JCCC Cyber Security Fundamentals Chapter Tests (Except Chpt6)

Ace your homework & exams now with Quizwiz!

Which of the following is not a valid cryptographic hash function?

RC4

Which of the following is not a common criteria when authenticating users?

Something you like

Making data appear as if it is coming from somewhere other than its original source is known as what?

Spoofing

What can attackers accomplish using malicious port scanning?

"Fingerprint" of the operating system

Which of the following computer security threats can be updated automatically and remotely? (Select the best answer)

Zombie

You check the application log of your web server and see that someone attempted unsuccessfully to enter the text below into an HTML form field. Which attack was attempted?test; etc/passwd

Command injection

Which of the following methods will best verify that a download from the Internet has not been modified since the manufacturer released it?

Compare the final MD5 hash with the original.

Which of the following would lower the level of password security?

Complex passwords that users cannot change are randomly generated by the administrator.

Which of the following is the greatest risk when it comes to removable storage?

Confidentiality of data

Which of the following deals with the standard load for a server?

Configuration baseline

Which of the following encompasses application patch management?

Configuration management

What are two ways to secure the computer within the BIOS? (Select the two best answers).

Configure a supervisor password Set the hard drive first in the boot order.

You are the security administrator for your organization. You have just identified a malware incident. Of the following, what should be your first response?

Containment

Which of the following is a layer 7 device used to prevent specific types of HTML tags from passing through to the client computer?

Content filter

What is a device doing when it actively monitors data streams for malicious code?

Content inspection

Which of the following techniques enables an already secure organization to assess security vulnerabilities in real time

Continuous monitoring

What is the best definition for ARP?

Resolves ip addresses to MAC addresses

Your manager wants you to implement a type of intrusion detection system (IDS) that can be matched to certain types of traffic patterns. What kind of IDS is this?

Signature based IDS

One of the developers in your organization installs a new application in a test system to test its functionality before implementing into production. Which of the following is most likely affected?

Initial baseline configuration

To code applications in a secure manner, what is the best practice to use?

Input validation

What's the best way to prevent SQL injection attacks on web applications?

Input validation

Which of the following should be implemented to harden an operating system? (Select the two best answers.)

Install Windows Defender. Install the latest updates.

You are the security administrator for a multimedia development company. Users are constantly searching the Internet for media, information, graphics, and so on. You receive complaints from several users about unwanted windows appearing on their displays. What should you do?

Install pop-up blockers

A user receive an e-mail but the e-mail client software says that the digital signature is invalid and the sender of the e-mail cannot be verified. The would-be recipient is concerned about which of the following concepts?

Integrity

When it comes to information security, what is the I in CIA?

Integrity

In information security, what are the three main goals? (Select the three best answers)

Integrity Confidentiality Availability

Carl is the security administrator for a transportation company. Which of the following should he encrypt to protect the data on a smartphone? (Select the two best answers.)

Internal memory Removable memory cards

What does a virtual private network use to connect one remote host to another? (Select the best answer.)

Internet

If your ISP blocks objectionable material, what device would you guess has been implemented?

Internet content filter

What should you configure to improve wireless security?

MAC filtering

Which of the following is used when performing a quantitative risk analysis?

Asset value

Which of the following is used by PGP to encrypt the session key before it is sent?

Symmetric scheme

What is another term for secret key encryption?

Symmetrical

To find out when a computer was shut down, which log file would an administrator use?

System

Rick has a local computer that uses software to generate and store key pairs. What type of PKI implementation is this?

Decentralized

Which of the following requires special handling and policies for data retention and distribution? (Select the two best answers.)

Personal electronic devices PII

Turnstiles, double entry doors, and security guards are all preventative measures for what kind of social engineering?

Piggybacking

Which of the following tools uses ICMP as its main underlying protocol?

Ping scanner

Where is the optimal place to have a proxy server?

In between a private network and a public network

Which of the following might a public key be used to accomplish?

To decrypt the hash of a digital signature

You are a forensics investigator. What is the most important reason for you to verify the integrity of acquired data?

To ensure that the data has not been tampered with

Why would you implement password masking?

To deter shoulder surfing

Why would a security administrator use a vulnerability scanner? (Select the best answer.)

To find open ports on a server

Why would an attacker use steganography?

To hide information

In a wireless network, why is an SSID used?

To identify the network

Which of the following answers are not part of IPsec? (Select the two best answers.)

AES TKIP

Which of the following is a security reason to implement virtualization in your network?

To isolate network services and roles

Which of the following is a concern based on a user taking pictures with a smartphone?

Geotagging

What key combination helps to secure the logon process?

Ctrl+Alt+Del

Your boss asks you to limit the wireless signal of a WAP from going outside the building. What should you do?

Decrease the power levels of the WAP.

Which of the following is the weakest encryption type?

DES

Of the following backup types, which describes the backup of files that have changed since the last full or incremental backup?

Incremental

Which of the following is a common symptom of spyware?

Pop-up windows

Which two options can prevent unauthorized employees from entering a server room? (Select the two best answers.)

Proximity reader Security guard

What is the main purpose of a physical access log?

To show who entered the facility

What is the main reason to frequently view the logs of a DNS server?

To watch for unauthorized zone transfers

Which port number is ultimately used by SCP?

22

For a remote tech to log in to a user's computer in another state, what inbound port must be open on the user's computer?

3389 (if the only available tool is RDP, there are many available)

Which TCP port does LDAP use?

389

You have analyzed what you expect to be malicious code. The results show that JavaScript is being utilized to send random data to a separate service on the same computer. What attack has occurred?

Buffer overflow

Heaps and stacks can be affected by which of the following attacks?

Buffer overflows

A hash algorithm has the capability to avoid the same output from two guessed inputs. What is this known as?

Collision resistance

In an attempt to collect information about a user's activities, which of the following will be used by spyware?

Tracking cookie

From the list of ports, select two that are used for e-mail. (Select the two best answers.

143 110

Which port number does the Domain Name System use?

53

Which port number does the protocol LDAP use when it is secured?

636

Which of the following permits or denies access to resources through the use of ports?

802.1X

Which of the following ports is used by Kerberos by default?

88

Your organization wants to implement a secure e-mail system using the POP3 and SMTP mail protocols. All mail connections need to be secured with SSL. Which of the following ports should you be using? (Select the two best answers.)

995 465

What are some of the drawbacks to using HIDS instead of a NIDS on a server? (Select the two best answers)

A HIDS may use a lot of resources, which can slow server performance. A HIDS cannot detect network attacks

Of the following, which statement correctly describes the difference between a secure cipher and a secure hash?

A cipher can be reversed; a hash cannot.

What does it mean if a hashing algorithm creates the same hash for two different downloads?

A collision has occurred.

Your data center has highly critical information. Because of this you want to improve upon physical security. The data center already has a video surveillance system. What else can you add to increase physical security? (Select the two best answers.)

A mantrap Biometrics

Which type of vulnerability assessments software can check for weak passwords on the network?

A password cracker

To mitigate risks when users access company e-mail with their smartphone, what security policy should be implemented?

A password should be set on the smartphone.

Your boss wants you to set up an authentication scheme in which employees will use smart cards to log in to the company network. What kind of key should be used to accomplish this?

A private key

Which of the following best describes an IPS?

A system that stops attacks in progress

Imagine that you are an attacker. Which would be most desirable when attempting to compromise encrypted data?

A weak key

Which of the following types of viruses hides its code to mask itself?

Armored virus

Which of these is an example of social engineering?

Asking for a username and password over the phone

Robert needs to access a resource. In the DAC model, what is used to identify him or other users?

ACLs

One of the programmers in your organization complains that he can no longer transfer files to the FTP server. You check the network firewall and see that the proper FTP ports are open. What should you check next?

ACLs (access control lists)

When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization?

AES

You are attempting to move data to a USB flash drive. Which of the following enables a rapid and secure connection?

AES-256

Employees are asked to sign a document that describes the methods of accessing a company's servers. Which of the following best describes this document?

Acceptable use policy

In the DAC model, how are permissions identified?

Access control lists

What would you use to control the traffic that is allowed in or out of a network? (Select the best answer.)

Access control lists

You are consulting for a small organization that relies on employees who work from home and on the road. An attacker has compromised the network by denying remote access to the company using a script. Which of the following security controls did the attacker exploit?

Account lockout

What key combination should be used to close a pop-up window?

Alt+F4

In which two environments would social engineering attacks be most effective? (Select the two best answers.)

An organization whose IT personnel have little training Public building with shared office space

You have been alerted to suspicious traffic without a specific signature. Under further investigation, you determine that the alert was a false indicator. Furthermore, the same alert has arrived at your workstation several times. Which security device needs to be configured to disable false alarms in the future? (Select the best answer.)

Anomaly-based IDS

You are the network administrator for a small organization without much in the way of security policies. While analyzing your servers' performance you find various chain messages have been received by the company. Which type of security control should you implement to fix the problem?

Anti-spam

Which of the following will allow the triggering of a security alert because of a tracking cookie?

Anti-spyware application

Many third-party programs have security settings disabled by default. What should you as the security administrator do before deploying new software?

Application hardening

Which of the following best describes the proper method and reason to implement port security?

Apply a security control that ties specific ports to end-device MAC addresses, and prevents additional devices from being connected to the network.

Which of the following encryption concepts is PKI based on?

Asymmetric

Which of the following is a record of the tracked actions of users?

Audit trails

One of your co-workers complains to you that he cannot see any security events in the Event Viewer. What are three possible reasons for this? (Select the three best answers.)

Auditing for an individual object has not been turned on. The co-worker is not an administrator. Auditing has not been turned on.

Which of the following is the verification of a person's identity?

Authentication

What two security precautions can best help to protect against wireless network attacks?

Authentication and WPA

Kerberos uses which of the following? (Select the two best answers.)

Authentication service Ticket distribution service

Which of the following is the final step a user needs to take before that user can access domain resources?

Authorization

Which of the following does the A in CIA stand for when it comes to IT security? (select the best answer.)

Availability

Which action should be taken to protect against a complete disaster in the case that a primary company's site is permanently lost?

Back up all data to tape, and store those tapes at a sister site in another city.

Which of the following concepts can ease administration but can be the victim of a malicious attack?

Backdoors

Why should penetration testing only be done during controlled conditions?

Because penetration testing actively tests security controls and can cause system instability.

Which of the following requires a baseline? (Select the two best answers.)

Behavior-based monitoring Anomaly-based monitoring

Before gaining access to the data center, you must swipe your finger on a device. What type of authentication is this?

Biometrics

Of the following, which is not a logical method of access control?

Biometrics

What type of attack sends two different messages using the same hash function, which end up causing a collision?

Birthday attack

A network stream of data needs to be encrypted. Jason, a security administrator, selects a cipher that will encrypt 128 bits at a time before sending the data across the network. Which of the following has Jason chosen?

Block cipher

Which of the following is the unauthorized access of information from a Bluetooth device?

Bluesnarfing

Which of the following are Bluetooth threats? (Select the two best answers.)

Bluesnarfing Bluejacking

A group of compromised computers that have software installed by a worm or Trojan is known as which of the following?

Botnet

Which of the following is not an example of malicious software?

Browser

Which of the following methods can be used by a security administrator to recover a user's forgotten password from a password-protected file?

Brute-force

An attacker takes advantage of a vulnerability in programming that allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated?

Buffer overflow

If a fire occurs in the server room, which device is the best method to put it out?

Class C extinguisher

What is documentation that describes minimum expected behavior known as?

Code of ethics

Your company expects its employees to behave in a certain way. How could a description of this behavior be documented?

Code of ethics

Which of the following is a detective security control?

CCTV

Which authentication method completes the following in order: logon request, encrypts value response, server, challenge, compare encrypted results, and authorize or fail referred to?

CHAP

Which of the following about authentication is false?

CHAPv2 is not capable of mutual authentication of the client and server.

Of the following, which type of fire suppression can prevent damage to computers and servers?

CO2

What should you publish a compromised certificate to?

CRL

You are in charge of PKI certificates. What should you implement so that stolen certificates cannot be used?

CRL

What two items are included in a digital certificate? (Select the two best answers.)

Certificate authority's digital signature The user's public key

You are told by your manager to keep evidence for later use at a court proceeding. Which of the following should you document?

Chain of custody

One of the developers for your company asks you what he should do before making a change to the code of a program's authentication. Which of the following processes should you instruct him to follow?

Change management

Which one of the following can monitor and protect a DNS server?

Check DNS records regularly

Your organization uses a third-party service provider for some of its systems and IT infrastructure. Your IT director wants to implement a governance, risk, and compliance (GRC) system that will oversee the third party and promises to provide overall security posture coverage. Which of the following is the most important activity that should be considered?

Continuous security monitoring

As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet?

Cookies

Which of the following is the best practice to implement when securing logs files?

Copy the logs to a remote log server.

Which of the following firewall rules only denies DNS zone transfers?

Deny TCP any any port 53

What kind of security control do computer security audits fall under?

Detective

You are the security administrator for your organization. You want to ensure the confidentiality of data on mobile devices. What is the best solution?

Device encyption

What are two ways to secure a Microsoft-based web browser? (Select the two best answers.)

Disable ActiveX controls. Set the Internet zone's security level to High.

What are the two ways in which you can stop employees from using USB flash drives (select two).

Disable the SB root hub Disable USB devices in the BIOS

You are the security administrator for your company. You have been informed by human resources that one of the employees in accounting has been terminated. What should you do?

Disable the user account

An administrator wants to reduce the size of the attack surface of a Windows Server. Which of the following is the best answer to accomplish this?

Disable unnecessary services

Your organization already has a policy in place that bans flash drives. What other policy could you enact to reduce the possibility of data leakage?

Disallow personal music devices

Your web server that conducts online transactions crashed, so you examine the HTTP logs and see that a search string was executed by a single user masquerading as a customer. The crash happened immediately afterward. What type of network attack occurred?

DoS (Denial of Service)

You go out the back door of your building and notice someone looking through your company's trash. If this person were trying to acquire sensitive information, what would this attack be known as?

Dumpster diving

How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)

Have the user click the padlock in the browser and verify the certificate

Two items are needed before a user can be given access to the network. What are these two items?

Identification and authentication

Which of the following attacks uses a JavaScript image tag in an e-mail?

Cross-site scripting

Which of the following is an advantage of implementing individual file encryption on a hard drive that already uses whole disk encryption?

Individual encrypted files will remain encrypted if they are copied to external drives.

What types of technologies are used by external motion detectors? (Select the two best answers.)

Infrared Ultrasonic

Of the following, what is the most common problem associated with UTP cable?

Crosstalk

Cloud environments often reuse the same physical hardware (such as hard drives) for multiple customers. These hard drives are used and reused when customer virtual machines are created and deleted over time. What security concern does this bring up implications for?

Data confidentiality

What is the most commonly seen security risk of using coaxial cable?

Data that emanates from the core of the cable

Which type of attack uses more than one computer?

DDoS

A person attempts to access a server during a zone transfer to get access to a zone file. What type of server is that person trying to manipulate?

DNS Server

A coworker goes to a website but notices that the browser brings her to a different website and that the URL has changed. What type of attack is this?

DNS poisoning

Which of the following is not a symmetric key algorithm?

ECC

You are tasked with selecting an asymmetric encryption method that allows for the same level of encryption strength, but with a lesser key length than is typically necessary. Which encryption method fulfills your requirement?

ECC

Which of the following should be considered to mitigate data theft when using Cat 6 wiring?

EMI shielding

Which option enables you to hide the bootmgr file?

Enable Hide Protected Operating System Files

A smartphone is an easy target for theft. Which of the following are the best methods to protect the confidential data on the device? (Select the two best answers.)

Encryption Remote wipe

You scan your network and find a rogue AP with the same SSID used by your network. What type of attack is occurring?

Evil twin

After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?

Examine the services and/or processes that use those ports.

What is the best way to utilize FTP sessions securely?

FTPS

Which of the following is the most secure protocol for transferring files?

FTPS

Which of the following results occurs when a biometric system identifies a legitimate user as unauthorized?

False rejection

What type of cabling is the most secure for networks?

Fiber-optic

Which of the following cable media is the least susceptible to a tap?

Fiber-optic cable

Of the following, which two security measures should be implemented when logging a server? (Select the two best answers.)

Hashing of log files The application of retention policies on log files

Which of the following would fall into the category of "something a person is"?

Fingerprints

Which device's log file will show access control lists and who was allowed access and who wasn't?

Firewall

Which of the following devices should you employ to protect your network? (Select the best answer.)

Firewall

James has detected an intrusion in his company network. What should he check first?

Firewall logs

Allowing or denying traffic based on ports, protocols, addresses, or direction of data is an example of what?

Firewall rules

Which of the following cables suffers from chromatic dispersion if the cable is too long?

Fiver-optic cable

In addition to bribery and forgery, which of the following are the most common techniques that attackers use to socially engineer people? (Select the two best answers.)

Flattery Dumpster diving

Which of the following attacks is a type of DoS attack that sends large amounts of UDP echoes to ports 7 and 19?

Fraggle

You have implemented a security technique where an automated system generates random input data to test an application. What have you put into practice?

Fuzzing

Which of the following tape backup methods enables daily backups, weekly full backups, and monthly full backups?

Grandfather-father-son

An organization hires you to test an application that you have limited knowledge of. You are given a login to the application but do not have access to source code. What type of test are you running?

Gray-box

You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing?

Gray-box

Your organization's servers and applications are being audited. One of the IT auditors tests an application as an authenticated user. Which of the following testing methods is being used?

Gray-box

When it comes to security policies, what should HR personnel be trained in?

Guidelines and enforcement

Which of the following protocols uses port 443?

HTTPS

Which of the following uses an asymmetric key to open a session, and then establishes a symmetric key for the remainder of the session?

HTTPS

To protect malicious attacks, what should you think like?

Hacker

Which of the following is the least volatile when performing incident response procedures?

Hard drive

Which of the following will provide an integrity check?

Hash

You have implemented a technology that enables you to review logs from computers located on the Internet. The information gathered is used to find out about new malware attacks. What have you implemented?

Honeynet

Of the following, which is a collection of servers that was set up to attract attackers?

Honeypot

You oversee compliance with financial regulations for credit card transactions. You need to block out certain ports on the individual computers that do these transactions. What should you implement to best achieve your goal?

Host-based firewall

Which of the following can facilitate a full recovery within minutes?

Hot site

Which of the following environmental variables reduces the possibility of static discharges (ESD)?

Humidity

You are developing a security plan for your organization. Which of the following is an example of a physical control?

ID card

Which of the following displays a single public IP address to the Internet while hiding a group of internal private IP addresses?

IP Proxy

Which of the following is usually used with L2TP?

IPsec

Virtualization technology is often implemented as operating systems and applications that run in software. Often, it is implemented as a virtual machine. Of the following, which can be a security benefit when using virtualization?

If a virtual machine is compromised, the adverse effects can be compartmentalized.

What is the deadliest risk of a virtual computer?

If the physical server fails, all the virtual computers immediately go offline.

You administer a bulletin board system for a rock and roll band. While reviewing logs for the board, you see one particular IP address posting spam multiple times per day. What is the best way to prevent this type of problem?

Implement CAPTCHA.

You are attempting to establish host-based security for your organization's workstations. Which of the following is the best way to do this?

Implement OS hardening by applying GPOs.

Which of the following is likely to be the last rule contained within the ACLs of a firewall?

Implicit deny

The honeypot concept is enticing to administrators because

It enables them to observe attacks.

Jeff wants to employ a Faraday cage. What will this accomplish?

It will reduce data emanations.

In an attempt to detect fraud and defend against it, your company cross-trains people in each department. What is this an example of?

Job rotation

One of the accounting people is forced to change roles with another accounting person every three months. What is this an example of?

Job rotation

Which of the following would you make use of when performing a qualitative risk analysis?

Judgement

What is the most secure method of authentication and authorization in its default form?

Kerberos

Which of the following authentication systems makes use of a Key Distribution Center?

Kerberos

You are in charge of training a group of technicians on the authentication method their organization uses. The organization currently runs an Active Directory infrastructure. Which of the following best correlates to the host authentication protocol used within that organization's IT environment?

Kerberos

Which of the following concepts does the Diffie-Hellman algorithm rely on?

Key exchange

Which of the following enables an attacker to float a domain registration for a maximum of five days?

Kiting

Which of the following protocols creates an unencrypted tunnel?

L2TP

When using the mandatory access control model, what component is needed?

Labels

What is the most common reason that social engineering succeeds?

Lack of user awareness

Which of the following is a technical control?

Least privilege implementation

Critical equipment should always be able to get power. What is the correct order of devices that your critical equipment should draw power from?

Line conditioner, UPS battery, generator

Which of the following provides for the best application availability and can be easily expanded as an organization's demand grows?

Load balancing

Which of the following uses multiple computers to share work?

Load balancing

What is a malicious attack that executes at the same time every week?

Logic Bomb

A malicious insider is accused of stealing confidential data from your organization. What is the best way to identify the insider's computer?

MAC address

Which of the following is a room or "closet" where wiring and circuits merge, creating a potential attack point?

MDF

Which of the following describes key escrow?

Maintains a secured copy of the user's private key for the purpose of recovering the key if it is lost

Virtualized browsers can protect the OS that they are installed within from which of the following?

Malware installation from Internet websites

Which of the following types of scanners can locate a rootkit on a computer?

Malware scanner

A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following would best describe this level of access control?

Mandatory access control

Of the following access control models, which uses object labels? (Select the best answer.)

Mandatory access control

Which of the following statements regarding the MAC model is true?

Mandatory access control users cannot share resources dynamically.

You need to protect your data center from unauthorized entry at all times. Which is the best type of physical security to implement?

Mantrap

When users in your company attempt to access a particular website, the attempts are redirected to a spoofed website. What are two possible reasons for this?

Modified hosts file DNS poisoning

To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this?

Multifactor

A DDoS attack can be best defined as what?

Multiple computers attacking a single server

Which of the following devices would detect but not react to suspicious behavior on the network? (Select the most accurate answer.)

NIDS (network intrusion detection system)

Which of the following will detect malicious packets and discard them?

NIPS (network intrusion protection system)

A customer's SD card uses FAT32 as its file system. What file system can you upgrade it to when using the convert command?

NTFS

What is the best (most secure) file system to use in Windows?

NTFS

Which of the following is not an advantage of NTFS over FAT32?

NTFS supports more file formats.

Of the following, what is the worst place to store a backup tape?

Near a power line

In a classified environment, clearance to top secret information that enables access to only certain pieces of information is known as what?

Need to know

Which of the following is a vulnerability assessment tool?

Nessus

Which layer of the OSI model does IPsec operate at?

Network

Where would you turn off file sharing in Windows?

Network and sharing center

You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance?

Network mapper

Which of the following can enable you to find all the open ports on an entire network?

Network scanner

When is a system completely secure?

Never

Tom sends out many e-mails containing secure information to other companies. What concept should be implemented to prove that Tom did indeed send the e-mails?

Non-repudiation

Which of the following is not one of the steps of the incident response process?

Non-repudiation

Which of the following has schemas written in XML?

OVAL

Why do attackers often target nonessential services? (Select the two best answers.)

Often they are not configured correctly. They are not monitored as often.

Where are software firewalls usually located?

On clients

Jason is a security administrator for a company of 4000 users. He wants to store 6 months of security logs to a logging server for analysis. The reports are required by upper management due to legal obligations but are not time-critical. When planning for the requirements of the logging server, which of the following should not be implemented?

Performance baseline and audit trails

Which of the following combines the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext?

One-time pad

Which of the following are certificate-based authentication mapping schemes? (Select the two best answers.)

One-to-one mapping Many-to-one mapping

The IT director wants you to use a cryptographic algorithm that cannot be decoded by being reversed. Which of the following would be the best option?

One-way function

What is the best action to take when you conduct a corporate vulnerability assessment?

Organize data based on severity and asset value.

Of the following definitions, which would be an example of eavesdropping?

Overhearing parts of a conversation

Which of the following does not apply to an X.509 certificate?

Owner's symmetric key

Which of the following protocols is not used to create a VPN tunnel and not used to encrypt VPN tunnels?

PPP

A security admin is running a security analysis where information about a target system is gained without engaging or exploiting the system. Which of the following describes this type of analysis? (Select the best answer.)

Passive reconnaissance

Russ is using only documentation to test the security of a system. What type of testing methodology is this known as?

Passive security analysis

Which security measure should be included when implementing access control?

Password complexity requirements

An example of a program that does comparative analysis is what?

Password cracker

Users are required to change their passwords every 30 days. Which policy should be configured?

Password expiration

Your organization has enacted a policy where employees are required to create passwords with at least 15 characters. What type of policy does this define?

Password length

Which of the following should you implement to fix a single security issue on the computer?

Patch

Which of the following is one example of verifying new software changes on a test system?

Patch management

Which of the following would not be considered part of a disaster recovery plan?

Patch management software

Of the following, which is the best way for a person to find out what security holes exist on the network?

Perform a vulnerability assessment.

What tool can alert you if a server's processor trips a certain threshold?

Performance Monitor

You have established a baseline for your server. Which of the following is the best tool to use to monitor any changes to that baseline?

Performance Monitor

John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required for SSL transactions?

Port 443 inbound

Don must configure his firewall to support TACACS+. Which port(s) should he open on the firewall?

Port 49

As you review your firewall log, you see the following information. What type of attack is this? Click here to view code image S=207.50.135.54:53 - D=10.1.1.80:0S=207.50.135.54:53 - D=10.1.1.80:1S=207.50.135.54:53 - D=10.1.1.80:2S=207.50.135.54:53 - D=10.1.1.80:3S=207.50.135.54:53 - D=10.1.1.80:4S=207.50.135.54:53 - D=10.1.1.80:5

Port scanning

How are permissions defined in the mandatory access control model?

Predefined access privileges

Which of the following methods could identify when an unauthorized access has occurred?

Previous logon notification

In a public key infrastructure setup, which of the following should be used to encrypt the signature of an e-mail?

Private key

Which of the following can be described as the act of exploiting a bug or flaw in software to gain access to resources that normally would be protected?

Privilege escalation

You are working on a server and are busy implementing a network intrusion detection system on the network. You need to monitor the network traffic from the server. What mode should you configure the network adapter to work in?

Promiscuous mode

Many companies send passwords via clear text. Which of the following can view these passwords?

Protocol analyzer

Which of the following can determine which flags are set in a TCP/IP handshake?

Protocol analyzer

Which tool can be instrumental in capturing FTP GET requests?

Protocol analyzer

Which tool would you use if you want to view the contents of a packet?

Protocol analyzer

You suspect a broadcast storm on the LAN. Which tool is required to diagnose which network adapter is causing the storm?

Protocol analyzer

Your boss has asked you to implement a solution that will monitor users and limit their access to external websites. Which of the following is the best solution?

Proxy server

When a user's web browser communicates with a CA, what PKI element does the CA require from the browser?

Public key

You have been asked to set up authentication through PKI, and encryption of a database using a different cryptographic process to decrease latency. What encryption types should you use?

Public key encryption to authenticate users and private keys to encrypt the database

Which method would you use if you were disposing hard drives as part of a company computer sale?

Purging

To show risk from a monetary standpoint, which of the following should risk assessments be based upon?

Quantitative measurement of risk, impact, and asset value

Which of the following is an authentication system that uses UDP as the transport mechanism?

RADIUS

You are tasked with setting up a wireless network that uses 802.1X for authentication. You set up the wireless network using WPA2 and CCMP; however, you don't want to use a PSK for authentication. Which of the following options would support 802.1X authentication?

RADIUS

You have been tasked with increasing the level of server fault tolerance, but you have been given no budget to perform the task. Which of the following should you implement to ensure that servers' data can withstand hardware failure?

RAID

Which of the following RAID versions offers the least amount of performance degradation when a disk in the array fails?

RAID1

WEP improperly uses an encryption protocol and therefore is considered to be insecure. What encryption protocol does it use?

RC4

Which of the following encryption algorithms is used to encrypt and decrypt data?

RC5

Which of the following protocols are you observing in the packet capture below? Click here to view code image 16:42:01 - SRC 192.168.1.5:3389 - DST 10.254.254.57:8080 - SYN/ACK

RDP (:3389)

Which of the following defines a business goal for system restoration and acceptable data loss?

RPO

Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers?

RSA

You are tasked with ensuring that messages being sent and received between two systems are both encrypted and authenticated. Which of the following protocols accomplishes this?

RSA

You have been given the task of scanning for viruses on a PC. What is the best of the following methods?

Recovery environment

Your company has a fiber-optic connection to the Internet. Which of the following can enable your network to remain operational even if the fiber-optic line fails?

Redundant ISP

Your company has six web servers. You are implementing load balancing. What is this an example of?

Redundant servers

A smartphone has been lost. You need to ensure 100% that no data can be retrieved from it. What should you do?

Remote wipe

Which of the following is the best option if you are trying to monitor network devices?

SNMP

What is a definition of implicit deny?

Resources that are not given access are denied by default.

What is the best way to test the integrity of a company's backed up data?

Restore part of the backup

A company has a high attrition rate. What should you ask the network administrator to do first? (Select the best answer.)

Review user permissions and access control lists.

What should you do to make sure that a compromised PKI key cannot be used again?

Revoke the key

You are implementing a new enterprise database server. After you evaluate the product with various vulnerability scans you determine that the product is not a threat in of itself but it has the potential to introduce new vulnerabilities to your network. Which assessment should you now take into consideration while you continue to evaluate the database server?

Risk assessment

Which of the following is an unauthorized wireless router that allows access to a secure network?

Rogue AP

In an environment where administrators, the accounting department, and the marketing department all have different levels of access, which of the following access control models is being used?

Role-based access control (RBAC)

You are the security administrator for your organization and have just completed a routine server audit. You did not notice any abnormal activity. However, another network security analyst finds connections to unauthorized ports from outside the organization's network. Using security tools, the analyst find hidden processes that are running on the server. Which of the following has most likely been installed on the server?

Rootkit

Which of the following access control methods uses rules to govern whether object access will be allowed? (Select the best answer.)

Rule-based access control

Which of the following access control models would be found in a firewall?

Rule-based access control

Which of the following details one of the primary benefits of using S/MIME?

S/MIME enables users to send both encrypted and digitally signed e-mail messages.

Which of the following protocols allow for the secure transfer of files? (Select the two best answers.)

SCP SFTP

As a network administrator, one of your jobs is to deal with Internet service providers. You want to ensure that a provider guarantees end-to-end traffic performance. What is this known as?

SLA

You have three e-mail servers. What is it called when one server forwards e-mail to another?

SMTP relay

In what way can you gather information from a remote printer?

SNMP

The IT director has asked you to install agents on several client computers and monitor them from a program at a server. What is this known as?

SNMP

You have been tasked with providing daily network usage reports of layer 3 devices without compromising any data during the information gathering process. Which of the following protocols should you select to provide for secure reporting in this scenario?

SNMPv3

Which of these governs the disclosure of financial data?

SOX

Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP?

SPA

What is a secure way to remotely administer Linux systems?

SSH

Which of the following network protocols sends data between two computers while using a secure channel?

SSH

Which of the following, when removed, can increase the security of a wireless access point?

SSID

The IT director has asked you to set up an authentication model in which users can enter their credentials one time, yet still access multiple server resources. What type of authentication model should you implement?

SSO (single sign-on)

Which of the following misuses the Transmission Control Protocol handshake process?

SYN attack

What is it known as when a web script runs in its own environment and does not interfere with other processes?

Sandbox

Which of the following individuals uses code with little knowledge of how it works?

Script Kiddie

Which of the following should occur first when developing software?

Secure code review

Which of the following log files should show attempts at unauthorized access?

Security

You are setting up auditing on a Windows computer. If set up properly, which log should have entries?

Security log

What does isolation mode on an AP provide?

Segments each wireless user from every other wireless user

Which password management system best provides for a system with a large number of users?

Self-service password reset management system

Your company has 1000 users. Which of the following password management systems will work best for your company?

Self-service password resetting

Which of the following should be done if an audit recording fails?

Send an alert to the administrator.

Which of the following persons is ultimately in charge of deciding how much residual risk there will be?

Senior management

Which layer of the OSI model is where SSL provides encryption?

Session

If a person takes control of a session between a server and a client, it is known as what type of attack?

Session hijacking

Two computers are attempting to communicate with the SSL protocol. Which two types of keys will be used? (Select the two best answers.)

Session key Public key

Which of the following is the most secure type of cabling?

Shielded twisted-pair

A wireless network switch has connectivity issues but only when the air-conditioning system is running. What can be added to fix the problem?

Shielding

You have been ordered to implement a secure shredding system as well as privacy screens. What two attacks is your organization attempting to mitigate?

Shoulder surfing Dumpster diving

Which of following is the most basic form of IDS?

Signature-based

Michael's company has a single web server that is connected to three other distribution servers. What is the greatest risk involved in this scenario?

Single point of failure

Your organization provides employee badges that are encoded with a private encryption key and specific personal information. The encoding is used to provide access to the organization's network. What type of authentication method is being used?

Smart card

Give two examples of hardware devices that can store keys. (Select the two best answers.)

Smart card USB flash drive

Of the following, what two authentication mechanisms require something you physically possess? (Select the two best answers.)

Smart card USB flash drive

What are two examples of common single sign-on authentication configurations? (Select the two best answers.)

Smart card-based Kerberos-based

What devices will not be able to communicate in a Faraday cage? (Select the two best answers.)

Smartphones Tablets

A man pretending to be a data communications repair technician enters your building and states that there is networking trouble and he needs access to the server room. What is this an example of?

Social engineering

User education can help to defend against which of the following? (Select the three best answers.)

Social engineering Dumpster diving Phishing

Whitelisting, blacklisting, and closing open relays are all mitigation techniques addressing what kind of threat?

Spam

Which of the following targets specific people?

Spear phishing

One of your users was not being careful when browsing the Internet. The user was redirected to a warez site where a number of pop-ups appeared. After clicking one pop-up by accident, a drive--by download of unwanted software occurred. What does the download most likely contain?

Spyware

Which type of encryption technology is used with the BitLocker application?

Symmetric

You need to encrypt and send a large amount of data. Which of the following would be the best option?

Symmetric encryption

Which of the following needs to be backed up on a domain controller to recover Active Directory?

System State

When attempting to grant access to remote users, which protocol uses separate, multiple-challenge responses for each of the authentication, authorization, and audit processes?

TACACS+

Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches?

TACACS+

In a secure environment, which authentication mechanism performs better?

TACACS+ because it encrypts client-server negotiation dialogues.

Of the following, which best describes the difference between RADIUS and TACACS+?

TACACS+ separates authentication, authorization, and auditing capabilities.

Which of the following is an example of a nonessential protocol?

TFTP

You are tasked with implementing a solution that encrypts the CEO's laptop. However, you are not allowed to purchase additional hardware or software. Which of the following solutions should you implement?

TPM

You are attempting to prevent unauthorized access to the desktop computers on your network. You decide to have the computers' operating systems lock after 5 minutes of inactivity. What type of security control is this?

Technical

Which of the following would be considered detrimental effects of a virus hoax? (select the two best answers)

Technical support resources are consumed by increased user calls Users are tricked into changing the system configuration

Jason needs to add several users to a group. Which of the following will help him to get the job done faster?

Template

What ensures that a CRL is authentic and has not been modified?

The CRL is digitally signed by the CA.

Which law protects your Social Security number and other pertinent information?

The Gramm-Leach-Bliley Act

Which of the following statements is correct about IPsec authentication headers?

The authentication information is a keyed hash based on all the bytes in the packet.

A user complains that they were browsing the Internet when the computer started acting erratically and crashed. You reboot the computer and notice that performance is very slow. In addition, after running a netstat command you notice literally hundreds of outbound connections to various websites, many of which are well-known sites. Which of the following has happened?

The computer is now part of a botnet

Last week, one of the users in your organization encrypted a file with a private key. This week the user left the organization, and unfortunately the systems administrator deleted the user's account. What are the most probable outcomes of this situation? (Select the two best answers.)

The data can be decrypted using the recovery agent. The data is not recoverable.

Which of the following is a best practice when a mistake is made during a forensic examination?

The examiner should document the mistake and work around the problem.

Your boss wants you to properly log what happens on a database server. What are the most important concepts to think about while you do so? (Select the two best answers.)

The information that will be needed to reconstruct events later The amount of disk space you will require

What does steganography replace in graphic files?

The least significant bit of each byte

In a discretionary access control model, who is in charge of setting permissions to a resource?

The owner of the resource

Michael has just completed monitoring and analyzing a web server. Which of the following indicates that the server might have been compromised?

The web server is showing a drop in CPU speed and hard disk speed.

Which of the following factors should you consider when evaluating assets to a company? (Select the two best answers.)

Their value to the company Their replacement cost

Which of the following is the strongest password?

This1sV#ryS3cure

How do most network-based viruses spread?

Through e-mail

Which of the following is an example of two-factor authentication?

Thumbprint and key card

One of your co-workers complains of very slow system performance and says that a lot of antivirus messages are being displayed. The user admits to recently installing pirated software and downloading and installing an illegal keygen to activate the software. What type of malware has affected the user's computer?

Trojan

Which of the following types of malware appears to the user as legitimate but actually enables unauthorized access to the user's computer?

Trojan

You are using the following backup scheme: A full backup is made every Friday night at 6 p.m., and differential backups are made every other night at 6 p.m. Your database server fails on a Thursday afternoon at 4 p.m. How many tapes will you need to restore the database server?

Two

Which of these is a security component of Windows?

UAC

What kind of attack is it when the packets sent do not require a synchronization process and are not connection-oriented?

UDP attack

To prevent electrical damage to a computer and its peripherals, the computer should be connected to what?

UPS

What device should be used to ensure that a server does not shut down when there is a power outage?

UPS

Which of the following should a security administrator implement to limit web-based traffic that is based on the country of origin? (Select the three best answers.)

URL filter Firewall Proxy server

Which of the following will an Internet filtering appliance analyze? (Select the three best answers.)

URLs Content Certificates

Which of the following would most likely be considered for DLP?

USB mass storage device

You have been tasked with protecting an operating system from malicious software. What should you do? (Select the two best answers.)

Update the HIPS signatures. Disable unused services.

A coworker has installed an SMTP server on the company firewall. What security principle does this violate?

Use of a device as it was intended

The fundamental difference between symmetric key systems and asymmetric key systems is that symmetric key systems do which of the following?

Use the same key on each end

You want to mitigate the possibility of privilege creep among your long-term users. What procedure should you employ?

User permission reviews

Which of the following is the most common authentication model?

Username and password

Which of the following best describes a protective countermeasure for SQL injection?

Validating user input within web-based applications

Which of the following are good practices for tracking user identities? (Select the two best answers.)

Video cameras Key card door access systems

Eric wants to install an isolated operating system. What is the best tool to use?

Virtualization

Which of the following is the least secure type of wireless encryption?

WEP 64-bit

Which of the following is the most secure protocol to use when accessing a wireless network?

WPA2

Which of the following is a strategy that targets users based on the common websites that they frequent?

Watering hole

In Windows, which of the following commands will not show the version number?

Wf.msc

A targeted e-mail attack is received by your organization's CFO. What is this an example of?

Whaling

Which of these is a true statement concerning active interception?

When a computer is put between a sender and receiver

Dan is a network administrator. One day he notices that his DHCP server is flooded with information. He analyzes it and finds that the information is coming from more than 50 computers on the network. Which of the following is the most likely reason?

Worm

Which type of malware does not require a user to execute a program to distribute the software?

Worm

Which of the following defines the difference between a Trojan horse and a worm? (select the best answer)

Worms self-replicate but Trojan horses do not

During an audit of your servers, you have noticed that most servers have large amounts of free disk space and have low memory utilization. Which of the following statements will be correct if you migrate some of the servers to a virtual environment?

You might end up spending more on licensing, but less on hardware and equipment.

Which statement best applies to the term Java applet?

a small application written in the java programming language, or another programming language that compiles to java byrecode, and delivered to users in the form of java bytecode.

The main objective of risk management in an organization is to reduce risk to a level _____________. (Fill in the blank.)

the organization will accept

Which command would display the following output? Click here to view code image Active ConnectionsProto Local Address Foreign Address StateTCP WorkstationA:1395 8.15.228.165:http ESTABLISHED

netstat


Related study sets

Data Architecture Practice Exam 1

View Set

PEDS immunizations, lead poisoning

View Set

Chapter 6 - Personal Risk Management

View Set