1-50

Question 1

Why would a security administrator use a vulnerability scanner? (Select the best answer.)

Answer 1

To find open ports on a server

Question 2

You work for a company that requires a user’s credentials to include providing something they know and something they are. Which of the following types of authentication is being described?

Answer 2

Multi factor

Question 3

Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address?

Answer 3

ACL

Question 4

Which of the following would be the BEST choice for the technicians?

Answer 4

Vulnerability scanner

Question 5

Which of the following tools uses ICMP as its main underlying protocol?

Answer 5

Ping scanner

Question 6

Which of the following is the final step a user needs to take before that user can access domain resources?

Answer 6

Authentication

Question 7

Of the following, which is the best way for a person to find out what security holes exist on the network?

Answer 7

Perform a vulnerability assessment

Question 8

Which of the following penetration testing concepts is being used when an attacker uses public Internet databases to enumerate and learn more about a target?

Answer 8

Reconnaissance

Question 9

After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?

Answer 9

Examine the services and/or processes that use those ports.

Question 10

Your company has hired an outside security firm to perform various tests on your network, specifically vulnerability scans. During this vulnerability scan, you provided the company with a set of usernames and passwords for various systems (database server, application server, web server) to assist in their scan. What best describes what is happening?

Answer 10

Credentialed scan

Question 11

An advanced form of phishing in which the connection between the IP address and its target server is redirected

Answer 11

Pharming

Question 12

Which of the following has cross-platform support and is used for remote access into a network?

Answer 12

RADIUS

Question 13

Cheyenne is doing a penetration test for a client’s network and is currently gathering information from sources such as archive.org, netcraft.com, social media, and other information websites. What stage has just been described?

Answer 13

Passive reconnaissance

Question 14

Of the following principles, which one can be used for a means of two(multi)-factor authentication?

Answer 14

IRIS SCAN AND PASSWORD

Question 15

Shannon works for a security company that performs pen tests for clients. She’s currently conducting a test of an e-commerce company and discovers that after compromising the web server, she can use the web server to launch a second attack into the company’s internal network. What type of attack is this considered?

Answer 15

Pivot

Question 16

A collection of information that defines or describes the user and his or her interests.

Answer 16

Profile

Question 17

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?

Answer 17

Enforce authentication for network devices

Question 18

The web server administrator at your e-commerce company is concerned about someone using netcat to connect to the company web server to retrieve detailed information. What best describes this concern?

Answer 18

Banner grabbing

Question 19

Which authentication mechanism performs better in a secured environment?

Answer 19

TACACS+ because it encrypts client-server negotiation dialogues.

Question 20

Derrick is a security administrator for a medium-sized mortgage company. He needs to verify that the network is using the most secure login/authentication scheme possible. Which of the following options is the best choice for that?

Answer 20

Multifactor authentication

Question 21

Which type of vulnerability assessments software can check for weak passwords on the network?

Answer 21

password cracker

Question 22

What are the two items needed before a user can be given access to the network?

Answer 22

Identification and authentication

Question 23

The most secure method of authentication and authorization in its default form is ______

Answer 23

Kerberos

Question 24

Security program manager wanted to conduct active testing in the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

Answer 24

Penetration testing

Question 25

An in-house penetration tester uses a packet capturing device that listens on network communications. This is an example of:

Answer 25

Passive reconnaissance

Question 25

What can attackers accomplish using malicious port scanning?

Answer 25

Topology of the network

Question 26

An organization requires users to provide their fingerprints in accessing a software application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?

Answer 26

Require a palm geometry scan

Question 27

Which of the following is NOT a physical method of conducting Identity theft

Answer 27

Phishing

Question 28

Which of the following is a vulnerability assessment tool?

Answer 28

Nessus

Question 29

To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this?

Answer 29

Multifactor

Question 30

Which of the following would fall into the category of something a person is?

Answer 30

Fingerprints

Question 31

A black hat hacker enumerates a network and wanted to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

Answer 31

The vulnerability scanner is performing in network sniffer mode.

Question 32

Which of the following is the verification of a person’s identity?

Answer 32

Authentication

Question 33

What is the main purpose of a physical access log?

Answer 33

To show who entered the facility

Question 34

You have been tasked with running a penetration test on a server. You have been given limited knowledge about the inner workings of the server. What kind of test will you be performing?

Answer 34

Gray-box

Question 35

Which of the following methods can be used by a security administrator to recover a user’s forgotten password from a password-protected file?

Answer 35

Brute-force

Question 36

Which of the following is an example of two-factor authentication?

Answer 36

Thumbprint and key card

Question 37

An employer requires employees to use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as:

Answer 37

Something you have

Question 38

A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the following techniques would BEST describe the approach the analyst has taken?

Answer 38

Passive vulnerability scanning

Question 39

Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool?

Answer 39

Exploit framework

Question 40

Which of the following about authentication is false?

Answer 40

MS-CHAPv2 is not capable of mutual authentication of the client and server.

Question 41

Frank is concerned that confidential documents, with proprietary information, may be leaked. The leaks could either be intentional or accidental, but he is looking for a solution that would embed some identifying information into documents in a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet these needs?

Answer 41

Steganography

Question 42

You’ve been asked to conduct a penetration test for a small company and for the test, you were only given a company name, the domain name of their website, and the IP address of their gateway router. What describes the type of test?

Answer 42

Blackbox

Question 43

Jeff is the network administrator and sometimes needs to run a packet sniffer so he can view the network traffic. He would like to find a well-known packet sniffer that works on Linux. Which of the following is the best choice?

Answer 43

tcpdump

Question 44

Which of the following is not a common criteria when authenticating users?

Answer 44

Something you like

Question 45

A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos?

Answer 45

It uses tickets to identify authenticated users

Question 46

An auditor identifies an access control system that incorrectly accept an access attempt from an unauthorized user. Which of the following authentication systems has the auditor reviewed?

Answer 46

Biometric-based

Question 47

You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance?

Answer 47

Network mapper

Question 48

Which of the following is an authentication and accounting service that uses TCP as its transport mechanism when connecting to routers and switches?

Answer 48

TACACS+

Question 49

Which of the following is NOT a threat that users face on social networking sites?

Answer 49

Site flaws