Book Tests

Question 1

the greatest danger from leaving default username and passwords on devices is from ___ attacks

Answer 1

automated

Question 2

in order to hijack a domain, the following generally needs to occur

Answer 2

the registration needs to lapse

Question 3

when typing a url into a browser takes you to the wrong site, but typing the IP address doesn’t, then it is a case of ___

Answer 3

DNS poisoning

Question 4

a Pixie Dust attack requires ___ to be enabled on the wireless network

Answer 4

WPS

Question 5

a ___ scan reveals system sprawl and undocumented devices

Answer 5

arp (or Discovery on IPv6)

Question 6

passive attack tools are defined as tools that will not ___

Answer 6

engage the system, or alert the target’s systems in any way

Question 7

use ___ to guard against a DNS poisoning attack

Answer 7

DNSSEC

Question 8

If a public DNS server is being used in an amplification attack, disable ___ in the server to stop it

Answer 8

Open Resolution

Question 9

a ___ attack forces a process to load unauthorized code from a dynamically linked library

Answer 9

DLL injection

Question 10

an ___ is the most sophisticated threat agent

Answer 10

Advanced Persistent Threat (APT)

Question 11

to protect against ___ attacks, disable browser extensions

Answer 11

man in the browser

Question 12

a ___ will usually eliminate vulnerability to SQL injections

Answer 12

Web Application Firewall (WAF)

Question 13

self-signed certificates can be OK to use for ___

Answer 13

internal use

Question 14

ASLR is a security technique that

Answer 14

randomizes the location of objects in memory (Address Space Layout Randomization)

Question 15

another term for deauthentication attacks is ___

Answer 15

disassociation attacks

Question 16

in a ___ spoofing attack, a local switch is fooled into directing reply traffic back to the spoofer

Answer 16

MAC

Question 17

passive reconnaissance for pen testing can be accomplished with [nmap; Nessus; Metasploit; Aircrack]

Answer 17

Aircrack -ng

Question 18

public certificates that can be shared are files that have the extension ___

Answer 18

.CRT

Question 19

while rainbow tables are good at cracking complex passwords, if the password is ___ they are much less effective

Answer 19

salted

Question 20

after a ___ attack, the attacker can typically execute any commands they wish

Answer 20

buffer overflow

Question 21

checking the “Enable Safe Checks” on a vulnerability scanner means the scanner ___

Answer 21

will only use non-intrusive plugins

Question 22

___ prevent the system from executing unauthorized code

Answer 22

Host intrusion prevention systems (HIPS)

Question 23

ARP poisoning works by broadcasting a false ___, meaning the attacker must have access to the ___

Answer 23

MAC address; LAN

Question 24

when an attacker uses a foothold in one system to access another system, this is called a ___

Answer 24

pivot

Question 25

when a system works fine for awhile, then slows down until it is rebooted this is a symptom of a ___

Answer 25

memory leak

Question 26

a Pass the Hash attack is only effective against a ___ server running ___

Answer 26

windows; NTLM

Question 27

to improve the quality (and decrease false positives) of vulnerability scans, use ___ scanning

Answer 27

credentialed

Question 28

an attack that exploits a ___ uses the timing of commands, lie the lag between Time of Check (TOC) and Time of Use (TOU)

Answer 28

Race Condition

Question 29

a WiFi ___ is designed to carry out a rouge AP (access point) attack

Answer 29

Pineapple

Question 30

a ___ is malware that spreads on it’s own power

Answer 30

worm

Question 31

a misconfigured ___ could stop everyone on a network from accessing certain websites

Answer 31

content filter

Question 32

a ___ can check the health of computers on a network without leaving permanent software on the machines

Answer 32

Dissolvable Network Admission Control (NAC)

Question 33

an LDAP entry contains __ for domain information, ___ to identify the name and ___ to identify the organization

Answer 33

DC (Domain Component); CN (Common Name); OU (Organizational Unit)

Question 34

Addresses in the range 169.254.0.0/16 are assigned by the ___ protocol when a system is unable to receive an address via other means.

Answer 34

Automatic Private IP Assignment (APIPA)

Question 35

___ queries a service for header information provided to clients. This information often includes the specific service running on a port as well as version information.

Answer 35

Banner grabbing

Question 36

___ restricts the number of unique MAC addresses that may originate from a single switch port.

Answer 36

Port security

Question 37

___ indicates that a device is capable of acting as a host server for other devices, such as cameras, flash drives, or peripherals

Answer 37

USB on-the-go (USB OTG)

Question 38

tracert uses ___ transport protocols by default

Answer 38

UDP

Question 39

VPN connections established in ___ mode encrypt the payload of data packets, but do not provide encryption for packet headers

Answer 39

transport

Question 40

Android applications must be in ___ format to sideload onto a device

Answer 40

Android Application Package (APK)

Question 41

Encrypted LDAPS sessions use TCP port ___

Answer 41

636

Question 42

The ___ protocol supports only authentication and integrity for IPsec connections. The ___ protocol supports confidentiality, integrity, and authentication

Answer 42

Authentication Headers (AH); Encapsulating Security Payload (ESP)

Question 43

The ___ performs clock synchronization across devices

Answer 43

Network Time Protocol (NTP)

Question 44

___ would limit the applications that users may install on mobile devices but would not provide for storage segmentation

Answer 44

Application control

Question 45

When measuring RSSI, the network with the strongest signal is the one with the ___ value

Answer 45

highest

Question 46

___ NAC leaves software running on the endpoint that may remain in constant contact with the NAC solution.

Answer 46

Agent-Based

Question 47

the command ___ is used to capture network traffic

Answer 47

tcpdump

Question 48

the command ___ is used to scan network ports

Answer 48

nmap

Question 49

the command ___ is used to redirect data to a network connection

Answer 49

netcat

Question 50

___ storage devices allow the writing of data in a permanent fashion where modification is impossible

Answer 50

Write once, read many (WORM)

Question 51

a ___ can be used to cheaply and easily restrict network access to a small number of devices

Answer 51

Preshared Key (PSK)

Question 52

IPsec ___ mode is primarily used for site-to-site connections, ___ mode is normally used for connections involving endpoint devices

Answer 52

Tunnel; Transport

Question 53

When registering DNS entries for a load balanced service, administrators should assign the entry to ___

Answer 53

a virtual IP address that maps to the public interface of the load balancer

Question 54

S/MIME provides ___, ___ and ___ for email attachments

Answer 54

confidentiality; integrity; non-repudiation

Question 55

SNMP versions prior to ___ did not provide secure authentication due to their use of plaintext community strings

Answer 55

v3

Question 56

when using mobile devices for multi-factor authentication, use ___ to send notices

Answer 56

push notification

Question 57

Microsoft ___ VPN automatically triggers VPN connections based upon security policies

Answer 57

Always On

Question 58

___ requires the explicit marking of memory regions as executable, preventing malicious attacks that seek to execute code out of other regions of memory

Answer 58

Data execution prevention (DEP)

Question 59

The most common false positive report for application whitelisting results from ___

Answer 59

an unexpected update from the software vendor that changes the signature of the application

Question 60

___ are traditional firewalls with advanced capabilities, including defense against application-layer attacks, such as SQL injection

Answer 60

Next generation firewalls (NGFW)

Question 61

___ services are a form of threat intelligence that provide organizations with a frequently updated list of known malicious IP addresses that can be automatically blocked at the firewall

Answer 61

IP reputation

Question 62

___ allow the automated modification of access point settings to adapt to the changing radio frequency environment

Answer 62

Wireless (WiFi) controllers

Question 63

___ environments allow employees to access a remote desktop computing environment and work within that environment without transferring data to the device used to access the desktop

Answer 63

Virtual Desktop Infrastructure (VDI)

Question 64

TLS VPNs typically use port ___, which is commonly allowed full outbound access through firewalls

Answer 64

443

Question 65

In a type ___ hypervisor, the hypervisor runs directly on the system hardware, eliminating the need for an underlying operating system and reducing the environment’s attack surface. Type ___ hypervisors require the use of a host operating system

Answer 65

1; 2

Question 66

the American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRE) recommends that data centers maintain temperatures within the range of ___ degrees Fahrenheit and keep relative humidity between ___

Answer 66

64.4 and 80.6; 8% and 80%

Question 67

Input validation should always be performed on the ___

Answer 67

web server

Question 68

use a network ___ to create a monitor port that allows the intrusion detection system to see all network traffic

Answer 68

terminal access point (TAP)

Question 69

Tripwire is a ___ that is also able to perform system configuration monitoring

Answer 69

file integrity monitoring solution

Question 70

Snort is an ___ system

Answer 70

intrusion detection and prevention

Question 71

Standard ACLs are able to filter traffic based only upon ___ but Extended ACLs can filter based upon the ___ as well

Answer 71

source address; destination address

Question 72

___ is commonly used to escape a SQL query for injection and should be carefully handled during input validation

Answer 72

single quotation mark (‘)

Question 73

___ characters are used in cross-site scripting (XSS) injections

Answer 73

greater-than and less-than (< >)

Question 74

ARP is used for ___ lookups

Answer 74

MAC address

Question 75

All organizations involved in the processing of credit card transactions are contractually obligated to comply with the ___

Answer 75

Payment Card Industry Data Security Standard (PCI DSS)

Question 76

Most security professionals consider ___ feet to be the minimum height for a fence protecting critical assets

Answer 76

eight

Question 77

The ___ lays out the requirements for an operating system to be certified by the government as a Trusted Operating System

Answer 77

Common Criteria

Question 78

___ VPNs are unique because they rely upon the same Transport Layer Security protocol used by HTTPS connections. Because of this, most customer networks will allow the access by default

Answer 78

TLS

Question 79

Kiosk computers and even multifunction printers may be running standard operating systems, but ___ devices won’t have enough memory to do so

Answer 79

Internet of things (IoT)

Question 80

___ static code analysis traces variables that may contain user input and ensures that they are sanitized before being used by a potentially vulnerable function

Answer 80

Taint

Question 81

The ___ is a modern tool designed to assess compliance with security baselines

Answer 81

Microsoft Security Compliance Toolkit (SCT)

Question 82

when digitally signing code you have developed, use the ___ key

Answer 82

private key of you or your company

Question 83

the best measure of a biometric system’s accuracy is where the ___ (type 1) and ___ type 2 cross, called the ___

Answer 83

FRR (false rejection rate); FAR (false acceptance rate); CER (crossover equal rate)

Question 84

___ testing specifically evaluates the performance of applications in response to mutated input combinations

Answer 84

Fuzz

Question 85

Windows ___ allows administrators to easily determine the patch level of multiple systems

Answer 85

System Center Configuration Manager (SCCM)

Question 86

Mac OS X uses ___ for all applications installed through the App Store

Answer 86

sandboxing

Question 87

TCP wrappers is a ___ technology

Answer 87

firewall

Question 88

OAuth is commonly used to provide API-based ___ for web applications, OpenID consumer-grade implementations, and SAML for enterprise-grade

Answer 88

single sign-on (SSO)

Question 89

___ accounts are used to provide applications with access to resources necessary for the provision of their services

Answer 89

Service

Question 90

The two main technologies used to generate one-time passwords are the ___ algorithm (generated sequentially and do not expire until use) and the ___ algorithm (based upon the time of authentication and expire frequently)

Answer 90

HMAC-based One Time Password (HOTP); Time-based One Time Password (TOTP)

Question 91

When a user presents a digital certificate for authentication purposes, the primary purpose of that certificate is to provide a signed copy of the user’s ___

Answer 91

public key

Question 92

a website would like to access information in Taylor’s Google account. ___ is the account/resource owner

Answer 92

Taylor

Question 93

The PIV ___ is used to verify that the PIV credential was issued by an authorized entity, has not expired, has not been revoked, and holder of the credential (YOU) is the same individual it was issued to

Answer 93

authentication certificate

Question 94

NIST’s digital identity security guidelines suggest that organizations set a minimum password length of ___ characters for passwords that are memorized by the user

Answer 94

8

Question 95

The ___ command computes and displays Resultant Set of Policy (RSoP) information for a remote user and computer. This allows administrators to determine the end result of a set of policies applied to a user account

Answer 95

gpresult

Question 96

___ is an open-source federated identity management solution that is most commonly used in academic institutions

Answer 96

Shibboleth

Question 97

oAuth and OpenID Connect are broadly used solutions for ___ authentication

Answer 97

web-based

Question 98

Group Policy Objects are processed in the following order: ___ policies are processed first, followed by ___ GPOs, ___ GPOs, and ___ GPOs

Answer 98

local; site; domain; Organizational Unit (OU)

Question 99

___ allows the system owner to set authorization based upon security labels (MAC)

Answer 99

Security-enhanced Linux (SELinux)

Question 100

In 802.1x authentication, the end user’s system contains a component called the ___ that initiates the authentication process. The supplicant connects to the authenticator, normally a network switch or wireless access point, that then reaches out to an ___ to confirm the user’s identity

Answer 100

supplicant; authentication server

Question 101

Using the ___ authentication mode ties database accounts to domain user accounts and provides the greatest level of assurance that user accounts will be promptly disabled

Answer 101

Windows

Question 102

In a federated authentication system, a ___ trust is required if there are three or more domains

Answer 102

transitive

Question 103

In SAML authentication the ___ is the principal. The ___ is the service provider and the ___ is the identity provider

Answer 103

user requesting authentication; organization providing the request service; organization providing the login account

Question 104

802.1x authentication is normally carried out using a ___ protocol

Answer 104

RADIUS

Question 105

Best practices in authentication security dictate that user accounts should be subject to ___ after failed login attempts

Answer 105

an exponentially increasing login delay

Question 106

___ is an authentication protocol built directly on top of the oAuth 2.0 framework

Answer 106

OpenID connect

Question 107

In 802.1x authentication, the supplicant connects to the authenticator, normally a ___, that then reaches out to an authentication server to confirm the user’s identity

Answer 107

network switch or wireless access point

Question 108

The Health Insurance Portability and Accountability Act (HIPAA) contains security and privacy provisions covering ___

Answer 108

protected health information (PHI)

Question 109

Wireless access points are generally not configured to log ___. They typically record only diagnostic information

Answer 109

network traffic

Question 110

a database of customer spending habits fits into the category of ___ (PII/PHI/PCI)

Answer 110

personally identifiable information (PII)

Question 111

A ___ is the standard document used to document the need for a change, the test plan, implementation plan, and rollback procedure.

Answer 111

request for change (RFC)

Question 112

The best place to track the status of all risks facing an organization is in a formal ___

Answer 112

risk register

Question 113

___ are components of Microsoft Windows that add support for specific encryption algorithms

Answer 113

Cryptographic Service Providers (CSPs)

Question 114

The purpose of a digital certificate is to share a public key freely with the world. Therefore, the public key is ___

Answer 114

not encrypted at all - it is freely given to anyone who receives the certificate

Question 115

In the process of creating a digital certificate, the requester ___

Answer 115

creates a certificate signing request (CSR) on the device that will receive the certificate and then sends this CSR to the CA for use in creating the certificate

Question 116

___ is a strong, modern approach to key exchange

Answer 116

The Elliptic Curve Diffie Hellman algorithm (ECDHE)

Question 117

The SHA-3 algorithm differs from earlier versions of SHA in that it ___

Answer 117

supports an arbitrary message digest length

Question 118

If you need to incorporate cryptography in an application, it is generally best to get your module from ___

Answer 118

Open source

Question 119

The Advanced Encryption Standard uses a ___ fixed block size

Answer 119

128-bit

Question 120

Diffie-Hellman group ___ uses a strong 256-bit elliptic curve key and is a very strong option

Answer 120

19

Question 121

WPA2 uses the ___ to provide enhanced security using AES

Answer 121

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Question 122

The most commonly used message digest length in the RIPEMD algorithm is ___

Answer 122

160-bit

Question 123

___ certificates are the most difficult for a website to obtain but provide the highest degree of trust to end users

Answer 123

Extended validation (EV)

Question 124

3DES encryption uses ___ keys

Answer 124

symmetric

Question 125

The Tor network uses ___ secrecy to allow the relay nodes to forward communications to their end destination without knowing the identity of the sender or the receiver of the message

Answer 125

perfect forward

Question 126

When a user or browser wishes to verify a digital certificate, it does so by validating the digital signature using the ___ key

Answer 126

CA’s public

Question 127

In an 802.1x wireless network, the ___ typically serves as the 802.1x client

Answer 127

wireless access point or wireless controller

Question 128

The purpose of a digital certificate is to share a ___ key. A browser will extract this key from the certificate and use it to send the server an ___ key to use for the remainder of the session

Answer 128

web server’s public; ephemeral session

Question 129

What encryption key length is used by the original Data Encryption Standard (DES)?

Answer 129

56

Question 130

Most hash algorithms do not have message authentication, but the ___ algorithm supports both message integrity and authenticity.

Answer 130

hash-based message authentication code (HMAC)

Question 131

The 802.1x protocol is an authentication protocol that is specifically designed to provide ___ as well as authentication for wireless networks

Answer 131

port-based authentication for wired networks

Question 132

The ___ authentication protocol does not provide encryption capability and, therefore, must be run within a communications channel protected by other means

Answer 132

EAP

Question 133

The two main properties of any cryptographic cipher are confusion and diffusion. Confusion ensures that ___, while diffusion ___

Answer 133

the relationship between the cryptographic key is extremely complex; takes any statistical patterns found in the plaintext and prevents them from appearing in the ciphertext

Question 134

a ___ product combines the benefits of a firewall, content filter and intrusion detection, though not at high performance levels

Answer 134

Unified Threat Management (UTM)

Question 135

The U.S. federal government’s Digital Signature Standard (DSS) endorses the use of the ___ (algorithm) for the creation of digital signatures

Answer 135

Digital Signature Algorithm (DSA)

Question 136

___ is a key stretching algorithm that is both memory-hardened and CPU-hardened

Answer 136

Bcrypt

Question 137

The SIEM correlation engine should be placed ___

Answer 137

on the internal network where it is not exposed to external traffic

Question 138

All DNSSEC implementations must support the ___ cipher suite to maintain compatibility between systems

Answer 138

RSA/SHA-1

Question 139

___ is an attack using a technique to manipulate device drivers

Answer 139

Shimming

Question 140

in a ___ the attacker executes a request against a third-party website by taking advantage of the fact that the user already has an established session with that site

Answer 140

cross-site request forgery (XSRF) attack

Question 141

a forward proxy is on the same network as the ___, while a reverse proxy is on the same network as the ___

Answer 141

user; web server

Question 142

Network access control lists are examples of ___-based access control because the router will make decisions based upon the ___ provided

Answer 142

rule; rules

Question 143

The most appropriate tool to perform error handling is the use of the ___ construct

Answer 143

try…catch

Question 144

In order for an ARP spoofing attack to be successful, the attacker and victim must be ___

Answer 144

attached to the same switch, although they do not need to be sharing the same switch port

Question 145

an ___ attack requires poisoning the MAC address table either on an individual host or on the switch used by the victim

Answer 145

ARP spoofing

Question 146

The ___ algorithm is cryptographically broken and should never be used for secure applications, such as creating a digital signature

Answer 146

MD5

Question 147

The Bcrypt algorithm relies upon the ___ cipher to perform key stretching of passwords

Answer 147

Blowfish

Question 148

Amazon’s ___ service is a serverless computing platform offered to customers on a platform-as-a-service (PaaS) basis

Answer 148

Lambda

Question 149

if you want to allow internet users to email you at an email server on your LAN, then you must allow ___ traffic past your firewall

Answer 149

SMTP

Question 150

When using two-factor identification, a RADIUS server may respond to the client’s request with an ___ message asking for additional authentication

Answer 150

Access-Challenge

Question 151

Router access control lists are only capable of performing ___ filtering, which does not take connection status into account

Answer 151

stateless

Question 152

In a pass-the-hash attack, the attacker must gain access to hashed Windows account passwords. This is possible by gaining access to a Windows ___

Answer 152

workstation where the target user logs into his or her domain account

Question 153

The ___ is responsible for overseeing the audits of financial institutions and produces a series of information security standards that apply to those institutions

Answer 153

Federal Financial Institutions Examination Council (FFIEC)

Question 154

___ is a windows based authentication system no longer recommended because it relies on either the MD4 or MD5 Hash algorithms

Answer 154

NTLM

Question 155

individuals who are charged with the safekeeping of information under the guidance of the data owner are data ___

Answer 155

custodians

Question 156

When a Kerberos client requests a session key, the client creates an authenticator consisting of the client’s ID and a timestamp, which is encrypted with the TGS session key obtained from the ___

Answer 156

authentication server