operating systems lock after 5 minutes of inactivity. What type of security control is this?
Technical
Which of the following would be considered detrimental effects of a virus hoax? (select the two best answers)
Technical support resources are consumed by increased user calls Users are tricked into changing the system configuration
Jason needs to add several users to a group. Which of the following will help him to get the job done faster?
Template
What ensures that a CRL is authentic and has not been modified?
The CRL is digitally signed by the CA.
Which law protects your Social Security number and other pertinent information?
The Gramm-Leach-Bliley Act
Which of the following statements is correct about IPsec authentication headers?
The authentication information is a keyed hash based on all the bytes in the packet.
A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened?
The computer is now part of a botnet
Last week, one of the users in your organization encrypted a file with a private key. This week the user left the organization, and unfortunately the systems administrator deleted the user's account. What are the most probable outcomes of this situation? (Select the two best answers.)
The data can be decrypted using the recovery agent. The data is not recoverable.
Which of the following is a best practice when a mistake is made during a forensic examination?
The examiner should document the mistake and work around the problem.
Your boss wants you to properly log what happens on a database server. What are the most important concepts to think about while you do so? (Select the two best answers.)
The information that will be needed to reconstruct events later The amount of disk space you will require
What does steganography replace in graphic files?
The least significant bit of each byte
In a discretionary access control model, who is in charge of setting permissions to a resource?
The owner of the resource
Michael has just completed monitoring and analyzing a web server. Which of the following indicates that the server might have been compromised?
The web server is showing a drop in CPU speed and hard disk speed.
Which of the following factors should you consider when evaluating assets to a company? (Select the two best answers.)
Their value to the company Their replacement cost
Which of the following is the strongest password?
This1sV#ryS3cure
How do most network-based viruses spread?
Through e-mail
Which of the following is an example of two-factor authentication?
Thumbprint and key card
One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer?
Trojan
Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer?
Trojan
You are using the following backup scheme: A full backup is made every Friday night at 6 p.m., and differential backups are made every other night at 6 p.m. Your database server fails on a Thursday afternoon at 4 p.m. How many tapes will you need to restore the database server?
Two
Which of these is a security component of Windows?
UAC
What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented?
UDP attack
To prevent electrical damage to a computer and its peripherals, the computer should be connected to what?
UPS
What device should be used to ensure that a server does not shut down when there is a power outage?
UPS
Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? (Select the three best answers.)
URL filter Firewall Proxy server
Which of the following will an Internet filtering appliance analyze? (Select the three best answers.)
URLs Content Certificates
Which of the following would most likely be considered for DLP?
USB mass storage device
You have been tasked with protecting an operating system from malicious software. What should you do? (Select the two best answers.)
Update the HIPS signatures. Disable unused services.
A coworker has installed an SMTP server on the company firewall. What security principle does this violate?
Use of a device as it was intended
The fundamental difference between symmetric key systems and asymmetric key systems is that symmetric key systems do which of the following?
Use the same key on each end
You want to mitigate the possibility of privilege creep among your long-term users. What procedure should you employ?
User permission reviews
Which of the following is the most common authentication model?
Username and password
Which of the following best describes a protective countermeasure for SQL injection?
Validating user input within web-based applications
Which of the following are good practices for tracking user identities? (Select the two best answers.)
Video cameras Key card door access systems
Eric wants to install an isolated operating system. What is the best tool to use?
Virtualization
Which of the following is the least secure type of wireless encryption?
WEP 64-bit
Which of the following is the most secure protocol to use when accessing a wireless network?
WPA2
Which of the following is a strategy that targets users based on the common websites that they frequent?
Watering hole
In Windows, which of the following commands will not show the version number?
Wf.msc
A targeted e-mail attack is received by your organization's CFO. What is this an example of?
Whaling
Which of these is a true statement concerning active interception?
When a computer is put between a sender and receiver
Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason?
Worm
Which type of malware does not require a user to execute a program to distribute the software?
Worm
Which of the following defines the difference between a Trojan horse and a worm? (select the best answer)
Worms self-replicate but Trojan horses do not
During an audit of your servers, you have noticed that most servers have large amounts of free disk space and have low memory utilization. Which of the following statements will be correct if you migrate some of the servers to a virtual environment?
You might end up spending more on licensing, but less on hardware and equipment.
Which statement best applies to the term Java applet?
a small application written in the java programming language, or another programming language that compiles to java byrecode, and delivered to users in the form of java bytecode.
The main objective of risk management in an organization is to reduce risk to a level _____________. (Fill in the blank.)
the organization will accept
Which command would display the following output? Click here to view code image Active ConnectionsProto Local Address Foreign Address StateTCP WorkstationA:1395 8.15.228.165:http ESTABLISHED
netstat
