Security Plus 601

Ace your homework & exams now with Quizwiz!

What does the acronym MTTR denote?

mean time to repair

Which type of IDS detects malicious packets on a network?

network intrusion detection system (NIDS)

According to CompTIA's Security+ examination blueprint, what are the seven listed methods for protecting static environments?

network segmentation, security layers, application firewalls, manual updates, firmware version control, wrappers, and control redundancy and diversity

Which technique is used to prevent network bridging?

network separation

What does the acronym NIDS denote?

network-based intrusion detection system

You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use?

nmap

Which command should you use to scan for open TCP ports on your Linux system? (Tip: Enter the command as if at the command prompt.)

nmap -sT

Are instant messages typically encrypted?

no

Is a DHCP server normally placed inside a DMZ?

no

Would a certification authority (CA) revoke a certificate if the certificate owner's public key were exposed?

no

What is the main difference between virtualization and cloud computing?

the location and ownership of the physical components

What is the definition of maximum tolerable downtime (MTD)?

the maximum amount of time a business can tolerate a system remaining non-functional

What is a baseline?

the minimum level of security and performance of a system in an organization

What does the subject field in an X.509 v3 certificate contain?

the name of the certificate owner

Is the RC2 algorithm symmetric or asymmetric?

symmetric

Is the Skipjack algorithm symmetric or asymmetric?

symmetric

Which term refers to voice communication over a network?

telephony or Voice over IP (VoIP)

Which information do routers use to forward packets to their destinations?

the network address and subnet mask

What portion(s) of the IP packet are encrypted in IPSec transport mode?

the payload

What is the purpose of load balancing?

to distribute the workload across multiple devices

What is the purpose of audit logs?

to document actions taken on a computer network and the party responsible for those actions

Why should you periodically test an alternate site?

to ensure continued compatibility and recoverability

What is the purpose of BitLocker To Go?

to ensure that USB flash drives issued by your organization are protected by encryption

What is the purpose of input validation?

to ensure that data being entered into a database follows certain parameters

According to CompTIA, why should you disable the SSID broadcast of your wireless router?

to improve your network's security

What is the primary goal of business continuity planning?

to maintain the organization

What is the primary purpose of Tripwire?

to monitor the baseline configuration of a system and the changes made to it

What is the purpose of a mantrap?

to prevent people from piggybacking on the credentials of legitimate personnel to gain entry to your building

Why is it important to limit the use of flash drives and portable music devices by organization employees?

to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers

Why should you install a software firewall and the latest software patches and hotfixes on your computer?

to reduce security risks

What is the purpose of technical controls?

to restrict access to objects and protect availability, confidentiality, and integrity

Using role-based access control (RBAC), which entities are assigned roles?

users or subjects

Would a certification authority (CA) revoke a certificate if the certificate owner's private key were exposed?

yes

Which term is used to describe a product that provides network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting?

unified threat management (UTM)

In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

A strong password policy

Instant messaging does *not* provide which of the following?

>>Privacy Ease of file transfers Real-time communication Indication of when you are online

An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?

>>Privilege escalation Replay Impersonation Social engineering

You want to identify traffic that is generated and sent through the network by a specific application running on a device. Which tool should you use?

>>Protocol analyzer Multimeter TDR Certifier Toner probe

Which of the following are differences between RADIUS and TACACS+?

>>RADIUS combines authentication and authorization into a single function, TACACS+ allows these services to be split between different servers RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password RADIUS uses TCP; TACACS+ uses UDP RADIUS supports more protocols than TACACS+

What type of attack is most likely to succeed against communications between Instant Messaging clients?

>>Sniffing Denial of Service DNS poisoning Brute force password attack

Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?

>>Software-defines netowrking Load balancing software Control later networking Infrastructure software networking

Select the recovery term for the definition listed below: -Measures the average time to failure of a system or component. A.)MTTF B.)MTD C.)MTTR D.)MTBF

A

Telnet is inherently insecure because its communications is in plaintext and easily intercepted. Which of the following is an acceptable alternative to Telnet? A.)SSH B.)SHTTP C.)Remote Desktop D.)SLIP

A

The government and military use the following information classification system: *Unclassified *Sensitive but unclassified *Confidential *Secret *Top secret Choose the classification for the description listed below: -The lowest level of classified information used by the military. Release of this information could cause damage to military efforts. A.)Confidential B.)Top secret C.)Unclassified D.)Sensitive but unclassified E.)Secret

A

The success of asymmetric encryption is dependent upon which of the following? A.)The secrecy of the key B.)The secrecy of the algorithm C.)The complexity of the cipher text D.)The integrity of the individuals who created the cryptosystem

A

To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where? A.)Identifying data and a certification request to the registration authority (RA) B.)Identifying data with the MAC and IP addresses to the root certificate authority (CA) C.)Identifying data and a secret key request to the subordinate distribution authority (DA) D.)Identifying data with the 3DES block cipher to the hosting certificate authority (CA)

A

What is a PKI? A.)A hierarchy of computers for issuing certificates. B.)A protocol that defines secure key exchange. C.)An algorithm for encrypting and decrypting data. D.)A program that generates key pairs.

A

Which of the following is the weakest symmetric encryption method? A.)DES B.)TwoFish C.)3DES D.)AES E.)Blowfish

A

Which version of the Rivest cipher is a block cipher that supports variable bit length keys and variable bit block sizes? A.)RC5 B.)RC4 C.)RSA D.)RC2

A

*LDAP operates over what TCP ports?*

*636 and 389* LDAP operates over TCP ports 636 and 389. POP3 and SMTP operate over TCP ports 110 and 25, respectively. TLS operates over TCP ports 443 and 80 (SSL operates only over TCP port 443; HTTP operates over TCP port 80). FTP operates over TCP ports 20 and 21.

Measuring and Weighing Risk *Which of the following policy statements should address who is responsible for ensuring that it is enforced?*

*Accountability* The accountability policy statement should address who is responsible for ensuring that it is enforced.

*Which of the following is a description of a key-stretching technique?*

*Adding iterative computations that increase the effort involved in creating the improved result* Often, key stretching involves adding iterative computations that increase the effort involved in creating the improved key result, usually by several orders of magnitude. Salting input before hashing is a means to increase password security against brute-force attacks. Generating a random number and then using a trapdoor one-way function to derive a related key is the process of creating an asymmetric key pair set. Using a challenge-response dialogue is the basis of CHAP authentication.

*Kerberos is used to perform what security service?*

*Authentication protection* Kerberos is a third-party authentication service; thus it provides authentication protection. Kerberos can't be used to encrypt files, secure non-authentication communications, or protect data transfer.

Cryptography Implementation *A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing:*

*Certificates* A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a third-party security consultant to review your organization's security measures. She has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you provide employees with access badges and implement access badge readers to prevent this from happening in the future. Click on the office locations where access badge readers would be most appropriate.

*Click on lobby entrance & networking closet*

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a third-party security consultant to review your organization's security measures. She has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement mantraps to prevent this from happening in the future. Click on the office location where a mantrap would be most appropriate.

*Click on lobby entrance*

Cryptography Implementation *The process of requiring interoperability is called:*

*Cross certification* The process of requiring interoperability is called cross certification.

*A network-based IDS is not suitable for detecting or protecting against which of the following?* a. Email spoofing b. Denial-of-service attacks c. Attacks against the network d. Attacks against an environment that produces significant traffic

*Email spoofing* Network-based IDSs aren't suitable for protecting against email spoofing.

Cryptography Implementation *Which of the following refers to the ability to manage individual resources in the CA network?*

*Granularity* Granularity refers to the ability to manage individual resources in the CA network.

Infrastructure and Connectivity *A socket is a combination of which components?*

*IP and port number* A socket is a combination of IP address and port number. The socket identifies which application will respond to the network request.

Infrastructure and Connectivity *IPv6, in addition to having more bits allocated for each host address, also has mandatory requirements built in for which security protocol?*

*IPSec* The implementation of IPSec is mandatory with IPv6. While it is widely implemented with IPv4, it is not a requirement.

Cryptography Implementation *A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and ______ of the CA.*

*Implement policies* A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and implement policies of the CA.

*When should a key or certificate be renewed?*

*Just before it expires* Keys and certificates should be renewed just before they expire. All the other choices are incorrect.

*Digital signatures can be created using all but which of the following?*

*Key escrow* Key escrow isn't used in digital signatures, but it's a fault-tolerance feature of certificate and key management. Asymmetric and symmetric cryptography along with hashing are used in digital signatures.

Cryptography Implementation *The primary difference between an RA and _____ is that the latter can be used to identify or establish the identity of an individual.*

*LRA* The primary difference between an RA and LRA is that the LRA can be used to identify or establish the identity of an individual.

*In a MAC environment, when a user has clearance for assets but is still unable to access those assets, what other security feature is in force?*

*Need to know* Need to know is the MAC environment's granular access-control method. The principle of least privilege is the DAC environment's concept of granular access control. Privacy and SLAs aren't forms of access control.

Infrastructure and Connectivity *What protocol, running on top of TCP/IP, is often used for name registration and resolution with Windows-based clients?*

*NetBIOS* NetBIOS is used for name resolution and registration in Windows-based environments. It runs on top of TCP/IP.

*Which is the strongest form of password?*

*One-time use* A one-time password is always the strongest form of password. A static password is always the weakest form of password. Passwords with more than eight characters and those that use different types of keyboard characters are usually strong, but these factors alone are unable to indicate their strength.

Infrastructure and Connectivity *Most of the sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a dial-up connection. Which of the following protocols is widely used today as a transport protocol for Internet dial-up connections?*

*PPP* PPP can pass multiple protocols and is widely used today as a transport protocol for dial-up connections.

Infrastructure and Connectivity *Which protocol is unsuitable for WAN VPN connections?*

*PPP* PPP provides no security, and all activities are unsecure. PPP is primarily intended for dial-up connections and should never be used for VPN connections.

Cryptography Implementation *In a bridge trust model, a ______ to ______ relationship exists between the root CAs.*

*Peer, peer* In a bridge trust model, a peer-to-peer relationship exists between the root CAs.

Infrastructure and Connectivity *Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?*

*Prevents unauthorized packets from entering the network* Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic.

*Certificates have what single purpose?*

*Proving identity* Certificates have the single purpose of proving identity. They don't prove quality or provide encryption security, and they aren't used to exchange encryption keys.

*Which of the following technologies can be used to add an additional layer of protection between a directory services-based network and remote clients?*

*RADIUS* RADIUS is a centralized authentication solution that adds an additional layer of security between a network and remote clients. SMTP is the email-forwarding protocol used on the Internet and intranets. PGP is a security solution for email. VLANs are created by switches to logically divide a network into subnets.

*What method of access control is best suited for environments with a high rate of employee turnover?*

*RBAC* Role-based access control (RBAC) is best suited for environments with a high rate of employee turnover because access is defined against static job descriptions rather than transitive user accounts (DAC and ACL) or assigned clearances (MAC).

Measuring and Weighing Risk *Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to accept?*

*Risk acceptance* Risk acceptance necessitates an identified risk that those involved understand the potential cost/damage and agree to accept.

Measuring and Weighing Risk *Which of the following strategies involves identifying a risk and making the decision to no longer engage in the action?*

*Risk avoidance* Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk.

Measuring and Weighing Risk *Which of the following strategies involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you?*

*Risk deterrence* Risk deterrence involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you.

Measuring and Weighing Risk *Which of the following strategies is accomplished anytime you take steps to reduce the risk?*

*Risk mitigation* Risk mitigation is accomplished anytime you take steps to reduce the risk.

Infrastructure and Connectivity *Which device stores information about destinations in a network?*

*Router* Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router.

*What mechanism is used to support the exchange of authentication and authorization details between systems, services, and devices?*

*SAML* SAML is an open standard data format based on XML for the purpose of supporting the exchange of authentication and authorization details between systems, services, and devices. A biometric is an authentication factor, not a means of exchanging authentication information. Two-factor authentication is the use of two authentication factors. LDAP is a protocol used by directory services, not directly related to authentication.

Infrastructure and Connectivity *Which of the following services use only TCP ports and not UDP? (Choose all that apply.)*

*SFTP* SFTP uses only TCP ports. IMAP, LDAP, and FTPS all use both TCP and UDP ports.

Infrastructure and Connectivity *Which service(s), by default, use TCP and UDP port 22? (Choose all that apply.)*

*SSH* *SCP* Port 22 is used by both SSH and SCP with TCP and UDP.

*In order to ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?*

*Screen lock the system overnight.* An attack can steal the encryption key from memory, so systems with whole-drive encryption that are only screen-locked are vulnerable. Requiring a boot password, locking the system, and powering down ensure the protection of whole drive encryption.

Measuring and Weighing Risk *Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization?* a. Separation of duties b. Acceptable use c. Least privilege d. Physical access control

*Separation of duties* The separation of duties policies are designed to reduce the risk of fraud and prevent other losses in an organization.

*Federation is a means to accomplish _____.*

*Single sign-on* Federation or federated identity is a means of linking a subject's accounts from several sites, services, or entities in a single account. Thus it is a means to accomplish single sign-on. Accountability logging is used to relate digital activities to humans. ACL verification is a means to verify that correct permissions are assigned to subjects. Trusted OS hardening is the removal of unneeded components and securing the remaining elements.

*Which of the following is an example of a Type 2 authentication factor?*

*Something you have, such as a smart card, an ATM card, a token device, or a memory card* A Type 2 authentication factor is something you have. This could be a smart card, an ATM card, a token device, or a memory card.

Infrastructure and Connectivity *As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency?*

*Switch* Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used.

Cryptography Implementation *A hierarchical trust model is also known as a:*

*Tree* A hierarchical trust model is also known as a tree.

*Which of the following symmetric-encryption algorithms offers the strength of 168-bit keys?*

*Triple DES* Triple DES (3DES) offers the strength of 168-bit keys. The Data Encryption Standard (DES) offers the strength of 56-bit keys. The Advanced Encryption Standard (AES) offers the strength of 128-, 192-, or 256-bit keys. The International Data Encryption Algorithm (IDEA) offers the strength of 128-bit keys.

*Which security stance will be most successful at preventing malicious software execution?*

*Whitelisting* Whitelisting is a security option that prohibits unauthorized software from being able to execute. Whitelisting is also known as deny by default or implicit deny. Blacklisting, also known as deny by exception or allow by default, is the least successful means of preventing malware execution.

Cryptography Implementation *The most popular certificate used is version 3 of:*

*X.509* The most popular certificate used is version 3 of X.509.

What is the recommended humidity level for server rooms? O 10% or lower O 30% O 50% O 70% or higher

50%

You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions? O 500 resolution, 50mm, .05 LUX O 500 resolution, 50mm, 2 LUX O 400 resolution, 10mm, 2 LUX O 400 resolution, 10mm, .05 LUX

500 resolution, 50mm, .05 LUX

What is the key size, in bits, of the Data Encryption Standard (DES)?

56

How many TCP/UDP ports are vulnerable to malicious attacks?

65,536

You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Choose two)

>>Change default account passwords implement separation of duties Conduct privilege escalation >>Apply all patches and updates Remove any backdoors

What is the purpose of a bollard?

A bollard is a physical security control that prevents cars from accessing certain areas. They are most often deployed in front of retail storefronts.

Which of the following best describes Active Directory?

A centralized database that contains user account and security information.

Which of the following are disadvantages to server virtualization?

A compromised host system might affect multiple servers

Which of the following are disadvantages of server virtualization?

A failure in one hardware component could affect multiple servers.

Which of the following describes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server.

What is a cookie?

A file saved on your hard drive that tracks website preferences and use.

Which backup method backs up every file on the server each time it is run?

A full backup

Which of the following is the best definition of the term hacker? O A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention. O Any individual whose attacks are politically motivated. O The most organized, well-funded, and dangerous type of threat actor. O A threat actor whose main goal is financial gain. O A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.

A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.

Users in the Sales department perform many of their daily tasks, such as emailing and creating sales presentations, on personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information on the organization's network. Your job is to implement a solution that can insiders from accessing sensitive information on personal devices. Which of the following should you implement?

A guest wireless network that is isolated from your organization's production network

Which of the following describes a configuration baseline?

A list of common security settings that a group or all devices share

Which of the following is an example of a vulnerability? O Unauthorized access to confidential resources O A misconfigured server O Virus infection O Denial of servÄce attack

A misconfigured server

What is the primary purpose of penetration testing?

Assess the skill level of new IT security staff Infiltrate a competitor's network >>Test the effectiveness of your security perimeter Evaluate newly deployed firewalls

Which encryption method is more scalable?

Asymmetric Encryption

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on attributes of the subject?

Attribute-Based Access Control (ABAC)

Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activities?

Audit trail

A recreation of historical events is made possible through?

Audit trails

Even if you perform regular backups, what must be done to ensure that you are protected against data loss? A.)Restrict restoration privileges to system administrator B.)Regularly test restoration procedures C.)Store the backup media in an onsite fireproof vault D.)Write-protect all backup media

B

How many keys are used with Public Key cryptography? A.)One B.)Two C.)Three D.)Four

B

How many keys are used with asymmetric (public key) cryptography? A.)One B.)Two C.)Three D.)Four

B

If a message sender encrypts a message with a key and a message receiver decrypts it using the same key, which type of key exchange is taking place? A.)Counter mode B.)Symmetric C.)Asymmetric D.)Digital signature

B

Which action is taken when the private key associated with a digital certificate becomes compromised? A.)All certificates are revoked from parties known to posses the matching public key. B.)The certificate is revoked and added to the Certificate Revocation List. C.)The RA requests a reissued digital signature based on the existing private key. D.)The CA retracts all previously issued copies of the certificate.

B

Which backup strategy backs up only files that have the archive bit set, but does not mark them as having been backed up? A.)Incremental B.)Differential C.)Full D.)Normal

B

Which of the following DLP implementations can be used to monitor and control access to the physical devices on workstations or servers? A.)Network DLP B.)Endpoint DLP C.)File-level DLP D.)Cloud DLP

B

What is the main difference between an IDS and an IPS?

An IDS detects intrusions. An IPS prevents intrusions.

Which of the following forms of cryptography is best implemented in hardware? A.)Symmetric block B.)Symmetric stream C.)Asymmetric D.)Public key

B

Which of the following functions are performed by the TPM? A.)Provide authentication credentials B.)Create a hash of system components C.)Encrypt network data using IPSec D.)Perform bulk encryption

B

Which of the following government acts protests medical records and personal health information? A.)FACTA B.)HIPAA C.)FISMA D.)ACA

B

Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization? A.)Data hashing B.)Data loss prevention C.)Public key cryptography D.)Data transmission security

B

Which of the following protocols uses port 443? A.)SSH B.)HTTPS C.)S/MIME D.)S-HTTP

B

You have a computer with three hard disk. *A RAID 0 volume uses space on Disk 1 and Disk 2. *A RAID 1 volume uses space on Disk 2 and Disk 3. Disk 2 fails. Which of the following is true? A.)Data on the RAID 0 volume is accessible; data on RAID 1 volume is not. B.)Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not. C.)Data on both volumes is not accessible. D.)Data on both volumes is still accessible.

B

You have a web server on your network that hosts the public websites for your company. You want to make sure that the website will continue to be available even if a NIC, hard drive, or other problem prevents the server from responding. Which solution should you implement? A.)NIC teaming B.)Load balancing C.)Traffic shaping D.)QoS

B

You manage a website for your company. The website uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has single network connection and a single point of failure? A.)Power supply B.)Website storage C.)Network adapter D.)Web server

B

You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose? A.)VPN B.)BitLocker C.)IPsec D.)EFS

B

You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do? A.)Save the startup key to the boot partition B.)Enable the TPM in the BIOS C.)Disable USB devices D.)Use a PIN instead of a startup key

B

Which of the following is an important aspect of evidence gathering? O Monitoring user access to compromised systems O Restoring damaged data from backup media O Backing up all log files and audit trails O Purging transaction logs

Backing up all log files and audit trails

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?

Bastion or sacrificial host

When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate? O Active sector cloning O Bit-level cloning O Drive mirroring O File by-file copying

Bit-level cloning

What is the component included with Windows Vista and higher operating systems that encrypts an entire volume with 128-bit encryption to prevent information from being read if the drive is lost or stolen?

BitLocker

What is the primary concern of the BIA?

Business impact analysis (BIA) identifies all business resources that could be lost

Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?

Buffer overflow

Network-based intrusion detection is most suited to detect and prevent which types of attacks?

Buffer overflow exploitation of software >>Bandwidth-based denial of service Brute force password attack Application implementation flaw

Upon which report does the business continuity plan depend most?

Business Impact Analysis (BIA)

In business continuity planning, what is the primary focus of the scope? ● Company assets ● Human life and safety ● Recovery time objective ● Business processes

Business Processes

Select the recovery term for the definition listed below: -Identifies the average amount of time necessary to repair a failed component or to restore operations. A.)MTTF B.)MTD C.)MTTR D.)MTBF

C

What does a differential backup do during the backup? A.)Backs up all files with the archive bit set and resets the archive bit. B.)Backs up all files regardless of the archive bit and resets the archive bit. C.)Backs up all files with the archive bit set and does not reset the archive bit. D.)Backs up all file regardless of the archive bit and does not reset the archive bit.

C

Which of the following best describes high amplification when applied to hashing algorithms? A.)Reversing the hashing function does not recover the original message. B.)Dissimilar messages frequently result in the same hash value C.)A small change in the message results in a big change in the hash value. D.)Hashes produced by two different parties using the same algorithm result in the same hash value.

C

Which of the following can be classified as a stream cipher? A.)AES B.)Twofish C.)RC4 D.)Blowfish

C

Which of the following encryption mechanisms offers the least security because of weak keys? A.)TwoFish B.)AES C.)DES D.)IDEA

C

Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data line present? A.)Reciprocal agreement B.)Hot site C.)Cold site D.)Warm site

C

Which of the following is an example of a statistical attack against a cryptosystem? A.)Exploiting faulty implementation of an algorithm in software B.)Attempting every possible key pattern C.)Exploiting a computer's inability to produce random numbers D.)Intercepting messages between two communication partners and modifying the content

C

Which of the following is used in conjunction with a local security authority to generate the private and public key pair used in asymmetric cryptography? A.)CA B.)OCSP C.)CSP D.)CPS E.)CRL

C

You manage your company's website. The Web1 server hosts the website. This server has the following configuration: *Dual core processor *Dual power supplies *RAID 5 volume *One RAID controller *TWO 1000 Mbps network adapters Which component is a single point of failure for the website? A.)Disk storage B.)Power supply C.)Disk controller D.)Network adapter

C

Which of the following are true of Triple DES (3DES)? (Select two.) A.)Using 64-bit blocks with 128-bit keys B.)Uses the Rijndael block cipher C.)Is used in IPsec D.)Uses a 168-bit key E.)Can easily be broken

C and D

Which of the following is *not* true?

Cloud computing requires end-user knowledge of the physical location and configuration of the system that delivers the services.

In the VLAN config shown in the diagram above, workstations in VLAN1 are *not* able to communicate with workstationd in VLAN2, even though they are connected to the same Physical switch. Which of the following can you use to allow workstations in VLAN1 to communicate with the workstations in VLAN2?

Configure all the workstations to be members of both VLANs. >>Use a Layer 3 switch to route packets between VLAN1 and VLAN2. Configure all the ports on the switch to be members of both VLANs. Configure port fa0/2 to also be a member of VLAN2 and port fa0/4 to also be a member of VLAN1. >>Use a router to route packets between VLAN1 and VLAN2

Which of the following is not a valid concept to associate with integrity? O Prevent the unauthorized change of data O Protect your environment so it maintains the highest source of truth O Control access to resources to prevent unwanted access O Ensure that your systems record the real information when collecting data

Control access to resources to prevent unwanted access

Which of the following is a text file provided by a website to a client that is stored on a user's hard drive in order to track and record information about the user?

Cookie

Use of which of the following is a possible violation of privacy?

Cookies

Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sublayer for security? A.)SSH B.)SMTP C.)DNS D.)HTTPS

D

Which form of asymmetric cryptography upon Diffie-Hellman? A.)ECC B.)RSA C.)Merkle-Hellman Knapsack D.)El Gamal

D

Which of the following conditions does not result in a certificates being added to the certificate revocation list? A.)Private key compromise B.)Invalid identity credentials C.)Committing a crime using the certificate D.)Certificate expiration

D

Which of the following data destruction techniques uses a punch press or hammer system to crush a hard disk? A.)Pulping B.)Shredding C.)Degaussing D.)Pulverizing E.)Purging

D

Which of the following is NOT a feature of the cloud storage model of data storage? A.)Highly fault tolerant through redundancy and distribution of data. B.)Highly durable through the creation of versioned copies. C.)Made up of many distributed resources that act as one federated or a cooperative storage cloud architecture. D.)Provides access control to the file system stored in the cloud.

D

Which of the following is a mathematical attack that targets the complexity of a cryptosystem's algorithm? A.)Replay attack B.)Brute force attack C.)Birthday attack D.)Analytic attack

D

Which of the following password attacks adds appendages to known dictionary words? A.)Brute force B.)Analytic C.)Dictionary D.)Hybrid

D

Which of the following statements is true when comparing symmetric and asymmetric cryptography? A.)Asymmetric key cryptography is quicker than symmetric key cryptography while processing large amounts of data. B.)Symmetric key cryptography uses a public and private key pair. C.)Symmetric key cryptography should be used for large, expanding environments. D.)Asymmetric key cryptography is used to distribute symmetric keys.

D

Which standard is most widely used for certificates? A.)HTTP 1.1 B.)802.1x C.)SSL v.3.0 D.)X.509

D

Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt or a local copy of a security accounts database? A.)Salami B.)Asynchronous C.)Brute force D.)Dictionary

D

Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?

DAC

You have system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

DAC

Which of the following defines an object as an entity in the context of access control?

Data, applications, systems, networks, and physical space.

Which of the following are subject to SQL injection attacks?

Database servers

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? ● Asset classification ● Sensitivity' vs. risk ● Delphi method ● Comparative

Delphi method

Which of the following is not an appropriate response to a risk discovered during a risk analysis? ● Denial ● Assignment ● Mitigation ● Acceptance

Denial

What is the default rule found in a firewall's access control list (ACL)?

Deny All

Which access control type is used to implement short-term repairs to restore basic functionality following an attack?

Corrective

If your mission-critical services have a maximum downtime (MTD) (or a recovery time objective [RTO]) of 36 hours, what is the optimum form of recovery site? A.)Hot B.)Mobile C.)Cold D.)Warm

D

SHA-1 uses which of the following bit length hashing algorithms? A.)Only 128-bit B.)128-bit, 160-bit, 192 bit, 224 bit, and 256 bit C.)224-bit, 256-bit, 384-bit, and 512-bit D.)Only 160-bit

D

Which of the following best describes the concept of a *virtual LAN*?

Devices on different networks that can receive multicast packets Devices connected by a transmission medium other than a cable. (i.e. microwave, radio transmissions) >>Devices on the same network logically grouped as if they were on separate networks Devices connected through the Internet that can communicate without using a network address Devices in separate networks (i.e. different network addresses) logically grouped as if they were in the same network

Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)

Devices tend to employ much weaker security than traditional network devices. Devices are, typically, more difficult to monitor than traditional network devices.

Which of the following actions should you take to reduce the attack surface of a server?

Disable unused services

Which access control model is based on the data's owner implementing and administering access control?

Discretionary Access Control (DAC)

Which of the following is not an element of the termination process? ● Dissolution of the NDA ● Exit interview ● Disable all network access ● Return company property

Dissolution of the NDA

The best way to initiate solid administrative control over an organization's employees is to have what element in place? ● An acceptable use policy ● Rotation of duties ● Distinct job descriptions ● Mandatory vacations in one-week increments

Distinct job descriptions

What does the acronym DDoS denote?

Distributed Denial of Service

Which of the following is a common social engineering attack? ● Using a sniffer to capture network traffic ● Distributing hoax virus information emails ● Distributing false information about your organization's financial status ● Logging on with stolen credentials

Distributing hoax virus information emails

When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?

Drive-by download

Sensitive data is monitored by the data loss prevention (DLP) system in four different states. Which of the following is NOT one of the states monitored by DLP? A.)While at rest on a storage medium. B.)While being transmitted to or form cloud-based systems. C.)While in motion as it is transmitted over the network. D.)While in use on endpoint systems. E.)While a file with sensitive data is being created.

E

The government and military use the following information classification system: *Unclassified *Sensitive but unclassified *Confidential *Secret *Top secret Choose the classification for the description listed below: -If this information is disclosed, it could cause severe and permanent damage to military actions. A.)Confidential B.)Top secret C.)Unclassified D.)Sensitive but unclassified E.)Secret

E

Which of the following statements about ESD is NOT correct? O ESD is much more likely to occur when the relative humidity is above 50%. O One of the greatest threats to computer equipment is ESD. O Measuring the moisture content in the air can be helpful in avoiding ESD. O ESD damage is more likely to occur in low humidity'.

ESD is much more likely to occur when the relative humidity is above 50%.

Which of the following is the single greatest threat to network security? O Weak passwords O Employees O Email phishing O Insecure physical access to network resources

Employees

What does the acronym FCoE denote?

Fibre Channel over Ethernet

A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to a wireless network and then uses NMAP to probe various network hosts to see which operating system they are running.

Firewalking >>Active fingerprinting Network enumeration Passive fingerprinting

A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts. Which process did the administrator use in the penetration test in this scenario?

Firewalking Active fingerprinting Network enumeration >>Passive fingerprinting

Which of the following is the best device to deploy to protect your private network from a public untrusted network?

Firewall

You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers.

Grant the group the necessary user rights. Create a security group for the administrators and add all user accounts to the group.

For users who are members of the sales team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use?

Group Policy

Match each physical security control on the left with an appropriate example of that control on the right. Each security control may be used once, more than once, or not at all. O Perimeter barrier O Door locks O Physical access control O Safety O Protected cable distribution

Hardened carrier O Protected cable distribution Biometric authentication O Door locks Barricades O Perimeter barrier Emergency escape plans O Safety Alarmed carrier O Protected cable distribution Anti-passback system O Physical access control Emergency lighting O Safety Exterior floodlights O Perimeter barrier

By definition, what is the process of reducing security exposure and tightening security controls?

Hardening

When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?

Hijacking

You have been given laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?

Host based firewall

When configuring VLANs on a switch, what is used to identify VLAN membership of a device?

Host name IP address MAC address >>Switch port

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?

Hotfix

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

IDS >>Port scanner System logs Packet sniffer IPS

Which of the following is the best countermeasure against man-in-the-middle attacks?

IPsec

An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit?

Implementing client-side validation

While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)

Implementing client-side validation. Implementing server-side validation

An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list? O Explicit allow O Explicit deny O Implicit deny O Implicit allow

Implicit deny

Which of the following are true concerning the Virtual Desktop Infrastructure?

In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers. User desktop environments are centrally hosted on servers instead of on individual desktop systems.

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Inbound scanning Passive reconnaissance Reverse engineering >>Penetration testing

A user calls to report that she is experiencing intermittent problems while accessing the wireless from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room across the hall and next to the elevator. What is the most likely cause of her connectivity problem?

Interference is affecting the wireless signal.

Which private-key encryption algorithm does Pretty Good Privacy (PGP) use to encrypt data?

International Data Encryption Algorithm (IDEA)

Which protocol is used by network devices to transmit error messages?

Internet Control Message Protocol (ICMP)

You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible. Which type of connection will you need?

Intranet >>Remote access Internet Virtual private network

What does the acronym IDS denote?

Intrusion Detection System

Which function does a single sign-on (SSO) system provide?

It allows a user to present authentication credentials once and gain access to all computers within the SSO system.

Why is GPS tracking often disabled?

It is considered a security threat. As long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located.

How is a digital signature created from a message digest?

It is encrypted using the sender's private key.

Which of the following best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source.

What is the purpose of a sandbox in a Java applet?

It prevents Java applets from accessing unauthorized areas on a user's computer.

What is the purpose of Infrastructure as a Service (IaaS) in cloud computing?

It provides computer and server infrastructure, typically through a virtualization environment.

What is the purpose of Platform as a Service (PaaS) in cloud computing?

It provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform.

You are concerned that the accountant in your organization might have the chance to modify' financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which security principle are you implementing by periodically shifting accounting responsibilities? O Separation of duties O Least privilege O Need to know O Explicit deny O Job rotation

Job rotation

The chain of custody is used for which purposes? O Listing people coming into contact with evidence O Detailing the timeline between creation and discovery of evidence O Retaining evidence integrity O Identifying the owner of the evidence

Listing people coming into contact with evidence

Which of the following devices can monitor a network and detect potential security attacks?

Load balancer CSU/DSU >>IDS DNS server Proxy

Which of the following do switches and wireless access points use to control access through the device?

MAC address filtering

Which of the following features on a wireless network allows or rejects client connections based on the hardware address?

MAC address filtering

What is another name for a back door that was accidentally left in a product by the manufacturer? ● Trojan horse ● Maintenance hook ● Security patch ● Root kit

Maintenance hook

The Development group has been given the Write permission to the Design folder.• The Sales group has been given the Write permission to the Products folder.No other permissions have been given to either group.User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder.You want to use groups as much as possible.What should you do?

Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first? O Fire the employee who uses the computer O Make a bit-level copy of the disk O Obtain a search warrant O Run forensic tools to examine the hard drive contents

Make a bit-level copy of the disk

You walk by the server room and notice that a fire has started. What should you do first? O Grab a fire extinguisher and try to put out the fire. O Turn on the overhead sprinklers. O Call the fire department. O Make sure everyone has cleared the area.

Make sure everyone has cleared the area.

Match each Manageable Network Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Prepare to Document ● Protect Your Network ● Map Your Network ● Reach Your Network

Make sure that remote access connections are secure ● Reach Your Network Create a list of all protocols being used on the network ● Map Your Network Identify the choke points on the network ● Protect Your Network Use timestamps on all documents ● Prepare to Document Create a list of all devices ● Map Your Network

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which attack type?

Man-in-the-middle attack

*NetBIOS (Network Basic Input/Output System) is a transport protocol used by _______________ systems to allow applications on separate computers to communicate over a LAN.*

Microsoft Windows* NetBIOS (Network Basic Input/Output System) is a transport protocol used by Microsoft Windows systems to allow applications on separate computers to communicate over a LAN.

What is Microsoft Baseline Security Analyzer?

Microsoft application that creates security reports

You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. What feature should your switch support?

Mirroring Trunking OSPF >>Spanning tree PoE

You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students Will use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose?

Restrict content based on content categories

Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?

Retina MBSA OSSTMM >>OVAL

Which algorithms are asymmetric key algorithms?

Rivest, Shamir, and Adleman (RSA), elliptic curve cryptosystem (ECC), Diffie-Hellman, El Gamal, Digital Signature Algorithm (DSA), and Knapsack

Your company security policy states that wireless are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the in his office. What type of security risk is this?

Rogue Access Point

Which of the following is an example of Rule Based Access Control (RBAC)?

Router access control lists that allows or denies traffic based on the characteristics of an IP packet?

You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would best protect your system?

Run the browser within a virtual environment

Which of the following mechanisms can you use to add encryption to email? (Select two.)

S/MIME PGP

Which of the following is a disadvantage of software-defined networking (SDN)?

SDN facilitates communication between hardware from different vendors SDN gathers network info and statistics >>SDN standards are still being developed SDN creates centralized management

Which of the following are examples of single sign-on authentication solutions? (Select two.)

SESAME Kerberos

Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client? ● Final audit report ● Mutual aid agreement ● Service level agreement ● Certificate practice statement

Service level agreement

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent data extraction from the discs? ● Write junk data over the discs seven times ● Degauss the disks ● Delete the data on the discs ● Shred the disks

Shred the disks

What is the most effective way to improve or enforce security in any environment? ● Enforcing account lockout ● Disabling Internet access ● Providing user-awareness training ● Requiring two-factor authentication

Providing user-awareness training

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

Simple >>SASL Mutual EAP

What does the acronym SMTP denote?

Simple Mail Transfer Protocol

Match the Group Policy type on the left with the function that it can perform on the right. (Each item can be used more than once.)

Software that should be installed on a specific computer >>Computer Configuration Software that should be installed for a specific user. >>User Configuration Scripts that should run at startup or shutdown. >>Computer Configuration Scripts that should run at logon or logoff. >>User Configuration Network communication security settings. >>Computer Configuration

What is modified in the most common form of spoofing on a typical IP packet?

Source address

You manage a network that uses switches. In the lobby of you building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?

Spanning tree >>Port authentication Mirroring VLAN Bonding

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation, not to other devices. Which feature should you configure?

Spanning tree >>Promiscuous mode Mirroring Bonding

Your company is a small start-up company that has leased office space in the building shared by other businesses. All businesses share a common infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure your computers are isolated from computers used by other companies. What feature should you request to have implemented?

Spanning tree VPN >>VLAN Port Security

Which of the following networking devices or services prevents the use of IPSec in most cases?

NAT

What is the primary security advantage of using NAT?

Network Address Translation (NAT) hides internal IP addresses from the public network

Your organization's security policy requires you to restrict network access to allow only clients that have their firewall enabled. Which of the following is a collection of components that would allow you to meet this requirement?

Network access protection

You manage a small network at work. Users use workstations connected to your network No portable computers are allowed. As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e- mails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?

Network based firewall

Which of the following encryption methods combines a random value with plain text to produce cipher text? O Steganography O Elliptic curve O One-time pad O Transposition

One-time pad

What is another term for the type of login credentials provided by a token device?

One-time password

Which of the following is not an example of a physical barrier access control mechanism? O Fences O Mantrap O One-time passwords O Biometric locks

One-time passwords

You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server.What should you do to enable access?

Open ports 20 and 21 for inbound and outbound connections

Which of the following is a firewall function?

Packet filtering

What type of password is maryhadalittlelamb?

Pass phrase

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing

Which of the following are characteristics of a circuit-level gateway? (Select two.)

Stateful Filters based on sessions

Which of the following are characteristics of a packet filtering firewall? (Select two.)

Stateless Filters IP address and port

You are the administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you With five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the Inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?

Static

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55. lgg/16. You have a Single public address that IS shared by all hosts on your private network. You want to configure the sewer as a web server and allow internet hosts to contact the server to browse a personal website. What should use to allow access?

Static NAT

Disaster Recovery and Incident Response *Which redundancy strategy has one spare part for every component in use?* a. 1+1 b. JWDO c. JIT d. Rollovers

a. *1+1* The redundancy strategy 1+1 has one spare part for every component in use.

*An Internet Protocol version 6 (IPv6) address is _______________ in length.* a. 128 bits b. 64 bytes c. 32 bytes d. 32 bits

a. *128 bits* IPv6 expands the length of source and destination IP addresses from IPv4's 32 bits to 128 bits.

Wireless Networking Security *What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet?* a. 128-bit b. 64-bit c. 56-bit d. 12-bit

a. *128-bit* TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet.

*Which port does the Simple Mail Transfer Protocol (SMTP) use?* a. 25 b. 53 c. 110 d. 143

a. *25* The Simple Mail Transfer Protocol (SMTP) uses port 25.

Security-Related Policies and Procedures *Which ISO standard states: "Privileges should be allocated to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum requirement for their functional role when needed"?* a. 27002 b. 27102 c. 20102 d. 20112

a. *27002* The ISO standard 27002 (which updates 17799) states: "Privileges should be allocated to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum requirement for their functional role when needed."

Protecting Networks *It is suspected that some recent network compromises are originating from the use of RDP. Which of the following TCP port traffic should be monitored?* a. 3389 b. 139 c. 138 d. 443

a. *3389* TCP port 3389 is used by RDP. Answer B is incorrect because UDP uses port 139 for network sharing. Answer C is incorrect because port 138 is used to allow NetBIOS traffic for name resolution. Answer D is incorrect because port 443 is used for HTTPS.

Wireless Networking Security *Which protocol operates on 2.4GHz and has a bandwidth of 1 Mbps or 2 Mbps?* a. 802.11 b. 802.11a c. 802.11b d. 802.11g

a. *802.11* 802.11 operates on 2.4GHZ. This standard allows for bandwidths of 1 Mbps or 2 Mbps.

Wireless Networking Security *Which of the following 802.11 standards provides for bandwidths of up to 300 Mbps?* a. 802.11n b. 802.11i c. 802.11g d. 802.11b

a. *802.11n* The 802.11n standard provides for bandwidths of up to 300Mbps.

Threats and Vulnerabilities *Internal users are reporting repeated attempts to infect their systems as reported to them by pop-up messages from their virus-scanning software. According to the pop-up messages, the virus seems to be the same in every case. What is the most likely culprit?*

a. *A server is acting as a carrier for a virus.* Some viruses won't damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus.

Access Control and Identity Management *A newly hired junior administrator will assume your position temporarily while you attend a conference. You're trying to explain the basics of security to her in as short a period of time as possible. Which of the following best describes an ACL?*

a. *ACLs provide individual access control to resources.* Access control lists allow individual and highly controllable access to resources in a network. An ACL can also be used to exclude a particular system, IP address, or user.

Cryptography Implementation *In a bridge trust model, each intermediate CA trusts only those CAs that are:* a. Above and below it b. Above it c. Below it d. On the same level

a. *Above and below it* In a bridge trust model, each intermediate CA trusts those CAs that are above and below it.

*When a user signs a(n) _____, it's a form of consent to the monitoring and auditing processes used by the organization.* a. Acceptable use policy b. Privacy policy c. Separation of duties policy d. Code of ethics policy

a. *Acceptable use policy* When a user signs an acceptable use policy, it's a form of consent to the monitoring and auditing processes used by the organization. A privacy policy usually explains that there is no privacy on company systems. A separation of duties policy indicates that administrative functions are divided among several people. The code of ethics policy describes decision-making processes to use when faced with ethical dilemmas.

What does the acronym SCADA denote?

Supervisory control and data acquisition

A VPN is primarily used for what purpose?

Support secured communications over an untrusted network

Which of the following protocols uses port 88?

TACACS LDAP L2TP PPTP >>Kerberos

Which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?

TACACS+

Which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?

TACACS+

Operating System and Application Security *Which systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed?*

a. *DLP* DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.

What is the most likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?

The computer is infected with a botnet.

A honeypot is used for which purpose?

To disable an intruders system >>To delay intruders in order to gather auditing data To prevent sensitive data from being accessed To entrap intruders

Which of the following is not a form of biometric?

Token device

Which port number does SNMP use?

UDP port 161

What is the default L2TP port?

UDP port 1701

Which security question mechanism uses a unique list that meets the following specifications: The list is embedded in the object itself The list defines which subjects have access to certain objects The list specifies the level or type of access allowed to certain objects

User ACL

Which of the following can make passwords useless on a router?

Using SSH to connect to a router remotely >>Not controlling physical access to the router Using the MD5 hashing algorithm to encrypt the password Storing the router config file to a secure location

Which phase or step of a security assessment is a passive activity?

Vulnerability mapping >>Reconnaissance Privilege escalation Enumeration

What is a pop-under?

Web site that opens in the background of the current browser window

What is a command injection?

When an operating system command is submitted in an HTML string

Which of the following are characteristics of ECC? (Select two.) A.)Uses a finite set of value within an algebraic field B.)Asymmetric encryption C.)Symmetric encryption D.)Uses multiplication of large prime numbers

A and B

Which of the following items are contained in a digital certificate? (Select two.) A.)Validity period B.)Public key C.)Root CA secret key D.)Private key

A and B

Which of the following tools allow for remote management of servers? (Select two.) A.)SSH B.)Telnet C.)FTP D.)POP3

A and B

What occurs during white-box testing?

A security firm is provided with a production-like test environment, login details, production documentation, and source code.

Which of the following describes how access lists can be used to improve network security?

An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.

Which of the following best describes an //evil twin//?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.

When using SSL authentication, what does the client verify first when checking a server's identify? A.)Master secrets are verifiable from asymmetric keys. B.)The current date and time must fall within the server's certificate validity period. C.)The certificate must be non-expiring and self-signed by the sysadmin. D.)All DNS resolution must point to the corporate intranet routers.

B

When you dispose of a computer or sell used hardware and it is crucial that none of the data on the hard disks can be recovered. Which of the following actions can you take to ensure that no data is recoverable? A.)Delete all files from all the hard disks in the computer. B.)Damage the hard disks so badly that all data remanence is gone. C.)Encrypt all the data on the hard disks. D.)Reformat all the hard disks in the computer.

B

Which of the following are backed up during a differential backup? A.)Only files that have changed since the last full or differential backup. B.)Only files that have changed since the last full backup. C.)Only files that have been added since the last full or incremental backup. D.)Only files that have changed since the last full or incremental backup.

B

Which of the following is the name of the type of port scan which does not complete the three-way handshake of TCP, but rather listens for either SYN.ACK or RST/ACK packets?

>>TCP SYN scan TCP ACK scan TCP FIN scan TCP connect scan

When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?

Uplink ports Any port not assigned to a VLAN Trunk ports Gigabit and higher Ethernet ports Each port can only be a member of a single VLAN

A group of salesmen would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?

VPN concentrator

Which of the following CCTV camera types lets you adjust the distance that the camera can see ( in other words, zoom in or out)? O Varifocal O Infrared O C-mount O Fixed

Varifocal

Which of the following is an action that must take place during the release stage of the SDLC? ● Testing of the software for bugs. ● The product goes into major production and is developed by programmers. ● Vendors develop and release patches in response to exploited vulnerabilities that have been discovered. ● Certification, accreditation, and auditing are performed.

Vendors develop and release patches in response to exploited vulnerabilities that have been discovered.

Which of the following are true of a circuit proxy filter firewall? (Select two.)

Verifies sequencing of session packets. Operates at the Session layer.

Disaster Recovery and Incident Response *With five nines availability, the total amount of downtime allowed per year is:* a. 4.38 hours b. 526 minutes c. 52.65 minutes d. 5.26 minutes

d. *5.26 minutes* With five nines availability, the total amount of downtime allowed per year is 5.26 minutes.

Security and Vulnerability in the Network *Which IEEE standard is often referred to as EAP over LAN?* a. 802.1E b. 802.1Z c. 802.1Y d. 802.1X

d. *802.1X* The IEEE standard 802.1X is often referred to as EAP over LAN. It defines port-based security for wireless network access control.

Network Security *Which statement concerning a network intrusion detection system (NIDS) is correct?* a. A NIDS knows such information as the applications that are running as well as the underlying operating systems so that it can provide a higher degree of accuracy regarding potential attacks. b. Compared to a network intrusion prevention system (NIPS), a NIDS can more quickly take action to block and attack. c. A NIDS attempts prevent malicious attacks by stopping the attack. d. A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis.

d. *A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis.* A network intrusion prevention system (NIPS) is similar to a NIDS in that it monitors network traffic to immediately react to block a malicious attack. One of the major differences between a NIDS and a NIPS is its location. A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis. A NIPS, on the other hand, would be located "in line" on the firewall itself. This can allow the NIPS to more quickly take action to block an attack.

What is war chalking?

leaving signals about a wireless network on the outside of the building where it is housed

What is a Trojan horse?

malware that is disguised as a useful utility, but is embedded with a malicious code to infect computer systems

Which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?

man-in-the-middle

What does the acronym MAC denote?

mandatory access control

Which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?

mandatory access control (MAC)

Which access control model uses security labels for each resource?

mandatory access control (MAC)

Which type of access control was originally developed for military use?

mandatory access control (MAC)

What does the acronym MTBF denote?

mean time before failure

Which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?

memorandum of understanding (MoU)

Which fingerprint scan will analyze fingerprint ridge direction?

minutiae matching

What is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?

missed detection or false negative

What is the most significant misuse of cookies?

misuse of personal data

Which risk response strategy involves reducing the probability or impact of a risk to an acceptable risk threshold?

mitigation

Which type of authentication combines two or more authentication methods, like something that a person knows (such as a password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?

multi-factor authentication

Which type of authentication is accomplished by authenticating both the client and server sides of a connection through the encrypted exchange of credentials?

mutual authentication

Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: Enter the command as if at the command prompt.)

netstat -a

What are the two major types of intrusion detection systems (IDS)?

network IDS (NIDS) and host IDS (HIDS)

Which type of attack enables an intruder to capture and modify data traffic by rerouting the traffic from a network device to the intruder's computer?

network address hijacking

What is the most common type of system used to detect intrusions into a computer network?

network intrusion detection system (NIDS)

Do certificates provide encryption?

no

What is mutual authentication?

Deploying CHAP and EAP on remote access connections >>A process by which each party in an online communication verifies the identity of each other party. Using a CA to issue certificates The use of two or more authentication factors

Audit trails produced by auditing activities are which type of security control?

Detective

Which IPSec subprotocol provides data encryption?

ESP

Which of the following are advantages of virtualization? (Select two.)

Easy migration of systems to different hardware Centralized administration

Which step is required to configure a NAP on a Remote Desktop (RD) gateway server?

Edit the properties for the server and select *Request clients to send a statement of health*

You are configuring a dial-up connection to a remote access server. Which protocols would you choose to establish the connection and authenticate, providing the most secure connection possible?

PAP >>PPP PPPoE SLIP >>CHAP

You want to use CCTV to increase your physical security. You want the ability to remotely control the camera position. Which camera type should you choose? O Dome O PTZ O Bullet O C-mount

PTZ

Which of the following best describes the platform as a service (PaaS) cloud computing service model?

PaaS delivers software applications to the client either over the internet or on a local area network. PaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments PaaS stores and provides data from a centralized location without the need for local collection and storage >>PaaS delivers everything a developer needs to build an application onto the cloud infrastructure

What is the primary purpose of separation of duties? O Prevent conflicts of interest O Grant a greater range of control to senior management O Inform managers that they are not trusted O Increase the difficulty of performing administration

Prevent conflicts of interest

The auditing feature of an operating system servers as what form of control when users are informed that their actions are being monitored?

Preventative

What is the most secure implementation of File Transfer Protocol (FTP)?

Secure File Transfer Protocol (SFTP)

Which hashing algorithm produces a message digest of 160 bits in length?

Secure Hash Algorithm (SHA-1)

Which standard is a specification for secure e-mail, designed to prevent the decryption of e-mail messages?

Secure Multipurpose Internet Mail Extension (S/MIME)

Which two protocols provide encryption for HTTP/S?

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

Which security protocol is best used for connection-oriented systems such as an intranet?

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

Which of the following is a hardware device that contains identification information and can be used to control building access or computer logon?

Smart card

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Which setting ensures that users periodically change their account passwords?

password expiration

Which application hardening method requires that your organization periodically checks with the application vendor?

patch management

Which security control is lost when using cloud computing?

physical control of the data

Which type of controls includes controlling access to different parts of a building, implementing locking systems, installing fencing, implementing environmental controls, and protecting the facility perimeter?

physical controls

What is the act of gaining unauthorized access to a facility by using another user's access credentials?

piggybacking or tailgating

Which method of gaining access to controlled-access areas is usually thwarted using turnstiles, double-door systems, and security guards?

piggybacking or tailgating

Which eye scan measures the pattern of blood vessels at the back of the eye?

retinal scan

Which type of eye scan is considered more intrusive than other eye scans?

retinal scan

What would a certification authority (CA) do if a private key associated with a certificate had been compromised?

revoke the certificate

What is the term for the method of determining which kinds of controls are needed to classify and protect a company's information assets?

risk assessment

Which access control model has the lowest cost?

role-based access control (RBAC)

Which type of access control associates roles with each user?

role-based access control (RBAC)

What is the top-most level of the LDAP hierarchy?

root

Which certification authority (CA) has the highest level of trust in a trust hierarchy?

root CA

What is the name of the top-most level certification authority (CA)?

root authority or root CA

Which Layer 3 device allows different logical networks to communicate?

router

What is the name of the process for removing only the incriminating data from the audit logs?

scrubbing

Which program relies on understanding the corporate environment during its development?

security awareness program

Which policy defines the technical means that are used to protect data on a network?

security policy

To provide checks and balances and to prevent one person from gaining too much power over a system, which type of security policy should you implement?

separation of duties

Which security measure prevents fraud by reducing the chances of collusion?

separation of duties

What are alternate terms for cross-site request forgery (XSRF)?

session riding or one-click attack

Which type of attack do privacy screens protect against?

shoulder surfing

Which intrusion detection system (IDS) watches for intrusions that match a known identity?

signature-based IDS

Why should the proper chain of custody be ensured?

so that evidence will be admissible in court

Which protocol will provide loop protection?

spanning tree protocol

Which type of virus attempts to hide from antivirus software and from the operating system by remaining in memory?

stealth

Which devices can limit the effectiveness of sniffing attacks: switches or routers?

switches

Is Advanced Encryption Standard (AES) symmetric or asymmetric?

symmetric

Is International Data Encryption Algorithm (IDEA) symmetric or asymmetric?

symmetric

Is the Data Encryption Standard (DES) algorithm asymmetric or symmetric?

symmetric

Is the Triple-DES (3DES) algorithm symmetric or asymmetric?

symmetric

Which encryption method is faster?

symmetric encryption

What are two other names for single-key cryptography?

symmetric key encryption and secret-key encryption

Which document should never be stored in a public area: acceptable use policy or system architecture diagram?

system architecture diagram

What is another term for logical controls?

technical controls

Which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?

technical controls

Which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?

technical or logical controls

Which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?

the Audit Account Logon Events audit category

Which audit category monitors changes to user accounts and groups?

the Audit Account Management audit category

Which audit category tracks access to all objects outside Active Directory?

the Audit Object Access audit category

Which audit category will audit all instances of users exercising their rights?

the Audit Privilege Use audit category

At which OSI layer does IP Security (IPSec) operate?

the Network layer (Layer 3)

Which log in Event Viewer should you open to view events that are generated based on your auditing settings?

the Security log

What is war driving?

the act of discovering unprotected wireless network by driving around with a laptop

What is bluesnarfing?

the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth connection

What is incident management?

the activities of an organization to identify, analyze, and correct risks as they are identified

Which account should you rename immediately after installing a new operating system (OS) to harden the OS?

the administrator account

If the user is NOT prompted for credentials when connected to a Network Access Control (NAC) server, what is the user's computer missing?

the authentication agent

Which key is included in an X.509 v3 certificate?

the certificate owner's public key

What defines the allowed uses for a certificate issued by a certification authority (CA)?

the certificate policy

What defines the way in which a certification authority (CA) implements the creation of certificates?

the certificate practice statement

Who has the responsibility for configuring access rights in discretionary access control (DAC)?

the data owner or data custodian

Encrypting all files on a system hardens which major component of a server?

the file system

Which backup method serves as the baseline for a backup set?

the full backup

Which team is responsible for restoring critical business functions at an alternate site in the event of disruption?

the recovery team

Which address is faked with IP spoofing attacks?

the source IP address

What should you identify about a user before implementing the principle of least privilege?

the user's job functions

What is meant by the term hardening?

tightening control using security policies to increase system security

What is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?

to accept the risk

What is the purpose of hot and cold aisles?

to control airflow in the data center

What is the purpose of dumpster diving?

to discover confidential information, such as user passwords

What is the purpose of a fail-safe error handler?

to ensure that the application stops working, reports the error, and closes down

Why should a first responder be familiar with the incident response plan?

to ensure that the appropriate procedures are followed

What is the purpose of mobile device encryption?

to ensure that the contents of he mobile device are confidential

What is the first step in a business impact analysis?

to identify all of the organization's business units

What is the purpose of a spam filter?

to identify and block unwanted messages

What is the purpose of fuzz testing?

to identify bugs and security flaws within an application

What is the purpose of administrative controls?

to implement security policies based on procedures, standards, and guidelines

What is the purpose of anti-spam applications or filters?

to prevent unsolicited e-mail

What is the purpose of screen locks on mobile devices?

to prevent users from accessing the mobile device until a password or other factor is entered

What is the purpose of MAC filtering?

to restrict the clients that can access a wireless network

What is the purpose of content inspection?

to search for malicious code or behavior

Which risk response strategy involves purchasing insurance to protect the organization should the risk occur?

transference

Which IPSec mode is used mostly in host-to-host communications?

transport mode

Which IPSec mode is used to create a VPN between two gateways?

tunnel mode

Which two modes does IP Security (IPSec) provide to ensure confidentiality?

tunnel mode and transport mode

If a user needs administrative-level access, how many user accounts should be issued to the user?

two - one for normal tasks, one for administrative-level tasks

What is cross-site request forgery (XSRF)?

unauthorized commands coming from a trusted user to a user or Web site, usually through social networking

When a cryptographic system is used to protect the data confidentiality, what actually takes place? O Transmitting the encrypted data is prohibited O The data is available for access whenever authorized users need it O The data is protected from corruption or change O unauthorized users are prevented from viewing or accessing the resource

unauthorized users are prevented from viewing or accessing the resource

Which servers are susceptible to the same type of attacks as their hosts, including denial-of-service attacks, detection attacks, and escape attacks?

virtual servers

Which two fire suppression agents are used to suppress fires involving paper and wooden furniture?

water or soda acid

What is the name for an encryption key that can be easily reverse-engineered from the encrypted data by brute force methods?

weak key

What are the four types of water sprinklers?

wet pipe, dry pipe, preaction, and deluge

What is header manipulation?

when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet

What is an XML injection?

when a user enters values in an XML query that takes advantage of security loopholes

What is phishing?

when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received

When should an administrative account be used?

when performing administrative-level tasks

In which situation will you accept a risk?

when the cost of the safeguard exceeds the amount of the potential loss

What is a honeynet?

when two or more honeypots are implemented on a network

When does fuzzing occur?

when unexpected values are provided as input to an application in an effort to make the application crash

What is key escrow?

when you maintain a secured copy of a user's private to ensure that you can recover the lost key

What are the three basic questions answered by the chain of custody?

who controlled the evidence, who secured the evidence, and who obtained the evidence

What is the term for a device that acts as a concentrator for a wireless LAN?

wireless access point (WAP)

Does the S/MIME protocol use certificates?

yes

Is instant messaging vulnerable to packet sniffing?

yes

You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.

yum list installed

Which of the following accurately describes what a protocol analyzer is used for? (Select two.) ☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. ☐ A device that measures the amount of data that can be transferred through a network or processed by a device. ☐ A passive device that is used to copy frames and allow you to view frame contents. ☐ A device that allows you to capture, modify, and retransmit frames (to perform an attack).

☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A passive device that is used to copy frames and allow you to view frame contents.

Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two.) ☐ CO2 ☐ Halon ☐ Foam ☐ Water

☐ CO2 ☐ Halon

*Which of the following statements best describes nonrepudiation?* a. A set of mathematical rules used in encryption b. A means of proving that a transaction occurred c. A method of hiding data in another message d. A drive technology used for redundancy and performance improvement

b. *A means of proving that a transaction occurred* Nonrepudiation means that neither a sender nor a receiver can deny sending or receiving a message or data. Answer A is incorrect because it describes an algorithm. Answer C is incorrect because it describes steganography. Answer D is incorrect because it describes RAID.

*Which term refers to a pay-per-use computing model in which customers pay only for the online computing resources they need?* a. Host computing b. Cloud computing c. Patch computing d. Server computing

b. *Cloud computing* Cloud computing, which is a pay-per-use computing model in which customers pay only for the online computing resources they need, has emerged as a revolutionary concept that can dramatically impact all areas of IT, including network design, applications, procedures, and even personnel.

*Which of the following is the most effective method that can be used to prevent data from being accessed in the event the device is lost or stolen?* a. GPS tracking b. Device encryption c. Remote wipe d. Passcode policy

b. *Device encryption* Just like the data on hard drives, the data on mobiles can be encrypted. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. Answer C is incorrect. A remote wipe allows the handheld's data to be remotely deleted in the event the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.

*In which of the following types of architecture is the user responsible for the creation of the private and public key?* a. Decentralized key management b. Centralized key management c. Revocation key management d. Multilevel key management

a. *Decentralized key management* In a decentralized key-management scheme, the user creates both the private and public key and then submits the public key to the CA to allow it to apply its digital signature after it has authenticated the user. Answer B is incorrect because centralized key management allows the organization to have complete control over the creation, distribution, modification, and revocation of the electronic credentials that it issues. Answers C and D are incorrect because they are nonexistent terms.

*A physical security plan should include which of the following? (Select all correct answers.)* a. Description of the physical assets being protected b. The threats from which you are protecting against and their likelihood c. Location of a hard disk's physical blocks d. Description of the physical areas where assets are located

a. *Description of the physical assets being protected* b. *The threats from which you are protecting against and their likelihood* d. *Description of the physical areas where assets are located* A physical security plan should be a written plan that addresses your current physical security needs and future direction. With the exception of answer C, all the answers are correct and should be addressed in a physical security plan. A hard disk's physical blocks pertain to the file system.

Access Control and Identity Management *LDAP is an example of which of the following?*

a. *Directory access protocol* Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book.

Operating System and Application Security *LDAP is an example of which of the following?*

a. *Directory access protocol* Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book.

*The _______________ approach to calculating risk uses an "educated guess" based on observation.* a. cumulative b. qualitative c. technical d. quantitative

b. *qualitative* The qualitative approach to calculating risk uses an "educated guess" based on observation.

*The _______________ is the maximum length of time that an organization can tolerate between backups.* a. mean time to failure b. recovery point objective c. mean time to recovery d. recovery time objective

b. *recovery point objective* The recovery point objective (RPO) is the maximum length of time that an organization can tolerate between backups.

*A(n) _______________ is an in-depth examination and analysis of a wireless LAN site.* a. network log b. site survey c. captive portal d. threat vector

b. *site survey* Ensuring that a wireless LAN can provide its intended functionality and meet its required design goals can best be achieved through a site survey. A site survey is an in-depth examination and analysis of a wireless LAN site.

What are the two types of ciphers?

block and streaming

What portion(s) of the IP packet are encrypted in IPSec tunnel mode?

both the header and the payload

Protecting Networks *Which type of active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken?*

c. *Deception* A deception active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.

Operating System and Application Security *Which filesystem was primarily intended for desktop system use and offers limited security?*

c. *FAT* FAT technology offers limited security options.

Cryptography Basics *During a training session, you want to impress upon users how serious security and, in particular, cryptography is. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use?*

b. *NIST* NIST is responsible for establishing the standards for general-purpose government encryption. NIST is also becoming involved in private-sector cryptography.

*_______________ is a protocol suite for securing Internet Protocol (IP) communications.* a. Internet Small Computer System Interface (iSCSI) b. Internet Control Message Protocol (ICMP) c. Internet Protocol Security (IPsec) d. Hypertext Transport Protocol Secure (HTTPS)

c. *Internet Protocol Security (IPsec)* Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications.

Threats and Vulnerabilities *You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?*

c. *Replay attack* A replay attack attempts to replay the results of a previously successful session to gain access.

Wireless Networking Security *Which protocol is mainly used to enable access to the Internet from a mobile phone or PDA?* a. WEP b. WTLS c. WAP d. WOP

c. *WAP* Wireless Application Protocol (WAP) is an open international standard for applications that use wireless communication.

*Allowing an IP address to be split anywhere within its 32 bits is known as _______________.* a. splitting b. spanning c. subnetting d. IP spraying

c. *subnetting* Allowing an IP address to be split anywhere within its 32 bits. This is known as subnetting or subnet addressing.

*Networks are usually segmented by using _______________ to divide the network into a hierarchy.* a. hubs b. routers c. switches d. proxies

c. *switches* Networks are usually segmented by using switches to divide the network into a hierarchy.

Disaster Recovery and Incident Response *You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't utilize a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage?* a. Grandfather, Father, Son method b. Full Archival method c. Backup Server method d. Differential Backup method

a. *Grandfather, Father, Son method* The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.

Cryptography Basics *What is the process of deriving an encrypted value from a mathematical process called?*

a. *Hashing* Hashing algorithms are used to derive an encrypted value from a message or word.

Protecting Networks *What is a system that is intended or designed to be broken into by an attacker called?*

a. *Honeypot* A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution.

Security and Vulnerability in the Network *Which of the following serves the purpose of trying to lure a malicious attacker into a system?* a. Honeypot b. Pot of gold c. DMZ d. Bear trap

a. *Honeypot* A honeypot is used to serve as a decoy and lure a malicious attacker. Answers B and D are incorrect answers and are not legitimate terms for testing purposes. Answer C is incorrect because a demilitarized zone (DMZ) is an area between the Internet and the internal network.

*Which of the following are types of updates applied to systems? (Select all correct answers.) * a. Hotfix b. Service packs c. Patches d. Coldfix

a. *Hotfix* b. *Service packs* c. *Patches* Each of these describes types of updates that can be applied to a system. Answer D is incorrect.

Protecting Networks *Security has become the utmost priority at your organization. You're no longer content to act reactively to incidents when they occur—you want to start acting more proactively. Which system performs active network monitoring and analysis and can take proactive steps to protect a network?*

a. *IDS* An IDS is used to protect and report network abnormalities to a network administrator or system. It works with audit files and rule-based processing to determine how to act in the event of an unusual situation on the network.

*Which term describes the concept of using a data based IP network to add digital voice clients and new voice applications onto the IP network?* a. IP telephony b. Virtualization c. Loop protection d. Captive portals

a. *IP telephony* Using Internet Protocol (IP), various services such as voice, video, and data can be combined (multiplexed) and transported under a universal format. IP telephony is using a data based IP network to add digital voice clients and new voice applications onto the IP network.

Access Control and Identity Management *You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security?*

a. *IPSec* IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.

Access Control and Identity Management *What is invoked when a person claims they are the user but cannot be authenticated—such as when they lose their password?*

a. *Identity proofing* Identity proofing is invoked when a person claims they are the user but cannot be authenticated, such as when they lose their password.

Security and Vulnerability in the Network *What is the name given to the activity that consists of collecting information that will be later used for monitoring and review purposes?* a. Logging b. Auditing c. Inspecting d. Vetting

a. *Logging* Logging is the process of collecting data to be used for monitoring and auditing purposes. Auditing is the process of verification that normally involves going through log files; therefore, answer B is incorrect. Typically, the log files are frequently inspected, and inspection is not the process of collecting the data; therefore, answer C is incorrect. Vetting is the process of thorough examination or evaluation; therefore, answer D is incorrect.

*Which term describes a technique that allows private IP addresses to be used on the public Internet?* a. Network address translation (NAT) b. Port address translation (PAT) c. Network access control (NAC) d. Loop protection

a. *Network address translation (NAT)* Network address translation (NAT) is a technique that allows private IP addresses to be used on the public Internet.

Protecting Networks *Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)*

a. *Network sniffer* b. *NIDS* Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated.

Physical and Hardware-Based Security *The process of reducing or eliminating susceptibility to outside interference is called what?* a. Shielding b. EMI c. TEMPEST d. Desensitization

a. *Shielding* Shielding keeps external electronic signals from disrupting operations.

Network Security *Which type of firewall packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator?* a. Stateless packet filtering b. Stateful packet filtering c. Switched packet filtering d. Secure packet filtering

a. *Stateless packet filtering* Packets can be filtered by a firewall in one of two ways. Stateless packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator. Stateful packet filtering keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Disaster Recovery and Incident Response *Which of the following outlines those internal to the organization who have the ability to step into positions when they open?* a. Succession planning b. Progression planning c. Emergency planning d. Eventuality planning

a. *Succession planning* Succession planning outlines those internal to the organization who have the ability to step into positions when they open.

Access Control and Identity Management *You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other?*

a. *VLAN* Virtual local area networks (VLANs) break a large network into smaller networks. These networks can coexist on the same wiring and be unaware of each other. A router or other routing-type device would be needed to connect these VLANs.

*You are setting up an FTP server that needs to be accessed by both the employees and external contractors. What type of architecture should you implement?* a. VLAN b. DMZ c. NAT d. VPN

a. *VLAN* b. *DMZ* c. *NAT* All except answers D and E are advantages of honeypots and honeynets. Currently, the legal implications of using such systems are not that well defined, and the use of these systems typically requires more administrative resources.

*A _______________ cloud is a cloud that is open only to specific organizations that have common concerns.* a. community b. public c. hybrid d. private

a. *community* A community cloud is a cloud that is open only to specific organizations that have common concerns.

*Risk _______________ involves understanding something about the attacker and then informing him of the harm that may come his way if he attacks an asset.* a. deterrence b. mitigation c. transference d. avoidance

a. *deterrence* Risk deterrence involves understanding something about the attacker and then informing him of the harm that may come his way if he attacks an asset.

*In _______________ virtualization, an entire operating system environment is simulated.* a. host b. network c. application d. cloud

a. *host* One type of virtualization in which an entire operating system environment is simulated is known as host virtualization. Instead of using a physical computer, a virtual machine, which is a simulated software-based emulation of a computer, is created. The host system (the operating system installed on the computer's hardware) runs a hypervisor that manages the virtual machine operating systems and supports one or more guest systems (a foreign virtual operating system).

Security and Vulnerability in the Network *You want to implement MAC filtering on a small network but do not know the MAC address of a Linux-based workstation. Which command-line tool can you run on the workstation to find the MAC address?* a. ifconfig b. ifconfig /show c. ipconfig d. ipconfig /all

a. *ifconfig* The command ifconfig will show the MAC address on the Linux or Unix-based workstation.

*Ports can be secured through disabling unused interfaces, using _______________, and through IEEE 802.1x.* a. media access control (MAC) limiting and filtering b. virtual private network (VPN) tunneling c. packet sniffers d. virtual local area networks (VLANs)

a. *media access control (MAC) limiting and filtering* Ports can be secured through disabling unused interfaces, using MAC limiting and filtering, and through IEEE 802.1x.

*The goal of _______________ is to prevent computers with suboptimal security from potentially infecting other computers through the network.* a. network access control (NAC) b. virtualization c. captive portals d. port security

a. *network access control (NAC)* The goal of NAC is to prevent computers with suboptimal security from potentially infecting other computers through the network.

*A weakness of FTPS is that although the control port commands are encrypted, the data port (_______________) may or may not be encrypted.* a. port 20 b. port 21 c. port 25 d. port 80

a. *port 20* A weakness of FTPS is that although the control port commands are encrypted, the data port (port 20) may or may not be encrypted.

*By using _______________, instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number.* a. port address translation (PAT) b. network access control (NAC) c. network address translation (NAT) d. port mirroring

a. *port address translation (PAT)* A variation of NAT is port address translation (PAT). Instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number. This allows a single public IP address to be used by several users.

Network Security *A(n) _______________ captures packets to decode and analyzes their contents.* a. protocol analyzer b. load balancer c. Internet content filter d. spam filter

a. *protocol analyzer* A protocol analyzer captures packets to decode and analyzes their contents.

Which of the following is an example of a strong password? ● Robert694 ● atgiov45a ● desktop#7 ● a8bT11$yi

a8bT11$yi

*What aspect of disaster recovery planning details training requirements for managers, administrators, and users?* a. Impact and risk assessment b. Disaster recovery plan c. Disaster recovery policies d. Service level agreements

b. *Disaster recovery plan* The disaster recovery plan documents how organizations will recover from a disaster. It includes risk evaluations, restoration procedures application, and training required. Answer A is incorrect because the impact and risk assessment details on recovery scope, priority, and order of restoration. Answer C is incorrect because the disaster recovery policies detail responsibilities and procedures to follow during disaster recovery events. Service level agreements are contracts with suppliers and vendors that detail minimum levels of support, making answer D incorrect.

What is an IP spoofing attack?

an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source

What is a zero-day exploit?

an attack that exploits a security vulnerability on the day the vulnerability becomes generally known

What is an Xmas attack?

an attack that looks for open ports

What is bluejacking?

an attack that sends unsolicited messages over a Bluetooth connection

Which assessment examines whether network security practices follow a company's security policy?

an audit

What is spear phishing?

an e-mail request for confidential information that appears to come from your supervisor

What is a malicious insider?

an employee who uses his access to the network and facility to obtain confidential information

What is the name of the security process that involves recognition, verification, classification, containment, and analysis?

an incident response

Which backup method backs up every file modified on the server since the last full backup, and resets the archive bit?

an incremental backup

Educating and Protecting the User *______ information is made available to either large public or specific individuals, while ______ information is intended for only those internal to the organization.*

b. *Public; Private* Public information is made available to either large public or specific individuals, while Private information is intended for only those internal to the organization.

*The process of making an operating system more secure by closing known vulnerabilities and addressing security issues is known as which of the following?* a. Handshaking b. Hardening c. Hotfixing d. All of the above

b. *Hardening* Hardening refers to the process of securing an operating system. Handshaking relates the agreement process before communication takes place; therefore, answer A is incorrect. A hotfix is just a security patch that gets applied to an operating system; therefore, answer C is incorrect. Hardening is the only correct answer; therefore, answer D is incorrect.

Physical and Hardware-Based Security *Which of the following won't reduce EMI?* a. Physical shielding b. Humidity control c. Physical location d. Overhauling worn motors

b. *Humidity control* Electrical devices, such as motors, that generate magnetic fields cause EMI. Humidity control won't address EMI.

*An organization is looking for a basic mobile solution which will be used to prevent unauthorized access to users' phones. Which of the following fulfills this requirement?* a. GPS tracking b. Voice encryption c. Remote wipe d. Passcode policy

d. *Passcode policy* A screen lock or passcode is used to prevent access to the phone. Answer A is incorrect because if a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer C is incorrect because remote wipe allows the handheld's data to be remotely deleted in the event the device is lost or stolen.

Security and Vulnerability in the Network *Which of the following involves trying to get access to your system from an attacker's perspective?* a. Loop recon b. Flood gating c. Vulnerability scanning d. Penetration testing

d. *Penetration testing* Penetration testing involves trying to get access to your system from an attacker's perspective.

*Which statement represents a best practice for securing router configurations?* a. Allow remote configuration for dynamic installation in case of an emergency. b. Store the router configuration on a public network for easy access in case of an emergency. c. Store the router configuration on a USB drive for compact storage. d. Perform changes in the router configuration from the console.

d. *Perform changes in the router configuration from the console.* The configuration of the router should be performed from the console and not a remote location. This configuration can then be stored on a secure network drive as a backup and not on a laptop or USB flash drive.

*What type of virus is able to regenerate itself if a single element of its infection is not removed from a compromised system?* a. Polymorphic b. Armored c. Retro d. Phage

d. *Phage* A phage virus is able to regenerate itself from any of its remaining parts.

Educating and Protecting the User *What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request?*

d. *Phishing* Phishing is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request.

Threats and Vulnerabilities *A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns on his computer. A static IP address has been assigned to this user's computer, and you're certain this address was not inadvertently assigned to another computer. Which type of attack is most likely underway?*

d. *TCP/IP hijacking* One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP address when the system is started.

What is the proper life cycle of evidence steps?

collection, analysis, storage, court presentation, and return to owner

Which security concept ensures that data is protected from being accessed by unauthorized persons?

confidentiality

What are the two advantages of single sign-on (SSO)?

convenience and centralized administration

What is an IV attack?

cracking the WEP secret key using the initialization vector (IV)

*Consider a building with a value of $10,000,000 (AV) of which 75 percent of it is likely to be destroyed by a tornado (EF). The SLE is _______________.* a. $7,500 b. $75,000 c. $750,000 d. $7,500,000

d. *$7,500,000* Consider a building with a value of $10,000,000 (AV) of which 75 percent of it is likely to be destroyed by a tornado (EF). The SLE would be calculated as follows: $7,500,000 = $10,000,000 x 0.75

*Which port does the Post Office Protocol v3 (POP3) use?* a. 22 b. 25 c. 80 d. 110

d. *110* The Post Office Protocol v3 (POP3) uses port 110.

*An Internet Protocol version 4 (IPv4) address is _______________ in length.* a. 64 bits b. 64 bytes c. 32 bytes d. 32 bits

d. *32 bits* An Internet Protocol version 4 (IPv4) address is 32 bits in length, providing about 4.3 billion possible IP address combinations. This no longer is sufficient for the number of devices that are being connected to the Internet.

*Which port does the Microsoft Terminal Server use?* a. 53 b. 143 c. 443 d. 3389

d. *3389* The Microsoft Terminal Server uses port 3389.

*Which of the following is a security control type that is not usually associated with or assigned to a security guard?* a. Preventive b. Detective c. Corrective d. Administrative

d. *Administrative* A security guard is not an administrative control. A security guard can be considered a preventive, detective, and/or corrective control.

*Which one of the following is an indication that a system might contain spyware?* a. The system is slow, especially when browsing the Internet. b. It takes a long time for the Windows desktop to come up. c. Clicking a link does nothing or goes to an unexpected website. d. All of the above.

d. *All of the above.* Each of these represents common symptoms of a computer that has had spyware installed.

*A _______________ functions as a separate network that rests outside the secure network perimeter.* a. gateway b. segment c. virtual private network (VPN) d. demilitarized zone (DMZ)

d. *demilitarized zone (DMZ)* In order to allow untrusted outside users access to resources such as web servers, most networks employ a demilitarized zone (DMZ). The DMZ functions as a separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.

*Limiting access to rooms in a building is a model of the information technology security principle of _______________.* a. job rotation b. mandatory vacations c. separation of duties d. least privilege

d. *least privilege* Limiting access to rooms in a building is a model of the information technology security principle of least privilege.

*In a(n) _______________ attack, a malformed ICMP ping that exceeds the size of an IP packet is sent to the victim's computer potentially causing the host to crash.* a. network discovery b. smurf c. ICMP redirect d. ping of death

d. *ping of death* In a ping of death attack, a malformed ICMP ping that exceeds the size of an IP packet is sent to the victim's computer. This can cause the host to crash.

*The _______________ approach to calculating risk attempts to create "hard" numbers associated with the risk of an element in a system by using historical data.* a. cumulative b. qualitative c. technical d. quantitative

d. *quantitative* The quantitative approach to calculating risk attempts to create "hard" numbers associated with the risk of an element in a system by using historical data.

*A(n) _______________ VPN, often used on mobile devices like laptops in which the VPN endpoint is actually software running on the device itself, offers the most flexibility in how network traffic is managed.* a. closed b. open c. hardware-based d. software-based

d. *software-based* Software-based VPNs, often used on mobile devices like laptops in which the VPN endpoint is actually software running on the device itself, offer the most flexibility in how network traffic is managed.

Network Security *A _______________ is a special type of firewall that looks at the applications using HTTP.* a. network intrusion detection system (NIDS) b. network intrusion prevention system (NIPS) c. spam filter d. web application firewall

d. *web application firewall* A Web application firewall is a special type of firewall that looks at the applications using HTTP.

Which term refers to the assurance that data has not been altered in transmission?

data integrity

Educating and Protecting the User *Which of the following actions would not be allowed in the Bell-LaPadula model?*

d. *General with Top Secret clearance writing at the Confidential level* The first three actions would be allowed since you can write to your level and read at your level (or below). The situation that would not be allowed is the General with Top Secret clearance writing at the Confidential level.

Protecting Networks *Which IDS system uses algorithms to analyze the traffic passing through the network?*

d. *Heuristic* A heuristic system uses algorithms to analyze the traffic passing through the network.

Security-Related Policies and Procedures *Which policies define how individuals are brought into an organization?* a. Service policies b. Continuity policies c. Pay policies d. Hiring policies

d. *Hiring policies* Hiring policies define how individuals are brought into an organization. They also establish the process used to screen prospective employees for openings.

Which type of attack is characterized by an attacker who takes over the session of an already authenticated user?

hijacking

What is the term for a server that has been configured specifically to distract an attacker from production systems?

honeypot

Which type of IDS detects attacks on individual devices?

host intrusion detection system (HIDS)

What does the acronym HIDS denote?

host-based intrusion detection system

What ensures that a user is who he claims to be?

identification

Where is information on cancelled certificates retained?

in the certificate revocation list (CRL)

*Which type of risk control may include using video surveillance systems and barricades to limit access to secure sites?* a. Technical b. System c. Management d. Operational

d. *Operational* Operational risk control types may include using video surveillance systems and barricades to limit access to secure sites.

What is the name of the group of people appointed to respond to security incidents?

incident response team

Which three security features does Authentication Header (AH) provide?

integrity, authentication, and anti-replay service

Which type of system identifies suspicious patterns that may indicate a network or system attack?

intrusion detection system (IDS)

What are the two types of eye scans?

iris scans and retinal scans

Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?

>>CHAP PAP EAP Certificates

WiMAX is an implementation of which IEEE committee?

802.16

Which of the following is the strongest form of multi-factor authentication

A password, a biometric scan, and a token device

What is the most important aspect of a biometric device?

Accuracy

Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow

What is a trusted OS?

An operating system that provides support for multilevel security

To help prevent browser attacks, users of public computers should do which of the following?

Clear the browser cache.

A PKI is an implementation for managing which type of encryption? A.)Symmetric B.)Hashing C.)Steganography D.)Asymmetric

D

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission? A.)Sender's private key B.)Receiver's private key C.) Receiver's public key D.)Sender's public key

D

Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smart cards to gain entry? O Use weight scales O Deploy a mantrap O use key locks rather than electronic locks O Install security cameras

Deploy a mantrap

What is the purpose of audit trails?

Detect security-violating events

What is the most common means of virus distribution?

Email

Which of the following features are supplied by WPA2 on a wireless network?

Encryption

Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment ● Every aspect ● Personnel and policies ● IT hardware and software

Every aspect

Which protocol does the Enterprise mode of WPA and WPA2 use for authentication?

Extensible Authentication Protocol (EAP)

Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?

Extranet

Which type of fire suppression system is the safest for both computer equipment and personnel: FM-200 or Carbon Dioxide?

FM-200

Which of the following is likely to be located in a DMZ?

FTP Server

You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS devices?

False negative Positive Negative False Positive

Match the virtualization feature on the right with the appropriate description on the left.

Flexibility >>Moving virtual machines between hypervisor hosts Testing >>Verifying that security controls are working as designed Server consolidation >>Performing a physical-to-virtual migration (P2V) Sandboxing >>Isolation a virtual machine from the physical network

Which of the following is not an accepted countermeasure to strengthen a cryptosystem? ● Implement long key spaces ● Keep the cryptosystem a secret ● Implement strong systems with redundant encipherment ● use strong passwords

Keep the cryptosystem a secret

Which authentication protocol uses tickets to authenticate users?

Kerberos

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Land attack

When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?

Land attack

What does the acronym L2TP denote?

Layer 2 Tunneling Protocol

Which type of attack can turn a switch into a hub?

MAC flooding

According to CompTIA's Security+ examination blueprint, what are the four listed network security techniques for mitigation and deterrence?

MAC limiting and filtering, 802.1x, disabling unused interfaces and unused application service ports, and rogue machine detection

RADIUS is primarily used for what purpose?

Managing RAID fault-tolerant drive configurations >>Authenticating remote clients before access to the network is granted Controlling entry gate access using proximity sensors Managing access to a network over a VPN

Which access control model is based on multilevel security where objects are assigned a security classification and subjects are granted a security clearance which allows them to access objects at or below that security classification?

Mandatory Access Control (MAC)

Which type of access control is most suitable or top-secret information?

Mandatory access control (MAC)

Physical and Hardware-Based Security *Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access?*

Mantrap* High-security installations use a type of intermediate access control mechanism called a mantrap. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed in number because it allows only one or two people into the facility at a time.

When recovering from a disaster, which services should you stabilize first? ● Outside communications ● Mission-critical ● Financial support ● Least business-critical

Mission-critical

Most mobile device management (MOM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate. ● Wi-Fi triangulation ● Cell phone tower triangulation ● IP address resolution ● GPS

Most accurate ● GPS More accurate ● Wi-Fi triangulation Less accurate ● Cell phone tower triangulation Least accurate ● IP address resolution

Which of the following best describes one-factor authentication?

Multiple authentication credentials may be required, but they are all of the same type.

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for all traffic between devices. You woud like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. What solution should you implement?

Network-based IDS VPN concentrator Port scanner Protocol analyzer >>Host-based IDS

Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network-based firewall

When is a BCP or DRP design and development actually completed? ● Only after testing and drilling ● Once senior management approves ● Only after implementation and distribution ● Never

Never

Can an expired digital certificate be renewed?

No

You want to check a server for user accounts that have weak passwords. Which tool should you use?

OVAL Retina >>John the Ripper Nessus

Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building?

Place access points above where most clients are.

Which authentication protocol is an open standard: TACACS+ or RADIUS?

RADIUS

Which of the following is a snap-in that allows you to apply a template or compare a template to the existing security settings on your computer?

The Security Configuration and Analysis snap-in

You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack? (Select two.)

The system will be unavailable to respond to legitimate requests. The threat agent will obtain information about open ports on the system.

Which of the following best describes an audit daemon?

The trusted utility that runs a background process whenever auditing is enabled

What is the purpose of filters on a Web server?

They limit the traffic that is allowed through.

Which of the following is not true regarding cookies?

They operate within a security sandbox

Based on the VLAN configuration shown in the diagram above, which of the following is not true?

This configuration create two broadcast domains. VLAN1 and VLAN2 are separate broadcast domains FastEthernet ports 0/1 and 0/2 are members of VLAN1. FastEthernet ports 0/3 and 0/4 are members of VLAN2. >>Workstations in VLAN1 are able to communicate with workstations in VLAN2 because they are connected to the same physical switch. VLAN1 is one of the default VLANs on the switch. VLAN2 had to be manuallt configured

Drag the software-defines networking (SDN) layer on the left to the appropriate function on the right.

This layer receives its requests from the application layer >>Control Layer This layer is known as the infrastructure layer >>Physical layer This layer communicates with the control layer through what's called the northbound interface >>Application layer This layer provides the physical later with config and instructions >>Control layer On this layer, individual networking devices use southbound APIs to communicate with the control plane. >>Physical layer

Purchasing insurance is what type of response to risk? ● Transference ● Deployment of a countermeasure ● Acceptance ● Rejection

Transference

Which of the following activities are considered passive in regards to the function of an intrusion detection system?

Transmitting FIN or RES packets to an external host >>Monitoring the audit trails on a server >>Listening to network traffic Disconnecting a port being used by a zombie

Which type of cipher changes the position of the characters in a plain text message? O Substitution O Transposition O Steam O Block

Transposition

Which implementation of the File Transfer Protocol (FTP) provides the least security?

Trivial File Transfer Protocol (TFTP)

Which two chips are used to implement hardware-based encryption?

Trusted Platform Module (TPM) and Hardware Security Module (HSM) chips

Which is the best countermeasure for someone attempting to view your network traffic?

VPN

Which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?

Wi-Fi Protected Access IIversion 2 (WPA2) with CCMP

What is a VPN concentrator?

a device that creates a virtual private network (VPN)

Which PKI object do you use to verify that a user sending a message is who he or she claims to be?

a digital certificate

What is most commonly used to provide proof of a message's origin?

a digital signature

Which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?

a distributed DoS (DDoS) attack

What does the acronym ACL denote?

access control list

Who is responsible for most security incidents in an organization?

employees

Which type of access control is the multi-level security mechanism used by the Department of Defense (DoD)?

mandatory access control (MAC)

Which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?

isolation mode

Why is password disclosure a significant security issue in a single sign-on network?

it could compromise the entire system because authentication grants access to ANY systems on the network to which the actual user may have permission.

What does the acronym KDC denote?

key distribution center

Which term is used when the amount of work that a computer has to do is divided between two or more computers so that more work is performed in the same amount of time?

load balancing

What does the acronym RBAC denote?

role-based access control

Which principle ensures that users are given the most restrictive user rights to complete their authorized job duties?

the principle of least privilege

What is the purpose of a file's MD5 hash value?

to verify file integrity

What is the purpose of physical controls?

to work with administrative and technical controls to enforce physical access control

What is pharming?

traffic redirection to a Web site that looks identical to the intended Web site

Does Pretty Good Privacy (PGP) provide confidentiality?

yes

According to CompTIA's Security+ examination blueprint, what are the four types of logs that you should monitor for mitigation and deterrence?

event logs, audit logs, security logs, and access logs

What is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?

false positive

According to CompTIA's Security+ examination blueprint, what are the eight listed controls to provide safety?

fencing, lighting, locks, CCTV, escape plans, drills, escape routes, and testing controls

Which fire suppression method, formerly used to suppress fires involving electrical equipment or liquids, has been discontinued?

halon gas

What is the name for the array where hashed items are kept?

hash table

What is the term for the process that applies one-way communication function called a mesaage digest to an arbitrary amount of data?

hashing

According to CompTIA's Security+ examination blueprint, what are the four listed controls to provide integrity?

hashing, digital signatures, certificates, and non-repudiation

Which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?

heuristic

What is the name for a fix that addresses a specific Windows system problem or set of problems?

hotfix

In which type of attack is a user connected to a different Web server than the one intended by the user?

hyperlink spoofing attack

What is the greatest security risk of instant messaging?

impersonation

In a secure network, what should be the default permission position?

implicit deny

Where should you physically store mobile devices to prevent theft?

in a locked cabinet or safe

In which location should all changes made to your organization's network and computers be listed?

in the change management system

According to CompTIA's Security+ examination blueprint, what are the three listed security posture techniques for mitigation and deterrence?

initial baseline configuration, continuous security monitoring, and remediation

Which element of the CIA triad ensures that data transferred is not altered?

integrity

Which type of cryptography is more secure: symmetric or asymmetric?

asymmetric

What is another name for public-key encryption?

asymmetric encryption

Which ports does LDAP (Lightweight Directory Access Protocol) use by default?

110 >>639 69 161 >>389

What is the size, in bits, of a Message Digest version 5 (MD5) hash?

128

What is the length of an IDEA key?

128 bits

What bit length is the hash value provided by the Message Digest 2, (MD2), MD4, and MD5 algorithms?

128-bit

Measuring and Weighing Risk *Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more?*

*Least privilege* The principle of least privilege should be used when assigning permissions. Give users only the permissions they need to do their work and no more.

You want to close all ports associated with NetBIOS on your network firewalls to prevent attacks directed against NetBIOS. Which ports should you close?

135. 137-139

What bit length is the hash value provided by the Secure Hash Algorithm (SHA)?

160-bit

Cryptography Implementation *Public Key Infrastructure (PKI) is a first attempt to provide all the aspects of security to messages and transactions that have been previously discussed. It contains four components including:*

*Certificate Authority (CA), Registration Authority (RA), RSA, and digital certificates* Public Key Infrastructure (PKI) contains four components: certificate authority (CA), registration authority (RA), RSA, and digital certificates.

Measuring and Weighing Risk *Which of the following is the structured approach that is followed to secure the company's assets?*

*Change management* Change management is the structured approach that is followed to secure the company's assets.

*Which of the following is not true in regards to NoSQL?*

*It is a relational database* NoSQL is not a relational database structure. NoSQL can support SQL expressions, supports hierarchies or multilevel nesting/referencing, and does not support ACID.

What should you do to ensure that a wireless access point signal does not extend beyond its needed range?

Reduce the power levels.

Cryptography Implementation *Key management includes all of the following stages/areas except:*

*Key locking* Key management includes centralized versus decentralized key generation, key storage and distribution, key escrow, and key expiration. Key locking is not a part of key management.

What is the primary concern of RAID?

Redundant Array of Inexpensive Disks (RAID) is concerned with availability

Measuring and Weighing Risk *Consider the following scenario: The asset value of your company's primary servers is $2 million and they are housed in a single office building in Anderson, Indiana. You have field offices scattered throughout the United States, so the servers in the main office account for approximately half the business. Tornados in this part of the country are not uncommon, and it is estimated one will level the building every 60 years.* *Which of the following is the SLE for this scenario?*

*$1 million* SLE (single loss expectancy) is equal to asset value (AV) times exposure factor (EF). In this case, asset value is $2 million and exposure factor is 1/2.

Measuring and Weighing Risk *Refer to the scenario in question 2. Which of the following is the ALE for this scenario?*

*$16,666.67* ALE (annual loss expectancy) is equal to SLE times the annualized rate of occurrence. In this case, SLE is $1 million and the ARO is 1/60.

Measuring and Weighing Risk *If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is:*

*$40,000* If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is $40,000 ($4,000 × 10).

Measuring and Weighing Risk *If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE?*

*$6,250* If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then the ALE is $6,250 ($25,000 × .25).

Measuring and Weighing Risk *Refer to the scenario in question 2. Which of the following is the ARO for this scenario?*

*0.0167* ARO (annualized rate of occurrence) is the frequency (in number of years) the event can be expected to happen. In this case, ARO is 1/60 or 0.0167.

Infrastructure and Connectivity *Which ports are, by default, reserved for use by FTP? (Choose all that apply.)*

*20 and 21 TCP* FTP uses TCP ports 20 and 21. FTP does not use UDP ports.

Infrastructure and Connectivity *How many bits are used for addressing with IPv4 and IPv6, respectively?*

*32, 128* IPv4 uses 32 bits for the host address, while IPv6 uses 128 bits for this.

Measuring and Weighing Risk *Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware?*

*Acceptable use* The acceptable use policies describe how the employees in an organization can use company systems and resources, both software and hardware.

*Diffie-Hellman is what type of cryptographic system?*

*Asymmetric* Diffie-Hellman is an asymmetric cryptographic system. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric cryptography. Message Digest 5 (MD5) and Secure Hash Algorithm version 1 (SHA-1) are examples of hashing. Certificate authorities issue certificates based on an implemented Public Key Infrastructure (PKI) solution.

Measuring and Weighing Risk *The risk-assessment component, in conjunction with the ________, provides the organization with an accurate picture of the situation facing it.*

*BIA* The risk-assessment component, in conjunction with the BIA (Business Impact Analysis), provides the organization with an accurate picture of the situation facing it.

*From a private corporate perspective, which of the following is most secure?*

*Centralized key management* Centralized key management is more secure, or at least more desirable, from a private corporate perspective. From a public or individual perspective, decentralized key management is more secure. Individual and distributed key management are nonstandard terms that could be used to refer to decentralized key management.

Which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server?

169.254.0.0 - 169.254.255.255

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a third-party security consultant to review your organization's security measures. She has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement closed-circuit TV (CCTV) surveillance cameras to prevent this from happening in the future. Click on the office locations where surveillance cameras would be most appropriate.

*Click on lobby entrance & networking closet*

Measuring and Weighing Risk *Separation of duties helps prevent an individual from embezzling money from a company. To successfully embezzle funds, an individual would need to recruit others to commit an act of ________ (an agreement between two or more parties established for the purpose of committing deception or fraud).*

*Collusion* Collusion is an agreement between two or more parties established for the purpose of committing deception or fraud. Collusion, when part of a crime, is also a criminal act in and of itself.

*The security service that protects the secrecy of data, information, or resources is known as what?*

*Confidentiality* The security service that protects the secrecy of data, information, or resources is known as confidentiality. Integrity protects the reliability and correctness of data. Authentication verifies the identity of the sender or receiver of a message. Non-repudiation prevents the sender of a message or the perpetrator of an activity from being able to deny that they sent the message or performed the activity.

Cryptography Implementation *Which of the following is not one of the four main types of trust models used with PKI?*

*Custom* The four main types of trust models used with PKI are hierarchical, bridge, mesh, and hybrid. Custom is not one of the main PKI trust models.

*Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?* a. Intranet b. DMZ c. Extranet d. Switch

*DMZ* A DMZ provides a network segment where publicly accessible servers can be deployed without compromising the security of the private network.

*Which of the following is most directly associated with providing or supporting perfect forward secrecy?*

*ECDHE* Elliptic Curve Diffie-Hellman Ephemeral or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE) implements perfect forward secrecy through the use of elliptic curve cryptography (ECC). PBKDF2 is an example of a key-stretching technology not directly supporting perfect forward secrecy. HMAC is a hashing function. OCSP is used to check for certificate revocation.

Measuring and Weighing Risk *Which of the following policy statements may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact?*

*Exception* The exception policy statement may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact.

Cryptography Implementation *Certificate revocation is the process of revoking a certificate before it:*

*Expires* Certificate revocation is the process of revoking a certificate before it expires.

Measuring and Weighing Risk *What is the term used for events that mistakenly were flagged and aren't truly events to be concerned with?*

*False positives* False positives are events that mistakenly were flagged and aren't truly events to be concerned with.

Cryptography Implementation *A registration authority (RA) can do all the following except:*

*Give recommendations* A registration authority (RA) can distribute keys, accept registrations for the CA, and validate identities. It cannot give recommendations.

Measuring and Weighing Risk *You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task?*

*Guidelines* Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards.

Infrastructure and Connectivity *Which protocol is primarily used for network maintenance and destination information?*

*ICMP* ICMP is used for destination and error reporting functions in TCP/IP. ICMP is routable and is used by programs such as Ping and Traceroute.

Infrastructure and Connectivity *You're the administrator for Mercury Technical. A check of protocols in use on your server brings up one that you weren't aware was in use; you suspect that someone in HR is using it to send messages to multiple recipients. Which of the following protocols is used for group messages or multicast messaging?*

*IGMP* IGMP is used for group messaging and multicasting. IGMP maintains a list of systems that belong to a message group. When a message is sent to a particular group, each system receives an individual copy.

Infrastructure and Connectivity *You're explaining protocols to a junior administrator shortly before you leave for vacation. The topic of Internet mail applications comes up, and you explain how communications are done now as well as how you expect them to be done in the future. Which of the following protocols is becoming the newest standard for Internet mail applications?*

*IMAP* IMAP is becoming the most popular standard for email clients and is replacing POP protocols for mail systems. IMAP allows mail to be forwarded and stored in information areas called stores.

Infrastructure and Connectivity *You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security?*

*IPSec* IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.

Cryptography Implementation *Key destruction is the process of destroying keys that have become:*

*Invalid* Key destruction is the process of destroying keys that have become invalid.

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?

>>TACACS+ 802.1x EAP AAA >>RADIUS PKI

Infrastructure and Connectivity *Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—and used to shift a load from one device to another?*

*Load balancer* A load balancer can be implemented as a software or hardware solution, and is usually associated with a device—a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another.

*Which of the following is not a benefit of single sign-on?*

*More granular access control* Single sign-on doesn't address access control and therefore doesn't provide granular or nongranular access control. Single sign-on provides the benefits of the ability to browse multiple systems, fewer credentials to memorize, and the use of stronger passwords.

*The most commonly overlooked aspect of mobile phone eavesdropping is related to _____.*

*Overhearing conversations* The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networking, storage device encryption, and screen locks.

Infrastructure and Connectivity *Which device is used to connect voice, data, pagers, networks, and almost any other conceivable application into a single telecommunications system?*

*PBX* Many modern PBX (private branch exchange) systems integrate voice and data onto a single data connection to your phone service provider. In some cases, this allows an overall reduction in cost of operations. These connections are made using existing network connections such as a T1 or T3 network.

Protecting Networks *In order for network monitoring to work properly, you need a PC and a network card running in what mode?*

*Promiscuous* In order for network monitoring to work properly, you need a PC and a network card running in promiscuous mode.

*When a subject or end user requests a certificate, they must provide which of the following items? (Choose all that apply.)*

*Proof of identity* *A public key* Proof of identity and the subject's public key must be provided to the CA when the subject requests a certificate. The private key should never be revealed to anyone, not even the CA. A hardware storage device is used after a key or certificate has been issued, not as part of the requesting process.

Measuring and Weighing Risk *Which of the following strategies involves sharing some of the burden of the risk with someone else such as an insurance company?*

*Risk transference* Risk transference involves sharing some of the burden of the risk with someone else such as an insurance company.

Infrastructure and Connectivity *Which of the following devices is the most capable of providing infrastructure security?*

*Router* Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened.

Infrastructure and Connectivity *Which of the following are multiport devices that improve network efficiency?*

*Switches* Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network.

Cryptography Implementation *The mesh trust model is also known as what?*

*Web structure* The mesh trust model is also known as a web structure.

Protecting Networks *Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on?*

*Whatis* In Linux, the whatis utility can show if there is more than one set of documentation on the system for a command you are trying to find information on.

Security and Vulnerability in the Network *In which type of testing do you begin with the premise that the attacker has inside knowledge of the network?*

*White box* With white box testing, you begin with the premise that the attacker has inside knowledge of the network.

Which Linux file contains encrypted user passwords that only the root user can read?

/etc/shadow

You've been given an assignment to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment? (Select two.)

1) Disable anonymous access 2) Implement an application-layer protocol to encrypt data prior to saving it in the database

You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an open source NoSQL database from the internet and installed it on a test system in a isolated lab environment. Which of the following are likely to be true about this test system? (Select two.)

1) The database admin user has no password assigned. 2) Data is stored in the database in an unencrypted format.

Arrange the Group Policy Objects (GPOs) in the order in which they are applied

1. The local group policy on the computer 2. GPOs linked to the domain that contains the user or computer object 3. GPOs linked to the organizational unit that contains the object

What are the steps in the business continuity planning process?

1. Develop the business continuity planning policy statement. 2. Conduct the business impact analysis (BIA). 3. Identify preventative controls. 4. Develop the recovery strategies. 5. Develop the contingency plans. 6. Test the plan, and train the users. 7. Maintain the plan.

Which of the following ports does FTP use to establish sessions and manage traffic?

20, 21

To transfer files to your company's internal network from home, you use FTP. The admin has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now you can no longer make an FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (select two)

21 20

Which of the following ports are used with TACACS?

22 >>49 50 and 51 1812 and 1813 3389

You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized Rate of Occurrence = .25 What is the Single Loss Expectancy (SLE)? ● 100 ● 300 ● 475 ● 30000

300

To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?

443

You want to deploy SSL to protect authentication traffic with your LDAP-based directory services. Which port does this action use?

60 80 389 443 >>636 2208

You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized rate of occurrence What is the Annualized Loss Expectancy (ALE)? ● 25 ● 75 ● 100 ● 175 ● 475

75

Which Ethernet standard uses a wireless access point with a Remote Authentication Dial-In User Service (RADIUS) server to authenticate wireless users?

802.1x

Which of the following specifications identify security that can be added to wireless networks? (Select two.)

802.1x 802.11i

You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be part of your design? (Select two.)

802.1x AES encryption

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. What feature prevents switching loops and ensures there is only a single active path between any two switches?

802.1x >>Spanning tree Trunking PoE Bonding

You want to increase the security of your network by allowing only authenticated users to access network devices through a switch. Which of the following should you implement?

>>802.1x Port Security IPsec Spanning tree

Which of the following is an appropriate definition of a VLAN?

>>A logical grouping of devices based on service need, protocol, or other criteria. A device used to filter WAN traffic A device used to route traffic between separate networks A physical collection of devices that belong together and are connected to the same wire of physical switch.

A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?

>>Botnet Trojan Spyware Logic bomb

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a password of password. What should you do to increase the security of this device?

>>Change the default admin user name and password Use TFTP to back up the router config to a remote location Use a web browser to access the router configuration using an HTTP connection >>Use an SSH client to access the router config Use encrypted type 7 passwords

What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?

>>Peer-to-peer networking Real-time communication Transfer of text and files Freely available for use

CHAP preforms which of the following security functions?

>>Periodically verifies the identity of a peer using a three-way handshake Links remote systems together Protects user names Allows the use of biometric devices

You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the router config to a remote location in an encrypted file. You access the router config from your notebook computer by connecting it to the console port on the router. The web-based management interface uses the default user name of *cusadmin* and a password of *highspeed*. What should you do to increase the security of the device?

>>Change the user name and create a more complex password Remove any backdoors that might have been created by a programmer Create a more complex password Change the username

Which of the following are preformed by the Microsoft Baseline Security Analyzer (MBSA) tool?

>>Check for open ports Analyze packets for evidence of an attack >>Check user accounts for weak passwords >>Check for missing patches Gather performance statistics for setting a baseline

You have a small network of devices connected using a switch. You want to capture the traffic that is sent form Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B.

>>Configure port mirroring Connect hosts A and B together on the same switch port through a hub Configure the default gateway addresses on hosts A and B with the IP address of Host C Manually set the MAC address of Host C to the MAC address of host A

You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an in-house application to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations. Currently, none of your testing virtual machines have a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates.

>>Connect the virtual network interfaces in the virtual machine to the virtual switch Disable the switch port the hypervisor's office is connected to Create a new virtual switch configured for host-only networking >>Create a new virtual switch configured for bridged (external) networking Create a new virtual switch configured for internal networking

Which of the following applications typically use 802.1x authentication?

>>Controlling access through a wireless access point Authentication remote access clients Authentication VPN users through the Internet Controlling access through a router >>Controlling access through a switch

You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating system versions and editions. Currently, all of your testing virtual machines are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent this, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do?

>>Create a new virtual switch configured for host-only (internal) networking Create MAC address filters on the network switch that block each virtual machine's virtual network interfaces Disconnect the network cable from the hypervisor's network interface Disable the switch port the hypervisor's office is connected to Create a new virtual switch configured for bridged (external) networking >>Connect the virtual network interfaces in the virtual machines to the virtual switch

Which protocol should you disable on the user access ports of a switch?

>>DTP PPTP TCP IPsec

You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system?

>>Definition Library Asset risk Repository Threat agent

You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware?

>>Educate users about malware >>Schedule regular full system scans Enable chassis intrusion detection Enable account lockout Disable UAC

Which of the following is a characteristics of TACACS+?

>>Encrypts the entire packet, not just authentication packets Requires that authentication and authorization are combined in a single server Supports only TCP/IP Uses UDP ports 1812 and 1813

Which of the following identifies an operating system or network service based upon it response to ICMP messages?

>>Fingerprinting Social engineering Port scanning Firewalking

Which of the following are characteristics of a rootkit?

>>Hides itself from detection Uses cookies saved o the hard drive to track user preferences >>Requires Admin-level privileges for installation Monitors user actions and opens pop-ups based on user preference

What do host based intrusion detection systems often rely upon to perform their detection activities?

>>Host system auditing capabilities Remote monitoring tools External sensors Network traffic

Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?

>>Hypervisor Virtual router Virtual switch Virtual firewall

Which of the following are security devices that perform stateful inspection of packet date and look for patterns that indicate malicious code?

>>IPS >>IDS ACL Firewall VPN

You have decided to perform a double-blind penetration test. Which of the following actions would you perform *first*

>>Inform senior management Perform operational reconnaissance Engage in social engineering Run system fingerprinting software

A security admin. needs to run a vulnerability scan that will analyze a system form the perspective of a hacker attacking the organization from the outside.

>>Non-credentialed scan Credentialed scan Networked mapping scan Port scan

You want to know what protocols are being used on your network. You'd like to monitor traffic and sort traffic based on protocol. Which tool should you use?

>>Packet sniffer IDS Throughput tester IPS Port scanner

You have opted to use software-defined networking (SDN) to manage, control, and make changes to your network. You want to be able to use software to configure and intelligently ocntrol the network rather than relying on the individual static config files that are located on each network device. SDN consists of three layers: Application layer Control layer Physical layer Which of the following describes what the SDN control layer does to networking devices that comprise the physical layer?

>>The control layer removes the control plane from networking devices and creates a single control plane This control layer interfaces with the control plane in each networking device and creates a virtual control plane. The control layer removes the control plane from networking devices and creates a virtual control plane for each device. The control layer uses southbound APIs to communicate with the control plane in each network device and creates a single control plane

Which of the following are required when implementing Kerberos for authentication and authorization?

>>Ticket granting server RADIUS or TACACS+ server >>Time synchronization PPPoE PPP

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote sever in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the user name *admin01* and the password *P@ssW0rd*. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?

>>Use SCP to back up the router config to a remote location Move the router to a secure data center. Use an SSH client to access the router config Use encrypted type 7 passwords

Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the most important aspect of maintaining network security against this type of attack?

>>User education and training Identifying a network baseline Network segmentation Identifying inherent vulnerabilities Documenting all network assets in your organization

What is the main difference between vulnerability scanning and penetration scanning?

>>Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside the security perimeter Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack a system Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing begins with no knowledge of the system.

You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?

>>Wireshark Nmap Nessus OVAL

Advanced cryptography includes various modes of operation. Choose the mode of operation for the description listed below: -Each cipher text block is fed back into the encryption and then crypts the next plaintext block. A.)Cipher Feedback Mode B.)Cipher Block Chaining Mode C.)Block Cipher Mode D.)Counter Mode E.)Output Feedback Mode

A

An SSL client has determined that the Certificate Authority (CA) issuing a server's certificate is on its list of trusted CA's. What is the net step in verifying the server's identify? A.)The CA's public key must validate the CA's digital signature on the server certificate. B.)The domain on the server certificate must match the CA's domain name. C.)The post-master secret must initiate subsequent communication. D.)The master secret is generated from common key code.

A

At the end of the cryptographic process, output is generated. With one type of output, simple character changes in the plaintext will cause several characters to change in the cipher text. What type of output is this? A.)Diffusion B.)Collision C.)Encryption D.)Hashing

A

Choose the cryptographic algorithm for the explanation listed below: -Generate two different yet mathematically related keys. A.)Asymmetric B.)Symmetric C.)Hashing

A

Choose the cryptographic algorithm for the explanation listed below: -The public key can only be used to encrypt information. A.)Asymmetric B.)Symmetric C.)Hashing

A

Choose the public key cryptography key management mechanism with the corresponding description listed below: -Implements the Diffie-Hellman key exchange protocol using elliptic curve cryptography. A.)ECDH B.)Ephemeral keys C.)Perfect forward secrecy D.)Static keys

A

Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with no need for the provider to have access to the stored data. You are implementing the following measures to secure your cloud storage: *Verifying that security controls are the same as in a physical data center. *Using data classification policies. *Assigning information into categories that determine storage, handling, and access requirements. *Assigning information classification based on information sensitivity and criticality. Which of the following is another security measure you can implement? A.)Disposing of data when it is no longer needed by using specialized tools. B.)Configuring distributed resource to act as one in a federated architecture. C.)Configuring redundancy and distribution of data. D.)Creating versioned copies of your cloud data.

A

How many keys are used with symmetric key cryptography? A.)One B.)Two C.)Four D.)Five

A

Many organizations use the Information Security Classification Framework, which uses the following classifications: *High *Medium *Low Choose the sensitivity classification for the description listed: -Could cause operational harm such as loss of confidence or damage to reputation. A.)Medium B.)Low C.)High

A

Many organizations use the Information Security Classification Framework, which uses the following classifications: *High *Medium *Low Choose the sensitivity classification for the description listed: -Could cause personal hardship or embarrassment. A.)Medium B.)Low C.)High

A

Mary wants to send a message to Sam so that only Sam can read it. Which key would be used to encrypt the message? A.)Sam's public key B.)Sam's private key C.)Mary's public key

A

Select the symmetric key distribution mechanism for the description listed below: -The sender's key is sent to a recipient using a Diffie-Hellman key exchange. A.)In-band distribution B.)Out-of-band distribution

A

Select the symmetric key distribution mechanism for the description listed below: -The sender's key is sent to the recipient using public key cryptography. A.)In-band distribution B.)Out-of-band distribution

A

What is the primary security feature that can be designed into a network's infrastructure to protect and support availability? A.)Redundancy B.)Switches instead of hubs C.)Fiber optic cables D.)Periodic backups

A

When should a hardware device be replaced in order to minimize downtime? A.)Just before it's MTBF is reached B.)Once every year C.)Only after its first failure D.)When its performance drops below 75% efficiency

A

Which aspect of a certificate makes it a reliable and useful mechanism for proving the identity of a person, system, or service on the internet? A.)It is a trusted third-party B.)It provides ease if use. C.)It use electronic signature D.)It is a digital mechanism, rather than a physical one.

A

Which form of alternate site is the cheapest, but may not allow an organization to recover before reaching their maximum tolerable downtime? A.)Reciprocal agreement B.)Warm site C.)Service bureau D.)Hot site

A

Which form of cryptanalysis focuses on weaknesses in software, the protocol, or the encryption algorithm? A.)Implementation attack B.)Statistical attack C.)Analytic attack D.)Ciphertext only attack

A

Which of the following is a direct protection of integrity? A.)Digital signature B.)Digital envelope C.)Asymmetric encryption D.)Symmetric encryption

A

Which of the following is a secure alternative to FTP that uses SSL for encryption? A.)FTPS B.)RCP C.)SCP D.)SFTP

A

Which of the following is an entity that accepts and validates information contained within a request for a certificate? A.)Registration authority B.)Recovery agent C.)Enrollment agent D.)Certificate authority

A

Which of the following is considered an out-of-band distribution method for private key encryption? A.)Copying the key to a USB drive B.)Using a key distribution algorithm C.)Sending a secured email D.)Using a private fiber network

A

Which of the following is the most frequently used symmetric key stream cipher? A.)Ron's Cipher v4 (RC4) B.)Advanced Encryption Standard (AES) C.)Blowfish D.)Ron's Cipher v2 (RC2)

A

Which of the following is the strongest hashing algorithm? A.)SHA-1 B.)MD5 C.)NTLM D.)LANMAN

A

Which of the following is the weakest hashing algorithm? A.)MD5 B.)DES C.)AES D.)SHA-1

A

Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic? A.)IPsec B.)TCP C.)SSL D.)L2TP

A

Which of the following security solutions would prevent a user from reading a file that she did not create? A.)EFS B.)BitLocker C.)IPsec D.)VPN

A

Which protocol does HTTPS use to offer greater security in web transactions? A.)SSL B.)User name and password authentication C.)IPsec D.)Kerberos

A

Why are brute force attacks always successful? A.)They test every possible valid combination. B.)They are platform independent. C.)They can be performed in a distributed parallel processing environment. D.)They are fast.

A

You manage a server that runs your company website. The web server has reached it capacity, and the number of client requests is greater than the server can handle. You would like to find a solution so that a second server can respond to requests for website content. Which solution should you implement? A.)Load balancing B.)QoS C.)Traffic shaper D.)Ethernet bonding

A

Your network performs a full backup every night. Each Sunday, the previous night's backup tape is archived. On a Wednesday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data? A.)1 B.)2 C.)3 D.)4 E.)5 F.)6

A

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. Which system components are encrypted in this scenario? (Select two.) A.)C:\ volume B.)Master boot record C.)BIOS D.)Optical media E.)System partition

A and B

Which of the following protocols can TLS use for key exchange? (Select two.) A.)RSA B.)IKE C.)Diffie-Hellman D.)ECC E.)KEA

A and C

IPsec is implemented through two separate protocols. What are these protocols called? (Select two.) A.)AH B.)L2TP C.)EPS D.)SSL E.)ESP

A and E

What is a service level agreement (SLA)? ● A contract with a legal entity to limit your asset loss liability ● A guarantee of a specific level of service ● A contract with an ISP for a specific level of bandwidth ● An agreement to support another company in the event of a disaster

A guarantee of a specific level of service

Smart devices are attractive targets for cyber criminals because they typically have minimal security and are not protected with anti-malware software. This makes it easier to exploit these types of devices and perpetrate attacks. Many smart devices can be utilized to conduct a single coordinated attack. What is this type of attack usually called?

A highly distributed attack

Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement?

A mobile device management infrastructure

Drag the Active Directory on the left to the appropriate description on the right.

A server that holds a copy of the Active Directory database that can be written to. --> Domain Controller A folder that subdivides and organizes network resources within a domain. --> Organizational Unit An administratively-defined collection of network resources that share a common directory database and security policies. --> Domain A computing element that identifies resources in the Active Directory database. --> Objects

Which of the following is an example of an internal threat? O A server back door allows an attacker on the internet to gain access to the intranet site. O A water pipe in the server room breaks. O A delivery man is able to walk into a controlled area and steal a laptop. O A user accidentally deletes the new product designs.

A user accidentally deletes the new product design

Which of the following is the best example of remote access authentication?

A user connects to a computer on the LAN using Remote Desktop A user logs on to an e-commerce site that use SSL. >>A user establishes a dial-up connection to a server to gain access to shared resources. A user accesses a shared folder on a server

Which of the following statements about virtual networks is true?

A virtual network is dependent on the configuration and physical hardware of the host operating system Multiple virtual networks can be associated with a single physical network adapter

What is the main difference between a worm and a virus?

A worm is restricted to one system, while a virus can spread from system to system. >>A worm can replicate itself, while a virus requires a host for distribution A worm requires an execution mechanism to start, while a virus can start itself A worm tries to gather info, while a virus tries to destroy data

You are designing a wireless network implementation for a small business. The business deals with sensitive customer information, so data emanation must be reduced as much as possible. The floor plan of the office is shown below. Match each type of access point antenna on the left with the appropriate location on the floor plan on the right. Each antenna type can be used once, more than once, or not at all.

A= Directional B= Directional C=Omnidirectional D= Directional E= Directional F= Directional G= Directional

A SYN attack or SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

Which of the following are typically used for encrypting data on a wireless network? (Select two.)

AES TKIP

Drag the description on the left to the appropriate switch attack type shown on the right.

ARP Spoofing/Poisoning >>The source device sends frames to the attacker's MAC address instead of the correct devises. Dynamic Trunking Protocol >>Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. MAC Flooding >>Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called fail open mode. MAC Spoofing >>Can be used to hide the identity of the attacker's computer or impersonate another device on the network.

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP poisoning

Which of the following advantages can single sign-on (SSO) provide? (Select two.)

Access to all authorized resources with a single instance of authentication. The elimination of multiple user accounts and passwords for each individual.

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?

Access token

You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder.Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do?

Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do to help reduce problems? O Add a de-humidifier to the server room O Add line conditioners in the server room O Add a humidifier to the server room O Add a separate A/C unit in the server room

Add a separate A/C unit in the server room

You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl.You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do?

Add kenyan.msn.pl to the email blacklist

Which of the following strategies can protect against a rainbow table password attack?

Add random bits to the password before hashing takes place

You manage several Windows systems. Desktop users access in-house application that is hosted on your intranet web server. When a user clicks a specific option in the application, they receive an error message that the pop-up was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?

Add the URL of the website to the Local intranet zone.

You manage several Windows systems. All computers are members of a domain. You use an internal website that uses Integrated Windows Authentication. You attempt to connect to the website and are prompted for authentication. You verify that your user account has permission to access the website. You need to ensure that you are automatically authenticated when you connect to the website. What should you do?

Add the internal website to the Local intranet zone.

What does the netstat -a command show?

All listening and non-listening sockets

You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records. Budget is an issue for your company. Which item would provide the best security for this situation?

All-in-one security appliance

You want to allow e-commerce websites that you visit to keep track of your browsing history for shopping cards and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?

Allow first party cookies, but block third-party cookies

Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is not a means by which file and printer sharing is hardened?

Allowing NetBIOS traffic outside of your secured network

Which of the following best describes the ping of death?

An ICMP packet that is larger than 65,536 bytes

Identify and label the following attacks by dragging the term on the left to the definition on the right. Not all terms are used. ● Vishing ● Piggybacking ● Spam ● Phishing ● Whaling ● Spear phishing ● Masquerading ● Spim ● Tailgating

An attacker convinces personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access. ● Masquerading An attacker pretending to be from a trusted organization sends emails to senior executives and high-profile personnel asking them to verify personal information or send money. ● Whaling Attackers use Voice over IP (VolP) to pretend to be from a trusted organization and ask victims to verify personal information or send money. ● Vishing Attackers send emails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money. ● Spear phishing Attackers send unwanted and unsolicited text messages to many people with the intent to sell products or services. ● Spim

You are investigating the use of website and URL content filtering to prevent users from visiting certain websites. Which benefits are the result of implementing this technology in your organization? (Choose two.)

An increase in bandwidth availability Enforcement of the organization's internet usage policy

When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?

An unauthorized user gaining access to sensitive resources

What is the average number of times that a specific risk is likely to be realized in a single year? ● Estimated maximum downtime ● Annualized rate of occurrence ● Exposure factor ● Annualized loss expectancy

Annualized rate of occurrence

Which of the following is the correct definition of a threat? O Absence or weakness of a safeguard that could be exploited O Any potential danger to the confidentiality, integrity, or availability of information or systems O Instance of exposure to losses from an attacker O The likelihood of an attack taking advantage of a vulnerability

Any potential danger to the confidentiality, integrity, or availability of information or systems

How often should change control management be implemented? ● Only when changes are made that affect senior management. ● Only when a production system is altered greatly. ● At regular intervals throughout the year. ● Any time a production system is altered.

Any time a production system is altered.

Which of the following firewall types can be a proxy between servers and clients? (Select two.)

Application layer firewall Circuit proxy filtering firewall

You provide internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?

Application level

Match the application-aware network device on the right with the appropriate description on the left. Each description may be used once, more than once, or not at all.

Application-aware proxy: - Improves application performance Application-aware firewall: - Enforces security rules based on the application that is generating network traffic instead of the traditional port and protocol Application-aware IDS: - Analyzes network packets to detect malicious payloads targeted at application-layer services

You want to use a vulnerability scanner to check a system for known security risks. What should you do first?

Apply all known patches to the system Inform senior management of your actions >>Update the scanner definition files Perform a port scan

Which of the following is the best recommendation for applying hotfixes to your servers?

Apply only the hotfixes that affect the software running on your systems

Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?

Auditing

What are the most common network traffic packets captured and used in a replay attack?

Authentication

Which of the following is the term for the process of validating a subject's identity?

Authentication

Which two security protocols does IP Security (IPSec) use?

Authentication Header (AH) and Encapsulating Security Payload (ESP)

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?

Authentication and authorization

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? ● Commitment ● Persuasive ● Authority ● Social validation

Authority

Which of the following solutions would you implement to eliminate switching loops?

Auto-duplex >>Spanning tree CSMA/CD Inter-vlan routing

What is the primary countermeasure to social engineering? ● Traffic filters ● Awareness ● Heavy management oversight ● A written security policy

Awareness

A birthday attack focuses on what? A.)E-commerce B.)Hashing algorithms C.)Encrypted files D.)VPN links

B

Many organizations use the Information Security Classification Framework, which uses the following classifications: *High *Medium *Low Choose the sensitivity classification for the description listed: -Could cause personal embarrassment or inconvenience. A.)Medium B.)Low C.)High

B

When is the best time to apply for a certificate renewal? A.)Immediately after a certificate is issued B.)Near the end of the certificate's valid lifetime C.)Just after a certificate expires D.)After a certificate has been revoked

B

A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state? A.)Restore the full backup and all incremental backups B.)Restore the full backup and the last differential backup C.)Restore the full backup and all differential backup D.)Restore the full backup and the last incremental backup

B

Advanced cryptography includes various modes of operation. Choose the mode of operation for the description listed below: -Each plaintext block is added to the previous cipher text block and then the result is encrypted with the key. A.)Cipher Feedback Mode B.)Cipher Block Chaining Mode C.)Block Cipher Mode D.)Counter Mode E.)Output Feedback Mode

B

Certificates revocation should occur under all but which of the following conditions? A.)The certificate owner has moved their websites to a new domain name B.)The certificate owner has held the certificates beyond the established lifetime timer C.)The certificate owner has changed their business name D.)The certificate owner has committed a crime while using the certificate

B

Choose the cryptographic algorithm for the explanation listed below: -Generates a single key that is used for both encryption and decryption. A.)Asymmetric B.)Symmetric C.)Hashing

B

Choose the cryptographic algorithm for the explanation listed below: -Only the private key can be used to decrypt information. A.)Asymmetric B.)Symmetric C.)Hashing

B

Choose the public key cryptography key management mechanism with the corresponding description listed below: -Exist only for the lifetime of a specific communication session A.)ECDH B.)Ephemeral keys C.)Perfect forward secrecy D.)Static keys

B

Hashing algorithms are used to preform what activity? A.)Encrypt bulk data for communications exchange B.)Create a message digest C.)Provide a means for exchanging small accounts of data securely over a public network D.)Provide for non-repudiation

B

If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition? A.)Statistical attack B.)Birthday attack C.)Adaptive chosen ciphertext attack D.)Meet-in-the-middle attack

B

In which type of attack does the attacker have access to both the plaintext and the resulting cipher text, but does not have the ability to encrypt the plain text? A.)Chosen cipher B.)Known plaintext C.)Brute force D.)Chosen plaintext

B

SSL (Secure Sockets Layer) operates at which layer of the OSI model? A.)Transport B.)Session C.)Presentation D.)Application

B

Select the recovery term for the definition listed below: -Identifies the length of time an organization can survive with a specified service, asset, or process down. A.)MTTF B.)MTD C.)MTTR D.)MTBF

B

Select the symmetric key distribution mechanism for the description listed below: -The sender's key is burned to a CD and handed to the recipient. A.)In-band distribution B.)Out-of-band distribution

B

Select the symmetric key distribution mechanism for the description listed below: -The sender's key is copied to a USB drive and handed to the recipient. A.)In-band distribution B.)Out-of-band distribution

B

The government and military use the following information classification system: *Unclassified *Sensitive but unclassified *Confidential *Secret *Top secret Choose the classification for the description listed below: -If this information is released, it poses grave consequences to national security. A.)Confidential B.)Top secret C.)Unclassified D.)Sensitive but unclassified E.)Secret

B

What form of cryptography is best suited for bulk encryption because it is so fast? A.)Asymmetric cryptography B.)Symmetric key cryptography C.)Public key cryptography D.)Hashing cryptography

B

What option is an advantage RAID 2 has over RAID 1? A.)Raid 5 provides redundancy; RAID 1 does not. B.)RAID 5 improves performance over RAID 1. C.)RAID 5 provides redundancy for the disk controller. D.)RAID 5 continues to operate with a failure in two disk; RAID 1 can only operate with a failure of one disk.

B

When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred? A.)Replay B.)Key clustering C.)Statistical D.)Analytic

B

Which of the following are backed up during an incremental backup? A.)Only files that have changed since the last full backup. B.)Only files that have changed since the last full or incremental backup. C.)Only file that are new since the last full or incremental backup. D.)Only files that have changed since the last full or differential backup.

B

Which of the following best describes a side-channel attack? A.)The attack exploits weakness in a cryptosystem, such as inability to produce random numbers or floating point errors. B.)The attack is based on information gained from the physical implementation of cryptosystem. C.)The attack targets the key containing a small data set. D.)The attack targets a weakness in the software, protocol, or encryption algorithm.

B

Which of the following is used to verify that a downloaded file has not been altered? A.)Private key B.)Hash C.)Asymmetric encryption D.)Symmetric encryption

B

You are purchasing a hard disk from an online retailer over the internet. What does your browser use to ensure that others cannot see your credit card number on the internet? A.)VPN B.)SSL C.)IPsec D.)PPTP

B

You have been asked to deploy a network solution that includes an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose? A.)HSTG B.)Hot spare C.)Hot site D.)Warm site E.)Cold site

B

You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5? A.)2 B.)3 C.)4 D.)5 E.)6

B

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot a change is detected in any of the boot files. What should you do? A.)Implement BitLocker without a TPM. B.)Implement BitLocker with a TPM. C.)Have each user encrypt the entire volume with EFS. D.)Have each user encrypt user files with EFS.

B

Your disaster recovery plan calls for tape backup stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you choose a method that uses the fewest tapes, but also allows you to quickly back up and restore files. Which backup strategy would best meet the disaster recovery plan for tape backups? A.)Perform a full backup each day of the week. B.)Perform a full backup once per week and a different backup the other days of the week. C.)Perform a full backup once per year and a differential backup for the rest of the days in the year. D.)Perform a full backup once per month and an incremental backup the other days of the month. E.)Perform a full backup once per week and an incremental backup the other days of the week.

B

Your network uses the following backup strategy: *Full backups every Sunday night *Differential backups Monday through Saturday nights On Thursday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data? A.)1 B.)2 C.)3 D.)4 E.)5

B

Your organization uses the following tape rotation strategy for its backup tapes: 1. The first set of tapes is used for daily backups. 2. At the end of each week, the latest daily backup tape is promoted to the weekly backup tape. 3. At the end of each month, one of the weekly backup tapes is promoted to the monthly backup tape. What kinda backup tape rotation strategy is being used? A.)Incremental B.)Grandfather C.)Differential D.)Incremental tape

B

You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.) A.)If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, it will remain in an encrypted state. B.)By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it. C.)If the C:\Secrets\confidential.docx files is copied to an external USB flash drive, it will be saved in an unencrypted state. D.)Only the user who encrypted the C:\Secrets\confidential.docx file will be able to boot the computer from the encrypted hard disk. E.)The EFS encryption process will fail. F.)Any user who is able to boot the computer from the encrypted hard disk will be able to open the C:\Secrets\confidential.docx file.

B and C

If a birthday attack is successful, meaning the attackers discovers a password that generates the same hash as that captured from a user's login credentials, which of the following is true? (Select two.) A.)The user is forced to change their password at their next login attempt. B.)A collision was discovered. C.)The discovered password is always the same as the user's password. D.)The discovered password will allow the attacker to log in as the user, even if the discovered password is not the same as the user's password.

B and D

Which of the following disk configurations might sustain losing two disks? (Select two.) A.)RAID 1 B.)RAID 0+1 C.)RAID 5 D.)RAID 1+0

B and D

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.) A.)HTTPS B.)SSL C.)SMTP D.)TLS E.)SNMP

B and D

Security-Related Policies and Procedures *Which audits help ensure that procedures and communications methods are working properly in the event of a problem or issue?* a. Communication b. Escalation c. Selection d. Preference

B. *Escalation* Escalation audits help ensure that procedures and communications methods are working properly in the event of a problem or issue.

You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. Click the option you use in Credential Manager to protect your credentials.

Back up Credentials

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take? O Back up all logs and audits regarding the incident O Deploy new countermeasures O update the security policy O Restore and repair any damage

Back up all logs and audits regarding the incident

Which of the following are requirements to deploy Kerberos on a network?

Blocking of remote connectivity >>A centralized database of users and passwords A directory service Use of token devices and one-time passwords >>Time synchronization between devices

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using? (Select two.)

Bluetooth 802.11g

If Alice wants to encrypt a message using asymmetric encryption that only Bob can read, which key must she use?

Bob's public key

Which type of virus conceals its presence by intercepting system requests and altering service outputs?

Slow >>Stealth Retro Polymorphic

You have heard about a new malware program that presents itself to user as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the ff. terms best describes this software?

Botnet Spyware Trojan horse Privilege escalation >>Rootkit

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?

Browsing the organization's website

Network-based intrusion detection is most suited to detect and prevent which types of attacks?

Brute force password attack >>Bandwidth-based denial of service Buffer overflow exploitation of software Application implementation flaws

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?

Buffer overflow

Which port number does NNTP use?

TCP port 119

Advanced cryptography includes various modes of operation. Choose the mode of operation for the description listed below: -This mode can encrypt or decrypt one fixed-length block. A.)Cipher Feedback Mode B.)Cipher Block Chaining Mode C.)Block Cipher Mode D.)Counter Mode E.)Output Feedback Mode

C

Which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?

TCP port 143

Choose the cryptographic algorithm for the explanation listed below: -Algorithm used for signature verification and data integrity checking. A.)Asymmetric B.)Symmetric C.)Hashing

C

Choose the public key cryptography key management mechanism with the corresponding description listed below: -Uses no deterministic algorithm when generating public keys A.)ECDH B.)Ephemeral keys C.)Perfect forward secrecy D.)Static keys

C

DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property? A.)Endpoint DLP B.)Cloud DLP C.)Network DLP D.)File-level DLP

C

If you lose your wallet or purse and it ends up in the wrong hands, several pieces of information could be used to do personal harm to you. These pieces of information include the following: *Name and address *Driver license number *Credit card numbers *Date of birth Which of the following classifications does this information fall into? A.)Private internal information B.)Proprietary information C.)Personally identifiable information D.)Private restricted information

C

Many organizations use the Information Security Classification Framework, which uses the following classifications: *High *Medium *Low Choose the sensitivity classification for the description listed: -Could cause loss of life or social hardship. A.)Medium B.)Low C.)High

C

Many organizations use the Information Security Classification Framework, which uses the following classifications: *High *Medium *Low Choose the sensitivity classification for the description listed: -Could cause operational harm such as loss control or loss of public trust. A.)Medium B.)Low C.)High

C

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature? A.)Sam's private key B.)Mary's public key C.)Mary's private key D.)Sam's public key

C

Which of the following symmetric block ciphers does not use a variable block length? A.)Elliptic Curve (EC) B.)Ron's Cipher v5 (RC5) C.)International Data Encryption Algorithm (IDEA) D.)Advanced Encryption Standard (AES)

C

Which of the following symmetric cryptography systems does not support a variable block size? A.)Rijndael B.)AES C.)IDEA D.)RC5

C

The government and military use the following information classification system: *Unclassified *Sensitive but unclassified *Confidential *Secret *Top secret Choose the classification for the description listed below: -This information can be accessed by the public and pose no security threat. A.)Confidential B.)Top secret C.)Unclassified D.)Sensitive but unclassified E.)Secret

C

What is the primary function of the IKE protocol used with IPsec? A.)Provide authentication services. B.)Provide both authentication and encryption. C.)Create a security association between communicating partners. D.)Encrypt packet contents. E.)Ensure dynamic key rotation and select initialization vectors (IVs).

C

When a sender encrypts a message using their own private key, what security service is being provided to the recipient? A.)Confidentiality B.)Integrity C.)Non-repudiation D.)Availability

C

When two different messages produce the same hash value, what has occurred? A.)Birthday attack B.)High amplification C.)Collision D.)Hash value

C

Which backup strategy backs up all the files from a computer's file system regardless of whether the file's archive bit is set or not and marks them as having been backed up? A.)Differential B.)Incremental C.)Full D.)Copy

C

You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal? A.)Availability B.)Non-repudiation C.)Confidentiality D.)Integrity

C

You want email sent from users in your organization to be encrypted to make messages more secure. Which of the following is an option you can use to enhance the encryption of email messages? A.)A symmetric key exchange B.)A hashing service provider C.)A cryptographic service provider D.)An asymmetric key exchange

C

Which of the following algorithms are used in asymmetric encryption? (Select two.) A.)Twofish B.)AES C.)Diffie-Hellman D.)Blowfish E.)RSA

C and E

Which of the following protocols can be used to centralize remote access authentication?

CHAP >>TACACS EAP SESAME Kerberos

Click on the object in the TESTOUTDEMO.com Active Directory domain that is used to manage individual desktop workstation access.

CORPWS7

What is the name for the list of locations where software can check to see whether a user's certificate has been revoked?

CRL Distribution Point (CDP)

Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components? O Soda acid O Carbon dioxide (C02) O Dry powder O Water-based

Carbon dioxide (C02)

To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again?

Carefully review open firewall ports and close any unnecessary ports >>Configure the software to automatically download the virus definition files as soon as they become available Switch to a more reliable anti-virus software Create a scheduled task to run *sfc.exe* daily

Which of the following defines two-man control? ● For any task in which vulnerabilities exist, steps within the tasks are assigned to different positions with different management. ● An employee is granted the minimum privileges required to perform the position's duties. ● Certain tasks should be dual-custody in nature to prevent a security breach. ● A situation in which multiple employees conspire to commit fraud or theft.

Certain tasks should be dual-custody in nature to prevent a security breach.

You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this? O CPS (certificate practice statement) O Chain of custody O Flps_140 O Rules of eh.qdence

Chain of custody

What is the most important element related to evidence in addition to the evidence itself? O Completeness O Witness testimony O Chain of custody document O Photographs of the crime scene

Chain of custody document

What does the acronym CHAP denote?

Challenge Handshake Authentication Protocol

Which authentication protocol incorporates the use of a random value, an ID, and a predefined secret that are concatenated, hashed, and used with a three-way handshake?

Challenge Handshake Authentication Protocol (CHAP)

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? ● Change management ● SLA ● Acceptable use ● Resource allocation

Change management

Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5, or any other symmetric cryptography solution? A.)RSA B.)Merkle-Hellman Knapsack C.)Elliptical Curve D.)Diffie-Hellman

D

What are the non-overlapping channels for 802.11b?

Channels 1, 6, 11, and 14

What are the non-overlapping channels for 802.11g/n?

Channels 1, 6, and 11

You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.)

Check the MAC addresses of devices connected to your wired switch Conduct a site survey

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

Circuit-level

Which of the following fire extinguisher types is best used for the electrical fires that might result when working with computer components? O Class A O Class B O Class C O Class D

Class C

A code of ethics does all but which of the following? ● Establishes a baseline for managing complex situations ● Serves as a reference for the creation of acceptable use policies ● Improves the professionalism of your organization as well as your profession ● Clearly defines courses of action to take when a complex issue is encountered

Clearly defines courses of action to take when a complex issue is encountered

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts

How does IPSec NAP enforcement differ from other NAP enforcement methods?

Clients must be issued a valid certificate before a connection to the private network is allowed

You decide to use syslog to send log entries from multiple servers to a central logging server. Which of the following are the most important considerations for your implementation? (select two.)

Clock synchronization between all devices Disk space on the syslog server

When designing a firewall, what is the recommended approach for opening and closing ports?

Close all ports; open only ports required by applications inside the DMZ.

During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?

Code Review

Which of the following is a password that relates to things that people know, such as a mother's maiden name or the name of a pet?

Cognitive

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? ● Redefine all roles and responsibilities ● Obtain senior management approval ● Perform new awareness sessions ● Collect and destroy all old plan copies

Collect and destroy all old plan copies

An attacker is using an eavesdropping technique called Van Eck phreaking on a networking closet. Which of the following describes what the attacker is doing? O Connecting to an open switch port O Connecting to an open Ethernet port O Collecting electronic emissions O Capturing data transmissions

Collecting electronic emissions

Match each third-party integration phase on the left With the tasks that need to be completed during that phase on the right. Each phase may be used once, more than once, or not at all. ● Onboarding ● Off-boarding ● Ongoing operations

Communicate vulnerability assessment findings with the other party ● Ongoing operations Disable VPN configurations that allow partner access to your network ● Off-boarding Compare your organization's security policies with the partner's policies ● Onboarding Disable the domain trust relationship between networks ● Off-boarding Identify how privacy will be protected ● Onboarding Draft an ISA ● Onboarding Conduct regular security audits ● Ongoing operations

As the victim of a Smurf attack, what protection measure is the most effective during the attack?

Communicate with your upstream provider

In a NAP system, which is the function of the System Health Validator?

Compare the statement of health submitted by the client to the health requirements

Need to know access is required to access which types of resources? O High-security resources O Low-security resources O Resources with unique ownership O Compartmentalized resources

Compartmentalized resources

A manager has told you she is concerned about her employee writing their password for websites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could you use to prevent this behavior?

Computer management Local users and groups >>Credential manager Key management service

Match the employment process on the left with the task that should occur during each process on the right. Each process may be used once, more than once, or not at all. ● Pre-employment ● Employment ● Termination

Conduct role-based training ● Employment Verify an individual's job history ● Pre-employment Show individuals how to protect sensitive information ● Employment Disable a user's account ● Termination Remind individuals of NDA agreements ● Termination Obtain an individual's credit history ● Pre-employment

A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing? O Non-repudiation O Availability O Confidentiality O Integrity

Confidentiality

By definition, which security concept ensures that only authorized parties can access data? O Non-repudiation O Integrity O Authentication O Confidentiality

Confidentiality

Smart phones with cameras and internet capabilities pose a risk to which security concept? O Confidentiality O Non-repudiation O Integrity O Availability

Confidentiality

During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates each installation for security vulnerabilities. Which assessment technique was used in this scenario?

Configuration testing

You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that after that time the user accounts cannot be used for login. What should you do? ● Configure day/time restrictions in the user accounts ● Configure account policies in Group Policy ● Configure account lockout in Group Policy ● Configure account expiration in the user accounts

Configure account expiration in the user accounts

One of the ways attackers can access unencrypted data being transmitted on your network is by collecting electronic emissions that come from your networking closet or Ethernet cables. Which of the following is NOT a good solution to this problem? O Configure all data transmissions to be encrypted O Place your network closet inside a Faraday cage O Employing a protective distribution system, or PDS O Use Ethernet port locking devices

Configure all data transmissions to be encrypted

You are replacing a wired business network with an 802.1 lg wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network will have multiple wireless access points. You want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)

Configure devices to run in infrastructure mode Install a RADIUS server and use 802.1x authentication

You are the wireless administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do? (Select two. Each response is a part of the complete solution.)

Configure the RADIUS server with a server certificate Configure all wireless access points with client certificates

A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.)

Configure the browser to send HTTPS requests through the VPN connection Configure the VPN connection to use IPSec

You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. What should you do?

Configure the connection to use WPA2-Enterprise.

You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?

Configure the connection with a pre-shared key and AES encryption.

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic? O Configure the network interface to use protocol analysis mode O Configure the network interface to use promiscuous mode O Configure the netlvork intefface to use port mirroring mode O Configure the network interface to enable logging

Configure the network interface to use promiscuous mode

You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you be legally required to do? ● Implement training for employees who handle personal information ● Perform additional investigations to identify the attacker ● Contact your customers to let them know about the security breach ● Delete personally identifiable information from your computers

Contact your customers to let them know about the security breach

Which of the following prevents access based on website ratings and classifications?

Content Filter

Which port number is used by Microsoft SQL Server?

TCP port 1433

How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence? O Enable write protection O Write a log file to the media O Create a checksum using a hashing algorithm O Reset the file attributes on the media to read-only

Create a checksum using a hashing algorithm

What is the default PPTP port?

TCP port 1723

Which port number is used by SSL, FTPS, and HTTPS?

TCP port 443

Which port number is used by SMB?

TCP port 445

You want to store your computer-generated audit logs in case they are needed in the future for examination or to be used as evidence in the event of a security incident. Which method can you use to ensure that the logs you put in storage have not been altered when you go to use them in the future?

Create a hash of each log

Which of the following attacks typically takes the longest amount of time to complete? A.)Impersonation attack B.)Replay attack C.)Dictionary attack D.)Brute force attack

D

To prevent server downtime, which of the following components should be installed redundantly in a server system? A.)Floppy disk drive B.)CD or DVD drive C.)RAM modules D.)Power supply

D

Which attack form either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

Denial of service attack

What encryption method is used by WPA for wireless networks?

TKIP

What does an incremental backup do during the backup? A.)Backs up all files with the archive bit set and does not rest the archive bit. B.)Backs up all files regardless of the archive bit and does not reset the archive bit. C.)Backs up all files regardless of the archive bit and resets the archive bit. D.)Backs up all files with the archive bit set and resets the archive bit.

D

You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connected to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if they are compromised?

Create a VLAN to use as a no-trust network zone for these static stems to connect to. Create a VLAN to use as a medium-trust network zone for these static stems to connect to. Create a VLAN to use as a high trust network zone for these static stems to connect to. >>Create a VLAN to use as a low-trust network zone for these static stems to connect to.

What is the primary distinguishing characteristic between a worm and a logic bomb?

Incidental damage to resources >>Self-replication Masquerades as a useful program Spreads via email

Which security protocol is the standard encryption protocol for use with the WPA2 standard?

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (often abbreviated CCMP)

Which of the following reduce the risk of a threat agent being able to exploit a vulnerability? O Secure data transmissions O Implementation of VLANs O Countermeasures O Manageable neüvork plans

Countermeasures

What is the main function of a TPM hardware chip? A.)Control access to removable media B.)Perform bulk encryption in a hardware processor C.)Provide authentication credentials on a hardware device D.)Generate and store cryptographic keys

D

You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?

Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.

As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same neüvork segment as the human resources department. Which of the following steps can be used to isolate these departments? ● Create a separate VLAN for each department ● Identify the choke points in your network ● Implement the principle of least privilege for the human resources department ● Move the sales department into the DMZ

Create a separate VLAN for each department

Which of the following is an example of privilege escalation? O Mandatory vacations O Principle of least privilege O Separation of duties O Creeping privileges

Creeping privileges

Which of the following is not a protection against collusion? ● Principle of least privilege ● Two-man control ● Separation of duties ● Cross-training

Cross-training

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? A.)Hash values B.)Cryptographic algorithm C.)Public keys D.)Private keys

D

Advanced cryptography includes various modes of operation. Choose the mode of operation for the description listed below: -Sender and recipient access a reliable counter that computes a new shared value each time a cipher text block is exchanged. A.)Cipher Feedback Mode B.)Cipher Block Chaining Mode C.)Block Cipher Mode D.)Counter Mode E.)Output Feedback Mode

D

What types of key or keys are used in symmetric cryptography? A.)A single key pair B.)A unique key for each participant C.)Two unique sets of key pairs D.)A shared private key

D

Choose the public key cryptography key management mechanism with the corresponding description listed below: -Can be reused by multiple communication sessions A.)ECDH B.)Ephemeral keys C.)Perfect forward secrecy D.)Static keys

D

DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied? A.)Endpoint DLP B.)Network DLP C.)Cloud DLP D.)File-level DLP

D

Select the recovery term for the definition listed below: -Identifies the average lifetime of a system or component. A.)MTTF B.)MTD C.)MTTR D.)MTBF

D

The government and military use the following information classification system: *Unclassified *Sensitive but unclassified *Confidential *Secret *Top secret Choose the classification for the description listed below: -If this information is disclosed, it could cause some harm, but not a national disaster. A.)Confidential B.)Top secret C.)Unclassified D.)Sensitive but unclassified E.)Secret

D

What are the two components of the Kerberos Key Distribution Center?

authentication server (AS) and ticket-granting server (TGS)

Which of the following does not or cannot produce a hash value of 128 bits? A.)MD5 B.)MD2 C.)RIPEMD D.)SHA-1

D

Which of the following is NOT an advantage of using cloud storage? A.)Your organization can import a virtual machine image from an on-premises location to the cloud image library. B.)Your organization can choose between off-premises cloud storage options. C.)Your organization can use cloud storage as a natural disaster backup. D.)Your organization can purchase additional storage capacity when needed. E.)Your organization can copy virtual machine images from the cloud to on-premises locations.

D

Which of the following is not a countermeasure against dictionary attacks? A.)Using three or four different character types (lowercase, uppercase, numerals, and symbols) B.)Avoiding common words C.)Avoiding industry acronyms D.)Using short passwords

D

Which technology was developed to help improve the efficiency and reliability of checking the validity status of certificates in large, complex environments? A.)Certificate Revocation List B.)Key Escrow C.)Private Key Recovery D.)Online Certificate Status Protocol

D

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file? A.)You will be only one able to open the downloaded file. B.)No one has read the file contents as it was downloaded. C.)You can prove the source of the file. D.)Your copy is the same as the copy posted on the website.

D

You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contract? A.)Certification Authority B.)Registration Authority C.)Enrollment agent D.)Recovery agent

D

You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible? A.)RSA B.)3DES C.)SHA-1 D.)AES

D

Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext. Which type of attack is this? A.)Brute force B.)Chosen cipher C.)Known plaintext D.)Chosen plaintext

D

Your network uses the following backup strategy: *Full backup every Sunday night *Incremental backups Monday night through Saturday night On a Thursday morning, the storage system fails. How many restore operations will you need to perform to recover all of the data? A.)1 B.)2 C.)3 D.)4 E.)5

D

Which of the following is not a protection against session hijacking?

DHCP reservations

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?

DMZ

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?

DNS poisoning

Which of the following devices is capable of detecting and responding to security threats?

DNS server IDS Multi-layer switch >>IPS

Which type of attack allows an attacker to redirect Internet traffic by setting up a fake DNS server to answer client requests?

DNS spoofing

Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network.

DaaS PaaS >>SaaS IaaS

Which algorithms are symmetric key algorithms?

Data Encryption Standard (DES), Triple DES (3DES), Blowfish, IDEA, RC4, RC5, RC6, and Advanced Encryption Standard (AES)

What is the purpose of DLP?

Data Loss Prevention (DLP) is a network system that monitors data on computers to ensure the data is not deleted or removed.

Active Directory is a hierarchical database. Hierarchical directory databases have several advantages over flat file database structures. Which of the following is not an advantage of Active Directory's hierarchical database structure?

Decentralization

Which of the following is the best protection against security violations? ● Defense in-depth ● Monolithic security ● Fortress mentality ● Bottom-up decision-making

Defense in-depth

Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881-6889 by default. When you check your perimeter firewall configuration, ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic is using ports 6881-6889 has been blocked. What should you do?

Determine that the accused employee is innocent and being framed. >>Implement an application control solution Block all outbound ports in the perimeter firewall Call human resources and have the employee fired for violation of the security policy.

When securing a newly deployed server, which of the following rules of thumb should be followed?

Determine unneeded services and their dependencies before altering the system

What was the first public-key algorithm ever used?

Diffie-Hellman

Which public-key algorithm was the first to allow two users to exchange a secret key over an insecure medium without any prior secret keys?

Diffie-Hellman

A user has just authenticated using Kerberos. Which object is issued to the user immediately following login?

Digital signature Digital certificate Client-to-server ticket >>Ticket granting ticket

You are about to enter your office building through a back entrance. A man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do? O Let him in. O Tell him no and quickly close the door. O Direct him to the front entrance and instruct him to check in with the receptionist. O Let him in and help him find the restroom, then let him work.

Direct him to the front entrance and instruct him to check in with the receptionist.

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

You've just installed a wireless access point (AP) for your organization's network. You know that the radio signals used by the AP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network. What can you do to protect the wireless network? (Select two.)

Disable DHCP on the AP Configure the AP to filter out unauthorized MAC addresses

A customer has called and indicated that he thinks his neighbor is connecting to his wireless access point (AP) to use his high-speed internet connection. Which of the following will resolve this issue? (Select two.)

Disable SSID broadcast on the AP Implement MAC address filters

You are implementing a wireless in a dentist's office. The dentist's practice is small, so you choose to use an inexpensive consumer-grade access point. While reading the documentation, you notice that the access point supports Wi-Fi Protected Setup (WPS) using a PIN. You are concerned about the security Implications of this functionality. What should you do to reduce risk?

Disable WPS in the access point's configuration

What is the best protection against cross-site scripting (XSS)?

Disable the running of scripts.

When you inform an employee that they are being terminated, what is the most important activity? ● Allow them to collect their personal items ● Allow them to complete their current work projects ● Give them two weeks notice ● Disable their network access

Disable their network access

According to CompTIA's Security+ examination blueprint, what are the four hardening techniques for mitigation and deterrence?

Disable unnecessary services. •Protect management interfaces and applications. •Protect passwords. •Disable unnecessary accounts.

When you inform an employee that they are being terminated, what is the most important activity? ● Allowing them to complete their current work projects ● Giving them two weeks' notice ● Disabling their network access ● Allowing them to collect their personal items

Disabling their network access

Disaster Recovery and Incident Response *Which plan or policy helps an organization determine how to relocate to an emergency site?*

Disaster-recovery plan* The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.

During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence? O See who is connected to the access point and attempt to find the attacker O Disconnect the access point from the network O Run a packet sniffer to monitor traffic to and from the access point O Connect to the access point and examine its logs for information

Disconnect the access point from the network

You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first? O Turn off the system O Stop all running processes O Document what's on the screen O Remove the hard drive

Document what's on the screen

Match the IT audit activity on the left with the appropriate description on the right.

Documents incidents for security violations and incident response. >>Usage auditing Identifies inefficient IT strategies, such as weak policies and procedures >>Risk evaluation Verifies the appropriate use of accounts and privileges >>Escalation auditing Checks user/group rights and privileges to identify cases of creeping privileges >>Privilege auditing Determines whether privilege-granting processes are appropriate and whether computer use and escalation processes are in place and working. >>User access and rights review

You are implementing a new application control solution. Prior to enforcing you application whitelist,you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?

Drop >>Flag Tarpit Block

You want to connect your small company network to the internet. Your ISP provides with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of address translation (NAT) should you implement?

Dynamic

Advanced cryptography includes various modes of operation. Choose the mode of operation for the description listed below: -Feeds the output blocks back to the block cipher. A.)Cipher Feedback Mode B.)Cipher Block Chaining Mode C.)Block Cipher Mode D.)Counter Mode E.)Output Feedback Mode

E

Which of the following security measures encrypts the entire contents of a hard drive? A.)Chassis intrusion detection B.)BIOS password C.)Trusted Platform Module (TPM) D.)Hard disk password E.)DriveLock

E

You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls? A.)IPsec B.)PPTP C.)PPPoE D.)L2TP E.)SSL

E

Which of the following is not part of security awareness training? ● Establish reporting procedures for suspected security violations ● Familiarize employees with the security policy ● Communicate standards, procedures, and baselines that apply to the employee's job ● Employee agreement documents

Employee agreement documents

Physical security is an obvious requirement for network security, but it is often easy to overlook or forget to plan for it. Which of the following is NOT a benefit of physical security? O Network resources are safer from natural disasters. O Untrained employees cannot misuse equipment. O Sensitive data is protected from unauthorized access. O Employee passwords are stronger. O Terrorists cannot walk in off the street and change the network configuration.

Employee passwords are stronger.

In addition to Authentication Header (AH), IPSec is comprised of what other service?

Encapsulating Security Payload (ESP)

Which of the following is not a valid example of steganography? O Digital watermarking O Hiding text messages within graphical images O Encrypting a data file with an encryption key O Microdots

Encrypting a data file with an encryption key

Network packet sniffing is often used to gain the information necessary to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption

Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules? ● Network DLP ● Endpoint DLP ● File Level DLR ● Chinese Wall

Endpoint DLP

Your company is preparing to enter into a panner relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other. Which of the following is of primary importance as you take steps to enter into this partner relationship? ● Identify how data ownership will be determined ● Ensure that all aspects of the relationship are agreed upon in writing ● Ensure that the integration process maintains the security of each organization's network ● Ensure that both organizations have similar incident response procedures

Ensure that the integration process maintains the security of each organization's network

Dumpster diving is a low-tech way to gathering information that may be useful in gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? ● Create a strong password policy ● Establish and enforce a document destruction policy ● Mandate the use of Integrated Windows Authentication ● Secure all terminals with screensaver passwords

Establish and enforce a document destruction policy

What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access.

What is the primary benefit of CCTV? O Expand the area visible by security guards O Increase security protection throughout an environment O Reduce the need for locks and sensors on doors O Provide a corrective control

Expand the area visible by security guards

You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use? O Explicit allow, implicit deny O Implicit allow, explicit deny O Implicit allow, implicit deny O Explicit allow, explicit deny

Explicit allow, implicit deny

Which of the following are functions of gateway email spam blockers? (Select two.)

Filters messages containing specific content Blocks email from specific senders

Which of the following is *not* an advantage when using an internal auditor to examine security systems and relevant documentation?

Finding in the audit and subsequent summations are viewed objectively

You have heard about a Trojan horse program where the compromised systems sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log would you monitor?

Firewall

You suspect that some of your computers have been hijacked and are being used to perform denial of service attacks directed against other computers on the Internet. Which log would you check to see if this is happening?

Firewall

Which of the following are denial of service attacks? (Select two.)

Fraggle Smurf

Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?

Full-knowledge team Split-knowledge team Partial-knowledge team >>Zero-knowledge team

Which of the following enters random data to the inputs of an application?

Fuzzing

A virtual LAN can be created using which of the following?

Gateway >>Switch Hub Router

Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?

Group Policy

You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use?

Group policy

Which of the following is a recommendation to use when a specific standard or procedure does not exist? ● Procedure ● Standard ● Baseline ● Guideline

Guideline

Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? O Insider O Nation state O Competitor O Script kiddie O Hacktivist

Hacktivist

Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? O Hashing O Photographs O Serial number notation O File directory listing

Hashing

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Have Marcus log off and log back in

Which of the following statements about the use of anti-virus software is correct?

If you install anti-virus software, you no longer need a firewall on your network Anti-virus software should be configured to download updated virus definition files as soon as they become available Once installed, anti-virus software needs to be updated on a monthly basis If servers on a network have anti-virus software installed, workstations do not need anti-virus software installed

Which of the following is not a form of social engineering? ● A virus hoax email message ● Impersonating a utility repair technician ● Impersonating a user by logging on with stolen credentials ● Impersonating a manager over the phone

Impersonating a user by logging on with stolen credentials

The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests ta be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the Internet. If a user does not provide the correct code, they should not be allowed to access the Internet. What should you do?

Implement a captive portal

To keep your data center safe, pu have done the following: • Restricted physical access to employees who strictly need to get in the data center. • Required employees to enter a password using a pin pad to enter the data center. • Deployed a Faraday cage to keep sensitive network devices safe from external electrical fields. Which of the following measures will NOT improve physical security in the data center? O Implement a checkout policy. O Set up video surveillance in the data center. O Grant employee access to hardware on a need to know basis. O Place all sewers in secured cabinets.

Implement a checkout policy.

Which of the following is not a benefit of NAT?

Improving the throughput rate of traffic

Which three security features do digital certificates provide?

authentication, data integrity, non-repudiation

You are an IT consultant. You are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets pu and escorts you through a locked door to the work area, where the office manager sits. • The office manager informs pu that the organization's servers are kept in a locked closet. An access card is required to enter the server closet. • She informs you that sewer backups are configured to run each night. A rotation of tapes are used as the backup media. • You notice the organization's network switch is kept in the server closet. • You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. • The office manager informs pu that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You take the workstation back to your office to work on it. What security-related recommendations should you make to this client? O Replace the tape drive used for backups with external USB hard disks. O Keep the network infrastructure devices (switch and all-in-one device) in a locked room separate from network servers. O Implement a hardware checkout policy. O Upgrade the server closet lock to a biometric authentication system.

Implement a hardware checkout policy.

Over the last several years, the use of mobile devices within your organization has increased dramatically. Unfortunately, many department heads circumvented your information systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result, there is a proliferation of devices within your organization without accountability. You need to get things under control and begin tracking your organization's devices. How should you do this? ● Require users to sign an acceptable use policy before allowing them to use mobile devices for work-related tasks. ● Implement a mobile device management (MOM) solution. ● Implement a mobile endpoint management (MEM) solution. ● Apply security-related Group Policy settings to the devices using a Group Policy object. ● Join the devices to your organization's domain.

Implement a mobile endpoint management (MEM) solution.

Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them.

Implement a packet-filtering firewall in front of the web server Implement an application-aware IDS in front of the web server Install an anti-malware scanner on the web server >>Implement an application-aware IPS in front of the web server Implement a stateful firewall in front of the web server

As you help a user with a computer problem, pu notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: • Minimum password length = 10 • Minimum password age = 4 • Maximum password age = 30 • Password history = 6 • Require complex passwords that include numbers and symbols • Account lockout clipping level = 3 Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down? ● Remove the complex password requirement ● Decrease the minimum password length ● Increase the account lockout clipping level ● Implement end-user training ● Increase the maximum password age

Implement end-user training

Over the last month, pu have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment? ● Reduce all employee permissions and privileges ● Improve and hold new awareness sessions ● Terminate all offenders ● Initiate stronger auditing

Improve and hold new awareness sessions

Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Policies, Procedures, and Awareness O Perimeter O Host O Data

Includes OS hardening, patch management, malware, and password attacks: O Host Includes how to manage employee onboarding and off-boarding: O Policies, Procedures, and Awareness Includes cryptography and secure transmissions: O Data Includes user education and manageable network plans: O Policies, Procedures, and Awareness Includes firewalls using ACLs and securing the wireless network: O Perimeter

Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Physical O Network O Host O Application

Includes fences, door locks, mantraps, turnstiles, device locks, and server cages: O Physical Includes each individual workstation, laptop, and mobile device: O Host Includes authentication and authorization, user management, and group policies: O Application Includes cameras, motion detectors, and even environmental controls: O Physical Includes implementation of VLANs, penetration testing, and the utilization of virtualization: O Network

What is the primary purpose of imposing software lifecycle management concepts? ● Increase interoperability ● Reduce product returns ● Decrease development overhead ● Increase the quality of software

Increase the quality of software

What are four common service models of cloud computing?

Infrastructure as a service (IaaS), Monitoring as a service (MaaS), Platform as a service (PaaS), Software as a service (SaaS)

Which of the following is the most effective protection against IP packet spoofing on a private network?

Ingress and egress filters

Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?

Input Validation

The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: • Create and follow onboarding and off-boarding procedures • Employ the principle of least privilege • Have appropriate physical security controls in place Which type of threat actor do these steps guard against? O Script Kiddie O Competitor O Hacktivist O Insider

Insider

You would like to control Internet access based on users, time of day, and websites visited. How can you do this?

Install a proxy server. Allow Internet access only through the proxy server.

You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

Install the latest firmware updates from the device manufacturer Verify that your network's existing security infrastructure is working properly

You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.

While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?

Integer overflow

Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity' provide? O Integrity O Availability O Non-repudiation O Confidentiality

Integrity

What is the default automated key-management protocol for IPSec?

Internet Key Exchange (IKE)

Which Application-layer protocol supports public-key encryption and key distribution centers (KDCs)?

Internet Key Management Protocol (IKMP)

What does the acronym IPSec denote?

Internet Protocol Security

Which protocol provides connectionless integrity, data origin authentication, replay protection, and confidentiality (encryption) using Authentication Header (AH) and Encapsulating Security Payload (ESP)?

Internet Protocol Security (IPSec)

What is the name for the framework for key exchange management?

Internet Security Association and Key Management Protocol (ISAKMP)

What is an Internet Protocol (IP)-based storage networking standard for linking data storage facilities?

Internet Small Computer System Interface (iSCSI)

You notice a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?

Internet of things

Which of the following activities are typically associated with a penetration test?

Interviewing employees to verify that the security policy is being followed >>Running a port scanner >>Attempting a social engineering Creating a performance baseline Running a vulnerability scanner on network servers

As a security professional, you need to understand your network on multiple levels. You should focus on the following areas: Entry points inherent vulnerabilities Documentation Network baseline Drag the area of focus on the left to the appropriate example on the right.

IoT and SCADA devices >>Inherent vulnerabilities Used to identify a weak network architecture or design >>Documentation Public-facing servers, workstations, Wi-Fi network, and personal devices. >>Entry points An older version of Windows that is used for a particular application >>Inherent vulnerabilites What activity looks like a normal day-to-day usage >>network baseline

What is the purpose of GPS tracking on a mobile device?

It allows a mobile device to be located.

What is the purpose of Software as a Service (SaaS) in cloud computing?

It ensures on-demand, online access to an application suite without the need for local installation.

What is the purpose of application hardening?

It ensures that an application is secure and unnecessary services are disabled.

What is the purpose of secure code review?

It examines all written code for any security holes that may exist.

What is the purpose of embedding a timestamp within ciphertext?

It will decrease the chance of the message being replayed.

A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks? O Properly secure and store data backups. O Build a comprehensive security' approach that uses all aspects of threat prevention and protection. O Implement email filtering systems. O Have appropriate physical security controls in place. O Keep systems up to-date and use standard security practices.

Keep systems up to-date and use standard security practices.

Which of the following is the most important thing to do to prevent console access to the router? O Keep the router in a locked room O Set console and enable secret passwords O Disconnect the console cable when not in use O Implement an access list to prevent console connections

Keep the router in a locked room

Which of the following is an example of a single sign-on authentication solution?

Kerberos

Which Kerberos component holds all users' and services' cryptographic keys and generates tickets?

Key Distribution Center (KDC)

Which VPN protocol typically employs IPSec as its data encryption mechanism?

L2TP

PPTP (Point-to-Point Tunneling Protocol) is quickly becoming obsolete because of which VPN protocol?

L2TP (Layer 2 Tunneling Protocol)

Which actions can a typical passive intrusion detection system (IDS) take when it detects an attacks?

LAN-side clients are halted and removed from the domain The IDS config is changed dynamically, and the source IP is banned >>The IDS logs all pertinent data about the intrusion. >>An alert generated and delivered via email, the console, or an SNMP trap.

In a cryptographic system, what properties should the initialization vector have? (Select two.) ☐ Large ☐ Unpredictable ☐ Predictable ☐ Shon ☐ Uniform

Large Unpredictable

Which protocol is the combination of PPTP and Cisco's Layer 2 Forwarding (L2F) technology?

Layer 2 Tunneling Protocol (L2TP)

Which of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth? O Perimeter security O Layered security O Countermeasure security O Network security O Cumulative security

Layered security

Which Internet protocol based on X.500 is used to access the data stored in a network directory?

Lightweight Directory Access Protocol (LDAP)

Which directory protocol does Directory-Enabled Networking (DEN) use?

Lightweight Directory Access Protocol (LDAP)

What is the primary function of LDAP?

Lightweight Directory Access Protocol (LDAP) controls client access to directories

Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email? O Protocol analyzer O Throughput tester O Load tester O Packet sniffer

Load tester

While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario?

Locally shared object (LSO) exploit

Which of the following controls is an example of a physical access control method? O Passwords O Smart cards O Locks on doors O Hiring background checks O Access control lists with permissions

Locks on doors

Which of the following switch attacks associates the attackers MAC address with the IP address of the victim's devices?

MAC spoofing Cross-site scripting DNS poisoning >>ARP spoofing/ poisoning

What is the primary goal of business continuity planning? ● Minimize decision-making during the development process ● Protecting an organization from major computer services failure ● Maintaining business operations with reduced or restricted infrastructure capabilities or resources ● Minimizing the organization's risk of service delays and interruptions

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

What is the purpose of MAC?

Message Authentication Cod helps protect against fraud in electronic fund transfers

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches are installed. Which solution should you use?

NAC

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?

NAT >>VLANs Port authentication DMZ

An attacker has hidden an NFC reader behind an NFC-based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end user devices and the reader in the kiosk. She then uses that information to masquerade as the original end user device and establish an NFC connection to the kiosk. What kind of attack has occurred in this scenario?

NFC relay attack

You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon.Which solution should you implement?

NTFS and share permissions

Which of the following authentication mechanisms is designed to protect to protect a nine-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?

NTLM >>LANMAN NTLMv2 LDAP

Which of the following is *not* included in a system level audit event? (Select two.)

Names of accessed files Any actions performed by the user

Which of the following locations contributes the greatest amount of interference for a wireless access point? (Select two.)

Near cordless phones Near backup generators

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level? O Ownership O Clearance O Separation of duties O Least privilege O Need to know

Need to know

If an organization shows suffcient due care, which burden is eliminated in the event of a security breach? ● Negligence ● Investigation ● Asset loss ● Liability

Negligence

What is the purpose of NAC?

Network Access Control (NAC) ensures that the computer on the network meets an organization's security policies.

Which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?

Network Address Translation (NAT)

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies? ● Chinese Wall ● File Level DLR ● Network DLP ● Endpoint DLP

Network DLP

Your network devices are categorized into the following zone types: No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network?

Network firewalling Virtual local area networking >>Network segmentation Trust zone networking

Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information? ● Employee monitoring agreement ● Non-disclosure agreement ● Acceptable use agreement ● Non-compete agreement

Non-disclosure agreement

By definition, which security concept uses the ability to prove that a sender sent an encrypted message? O Authentication O Non-repudiation O Integrity O Privacy

Non-repudiation

Which type of active scan turns off all flags in a TCP header?

Null

You have a network with three remote access servers, a RADIUS server used for authintication and authorization, and a second RADIUS server used for authentication and authorization, and a second RADIUS server used for accounting. Where should you configure remote access policies?

On each of the remote access servers On one of the remote access servers >>On the RADIUS server used for authentication and authorization On the RADIUS server used for accounting

You need to place a wireless access point in your building. While trying avoid interference, which of the following is the best location for the access point?

On the top floor

Which protocol provides real-time, online revocation information about certificates?

Online Certificate Status Protocol (OCSP)

You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages.Which type of email attack is this server susceptible to?

Open SMTP relay

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent attack, if possible. Which tool should you use?

Packet sniffer IDS Port Scanner >>IPS

According to the Security+ exam guide from CompTIA, what are the four steps in a vulnerability test?

Passively test security controls. •Identify vulnerabilities. •Identify lack of security controls. •Identify common misconfigurations.

Which of the following is the most common form of authentication?

Password

Which of the following is most vulnerable to a brute force attack?

Password authentication

What is the weakest point in an organization's security infrastructure? ● Physical structure ● Procedures ● People ● Technology

People

You have discovered a computer that is connected to your network and was used for an attack. You have disconnected the computer from the network to isolate it and stop the attack. What should pu do next? O Make a hash of the hard drive O Clone the hard drive O Stop all running processes O Perform a memory dump

Perform a memory dump

You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine?

Performance

Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. Which step must be taken to ensure that the information is useful in maintaining a secure environment?

Periodic reviews must be conducted to detect malicious activity or policy violations.

Drag the network attack technique on the left to the appropriate description or example on the right.

Perpetrators attempt to compromise or affect the operations of a system >>Active Attack Unauthorized individuals try to breach a network from off-site. >>External attack Attempting to find the root password on a web server by brute force. >>Active attack Attempting to gather information without affecting the flow of information on the network >>Passive attack Sniffing network packets or performing a port scan. >>Passive attack

What are the two modes of WPA and WPA2?

Personal (also called Preshared Key or WPA-PSK / WPA2-PSK) and Enterprise

What are the four types of personally identifiable information (PII)?

Personal characteristics - such as full name, date of birth, height, ethnicity, place of birth, mother's maiden name, and biometric characteristics •A unique set of numbers assigned to an individual - such as government ID number, telephone number, driver's license number, and PIN •Descriptions of events or points in time - such as arrest records, employment records, and medical records •Descriptions of locations or places - such as GPS tracking information

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario? (Choose two. Both responses are different names for the same exploit.)

Pharming DNS poisoning

Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is in the .ru top-level DNS domain.What kind of attack has occurred?

Phishing

Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts? ● Session hijacking ● Phishing ● Man-in-the-middle ● Adware

Phishing

Match the social engineering description on the left with the appropriate attack type on the right. ● An attacker searches through an organization's trash looking for sensitive information. ● An attacker pretending to be from a trusted organization sends an email asking users to access a website to verify personal information. ● An attacker gathers personal information about the target individual in an organization. ● An attacker enters a secured building by following an authorized employee through a secure door without providing identification. ● An attacker gathers personal information about the target individual, who is a CEO. ● An attacker uses a telephone to convince target individuals to reveal their credit card information.

Phishing ● An attacker pretending to be from a trusted organization sends an email asking users to access a website to verify personal information. Whaling ● An attacker gathers personal information about the target individual, who is a CEO. Spear phishing ● An attacker gathers personal information about the target individual in an organization. Dumpster diving ● An attacker searches through an organization's trash looking for sensitive information. Piggybacking ● An attacker enters a secured building by following an authorized employee through a secure door without providing identification Vishing ● An attacker uses a telephone to convince target individuals to reveal their credit card information.

Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once.

Pin - Something you know Smart card - Something you have Password - Something you know Retina Scan - Something you are Fingerprint scan - Something you are Hardware token - Something you have Pass phrase - Something you know Voice recognition - Something you are Wi-Fi triangulation - Somewhere you are Typing behaviors - Something you do

Which of the following denial of service (DOS) attacks uses ICMP packets and is only successful if the victim has less bandwidth than the attacker?

Ping flood

A security administrator logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server.

Ping scan >>Credentialed scan TCP SYN scan Non-credentialed scan

As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?

Pop-up blocker

You want to identify all devices on a network along with a list of ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?

Port scanner Ping scanner OVAL >>Network mapper

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?

Port security VPN Spanning tree >>VLAN

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting network availability. Which of the following should you implement? O Negative pressure system O Line conditioner O Backup generator O Positive pressure system O UPS

Positive pressure system

What does the acronym POP denote?

Post Office Protocol

You have a small wireless network that uses multiple access points. The network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points. You want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop? (Select two.)

Pre-shared key TKIP encryption

Which product uses public and private keys to digitally sign e-mail messages and files?

Pretty Good Privacy (PGP)

Match each bring your own device (BYOD) security issue on the right with a possible remedy onthe left. Each remedy may be used once, more than once, or not at all.

Preventing malware infections >>Implement a network access control solution Supporting mobile device users >>specify who users can call for help with mobile device apps in your acceptable use policy Preventing loss of control of sensitive data >>Enroll devices in a mobile device management system Preventing malicious insider attacks >>Specify where and when mobile devices can be possessed in your acceptable use policy Applying the latest anti-malware definitions >>Implement a network access control solution

Separation of duties is an example of which type of access control? O Preventive O Detective O Compensative O Corrective

Preventive

Drag the web threat protection method on the left to the correct definition on the right.

Prevents users from visiting malicious [Web threat filtering] Prevents outside attempts to access confidential information [Anti-phishing software] Identifies and disposes of infected content [Virus blockers] Prevents unwanted email from reaching your network [Gateway email spam blockers] Prevents users from visiting restricted websites [URL content filtering]

You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with? O Job rotation O Need to know O Principle of least privilege O Cross-training

Principle of least privilege

HIPAA is a set of federal regulations that define securiti guidelines. What do HIPAA guidelines protect? ● Availability ● Integrity ● Privacy ● Non-repudiation

Privacy

In which phase of the system life cycle is a security integrated into the product? ● Software Development ● Project Initiation ● Maintenance ● Installation

Project Initiation

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure?

Promiscuous mode >>Mirroring Spanning tree Bonding

What does hashing of log files provide?

Proof that the files have not been altered

Which of the following is an advantage of a virtual browser?

Protects the host operating system from malicious downloads

You want to examine the data on your network to find out if any of the following are happening: • Users are connecting to unauthorized websites • Cleartext passwords are allowed by protocols or services • Unencrypted traffic that contains sensitive data is on the network Which of the following tools would you use? O System logging O Throughput tester O Protocol analyzer O Load tester

Protocol analyzer

You want to be able to identify services running on a set of servers on your network. Which tool would best give you the information you need?

Protocol analyzer >>vulnerability scanner network mapper port scanner

What is another name for a logic bomb?

Pseudo flaw >>Asynchronous attack Trojan horse DNS poisoning

Match each description on the left with the appropriate cloud technology on the right.

Public cloud Provides cloud services to just about anyone. Private cloud Provides cloud services to a single organization. Community cloud Allows cloud services to be shared by several organizations. Hybrid cloud Integrates one cloud service with other cloud services.

What does PKCS stand for?

Public-Key Cryptography Standard

You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)

Put the database server on the private network. Put the web server inside the DMZ.

Which authentication protocol uses UDP: TACACS+ or RADIUS?

RADIUS

You want to implement 802.1x authentication on your wireless network. Which of the following will be required?

RADIUS

Which of the following authentication protocols transmits passwords in clear text, and is, therefore, considered too insecure for modern networks?

RADIUS CHAP >>PAP EAP

You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is used?

RBAC

You want to set up a service to allow multiple users to dial in to the office server form modems on their home computers. What service should you implement?

RIP >>RAS ISDN PPP

A router access control list uses information in a packet, such as destination IP address and port number, to make allow or deny forwarding decisions. This is an example of which kind of access control model?

RSBAC

Which of the following password attacks uses preconfigured matrices of hashed dictionary words?

Rainbow Table

Which of the following best describes the concept of due care or due diligence? ● Reasonable precautions based on industry best practices are utilized and documented. ● Availability supersedes security unless physical harm is likely. ● Security through obscurity is best accomplished by port stealthing. ● Legal disclaimers are consistently and conspicuously displayed on all systems.

Reasonable precautions based on industry best practices are utilized and documented.

You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices are able to connect to your rän.'ork. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution? (Select two.)

Remediation servers 802.1x authentication

What is the purpose of RADIUS?

Remote Access Dial-In User Service (RADIUS) enables remote access users to log on to a network through a shared authentication database.

What does the acronym RADIUS denote?

Remote Authentication Dial-In User Service

Which security-server application and protocol implement authentication of users from a central server over UDP?

Remote Authentication Dial-In User Service (RADIUS)

Which application or services uses TCP/UDP port 3389?

Remote Desktop Protocol (RDP)

A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device? ● Remote wipe ● Screen lock ● GPS ● TPM

Remote wipe

Match each Manageable Neüork Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Control Your Network ● Protect Your Network ● Manage Your Network ● Reach Your Network

Remove insecure protocols ● Reach Your Network Implement the principle of least privilege ● Control Your Network Segregate and isolate networks ● Protect Your Network Establish an update management process ● Manage Your Network Establish a baseline for all systems ● Manage Your Network

You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cable from the library computers to connect to their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do?

Remove the hub and place each library computer on its own access port >>Configure port security on the switch Create a VLAN for each group of four computers Create static MAC addresses for each computer and associate it with a VLAN

Which of the following attacks, if successful, cause a switch to function like a hub.

Replay ARP Poisoning MAC spoofing >>MAC flooding

Which is a typical goal of MAC spoofing?

Rerouting local switch traffic to a specified destination Causing incoming packets to broadcast to all ports >>Bypassing 802.1x port-based security Causing a switch to enter fail open mode

Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? ● Risk ● Loss ● Residual risk ● Exposure

Residual risk

What form of access control is based on job descriptions?

Role-based access control (RBAC)

Which access control model manages rights and permissions based on job descriptions and responsibilities?

Role-based access control (RBAC)

Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity? ● TPM ● Remote wipe ● GPS ● Screen lock

Screen lock

Which standard developed by RSA offers encryption of e-mail messages and authentication of received e-mail using digital signatures?

S/MIME

You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. Which method should you choose?

S/MIME

According to CompTIA's Security+ examination blueprint, what are the seven listed static environments that you need to know how to protect?

SCADA, embedded (printer, smart TV, HVAC control), Android, iOS, mainframes, game consoles, and in-vehicle computing systems

You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?

SQL injection

Which of the following network services or protocols uses TCP/IP port 22?

SSH

Which of the following is used on a wireless network to identify the network name?

SSID

You have physically added a wireless access point to your network and installed a wireless networking card in laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the wireless access point (AP). Which of the following values uniquely identifies the network AP?

SSID

Which of the following wireless network protection methods prevents the wireless network name from being broadcast?

SSID broadcast

FTPS uses which mechanism to provide security for authentication and data transfer?

SSL

You can use a variety of methods to manage the configuration of a network router. Match the management option on the right with its corresponding description on the left. (Each option can be used more than once.)

SSL >>Uses public-key cryptography HTTP >>Transfers data in cleartext SSH >>Uses public-key cryptography Telnet >>Transfers data in cleartext Console port >>Cannot be sniffed

Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization? O Formatting O Deletion O Sanitization O Destruction

Sanitization

What occurs during grey-box testing?

Security professionals with limited inside knowledge of the network attempt to hack into the network.

Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution? O Need to know O Principle of least privilege O Dual administrator accounts O Separation of duties

Separation of duties

You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal? O Job rotation O Least privilege O Mandatory vacations O Implicit deny O Separation of duties

Separation of duties

If your anti-virus software does not detect and remove a virus, what should you try first?

Set the read-only attribute of the file you believe to be infected Scan the computer using another virus detection program Search for and delete the file you believe to be infected >>Update your virus detection software

Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages but she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is most likely preventing her from accessing the system?

She is still a member of the Project Management group, which has been denied to this system. Deny permissions always override Allow permissions.

Match the wireless networking security standard on the left to its associated characteristics on the right. Each standard can be used more than once.

Short initialization vector makes key vulnerable. [WEP] Uses AES for encryption. [WPA2] Uses RC4 for encryption. [WEP] Uses TKIP for encryption. [WPA] Uses CBC-MAC for data integrity. [WPA2] Uses CCMP for key rotation. [WPA2]

Which encryption algorithm uses an 80-bit key to encrypt 64-bit blocks of data?

Skipjack

A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?

Smurf attack Social engineering Man-in-the-middle attack >>Privilege escalation

Which of the following are included in an *operations penetration* test?

Sneaking into a building without authorization >>Looking through discarded paper or media for sensitive information Scanning various ports on remote hosts looking for well-known service >>Eavesdropping or obtaining sensitive information from items that are not properly stored. Duplicating captured packets without altering or interfering with the flow of traffic on that medium

Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack?

Sniffing

In which phase of the system life cycle is software testing performed? ● Functional design analysis and planning ● System design specifications ● Software development and coding ● Installation

Software development and coding

An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware.What kind of attack has occurred in this scenario?

Spam

Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Spam

If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens?

Spamming

Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims?

Spamming

Match each Interoperability Agreement document on the left with the appropriate description on the right. Each document may be used once, more than once, or not at all. ● BPO ● SLA ● MOU ● ISA

Specifies exactly which services will be performed by each party ● SLA Creates an agreement with a vendor to provide services on an ongoing basis ● BPO Summarizes which party is responsible for performing specific tasks ● MOU Documents how the networks will be connected ● ISA Defines how disputes will be managed ● SLA Specifies a preset discounted pricing structure ● BPO

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of what form of attack?

Spoofing

Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.) O Reconnaissance O Breaching O Escalating privileges O Staging O Exploitation

Stealing information: O Exploitation Preparing a computer to perform additional tasks in the attack: O Staging Crashing systems: O Exploitation Gathering system hardware information: O Reconnaissance Penetrating system defenses to gain unauthorized access: O Breaching Configuring additional rights to do more than breach the system: O Escalating Privileges

Which is the cryptography mechanism that hides secret communications within various forms of data? O Codes O Signals O Polyinstantiation O Steganography

Steganography

Which of the following program writing development modes is a method that allows for optimal control over coherence, security, accuracy, and comprehensibility? ● Clean room ● Waterfall planning ● Object-oriented programming ● Structured programming

Structured programming

What is the primary use of tunneling?

Supporting private traffic through a public communication medium

Which of the following is the LEAST effective power loss protection for computer systems? O Backup power generator O Uninterruptible power supply O Secondary power source O Surge protector

Surge protector

Which of the following is a standard for sending log messages to a central logging server?

Syslog

Over the past few days, a server has gone offline and rebooted automatically several times. You would like to see a record of when each of these restarts has occurred. Which log type should you check?

System

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?

System log Event log Load tester >>Packet sniffer Throughput tester

You have recently reconfigure FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are encrypted. Which tool should you use?

Systems monitor >>Protocol analyzer Performance monitor Vulnerability scanner

Which type of attack intercepts an established TCP session?

TCP hijacking or session hijacking

Which firewall port should you enable to allow POP3 traffic to flow through the firewall?

TCP port 110

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuo Plan (BCP) with two other database professionals. Which type of BCP test is this considered? ● Succession planning ● Complex exercise ● Tabletop exercise ● Medium exercise

Tabletop exercise

In which of the following denial of service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?

Teardrop

Encryption is which type of access control?

Technical

Which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?

Temporal Key Integrity Protocol (TKIP)

What does the acronym TACACS denote?

Terminal Access Controller Access Control System

Which security-server application and protocol implements authentication and authorization of users from a central server over TCP?

Terminal Access Controller Access Control System Plus (TACACS+)

You have recently experienced a security incident with one of your servers. After some research, you determine that hotfix #568994 that has recently been released would have protected the server. Which of the ff. recommendations should you follow when applying the hotfix?

Test the hotfix and then apply it to all servers

which of the following functions can a port scanner provide?

Testing virus definition design for false positives >>Discovering unadvertised servers >>Determining which ports are open on a firewall Auditing IPsec encryption algorithm config

Which of the following is the main difference between a DOS attack and a DDoS attack?

The DDoS attack uses zombie computers.

If a user's BYOD device, such as a tablet or phone, is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a network access control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?

The NAC remediates devices before allowing them to connect to your network.

Software-defined networking (SDN) uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network statistics, making routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device. Which of the following best describes an SDN controller?

The SDN controller is a virtual networking devices The SDN controlling is hardware The SDN controller is a networking protocol >>The SDN controller is software

What block cipher and key size (in bits) are used by the Clipper Chip?

The Skipjack block cipher and an 80-bit key length

A malicious user in your organization was able to use the Trinity Rescue Kit to change the password on a department manager's computer in the finance department. The user was able to copy data containing bank account information and social security numbers. The user then destroyed the data by resetting the computer. The department manager was at lunch at the time and had enabled the lock screen to require a password to gain access to the computer. Which additional measure should the manager have taken to prevent data theft? O The data should have been backed up so it could be restored after it was destroyed. O The sensitive data on the computer should have been encrypted. O The computer should have been kept in a physically secure location. O The computer should have been bolted to the desk.

The computer should have been kept in a physically secure location.

Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.) O Layering O Principle of least privilege O Variety O Randomness O Simplicity

The constant change in personal habits and passwords to prevent anticipated events and exploitation: O Randomness Diversifying layers of defense: O Variety Giving users only the access they need to do their job and nothing more: O Principle of least privilege Implementing multiple security measures to protect the same asset: O Layering Eliminating single points of failure: O Layering Giving groups only the access they need to do their job and nothing more: O Principle of least privilege

Which of the following are not reasons to remote wipe a mobile device? ● The device is stolen or lost. ● The device is locked and someone has entered multiple incorrect passwords or PINs. ● The device is inactive for a period of time. ● The device is being assigned to another user.

The device is inactive for a period of time.

Which statement best describes IPSec when used in tunnel mode?

The entire data packet, including headers, is encapsulated

You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantines by the anti-malware software. What has happened to the file?

The infection has been removed, and the file has been saved to a different location. It has been deleted from your system The file extension has been changed to prevent it from running >>It has been moved to a secure folder on your computer

What is the key length used by a one-time pad?

The key length is the same length as the message that is to be encrypted. The message length determines the key length.

Which of the following defines the crossover error rate for evaluating biometric systems?

The point where the number of false positives matches the number of false negatives in a biometric system.

Which of the following describes a false postive when using IPS device?

The source address matching the destination address The source address identifying a non-existent host >>Legitimate traffic being flagged as malicious Malicious traffic masquerading as legitimate traffic Malicious traffic not being identified

Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept? ● The system administrator configures remote access privileges and the security officer reviews and activates each account. ● Every change to the default system image requires concurrent processing by multiple domain controllers. ● Security policy authors may never fraternize with system administration personnel. ● Only the security officer can implement new border router rule sets.

The system administrator configures remote access privileges and the security officer reviews and activates each account.

Which of the following describes the worst possible action by an IDS?

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

You are the wireless administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. You've decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client. Which of the following is true concerning this implementation?

The system is vulnerable because LEAP is susceptible to dictionary attacks

Which of the following best defines Single Loss Expectancy (SLE)? ● The monetary value of a single employee's loss of productivity due to a successful attack ● The statistical probability of a malicious event ● The total monetary loss associated with a single occurrence of a threat ● The total cost of all countermeasures associated with protecting against a given vulnerability

The total monetary loss associated with a single occurrence of a threat

Your organization uses an 802.1 lg wireless network. Recently, other tenants installed the following equipment in your building: • A wireless television distribution system running at 2.4 GHz • A wireless phone system running at 5.8 GHz • A wireless phone system running at goo MHz • An 802.1 In wireless network running in the 5 GHz frequency range Since this equipment was installed, your wireless has been experiencing significant interference. Which system is to blame?

The wireless TV system

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Three-way handshake Hashed shared secret >>Mutual authentication Certificate-based authentication

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? ● Multiply the Single Loss Expectancy (SLE) by the standard annual deviation. ● Divide the static variable by the probability index. ● Multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE). ● Through historical data provided by insurance companies and crime statistics.

Through historical data provided by insurance companies and crime statistics.

Which of the following tools would you use to validate the bandwidth on your network and identify when the bandwidth is significantly below what it should be? O Packet Sniffer O Protocol analyzer O Throughput Tester O Load Tester

Throughput Tester

What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year? ● To cut costs on travel ● To prevent the buildup of significant vacation time ● To test their knowledge of security ● To check for evidence of fraud

To check for evidence of fraud

What is the purpose of SCADA?

To collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data

What is the primary purpose of source code escrow? ● To obtain change rights over software after the vendor goes out of business ● To obtain resale rights over software after the vendor goes out of business ● To provide a backup copy of software to use for recovery in the event of a disaster ● To hold funds in reserve for unpredicted costs before paying the fees of the programmer

To obtain change rights over software after the vendor goes out of business

A user named Bob smith has been assigned a new desktop workstation to complete his day-to-day work. the computer runs Windows 7. When provisioning Bob's user account in your organization's Romain, you assigned an account name of BSmith with an initial password of bw2Fs3D. On first logon, Bob is prompted to change his password, so he change it to Fido, the name of his dog. What should you do to increase the security of Bob's account?(select two) Require users to set a stronger password upon initial logon. Configure user account names that are easy to guess. Upgrading the workstation to windows 8 Do not allow users to change their own passwords. Train user not to use password that are easy to guess

Train users not to use passwords that are easy to guess Use Group Policy to require strong passwords on user accounts

Which security standard is an enhanced version of Secure Sockets Layer (SSL)?

Transport Layer Security (TLS)

What is the difference between TPM and HSM chips?

Trusted Platform Module (TPM) chips are part of the motherboard. Hardware Security Module (HSM) chips are part of a PCI card that is mounted in a slot on the motherboard.

Which option is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment while actively preventing re-entrance through the exit portal? O Electronic access control doors O Egress mantraps O Locked doors with interior unlock push bars O Turnstiles

Turnstiles

Which of the following is stronger than any biometric authentication factor?

Two-factor authentication

KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials?

Twofish >>Blowfish HMAC-SHA1 >>GPG Kerberos

Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: www.videoshare.com www.vidshar.cmo www.vidsshare.com Each of these URLs points to a phishing Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario?

Typosquatting

Which port number is used by TFTP?

UDP port 69

Which services are usually provided by all-in-one security devices?

URL filtering, content inspection, and malware inspection

What is the greatest threat to the confidentiality of data in most secure organizations? O USB devices O Operator error O Hacker intrusion O Malware

USB Devices

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

Update the vulnerability scanner definition files Document your actions Use a port scanner to check for open ports >>Run the vulnerability assessment agent

Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication?

Use Kerberos Use IPsec and certificates >>Use SSL Add SASL and use TLS

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router config to a remote location in an encrypted file. You access the router config interface from your notebook computer using an SSH client with the user name *admin01* and the password *P@ssW0rd*. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?

Use TFTP to back up the router config to a remote location >>Move the router to a secure server room Use a Telnet client to access the router config Change the default admin user name and password Use encrypted type 7 passwords

How do you ensure that data is removed from a mobile device that has been stolen?

Use a remote wipe or remote sanitation program.

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a user name of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?

Use a web browser to access the router config using an HTTP connection Use an SSH client to access the router configuration Move the device to a secure data center >>Use a stronger admin password

Which of the following is a valid security measure to protect email from viruses?

Use blockers on email gateways

Your company has five salesmen who work out of the office and frequently leave their laptops laying on their desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns? O Encrypt all company data on the hard drives O Require strong passwords in the local security policy O Implement screen saver passwords O use cable locks to chain the laptops to the desks

Use cable locks to chain the laptops to the desks

You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.

You are concerned that an attacker can gain access to your web server, make modifications to the system, and alter the log files to hide his actions. Which of the following actions would best protect the log files?

Use syslog to send log entries to another server

What is the process by which a system determines that a specific user is authorized to perform certain functions?

authorization

Which of the following information is typically not included in an access token?

User account password

You have installed antivirus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she installed some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should pu add to your security measures to help prevent this from happening again? ● Close unused firewall ports ● Account lockout ● User awareness training ● Proxy server

User awareness training

Match each bring your own device (BYOD) security concern on the right with a possible remedyon the left. Each remedy may be used once, more than once, or not at all.

Users take pictures of proprietary processes and procedures >>Specify where and when mobile devices can be possessed in your acceptable use policy Devices with a data plan can email stolen data >>Specify where and when mobile devices can be possessed in your acceptable use policy Devices have no PIN or password configured >>Enroll devices in a mobile device management system Anti-malware software is not installed >>Implement a network access control solution A device containing sensitive data may be lost >>Enroll devices in a mobile device management system

Which of the following describes Privilege auditing?

Users' and groups' rights and privileges are checked to guard against creeping privileges.

Which of the following are characteristics of TACAS+?

Uses UDP Allows of two different servers, one for authentication and authorization, and another for accounting >>Allows three different servers, one each for authentication, authorization, and accounting >>Uses TCP

What is a good solution if you need to separate two departments into separate networks?

VLAN segregation

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that, as part of a system upgrade, you are to go to a website and enter your user name and password at a new website so you can manage your email and spam using the new service. What should you do? ● Open a web browser and type the URL included in the email. Follow the directions to enter pur login credentials. ● Click on the link in the email and look for company graphics or information before entering the login information. ● Delete the email. ● Click on the link in the email and follow the directions to enter your login information. ● Verify that the email was sent by the administrator and that this new service is legitimate.

Verify that the email was sent by the administrator and that this new service is legitimate.

You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a Victim of this threat by the presence of three files in the folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first? ● Reboot the system ● Distribute the message to everyone in your address book ● Delete the indicated files if present ● Verify the information on well-known malicious code threat management websites ● Perform a complete system backup

Verify the information on well-known malicious code threat management websites

Which of the following best describes //bluesnarfing?//

Viewing calendar, emails, and messages on a mobile device without authorization

What is the best definition of a security incident? O Interruption of productivity O Compromise of the CIA of resources O Violation of a security policy O Criminal activity

Violation of a security policy

Which of the following devices facilitates communication between different virtual machines by checking data packets before moving the to a destination?

Virtual firewall >>Virtual switch Virtual router Hypervisor

Which of the following social engineering attacks use Voice over IP (VolP) to gain sensitive information? ● Spear phishing ● Masquerading ● Vishing ● Tailgating

Vishing

Which of the following offers the weakest form of encryption for an 802.11 wireless network?

WEP

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 Personal

Which of the following are true about Wi-Fi Protected Access 2 (WPA2)? (Select two.)

WPA2 uses AES for encryption and CBC-MAC for data integrity. Upgrading from a network using WEP typically requires installing new hardware.

You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?

WPA2 with AES

Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two)

WSUS Group Policy

Match the exploit on the right with the appropriate description on the left.

Watering hole attack -> An attacker compromises a Web site, hoping that a target individual will access the site and be exposed to the exploit. Arbitrary code execution exploit -> A vulnerability in a running process allows an attacker to inject malicious instructions and run on them. LSO exploit -> A Flash cookie is used to collect information about the user's browsing habits without their permission. Zero-day attack -> An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer.

While developing a network application, a programmer adds functionally that allows her to access the running program, without authentication, to capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent?

Weak passwords Buffer overflow Privilege escalation >>Backdoor

A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario? ● MAC spoofing ● Whaling ● Passive ● Masquerading

Whaling

When would choosing to do nothing about an identified risk be acceptable? ● When the cost of protecting the asset is greater than the potential loss ● When the threat is most likely to come from an internal source instead of an external source ● When the threat is likely to occur less than once per year ● When the asset is an intangible asset instead of a tangible asset

When the cost of protecting the asset is greater than the potential loss

Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.

White box test >>The tester has detailed information about the target system prior to starting the test. Grey Box test >>The tester has the same about of information that would be available to a typical insider in the organization. Black box test >>The tester has no prior knowledge of the target system. Single blind test >>Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed. Double blind test >>The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed

What are the three main protocols that can be used for wireless networks?

Wired Equivalent Privacy (WEP), WiFi Protected Access version 1 (WPAv1), WPA version 2 (WPAv2)

You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which two tool would you use?

Wireshark >>Nessus OVAL LC4 >>Retina

Which of the following is an example of a decentralized privilege management solution?

Workgroup

Which of the following is undetectable software that allows administrator-level access?

Worm >>Rootkit Trojan Horse Spyware Logic bomb

Which is a program that appears to be a legitimate application, utility, game, or screensaver, and performs malicious activities surreptitiously?

Worm Outlook Express >>Trojan Horse ActiveX control

On which standard is Lightweight Directory Access Protocol (LDAP) based

X.500

On which standard are certificates based?

X.509

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?

XSS

Should virtual servers have the same information security requirements as physical servers?

Yes

What is the name for the process of tracking user activities by recording selected events in the server activity logs?

auditing

Why is the location of an alternate site important?

You do not want it to be affected by the same disaster as your primary facility.

What occurs when a user provides a password or proof of identity to a system?

authentication

In which of the following situation would you use port security?

You want to control the packets sent and received by a router You want to prevent MAC address spoofing You want to prevent sniffing attacks on the network >>You want to restrict the devices that could connect through a switch port.

Which risk response strategy involves modifying the security plan to eliminate the risk or its impact?

avoidance

In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

You want to protect a public web server from attack.

Which assessment examines network resources and information to determine the probability of a successful attack by a hacker?

a network risk assessment

What is Nessus?

a network vulnerability scanner

Which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?

a no expectation of privacy policy

Which assessment determines whether network security is properly configured to rebuff hacker attacks?

a penetration test

Which type of controls is implemented to secure physical access to an object, such as a building, a room, or a computer?

a physical or operational control

Which virus creates many variants by modifying its code to deceive antivirus scanners?

a polymorphic virus

Which key should be encrypted and protected with a password when stored: a public key or a private key?

a private key

What is Lightweight Extensible Authentication Protocol (LEAP)?

a proprietary wireless LAN authentication method developed by Cisco Systems

Which tool should you use to retrieve the contents of a GET request: a protocol analyzer or port scanner?

a protocol analyzer

What is Wireshark?

a protocol analyzer or packet sniffer

What is Protected Extensible Authentication Protocol (PEAP)?

a protocol that encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel

Which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?

a replay attack

What is a proxy server?

a server that caches and filters content

What is the name for a collection of hotfixes that have been combined into a single patch?

a service pack

What is fault generation?

a smart card attack that allows a hacker to uncover the encryption key using reverse engineering

Which type of attack involves flooding a recipient e-mail address with identical e-mails?

a spamming attack

What is whaling?

a special type of phishing that targets a single power user, such as a Chief Executive Officer (CEO)

What is vishing?

a special type of phishing that uses Voice over IP (VoIP)

Which security device requires physical possession and has passwords that can only be used once?

a token

What are the two most important security needs that are met using Secure Multipurpose Internet Mail Extensions (S/MIME)?

authentication and confidentiality

Which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?

a virtual private network (VPN)

What is a flaw, loophole, or weakness in the system, software, or hardware?

a vulnerability

What is the term for a potential opening in network security that a hacker can exploit to attack a network?

a vulnerability

On what does the Pretty Good Privacy (PGP) mail standard rely?

a web of trust

Which malicious software infects a system without relying upon other applications for its execution?

a worm

Which self-replicating computer program sends copies of itself to other devices on the network?

a worm

Operating System and Application Security *What tool is used in Windows to encrypt an entire volume?*

a. *BitLocker* BitLocker provides drive encryption and is available with Windows 7 and Windows Vista.

The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. which of the following is the primary benefit of creating this VLAN?

You can load-balance wireless guest network traffic to have a lower priority than the rest of the traffic on the network. You can control broadcast traffic and create a collision domain for just the wireless guest devices >>You can control security by isolating wireless guest devices within this VLAN. You can create a wireless guest network more affordably with a VLAN than you can with a router.

Which of the following is not an administrative benefit of implementing VLANs?

You can simply device moves You can manually load-balance network traffic You can control security by isolating traffic within a VLAN >>You can simplify routing traffic between separate networks. You can control broadcast traffic and create collision domains based on logical criteria

What must you do for an effective security auditing policy, besides creating security logs?

analyze the logs

Match the malicious interference type on the right with the appropriate characteristic on the left. Each characteristic can be used once, more than once, or not at all.

[Spark Jamming] Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace [Random Noise Jamming] Produces RF signals using random amplitudes and frequencies [Random Pulse Jamming] Uses radio signal pulses of random amplitude and frequency

Which type of attack runs code within another process's address space by making it load a dynamic link library?

a DLL injection attack

Which type of malware appears to perform a valuable function, but actually performs malicious acts?

a Trojan horse

What is a cookie?

a Web client test file that stores persistent settings for a Web server

What is a pop-up?

a Web site that opens in the foreground of the current browser window

Which type of brute-force attack attempts to find any two hashed messages that have the same value?

a birthday attack

Which password attack does an account lockout policy protect against?

a brute force attack

Which term is used for an agreement that is signed by two partnering companies?

a business partners agreement (BPA)

What is the name for the data structure that maintains a list of certificates that have been revoked before their expiration date?

a certificate revocation list (CRL)

What is the name for a hash algorithm that translates plaintext into an intermediate form?

a cipher

Which policy forces all users to organize their work areas to reduce the risk of data theft?

a clean desk policy

Which alternate computing facility is the least expensive to maintain before a disaster occurs?

a cold site

Which policy should be reviewed by the security administrator to determine what data is allowed to be collected from users of the corporate Internet-facing Web application?

a company's privacy policy

What is a service level agreement (SLA)?

a contract between a network service provider and a customer that specifies the services the network service provider will furnish

What is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information on future Web visits?

a cookie

What is steganography?

a cryptography method in which data is hidden in another media type

What is a honeypot?

a decoy system in your network installed to lure potential intruders away from legitimate systems

What is a Web security gateway?

a device that filters Web content

Which attack requires that the hacker compromise as many computers as possible to initiate the attack?

a distributed denial of service (DDoS) attack

Which attack uses clients, handles, agents, and targets?

a distributed denial of service (DDoS) attack

What do you use to control traffic from the Internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?

a firewall

Regarding mean time before failure (MTBF) and mean time to repair (MTTR) as they relate to system reliability, which metrics are desirable?

a high MTBF and a low MTTR

What is Fibre Channel?

a high-speed network technology (commonly running at 2-, 4-, 8- and 16-gigabit per second rates) that connects computer data storage

What is an attempt by someone to get one or more users to believe that a specific computer virus exists?

a hoax

Which alternate computing facility takes the least amount of time to become operational?

a hot site

Which type of code performs malicious acts only when a certain set of conditions occurs?

a logic bomb

Which type of attack on a cryptographic algorithm uses brute force methods to encrypt text strings until the output matches the ciphertext?

a mathematical attack

*If an asset is valued at 100,000, the threat exposure factor of a risk affecting that asset is 25%, and the annualized rate of occurrence is 20%, what is the ALE?* a. $5,000 b. $20,000 c. $25,000 d. $45,000

a. *$5,000* The annualized loss expectancy (ALE) is the product of the SLE (value times exposure factor) and the ARO or $20% of 100,000 × 25% = $5,000. Answer B is incorrect because $20,000 represents the asset value times ARO. Answer C is incorrect because the value times the exposure factor represents the single loss expectancy (SLE) rather than the annual loss expectancy (ALE). Answer D is simply an incorrectly calculated value.

Security-Related Policies and Procedures *Which rule of evidence within the United States involves Fourth Amendment protections?* a. Admissible b. Complete c. Reliable d. Believable

a. *Admissible* Admissibility involves collecting data in a manner that ensures its viability in court, including legal requirements such as the Fourth Amendment protections against unlawful search and seizure. Answers B and C are incorrect because data must be collected completely and protected against modification to ensure reliability, but these are not concerns of the Fourth Amendment. Answer D is incorrect because believability focuses on evidence being understandable, documented, and not subject to modification during transition.

*Which of the following are steps that can be taken to harden FTP services?* a. Anonymous access to shared files of questionable or undesirable content should be limited. b. Regular review of networks for unauthorized or rogue servers. c. Technologies that allow dynamic updates must also include access control and authentication. d. Unauthorized zone transfers should also be restricted.

a. *Anonymous access to shared files of questionable or undesirable content should be limited.* Anonymous access to shared files of questionable or undesirable content should be limited for proper FTP server security. Answer B is incorrect because it is a hardening practice for DHCP services. Answers C and D are incorrect because they are associated with hardening DNS service.

Access Control and Identity Management *Which type of authorization provides no mechanism for unique logon identification?* a. Anonymous b. Kerberos c. TACACS d. TACACS+

a. *Anonymous* During anonymous access, such as requests to a public FTP server, unique identify of the requester is not determined and so cannot be used for personalized logon identification. Answers B, C, and D are incorrect because authorization services such as Kerberos, TACACS, and its replacement TACACS+ all verify access requests against a list of authorized credentials and so can log individual visits and identify access request logons.

*Which of the following applications should be used to properly protect a host from malware? (Select two correct answers.)* a. Antispam software b. Antivirus software c. Content-filtering software d. Web-tracking software

a. *Antispam software* b. *Antivirus software* All host devices must have some type of malware protection. A necessary software program for protecting the user environment is antivirus software. Antivirus software is used to scan for malicious code in email and downloaded files. Antispam, antispyware software can add another layer of defense to the infrastructure. Answer C is incorrect because content filtering is done at the server level to keep host machines from accessing certain content. Answer D is incorrect because web tracking software merely tracks the sites a person visited.

*Which of the following is the preferred type of encryption used in SaaS platforms?* a. Application level b. Database level c. Media level d. HSM level

a. *Application level* In a software-as-a-service (SaaS) environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data from the user all the way to storage. Answer B is incorrect because in cloud implementations data should be encrypted at the application layer rather than within a database due to the complexity involved, and media encryption is managed at the storage layer. Answer C is incorrect because encryption of a complete virtual machine on infrastructure-as-a-service (IaaS) could be considered media encryption. Answer D is incorrect because a hardware security module (HSM) solution is mainly found in private datacenters that manage and offload cryptography with dedicated hardware appliances.

Threats and Vulnerabilities *You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is he referring to?*

a. *Armored virus* An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.

Security-Related Policies and Procedures *Which process inspects procedures and verifies that they're working?* a. Audit b. Business continuity plan c. Security review d. Group privilege management

a. *Audit* An audit is used to inspect and test procedures within an organization to verify that those procedures are working and up-to-date. The result of an audit is a report to management.

Security and Vulnerability in the Network *What checks to make sure that things are operating status quo and that change detection is used to alert when modifications are made?* a. Baseline reporting b. Code review c. Attack surfacing d. Risk analysis

a. *Baseline reporting* Baseline reporting checks to make sure that things are operating status quo and that change detection is used to alert when modifications are made.

Operating System and Application Security *Which of the following terms refers to the process of establishing a standard for security?*

a. *Baselining* Baselining is the process of establishing a standard for security.

Educating and Protecting the User *You've recently been hired by ACME to do a security audit. The managers of this company feel that their current security measures are inadequate. Which information access control model prevents users from writing information down to a lower level of security and prevents users from reading above their level of security?*

a. *Bell-LaPadula model* The Bell-LaPadula model is intended to protect confidentiality of information. This is accomplished by prohibiting users from reading above their security level and preventing them from writing below their security level.

Physical and Hardware-Based Security *Which technology uses a physical characteristic to establish identity?* a. Biometrics b. Surveillance c. Smart card d. CHAP authenticator

a. *Biometrics* Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.

*You are conducting a penetration test on an application for a client. The client provides you with no details about the source code and development process. What type of test will you likely be conducting?* a. Black box b. White box c. Vulnerability d. Answers A and C

a. *Black box* Black box testing does not provide any information about the environment. Answer B is incorrect as white box testing is more transparent and would provide details around the particular application. A vulnerability test and penetration test are separate items, thus answer C is incorrect. Answer D is also incorrect.

Security and Vulnerability in the Network *In which type of testing do you begin with the premise that the attacker has no knowledge of the network?* a. Black box b. White box c. Gray box d. Green box

a. *Black box* With black box testing, you begin with the premise that the attacker has no knowledge of the network.

*A situation in which a program or process attempts to store more data in a temporary data storage area than it was intended to hold is known as which of the following?* a. Buffer overflow b. Denial of service c. Distributed denial of service d. Storage overrun

a. *Buffer overflow* A buffer overflow occurs when a program or process attempts to store more data in a buffer than the buffer was intended to hold. The overflow of data can flow over into other buffers, overwriting or deleting data. A denial of service is a type of attack in which too much traffic is sent to a host, preventing it from responding to legitimate traffic. A distributed denial of service is similar, but it is initiated through multiple hosts; therefore, answers B and C are incorrect. Although answer D sounds correct, it is not.

*Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.)* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

a. *Buffer overflow* d. *Input validation error* A buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions, and input validation errors are a result of improper field checking in the code. Answer B is incorrect because Cross-site request forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while they are currently authenticated. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.

Security-Related Policies and Procedures *Most CAs require what to define certificate issue processes, record keeping, and subscribers' legal acceptance of terms?* a. CPS b. DAC c. SRC d. GPM

a. *CPS* Most CAs require a Certificate Practice Statement (CPS), which defines certificate issue processes, record keeping, and subscribers' legal acceptance of the terms of the CPS.

*Which of the following is widely used as a controlled access measure in businesses that offer free Wi-Fi hotspots to Internet users such as hotels and restaurants?* a. Captive portal b. Site survey c. VPN (over open wireless) d. Omnidirectional antenna

a. *Captive portal* Captive portals are widely used in businesses that offer free Wi-Fi hotspots to Internet users such as hotels and restaurants. Answer B is incorrect because a site survey is conducted before implementing any WLAN solution to optimize network layout within each unique location. Answer C is incorrect because VPNs over open wireless are commonly used to securely connect employees to corporate networks when they are not in the office by using an Internet connection. Answer D is incorrect. Omnidirectional antennas provide a 360° radial pattern to provide the widest possible signal coverage for a wireless network.

Cryptography Basics *What document describes how a CA issues certificates and what they are used for?*

a. *Certificate policies* The certificate policies document defines what certificates can be used for.

Security-Related Policies and Procedures *Which policy dictates how an organization manages certificates and certificate acceptance?* a. Certificate policy b. Certificate access list c. CA accreditation d. CRL rule

a. *Certificate policy* A certificate policy dictates how an organization uses, manages, and validates certificates.

*When a certificate authority revokes a certificate, notice of the revocation is distributed via what?* a. Certificate revocation list b. Certificate policy c. Digital signature d. Certificate practice statement

a. *Certificate revocation list* Certificate revocation lists are used to identify revoked certificates; however, the Online Certificate Status Protocol (OCSP), which provides certificate status in real time, has been created as an alternative to CRLs. Answers B and D are both incorrect because these terms relate to the policies and practices of certificates and the issuing authorities. Answer C is incorrect because a digital signature is an electronic signature used for identity authentication.

Physical and Hardware-Based Security *Which of the following is an example of perimeter security?* a. Chain link fence b. Video camera c. Elevator d. Locked computer room

a. *Chain link fence* Perimeter security involves creating a perimeter or outer boundary for a physical space. Video surveillance systems wouldn't be considered a part of perimeter security, but they can be used to enhance physical security monitoring.

*Evidence is inadmissible in court if which of the following is violated or mismanaged?* a. Chain of custody b. Service-level agreement c. Privacy policy d. Change management

a. *Chain of custody* If the chain of custody is violated or mismanaged, evidence is inadmissible in court. Service-level agreements (SLAs), privacy policies, and change management aren't associated with evidence gathering or forensics.

Disaster Recovery and Incident Response *Your company is about to invest heavily in an application written by a new startup. Because it is such a sizable investment, you express your concerns about the longevity of the new company and the risk this organization is taking. You propose that the new company agree to store its source code for use by customers in the event that it ceases business. What is this model called?* a. Code escrow b. SLA c. BCP d. CA

a. *Code escrow* Code escrow allows customers to access the source code of installed systems under specific conditions, such as the bankruptcy of a vendor.

Which term refers to the loss potential of an asset for a single year?

annualized loss expectancy (ALE)

What is the formula for determining ALE?

annualized loss expectancy (ALE) = single loss expectancy (SLE) x annualized rate of occurrence (ARO)

Access Control and Identity Management *Which of the three principles of security is supported by an iris biometric system?* a. Confidentiality b. Integrity c. Availability d. Vulnerability

a. *Confidentiality* Confidentiality involves protecting against unauthorized access, which biometric authentication systems support. Integrity is concerned with preventing unauthorized modification, making answer B incorrect. Answer C is not correct because availability is concerned with ensuring that access to services and data is protected against disruption. Answer D is incorrect because a vulnerability is a failure in one or more of the C-I-A principles.

*Which of the following should be implemented if the organization wants to monitor unauthorized transfers of confidential information?* a. Content inspection b. Proxy server c. Protocol analyzer d. Packet-filtering firewall

a. *Content inspection* Content inspection appliances use access control filtering software on a dedicated filtering appliance. The device monitors every packet of traffic that passes over a network. Answer B is incorrect. When a proxy server receives a request for an Internet service, it passes through filtering requirements and checks its local cache of previously downloaded web pages. Because web pages are stored locally, response times for web pages are faster and traffic to the Internet is substantially reduced. Answer C is incorrect. Protocol analyzers help you troubleshoot network issues by gathering packet-level information across the network. These applications capture packets and decode the information into readable data for analysis. Answer D is incorrect; a packet-filtering firewall filters packets based on IP addresses, ports, or protocols and is a simple, good first line of defense.

Access Control and Identity Management *In a decentralized key management system, the user is responsible for which one of the following functions?* a. Creation of the private and public key b. Creation of the digital certificate c. Creation of the CRL d. Revocation of the digital certificate

a. *Creation of the private and public key* In a decentralized key system, the end user generates his or her own key pair. The other functions, such as creation of the certificate, CRL, and the revocation of the certificate, are still handled by the certificate authority; therefore, answers B, C, and D are incorrect.

Access Control and Identity Management *The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be reduced slightly. Which access model allows users some flexibility for information-sharing purposes?*

a. *DAC* DAC allows some flexibility in information-sharing capabilities within the network.

*Which one of the following best describes the type of attack designed to bring a network to a halt by flooding the systems with useless traffic?* a. DoS b. Ping of death c. Teardrop d. Social engineering

a. *DoS* A DoS attack is designed to bring down a network by flooding the system with an overabundance of useless traffic. Although answers B and C are both types of DoS attacks, they are incorrect because DoS more accurately describes "a type of attack." Answer D is incorrect because social engineering describes the nontechnical means of obtaining information.

Threats and Vulnerabilities *Which type of attack denies authorized users access to network resources?*

a. *DoS* A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.

*You manage a network on which there are mixed vendor devices and are required to implement a strong authentication solution for wireless communications. Which of the following would best meet your requirements? (Select two correct answers.)* a. EAP b. WEP c. LEAP d. PEAP

a. *EAP* d. *PEAP* The IEEE and IETF specify 802.1X and EAP as the standard for secure wireless networking, and Protected EAP (PEAP) is standards based. PEAP was jointly developed by Microsoft, RSA Security, and Cisco Systems. It is an IETF open standard. PEAP provides mutual authentication and uses a certificate for server authentication by the client, and users have the convenience of entering password-based credentials. Answer B is incorrect because WEP is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point. Answer C is incorrect because LEAP is a Cisco-proprietary protocol.

Cryptography Basics *As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage?*

a. *Environmental controls* Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls.

*Which statement concerning virtualized environments is correct?* a. Existing security tools, such as antivirus, antispam, and IDS, are designed for single physical servers and do not always adapt well to multiple virtual machines. b. All hypervisors have the necessary security controls to keep out determined attackers. c. In a network with virtual machines, external devices such as firewalls and IDS reside between servers and can help prevent one from infecting another. d. A guest operating system that has remained dormant for a period of time can contain the latest patches and other security updates.

a. *Existing security tools, such as antivirus, antispam, and IDS, are designed for single physical servers and do not always adapt well to multiple virtual machines.* Existing security tools, such as antivirus, antispam, and IDS, were designed for single physical servers and do not always adapt well to multiple virtual machines.

Disaster Recovery and Incident Response *With high availability, the goal is to have key services available 99.999 percent of the time. What is this availability also known as?* a. Five nines b. Three nines c. Perfecta d. Trifecta

a. *Five nines* With high availability, the goal is to have key services available 99.999 percent of the time (also known as five nines availability).

Educating and Protecting the User *Which of the following is the best description of tailgating?*

a. *Following someone through a door they just unlocked* Tailgating is best defined as following someone through a door they just unlocked.

What is risk deterrence?

any action that you take to prevent a risk from occurring

*Which of the following is the most useful when you're dealing with machines that are being taken on the road by traveling executives, sales managers, or insurance agents?* a. Full disk encryption b. File-level encryption c. Media-level encryption d. Application-level encryption

a. *Full disk encryption* Full disk encryption is most useful when you're dealing with machines that are being taken on the road by traveling executives, sales managers, or insurance agents. Answer B is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself. Answer C is incorrect because media encryption is used for USB flash drives, iPods, and other portable storage devices. Answer D is incorrect because application-level encryption does not protect the data stored on the machines.

Security-Related Policies and Procedures *The organization is concerned about vulnerabilities in commercial off-the-shelf (COTS) software. Which of the following might be the only means of reviewing the security quality of the program?* a. Fuzzing b. Cross-Site Scripting c. Input validation d. Cross-site request forgery

a. *Fuzzing* In some closed application instances, fuzzing might be the only means of reviewing the security quality of the program. Answer B is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer C is incorrect because input validation tests whether an application properly handles input from a source outside the application destined for internal processing. Answer D, Cross-site request forgery (XSRF), is an attack in which the end user executes unwanted actions on a web application while she is currently authenticated.

*Which of the following methods can be used to locate a device in the event it is lost or stolen?* a. GPS tracking b. Voice encryption c. Remote wipe d. Passcode policy

a. *GPS tracking* If a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer C is incorrect because remote wipe allows the handheld's data to be remotely deleted if the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.

Physical and Hardware-Based Security *Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire?* a. Gas based b. Water based c. Fixed system d. Overhead sprinklers

a. *Gas based* Gas-based systems work by displacing the air around a fire. This eliminates one of the three necessary components of a fire: oxygen.

*Which is the best access control constraint to protect against accidental unauthorized access?* a. Implicit denial b. Least privilege c. Separation of duties d. Account expiration

a. *Implicit denial* The default assignment of an implicit denial, overridden by explicit grants of access aids in protecting resources against accidental access during normal network operations. Answer B is incorrect because least privilege is a principle of assigning only those rights necessary to perform assigned tasks. Answer C is incorrect because separation of duties is focused on ensuring that action and validation practices are performed separately. Answer D is incorrect because account expiration protocols ensure that individual accounts do not remain active past their designated lifespan, but they do nothing to protect against accidental resource availability for currently enabled accounts.

Disaster Recovery and Incident Response *Your organization is exploring data-loss prevention (DLP) solutions. The proposed solution is a software network solution that would be installed near the network perimeter to monitor for and flag policy violations. This solution is targeting which of the following data states?* a. In-transit b. At-rest c. In-use d. In-arrival

a. *In-transit* Protection of data in-transit is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer B is incorrect because protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer C is incorrect because protection of data in-use is considered to be an endpoint solution and the application is run on end-user workstations or servers in the organization. Answer D is incorrect because there is no such data state.

Security and Vulnerability in the Network *Which Windows workstation feature is accused of—sometimes inadvertently—making network bridging possible and introducing security concerns?* a. Internet Connection Sharing b. Windows Firewall c. Network Address Translation d. Dynamic Naming Service

a. *Internet Connection Sharing* ICS—Internet Connection Sharing—is accused of (sometimes inadvertently) making network bridging possible and introducing security concerns.

*Communications between different IP devices on a network is handled by one of the core protocols of TCP/IP, namely, _______________.* a. Internet Control Message Protocol (ICMP) b. Network Basic Input/Output System (NetBIOS) c. Telnet d. Simple Network Management Protocol (SNMP)

a. *Internet Control Message Protocol (ICMP)* Different IP devices on a network often need to share between them specific information. However, IP does not have the capability for devices to exchange these low-level control messages. The communications between devices is handled by one of the core protocols of TCP/IP, namely, Internet Control Message Protocol (ICMP).

*_______________ is an IP-based storage networking standard for linking data storage facilities.* a. Internet Small Computer System Interface (iSCSI) b. Internet Control Message Protocol (ICMP) c. Simple Network Management Protocol (SNMP) d. Network Basic Input/Output System (NetBIOS)

a. *Internet Small Computer System Interface (iSCSI)* iSCSI (Internet Small Computer System Interface) is an IP-based storage networking standard for linking data storage facilities. Because it works over a standard IP network, iSCSI can transmit data over LANs, wide area networks (WANs), and the Internet.

Educating and Protecting the User *at.allow is an access control that allows only specific users to use the service. What is at.deny?*

a. *It does not allow users named in the file to access the system.* The at.deny file does not allow users named in the file to access the system.

Physical and Hardware-Based Security *In a hot and cold aisle system, what is the typical method of handling cold air?* a. It is pumped in from below raised floor tiles. b. It is pumped in from above through the ceiling tiles. c. Only hot air is extracted and cold air is the natural result. d. Cold air exists in each aisle.

a. *It is pumped in from below raised floor tiles.* With hot and cold aisles, cold air is pumped in from below raised floor tiles.

*Which of the following is true of Pretty Good Privacy (PGP)? (Select the two best answers.)* a. It uses a web of trust. b. It uses a hierarchical structure. c. It uses public key encryption. d. It uses private key encryption.

a. *It uses a web of trust.* c. *It uses public key encryption.* PGP uses a web of trust rather than the hierarchical structure. It also uses public key encryption. Based on this, answers B and D are incorrect.

*_______________ limits the amount of time that individuals have to manipulate security configurations.* a. Job rotation b. Mandatory vacation c. Separation of duties d. Least privilege

a. *Job rotation* Job rotation limits the amount of time that individuals are in a position to manipulate security configurations.

Cryptography Basics *After returning from a conference in Jamaica, your manager informs you that he has learned that law enforcement has the right, under subpoena, to conduct investigations using keys. He wants you to implement measures to make such an event run smoothly should it ever happen. What is the process of storing keys for use by law enforcement called?*

a. *Key escrow* Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys.

*Which of the following is a denial-of-service attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?* a. Land b. Teardrop c. Smurf d. Fraggle

a. *Land* A land DoS attack uses network packets that have been spoofed so that the source and destination address are that of the victim. A teardrop attack uses fragmented IP packets. Smurf and fraggle attacks use spoofed ICMP and UDP packets, respectively, against an amplification network.

*_______________ is a proprietary EAP method developed by Cisco Systems and is based on the Microsoft implementation of Challenge Handshake Authentication Protocol (CHAP).* a. Lightweight EAP (LEAP) b. Advanced Encryption Standard (AES) c. Protected EAP (PEAP) d. Temporal Key Integrity Protocol (TKIP)

a. *Lightweight EAP (LEAP)* Lightweight EAP (LEAP) is a proprietary EAP method developed by Cisco Systems and is based on the Microsoft implementation of CHAP. It requires mutual authentication used for WLAN encryption using Cisco client software (there is no native support for LEAP in Microsoft Windows operating systems).

Threats and Vulnerabilities *Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you dialed in to the Internet. Which kind of attack has probably occurred?*

a. *Logic bomb* A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.

*Which of the following is not an example of multifactor authentication?* a. Logon and password b. Smart card and PIN c. RFID chip and thumbprint d. Gait and iris recognition e. Location and CAC

a. *Logon and password* Both logon and password represent a form of "what you know" authentication. Answers B, C, D, and E are all incorrect because they represent paired multifactor forms of authentication. A smart card and PIN represent what you have and know, and an RFID chip and thumbprint link what you have with what you are. Gait is a measure of what you do, and iris details are an example of what you are. Somewhere you are is a location, which could be based on GPS coordinates or IP address, and a common access card (CAC) is something you have.

*After a new switch was implemented, some sporadic connectivity issues on the network have occurred. The issues are suspected to be device related. Which of the following would the organization implement as a method for additional checks in order to prevent issues?* a. Loop protection b. Flood guard c. Implicit deny d. Port security

a. *Loop protection* The loop protection feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denial-of-service (DoS) attacks. Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.

Access Control and Identity Management *Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the method is to be one that is primarily based on preestablished access and can't be changed by users?*

a. *MAC* Mandatory Access Control (MAC) is oriented toward preestablished access. This access is typically established by network administrators and can't be changed by users.

*Which form of access control relies on labels for access control management?* a. MAC b. DAC c. Role-based (RBAC) d. Rule-based (RBAC)

a. *MAC* Mandatory access control (MAC) systems require assignment of labels such as Public, Secret, and Sensitive to provide resource access. Answer B is incorrect because discretionary access control (DAC) systems allow data owners to extend access rights to other logons based on explicit assignments or inherited group membership. Answers C and D are incorrect because both RBAC access control forms rely on conditional assignment of access rules either inherited (role based) or by environmental factors such as time of day or secured terminal location (rule based).

Protecting Networks *A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network?*

a. *MD-IDS* By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.

Threats and Vulnerabilities *An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute?*

a. *Man-in-the-middle attack* A man-in-the-middle attack attempts to fool both ends of a communications session into believing the system in the middle is the other end.

Protecting Networks *The IDS console is known as what?*

a. *Manager* The IDS console is known as the manager.

*Which one of the following is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building?* a. Mantrap b. Biometric c. Honeypot d. Honeynet

a. *Mantrap* A mantrap is a physical security control that is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building. Biometrics typically incorporate something about the person, such as retina scan or fingerprint, to allow access, and so Answer B is incorrect. Answers C and D are also incorrect as these describe controls not related to physical security.

Educating and Protecting the User *For which U.S. organization was the Bell-LaPadula model designed?*

a. *Military* The Bell-LaPadula model was originally designed for use by the military.

*Which one of the following controls are physical security measures? (Select all correct answers.)* a. Motion detector b. Antivirus software c. CCTV d. Fence

a. *Motion detector* c. *CCTV* d. *Fence* Motion detectors, CCTV, and fencing are all controls used for physical security. Antivirus is not a physical security control, but a control used to protect computer systems from malware, and therefore Answer B is incorrect.

Access Control and Identity Management *After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?*

a. *Multifactor* A multifactor authentication method uses two or more processes for logon. A two-factor method might use smart cards and biometrics for logon.

*TCP/IP uses its own four-layer architecture that includes _______________ layers.* a. Network Interface, Internet, Transport, and Application b. Network Interface, Network, Transport, and Application c. Network Interface, Internet, Transport, and Authentication d. Network Interface, Network, Transport, and Authentication

a. *Network Interface, Internet, Transport, and Application* TCP/IP uses its own four-layer architecture that includes Network Interface, Internet, Transport, and Application layers.

Operating System and Application Security *Users are complaining about name resolution problems suddenly occurring that were never an issue before. You suspect that an intruder has compromised the integrity of the DNS server on your network. What is one of the primary ways in which an attacker uses DNS?*

a. *Network footprinting* DNS records in a DNS server provide insights into the nature and structure of a network. DNS records should be kept to a minimum in public DNS servers. Network footprinting involves the attacker collecting data about the network to devise methods of intrusion.

Infrastructure and Connectivity *At which layer of the OSI model does the Internet Protocol Security protocol function?* a. Network layer b. Presentation layer c. Session layer d. Application layer

a. *Network layer* IPsec validation and encryption function at the network layer of the OSI model. Answers B, C, and D are incorrect because IPsec functions at a lower level of the OSI model.

Network Security *Which type of switch network monitoring is best suited for high-speed networks that have a large volume of traffic?* a. Network tapping b. Port mirroring c. Load balancing d. Packet filtering

a. *Network tapping* A network tap is generally best for high-speed networks that have a large volume of traffic, while port mirroring is better for networks with light traffic.

*The sender of data is provided with proof of delivery, and neither the sender nor receiver can deny either having sent or received the data. What is this called?* a. Nonrepudiation b. Repetition c. Nonrepetition d. Repudiation

a. *Nonrepudiation* Nonrepudiation means that neither party can deny either having sent or received the data in question. Both answers B and C are incorrect. And repudiation is defined as the act of refusal; therefore, answer D is incorrect.

*Which of the following are used to verify the status of a certificate? (Select two correct answers.)* a. OCSP b. CRL c. OSPF d. ACL

a. *OCSP* b. *CRL* The Online Certificate Status Protocol (OCSP) and the certificate revocation list (CRL) are used to verify the status of digital certificates. OSPF is a routing protocol; therefore, answer C is incorrect. An ACL is used to define access control; therefore, answer D is incorrect.

*What is a significant difference between vulnerability scanners and penetration testing?* a. One tests both the infrastructure and personnel. b. One only tests internal weaknesses. c. One only tests for configuration errors. d. One is used to find problems before hackers do.

a. *One tests both the infrastructure and personnel.* The primary difference between vulnerability assessment and penetration testing is that penetration testing tests both the infrastructure and the personnel. Vulnerability assessment is performed by a security administrator using an automated tool that is designed solely to test the configuration of target systems

Access Control and Identity Management *Which one of the following defines APIs for devices such as smart cards that contain cryptographic information?* a. PKCS #11 b. PKCS #13 c. PKCS #4 d. PKCS #2

a. *PKCS #11* PKCS #11, the Cryptographic Token Interface Standards, defines an API named Cryptoki for devices holding cryptographic information. Answer B is incorrect because PKCS #13 is the Elliptic Curve Cryptography (ECC) standard. Both answers C and D are incorrect because PKCS #4 and PKCS #2 no longer exist and have been integrated into PKCS #1, RSA Cryptography Standard.

Access Control and Identity Management *Which protocol is unsuitable for WAN VPN connections?*

a. *PPP* PPP provides no security, and all activities are unsecure. PPP is primarily intended for remote connections and should never be used for VPN connections.

Wireless Networking Security *If the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted. What is this vulnerability known as?* a. Packet sniffing b. Minding the gap c. Middle man d. Broken promise

a. *Packet sniffing* If the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted and this is known as packet sniffing.

Threats and Vulnerabilities *Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing?*

a. *Password-guessing attack* A password-guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords.

Physical and Hardware-Based Security *Which component of physical security addresses outer-level access control?* a. Perimeter security b. Mantraps c. Security zones d. Locked doors

a. *Perimeter security* The first layer of access control is perimeter security. Perimeter security is intended to delay or deter entrance into a facility.

Protecting Networks *Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port?*

a. *Port spanning* Port spanning (also known as port mirroring) copies the traffic from all ports to a single port and disallows bidirectional traffic on that port.

Protecting Networks *Sockets are a combination of the IP address and which of the following?*

a. *Port* Sockets are a combination of the IP address and the port.

*_______________ is designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords.* a. Protected EAP (PEAP) b. Lightweight EAP (LEAP) c. Temporal Key Integrity Protocol (TKIP) d. PSK2-mixed mode

a. *Protected EAP (PEAP)* Protected EAP (PEAP) is designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords. PEAP is considered a more flexible PEAP scheme because it creates an encrypted channel between the client and the authentication server, and the channel then protects the subsequent user authentication exchange.

Disaster Recovery and Incident Response *There have been some sporadic connectivity issues on the network. Which of the following is the best choice to investigate these issues?* a. Protocol analyzer b. Circuit-level gateway logs c. Spam filter appliance d. Web application firewall logs

a. *Protocol analyzer* Protocol analyzers help you troubleshoot network issues by gathering packet-level information across the network. These applications capture packets and can conduct protocol decoding, putting the information into readable data for analysis. Answer B is incorrect because a circuit-level gateway filters based on source and destination addresses. Answer C is incorrect because all-in-one spam filter appliances allow for checksum technology, which tracks the number of times a particular message has appeared, and message authenticity checking, which uses multiple algorithms to verify authenticity of a message. Answer D is incorrect because a web application firewall is software or a hardware appliance used to protect the organization's web server from attack.

Disaster Recovery and Incident Response *You've been brought in as a temporary for FRS, Inc. The head of IT assigns you the task of evaluating all servers and their disks and making a list of any data not stored redundantly. Which disk technology isn't fault tolerant?* a. RAID 0 b. RAID 1 c. RAID 3 d. RAID 5

a. *RAID 0* RAID 0 is a method of spreading data from a single disk over a number of disk drives. It's used primarily for performance purposes.

*A rootkit has been discovered on your mission-critical database server. What is the best step to take to return this system to production?* a. Reconstitute it. b. Run an antivirus tool. c. Install an HIDS. d. Apply vendor patches.

a. *Reconstitute it.* The only real option to return a system to a secure state after a rootkit is reconstitution.

*Which of the following algorithms is now known as the Advanced Encryption Standard (AES)?* a. Rijndael b. 3DES c. RC6 d. Twofish e. CAST

a. *Rijndael* Rijndael was the winner of the new AES standard. Although RC6 and Twofish competed for selection, they were not chosen. 3DES and CAST did not participate; therefore, answers B, C, D, and E are incorrect.

Protecting Networks *Which of the following protocols supports DES, 3DES, RC2, and RSA2 encryption along with CHAP authentication, but was not widely adopted?* a. S-HTTP b. S/MIME c. HTTP d. PPTP

a. *S-HTTP* An alternative to HTTPS is the Secure Hypertext Transport Protocol (S-HTTP), which was developed to support connectivity for banking transactions and other secure web communications. S-HTTP was not adopted by the early web browser developers (for example, Netscape and Microsoft) and so remains less common than the HTTPS standard. Additionally, S-HTTP encrypts individual messages so it cannot be used for VPN security. Answer B is incorrect. S/MIME is used to encrypt electronic mail transmissions over public networks. Answer C is incorrect because HTTP is used for unsecured web-based communications. Answer D is incorrect because Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks.

Protecting Networks *Which of the following is most likely to use network segmentation as an alternate security method?* a. SCADA systems b. Mainframes c. Android d. Gaming consoles

a. *SCADA systems* Network segmentation is one of the most effective controls an organization can implement in order to mitigate the effect of a network intrusion. Due to the sensitive nature of supervisory control and data acquisition (SCADA) systems, they would most likely use network segmentation. Answer B is incorrect because mainframes would most likely use security layers. Answer C is incorrect because Android would most likely use security layers. Answer D is incorrect. Most gaming consoles use firmware version control as an alternative security method.

Operating System and Application Security *The flexibility of relational databases in use today is a result of which of the following?*

a. *SQL* SQL is a powerful database access language used by most relational database systems.

Physical and Hardware-Based Security *Which of the following methods is the most effective way to physically secure laptops that are used in an environment such as an office?* a. Security cables b. Server cages c. Locked cabinet d. Hardware dongle

a. *Security cables* Security cables with combination locks can provide such security and are easy to use. They are used mostly to secure laptops and leave the equipment exposed. Answer B is incorrect because PC Safe tower and server cages are designed to bolt to the floor and are meant to be in an environment that is static. Answer C is incorrect because a locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular, daily basis. Vendors provide solutions such as a security cabinet locker that secures CPU towers. The housing is made of durable, heavy-duty steel for strength. Answer D is incorrect because a hardware dongle is used for license enforcement.

Security-Related Policies and Procedures *MTS is in the process of increasing all security for all resources. No longer will the legacy method of assigning rights to users as they're needed be accepted. From now on, all rights must be obtained for the network or system through group membership. Which of the following groups is used to manage access in a network?* a. Security group b. Single sign-on group c. Resource sharing group d. AD group

a. *Security group* A security group is used to manage user access to a network or system.

Operating System and Application Security *The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up-to-date. What is a bundle of one or more system fixes in a single product called?*

a. *Service pack* A service pack is one or more repairs to system problems bundled into a single process or function.

*Which protocol is used to manage network equipment and is supported by most network equipment manufacturers?* a. Simple Network Management Protocol (SNMP) b. Internet Control Message Protocol (ICMP) c. Secure Copy Protocol (SCP) d. Transmission Control Protocol/Internet Protocol (TCP/IP)

a. *Simple Network Management Protocol (SNMP)* The Simple Network Management Protocol (SNMP) is a popular protocol used to manage network equipment and is supported by most network equipment manufacturers.

Protecting Networks *Which device monitors network traffic in a passive manner?*

a. *Sniffer* Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting.

Educating and Protecting the User *As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type?*

a. *Social engineering* Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment.

Threats and Vulnerabilities *You're the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log on. It's apparent that the email server is being targeted. Which type of attack is most likely occurring?*

a. *Software exploitation attack* A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access. Most email servers use port 25 for email connections using SMTP.

*An authentication system relies on an RFID chip embedded in a plastic key together with the pattern of blood vessels in the back of an authorized user's hand. What types of authentication are being employed in this system?* a. Something you have and something you are b. Something you do and something you know c. Something you know and something you are d. Somewhere you are and something you have

a. *Something you have and something you are* The RFID-enabled key is a form of "something you have," and the blood vessel biometric signature is a form of "something you are." Answers B and C are incorrect because there are no "something you know" requirements, such as the input of a personal identification number (PIN) or password. Answer D is incorrect because the "somewhere you are," also known as geolocation, authentication factor is not mentioned in the question.

*Which of the following is a non-proprietary protocol that provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests?* a. TACACS+ b. SAML c. Secure LDAP d. XTACACS

a. *TACACS+* TACACS+, released as an open standard, is a protocol that provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests. TACACS+ is similar to RADIUS but uses TCP instead of RADIUS's UDP transport. Answer B is incorrect because SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) framework for creating and exchanging security information between online partners. Answer C is incorrect because secure LDAP is a way to make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.

Threats and Vulnerabilities *A server on your network will no longer accept connections using TCP. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring?*

a. *TCP ACK attack* A TCP ACK attack creates multiple incomplete sessions. Eventually, the TCP protocol hits a limit and refuses additional connections.

*A man-in-the-middle attack takes advantage of which of the following?* a. TCP handshake b. UDP handshake c. Juggernaut d. All of the above

a. *TCP handshake* TCP is a connection-oriented protocol, which uses a three-way handshake to establish and close a connection. Answers B, C, and D are incorrect. A man-in-the-middle attack takes advantage of this handshake by inserting itself in the middle. UDP is a connectionless protocol and does not use a handshake to establish a connection. Juggernaut describes a program that helps make man-in-the-middle attacks easier.

Wireless Networking Security *Which encryption technology is associated with WPA?* a. TKIP b. CCMP c. WEP d. LDAP

a. *TKIP* The encryption technology associated with WPA is TKIP.

Cryptography Basics *Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols?*

a. *TLS* TLS is a security protocol that uses SSL, and it allows the use of other security protocols.

*Which type of risk control involves enforcing technology to control risk, such as antivirus software, firewalls, and encryption?* a. Technical b. System c. Management d. Operational

a. *Technical* Technical risk control types involve enforcing technology to control risk, such as antivirus software, firewalls, and encryption.

*Which term describes both an older TCP/IP protocol for text-based communication and a terminal emulation program?* a. Telnet b. File Transfer Protocol (FTP) c. Network Basic Input/Output System (NetBIOS) d. Secure Network Management Protocol (SNMP)

a. *Telnet* Telnet is an older TCP/IP protocol for text-based communication. In addition, Telnet is also an application. This application is a terminal emulation program that runs on a local computer that connects to a server on the network. Commands can be entered using the Telnet application to the remote server as if the user was at the server itself.

*The heart and soul of WPA is a newer encryption technology called _______________.* a. Temporal Key Integrity Protocol (TKIP) b. Advanced Encryption Standard (AES) c. Triple DES d. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

a. *Temporal Key Integrity Protocol (TKIP)* The heart and soul of WPA is a newer encryption technology called Temporal Key Integrity Protocol (TKIP). TKIP functions as a "wrapper" around WEP by adding an additional layer of security but still preserving WEP's basic functionality.

Security-Related Policies and Procedures *A policy of mandatory vacations should be implemented in order to assist in:* a. The prevention of fraud b. Identifying employees no longer needed c. Reducing insurance expenses d. Enforcing privilege management

a. *The prevention of fraud* A policy of mandatory vacations should be implemented in order to assist in the prevention of fraud.

Access Control and Identity Management *Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data you work with, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session?*

a. *Tokens* Tokens are created when a user or system successfully authenticates. The token is destroyed when the session is over.

Educating and Protecting the User *Which of the following is the highest classification level in the government?*

a. *Top Secret* Top Secret is the highest classification level in the government.

*What is the most common protocol used today for both local area networks (LANs) and the Internet?* a. Transmission Control Protocol/Internet Protocol (TCP/IP) b. Secure Sockets Layer (SSL) c. Hypertext Transport Protocol Secure (HTTPS) d. Domain Name System (DNS)

a. *Transmission Control Protocol/Internet Protocol (TCP/IP)* Computer networks also have protocols, or rules for communication. These protocols are essential for proper communication to take place between network devices. The most common protocol used today for both local area networks (LANs) and the Internet is Transmission Control Protocol/Internet Protocol (TCP/IP).

Threats and Vulnerabilities *A mobile user calls you from the road and informs you that his laptop is exhibiting erratic behavior. He reports that there were no problems until he downloaded a tic-tac-toe program from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program?*

a. *Trojan horse virus* A Trojan horse enters with a legitimate program to accomplish its nefarious deeds.

*What two key elements must be carefully balanced in an effective security policy?* a. Trust and control b. Due process and due care c. Due process and due diligence d. Privilege and threat

a. *Trust and control* An effective security policy must carefully balance two key elements: trust and control.

Access Control and Identity Management *Which technology allows a connection to be made between two networks using a secure protocol?*

a. *Tunneling* Tunneling allows a network to make a secure connection to another network through the Internet or other network. Tunnels are usually secure and present themselves as extensions of both networks.

Cryptography Basics *Which of the following is similar to Blowfish but works on 128-bit blocks?*

a. *Twofish* Twofish was created by the same creator of Blowfish. It performs a similar function on 128-bit blocks instead of 64-bit blocks.

*Which of the following is a cloud-based security solution mainly found in private data centers?* a. VPC b. HSM c. TPM d. PKI

a. *VPC* The HSM and cloud machines can both live on the same virtual private network through the use of a virtual private cloud (VPC) environment. This type of solution is mainly found in private datacenters that manage and offload cryptography with dedicated hardware appliances. Answer B is incorrect because traditionally HSMs have been used in the banking sector to secure numerous large, bulk transactions. Answer C is incorrect because TPM refers to a secure crypto-processor used to authenticate hardware devices such as a PC or laptop. Answer D is incorrect because public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

*Which one of the following is not considered a physical security component?* a. VPN tunnel b. Mantrap c. Fence d. CCTV

a. *VPN tunnel* A VPN tunnel is an example of data security, not physical security. Mantrap, fence, and CCTV are all components of physical security; therefore, answers B, C, and D are incorrect.

Network Security *What term refers to a technology that enables authorized users to use an unsecured public network, such as the Internet, as if it were a secure private network?* a. Virtual private network (VPN) b. Gateway c. Intrusion detection system (IDS) d. Port mirroring

a. *Virtual private network (VPN)* A virtual private network (VPN) is a technology that enables authorized users to use an unsecured public network, such as the Internet, as if it were a secure private network.

*Which of the following provide a "sandboxed" system that can be used to investigate malware?* a. Virtualization b. Network storage c. Host software baselining d. Application baselining

a. *Virtualization* A virtualized "sandboxed" guest system can help in computer-security research, which enables the study of the effects of some viruses or worms without the possibility of compromising the host system. Answer B is incorrect because network storage has nothing to do with desktop management. Answer C is incorrect because host software baselining can be done for a variety of reasons including malware monitoring and creating system images. Answer D is incorrect because application baselining is used to monitor changes in application behavior.

Security and Vulnerability in the Network *Nessus is a tool that performs which security function?* a. Vulnerability scanning b. Penetration testing c. Ethical hacking d. Loop protection

a. *Vulnerability scanning* Nessus is one of the better-known vulnerability scanners.

Wireless Networking Security *An IV attack is usually associated with which of the following wireless protocols?* a. WEP b. WAP c. WPA d. WPA2

a. *WEP* An IV attack is usually associated with the WEP wireless protocol.

*There are two modes for Wi-Fi Protected Access (WPA): _______________.* a. WPA Personal and WPA Enterprise b. WPA Private and WPA Public c. WPA Open and WPA Closed d. WPA Shortwave and WPA Longwave

a. *WPA Personal and WPA Enterprise* There are two modes of WPA. WPA Personal was designed for individuals or small office/home office (SOHO) settings, which typically have 10 or fewer employees. A more robust WPA Enterprise was intended for larger enterprises, schools, and government agencies. WPA addresses both encryption and authentication.

*Which of the following provides government-grade security by implementing the AES encryption algorithm and 802.1X-based authentication?* a. WPA2 b. WEP c. WPA d. WAP

a. *WPA2* WPA2 is based on the IEEE 802.11i standard and provides government-grade security by implementing the AES encryption algorithm and 802.1X-based authentication. Answer B is incorrect because the WEP standard was proven to be unsecure and has been replaced by the newer WPA standards. Answer C is incorrect because the early WPA standard has been superseded by the WPA2 standard, implementing the full 802.11i-2004 amendment. Answer D is incorrect because a WAP refers to a wireless access point, which is the wireless network hardware that functions in the place of a wired switch.

Wireless Networking Security *Which of the following manages the session information and connection between wireless devices?* a. WSP b. WPD c. WPT d. WMD

a. *WSP* WSP (Wireless Session Protocol) manages the session information and connection between wireless devices.

Security-Related Policies and Procedures *Which of the following is not a principal concern for first responders to a hacking incident within a corporation operating in the United States?* a. Whether EMI shielding is intact b. Whether data is gathered properly c. Whether data is protected from modification d. Whether collected data is complete

a. *Whether EMI shielding is intact* EMI shielding is important to protecting data and services against unauthorized interception as well as interference but is not a principal concern for first responders following an incident. First responders must ensure that data is collected correctly and protect it from modification using proper controls ensuring a clear chain of evidence, making answers B and C incorrect. Answer D is incorrect because a first responder might be the only agent able to ensure that all data is collected before being lost due to volatility of storage.

Cryptography Basics *Which set of specifications is designed to allow XML-based programs access to PKI services?*

a. *XKMS* XML Key Management Specification (XKMS) is designed to allow XML-based programs access to PKI services.

Physical and Hardware-Based Security *You're the administrator for MTS. You're creating a team that will report to you, and you're attempting to divide the responsibilities for security among individual members. Similarly, which of the following access methods breaks a large area into smaller areas that can be monitored individually?* a. Zone b. Partition c. Perimeter d. Floor

a. *Zone* A security zone is a smaller part of a larger area. Security zones can be monitored individually if needed. Answers B, C, and D are examples of security zones.

*A(n) _______________ access point (AP) uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.* a. captive portal b. open portal c. closed portal d. Internet portal

a. *captive portal* A captive portal AP uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.

*A _______________ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a denial of service (DoS) attack.* a. flood guard b. virtual local area network (VLAN) c. network intrusion detection system (NIDS) d. virtual private network (VPN) concentrator

a. *flood guard* One defense against DoS and DDoS SYN flood attacks is to use a flood guard. A flood guard is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack.

*An advantage of _______________ is that it helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someone else may have overlooked.* a. job rotation b. mandatory vacation c. separation of duties d. least privilege

a. *job rotation* An advantage of job rotation is that it helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someone else may have overlooked.

Network Security *Using _______________, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.* a. malware inspection and filtering b. content inspection c. uniform resource locator (URL) filtering d. detailed reporting

a. *malware inspection and filtering* With malware inspection and filtering, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.

Is the Message Digest 5 (MD5) algorithm used with symmetric or asymmetric key algorithms?

asymmetric

Is the RSA algorithm symmetric or asymmetric?

asymmetric

*In redundancy and fault tolerance, the term _______________ describes the average amount of time that it will take a device to recover from a failure that is not a terminal failure.* a. mean time to recovery b. failure In Time c. mean time between failures d. mean time to failure

a. *mean time to recovery* Mean time to recovery (MTTR) is the average amount of time that it will take a device to recover from a failure that is not a terminal failure.

Network Security *A(n) _______________ is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.* a. proxy server b. load balancer c. network tap d. Internet content filter

a. *proxy server* A proxy server is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.

*Within a firewall rule, the _______________ describes the TCP/IP port number being used to send packets of data through.* a. source port b. destination port c. source address d. destination address

a. *source port* The source port is the TCP/IP port number being used to send packets of data through. Options for setting the source port often include a specific port number, a range of numbers, or Any (port).

*One way to provide network separation is to physically separate users by connecting them to different _______________.* a. switches and routers b. hubs c. mirrored ports d. operating systems

a. *switches and routers* One way to provide network separation is to physically separate users by connecting them to different switches and routers. This prevents bridging and even prevents a reconfigured device from allowing that connection to occur.

*Transferring files can be performed using the File Transfer Protocol (FTP), which is a(n) _______________ TCP/IP protocol.* a. unsecure b. secure c. open d. closed

a. *unsecure* Transferring files can be performed using the File Transfer Protocol (FTP), which is an unsecure TCP/IP protocol. FTP is used to connect to an FTP server, much in the same way that HTTP links to a web server.

Which risk response strategy does not implement any countermeasures, but allows risks to remain?

acceptance

Which setting ensures that accounts are not used beyond a certain date and/or time?

account expiration

Which setting ensures that repeated attempts to guess a user's password is not possible beyond the configured value?

account lockout

What are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?

accountability

What is the most important biometric system characteristic?

accuracy

Which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?

active detection

Which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?

administrative controls

Who can change a resource's category in a mandatory access control environment?

administrators only

When should you install a software patch on a production server?

after the patch has been tested

According to CompTIA's Security+ examination blueprint, what are the three listed reporting techniques for mitigation and deterrence?

alarms, alerts, and trends

What is an evil twin?

an access point with the same SSID as the legitimate access point

Which type of controls dictates how security policies are implemented to fulfill the company's security goals?

an administrative or management control

What is a cold site?

an alternate computing facility with no telecommunications equipment or computers

What is a hot site?

an alternate computing facility with telecommunications equipment and computers

What is a warm site?

an alternate computing facility with telecommunications equipment but no computers

What is a smurf attack?

an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system

What is a phishing attack?

an attack where a user is sent an e-mail that appears to come from a valid entity asking for personally identifiable information (PII)

What is a replay attack?

an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user

What is spimming?

an instance of spam sent over an instant message application

What is microphobing?

an intrusive smart card attack in which the card is physically manipulated until the ROM chip can be accessed.

What is a file considered in a mandatory access control environment?

an object

Which assessment examines physical and electronic information handling issues to determine whether security weaknesses exist?

an organizational risk assessment

*An asset is valued at $12,000, the threat exposure factor of a risk affecting that asset is 25%, and the annualized rate of occurrence is 50%. What is the SLE?* a. $1,500 b. $3,000 c. $4,000 d. $6,000

b. *$3,000* The single loss expectancy (SLE) is the product of the value ($12,000) and the threat exposure (.25), or $3,000. Answer A is incorrect because $1,500 represents the annualized loss expectancy (ALE), which is the product of the SLE and the annualized rate of occurrence (ARO). Answers C and D are incorrect calculated values.

Disaster Recovery and Incident Response *What is the maximum number of drive failures a RAID 5 array can survive from and still be able to function?* a. 0 b. 1 c. 2 d. More than 2

b. *1* A RAID 5 array can survive the failure of any one drive and still be able to function. It can't survive the failure of multiple drives.

*Which port does NetBIOS use?* a. 80 b. 139 c. 143 d. 443

b. *139* NetBIOS uses port 139.

*Which port does the Internet Message Access Protocol (IMAP) use?* a. 25 b. 143 c. 443 d. 3389

b. *143* The Internet Message Access Protocol (IMAP) uses port 143.

*If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must be restored following a disaster on Friday?* a. 1 b. 2 c. 5 d. 6

b. *2* With a differential backup scheme, only the last full and last differential backup need to be restored, making answer C incorrect as well. Daily full backups would require only the last full backup, making answer A incorrect in this configuration. Answer D would be correct in an incremental rather than a differential backup setting, where the last full and all intervening incremental backups must be restored for recovery.

*You want to be sure that the FTP ports that are required for a contract worker's functionality have been properly secured. Which of the following ports would you check?* a. 25/110/143 b. 20/21 c.137/138/139 d. 53

b. *20/21* Ports 20 and 21 are used for FTP. Answer A is incorrect because these ports are used for email. Answer C is incorrect because these NetBIOS ports are required for certain Windows network functions such as file sharing. Answer D is incorrect because this port is used for DNS.

*Which port does the File Transfer Protocol (FTP) use for commands?* a. 20 b. 21 c. 22 d. 25

b. *21* The File Transfer Protocol (FTP) uses port 21 for commands.

*Which port does the Secure Shell (SSH) protocol use?* a. 21 b. 22 c. 139 d. 443

b. *22* The Secure Shell (SSH) protocol uses port 22.

Wireless Networking Security *What is the size of the initialization vector (IV) that WEP uses for encryption?* a. 6-bit b. 24-bit c. 56-bit d. 128-bit

b. *24-bit* The initialization vector (IV) that WEP uses for encryption is 24-bit.

*What is the proper humidity level or range for IT environments?* a. Below 40 percent b. 40 percent to 60 percent c. Above 60 percent d. 20 percent to 80 percent

b. *40 percent to 60 percent* The proper humidity level or range for IT environments is 40% RH to 60% RH.

*Which port does the Domain Name System (DNS) protocol use?* a. 25 b. 53 c. 80 d. 443

b. *53* The Domain Name System (DNS) protocol uses port 53.

Network Security *What feature distinguishes a network intrusion prevention system (NIPS) from a network intrusion detection system (NIDS)?* a. A NIPS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis. b. A NIPS is located "in line" on the firewall itself. c. A NIPS is designed to integrate with existing antivirus, antispyware, and firewalls that are installed on the local host computer. d. A NIPS can use a protocol stack verification technique.

b. *A NIPS is located "in line" on the firewall itself.* One of the major differences between a NIDS and a NIPS is its location. A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis. A NIPS, on the other hand, would be located "in line" on the firewall itself. This can allow the NIPS to more quickly take action to block an attack.

Educating and Protecting the User *You have recently had security breaches in the network. You suspect they might be coming from a telecommuter's home network. Which of the following devices would you use to require a secure method for employees to access corporate resources while working from home?* a. A router b. A VPN concentrator c. A firewall d. A network-based IDS

b. *A VPN concentrator* A VPN concentrator is used to allow multiple users to access network resources using secure features that are built in to the device and are deployed where the requirement is for a single device to handle a very large number of VPN tunnels. Answer A is incorrect because a router forwards information to its destination on the network or the Internet. A firewall protects computers and networks from undesired access by the outside world; therefore, answer C is incorrect. Answer D is incorrect because network-based intrusion-detection systems monitor the packet flow and try to locate packets that are not allowed for one reason or another and might have gotten through the firewall.

Threats and Vulnerabilities *You're working late one night, and you notice that the hard disk on your new computer is very active even though you aren't doing anything on the computer and it isn't connected to the Internet. What is the most likely suspect?*

b. *A virus is spreading in your system.* A symptom of many viruses is unusual activity on the system disk. This is caused by the virus spreading to other files on your system.

*Which of the following best describes why a requesting device might believe that incoming ARP replies are from the correct devices?* a. ARP requires validation. b. ARP does not require validation. c. ARP is connection oriented. d. ARP is connectionless.

b. *ARP does not require validation.* ARP is a protocol used for mapping IP addresses to MAC addresses. It does not require validation, thus answer A is incorrect. Answers C and D are incorrect because connection oriented and connectionless are used to describe communications between two endpoints in which a message is sent with or without prior arrangement.

Physical and Hardware-Based Security *After a number of minor incidents at your company, physical security has suddenly increased in priority. No unauthorized personnel should be allowed access to the servers or workstations. The process of preventing access to computer systems in a building is called what?* a. Perimeter security b. Access control c. Security zones d. IDS systems

b. *Access control* Access control is the primary process of preventing access to physical systems.

*Which password standard provides the best opportunity to detect and react to a high-speed, brute-force password attack?* a. Password length b. Account lockout c. Password expiration d. Logon banner

b. *Account lockout* By locking an account after a limited number of failed attempts, administrative action is necessary to unlock the account and can raise awareness of repeated unauthorized access attempts while reducing the overall number of tests that can be attempted. Answers A and C are incorrect because both password length and password expiration can aid in complicating slow brute-force testing of sequential passwords if performed only a few times per day to avoid notice, but they provide only limited protection against high-bandwidth, brute-force attempts to guess passwords. Password complexity (including mixed-case letters, numbers, and symbols) provides more protection than length alone because the number of variations possible for each character rapidly expands the number of total tests that must be completed. Answer D is incorrect because logon banners detail legal repercussions following unauthorized access but provide no barrier against a brute-force attack.

Protecting Networks *In intrusion detection system parlance, which account is responsible for setting the security policy for an organization?*

b. *Administrator* The administrator is the person/account responsible for setting the security policy for an organization.

*Which of the following are advantages of honeypots and honeynets? (Select all correct answers.)* a. Attackers are diverted to systems that they cannot damage. b. Administrators are allotted time to decide how to respond to an attack. c. Attackers' actions can more easily be monitored and resulting steps taken to improve system security. d. Well-defined legal implications. e. Provides a structure that requires fewer security administrators.

b. *Administrators are allotted time to decide how to respond to an attack.* On-boarding is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network. Answer A is incorrect because mobile application management (MAM) focuses on application management. Answer C is incorrect. Mobile device management (MDM) allows the enrollment of enterprise devices for management functions such as provisioning devices, tracking inventory, configuration changes, updates, managing applications, and enforcing policies. Answer D is incorrect because device access controls are used to control network access not manage devices.

*What is an asset?* a. An item costing more than $10,000 b. Anything used in a work task c. A threat to the security of an organization d. An intangible resource

b. *Anything used in a work task* An asset is anything used in a work task.

Disaster Recovery and Incident Response *Your organization is exploring data-loss prevention (DLP) solutions. The proposed solution is a software storage solution that monitors how confidential data is stored. This solution is targeting which of the following data states?* a. In-transit b. At-rest c. In-use d. In-service

b. *At-rest* Protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer A is incorrect because protection of data in-transit is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer C is incorrect because protection of data in-use is considered to be an endpoint solution and the application is run on end-user workstations or servers in the organization. Answer D is incorrect because there is no such data state.

Security and Vulnerability in the Network *Which of the following is the area of an application that is available to users—those who are authenticated and more importantly those who are not?* a. Exposed liability b. Attack surface c. Security weakness d. Susceptible claim

b. *Attack surface* The attack surface of an application is the area of an application that is available to users—those who are authenticated and more importantly those who are not.

Access Control and Identity Management *Which process involves verifying keys as being authentic?* a. Authorization b. Authentication c. Access control d. Verification

b. *Authentication* Authentication involves the presentation and verification of credentials of keys as being authentic. Answer A is incorrect because authorization involves checking authenticated credentials against a list of authorized security principles. Once checked, resource access is allowed or limited based on access control constraints, making Answer C incorrect. Answer D is incorrect because verification of credentials occurs during authentication (as being authentic) and authorization (as being authorized to request resource access) and is not a recognized access control process.

Security and Vulnerability in the Network *Your manager has purchased a program intended to be used to find problems during code review. The program will read the code and look for any possible bugs or holes. What type of assessment is this known as?* a. Mechanized b. Automated c. Programmed d. Manual

b. *Automated* Simply reading the code is known as manual assessment, while using tools to scan the code is known as automated assessment.

*Which risk management response is being implemented when a company decides to close a little-used legacy web application identified as vulnerable to SQL Injection?* a. Acceptance b. Avoidance c. Mitigation d. Transference

b. *Avoidance* Risk avoidance involves simply terminating the operation that produces the risk, such as when shutting down a vulnerable site. Answer A is incorrect because accepting a risk is to do nothing in response except document the risk-management decision and obtain senior management signoff. Answer C is not correct because mitigation applies a solution that results in a reduced level of risk or exposure. Answer D is incorrect because the liability or cost associated with a risk is transferred through insurance policies and other such legal means.

*Bluejacking and bluesnarfing make use of which wireless technology?* a. Wi-Fi b. Bluetooth c. Blu-Fi d. All of the above

b. *Bluetooth* Both bluejacking and bluesnarfing refer to types of attacks over short-range Bluetooth technology. Answers A, C, and D are incorrect.

Threats and Vulnerabilities *A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as which of the following?* a. Zombie b. Botnet c. Herder d. Virus

b. *Botnet* Answers A and C are incorrect but are related to a botnet in that a zombie is one of many computer systems that make up a botnet, whereas a bot herder is the controller of the botnet. Answer D is incorrect. A virus is a program that infects a computer without the knowledge of the user.

*Which of the following makes it difficult for an eavesdropper to spot patterns and contains a message integrity method to ensure that messages have not been tampered with?* a. ICMP b. CCMP c. WEP d. LEAP

b. *CCMP* CCMP makes it difficult for an eavesdropper to spot patterns, and the CBC-MAC message integrity method ensures that messages have not been tampered with. Answer A is incorrect because ICMP is a network troubleshooting protocol. Answer C is incorrect because WEP is the most basic form of encryption that can be used on 802.11-based wireless networks. Answer D is incorrect because LEAP uses unencrypted challenges and responses and is vulnerable to dictionary attacks.

*What mechanism of wireless security is based on AES?* a. TKIP b. CCMP c. LEAP d. WEP

b. *CCMP* Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is based on the AES encryption scheme.

Cryptography Implementation *Which of the following is responsible for issuing certificates?* a. Registration authority (RA) b. Certificate authority (CA) c. Document authority (DA) d. Local registration authority (LRA)

b. *Certificate authority (CA)* The certificate authority (CA) is responsible for issuing certificates.

Access Control and Identity Management *Which of the following is not true regarding expiration dates of certificates?* a. Certificates may be issued for a week. b. Certificates are issued only at yearly intervals. c. Certificates may be issued for 20 years. d. Certificates must always have an expiration date.

b. *Certificates are issued only at yearly intervals.* Digital certificates contain a field indicating the date to which the certificate is valid. This date is mandatory, and the validity period can vary from a short period of time up to a number of years; therefore, answers A, C, and D are incorrect.

*Which of the following provides a clear record of the path evidence takes from acquisition to disposal?* a. Video capture b. Chain of custody c. Hashes d. Witness statements

b. *Chain of custody* The chain of custody provides a clear record of the path evidence takes from acquisition to disposal. Answer A is incorrect because videotaping the actual entrance of a forensics team into the area helps refute claims that evidence was planted at the scene. Answer C is incorrect because hashes allow validation that the forensic analysis itself has not produced unexpected modifications of evidentiary data. Answer D is incorrect because witnesses provide statements about what they saw, when, where, and how.

Educating and Protecting the User *Users should be educated in the correct way to close pop-up ads in the workplace. That method is to:*

b. *Click the "X" in the top right* Pop-up ads should be closed by clicking the "X" in the top right.

*Which of the following best describes a host-based intrusion detection system (HIDS)?* a. Examines the information exchanged between machines b. Collects and analyzes data that originates on the local machine c. Controls the information coming in and out of the host machine d. Attempts to prevent network attacks in real time

b. *Collects and analyzes data that originates on the local machine* A host-based intrusion detection system (HIDS) collects and analyzes data that originates on the local machine. Answer A is incorrect; a network-based intrusion detection system (NIDS) tries to locate packets not allowed on the network that the firewall missed and looks at the information exchanged between machines. Answer C is incorrect because firewalls control the information that gets in and out of the host machine. Answer D is incorrect; intrusion prevention differs from intrusion detection in that it actually prevents attacks in real time instead of only detecting the occurrence.

Security-Related Policies and Procedures *The process of establishing boundaries for information sharing is called:* a. Disassociation b. Compartmentalization c. Isolation d. Segregation

b. *Compartmentalization* The process of establishing boundaries for information sharing is called compartmentalization.

*Firewalls provide security through what mechanism?* a. Watching for intrusions b. Controlling traffic entering and leaving a network c. Requiring strong passwords d.

b. *Controlling traffic entering and leaving a network* Firewalls provide protection by controlling traffic entering and leaving a network.

*_______________ switches reside at the top of the hierarchy and carry traffic between switches, while _______________ switches are connected directly to the devices on the network.* a. Workgroup; core b. Core; workgroup c. Public; private d. Private; public

b. *Core; workgroup* Core switches reside at the top of the hierarchy and carry traffic between switches, while workgroup switches are connected directly to the devices on the network.

Threats and Vulnerabilities *Which of the following types of attacks can be done by either convincing the users to click on an HTML page the attacker has constructed or insert arbitrary HTML in a target website that the users visit?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

b. *Cross-site request forgery (XSRF)* The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. All they need to do is get the browsers to make a request to the website on their behalf. This can be done by either convincing the users to click on an HTML page the attacker has constructed or inserting arbitrary HTML in a target website that the users visit. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Security and Vulnerability in the Network *Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

b. *Cross-site request forgery (XSRF)* To mitigate cross-site request forgery (XSRF) attacks, the most common solution is to add a token for every POST or GET request that is initiated from the browser to the server. Answer A is incorrect because buffer overflows are associated with input validation. Answer C is incorrect because setting the HTTPOnly flag on the session cookie is used to mitigate XSS attacks. Answer D is incorrect because input validation tests whether an application properly handles input from a source outside the application destined for internal processing.

Access Control and Identity Management *Which form of access control enables data owners to extend access rights to other logons?* a. MAC b. DAC c. Role-based (RBAC) d. Rule-based (RBAC)

b. *DAC* Discretionary access control (DAC) systems enable data owners to extend access rights to other logons. Mandatory access control (MAC) systems require assignment of labels to extend access, making answer A incorrect. Answers C and D are incorrect because both RBAC access control forms rely on conditional assignment of access rules either inherited (role-based) or by environmental factors such as time of day or secured terminal location (rule-based).

Threats and Vulnerabilities *As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?*

b. *DDoS* A DDoS attack uses multiple computer systems to attack a server or host in the network.

*Which of the following is included in a BYOD policy?* a. Key management b. Data ownership c. Credential management d. Transitive trusts

b. *Data ownership* When formulating a bring-your-own-device (BYOD) policy, the organization should clearly state who owns the data stored on the device, specifically addressing what data belongs to the organization. Answer A is incorrect because key management is intended to provide a single point of management for keys, enable users to manage the lifecycle of keys and to store them securely, and make key distribution easier. Answer C is incorrect because the use of credentials is to validate the identities of users, applications, and devices. Answer D is incorrect because transitive trusts enable decentralized authentication through trusted agents.

*Which of the following is the formal process of assessing risk involved in discarding particular information?* a. Sanitization b. Declassification c. Degaussing d. Overwriting

b. *Declassification* Declassification is a formal process of assessing the risk involved in discarding particular information. Answer A is incorrect because sanitization is the process of removing the contents from the media as fully as possible, making it extremely difficult to restore. Answer C is incorrect because degaussing uses an electrical device to reduce the magnetic flux density of the storage media to zero. Answer D is incorrect because overwriting is applicable to magnetic storage devices and writes over all data on the media, destroying what was originally recorded.

Physical and Hardware-Based Security *If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called:* a. Clipping b. Desensitizing c. Distorting d. Crackling

b. *Desensitizing* If RF levels become too high, it can cause the receivers in wireless units to become deaf and is known as desensitizing. This occurs because of the volume of RF energy present.

Cryptography Basics *Which of the following algorithms is not an example of a symmetric encryption algorithm?* a. Rijndael b. Diffie-Hellman c. RC6 d. AES

b. *Diffie-Hellman* Diffie-Hellman uses public and private keys, so it is considered an asymmetric encryption algorithm. Because Rijndael and Advanced Encryption Standard (AES) are now one in the same, they both can be called symmetric encryption algorithms; therefore, answers A and D are incorrect. Answer C is incorrect because RC6 is symmetric, too.

Operating System and Application Security *If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as:*

b. *Directory traversal* If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as directory traversal.

Disaster Recovery and Incident Response *The only difference between mirroring and which of the following is the addition of one more controller card?* a. Additioning b. Duplexing c. Failing over d. Sanctifying

b. *Duplexing* The only difference between mirroring and duplexing is one more controller card.

*TEMPEST deals with which of the following forms of environmental control?* a. HVAC b. EMI shielding c. Humidity d. Cold-aisle

b. *EMI shielding* TEMPEST protections involve the hardening of equipment against EMI broadcast and sensitivity. Answers A and C are incorrect because HVAC controls include temperature and humidity management techniques to manage evolved heat in the data center and to minimize static charge buildup. Answer D is incorrect because hot-aisle/cold-aisle schemes provide thermal management for data centers by grouping air intakes on cold aisles and air exhausts on designated hot aisles, making HVAC more effective.

*What are the two major security areas of WLANs addressed by WPA2?* a. Access and integrity b. Encryption and authentication c. Encryption and access d. Authentication and access

b. *Encryption and authentication* WPA2 addresses the two major security areas of WLANs, namely, encryption and authentication.

Protecting Networks *Which of the following are not methods for minimizing a threat to a web server? (Choose the two best answers.)* a. Disable all nonweb services b. Ensure Telnet is running c. Disable nonessential services d. Enable logging

b. *Ensure Telnet is running* d. *Enable logging* Having Telnet enabled presents security issues and is not a primary method for minimizing threat. Logging is important for secure operations and is invaluable when recovering from a security incident. However, it is not a primary method for reducing threat. Answer A is incorrect because disabling all nonweb services might provide a secure solution for minimizing threats. Answer C is incorrect because each network service carries its own risks; therefore, it is important to disable all nonessential services.

Protecting Networks *Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?*

b. *Entrapment* Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead.

*Which statement accurately describes a characteristic of FTP Secure (FTPS)?* a. FTPS is an entire protocol itself. b. FTPS is a combination of two technologies (FTP and SSL or TLS). c. FTPS uses a single TCP port. d. FTPS encrypts and compresses all data and commands.

b. *FTPS is a combination of two technologies (FTP and SSL or TLS).* There are several differences between SFTP and FTPS. First, FTPS is a combination of two technologies (FTP and SSL or TLS), whereas SFTP is an entire protocol itself and is not pieced together with multiple parts. Second, SFTP uses only a single TCP port instead of two ports like FTPS. Finally, SFTP encrypts and compresses all data and commands (FTPS may not encrypt data).

*Which element of business continuity planning (BCP) is most concerned with hot-site/cold-site planning?* a. Network connectivity b. Facilities c. Clustering d. Fault tolerance

b. *Facilities* Facilities continuity planning is focused around alternative site management, hardware, and service contracts. Network connectivity BCP involves establishing alternative network access paths and dedicated recovery administrative connections, making answer A incorrect. High-availability clustered servers ensure that automatic failover occurs in the event that the primary service nodes are unable to perform normal service functions, making answer C incorrect. Fault tolerance, particularly in the area of storage devices, supports individual server operational continuity in the face of hardware device failure, making answer D incorrect. In SAN storage systems, redundant storage network connections similarly ensure continuous resource access for devices in the storage-area network.

Security and Vulnerability in the Network *What are the two states that an application can fail in?* a. Dependable b. Failsafe c. Failopen d. Assured

b. *Failsafe* c. *Failopen* There are two states that an application can fail in. In a failsafe mode, the crash leaves the system secure. In a failopen state, the crash leaves the system exposed (not secure).

Security and Vulnerability in the Network *Which of the following is a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks?* a. MAC filter b. Flood guard c. MAC limiter d. Security posture

b. *Flood guard* A flood guard is a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks. By reducing this tolerance, it is possible to reduce the likelihood of a successful DoS attack.

*What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software?* a. Dictionary attacks b. Fuzzing c. War dialing d. Cross-site request forgery

b. *Fuzzing* Fuzzing is a software-testing technique that generates input for targeted programs. The goal of fuzzing is to discover input sets that cause errors, failures, and crashes, or to discover other unknown defects in the targeted program.

Operating System and Application Security *Which of the following is the technique of providing unexpected values as input to an application to try to make it crash?*

b. *Fuzzing* Fuzzing is the technique of providing unexpected values as input to an application to try to make it crash. Those values can be random, invalid, or just unexpected.

Educating and Protecting the User *The Cyberspace Security Enhancement Act gives law enforcement the right to:*

b. *Gain access to encryption keys* The Cyberspace Security Enhancement Act gives law enforcement the right to gain access to encryption keys.

Educating and Protecting the User *Which act mandates national standards and procedures for the storage, use, and transmission of personal medical information?*

b. *HIPAA* HIPAA mandates national standards and procedures for the storage, use, and transmission of personal medical information.

*Which of the following is commonly used in the banking sector to secure numerous large bulk transactions?* a. Full disk encryption b. HSM c. TPM d. File-level encryption

b. *HSM* Traditionally, hardware security modules (HSMs) have been used in the banking sector to secure numerous large bulk transactions. Answer A is incorrect because full disk encryption is most useful when you're dealing with a machine that is being taken on the road by people such as traveling executives, sales managers, or insurance agents. Answer C is incorrect because trusted platform module (TPM) refers to a secure crypto-processor used to authenticate hardware devices such as PC or laptop. Answer D is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself.

Operating System and Application Security *You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted upon. Which of the following terms describes the process of improving security in an NOS?*

b. *Hardening* Hardening is the process of improving the security of an operating system or application. One of the primary methods of hardening an OS is to eliminate unneeded protocols.

Cryptography Basics *Which of the following is the type of algorithm used by MD5?* a. Block cipher algorithm b. Hashing algorithm c. Asymmetric encryption algorithm d. Cryptographic algorithm

b. *Hashing algorithm* Although the message digest (MD) series of algorithms is classified globally as a symmetric key encryption algorithm, the correct answer is hashing algorithm, which is the method that the algorithm uses to encrypt data. Answer A in incorrect because a block cipher divides the message into blocks of bits. Answer C is incorrect because MD5 is a symmetric key algorithm, not an asymmetric encryption algorithm (examples of this include RC6, Twofish, and Rijndael). Answer D is incorrect because cryptographic algorithm is a bogus term.

Network Security *Which statement concerning heuristic monitoring is correct?* a. Heuristic monitoring operates by being adaptive and proactive. b. Heuristic monitoring is founded on experience-based techniques. c. Heuristic monitoring is designed for detecting statistical anomalies. d. Heuristic monitoring looks for well-known patterns.

b. *Heuristic monitoring is founded on experience-based techniques.* Heuristic monitoring is founded on experience-based techniques. It attempts to answer the question, "Will this do something harmful if it is allowed to execute?"

*A CA with multiple subordinate CAs would use which of the following PKI trust models?* a. Cross-certified b. Hierarchical c. Bridge d. Linked

b. *Hierarchical* A DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer A is incorrect. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer C is incorrect because NAT acts as a liaison between an internal network and the Internet. Answer D is incorrect because a VPN is a network connection that allows you access via a secure tunnel created through an Internet connection.

Educating and Protecting the User *There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service and is known as:*

b. *at.allow* at.allow configurations allow only users specifically named to use the service.

*Which of the following describes a network of systems designed to lure an attacker away from another critical system?* a. Bastion host b. Honeynet c. Vulnerability system d. Intrusion-detection system

b. *Honeynet* Honeynets are collections of honeypot systems interconnected to create networks that appear to be functional and that can be used to study an attacker's behavior within the network. A bastion host is the first line of security that a company allows to be addressed directly from the Internet; therefore, answer A is incorrect. Answer C is incorrect because it is a made-up term. Answer D is incorrect because an IDS is used for intrusion detection.

*Which protocol is the standard protocol for Internet usage?* a. Internet Control Message Protocol (ICMP) b. Hypertext Transport Protocol (HTTP) c. Network Basic Input/Output System (NetBIOS) d. Secure Network Management Protocol (SNMP)

b. *Hypertext Transport Protocol (HTTP)* Hypertext Transport Protocol (HTTP), which is the standard protocol for Internet usage.

Network Security *Load balancing that is used for distributing HTTP requests received is sometimes called _______________.* a. content filtering b. IP spraying c. content inspection d. port mirroring

b. *IP spraying* Load balancing that is used for distributing HTTP requests received is sometimes called IP spraying.

*Which statement accurately describes IP telephony?* a. IP telephony requires an increase in infrastructure requirements. b. IP telephony convergence provides the functionality of managing and supporting a single network for all applications. c. New IP telephony applications can take a long time to develop. d. The cost of convergence technologies is high in comparison to startup costs for new traditional telephone equipment.

b. *IP telephony convergence provides the functionality of managing and supporting a single network for all applications.* Instead of managing separate voice and data networks, convergence provides the functionality of managing and supporting a single network for all applications.

Measuring and Weighing Risk *What is the first step in performing a basic forensic analysis?* a. Ensure that the evidence is acceptable in a court of law b. Identify the evidence c. Extract, process, and interpret the evidence d. Determine how to preserve the evidence

b. *Identify the evidence* It is necessary to first identify the evidence that is available to be collected. Answer A is incorrect because protecting data's value as evidence must come after the type and form of evidence is known. Extraction, preservation, processing, and interpretation of evidence also follow the identification of data types and storage that must be collected, making answers C and D incorrect.

Disaster Recovery and Incident Response *You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last backup?* a. Full backup b. Incremental backup c. Differential backup d. Backup server

b. *Incremental backup* An incremental backup backs up files that have changed since the last full or partial backup.

*Which of the fields included within a digital certificate identifies the directory name of the entity signing the certificate?* a. Signature algorithm identifier b. Issuer c. Subject name d. Subject public key information

b. *Issuer* The Issuer field identifies the name of the entity signing the certificate, which is usually a certificate authority. The Signature Algorithm Identifier identifies the cryptographic algorithm used by the CA to sign the certificate; therefore, answer A is incorrect. The Subject Name is the name of the end entity identified in the public key associated with the certificate; therefore, answer C is incorrect. The Subject Public Key Information field includes the public key of the entity named in the certificate, including a cryptographic algorithm identifier; therefore, answer D is incorrect.

*Which type of authorization provides a mechanism for validation of both sender and receiver?* a. Anonymous b. Kerberos c. TACACS d. RADIUS

b. *Kerberos* Kerberos authentication enables validation of both endpoints and can help protect against interception attacks such as the "man-in-the-middle." Anonymous connections do not even allow verification of the access requestor, making answer A incorrect. Answers C and D are incorrect because neither TACACS or RADIUS services provide mutual endpoint validation.

Access Control and Identity Management *You've been assigned to mentor a junior administrator and bring him up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems?*

b. *Kerberos* Kerberos uses a key distribution center (KDC) to authenticate a principal. The KDC provides a credential that can be used by all Kerberos-enabled servers and applications.

Cryptography Implementation *Which of the following is one of the biggest challenges associated with database encryption?* a. Multitenancy b. Key management c. Weak authentication components d. Platform support

b. *Key management* One of the biggest challenges associated with database encryption is key management. Answer A is incorrect because multitenancy is a security issue related to cloud computing implementations. Answer C is incorrect because lack of management software and weak authentication components are associated with hardware hard drive encryption. Answer D is incorrect because cost and platform support are concerns with smartphone encryption products.

Cryptography Basics *You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately you notice that it's using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process?*

b. *Key transmission* Key transmission is the largest problem from among the choices given. Transmitting private keys is a major concern. Private keys are typically transported using out-of-band methods to ensure security.

Cryptography Basics *Which organization can be used to identify an individual for certificate issue in a PKI environment?*

b. *LRA* A local registration authority (LRA) can establish an applicant's identity and verify that the applicant for a certificate is valid. The LRA sends verification to the CA that issues the certificate.

*The IEEE 802.1x standard provides the highest degree of port security by implementing port-based _______________.* a. encryption b. authentication c. auditing d. integrity

b. *authentication* The IEEE 802.1x standard provides the highest degree of port security by implementing port-based authentication.

*Which risk reduction policy does not aid in identifying internal fraud?* a. Mandatory vacations b. Least privilege c. Separation of duties d. Job rotation

b. *Least privilege* Although least privilege can aid in protecting against internal fraud, it does not particularly aid in identifying it if occurring. Mandatory vacations, job rotation, and separation of duties such as monetary processing and validation all provide cross-checks that can aid in the identification of ongoing fraudulent operations, making answers A, C, and D incorrect.

*Lynn needs access to the Accounting order-entry application but keeps getting an error that indicates inadequate access permissions. Bob assigns Lynn's account to the Administrator's group to overcome the error until he can work on the problem. Which access control constraint was violated by this action?* a. Implicit denial b. Least privilege c. Separation of duties d. Account expiration

b. *Least privilege* Least privilege is a principle of assigning only those rights necessary to perform assigned tasks. By making Lynn a member of the Administrators group, Bob not only bypassed the application's access control protocols but may also have granted Lynn access to additional application features or administrative-only tools that often lack the same safeguards as user-level APIs. Answer A is incorrect because the default assignment of an implicit denial is overridden by explicit grants of access aids in protecting resources against accidental access and is not directly violated by this action because Lynn's account now has full administrator rights assigned. Answer C is incorrect because separation of duties is focused on ensuring that action and validation practices are performed separately. Answer D is incorrect because account expiration protocols ensure that individual accounts do not remain active past their designated lifespan, but Lynn's account is current and enabled so is unaffected.

*Which of the following is not a common quality of quantitative risk analysis?* a. Difficult for management to understand b. Less precise c. Labor intensive d. Time-consuming

b. *Less precise* Qualitative risk assessments tend to be less precise than quantitative assessments. Quantitative risk assessments tend to be more difficult for management to understand properly without additional explanation, require intensive labor to gather all of the necessary measurements, and are time-consuming to produce and keep up to date, making answers A, C, and D incorrect.

Physical and Hardware-Based Security *For physical security, what should you do with rack-mounted servers?* a. Run a cable from them to a desk. b. Lock each of them into the cabinet. c. Install them in safes. d. Use only Type D, which incorporates its own security.

b. *Lock each of them into the cabinet.* Server racks should lock the rack-mounted servers into the cabinets to prevent someone from simply pulling one and walking out the front door with it.

*Which of the following is not one of the vulnerabilities of LDAP authentication services?* a. Buffer overflow vulnerabilities can be used to enact arbitrary commands on the LDAP server. b. Loss of time synchronization between the service, client, and KDC prevents communication. c. Format string vulnerabilities might result in unauthorized access to enact commands on the LDAP server or impair its normal operation. d. Improperly formatted requests might be used to create an effective denial-of-service (DoS) attack against the LDAP server.

b. *Loss of time synchronization between the service, client, and KDC prevents communication.* Kerberos is a time-synchronized protocol that relies on a common time base for session ticket lifetime verification. LDAP is not a ticket-based or a lifetime-based protocol. Answers A, C, and D are incorrect because all three are vulnerabilities of some LDAP service variations.

Security and Vulnerability in the Network *An organization is looking for a filtering solution that will help eliminate some of the recent problems it has had with viruses and worms. Which of the following best meets this requirement?* a. Intrusion detection b. Malware inspection c. Load balancing d. Internet content filtering

b. *Malware inspection* A malware inspection filter is basically a web filter applied to traffic that uses HTTP. The body of all HTTP requests and responses is inspected. Malicious content is blocked, but legitimate content passes through unaltered. Answer A is incorrect because intrusion-detection systems are designed to analyze data, identify attacks, and respond to the intrusion. Answer C is incorrect because load balancers are servers configured in a cluster to provide scalability and high availability. Answer D is incorrect because Internet content filters use a collection of terms, words, and phrases that are compared to content from browsers and applications.

Operating System and Application Security *Which of the following is needed to establish effective security baselines for host systems? (Select two correct answers.)* a. Cable locks b. Mandatory settings c. Standard application suites d. Decentralized administration

b. *Mandatory settings* c. *Standard application suites* To establish effective security baselines, enterprise network security management requires a measure of commonality between the systems. Mandatory settings, standard application suites, and initial setup configuration details all factor into the security stance of an enterprise network. Answer A is incorrect because cable locks have nothing to do with effective security baselines. Answer D is incorrect because decentralized management does not have anything to do with security baselines.

*What is the most common type of wireless access control?* a. Electronic Access Control (EAC) b. Media Access Control (MAC) address filtering c. Extensible Authentication Protocol-Transport Layer Security (EAP/TLS) d. Port Based Access Control (PBAC)

b. *Media Access Control (MAC) address filtering* The most common type of wireless access control is Media Access Control (MAC) address filtering. The MAC address is a hardware address that uniquely identifies each node of a network.

*The most effective means to reduce the risk of losing the data on a mobile device, such as a notebook computer, is _____.*

b. *Minimize sensitive data stored on the mobile device.* The risk of a lost or stolen notebook is the data loss, not the loss of the system itself. Thus, keeping minimal sensitive data on the system is the only way to reduce the risk. Hard-drive encryption, cable locks, and strong passwords, although good ideas, are preventative tools, not means of reducing risk. They don't keep intentional and malicious data compromise from occurring; instead, they encourage honest people to stay honest.

Cryptography Basics *Assuming asymmetric encryption, if data is encoded with a value of 5, what would be used to decode it?*

c. *1/5* With asymmetric encryption, two keys are used—one to encode and the other to decode. The two keys are mathematical reciprocals of each other.

*What technology provides an organization with the best control over BYOD equipment?* a. Encrypted removable storage b. Mobile device management c. Geo-tagging d. Application whitelisting

b. *Mobile device management* Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting. Not all mobile devices support removable storage, and even fewer support encrypted removable storage. Geotagging is used to mark photos and social network posts, not for BYOD management. Application whitelisting may be an element of BYOD management, but is only part of a full MBM solution.

Wireless Networking Security *Which of the following is synonymous with MAC filtering?* a. TKIP b. Network lock c. EAP-TTLS d. MAC secure

b. *Network lock* The term network lock is synonymous with MAC filtering.

*Which of the following is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network?* a. Mobile application management b. Onboarding c. Mobile device management d. Device access controls

b. *Onboarding* On-boarding is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network. Answer A is incorrect because mobile application management (MAM) focuses on application management. Answer C is incorrect. Mobile device management (MDM) allows the enrollment of enterprise devices for management functions such as provisioning devices, tracking inventory, configuration changes, updates, managing applications, and enforcing policies. Answer D is incorrect because device access controls are used to control network access not manage devices.

Access Control and Identity Management *Which of the following security areas encompasses network access control (NAC)?*

b. *Operational security* Operational security issues include network access control (NAC), authentication, and security topologies after the network installation is complete.

Access Control and Identity Management *Most of your client's sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a remote connection. Which of the following protocols is widely used today as a transport protocol for remote Internet connections?*

b. *PPP* PPP can pass multiple protocols and is widely used today as a transport protocol for remote connections.

Physical and Hardware-Based Security *You're the administrator for MTS. You're creating a team that will report to you, and you're attempting to divide the responsibilities for security among individual members. Similarly, which of the following access methods breaks a large area into smaller areas that can be monitored individually?* a. Zone b. Partition c. Perimeter d. Floor

b. *Partition* Partitioning is the process of breaking a network into smaller components that can each be individually protected. This is analogous to building walls in an office building.

Physical and Hardware-Based Security *Which of the following is equivalent to building walls in an office building from a network perspective?* a. Perimeter security b. Partitioning c. Security zones d. IDS systems

b. *Partitioning* Access control is the primary process of preventing access to physical systems.

*An organization has had a rash of malware infections. Which of the following can help mitigate the number of successful attacks?* a. Application baselining b. Patch management c. Network monitoring d. Input validation

b. *Patch management* Proactive patch management is necessary to keep your technology environment secure and reliable. Answer A is incorrect because application baselining is similar to operating system baselining in that it provides a reference point for normal and abnormal activity. Answer C is incorrect because network monitoring is used to check network activity. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Threats and Vulnerabilities *You are the senior administrator for a bank. A user calls you on the telephone and says they were notified to contact you but couldn't find your information on the company website. Two days ago, an email told them there was something wrong with their account and they needed to click a link in the email to fix the problem. They clicked the link and filled in the information, but now their account is showing a large number of transactions that they did not authorize. They were likely the victims of what type of attack?*

b. *Phishing* Sending an email with a misleading link to collect information is a phishing attack.

Physical and Hardware-Based Security *Which of the following statements are true when discussing physical security? (Select all correct answers.)* a. Physical security attempts to control access to data from Internet users. b. Physical security attempts to control unwanted access to specified areas of a building. c. Physical security attempts to control the effect of natural disasters on facilities and equipment. d. Physical security attempts to control internal employee access into secure areas.

b. *Physical security attempts to control unwanted access to specified areas of a building.* c. *Physical security attempts to control the effect of natural disasters on facilities and equipment.* d. *Physical security attempts to control internal employee access into secure areas.* Natural disasters, unwanted access, and user restrictions are all physical security issues. Preventing Internet users from getting to data is data security, not physical security; therefore, answer A is incorrect.

*In which of the following types of fuzzing are forged packets sent to the tested application and then replayed?* a. Application fuzzing b. Protocol fuzzing c. File format fuzzing d. Web page fuzzing

b. *Protocol fuzzing* In protocol fuzzing, forged packets are sent to the tested application, which can act as a proxy and modify requests on the fly and then replay them. Answer A is incorrect because in an application fuzzing attack vectors are within its I/O, such as the user interface, the command-line options, URLs, forms, user-generated content, and RPC requests. Answer C is incorrect because in file format fuzzing, multiple malformed samples are generated and then opened sequentially. Answer D is incorrect because web page fuzzing is not a real term.

Wireless Networking Security *WAP uses a smaller version of HTML for Internet displays. This is known as:* a. DSL b. HSL c. WML d. OFML

c. *WML* WAP uses a smaller version of HTML called Wireless Markup Language (WML) for Internet displays.

*Which of the following should you deploy within your PKI to provide a method for initially verifying a user's identity so that a certificate may be issued?* a. Certificate authority (CA) b. Registration authority (RA) c. Certificate practice statement (CPS) d. Certificate registration list (CRL)

b. *Registration authority (RA)* A registration authority is used to first verify the user's identity before passing the request along to the certificate authority to issue a digital certificate. So, answer A is incorrect. Answer C is also incorrect because a CPS is a legal document created and published by the CA. Answer D is incorrect. A certificate registration list is a red herring. Within PKI, CRL refers to a certificate revocation list, which is a mechanism for disturbing information about revoked certificates.

*Which of the following are steps that can be taken to harden DHCP services?* a. Anonymous access to share files of questionable or undesirable content should be limited. b. Regular review of networks for unauthorized or rogue servers. c. Technologies that allow dynamic updates must also include access control and authentication. d. Unauthorized zone transfers should also be restricted.

b. *Regular review of networks for unauthorized or rogue servers.* Regular review of networks for unauthorized or rogue servers is a practice used to harden DHCP services. Answer A is incorrect because anonymous access to share files of questionable or undesirable content should be limited for proper FTP server security. Answers C and D are incorrect because they are associated with hardening DNS servers.

Operating System and Application Security *Your company is growing at a tremendous rate, and the need to hire specialists in various areas of IT is becoming apparent. You're helping to write the newspaper ads that will be used to recruit new employees, and you want to make certain that applicants possess the skills you need. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads?*

b. *Relational* Relational database systems are the most frequently installed database environments in use today.

*Which of the following is considered best practice when formulating minimum standards for developing password policies?* a. Password length set to 6 characters b. Require password change at 90 days c. Maximum password age set to zero d. Account lockout threshold set to zero

b. *Require password change at 90 days* Require users to change passwords every 90 to 180 days, depending on how secure the environment needs to be. Remember that the more often users are required to change passwords, the greater the chance that they will write them down, potentially exposing them to unauthorized use. Answer A is incorrect because making the password length at least eight characters and requiring the use of combinations of uppercase and lowercase letters, numbers, and special characters is good practice. Answer C is incorrect because good policy is to set the maximum password age to a value between 30 and 90 days. Answer D is incorrect because if the lockout threshold is set to zero, accounts will not be locked out due to invalid logon attempts.

*You run a full backup every Monday. You also run a differential backup every other day of the week. You experience a drive failure on Friday. Which of the following restoration procedures should you use to restore data to the replacement drive?* a. Restore the full backup and then each differential backup. b. Restore the full backup and then the last differential backup. c. Restore the differential backup. d. Restore the full backup.

b. *Restore the full backup and then the last differential backup.* The proper procedure is to restore the full backup, and then the last differential backup. The other three options are incorrect or incomplete.

Threats and Vulnerabilities *Your system has been acting strangely since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system?*

b. *Retrovirus* Retroviruses are often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other, less-formidable viruses.

*A certificate authority discovers it has issued a digital certificate to the wrong person. What needs to be completed?* a. Certificate practice statement (CPS) b. Revocation c. Private key compromise d. Fraudulent practices statement (FPS)

b. *Revocation* A certificate might need to be revoked (including a certificate being issued to the incorrect person) for any number of reasons. A CPS is a published document from the CA describing their policies and procedures for issuing and revoking certificates; therefore, answer A is incorrect. A private key compromise is actually another reason to perform revocation of a certificate; therefore, answer C is incorrect. Answer D is incorrect because this is a bogus term.

*Which of the following statements is true about SSL?* a. SSL provides security for both the connection and the data after it is received. b. SSL only provides security for the connection, not the data after it is received. c. SSL only provides security for the data when it is received, not the connection. d. SSL does not provide security for either the connection or the data after it is received.

b. *SSL only provides security for the connection, not the data after it is received.* Secure Sockets Layer (SSL) provides security only for the connection, not the data after it is received. The data is encrypted while it is being transmitted, but when received by the computer, it is no longer encrypted. Therefore, answers A, C, and D are incorrect.

Security and Vulnerability in the Network *Which log visible in Event Viewer shows successful and unsuccessful login attempts in Windows 7?* a. System b. Security c. Audit d. Application

b. *Security* The Security log in Windows 7 (as well as in all versions of Windows) shows successful and unsuccessful login attempts and can be viewed with Event Viewer.

*The _______________ is the expected monetary loss every time a risk occurs.* a. Annualized Loss Expectancy b. Single Loss Expectancy c. Annualized Rate of Occurrence d. Multiple Loss Expectancy

b. *Single Loss Expectancy* The Single Loss Expectancy (SLE) is the expected monetary loss every time a risk occurs.

Disaster Recovery and Incident Response *Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file?* a. Onsite storage b. Working copies c. Incremental backup d. Differential backup

b. *Working copies* Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.

Access Control and Identity Management *Which category of authentication includes smart cards?* a. Something you know b. Something you have c. Something you are d. Something you do e. Somewhere you are

b. *Something you have* Something you have includes smart cards, tokens, and keys. Something you know includes account logons, passwords, and PINs, making answer A incorrect. Answers C and D are incorrect because both something you are and something you do involve measures of personal biological qualities and do not require an external device such as a smart card or key. Answer E is incorrect because somewhere you are is generally associated with either being in a trusted or less trusted location which could be based on GPS coordinates or IP address.

Educating and Protecting the User *The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all except:*

b. *Spam* The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all the choices listed except spam.

Threats and Vulnerabilities *What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?*

b. *Stealth virus* A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.

*Which of the following is not a certificate trust model for the arranging of certificate authorities?* a. Bridge CA architecture b. Sub-CA architecture c. Single-CA architecture d. Hierarchical CA architecture

b. *Sub-CA architecture* Sub-CA architecture does not represent a valid trust model. Answers A, C, and D, however, all represent legitimate trust models. Another common model also exists, called cross-certification; however, it usually makes more sense to implement a bridge architecture over this type of model.

Security-Related Policies and Procedures *On a NetWare-based system, which account is equivalent to the administrator account in Windows?* a. Auditor b. Supervisor c. Root d. Master

b. *Supervisor* The supervisor user in NetWare is equivalent to the administrator user in Windows.

*Which of the following is the best choice for encrypting large amounts of data?* a. Asymmetric encryption b. Symmetric encryption c. Elliptical curve encryption d. RSA encryption

b. *Symmetric encryption* Public key encryption is not usually used to encrypt large amounts of data, but it is does provide an effective and efficient means of sending a secret key from which to do symmetric encryption thereafter, which provides the best method for efficiently encrypting large amounts of data. Therefore, answers A, C, and D are incorrect.

Access Control and Identity Management *Which of the following is a client-server-oriented environment that operates in a manner similar to RADIUS?*

b. *TACACS* Terminal Access Controller Access-Control System (TACACS) is a client-server-oriented environment, and it operates in a manner similar to how RADIUS operates.

*Why do experts recommend that access points (APs) be mounted as high as possible?* a. Antennas must hang upside down for best performance. b. The radio frequency (RF) signal may experience fewer obstructions. c. The air is "heavier" as it rises, providing better transmission of the radio frequency (RF) signal. d. Warm air rises and provides a better conductor for the radio frequency (RF) signal.

b. *The radio frequency (RF) signal may experience fewer obstructions.* Generally the AP can be secured to the ceiling or high on a wall. It is recommended that APs be mounted as high as possible for two reasons: there may be fewer obstructions for the RF signal, and to prevent thieves from stealing the device.

Access Control and Identity Management *Which of the following is true of digital signatures? (Choose the two best answers.)* a. They are the same as a hash function. b. They can be automatically time-stamped. c. They allow the sender to repudiate that the message was sent. d. They cannot be imitated by someone else.

b. *They can be automatically time-stamped.* d. *They cannot be imitated by someone else.* Digital signatures offer several features and capabilities. This includes being able to ensure the sender cannot repudiate that he or she used the signature. In addition, nonrepudiation schemes are capable of offering time stamps for the digital signature. Answer A is incorrect. Hashing algorithms are only used for integrity purposes and only confirm original content. Answer C is incorrect because a key feature of digital signatures is to provide for nonrepudiation.

*Your organization provides a secure web portal. You discover another portal that mimics your organization's portal look and feel. This portal has a similar URL but is different by one letter. Which of the following are most likely true? (Select two correct answers.)* a. This is an example of transitive access. b. This is typo squatting. c. The site is collecting usernames and passwords. d. The site is a result of a malicious insider.

b. *This is typo squatting.* c. *The site is collecting usernames and passwords.* Typo squatting takes advantage of mistyped domain names. Sometimes for advertising purposes, but it can also be for more malicious intent. The unauthorized site may be looking to collect usernames and passwords, then of course, allowing access. Transitive access describes a situation that can be exploited, but one that is normally by design that takes advantage of trust relationships, thus answer A is incorrect. Answer D is also incorrect. A malicious insider may have set up the rouge site, but there is no indication this was the case.

Network Security *What is the role of a router?* a. To inspect packets and either accept or deny entry b. To forward packets across different computer networks c. To intercept user requests from the internal secure network and then process that request on behalf of the user d. To connect networks together so that they function as a single network segment

b. *To forward packets across different computer networks* A router is a network device that can forward packets across different computer networks. When a router receives an incoming packet, it reads the destination address and then, using information in its routing table, sends the packet to the next network toward its destination.

Operating System and Application Security *Which of the following statements is not true?*

b. *You should share the root directory of a disk.* Never share the root directory of a disk if at all possible. Doing so opens the entire disk to potential exploitation.

*Your organization has organized a trade show in the United States. With the goal of increasing revenue, you decide to operate a Wi-Fi hotspot for a fee. Which of the following are reasons your organization could use wireless jamming? (Select all correct answers.)* a. To maximize revenue b. To prevent degraded service c. To prevent attendees from operating their own Wi-Fi hot spots d. To prevent attacks

b. *To prevent degraded service* d. *To prevent attacks* Wireless jamming may be a legal way to prevent degraded service or attacks. Answers A and C are incorrect. Wireless jamming may provide an effective means to ensure that no other Wi-Fi network may operating and may increase profits by interfering with the signal, but it is against FCC regulations and illegal to do this.

Threats and Vulnerabilities *A user has downloaded trial software and subsequently downloads a key generator in order to unlock the trial software. The user's antivirus detection software now alerts the user that the system is infected. Which one of the following best describes the type of malware infecting the system?* a. Logic bomb b. Trojan c. Adware d. Worm

b. *Trojan* Trojans are programs disguised as something useful. In this instance, the user was likely illegally trying to crack software, and in the process infected the system with malware. Although answers A, C, and D are types of malware, they are not the best choices.

Cryptography Implementation *PKI (Public Key Infrastructure) is a key-asymmetric system utilizing how many keys?*

b. *Two* PKI (Public Key Infrastructure) is a key-asymmetric system utilizing two keys.

Wireless Networking Security *Which of the following authentication levels with WAP requires both ends of the connection to authenticate to confirm validity?* a. Relaxed b. Two-way c. Server d. Anonymous

b. *Two-way* Two-way authentication requires both ends of the connection to authenticate to confirm validity.

Physical and Hardware-Based Security *Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher?* a. Type A b. Type B c. Type C d. Type D

b. *Type B* Type K fire extinguishers are a subset of Type B fire extinguishers.

*The new biometric authentication system has been identified as having a high FAR. What does this mean?* a. Authorized users are being allowed access. b. Unauthorized users are being allowed access. c. Authorized users are being denied access. d. Unauthorized users are being denied access.

b. *Unauthorized users are being allowed access.* The false acceptance rate (FAR) is a measure of unauthorized biometric signatures being accepted as valid. Answers A and D are incorrect because they represent valid biometric operations. Answer C is incorrect because denial of authorized signatures is measured as the false rejection rate (FRR).

*Which term describes a means of managing and presenting computer resources by function without regard to their physical layout or location?* a. Port mirroring b. Virtualization c. Cloud computing d. Virtual LAN (VLAN) management

b. *Virtualization* Virtualization is a means of managing and presenting computer resources by function without regard to their physical layout or location.

*An organization is looking for a mobile solution that allows both executives and employees to discuss sensitive information without having to travel to secure company locations. Which of the following fulfills this requirement?* a. GPS tracking b. Voice encryption c. Remote wipe d. Passcode policy

b. *Voice encryption* Mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. answer C is incorrect because remote wipe allows a handheld's data to be remotely deleted in the event the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.

Disaster Recovery and Incident Response *Which site best provides limited capabilities for the restoration of services in a disaster?* a. Hot site b. Warm site c. Cold site d. Backup site

b. *Warm site* Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.

*What is the minimal level of alternative site that includes live networking?* a. Cold b. Warm c. Hot d. Remote

b. *Warm* A warm site generally includes power, phone, and networking. It might include computers that are not yet set up or kept fully up to date. Cold sites generally have little more than space, restrooms, and electricity until activated, making answer A incorrect. Hot sites are locations that are fully operational and include all aspects of operational requirements, making answer C incorrect. Alternate sites (hot, warm, or cold) should be remote enough to be outside of the zone of involvement during a disaster event, making answer D incorrect.

Security-Related Policies and Procedures *Which of the following is the basic premise of least privilege?* a. Always assign responsibilities to the administrator who has the minimum permissions required. b. When assigning permissions, give users only the permissions they need to do their work and no more. c. Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing. d. Do not give management more permissions than users.

b. *When assigning permissions, give users only the permissions they need to do their work and no more.* The basic premise of least privilege is: When assigning permissions, give users only the permissions they need to do their work and no more.

Protecting Networks *Which of the following are examples of protocol analyzers? (Check all correct answers.)* a. Metasploit b. Wireshark c. OVAL d. Microsoft Message Analyzer

b. *Wireshark* d. *Microsoft Message Analyzer* Windows Server operating systems come with a protocol analyzer called by Microsoft Message Analyzer. Third-party programs such as Wireshark can also be used for network monitoring. Metasploit is a framework used for penetration testing, and OVAL is intended as an international language for representing vulnerability information using an XML schema for expression; therefore, answers A and C are incorrect.

Network Security *A more "intelligent" firewall is a(n) _______________ firewall, sometimes called a next-generation firewall (NGFW).* a. rule-based b. application-aware c. hardware-based d. host-based

b. *application-aware* A more "intelligent" firewall is an application-aware firewall, sometimes called a next-generation firewall (NGFW).

Network Security *VPN transmissions are achieved through communicating with _______________.* a. network taps b. endpoints c. Internet content filters d. proxy servers

b. *endpoints* VPN transmissions are achieved through communicating with endpoints. An endpoint is the end of the tunnel between VPN devices. An endpoint can be software on a local computer, a dedicated hardware device such as a VPN concentrator (which aggregates hundreds or thousands of VPN connections), or integrated into another networking device such as a firewall.

Protecting Networks *Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?*

b. *faillog* Use the faillog utility in Linux to view a list of users' failed authentication attempts.

*An event that, in the beginning, is considered to be a risk, yet turns out not to be one, is called a _______________.* a. false negative b. false positive c. negative-positive d. positive-negative

b. *false positive* An event that, in the beginning, is considered to be a risk yet turns out not to be one is called a false positive.

*A _______________ cloud is a combination of public and private clouds.* a. community b. hybrid c. mixed d. connected

b. *hybrid* A hybrid cloud is a combination of public and private clouds.

*In many fraud schemes, the perpetrator must be present every day in order to continue the fraud or keep it from being exposed. Many organizations require _______________ for all employees to counteract this.* a. job rotation b. mandatory vacations c. separation of duties d. least privilege

b. *mandatory vacations* In many fraud schemes, the perpetrator must be present every day in order to continue the fraud or keep it from being exposed. Many organizations require mandatory vacations for all employees to counteract this.

*Risk _______________ is the attempt to address risks by making risk less serious.* a. deterrence b. mitigation c. acceptance d. avoidance

b. *mitigation* Risk mitigation is the attempt to address the risks by making risk less serious.

*A(n) _______________ policy outlines how the organization uses the personal information it collects.* a. acceptable use b. privacy c. data acquisition d. data storage

b. *privacy* A privacy policy outlines how the organization uses personal information it collects.

*A _______________ cloud is one in which the services and infrastructure are offered to all users with access provided remotely through the Internet.* a. private b. public c. hybrid d. community

b. *public* A public cloud is one in which the services and infrastructure are offered to all users with access provided remotely through the Internet.

*An integrated device that combines several security functions is called a(n) _______________ security product.* a. demilitarized zone (DMZ) b. unified threat management (UTM) c. virtual private network (VPN) d. application-aware IPS

b. *unified threat management (UTM)* An integrated device that combines several security functions, called a Unified Threat Management (UTM) security product.

*Segmenting a network by separating devices into logical groups is known as creating a _______________.* a. cloud b. virtual LAN (VLAN) c. flood guard d. unified threat management (UTM) system

b. *virtual LAN (VLAN)* Segmenting a network by separating devices into logical groups is known as creating a virtual LAN (VLAN).

*_______________ business partners refers to the start-up relationship between partners.* a. Enrolling b. On-boarding c. Unrolling d. Off-boarding

b.* On-boarding* On-boarding business partners refers to the start-up relationship between partners

What is the name for a hole in the security of an application deliberately left in place by a designer?

back door

Between which two OSI layers does Secure Sockets Layer (SSL) operate?

between the OSI Transport and Application layers (Layer 4 to Layer 7)

Scanning fingerprints is an example of which authentication technique?

biometrics

What is the best method to preserve evidence on a computer: bit stream backup or standard backup?

bit stream backup

Which type of cipher encrypts data in fixed-size blocks?

block

Does each VLAN create its own collision domain or its own broadcast domain?

broadcast domain

Which type of attack sequentially generates every possible password and checks them all against a password file?

brute force attack

Which error occurs when the length of the input data is more than the length that processor buffers can handle?

buffer overflow

Which error condition arises because data is not checked before input to ensure that it has an appropriate length?

buffer overflow errors

Physical and Hardware-Based Security *Proximity readers work with which of the following? (Choose all that apply.)* a. 15.75 fob card b. 14.32 surveillance card c. 13.56 MHZ smart card d. 125 kHz proximity card

c. *13.56 MHZ smart card* d. *125 kHz proximity card* Proximity readers work with 13.56 MHz smart card and 125 kHz proximity cards.

*Fiber channel (FC) is a high-speed storage network protocol that can transmit up to _______________ per second.* a. 16 bits b. 16 megabits c. 16 gigabits d. 16 terabits

c. *16 gigabits* Fibre Channel (FC) is a high-speed storage network protocol that can transmit up to 16 gigabits per second.

*What is the minimum number of drives necessary to provide a RAID 5 redundant with distributed parity disk array?* a. 1 b. 2 c. 3 d. 5

c. *3* The minimum number of drives in a RAID 5 array is three, making answers B and D incorrect. A single drive does not provide fault tolerance, making Answer A incorrect.

Infrastructure and Connectivity *What is the recommended range of humidity level according to the ASHRAE?* a. 10% to 20% b. 30% to 40% c. 40% to 55% d. 55% to 65%

c. *40% to 55%* The American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) recommends optimal humidity levels in the 40% to 55% range, making answers A, B, and D incorrect. Very low levels of humidity can promote the buildup of electrostatic charges that can harm sensitive electronic components. Very high levels of humidity can promote condensation on chilled surfaces and introduce liquid into operating equipment.

*Which port does the Hypertext Transfer Protocol Secure (HTTPS) use?* a. 53 b. 143 c. 443 d. 3389

c. *443* The Hypertext Transfer Protocol Secure (HTTPS) uses port 443.

*Which port does the Hypertext Transfer Protocol (HTTP) use?* a. 20 b. 21 c. 80 d. 443

c. *80* The Hypertext Transfer Protocol (HTTP) uses port 80.

Wireless Networking Security *Which of the following 802.11 standards is often referenced as WPA2?* a. 802.11a b. 802.11b c. 802.11i d. 802.11n

c. *802.11i* The WPA2 standard is also known as 802.11i.

Wireless Networking Security *Which type of encryption does CCMP use?* a. EAP b. DES c. AES d. IV

c. *AES* CCMP uses 128-bit AES encryption.

Security and Vulnerability in the Network *The goal of _____ is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.* a. EAPOL b. EAP c. ASR d. 802.1X

c. *ASR* The goal of attack surface reduction (ASR) is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.

Cryptography Basics *Which of the following terms refers to the prevention of unauthorized disclosure of keys?*

c. *Access control* Access control refers to the process of ensuring that sensitive keys aren't divulged to unauthorized personnel.

*Which of the following is not a way to prevent or protect against XSS?* a. Input validation b. Defensive coding c. Allowing script input d. Escaping metacharacters

c. *Allowing script input* A programmer can implement the most effective way to prevent XSS by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input.

*Which of the following is an example of a false negative result?* a. An authorized user is granted access to a resource. b. An unauthorized user is granted access to a resource. c. An authorized user is refused access to a resource. d. An unauthorized user is refused access to a resource.

c. *An authorized user is refused access to a resource.* A false negative result involves access refusal for an authorized user, which makes answer D incorrect. Answers A and B are incorrect because they represent granted resource access.

*The _______________ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.* a. Single Loss Expectancy b. Annualized Rate of Occurrence c. Annualized Loss Expectancy d. Multiple Loss Expectancy

c. *Annualized Loss Expectancy* The Annualized Loss Expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.

Protecting Networks *Which of the following IDS types looks for things outside of the ordinary?*

c. *Anomaly-based* An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it looks for things outside of the ordinary.

*Which of the following describes a simple form of social engineering in which an unauthorized individual follows closely behind someone who has authorized physical access to an environment?* a. Tailgating b. Piggybacking c. Answers A and B d. None of the above

c. *Answers A and B* Both tailgating and piggybacking describe a simple method to gain unauthorized access to an environment by closely following behind someone with authorized access. Neither answer A nor B alone is correct. Answer D is incorrect.

Infrastructure and Connectivity *When troubleshooting SSL, which two layers of the OSI model are of most value?* a. Application layer and presentation layer b. Presentation layer and session layer c. Application layer and transport layer d. Physical layer and data link layer

c. *Application layer and transport layer* SSL connections occur between the application and transport layers. Answer A is incorrect because SSL operates at a deeper level. Answer B is incorrect because the Secure Sockets Layer transport effectively fills the same role as these OSI model layers. Answer D is incorrect because the data has been abstracted beyond the level at which SSL operates.

*Which of the following would be used to detect unauthorized or unintentional access or escalation of privileges?* a. Change management b. Incident management c. Auditing d. Data-loss prevention

c. *Auditing* Auditing is used to detect unauthorized or unintentional access or escalation of privileges. Answer A is incorrect because change management provides specific details when system changes are made, such as the files being replaced, the configuration being changed, or the machines or operating systems affected. Answer B is incorrect because incident management includes preparation, roles, rules, and procedures for incident response and how to maintain business continuity while defending against further attacks. Answer D is incorrect because DLP is a way of detecting and preventing confidential data from being exfiltrated physically or logically from an organization by accident or on purpose. Auditing is used to prevent unauthorized or unintentional access or escalation of privileges.

*Which of the three principles of security is supported by an offsite tape backup system?* a. Confidentiality b. Integrity c. Availability d. Sanitization

c. *Availability* Availability is concerned with ensuring that access to services and data is protected against disruption, including disasters and other events that could require recovering from offsite backup media. Answer A is incorrect because confidentiality involves protecting against unauthorized access. Integrity is concerned with preventing unauthorized modification, making Answer B incorrect. Answer D is incorrect because sanitization involves the destruction or overwriting of data to protect confidentiality.

Threats and Vulnerabilities *An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?*

c. *Backdoor* In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.

*What communications technique can a hacker use to identity the product that is running on an open port facing the Internet?* a. Credentialed penetration test b. Intrusive vulnerability scan c. Banner grabbing d. Port scanning

c. *Banner grabbing* Banner grabbing is the communications technique a hacker can use to identify the product that is running on an open port facing the Internet.

Educating and Protecting the User *An NDA (nondisclosure agreement) is typically signed by?*

c. *Beta testers* An NDA (nondisclosure agreement) is typically signed by beta testers.

*Which of the following describes a type of algorithm where data is broken into several units of varying sizes (dependent on algorithm) and encryption is applied to those chunks of data?* a. Symmetric encryption algorithm b. Elliptic curve c. Block cipher d. All of the above

c. *Block cipher* When data that is going to be encrypted is broken into chunks of data and then encrypted, the type of encryption is called a block cipher. Although many symmetric algorithms use a block cipher, answer A is incorrect because block cipher is a more precise and accurate term for the given question. Answer B is incorrect because elliptic curve is a type of asymmetric encryption algorithm. Answer D is an incorrect choice because only one answer is correct.

*Which type of power variation includes short-term decreases in voltage levels?* a. Spikes b. Surges c. Brownouts d. Blackouts

c. *Brownouts* A brownout is a short-term decrease in voltage, often occurring when motors are started or due to provider faults. Both spikes and surges are increases of voltage, making answers A and B incorrect. Blackouts involve a complete loss of power rather than simply a reduction of voltage, making answer D incorrect.

Cryptography Basics *Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate?*

c. *CRL* A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.

Access Control and Identity Management *To check the validity of a digital certificate, which one of the following would be used?* a. Corporate security policy b. Certificate policy c. Certificate revocation list d. Expired domain names

c. *Certificate revocation list* A certificate revocation list (CRL) provides a detailed list of certificates that are no longer valid. A corporate security policy would not provide current information on the validity of issued certificates; therefore, answer A is incorrect. A certificate policy does not provide information on invalid issued certificates, either; therefore, answer B is incorrect. Finally, an expired domain name has no bearing on the validity of a digital certificate; therefore, answer D is incorrect.

Security and Vulnerability in the Network *During what process do you look at all custom written applications for holes that may exist (in the form of the finished application, configuration files, libraries, and so on)?* a. Network bridging b. Design review c. Code review d. Remediation

c. *Code review* During a code review, you look at all custom written applications for holes that may exist (in the form of the finished application, configuration files, libraries, and the like).

Educating and Protecting the User *Which concept does the Bell-LaPadula model deal most accurately with?*

c. *Confidentiality* The Bell-LaPadula model deals most accurately with confidentiality.

*What statement accurately describes a best practice for managing a virtual LAN (VLAN)?* a. Configure empty switch ports to connect to a used VLAN. b. Keep all default VLAN names. c. Configure the ports on the switch that pass tagged VLAN packets to explicitly forward specific tags. d. Configure VLANs so that public devices are on a private VLAN.

c. *Configure the ports on the switch that pass tagged VLAN packets to explicitly forward specific tags.* Some general principles for managing VLANs are: (1) Configure empty switch ports to connect to an unused VLAN (2) Change any default VLAN names (3) Configure the ports on the switch that pass tagged VLAN packets to explicitly forward specific tags (4) Configure VLANs so that public devices, such as a web application server, are not on a private VLAN, forcing users to have access to that VLAN.

Disaster Recovery and Incident Response *Which of the following would normally not be part of an incident response policy?* a. Outside agencies (that require status) b. Outside experts (to resolve the incident) c. Contingency plans d. Evidence collection procedures

c. *Contingency plans* A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan.

*What is a security risk of an embedded system that is not commonly found in a standard PC?* a. Power loss b. Access to the Internet c. Control of a mechanism in the physical world d. Software flaws

c. *Control of a mechanism in the physical world* Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, Internet access, and software flaws are security risks of both embedded systems and standard PCs.

*The encryption protocol used for WPA2 is the _______________.* a. Triple DES b. Advanced Encryption Standard (AES) c. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) d. Temporal Key Integrity Protocol (TKIP)

c. *Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)* The encryption protocol used for WPA2 is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and specifies the use of CCM (a general purpose cipher mode algorithm providing data privacy) with AES.

*Which of the following types of attacks is characterized by client-side vulnerabilities presented by ActiveX or JavaScript code running within the client's browser?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

c. *Cross-Site Scripting (XSS)* Cross-Site Scripting (XSS) attacks take advantage of vulnerabilities in ActiveX or JavaScript code running within the client's browser. The attack hijacks the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect. The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Threats and Vulnerabilities *Which of the following types of attacks is executed by placing malicious executable code on a website?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

c. *Cross-Site Scripting (XSS)* Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect. The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Threats and Vulnerabilities *Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?* a. DoS b. Masquerading c. DDoS d. Trojan horse

c. *DDoS* A distributed denial of service (DDoS) attack is similar to a denial-of-service (DoS) attack in that they both try to prevent legitimate access to services. However, a DDoS attack is a coordinated effort among many computer systems; therefore, answer A is incorrect. Masquerading involves using someone else's identity to access resources; therefore, answer B is incorrect. A Trojan horse is a program used to perform hidden functions; therefore, answer D is incorrect.

*llegal or unauthorized zone transfers are a significant and direct threat to what type of network server?* a. Web b. DHCP c. DNS d. Database

c. *DNS* Illegal or unauthorized zone transfers are a significant and direct threat to DNS servers.

*Which form of media sanitization might be required for flash-based solid state drives to be considered fully sanitized?* a. Declassification b. Degaussing c. Destruction d. Overwriting

c. *Destruction* In some forms of nonferric solid-state storage devices, only destruction may provide full data sanitization. Answer A is incorrect because declassification is a formal process for assessing the risk associated with discarding information, rather than a sanitization process itself. Answer B is incorrect because nonferric solid-state data storage might not react to powerful magnetic fields used during degaussing. Answer D is incorrect because overwriting in a solid state device operates differently than in magnetic storage media and might not completely wipe all data.

Disaster Recovery and Incident Response *Which backup system backs up all the files that have changed since the last full backup?* a. Full backup b. Incremental backup c. Differential backup d. Archival backup

c. *Differential backup* A differential backup backs up all the files that have changed since the last full backup.

*Which protocol is a TCP/IP protocol that resolves (maps) a symbolic name (www.cengage.com) with its corresponding IP address (69.32.133.11)?* a. Internet protocol (IP) b. Internet Control Message Protocol (ICMP) c. Domain Name System (DNS) d. Hypertext Transport Protocol Secure (HTTPS)

c. *Domain Name System (DNS)* The Domain Name System (DNS) is a TCP/IP protocol that resolves (maps) a symbolic name (www.cengage.com) with its corresponding IP address (69.32.133.11).

Security-Related Policies and Procedures *Which type of policy would govern whether employees can engage in practices such as taking gifts from vendors?* a. Termination policy b. Endowment policy c. Ethics policy d. Benefit policy

c. *Ethics policy* An ethics policy is the written policy governing accepted organizational ethics.

*Which type of biometric authentication system is not subject to false rejection due to illness or minor injury?* a. Fingerprint b. Voiceprint c. Facial recognition d. Retina

c. *Facial recognition* Facial recognition systems measure relative spacing between underlying features such as the bone structure and eye placement, requiring more than a minor injury to modify this biometric signature. Fingerprint signatures can be modified by minor cuts, abrasions, and exposure to chemicals, making answer A incorrect. Both voiceprint and retinal signatures can be modified due to illness and injury, making answers B and D incorrect.

Disaster Recovery and Incident Response *The process of automatically switching from a malfunctioning system to another system is called what?* a. Fail safe b. Redundancy c. Fail-over d. Hot site

c. *Fail-over* Fail-over occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.

Security and Vulnerability in the Network *In which type of testing do you begin with the premise that an outsider attacker is being fed some knowledge from someone inside the network?* a. Black box b. White box c. Gray box d. Green box

c. *Gray box* With gray box testing, you begin with the premise that an outsider attacker is being fed some knowledge from someone inside the network.

Protecting Networks *You're the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities?*

c. *HIDS* A host-based IDS (HIDS) is installed on each host that needs IDS capabilities.

Security-Related Policies and Procedures *People in an organization can withhold classified or sensitive information from others in the company when governed by what type of policy?* a. Nondisclosure b. Suppression c. Need-to-know d. Revelation

c. *Need-to-know* People in an organization can withhold classified or sensitive information from others in the company when governed by need-to-know policies.

*What is a potential concern to weaker encryption algorithms as time goes on? (Select the best answer.)* a. Performance of the algorithm worsens over time b. Keys generated by users start to repeat on other users' systems c. Hackers using distributed computing might be able to finally crack algorithms. d. All options are correct.

c. *Hackers using distributed computing might be able to finally crack algorithms.* As computers get faster, so does the ability for hackers to use distributed computing as a method of breaking encryption algorithms. With computer performance, in some cases, increasing by 30% to 50% a year on average, this could become a concern for some older algorithms. Answer A is incorrect because weak keys exhibit regularities, and the weakness has nothing to do with performance. Answer B is incorrect because the weakness in keys comes from a block cipher regularity in the encryption of secret keys. The keys do not repeat themselves on other machines. Answer D is incorrect because there is only one correct answer.

*What type of algorithm is SHA-1?* a. Asymmetric encryption algorithm b. Digital signature c. Hashing algorithm d. Certificate authority

c. *Hashing algorithm* SHA-1 is a cryptographic hash function and is an updated version of the original Secure Hash Algorithm (SHA). Answer A is incorrect because this is an algorithm that uses a public and private key pair and is not associated with SHA-1. Answer B is incorrect because a digital signature is not an encryption algorithm. Answer D is incorrect because a certificate authority accepts or revokes certificates.

Operating System and Application Security *Which of the following will help track changes to the environment when an organization needs to keep legacy machines?* a. Virtualization b. Network storage policies c. Host software baselining d. Roaming profiles

c. *Host software baselining* Host software baselining can be done for a variety of reasons including malware monitoring and creating system images. Generally, the environment needs of an organization will fall into a legacy, enterprise, or high-security client. Answer A is incorrect because virtualization adds a layer of security as well as improves enterprise desktop management and control with faster deployment of desktops and fewer support calls due to application conflicts. Answer B is incorrect because network storage policies have nothing to do with desktop management. Answer D is incorrect because roaming profiles do not add a layer of security.

Operating System and Application Security *Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation called?*

c. *Hotfix* A hotfix is done while a system is operating. This reduces the necessity of taking a system out of service to fix a problem.

*Which protocol uses TLS and SSL to secure Hypertext Transport Protocol (HTTP) communications between a browser and a web server?* a. FTP Secure (FTPS) b. Secure Shell (SSH) c. Hypertext Transport Protocol Secure (HTTPS) d. Internet Protocol Security (IPsec)

c. *Hypertext Transport Protocol Secure (HTTPS)* One common use of TLS and SSL is to secure Hypertext Transport Protocol (HTTP) communications between a browser and a web server. This secure version is actually "plain" HTTP sent over SSL or TLS and is called Hypertext Transport Protocol Secure (HTTPS).

*In a(n) _______________ attack, an Internet Control Message Protocol (ICMP) redirect packet is sent to the victim that asks the host to send its packets to another "router," which is actually a malicious device.* a. network discovery b. smurf c. ICMP redirect d. ping of death

c. *ICMP redirect* In an Internet Control Message Protocol (ICMP) redirect attack, an ICMP redirect packet is sent to the victim that asks the host to send its packets to another "router," which is actually a malicious device.

*Each firewall rule is essentially a separate instruction with a(n) _______________ construction.* a. FOR-EACH b. DO-UNTIL c. IF-THEN d. WHILE-DO

c. *IF-THEN* Firewall rules are essentially an IF-THEN construction. IF these rule conditions are met, THEN the action occurs.

*You have been tasked with mitigating the risk of password-based attacks. Which of the following should you consider to provide a control beyond just what someone knows?* a. Enforce complex passwords b. Prevent the user from entering more than three incorrect passwords c. Implement use of a one-time use token d. A and B

c. *Implement use of a one-time use token* Although both A and B provide controls for passwords, they are still both based on something the user knows: a password. A one-time use token can be a dedicated hardware token or may be a software token or text message on a mobile device. This would be an example of something the user has (for example, a hardware token or registered mobile device). Answer D is incorrect.

Access Control and Identity Management *What is implied at the end of each access control list?*

c. *Implicit deny* An implicit deny clause is implied at the end of each ACL, and it means that if the proviso in question has not been explicitly granted, then it is denied.

* _______________ in access control means that if a condition is not explicitly met, the request for access is rejected.* a. Static allow b. Explicit allow c. Implicit deny d. Dynamic deny

c. *Implicit deny* Implicit deny in access control means that if a condition is not explicitly met, the request for access is rejected. (Implicit means that something is implied or indicated but not actually expressed.)

*An organization has an access control list implemented on the border router, but it appears that unauthorized traffic is still being accepted. Which of the following would the organization implement to improve the blocking of unauthorized traffic?* a. Loop protection b. Flood guard c. Implicit deny d. Port security

c. *Implicit deny* Implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access. Answer A is incorrect because the loop protection feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denial-of-service (DoS) attacks. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.

Security and Vulnerability in the Network *Which of the following is a software application that checks your network for any known security holes?* a. Logic bomb b. Log analyzer c. Vulnerability scanner d. Design reviewer

c. *Vulnerability scanner* A vulnerability scanner is a software application that checks your network for any known security holes.

Security and Vulnerability in the Network *Your organization is exploring endpoint data-loss prevention (DLP) solutions. This solution is targeting which of the following data states?* a. In-transit b. At-rest c. In-use d. In-flux

c. *In-use* Protection of data in-use is considered to be an endpoint solution and the application is run on end user workstations or servers in the organization. Answer A is incorrect because protection of data in-transit is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer B is incorrect because protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer D is incorrect because there is no such data state.

*Buffer overflows, format string vulnerabilities, and utilization of shell-escape codes can be mitigated by which of the following practices?* a. Fuzzing b. Testing c. Input validation d. Browser initiated token request

c. *Input validation* Input validation tests whether an application properly handles input from a source outside the application destined for internal processing. Answer A is incorrect because fuzzing allows an attacker to inject random-looking data into a program to see if it can cause the program to crash. Answer B is incorrect because testing is too generic or a term. Answer D is incorrect because it is a method used to mitigate Cross-site request forgery (XSRF) attacks.

Network Security *Which option for installing a corporate spam filter is considered to be the most effective approach?* a. Install the spam filter on the Domain Name Server (DNS). b. Install the spam filter on the Post Office Protocol (POP3) server. c. Install the spam filter with the Simple Mail Transfer Protocol (SMTP) server. d. Contract with a third-party entity that filters out spam.

c. *Install the spam filter with the Simple Mail Transfer Protocol (SMTP) server.* Installing the spam filter with the SMTP serve is the simplest and most effective approach.

Network Security *Which statement concerning behavior-based monitoring is correct? * a. It is necessary to update signature files before monitoring can take place. b. It is necessary to compile a baseline of statistical behavior before monitoring can take place. c. It can more quickly stop new attacks as compared to anomaly- and behavior-based monitoring. d. Behavior-based monitoring operates in a reactive mode.

c. *It can more quickly stop new attacks as compared to anomaly- and behavior-based monitoring.* One of the advantages of behavior-based monitoring is that it is not necessary to update signature files or compile a baseline of statistical behavior before monitoring can take place. In addition, behavior-based monitoring can more quickly stop new attacks.

Cryptography Basics *What is the primary organization for maintaining certificates called?*

c. *LRA* A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.

Physical and Hardware-Based Security *Which of the following methods would be the most effective method to physically secure computers that are used in a lab environment that operates on a part-time basis?* a. Security cables b. Server cages c. Locked cabinet d. Hardware dongle

c. *Locked cabinet* A locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular, daily basis. Vendors provide solutions such as a security cabinet locker that secures CPU towers. The housing is made of durable, heavy-duty steel for strength. Answer A is incorrect because security cables with combination locks can provide such security and are easy to use but are used mostly to secure laptops and leave the equipment exposed. Answer B is incorrect because PC Safe tower and server cages are designed to bolt to the floor and are meant to be in an environment that is static. Answer D is incorrect because a hardware dongle is used for license enforcement.

*An organization has agreed to collaborate on a business project with another organization. Which of the following documents would outline the terms and details of an agreement between parties, including each party's requirements and responsibilities?* a. SLA b. BPA c. MOU d. ISA

c. *MOU* A memorandum of understanding (MOU) is a document that outlines the terms and details of an agreement between parties, including each party's requirements and responsibilities. Answer A is incorrect because a service level agreement (SLA) is a contract between a service provider and a customer that specifies the nature of the service to be provided and the level of service that the provider will offer to the customer. Answer B is incorrect because a business partners agreement (BPA) is a contract that establishes partner profit percentages, partner responsibilities, and exit strategies for partners. Answer D is incorrect because an interconnection security agreement (ISA) is an agreement between organizations that have connected IT systems.

Disaster Recovery and Incident Response *Which of the following is the measure of the anticipated incidence of failure for a system or component?* a. CIBR b. AIFS c. MTBF d. MTTR

c. *MTBF* Mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component.

*Which type of risk control is administrative in nature and includes the laws, regulations, policies, practices, and guidelines that govern overall requirements and controls?* a. Technical b. System c. Management d. Operational

c. *Management* Management risk control types are administrative in their nature and are the laws, regulations, policies, practices, and guidelines that govern the overall requirements and controls.

Cryptography Implementation *Which of the following is an attack against the algorithm?* a. Birthday attack b. Weak key attack c. Mathematical attack d. Registration attack

c. *Mathematical attack* A mathematical attack is an attack against the algorithm.

*Which of the following is an example of role-based access control criteria?* a. GPS coordinates b. Trusted OS c. Members of the Administrators group d. Time of day

c. *Members of the Administrators group* Role-based access control involves assignment of access rights to groups associated with specific roles, with accounts inheriting rights based on group membership. Answers A and B are incorrect, as requirements for access only from specific locations or only from systems running a trusted OS are examples of rule-based access controls. Time of day restrictions are also rule-based access controls, making answer D incorrect.

Cryptography Basics *MAC is an acronym for what as it relates to cryptography?*

c. *Message authentication code* A MAC as it relates to cryptography is a method of verifying the integrity of an encrypted message. The MAC is derived from the message and the key.

*Which of the following would best mitigate the risks associated with allowing organizational network access required by the terms of a joint project with a business partner?* a. Captive portal b. Access control lists c. Network segmentation d. Log analysis

c. *Network segmentation* With interconnected networks, the potential for damage greatly increases because one compromised system on one network can easily spread to other networks. Networks that are shared by partners, vendors, or departments should have clear separation boundaries. Answer A is incorrect because a captive portal is used to block Internet access for users until some action is taken. Answer B is incorrect because access control generally refers to the process of making resources available to accounts that should have access, while limiting that access to only what is required. Answer D is incorrect because logging is the process of collecting data to be used for monitoring and auditing purposes.

*Which of the following is a security concern when implementing NoSQL databases?* a. NoSQL databases do not provide any authentication mechanisms. b. The NoSQL design uses server-side validation. c. NoSQL databases lack confidentiality and integrity. d. NoSQL databases are lacking in areas of scalability and performance.

c. *NoSQL databases lack confidentiality and integrity.* The NoSQL design does not place security as a high priority, lacking confidentiality and integrity. Answer A is incorrect because NoSQL databases such as MongoDB have added support for Kerberos authentication, more granular access controls, and SSL encryption. Answer B is incorrect because server-side validation helps protect against malicious attempts by a user to bypass validation or submit unsafe input and it is associated with web-based applications not databases. Answer D is incorrect because when compared to relational databases, NoSQL systems are more scalable and provide superior performance. Scalability and performance are not security concerns.

Cryptography Basics *What is the acronym for the de facto cryptographic message standards developed by RSA Laboratories?* a. PKIX b. X.509 c. PKCS d. Both A and C

c. *PKCS* The Public Key Cryptography Standards (PKCS) are the de facto cryptographic message standards developed and maintained by RSA Laboratories, the Security Division of EMC. PKIX describes the development of Internet standards for X.509-based digital certificates; therefore, answers A, B, and D are incorrect.

Operating System and Application Security *What is the process of applying manual changes to a program called?*

c. *Patching* A patch is a temporary workaround of a bug or problem in code that is applied manually. Complete programs usually replace patches at a later date.

*Security guards are a form of which specific type of control?* a. Management b. Technical c. Physical d. Access

c. *Physical* Physical controls include facility design details such as layout, door, locks, guards, and surveillance systems. Management controls include policies and procedures, whereas technical controls include access control systems, encryption, and data classification solutions, making answers A and B incorrect. Access controls include all three classifications (management, technical, and physical), making Answer D incorrect because the question asks for a specific type.

*Which of the following is the best measure to prevent divulging sensitive information through dumpster diving? (Select two correct answers.)* a. A firewall b. Antivirus software c. Proper disposal policy d. Training and awareness

c. *Proper disposal policy* d. *Training and awareness* Dumpster diving describes a physical means of acquiring sensitive data, often by digging through discarded material. A policy that clearly describes an organization's stance on proper disposal of data and equipment along with user training and awareness are key measures that should be taken to prevent the disclosure of sensitive data through dumpster diving. Answers A and B are incorrect and cannot prevent a physical attack on materials.

*Which utility allows the identification of all devices conducting network traffic both to and from a network segment?* a. Port scanner b. Vulnerability scanner c. Protocol analyzer d. Network mapper

c. *Protocol analyzer* Protocol analyzers examine network traffic and identify protocols and endpoint devices in the identified transactions. Port scanners check service ports on a single device, making answer A incorrect. Answer B is incorrect because vulnerability scanners look for vulnerabilities associated with particular versions of software or services. Answer D is incorrect because a network mapper identifies all devices within a network segment and would not identify endpoint devices beyond that address space.

Access Control and Identity Management *Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation?*

c. *RBAC* Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles with specific privileges. A backup operator would need administrative privileges to back up a server. This privilege would be limited to the role and wouldn't be present during the employee's normal job functions.

Cryptography Basics *You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym?*

c. *RFC* The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process.

Disaster Recovery and Incident Response *Which of the following designates the amount of data loss that is sustainable and up to what point in time data recovery could happen before business is disrupted?* a. RTO b. MTBF c. RPO d. MTTF

c. *RPO* Recovery point objective (RPO) is the amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds the BCP's maximum allowable threshold. Simply put, RPO specifies the allowable data loss. It determines up to what point in time data recovery could happen before business is disrupted. Answer A is incorrect because recovery time objective (RTO) is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. Answer B is incorrect because mean time between failures (MTBF) is the average amount of time that passes between hardware component failures excluding time spent waiting for or being repaired. Answer D is incorrect because mean time to failure (MTTF) is the length of time a device or product is expected to last in operation.

Physical and Hardware-Based Security *RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following?* a. Network medium b. Electrical wiring c. Radio spectrum d. Portable media

c. *Radio spectrum* RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across a radio spectrum. Motors with defective brushes can generate RFI, as can a number of other devices.

Protecting Networks *Which of the following is an active response in an IDS?*

c. *Reconfiguring a router to block an IP address* Dynamically changing the system's configuration to protect the network or a system is an active response.

*Which of the following is a method that can be used to prevent data from being accessed in the event the device is lost or stolen?* a. GPS tracking b. Voice encryption c. Remote wipe d. Asset tracking

c. *Remote wipe* A remote wipe allows the handheld's data to be remotely deleted in the event the device is lost or stolen. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer D is incorrect because asset tracking is used for management of assets in the field so that the device location is known at all times.

*Which type of biometric authentication involves identification of the unique patterns of blood-vessels at the back of the eye?* a. Facial recognition b. Iris c. Retina d. Signature

c. *Retina* Retinal biometric systems identify unique patterns of blood vessels in the back of the eye. Facial recognition systems identify fixed spacing of key features of the face such as bones, eyes, and chin shape, making answer A incorrect. Answer B is incorrect because iris scanning involves identification of unique patterns in the outer colored part of the eye. Answer D is incorrect because signature analysis is a form of what you do biometric authentication recording the speed, shape, and unique kinematics of a personal written signature.

*A security template can be used to perform all but which of the following tasks?* a. Capture the security configuration of a master system b. Apply security settings to a target system c. Return a target system to its precompromised state d. Evaluate compliance with security of a target system

c. *Return a target system to its precompromised state* A security template alone cannot return a system to its precompromised state.

Security-Related Policies and Procedures *On a Linux-based system, which account is equivalent to the administrator account in Windows?* a. Auditor b. Supervisor c. Root d. Master

c. *Root* The root user in Linux is equivalent to the administrator user in Windows.

*What type of wireless antenna can be used to send or receive signals in any direction?* a. Cantenna b. Yagi c. Rubber duck d. Panel

c. *Rubber duck* A rubber duck antenna is an omnidirectional antenna.

*An organization that relies heavily on cloud and SaaS service providers, such as Salesforce.com, WebEx, and Google, would have security concerns when implementing which of the following?* a. TACACS+ b. Secure LDAP c. SAML d. XTACACS

c. *SAML* SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) framework for creating and exchanging security information between online partners. The weakness in the SAML identity chain is the integrity of users. To mitigate risk, SAML systems need to use timed sessions, HTTPS, and SSL/TLS. Answer A is incorrect because TACACS+ protocol provides authentication and authorization in addition to accounting of access requests against a centralized service for authorization of access requests. Answer B is incorrect because secure LDAP is a way to make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.

*Which statement accurately describes Secure FTP (SFTP)?* a. SFTP is a combination of two technologies (FTP and SSL or TLS). b. SFTP uses two ports. c. SFTP is an entire protocol itself. d. SFTP encrypts and compresses only data, not commands.

c. *SFTP is an entire protocol itself.* There are several differences between Secure FTP (SFTP) and FTP Secure (FTPS). First, FTPS is a combination of two technologies (FTP and SSL or TLS), whereas SFTP is an entire protocol itself and is not pieced together with multiple parts. Second, SFTP uses only a single TCP port instead of two ports like FTPS. Finally, SFTP encrypts and compresses all data and commands (FTPS may not encrypt data).

Disaster Recovery and Incident Response *Which agreement outlines performance requirements for a vendor?* a. MTBF b. MTTR c. SLA d. BCP

c. *SLA* A service-level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MTBF and MTTR as performance measures in the SLA.

*Which of the following services/protocols operate on port 22?* a. DNS b. HTTPS c. SSH d. RDP

c. *SSH* Secure Shell (SSH) operates on port 22. Answer A is incorrect because Domain Name Service (DNS) uses port 53. Answer B is incorrect because HTTPS uses port 443. Answer D is incorrect because Remote Desktop Protocol (RDP) uses port 3389.

*Which of the following models is useful for individuals and businesses that want to have the right to access a certain application without having to purchase a full license?* a. PaaS b. IaaS c. SaaS d. DaaS

c. *SaaS* Software-as-a-service (SaaS) is the delivery of a licensed application to customers over the Internet for use as a service on demand. Answer A is incorrect. Platform-as-a-service (PaaS) is the delivery of a computing platform, often an operating system with associated services, that is delivered over the Internet without downloads or installation. Answer B is incorrect because infrastructure-as-a-service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet. Answer D is incorrect because desktop-as-a-service (DaaS), also called virtual desktop or hosted desktop services, is the outsourcing of a virtual desktop infrastructure (VDI) to a third-party service provider.

*If Bob wants to send a secure message to Val using public key encryption without sender validation, what does Val need?* a. Bob's private key b. Bob's public key c. Val's private key d. Val's public key

c. *Val's private key* Val needs her own private key to decrypt the message Bob encrypted with her public key. Neither of Bob's keys is needed because the originator does not need to be validated, making Answers A and B incorrect. Answer D is incorrect because Val's public key is used to encrypting the original message before transmission.

*Which of the following would be implemented for secure communications when the organization is using an application that authenticates with Active Directory Domain Services (AD DS) through simple BIND?* a. TACACS+ b. SAML c. Secure LDAP d. XTACACS

c. *Secure LDAP* Reasons for enabling Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) / Transport Layer Security (TLS) also known as LDAPS, include protection of the authentication session when an application authenticates with Active Directory Domain Services (AD DS) through simple BIND. Answer A is incorrect because the TACACS+ protocol provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests. Answer B is incorrect because SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) framework for creating and exchanging security information between online partners. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.

* _______________ is an encrypted alternative to the Telnet protocol that is used to access remote computers.* a. Internet Control Message Protocol (ICMP) b. Internet Small Computer System Interface (iSCSI) c. Secure Shell (SSH) d. Secure Network Management Protocol (SNMP)

c. *Secure Shell (SSH)* Secure Shell (SSH) is an encrypted alternative to the Telnet protocol that is used to access remote computers.

*Which common cryptographic transport algorithm was developed by Netscape in 1994 in response to the growing concern over Internet security?* a. Hypertext Transport Protocol Secure (HTTPS) b. Secure Shell (SSH) c. Secure Sockets Layer (SSL) d. Transport Layer Security (TLS)

c. *Secure Sockets Layer (SSL)* One of the most common cryptographic transport algorithms is Secure Sockets Layer (SSL). This protocol was developed by Netscape in 1994 in response to the growing concern over Internet security.

*What is a written document that states how an organization plans to protect the company's information technology assets?* a. Privacy notice b. Acceptable use c. Security policy d. Data insurance

c. *Security policy* A security policy is a written document that states how an organization plans to protect the company's information technology assets.

Security and Vulnerability in the Network *The approach a business takes to security is known as its:* a. Rule-based management b. Network bridging c. Security posture d. Assessment technique

c. *Security posture* The security posture is the approach a business takes to security.

Physical and Hardware-Based Security *You're the leader of the security committee at ACME. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following best describes a motion detector mounted in the corner of a hallway?* a. Perimeter security b. Partitioning c. Security zone d. IDS system

c. *Security zone* A security zone is an area that is a smaller component of the entire facility. Security zones allow intrusions to be detected in specific parts of the building.

*Which of the following provides the output for an example of banner grabbing?* a. http://www.example.com/index.htm b. This is a government computer system. Authorized access only. c. Server Apache 2.0.46 (Red Hat Linux) d. Welcome to our FTP site

c. *Server Apache 2.0.46 (Red Hat Linux)* Banner grabbing is a technique used to discover information about a computer system. This information is used to further understand the underlying system. In this example, a vulnerability scanner can narrow down which vulnerabilities to test for. However, an attacker knows which exploits the system may be susceptible to. Answer A is simply a URL and is incorrect. Answers B and D are incorrect, and although they may be referred to as a "login banner," do not confuse these with banner grabbing.

Operating System and Application Security *What is the term used when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party?*

c. *Session hijacking* Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.

*An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem?* a. Single point of failure b. Redundant connections c. Backup generator d. Offsite backup storage

c. *Single point of failure* Having only a single high-speed fiber Internet connection represents the security problem of a single point of failure.

*In the _______________ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure.* a. Infrastructure as a Service (IaaS) b. Application as a Service (AaaS) c. Software as a Service (SaaS) d. Platform as a Service (PaaS)

c. *Software as a Service (SaaS)* In the Software as a Service (SaaS) model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. These applications, which can be accessed through a web browser, do not require any installation, configuration, upgrading, or management from the user.

Cryptography Basics *Kristin, from Payroll, has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true?*

c. *Suspended keys can be reactivated.* Suspending keys is a good practice: It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be reactivated when that person returns.

*You are setting up a switched network in which each department requires a logical separation. Which of the following meets these requirements?* a. DMZ b. VPN c. VLAN d. NAT

c. *VLAN* The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer A is incorrect because a DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer B is incorrect because a virtual private network (VPN) is a network connection that allows you access via a secure tunnel created through an Internet connection. Answer D is incorrect because NAT acts as a liaison between an internal network and the Internet.

* A switch can be used to prevent broadcast storms between connected systems through the use of what?* a. SSL b. S/MIME c. VLANs d. LDAP

c. *VLANs* Switches can create VLANs. Broadcast storms aren't transmitted between one VLAN and another.

*Which of the following is a hardware solution typically attached to the circuit board of the system used for greater security protection for processes such as digital signing, mission-critical applications, and businesses where high security is required?* a. Full disk encryption b. HSM c. TPM d. File-level encryption

c. *TPM* At the most basic level, a trusted platform module (TPM) provides for the secure storage of keys, passwords, and digital certificates, and it is hardware based (typically attached to the circuit board of the system). Answer A is incorrect because full disk encryption is a software solution and is most useful when you're dealing with a machine that is being taken on the road by people such as traveling executives, sales managers, or insurance agents. Answer B is incorrect because a hardware security module (HSM) can be described as black box combination hardware and software/firmware that is attached or contained inside a computer used to provide cryptographic functions for tamper protection and increased performance. Answer D is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself.

Operating System and Application Security *Which of the following is the name assigned to a chip that can store cryptographic keys, passwords, or certificates?*

c. *TPM* TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect cell phones and devices other than PCs as well.

*Which statement accurately describes an access control list characteristic?* a. Access control lists are efficient. b. Access control lists are simple to manage in an enterprise setting. c. The structure behind an access control list table can be complex. d. Access control lists are used extensively with UNIX systems but not on Windows operating systems.

c. *The structure behind an access control list table can be complex.* Although access control lists (ACLs) can be associated with any type of object, these lists are most often viewed in relation to files maintained by the operating system. ACLs have limitations. First, using ACLs is not efficient. Second, they can be difficult to manage in an enterprise setting where many users need to have different levels of access to many different resources. Note that the structure behind ACL tables can be complex.

Security-Related Policies and Procedures *You're giving hypothetical examples during a required security training session when the subject of certificates comes up. A member of the audience wants to know how a party is verified as genuine. Which party in a transaction is responsible for verifying the identity of a certificate holder?* a. Subscriber b. Relying party c. Third party d. Omni registrar

c. *Third party* The third party is responsible for assuring the relying party that the subscriber is genuine.

Threats and Vulnerabilities *_________ describes the potential that a weakness in hardware, software, process, or people will be identified and taken advantage of.* a. Vulnerability b. Exploit c. Threat d. Risk

c. *Threat* A threat is the potential that a vulnerability will be identified and exploited. Answer A is incorrect because a vulnerability is the weakness itself and not the likelihood that it will be identified and exploited. Answer B is incorrect because an exploit is the mechanism of taking advantage of a vulnerability rather than its likelihood of occurrence. Answer D is incorrect because risk is the likelihood that a threat will occur and the measure of its effect.

Operating System and Application Security *You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform the best that it possibly can in order to be an asset to the sale. Which model is used to provide an intermediary server between the end user and the database?*

c. *Three-tiered* A three-tiered model puts a server between the client and the database.

*What mechanism of loop protection is based on an element in a protocol header?* a. Spanning Tree Protocol b. Ports c. Time to live d. Distance vector protocols

c. *Time to live* Time to live (TTL) is a value in the IP header used to prevent loops at Layer 3.

*Which of the following standards ensures privacy between communicating applications and clients on the Web and has been designed to replace SSL?* a. Secure Sockets Layer 4 b. Point-to-Point Tunneling Protocol c. Transport Layer Security d. Internet Protocol Security

c. *Transport Layer Security* Transport Layer Security (TLS) is a network protocol that replaces Secure Sockets Layer (SSL) to provide communication security over networks. Answer A is incorrect, as such a thing was never developed. Answers B and D are incorrect as these describe methods for implementing VPNs and are were not designed to replace SSL.

*Which protocol is often used for the automated transfer of configuration files between devices?* a. Hypertext Transfer Protocol (HTTP) b. Secure Copy Protocol (SCP) c. Trivial File Transfer Protocol (TFTP) d. Secure FTP (SFTP)

c. *Trivial File Transfer Protocol (TFTP)* A "light" version of File Transfer Protocol (FTP) known as Trivial File Transfer Protocol (TFTP) uses a small amount of memory but has limited functionality. It is often used for the automated transfer of configuration files between devices.

Physical and Hardware-Based Security *You've been drafted for the safety committee. One of your first tasks is to inventory all the fire extinguishers and make certain the correct types are in the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires?* a. Type A b. Type B c. Type C d. Type D

c. *Type C* Type C fire extinguishers are intended for use in electrical fires.

Security-Related Policies and Procedures *A periodic security audit of which of the following can help determine whether privilege-granting processes are appropriate and whether computer usage and escalation processes are in place and working?* a. Event logs b. User account and ldp settings c. User access and rights review d. System security log files

c. *User access and rights review* A periodic security audit of user access and rights review can help determine whether privilege-granting processes are appropriate and whether computer usage and escalation processes are in place and working.

Wireless Networking Security *Which of the following is not one of the three transmission technologies used to communicate in the 802.11 standard?* a. DSSS b. FHSS c. VITA d. OFDM

c. *VITA* The three technologies available for use with the 802.11 standard are DSSS (direct-sequence spread spectrum), FHSS (frequency-hopping spread spectrum), and OFDM (orthogonal frequency division multiplexing). VITA (Volunteer Income Tax Assistance) is not a wireless transmission technology.

Wireless Networking Security *You're outlining your plans for implementing a wireless network to upper management. Suddenly, a paranoid vice president brings up the question of security. Which protocol was designed to provide security to a wireless network and can be considered equivalent to the security of a wired network?* a. WAP b. WTLS c. WPA2 d. IR

c. *WPA2* Wi-Fi Protected Access 2 (WPA2) was intended to provide security that's equivalent to the security on a wired network and implements elements of the 802.11i standard.

Wireless Networking Security *Which of the following provides services similar to TCP and UDP for WAP?* a. WTLS b. WDP c. WTP d. WFMD

c. *WTP* The Wireless Transaction Protocol (WTP) provides services similar to TCP and UDP for WAP.

Educating and Protecting the User *Which of the following is the best description of shoulder surfing?*

c. *Watching someone enter important information* Shoulder surfing is best defined as watching someone enter important information.

*A pirated movie-sharing service was discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users?* a. Typo squatting b. Integer overflow c. Watering hole attack d. Ransomware

c. *Watering hole attack* A watering hole attack could be used to plant phone-home-to-identity malware on the systems of subsequent visitors.

Educating and Protecting the User *Which of the following is another name for social engineering?*

c. *Wetware* Wetware is another name for social engineering.

*Due to organizational requirements strong encryption cannot be used. Which of the following is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point?* a. Wireless Application Environment (WAE) b. Wireless Session Layer (WSL) c. Wired Equivalent Privacy (WEP) d. Wireless Transport Layer Security (WTLS)

c. *Wired Equivalent Privacy (WEP)* WEP is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point. Answer A is incorrect. Wireless Application Environment (WAE) specifies the framework used to develop applications for mobile devices, including cell phones, data pagers, tablets, and laptops. Answers B and D are incorrect. Wireless Session Layer (WSL), Wireless Transport Layer (WTL), and Wireless Transport Layer Security (WTLS) are the specifications that are included in the WAP standard.

*Due to organizational requirements, strong encryption cannot be used. Which of the following is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point?* a. Wireless Application Environment (WAE) b. Wireless Session Layer (WSL) c. Wired Equivalent Privacy (WEP) d. Wireless Transport Layer Security (WTLS)

c. *Wired Equivalent Privacy (WEP)* WEP is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point. Answer A is incorrect. Wireless Application Environment (WAE) specifies the framework used to develop applications for mobile devices, including cell phones, data pagers, tablets, and laptops. Answers B and D are incorrect. Wireless Session Layer (WSL), Wireless Transport Layer (WTL), and Wireless Transport Layer Security (WTLS) are the specifications that are included in the WAP standard.

*_______________ is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information.* a. PSK2-mixed mode b. Temporal Key Integrity Protocol (TKIP) c. Wired Equivalent Privacy (WEP) d. Extensible Authentication Protocol (EAP)

c. *Wired Equivalent Privacy (WEP)* Wired Equivalent Privacy (WEP) is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information.

Threats and Vulnerabilities *A user calls you in a panic. He is receiving emails from people indicating that he is inadvertently sending viruses to them. Over 200 such emails have arrived today. Which type of attack has most likely occurred?*

c. *Worm* A worm is a type of malicious code that attempts to replicate using whatever means are available. The worm may not have come from the user's system; rather, a system with the user's name in the address book has attacked these people.

Security-Related Policies and Procedures *Which of the following is one of the most common certificates in use today?* a. X.733 b. X.50 c. X.509 d. X.500

c. *X.509* One of the most common certificates in use today is the X.509 certificate. It includes encryption, authentication, and a reasonable level of validity.

*Risk _______________ simply means that the risk is acknowledged but that no steps are taken to address it.* a. deterrence b. mitigation c. acceptance d. avoidance

c. *acceptance* Acceptance simply means that the risk is acknowledged but no steps are taken to address it.

Network Security *When a modern firewall receives a packet, it tends to use a(n) _______________ method to determine the action to be taken.* a. rule-based b. role-based c. application-based d. authentication-based

c. *application-based* Traditional firewalls are rule-based while more modern firewalls are application-based.

Network Security *A load balancer is typically located _______________ in a network configuration.* a. in front of a server b. in front of a router c. between a router and a server d. between a router and a switch

c. *between a router and a server* Because load balancers generally are located between routers and servers, they can detect and stop attacks directed at a server or application.

*All wireless network interface card (NIC) adapters have _______________ antennas.* a. external b. peripheral c. embedded d. focused

c. *embedded* Although all wireless network interface card (NIC) adapters have embedded antennas, attaching an external antenna will significantly increase the ability to detect a wireless signal.

*A _______________ is an event that does not appear to be a risk but actually turns out to be one.* a. false positive b. negative-positive c. false negative d. positive-negative

c. *false negative* A false negative is an event that does not appear to be a risk but actually turns out to be one.

*TCP/IP uses its own _______________ architecture that corresponds generally to the OSI reference model.* a. two-layer b. three-layer c. four-layer d. seven-layer

c. *four-layer* TCP/IP uses its own four-layer architecture that includes Network Interface, Internet, Transport, and Application layers. This corresponds generally to the OSI reference model.

*Fibre Channel over Ethernet (FCoE) encapsulates Fibre Channel _______________ over Ethernet networks.* a. headers b. addresses c. frames d. packets

c. *frames* A variation of FC is Fibre Channel over Ethernet (FCoE) that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use fast Ethernet networks while preserving the Fibre Channel protocol.

*Which of the following is a common storage networking standard chosen by businesses for ease of installation, cost, and utilization of current Ethernet networks?* a. Fibre Channel b. FTP c. iSCSI d. HTTPS

c. *iSCSI* Businesses choose Internet Small Computer System Interface (iSCSI) due to ease of installation, cost, and utilization of current Ethernet networks. Answer A is incorrect. Fibre Channel infrastructure generally is more costly and complex to manage due to the separate network switching infrastructure. Answer B is incorrect. FTP servers provide user access to upload or download files between client systems and a networked FTP server. Answer D is incorrect because HTTPS is used for secured web-based communications.

*The term _______________ refers to the average (mean) amount of time until a component fails, cannot be repaired, and must be replaced.* a. mean time to recovery b. failure in time c. mean time between failures d. mean time to failure

c. *mean time between failures* The term mean time between failures refers to the average (mean) amount of time until a component fails, cannot be repaired, and must be replaced.

*A _______________ cloud offers the highest level of security and control.* a. public b. community c. private d. hybrid

c. *private* A private cloud is created and maintained on a private network. Although this type offers the highest level of security and control (because the company must purchase and maintain all the software and hardware), it also reduces any cost savings.

*One of the best practices for access control is _______________, which requires that if the fraudulent application of a process might potentially result in a breach of security, the process should be divided between two or more individuals.* a. job rotation b. mandatory vacation c. separation of duties d. least privilege

c. *separation of duties* Separation of duties requires that if the fraudulent application of a process could potentially result in a breach of security, the process should be divided between two or more individuals.

*The term risk _______________ refers to the act of shifting risk to a third party.* a. deterrence b. mitigation c. transference d. avoidance

c. *transference* Risk transference is the act of transferring the risk to a third party.

Which type of key management does Secure Multipurpose Internet Mail Extensions (S/MIME) use: centralized or decentralized?

centralized

What is the safest method for creating and managing key pairs: centralized or de-centralized key management?

centralized key management

What does the acronym CA denote?

certification authority

What is an entity that issues and manages certificates?

certification authority (CA)

When evidence is seized, which principle should be emphasized?

chain of custody

Which type of disaster recovery site provides very little fault tolerance for the primary data center and relies on backups to bring the data center back online?

cold site

*Which statement describes a limitation of Secure Copy Protocol (SCP)?* a. SCP can only operate in the Windows environment. b. SCP cannot encrypt commands. c. SCP is being replaced by Remote Copy Protocol (RCP). d. A file transfer cannot be interrupted and then resumed in the same session.

d. *A file transfer cannot be interrupted and then resumed in the same session.* Secure Copy Protocol (SCP) encrypts files and commands, yet has limitations. For example, a file transfer cannot be interrupted and then resumed in the same session; the session must be completely terminated and then restarted.

*Which of the following risk-assessment formulas represents the total potential loss a company may experience within a single year due to a specific risk to an asset?* a. EF b. SLE c. ARO d. ALE

d. *ALE* The annualized loss expectancy (ALE) represents the total potential loss a company may experience within a single year due to a specific risk to an asset. EF is the percentage of asset value loss that would occur if a risk was realized. SLE is the potential dollar value loss from a single risk-realization incident. ARO is the statistical probability that a specific risk may be realized a certain number of times in a year.

*What is the last step in the access control process?* a. Identification b. Authentication c. Authorization d. Access control

d. *Access control* Only after credentials have been provided, authenticated, and authorized will access control list (ACL) values be assigned based on explicit and inherited grant and denial constraints. Answer A is incorrect because identification involves only the presentation of credentials and not the requirement for verifying those credentials as valid. Answers B and C are incorrect because both authentication and authorization must occur before access control constraints can be applied to an access request.

*Which of the following is included in hardening a host operating system?* a. A policy for antivirus updates b. A policy for remote wipe c. An efficient method to connect to remote sites d. An effective system for file-level security

d. *An effective system for file-level security* Hardening of the operating system includes planning against both accidental and directed attacks, such as the use of fault-tolerant hardware and software solutions. In addition, it is important to implement an effective system for file-level security, including encrypted file support and secured file system selection that allows the proper level of access control. Answer A is incorrect because it is a host protection measure, not an OS hardening measure. Answer B is incorrect because this is a feature associated with data security, not host hardening. Answer C is incorrect because this is a secure communication measure.

Protecting Networks *Which IDS function evaluates data collected from sensors?*

d. *Analyzer* The analyzer function uses data sources from sensors to analyze and determine whether an attack is under way.

*Historical data can be used to determine the likelihood of a risk occurring within a year. This is known as the _______________.* a. Annualized Loss Expectancy b. Single Loss Expectancy c. Multiple Loss Expectancy d. Annualized Rate of Occurrence

d. *Annualized Rate of Occurrence* Historical data can be used to determine the likelihood of a risk occurring within a year. This is known as the Annualized Rate of Occurrence (ARO).

Network Security *Which statement concerning anomaly-based monitoring is correct?* a. Anomaly-based monitoring is founded on experience based techniques. b. Anomaly-based monitoring looks for well-known patterns. c. Anomaly-based monitoring operates by being adaptive and proactive. d. Anomaly-based monitoring is designed for detecting statistical anomalies.

d. *Anomaly-based monitoring is designed for detecting statistical anomalies.* Anomaly-based monitoring is designed for detecting statistical anomalies.

Wireless Networking Security *Which of the following authentication levels with WAP allows virtually anyone to connect to the wireless portal?* a. Relaxed b. Two-way c. Server d. Anonymous

d. *Anonymous* Anonymous authentication allows virtually anyone to connect to the wireless portal.

*Which of the following is the most useful when you're dealing with data that is stored in a shared cloud environment?* a. Full disk encryption b. File-level encryption c. Media-level encryption d. Application-level encryption

d. *Application-level encryption* In a cloud environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data from the user all the way to storage. Answer A is incorrect because full disk encryption is most useful when you're dealing with a machine that is being taken on the road by people such as traveling executives, sales managers, or insurance agents. Answer B is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself. Answer C is incorrect because media encryption is used for USB flash drives, iPods, and other portable storage devices.

*Which statement accurately describes a weakness in disabling SSID broadcasts?* a. Turning off the SSID broadcast may allow users to freely roam from one AP coverage area to another. b. For most hardware routers, the effect is temporary and the disabling actions must be repeated frequently. c. Disabling SSID broadcasts may disable the entire network. d. Attackers with protocol analyzers can still detect the SSID.

d. *Attackers with protocol analyzers can still detect the SSID.* The SSID can be easily discovered even when it is not contained in beacon frames because it is transmitted in other management frames sent by the AP. Attackers with protocol analyzers can still detect the SSID.

*Which of the following is not an example of the principles of influence used in social engineering attacks?* a. Authority b. Intimidation c. Scarcity and urgency d. Authenticity and authorization e. Trust

d. *Authenticity and authorization* Authenticity and authorization both relate to identity and access control and are not principle reasons for effectiveness as related to social engineering. Answers, A, B, C, and E are all legitimate principles and so are incorrect answers.

*Which of the following is not focused on recovering after loss of function?* a. RTO b. DRP c. RPO d. BCP

d. *BCP* Business continuity planning (BCP) / continuity of operations (COO) is focused on maintaining continued service availability even if in a limited form. Recovery time objectives (RTOs) and recovery point objectives (RPOs) are components of disaster recovery planning (DRP) focusing on recovery after a loss of function, making answers A, B, and C incorrect.

*_______________ can be prevented with loop protection.* a. IP address spoofing b. Man-in-the-middle attacks c. Denial of service (DoS) attacks d. Broadcast storms

d. *Broadcast storms* Broadcast storms can be prevented with loop protection, which uses the IEEE 802.1d standard spanning-tree algorithm (STA).

Access Control and Identity Management *Which of the following is a type of smart card issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?*

d. *CAC* One type of smart card is the Common Access Card (CAC). These cards are issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees.

*Which of the following types of cloud computing is designed to meet industry-specific needs such as healthcare, public sector, or energy?* a. Public b. Private c. Hybrid d. Community

d. *Community* Community clouds are designed to accommodate the mutual needs of a particular business community. This is generally industry-specific such as healthcare, public sector, or energy. Answer A is incorrect because a public cloud is an environment where the services and infrastructure are hosted at a service provider's offsite facility and accessed over the Internet based on a monthly or yearly usage fee. Answer B is incorrect because a private cloud is a hosted infrastructure on a private platform and can sometimes be referred to as an internal, corporate, or enterprise cloud. Answer C is incorrect. A hybrid cloud is a combination of public and private clouds where control of data is kept using a private cloud while other functions are hosted using a public cloud.

Network Security *Which type of Internet content filtering restricts unapproved websites from being displayed by searching for and matching keywords?* a. Uniform resource locator (URL filtering) b. Profiling c. Malware inspection d. Content inspection

d. *Content inspection* Internet content filters monitor Internet traffic and block access to preselected websites and files. A requested webpage is displayed only if it complies with the specified filters. Unapproved websites can be restricted based on the Uniform Resource Locator or URL (URL filtering) or by searching for and matching keywords such as sex or hate (content inspection) as well as looking for malware (malware inspection).

*Which of the following is a commonly applied principle for fault tolerance against accidental faults designed into critical facilities planning?* a. Firmware version control b. Wrappers c. Manual updates d. Control redundancy

d. *Control redundancy* Control redundancy is replication of a component in identical copies to compensate for random hardware failures. Redundancy is usually dispersed geographically as well as through backup equipment and databases, or hot sparing of system components. Answer A is incorrect because firmware version control is important in systems like gaming consoles because many vulnerabilities cannot be fixed via firmware updates, leaving a system vulnerable until a new console is released. Answer B is incorrect because wrappers are used in several types of implementations such as smart grids, integration of legacy systems, and reducing the risk of web-based attacks. Answer C is incorrect because manual updates, although inconvenient, may also be necessary when the system contains sensitive data and is segmented.

Threats and Vulnerabilities *Which of the following is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated?* a. Buffer overflow b. Input validation error c. Cross-site scripting d. Cross-site request forgery

d. *Cross-site request forgery* Cross-site request forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect because input validation errors are a result of improper field checking in the code. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.

Security-Related Policies and Procedures *Which policy defines what constitutes sensitive data and applies protection to it?* a. Classification b. BCP c. Data review d. Data theft

d. *Data theft* A data theft policy defines what constitutes sensitive data and applies protection to it.

*In which of the following phases should code security first be implemented?* a. Testing b. Review c. Implementation d. Design

d. *Design* It is important that security is implemented from the very beginning. In the early design phase, potential threats to the application must be identified and addressed. Ways to reduce the associated risks must also be taken into consideration. Therefore, answers A, B, and C are incorrect.

*What item is considered to be the biggest obstacle to log management?* a. Offsite storage accessibility b. Very large volume of data c. Multiple devices generating logs d. Different log formats

d. *Different log formats* Perhaps the biggest obstacle to log management is that different devices record log information in different formats and even with different data captured. Combining multiple logs, each with a different format, can be a major challenge.

*A newer secure version of DNS known as _______________ allows DNS information to be digitally signed so that an attacker cannot forge DNS information.* a. Domain Name System Security (DNSS) b. Advanced Domain Name System (ADNS) c. Domain Name System2 (DNS2) d. Domain Name System Security Extensions (DNSSEC)

d. *Domain Name System Security Extensions (DNSSEC)* A newer secure version of DNS known as Domain Name System Security Extensions (DNSSEC) allows DNS information to be digitally signed so that an attacker cannot forge DNS information.

*Which form of fire suppression functions best in an Alaskan fire of burning metals?* a. Dry-pipe sprinkler b. Wet-pipe sprinkler c. Carbon dioxide d. Dry powder

d. *Dry powder* Combustible metal fires (Class D) require sodium chloride and copper-based dry powder extinguishers. Although dry-pipe would be preferable to wet-pipe sprinklers in regions that experience very low temperatures such as Alaska, water is only appropriate for wood, paper, and trash fires (Class A), making answers A and B incorrect. Answer C is incorrect because carbon dioxide and Halon extinguishers are useful for fires involving live electric wiring (Class C) and would not be used for burning metals.

*_______________ was created as a more secure alternative than the weak Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP).* a. Temporal Key Integrity Protocol (TKIP) b. Advanced Encryption Standard (AES) c. Protected EAP (PEAP) d. Extensible Authentication Protocol (EAP)

d. *Extensible Authentication Protocol (EAP)* A framework for transporting the authentication protocols is known as the Extensible Authentication Protocol (EAP). EAP was created as a more secure alternative than the weak Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP). Despite its name, EAP is a framework for transporting authentication protocols instead of the authentication protocol itself.

Physical and Hardware-Based Security *Which form of cabling is least susceptible to EM interference?* a. STP b. UTP c. Coaxial d. Fiber optic

d. *Fiber optic* Fiber-optic cabling is least subject to electromagnetic interference because its communications are conducted by transmitting pulses of light over glass, plastic, or sapphire transmission fibers. Twisted-pair (shielded STP as well as unshielded UTP) copper cables provide minimal shielding against interference but can function as antenna picking up nearby EM sources when extended over long cable runs, making answers A and B incorrect. Answer C is incorrect because although coaxial cables limit EM interference by encasing one conductor in a sheath of conductive material, they are still conductive and not as resistant as purely optical forms of communication.

*What form of storage or file-transfer technology was originally designed to be operated over an optical network but was adapted to run over a copper network as well?* a. FTP b. iSCSI c. SATA d. Fibre Channel

d. *Fibre Channel* Fibre Channel is a form of network data-storage solution (SAN or NAS) that allows for high-speed file transfers upwards of 16 Gbps. It was designed to be operated over fiber optic cables, but support for copper cables was added later to offer less expensive options.

Cryptography Basics *Which of the following is a hybrid cryptosystem?* a. PAP b. MD5 c. RSA d. GPG

d. *GPG* Privacy Guard (GnuPG or GPG) is a hybrid cryptosystem that uses combination of public key and private key encryption. The incorrect choices are A, B, and C: PAP is a basic form of authentication during which the username and password are transmitted unencrypted, RSA is an asymmetric cipher, and MD5 is a hash.

*What tool is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network?* a. Firewall b. IDS c. Router d. Honeypot

d. *Honeypot* A honeypot is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network.

*Which term refers to the expansion and contraction of random access memory (RAM) or hard drive space as needed?* a. On-demand computing b. Host computing c. Host availability d. Host elasticity

d. *Host elasticity* Virtualization has several advantages. First, new virtual server machines can be quickly made available (host availability), and resources such as the amount of Random Access Memory (RAM) or hard drive space can easily be expanded or contracted as needed (host elasticity).

Physical and Hardware-Based Security *Which of the following is a method of cooling server racks in which hot air and cold are both handled in the server room?* a. Hot/cold vessels b. Hot and cold passages c. Hot/cold walkways d. Hot and cold aisles

d. *Hot and cold aisles* Hot and cold aisles is a method of cooling server racks in which hot air and cold are both handled in the server room.

*What form of recovery site requires the least amount of downtime before mission-critical business operations can resume?* a. Cold b. Warm c. Hot d. Offsite

d. *Hot* A hot site requires the least amount of downtime before mission-critical business operations can resume, because it is a real-time mirror of the primary site.

Threats and Vulnerabilities *A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack?*

d. *ICMP* A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network.

*Loop protection uses the _______________ standard spanning-tree algorithm (STA).* a. IEEE 801.2d b. IEEE 802.3 c. IEEE 802.11n d. IEEE 802.1d

d. *IEEE 802.1d* Broadcast storms can be prevented with loop protection, which uses the IEEE 802.1d standard spanning-tree algorithm (STA).

Security-Related Policies and Procedures *An organization is partnering with another organization which requires shared systems. Which of the following documents would outline how the shared systems interface?* a. SLA b. BPA c. MOU d. ISA

d. *ISA* An interconnection security agreement (ISA) is an agreement between organizations that have connected IT systems. Answer A is incorrect because a service level agreement (SLA) is a contract between a service provider and a customer that specifies the nature of the service to be provided and the level of service that the provider will offer to the customer. Answer B is incorrect because a business partners agreement (BPA) is a contract that establishes partner profit percentages, partner responsibilities, and exit strategies for partners. Answer C is incorrect because a memorandum of understanding (MOU) is a document that outlines the terms and details of an agreement between parties, including each party's requirements and responsibilities.

*Which of the following methods of cloud computing enables the client to literally outsource everything that would normally be in a typical IT department?* a. SaaS b. DaaS c. PaaS d. IaaS

d. *IaaS* Infrastructure-as-a-service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet. This method of cloud computing enables the client to literally outsource everything that would normally be in a typical IT department. Answer A is incorrect because software-as-a-service (SaaS) is the delivery of a licensed application to customers over the Internet for use as a service on demand. Answer B is incorrect because desktop-as-a-service (DaaS), also called virtual desktop or hosted desktop services, is the outsourcing of a virtual desktop infrastructure (VDI) to a third-party service provider. Answer C is incorrect. Platform-as-a-service (PaaS) is the delivery of a computing platform, often an operating system with associated services, that is delivered over the Internet without downloads or installation.

*Which cloud computing service model provides the customer the highest level of control?* a. Application as a Service (AaaS) b. Software as a Service (SaaS) c. Platform as a Service (PaaS) d. Infrastructure as a Service (IaaS)

d. *Infrastructure as a Service (IaaS)* In the Infrastructure as a Service (IaaS) model, the customer has the highest level of control. The cloud computing vendor allows customers to deploy and run their own software, including operating systems and applications. Consumers have some control over the operating systems, storage, and their installed applications, but do not manage or control the underlying cloud infrastructure.

Cryptography Basics *A brainstorming session has been called. The moderator tells you to pull out a sheet of paper and write down your security concerns based on the technologies that your company uses. If your company uses public keys, what should you write as the primary security concern?*

d. *Integrity* Public keys are created to be distributed to a wide audience. The biggest security concern regarding their use is ensuring that the public keys maintain their integrity. This can be accomplished by using a thumbprint or a second encryption scheme in the certificate or key.

Cryptography Implementation *One disadvantage of decentralized key generation is:* a. It depends on key escrow. b. It is more vulnerable to single point attacks. c. There are more risks of attacks. d. It creates a storage and management issue.

d. *It creates a storage and management issue.* A disadvantage of decentralized key generation is the storage and management issue it creates.

Security and Vulnerability in the Network *Rule-based management defines conditions for access to objects and is also known as:* a. Distributed management b. Management by objective c. Role-based management d. Label-based management

d. *Label-based management* Rule-based management, also known as label-based management, defines conditions for access to objects.

Educating and Protecting the User *Which classification of information designates that information can be released on a restricted basis to outside organizations?*

d. *Limited distribution* Limited distribution information can be released to select individuals and organizations, such as financial institutions, governmental agencies, and creditors.

*Which of the following is more formal than a handshake agreement but not a legal binding contract?* a. SLA b. BIA c. DLP d. MOU

d. *MOU* A memorandum of understanding (MOU) is an expression of agreement or aligned intent, will, or purpose between two entities. An MOU is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentleman's handshake (neither of which is typically written down). An SLA is a formal control. BIA is business impact assessment. DLP is data loss prevention.

*Which of the following is the length of time a device or product is expected to last in operation?* a. RTO b. MTBF c. RPO d. MTTF

d. *MTTF* Mean time to failure (MTTF) is the length of time a device or product is expected to last in operation. Answer A is incorrect because recovery time objective (RTO) is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. Answer B is incorrect because mean time between failures (MTBF) is the average amount of time that passes between hardware component failures excluding time spent waiting for or being repaired. Answer C is incorrect because recovery point objective (RPO) is the amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds the BCP's maximum allowable threshold. It determines up to what point in time data recovery could happen before business is disrupted.

Access Control and Identity Management *If Sally wants to send a secure message to Mark using public key encryption but is not worried about sender verification, what does she need in addition to her original message text?* a. Sally's private key b. Sally's public key c. Mark's private key d. Mark's public key

d. *Mark's public key* Sally needs Mark's public key to encrypt her original message in a form that only Mark can decrypt. Neither of Sally's keys is needed because the originator does not need to be validated, making answers A and B incorrect. Answer C is incorrect because Mark's private key is used for decrypting the encrypted message to reveal Sally's original message.

*What is the average amount of time expected until the first failure of a piece of equipment?* a. Mean Time to Recovery b. Failure In Time c. Mean Time Between Failures d. Mean Time To Failure

d. *Mean Time To Failure* Mean Time To Failure (MTTF) is the average amount of time expected until the first failure of a piece of equipment.

Security-Related Policies and Procedures *Which Windows Firewall events are logged by default in Windows 7?* a. Dropped packets b. Successful connections c. Both dropped packets and successful connections d. Neither dropped packets nor successful connections

d. *Neither dropped packets nor successful connections* By default, Windows Firewall in Windows 7 logs neither dropped packets nor successful connections. Logging occurs only when one or both of these are turned on.

Cryptography Basics *Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments her company is working on. Telephone logs, however, show that such a call was placed from her phone, and time clock records show she was the only person working at the time. What do these records provide?*

d. *Non-repudiation* Non-repudiation offers undisputable proof that a party was involved in an action.

Cryptography Basics *The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified?*

d. *OCSP* Online Certificate Status Protocol (OCSP) can be used to immediately verify a certificate's authenticity.

*A video surveillance system is a form of which type of access control?* a. Quantitative b. Management c. Technical d. Physical

d. *Physical* Physical controls include facility design details such as layout, door, locks, guards, and electronic surveillance systems. Quantitative risk analysis involved the use of numerical metrics and is used to identify and sort risks rather than to control risk, making answer A incorrect. Answer B is incorrect because management controls include policies and procedures. Answer C is incorrect because technical controls include access control systems, encryption, and data classification solutions.

According to CompTIA's Security+ examination blueprint, what are the three listed controls to provide confidentiality?

encryption, access controls, and steganography

*Which cloud computing service model allows the consumer to install and run their own specialized applications on the cloud computing network without requiring the consumer to manage or configure any of the underlying cloud infrastructure?* a. Application as a Service (AaaS) b. Infrastructure as a Service (IaaS) c. Software as a Service (SaaS) d. Platform as a Service (PaaS)

d. *Platform as a Service (PaaS)* Unlike Software as a Service (SaaS), in which the application software belonging to the cloud computing vendor is used, in Platform as a Service (PaaS), consumers can install and run their own specialized applications on the cloud computing network.

Physical and Hardware-Based Security *A new switch has been implemented in areas where there is very little physical access control. Which of the following would the organization implement as a method for additional checks to prevent unauthorized access?* a. Loop protection b. Flood guard c. Implicit deny d. Port security

d. *Port security* Port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port. Answer A is incorrect because the loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature used to control network activity associated with denial-of-service (DoS) attacks. Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access.

Measuring and Weighing Risk *Which of the following is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected?* a. Public data b. Confidential data c. Sensitive data d. Private data

d. *Private data* Private data is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected. Answer A is incorrect because the unauthorized disclosure, alteration, or destruction of public data would result in little or no risk to the organization. Answer B is incorrect because confidential data is internal information that defines the way in which the organization operates. Security should be high. Answer C is incorrect because sensitive data is considered confidential data.

Educating and Protecting the User *You are implementing network access for several internal business units that work with sensitive information on a small organizational network. Which of the following would best mitigate risk associated with users improperly accessing other segments of the network without adding additional switches?* a. Log analysis b. Access control lists c. Network segmentation d. Proper VLAN management

d. *Proper VLAN management* VLANs provide a way to limit broadcast traffic in a switched network. This creates a boundary and, in essence, creates multiple, isolated LANs on one switch. Answer A is incorrect because logging is the process of collecting data to be used for monitoring and auditing purposes. Answer B is incorrect because access control generally refers to the process of making resources available to accounts that should have access while limiting that access to only what is required. Answer C is incorrect because network segmentation is used for interconnected networks where a compromised system on one network can easily threaten machines on other network segments.

*Which one of the following best identifies the system of digital certificates and certification authorities used in public key technology?* a. Certificate practice system (CPS) b. Public key exchange (PKE) c. Certificate practice statement (CPS) d. Public key infrastructure (PKI)

d. *Public key infrastructure (PKI)* PKI represents the system of digital certificates and certificate authorities. Answers A, B, and C are incorrect. A CPS is a document created and published by a CA that provides for the general practices followed by the CA. Answers A and B are fictitious terms.

Access Control and Identity Management *What is the name given to the system of digital certificates and certificate authorities used for public key cryptography over networks?* a. Protocol key instructions (PKI) b. Public key extranet (PKE) c. Protocol key infrastructure (PKI) d. Public key infrastructure (PKI)

d. *Public key infrastructure (PKI)* Public key infrastructure describes the trust hierarchy system for implementing a secure public key cryptography system over TCP/IP networks. Answers A, B, and C are incorrect because these are bogus terms.

Disaster Recovery and Incident Response *You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency?* a. Backup-site agreement b. Warm-site agreement c. Hot-site agreement d. Reciprocal agreement

d. *Reciprocal agreement* A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency.

*A goal of NAC is which of the following?* a. Reduce social engineering threats b. Map internal private addresses to external public addresses c. Distribute IP address configurations d. Reduce zero-day attacks

d. *Reduce zero-day attacks* The goals of Network Access Control (NAC) include preventing/reducing zero-day attacks, enforcing security policy throughout the network, and using identities to perform access control.

* _______________ refers to any combination of hardware and software that enables remote users to access a local internal network.* a. Virtual LAN (VLAN) management b. Cloud computing c. Unified threat management (UTM) d. Remote access

d. *Remote access* Remote access refers to any combination of hardware and software that enables remote users to access a local internal network.

Network Security *What type of firewall systems are static in nature and cannot do anything other than what they have been expressly configured to do?* a. Application-based b. Authentication-based c. Role-based d. Rule-based

d. *Rule-based* Rule-based systems are static in nature and cannot do anything other than what they have been expressly configured to do.

Cryptography Basics *Which authorization protocol is generally compatible with TACACS?* a. LDAP b. RADIUS c. TACACS+ d. XTACACS

d. *XTACACS* The Extended Terminal Access Controller Access Control System (XTACACS) protocol is a proprietary form of the TACACS protocol developed by Cisco and is compatible in many cases. Neither LDAP nor RADIUS is affiliated with the TACACS protocol, making answers A and B incorrect. Answer C is incorrect because the newer TACACS+ is not backward compatible with its legacy equivalent.

Operating System and Application Security *Which of the following is a network protocol that supports file transfers and is a combination of RCP and SSH?* a. HTTPS b. FTPS c. SFTP d. SCP

d. *SCP* The Secure Copy Protocol (SCP) is a network protocol that supports file transfers. SCP is a combination of RCP and SSH. It uses the BSD RCP protocol tunneled through the Secure Shell (SSH) protocol to provide encryption and authentication. Answer A is incorrect because HTTPS is used for secured web-based communications. Answer B is incorrect. FTPS, also known as FTP Secure and FTP-SSL, is an FTP extension that adds support for TLS and SSL. Answer C is incorrect because SFTP, or secure FTP, is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network.

Operating System and Application Security *What is it known as when an attacker manipulates the database code to take advantage of a weakness in it?*

d. *SQL injection* SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.

*Which protocol is used for file transfers?* a. Internet Small Computer System Interface (iSCSI) b. Network Basic Input/Output System (NetBIOS) c. Secure Network Management Protocol (SNMP) d. Secure Copy Protocol (SCP)

d. *Secure Copy Protocol (SCP)* Secure Copy Protocol (SCP) is used for file transfers. SCP is an enhanced version of Remote Copy Protocol (RCP). SCP encrypts files and commands.

Disaster Recovery and Incident Response *What is another name for working copies?* a. Functional copies b. Running copies c. Operating copies d. Shadow copies

d. *Shadow copies* Working copies are also known as shadow copies.

Protecting Networks *Which of the following implies ignoring an attack and is a common response?*

d. *Shunning* Shunning, or ignoring an attack, is a common response.

Network Security *Which statement concerning signature-based monitoring is correct?* a. Signature-based monitoring is designed for detecting statistical anomalies. b. Signature-based monitoring uses an algorithm to determine if a threat exists. c. Signature-based monitoring operates by being adaptive and proactive. d. Signature-based monitoring looks for well-known patterns.

d. *Signature-based monitoring looks for well-known patterns.* A method for auditing usage is to examine network traffic, activity, transactions, or behavior and look for well-known patterns, much like antivirus scanning. This is known as signature-based monitoring because it compares activities against a predefined signature.

Wireless Networking Security *Which of the following is a primary vulnerability of a wireless environment?* a. Decryption software b. IP spoofing c. A gap in the WAP d. Site survey

d. *Site survey* A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect.

*If user awareness is overlooked, what attack is more likely to succeed?* a. Man-in-the-middle b. Reverse hash matching c. Physical intrusion d. Social engineering

d. *Social engineering* Social engineering is more likely to occur if users aren't properly trained to detect and prevent it. The lack of user awareness training won't have as much impact on man-in-the-middle, reverse hash-matching, or physical intrusion attacks.

*Which category of authentication includes your ATM card?* a. Something you are b. Something you do c. Somewhere you are d. Something you have

d. *Something you have* "Something you have" includes ATM cards, smart cards, and keys. "Somewhere you are" is a location, making answer C incorrect. Answers A and B are incorrect because both "something you are" and "something you do" are biometric measures present even without your ATM card.

Measuring and Weighing Risk *An executive from ABC Corp receives an email from a vice president of XYZ Corp, which is a prestigious partner organization of ABC Corp. This email was formatted using XYZ's corporate logo, images, and text from their website (checked by the executive before opening the included form). After clicking the provided link, the executive was asked to verify his credentials for access to a confidential report about ABC Corp, but after he filled out the form, the executive received only a referral to XYZ's site. What type of attack was used in this scenario?* a. Phishing b. Smishing c. Vishing d. Spear phishing

d. *Spear phishing* This is an example of a spear phishing attack, which uses fraudulent email to obtain access to data of value (here, the executive's credentials) from a targeted organization. Answer A is incorrect because while phishing attacks involve email, spear phishing attacks are targeted and customized to a selected target. The question's description of the images, links, and report all indicate a very targeted attack. Answer B is incorrect because smishing attacks are conducted using SMS messages. Answer C is similarly incorrect because vishing attacks employ telephone or VoIP audio communications.

*While performing regular security audits, you suspect that your company is under attack and someone is attempting to use resources on your network. The IP addresses in the log files belong to a trusted partner company, however. Assuming an attack, which of the following might be occurring?* a. Replay b. Authorization c. Social engineering d. Spoofing

d. *Spoofing* The most likely answer is spoofing because this enables an attacker to misrepresent the source of the requests. Answer A is incorrect because this type of attack records and replays previously sent valid messages. Answer B is incorrect because this is not a type of attack but is instead the granting of access rights based on authentication. Answer C is incorrect because social engineering involves nontechnical means of gaining information.

*Which of the following does not describe techniques for assessing threats and vulnerabilities?* a. Understanding attack surface b. Baseline reporting c. Reviews of architecture, design, and code d. System hardening

d. *System hardening* System hardening refers to reducing a system's security exposure and strengthening its defenses against unauthorized access attempts and other forms of malicious attention. Answers A, B, and C, in contrast, are specific techniques to assess for threats and vulnerabilities.

Threats and Vulnerabilities *A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use an IP address to replace another system in the network to gain access. Which type of attack is this?*

d. *TCP/IP hijacking* TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network.

Physical and Hardware-Based Security *You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you want to have the product certified. Which certification is used to indicate minimal electronic emissions?* a. EMI b. RFI c. CC EAL 4 d. TEMPEST

d. *TEMPEST* TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.

*When a vendor releases a patch, which of the following is the most important?* a. Installing the patch immediately b. Setting up automatic patch installation c. Allowing users to apply patches d. Testing the patch before implementation

d. *Testing the patch before implementation* It is most important to test patches before installing them onto production systems. Otherwise, business tasks can be interrupted if the patch does not perform as expected. Never rush to install a patch, if that means skipping testing. Do not automatically roll out patches; be sure to test them first. Do not give users the power to install patches; this should be managed by administrators.

*What is the advantage of using an access point's (AP's) power level control?* a. The power can be adjusted to "jam" frequencies of sniffers used by potential hackers. b. The power can be adjusted to provide a cleaner signal with less interference. c. The power can be adjusted so that more of the signal leaves the premises and reaches outsiders. d. The power can be adjusted so that less of the signal leaves the premises and reaches outsiders.

d. *The power can be adjusted so that less of the signal leaves the premises and reaches outsiders.* A security feature on some APs is the ability to adjust the level of power at which the WLAN transmits. On devices with that feature, the power can be adjusted so that less of the signal leaves the premises and reaches outsiders.

Cryptography Basics *Which of the following best describes the process of encrypting and decrypting data using an asymmetric encryption algorithm?* a. Only the public key is used to encrypt, and only the private key is used to decrypt. b. The public key is used to either encrypt or decrypt. c. Only the private key is used to encrypt, and only the public key is used to decrypt. d. The private key is used to decrypt data encrypted with the public key.

d. *The private key is used to decrypt data encrypted with the public key.* When encrypting and decrypting data using an asymmetric encryption algorithm, you use only the private key to decrypt data encrypted with the public key. Answers A and B are both incorrect because in public key encryption, if one key is used to encrypt, you can use the other to decrypt the data. Answer C is incorrect because the public key is not used to decrypt the same data it encrypted.

*Users received a spam email from an unknown source and chose the option in the email to unsubscribe and are now getting more spam as a result. Which one of the following is most likely the reason?* a. The unsubscribe option does not actually do anything. b. The unsubscribe request was never received. c. Spam filters were automatically turned off when making the selection to unsubscribe. d. They confirmed that their addresses are "live."

d. *They confirmed that their addresses are "live."* Often an option to opt out of further email does not unsubscribe users; instead it means, "send me more spam" because it has been confirmed that the email address is not dormant. This is less likely to occur with email a user receives that he or she opted into in the first place, however. Answers A, B, and C are incorrect because these are less likely and not the best choices.

Access Control and Identity Management *Which is the best rule-based access control constraint to protect against unauthorized access when admins are off-duty?* a. Least privilege b. Separation of duties c. Account expiration d. Time of day

d. *Time of day* Time-of-day rules prevent administrative access requests during off-hours when local admins and security professionals are not on duty. Answer A is incorrect because least privilege is a principle of assigning only those rights necessary to perform assigned tasks. Answer B is incorrect because separation of duties aids in identification of fraudulent or incorrect processes by ensuring that action and validation practices are performed separately. Answer C is incorrect because account expiration policies ensure that individual accounts do not remain active past their designated lifespan but do nothing to ensure protections are enabled during admin downtime.

Network Security *What is the role of a switch?* a. To inspect packets and either accept or deny entry b. To forward packets across different network computer networks c. To intercept user requests from the internal secure network and then process that request on behalf of the user d. To connect networks together so that they function as a single network segment

d. *To connect networks together so that they function as a single network segment* Early local area networks (LANs) used a hub, which is a standard network device for connecting multiple network devices together so that they function as a single network segment. A network switch is a device that connects network devices together. However, unlike a hub, a switch has a degree of "intelligence."

Network Security *What is the primary role of a firewall?* a. To forward packets across different network computer networks b. To intercept user requests from the internal secure network and then process that request on behalf of the user c. To connect networks together so that they function as a single network segment d. To inspect packets and either accept or deny entry

d. *To inspect packets and either accept or deny entry* Although a host-based application software firewall that runs as a program on one client is different from a hardware-based network firewall designed to protect an entire network, their functions are essentially the same: to inspect packets and either accept or deny entry.

*Several organizational users are experiencing network and Internet connectivity issues. Which of the following would be most helpful in troubleshooting where the connectivity problems might exist?* a. SSL b. IPsec c. SNMP d. Traceroute

d. *Traceroute* Traceroute uses an ICMP echo request packet to find the path between two addresses. Answer A is incorrect because SSL is a public key-based security protocol that is used by Internet services and clients for authentication, message integrity, and confidentiality. Answer B is incorrect because the Internet Protocol Security (IPsec) authentication and encapsulation standard is widely used to establish secure VPN communications. Answer C is incorrect because SNMP is an application layer protocol whose purpose is to collect statistics from TCP/IP devices. SNMP is used for monitoring the health of network equipment, computer equipment, and devices such as uninterruptible power supplies (UPSs).

What is another name for RAID 5?

disk striping with parity

Disaster Recovery and Incident Response *Which risk management response is being implemented when a company purchases insurance to protect against service outage?* a. Acceptance b. Avoidance c. Mitigation d. Transference

d. *Transference* The liability of risk is transferred through insurance policies. Answer A is incorrect because accepting a risk is to do nothing in response. Risk avoidance involves simply terminating the operation that produces the risk, making answer B incorrect. Answer C is not correct because mitigation applies a solution that results in a reduced level of risk or exposure.

Access Control and Identity Management *You have added a new child domain to your network. As a result of this, the child has adopted all the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this?*

d. *Transitive access* Transitive access exists between the domains and creates this relationship.

*_______________ is a cryptographic transport algorithm.* a. Secure Shell (SSH) b. Data Encryption Standard (DES) c. Advanced Encryption Standard (AES) d. Transport Layer Security (TLS)

d. *Transport Layer Security (TLS)* Transport Layer Security (TLS) is a cryptographic transport algorithm.

*What two encryption modes are supported by Internet Protocol Security (IPsec)?* a. Electronic code book (ECB) and cipher block chaining (CBC) b. Kerberos and Secure Shell (SSH) c. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) d. Transport and tunnel

d. *Transport and tunnel* IPsec supports two encryption modes: transport and tunnel.

Cryptography Implementation *Which of the following uses a secure crypto-processor to authenticate hardware devices such as a PC or laptop?* a. Public key infrastructure b. Full disk encryption c. File-level encryption d. Trusted Platform Module

d. *Trusted Platform Module* Trusted Platform Module (TPM) refers to a secure crypto-processor used to authenticate hardware devices such as a PC or laptop. The idea behind TPM is to allow any encryption-enabled application to take advantage of the chip. Answer A is incorrect because public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Answer B is incorrect because full-disk encryption involves encrypting the operating system partition on a computer and then booting and running with the system drive encrypted at all times. Answer C is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself.

Security-Related Policies and Procedures *Which of the following occurs under the security policy administered by a trusted security domain?* a. Positive inspection b. Confident poll c. Voucher session d. Trusted transaction

d. *Trusted transaction* A trusted transaction occurs under the security policy administered by a trusted security domain. Your organization may decide that it can serve as its own trusted security domain and that it can use third-party CAs, thus allowing for additional flexibility.

Educating and Protecting the User *When you combine phishing with Voice over IP, it is known as:*

d. *Vishing* Vishing involves combining phishing with Voice over IP.

Wireless Networking Security *Which of the following is a script language WAP-enabled devices can respond to?* a. WXML b. Winsock c. WIScript d. WMLScript

d. *WMLScript* WAP-enabled devices can respond to scripts using an environment called WMLScript.

Infrastructure and Connectivity *You want to implement a technology solution for a small organization that can function as a single point of policy control and management for access to Internet content. Which of the following should you choose?* a. Proxy gateway b. Circuit-level gateway c. Application-level gateway d. Web security gateway

d. *Web security gateway* Web security gateways offer a single point of policy control and management for web-based content access. Answer A is too generic to be a proper answer. Answer B is incorrect because a circuit-level gateway's decisions are based on source and destination addresses. Answer C is incorrect because an application-level gateway understands services and protocols.

*Which of the following best describes the difference between phishing and whaling?* a. They are the same. b. Whaling makes use of the voice channel, whereas phishing uses email. c. Whaling uses SMS, whereas phishing uses email. d. Whaling is similar to phishing but specifically targets high-profile individuals.

d. *Whaling is similar to phishing but specifically targets high-profile individuals.* Whaling specifically targets high-profile individuals. Phishing attempts to acquire sensitive information from anyone. Although they are very similar, they differ in the scope of the target, making answer A incorrect. Answer B is incorrect and refers to vishing, which is essentially phishing but using the phone. Answer C is incorrect as this describes smishing, which uses Short Message Service (SMS), or text messaging.

*When is business continuity needed?* a. When new software is distributed b. When business processes are interrupted c. When a user steals company data d. When business processes are threatened

d. *When business processes are threatened* Business continuity is used when business processes are threatened. Security policy is used when new software is distributed. Disaster recovery is used when business processes are interrupted. Incident response is used when a user steals company data.

Operating System and Application Security *An organization is looking to add a layer of security and maintain strict control over the apps employees are approved to use. Which of the following fulfills this requirement?* a. Blacklisting b. Encryption c. Lockout d. Whitelisting

d. *Whitelisting* Application whitelisting only permits known good apps. When security is a concern, whitelisting applications is a better option because it allows organizations to maintain strict control over the apps employees are approved to use. Answer A is incorrect because although blacklisting is an option, it is not as effective as whitelisting. Answer B is incorrect because encryption has nothing to do with restricting application usage. Answer C is incorrect because lockout has to do with number of times a user can enter a passcode.

Operating System and Application Security *Which of the following involves unauthorized commands coming from a trusted user to the website?*

d. *XSRF* XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge and employs some type of social networking to pull it off.

*A security _______________ log can provide details regarding requests for specific files on a system.* a. event b. administration c. audit d. access

d. *access* A security access log can provide details regarding requests for specific files on a system while an audit log is used to record which user performed an action and what that action was. System event logs document any unsuccessful events and the most significant successful events.

*Risk _______________ involves identifying the risk, but making a decision to not engage in the activity.* a. deterrence b. mitigation c. acceptance d. avoidance

d. *avoidance* Risk avoidance involves identifying the risk but making the decision to not engage in the activity.

*With _______________, the customer's data should be properly isolated from that of other customers, and the highest level of application availability and security must be maintained.* a. virtualization b. IP telephony c. Sandboxing d. cloud computing

d. *cloud computing* In cloud computing, the customer's data must be properly isolated from that of other customers, and the highest level of application availability and security must be maintained.

*Another name for layered security is _______________.* a. network separation b. VPN tunneling c. Unified threat management (UTM) d. defense in depth

d. *defense in depth* A basic level of security can be achieved through using the security features found in standard network hardware. And because networks typically contain multiple types of network hardware, this allows for layered security, also called defense in depth.

Security and Vulnerability in the Network *You want to implement MAC filtering on a small network but do not know the MAC address of a Windows-based workstation. Which command-line tool can you run on the workstation to find the MAC address?* a. ifconfig b. ifconfig /show c. ipconfig d. ipconfig /all

d. *ipconfig /all* The command ipconfig /all will show the MAC address as the physical address.

*With subnetting, rather than simply having networks and hosts, networks can effectively be divided into three parts: _______________.* a. network, subnet, and port b. port, subnet, and IP address c. network, port, and host d. network, subnet, and host

d. *network, subnet, and host* Improved addressing techniques introduced in 1985 allowed an IP address to be split anywhere within its 32 bits. This is known as subnetting or subnet addressing. Instead of just having networks and hosts, with subnetting, networks essentially can be divided into three parts: network, subnet, and host.

*The _______________ is the length of time it will take to recover the data that has been backed up.* a. mean time to recovery b. recovery point objective c. mean time to failure d. recovery time objective

d. *recovery time objective* The recovery time objective is the length of time it will take to recover the data that has been backed up.

Network Security *A(n) _______________ can block malicious content in real time as it appears.* a. uniform resource locator (URL) filter b. virtual private network (VPN) c. Internet content filter d. web security gateway

d. *web security gateway* A web security gateway can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).

*A(n) _______________ policy is one that defines the actions users may perform while accessing systems and networking equipment.* a. data acquisition b. privacy c. data storage d. acceptable use

d.* acceptable use* An Acceptable Use Policy (AUP) is a policy that defines the actions users may perform while accessing systems and networking equipment.

What are the three issues that symmetric data encryption fails to address?

data integrity, repudiation, scalable key distribution

Which type of key management does Encryption File System (EFS) use: centralized or decentralized?

decentralized

What is another term used for layered security?

defense in depth

What is the name of the area that connects to a firewall and offers services to untrusted networks?

demilitarized zone (DMZ)

Are cameras and IDSs considered to be mitigation or prevention controls?

deterrence controls

What are flood guards?

devices that protect against Denial of Service (DoS) attacks

Which type of attack searches long lists of words for a particular language to match them to an encrypted password?

dictionary attack

Which document lists the steps to take in case of a disaster to your main IT site?

disaster recovery plan (DRP)

What is the opposite of confidentiality?

disclosure

What does the acronym DAC denote?

discretionary access control

What is another name for RAID 1?

disk mirroring

What is another name for RAID 0?

disk striping

Which type of virus can change its signature to avoid detection?

polymorphic

Which port number does NTP use?

port 123

Which port number does SSH use?

port 22

Which port number is used by SSH, SCP, and SFTP?

port 22

Which port should you block at your network firewall to prevent Telnet access?

port 23

Which firewall port should you enable to allow SMTP traffic to flow through the firewall?

port 25

Which port is used for LDAP authentication?

port 389

Which port number does LDAP use when communications are NOT secured using SSL/TLS?

port 389

Which TCP port number does Secure Sockets Layer (SSL) use?

port 443

Which port number does DNS use?

port 53

Which port number does LDAP use for communications encrypted using SSL/TLS?

port 636

Which port number does DHCP use?

port 67

Which port number does HTTP use?

port 80

Which port numbers are used by NetBIOS?

ports 137-139

Which two ports does FTP use?

ports 20 and 21

Are guards and IPSs considered to be mitigation or prevention controls?

prevention controls

What can you do to ensure that staff understands which data they are handling?

proper labeling

In asymmetric encryption for a digital signature, which key is used for encryption: public or private?

public

Which key is used to decrypt a digital signature: public or private?

public

Certificate enrollment procedures typically require a user to provide proof of identify and which other item to a certification authority (CA)?

public key

What does the acronym PKI denote?

public key infrastructure

What are the four types of cloud computing based on management type?

public, private, hybrid, and community

Which cryptography technique is based on a combination of two keys: a secret (private) key and a public key?

public-key cryptography

Which type of risk analysis is based on the expert judgment and intuition of members of an organization?

qualitative risk analysis

Which technique attempts to predict the likelihood that a threat will occur and assigns monetary values in the event a loss occurs?

quantitative risk analysis

Which type of cryptography relies more on physics, rather than mathematics, as a key aspect of its security model?

quantum cryptography

According to CompTIA's Security+ examination blueprint, what are the three listed controls to provide availability?

redundancy, fault tolerance, and patching

Which type of attack does Challenge Handshake Authentication Protocol (CHAP) protect against?

replay

You are an IT consultant. You are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets pu and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. • The office manager informs pu that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. • She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. • You notice that the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. • You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.) ☐ Use separate dedicated network perimeter security devices instead of an all-in-one device ☐ Replace the key lock on the server closet with a card reader ☐ Replace the LISB hard disks used for server backups with a tape drive ☐ Control access to the work area with locking doors and card readers ☐ Relocate the switch to the locked server closet

☐ Control access to the work area with locking doors and card readers ☐ Relocate the switch to the locked server closet

Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry'? (Select two.) ☐ Double-entry door ☐ Turnstile ☐ PTZ CCTV ☐ Anti-passback system ☐ Mantrap

☐ Double-entry door ☐ Turnstile

Which of the following are solutions that address physical security? (Select two.) ☐ Implement complex passwords ☐ Escort visitors at all times ☐ Require identification and name badges for all employees ☐ Scan all floppy disks before use ☐ Disable guest accounts on computers

☐ Escort visitors at all times ☐ Require identification and name badges for all employees

Your networking closet contains your network routers, switches, bridges, and some servers. You want to make sure an attacker is not able to gain physical access to the equipment in the networking closet and prevent anyone from reconfiguring the network to set up remote access or backdoor access. Which of the following measures are the best way to secure your networking equipment from unauthorized physical access? (Select two. Each measure is part of a complete solution.) ☐ Place your networking equipment in a Faraday cage. ☐ Place your networking equipment in a locked cage. ☐ Place your networking equipment in a Van Eck cage. ☐ Place your networking equipment in a room that requires key card entry. ☐ Place your networking equipment in a TEMPEST cage.

☐ Place your networking equipment in a locked cage. ☐ Place your networking equipment in a room that requires key card entry.

Beside protecting a computer from under voltages, a typical UPS also performs which two actions? ☐ Prevents electric shock ☐ Prevents ESD ☐ Protects from over voltages ☐ Conditions the power signal

☐ Protects from over voltages ☐ Conditions the power signal

A Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.) ☐ Clear and detailed descriptions of penalties if the level of service is not provided. ☐ Employee vetting procedures that don't apply to contract labor. ☐ Detailed provider responsibilities for all continuity and disaster recovery mechanisms. ☐ Industry standard templates for all SLAS to ensure corporate compliance.

☑ Clear and detailed descriptions of penalties if the level of service is not provided. ☑ Detailed provider responsibilities for all continuity and disaster recovery mechanisms.

Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.) ☐ Negotiate the BP● agreement ☐ Draft an MOU document ☐ Disable user and groups accounts used by the partner organization to access your organization's data ☐ Conduct periodic vulnerability assessments ☐ Verify compliance with the IA documents

☑ Conduct periodic vulnerability assessments ☑ Verify compliance with the IA documents

Which of the following statements is true regarding risk analysis? (Select two.) ☐ Don't implement a countermeasure if the cost is greater than loss. ☐ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year. ☐ Exposure factor is the percent of the asset lost from an unsuccessful threat attack. ☐ The value of an asset is the worth of a resource to the organization excluding qualitative values.

☑ Don't implement a countermeasure if the cost is greater than loss. ☑ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year.

Which of the following are examples of social engineering? (Select two.) ☐ War dialing ☐ Dumpster diving ☐ Port scanning ☐ Shoulder surfing

☑ Dumpster diving ☑ Shoulder surfing

How can an organization help prevent social engineering attacks? (Select two.) ☐ Educate employees on the risks and countermeasures. ☐ Close all unneeded ports on firewalls. ☐ Publish and enforce clearly-written security policies. ☐ Implement IPsec on all critical systems.

☑ Educate employees on the risks and countermeasures. ☑ Publish and enforce clearly-written security policies.

You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, identifying ways to protect the network. Which tasks should you complete as a pan of this milestone? (Select two.) ☐ Create an approved application list for each network device ☐ Identify and document each user on the network ☐ Physically secure high-value systems ☐ Set account expiration dates ☐ Apply critical patches whenever they are released

☑ Identify and document each user on the network ☑ Physically secure high-value systems

Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established beüveen your domain and their domain. This configuration will allow users In their domain to access resources in your domain and vice versa. As a security' administrator, which tasks should pu complete during this phase? (Select two.) ☐ Identify how data will be shared. ☐ Verify compliance with the IA documents. ☐ Identify how data ownership will be determined. ☐ Conduct security audits on the partner organization. ☐ Reset all passwords used by the third party to access data or applications on your network.

☑ Identify how data will be shared. ☑ Identify how data ownership will be determined.

Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (Select two. Each response is a separate solution.) ☐ Configure a Group Policy object (GPO) containing mobile device-specific security settings. ☐ Join the devices to your organization's domain. ☐ Install the devices in your organization's directory services tree. ☐ Implement storage segmentation. ☐ Enable device encryption.

☑ Implement storage segmentation. ☑ Enable device encryption

Which of the following are typically associated with human resource security policies? (Select two.) ☐ Termination ☐ Background checks ☐ Change management ☐ Password policies ☐ SLA

☑ Termination ☑ Background checks


Related study sets

Varcarolis: Chapter 13 - Bipolar and Related Disorders

View Set

ATI Chapter 7 :Nutrition across the lifespan

View Set

International Economics and Finance

View Set

DhomesB CCNA Networking 1 Final Exam 2013-2014

View Set

ME 26532 exam 3- drilling and related processes

View Set