CompTIA Security (Plus)

Question 1

90
The first and most critical step of auditing is:

A. to audit all user activity

B. to ensure the correct things are being audited

C. to review audit data on a periodic basis

D. to back up audit logs to remote systems in case of system compromise

Answer 1

B.

the first and most critical step of auditing is to ensure the correct things are being audited.

Question 2

47
The term "Open Relay" refers to what? 
A. HTTP Servers 
B. FTP Servers 
C. Email Servers 
D. Application Servers

Answer 2

C: Open Relay, also known as Open Mail Relay, refers to allowing to send mail through a mail server. This is the source of much of the spam people receive.
HTTP, is incorrect HTTP servers simply process requests.

Question 3

20
Twofish was designed to replace what algorithm? 
A. Blowfish 
B. DES
C. MD5
D. AES

Answer 3

B. Twofish was a candidate to replace DES as part of the AES competition.

Question 4

79
Which port should be opened on a firewall to permit e-mail traffic to pass? 
A. TCP 21
B. UDP 88
C. TCP 25
D. TCP 139

Answer 4

C. is correct; TCP Port 25 is used by SMTP (Simple Mail Transport Protocal)

Question 5

TCP 21 is used for what?

Answer 5

FTP

Question 6

Define (SMTP)

Answer 6

Simple Mail Transport Protocal

Question 7

UDP 88 is used with what?

Answer 7

Kerberos

Question 8

What is TCP 139 used for?

Answer 8

NetBIOS

Question 9

86
Privilege auditing is not useful for what?
A. following the “trust but verify” philosophy.
B. help[ing to ensure that users have been granted the correct privileges and rights required to perform their assigned duties.
C. Large corporations or positions with a high rate of turnover or employee movement.
D. identifying users with evil intentions

Answer 9

D. audits cannot determine users intentions, only what permissions the user should have based on logical factors.
A,B,C, are incorrect; these are all advantages of privilege auditing.

Question 10

48
An Accounting Lockout Policy is an excellent countermeasure against which type of attack?
A. Virus
B. DoS
C. Smurf Attack 
D. Brute-Force Attack

Answer 10

D. an account lockout policy will typically require an account be disabled for a period of time before the user can try their password again, making a brute force attack time-consuming and more easily detectable.

Question 11

64
A web application firewall is designed to detect and stop which of the following? 
A. SQL injection attacks
B. Port Scan 
C. Infected email traffic
D. Worms

Answer 11

A. web security gateways are intended to address the security threats and pitfalls unique to web-based traffic such as SQL injection attacks.
B,C,D, are incorrect; although these are potential attacks, they are not against web applications.

Question 12

78
When a certificate authority signs a certificate, it uses what to do so?
A. nothing, CAs do not sign certificates
B. the CA’s public key
C. the CA’s private key
D. the requestor’s public key

Answer 12

C. the CA uses its private key, allowing users to use the public key to authenticate the origin of the signature.
A. is incorrect, CA’s “do” download certificates

Question 13

97
Which of the following documents is used to determine your most critical business functions and is used to help build your DRP? 
A. Business Continuity Plan 
B. Backup Recovery Plan 
C. Business Function Assessment 
D. Business Impact Analysis

Answer 13

D. the BIA outlines what the loss of any of your critical functions will mean to the organization and is used in the development of the Disaster Recovery plan (DRP) .

Question 14

94
Which of the following models of computer security implements the principle,
Protection = Prevention + (Detection + Response) ?
A. Bell-LaPadula
B. Operational Security
C. Biba
D. Chinese Wall

Answer 14

B. the Operational Security model is defined as:
Protection = Prevention + (Detection + Response)
A,C,D, are incorrect, they are “access” control models of differing types.

Question 15

55
An Access Control List (ACL) is?
A. the list of authorized users on the system or network
B. the list of all authorized users that are currently on the system or network
C. a list that contains the subjects that have accfess rights to a particular object
D. A list of subjects not allowed access to a particular object

Answer 15

C. an “Access Control List” (ACL) is used to define which subjects have which access rights to a particular object. The list identifies not only the subject but the specific access granted to the subject for the object.

Question 16

99
Which of the following is an example of a MAC address? 
A. 127.0.0.1
B. 255.255.255.0
C. 2001:db8:85a3::8a2e:370:733
D. 00:07:e9:7c:c8:aa

Answer 16

D is correct, it is a MAC address and is a hexadecimal representation of 48 bitsw
A. is an IP address
B. is a common subnet mask for IPv4
C. is an IPv6 address

Question 17

33
Which device does not segregate data-link traffic?
A. Switch
B. Hub
C. Bridatege
D. VLAN

Answer 17

B. is correct as hubs do not segregate ant type of network traffice.
A. switches seperate traffic based on layer 2 addresses.
C. bridges split traffic based on layer 2 adddresses
D. is incorrect, VLANs are implemented using switches and layer 2 addresses.

Question 18

31
Which of the following is not a method to implement 802.1X?
A. EAP-RC2
B. EAP-MD5
C. EAP-TTLS
D. EAP-TLS

Answer 18

A. is correct, RC2 is not a valid crypto scheme for 802.1X
B,C, and D, are incorrect.
B uses MD5 for encryption
C. is tunneling TLS
D. is TLS

Question 19

98
Which of hte following measrues will NOT improve the pgysical security of a computer?
A. Insuring the server
B. Restricting physical access to the server
C. Use of locking rack mounts
D. High-Security locks

Answer 19

A. is the correct answer, insuring the server only provides a financial method of recovering from some aspect of lkoss; it does not improve the level of physical security.

Question 20

41
Which widely used protocol is available to vendors to establish their own customized authentication system? 
A. ICMP
B. EAP
C. PPP
D. PPTP

Answer 20

B is correct, Extensible Authentication Protocal (EAP) allows vendors to cusomize their own authentication system.
ICMP is not used in authentication

Question 21

17
What kind of algorithim uses the same key to encrypt and decrypt a message? 
A. Alphanumeric Algorithm
B. Asymmetric Algorithm
C. Symmetric Algorithm
D. Hash Algorithm

Answer 21

C is correct, Symmetric Algorithms use the same key to encrypt and decrypt.

Question 22

15
The attribute that prevents someone from later denying their actions is called what? 
A. Nonrepudiation
B. Key Escrow
C. Crytical Redundancy Check
D. Two-Factor Authentification

Answer 22

A is correct, nonrepudiation prohibits people from denying their actions.
B,C,D, are incorrect. These are all terms used in cryptography but do not relate to the concept of repudiation and nonrepudiation.

Question 23

60
Which of hte following is a reason given for limiting an object’s privileges as part of the principle of least priviledge?
A. It makes it easier to assign blame if a problem occurs.
B. It limits the amount of harm that can be caused, thus limiting an organization’s exposure to damage.
C. it simplifies the job of security administrators
D. It consolodates responsibility
with a few key individuals, thus making security decisions easier to make.

Answer 23

B. is correct, this is the primary reason given for implementing the concept of least privilege.

Question 24

88
Acceptable use policies are used to define
A. Data retention
B. Server consolidation planning
C. Security personnel responsibilities for network protection
D. All user responsibilities

Answer 24

D is correct, an acceptable use policy defines all user responsibilities with respect to using IT resources.

Question 25

21
When comparing two different implentations of the same algorithims for cryptographic strength, what is the best plan? 
A. Government recommendation
B. Algorithm manufacturer's website 
C. Age of algorithm 
D. Key length in bits

Answer 25

D. is correct, the strength of an implementation is directly related to keyspace (number of potential keys)

Question 26

3
The program TFTP uses waht port data transfer 
A. TCP 422
B. TCP 443
C. UDP 80
D. UDP 69

Answer 26

D. is correct, Tivial File Transfer Program (TFTP) operated over a UDP port69.

Question 27

68 
You have created a file on a remote server that is confidential. You wish to assign permission to access the file to selected members of your team. You will be choosing which of the following type pf access control systems?
A. Mandatory Access Control
B. Team-based Access Control 
C. Discretionary Access Control 
D. Group-based Control

Answer 27

C. Discretionary Access Control gives the user the option of setting controls.
A. is inccorect, as Mandatory Access Control does not provide for user control.

Question 28

95
Which of hte following documnets are mandatory elements regarding the implementaion od a policy? 
A. Guidlines
B. Standards 
C. Procedures 
D. Audit Findings

Answer 28

B is correct; standards are externally defined expectations with regard to a specific condition, hence they act to guide policy.

A, C, and D are incorrect; they are elements of a security process, just not mandatory elements, or elements with mandatory content.

Question 29

59
What is described as the chief drawback to the securcity principle of seperation of duties?
A. It is often not well accepted by users
B. It disperses responsibilities, thus making it easier for the insiders to take advantage of security holes.
C. The cost required in terms of both time and money.
D. It is a difficult concept to understand and implement.

Answer 29

C is correct; the chief drawback with the principle of separation of duties is the perceived cost involved.

A is incorrect; while it may not be popular among users, this is not a chief drawback. B and D are incorrect, as the principle is not hard to understand, and it doesn’t make it easier for insiders to take advantage of security holes.

Question 30

62 
Which of the following is a toll designed to identifiy what devices are connected to a given network and, where possible, the operating system in use on that device? 
A. Firewall
B. Web Security Gateway
C. All-in-one security appliance 
D. network mapper

Answer 30

D is correct; a network mapper is a tool designed to identify what devices are connected to a given network and, where possible, the operating system in use on that device.

A, B, and C are tools for operational security, not for network discovery.

Question 31

8
Which of hte following sends unguarenteed or best-effort data transfers? 
A. DNS
B. TCP
C. FTP
D. UDP

Answer 31

D is correct. User Datagram Protocol (UDP) sends data without guaranteeing delivery.

A is incorrect. DNS is not a data transfer protocol. B and C are both guaranteed delivery protocols.

Question 32

91 Which of the following security terms ensures that only authorized individuals are able to create or change information? 
A. Confidentiality
B. Integrity
C. Authentication
D. Non-repudiation

Answer 32

B is correct; integrity refers to the protection of information from unauthorized alteration.

A is incorrect; confidentiality refers to the protection of information disclosure to unauthorized parties. C and D are incorrect; they are not related to changing of information.

Question 33

80 
For security policy to be effective, it must be understood by: 
A. All employees 
B. Senior management 
C. System administrators
D. Security personnel

Answer 33

A. is correct because security is an all-hands effort; all employees must understand the effects of a security breach and the company policy associated with security.

B, C, and D are incorrect; as they are subsets of “All employees,” which is a better answer.

Question 34

28 
What type of firewall works primarily on port and IP addresses? 
A. Stateful Firewall 
B. Web application firewall
C. Socket layer firewall 
D. Packet filtering firewall

Answer 34

D is correct. A packet-filtering firewall works primarily on ports and IP addresses.

A and B are incorrect. They are different types of firewalls that require additional packet inspection. C is incorrect. This is a simple distractor.

Question 35

11
What six-byte number is used to identify a Network Interface Card? 
A. Interface label 
B. Media Access Control address 
C. Internal protocal number 
D. Fully Qualified Domain Name

Answer 35

B is correct. The Media Access Control (MAC) address uniquely identifies Network Interface Cards. The MAC address consists of a vendor number and serial number.

A is incorrect. It is a nonsensical distractor. C and D are incorrect. They are technical terms not related to layer 2 addressing.

Question 36

54
The activity of searching for unsecured wireless networks is know as what? 
A. War-mapping 
B. Wa-chalking 
C. War-driving 
D. War-monitoring

Answer 36

C is correct; the activity of searching for unsecured wireless networks is known as war-driving.

A, B, and D are incorrect; they are distractors using wireless terms and the “war-“ prefix.

Question 37

34 
An evil twin attack is performed utilizing:
A. Fire sheep plug-in for Firefox
B. Stolen credentials 
C. A rogue access point 
D. Spoofed packets

Answer 37

C is correct. An evil twin is a rogue access point set up by an attacker that produces a stronger signal than the legitimate access point, pulling in users by virtue of the stronger signal.

A is incorrect; the Fire sheep plug-in targets a different vulnerability. B is incorrect; credentials do not play a role in the evil twin attack. D is incorrect; spoofed packets are not involved in the evil twin attack.

Question 38

53
To sniff all network traffic connected to your computer, what is necessary?
A. You must have a public IP number
B. Your NIC card muist be in promiscuous mode
C. You must be in single-user mode
D. you must have an automatic IP address.

Answer 38

B is correct; your NIC card must be able to examine all traffic on your network media, which means it must be set to promiscuous mode.

A is incorrect; it is always true, and not discriminatory. C is incorrect; it is not relevant. D is incorrect; it is a nonsensical distractor.

Question 39

ECC is particularly suited to
A. Mainframes 
B. Signing digital contracts 
C. Storing passwords securley 
D. Mobile devices

Answer 39

D is correct. ECC requires very little power, making it ideal for low-power devices, such as mobile devices.

A, B, and C are incorrect. Although used on mainframes, ECC is primarily designed and used in low-power situations where transmission errors may occur, as in mobile devices.

Question 40

73
Which of the following services allows a client to retrieve email from a server? 
A. SNMP
B. POP3
C. FTP
D. HTTP

Answer 40

B is correct; POP3 (Post Office Protocol) is the only correct answer.

A is incorrect; SNMP is Simple Network Management Protocol. C is incorrect; FTP is for file transfers. D is incorrect; HTTP is used to communicate to a web server, not the e-mail server.

Question 41

46 Loop protection involves which of the following? 
A. Switches
B. VPNs 
C. Physical security 
D. Remote Access

Answer 41

A is correct; loops can be formed at layer 2, and the Spanning Tree Protocol is typically used to prevent loops.

B, C, and D are incorrect; they are distractors built using relevant terms.

Question 42

44 Which of the following describes an attack in which an attacker tries to write more data than allowed to a memory of a victim's computer? 
A. Buffer overflow
B. Cross-site script
C. Command injection attack 
D. Cross-site request forgery

Answer 42

A is correct; a buffer overflow results when data is written beyond the allocated memory. The data may overwrite other data space, code space, registers, or stack space, resulting in unexpected behavior.

B, C, and D are all attacks, but not ones that are the result of overwriting memory buffers.

Question 43

89
Which of the following steps will an attacker often take to attack a computer system?
A. Determine little information on the computer resource
B. Install patches for all known vulnerabilities
C. Limit the number of servics running on a system
D. Perform a port scan to identify al open ports.

Answer 43

D is correct; attackers will often perform a port scan to identify all open ports on a system to determine which potential vulnerabilities may be exploited.

A is incorrect; this is a nonsensical answer. B is incorrect; attackers will not install all patches. C is incorrect; this is a mitigation effort, not an attacker effort.

Question 44

14 Smart Card Authentication can be described as using the following to verify idnetity:
A. Something you have (Token)
B. somehting you are
C. a cryptographic ley to increase security
D. military grade security

Answer 44

A is correct. Smart cards are typically credit card-sized devices used to authenticate with a server that individuals carry with them.

B is incorrect. Something you are is related to biometrics, not smart cards. C and D are incorrect. Smart cards may use strong cryptography, but they are ultimately tokens.

Question 45

27

A root kit does what?

Answer 45

A is correct. Rootkits are designed to help malicious users, including unauthorized users, gain unauthorized administrative access to computers.

Question 46

70 
Clear text passswords are a weakness associated with which protocol? 
A. CHAP 
B. PAP 
C. Certificate based authentication 
D. Kerberos

Answer 46

B is correct; PAP is a two-way handshake involving the clear text transmission of a password.

A, C, and D are incorrect; they all involve encryption.

Question 47

61
Implicit deny in a firewall rule set means?
A. all traffic is rejected
B. all incoming traffic is rejected
C. any traffice not expressly permited is denied
D. any traffic not denied by a prior rule is permitted.

Answer 47

C is correct; implicit deny means that any traffic not expressly permitted by a rule in the firewall’s rule set or ACL is denied and rejected by the firewall.

A and B are incorrect; implementation would be equivalent to a disconnection, not a firewall. D is incorrect; this is an implicit allow.

Question 48

38 
Instead of Telnet, what protocal is recommended? 
A. Hyperterminal 
B. SSH
C. SSL
D. Open Terminal

Answer 48

B is correct, as Telnet sends messages in plaintext over the network. SSH is strongly recommended instead of Telnet.

A and D are incorrect and built using distractors from common terms. C is incorrect as SSL is a transport-level encryption methodology and not used for command-level access.

Question 49

36 
Callback can be exploited by what means? 
A. three-way calling 
B. smart card authentication 
C. caller id 
D. call forwarding

Answer 49

D is correct. Call Forwarding will route the legitimate call from the Remote Access Server to the attacker’s phone number.

A, B, and C are incorrect; they are all distractors built using terms that are relevant to the subject.

Question 50

43 
End users have respsonsibilities to protect information, and all of the folllowing policies are involved in the comprehensive effort eccept? 
A. clean desk policy 
B. sick leave policy 
C. password policy 
D. physical security policy

Answer 50

B is correct; sick leave policies do not involve access issues.

A is incorrect; leaving sensitive material on your desk when you are not there to safeguard it is a potential vulnerability. C is incorrect; passwords provide access to systems. D is incorrect; physical access by unauthorized personnel to materials and systems can create vulnerabilities

Question 51

4
Removing unnecessary services and applying service packs is an example of what? 
A. system migration 
B. system hardenning 
C. system mitigiation 
D.  system monitoring

Answer 51

B is correct. Removing unnecessary services and applying service packs is an example of system hardening.

A, C, and D are common terms meant to distract.

Question 52

13 Which of the following is not assocaited with authentification> 
A. something you are 
b. somehting you know 
c, somehting you have 
d. somehting you had

Answer 52

D is correct. Authentication is usually accomplished by providing something you “have”, “know”, or “are” (as in the case of biometrics). The key word is “had” as this implies past tense, and is therefore not appropriate for authentication.

A, B, and C are incorrect. These answers all relate to common items used for authentication

Question 53

67 
The formula for Single Loss Expectancy (SLE) is 
A. Asset Value time ALE 
B. ALE times Asset Value 
C. ALE times EF
D. Asset Value time EF

Answer 53

EXPLANATION:
D is correct; the formula for Single Loss Expectancy (SLE) is Asset Value times Exposure Value (EF).

A, B, and C are incorrect; they are distractors constructed from risk quantification terms.

Question 54

23
Proper humidity and temperature for information systems equipment is an exampe of what type of security? 
A. Physical security 
B. Perimeter Security 
C. Admistrative security 
D. Techincal security

Answer 54

A is correct. Environmental controls are an example of physical security.

B, C and D are incorrect. These are all common distractors. They are relevant terms to security, but not to this question.

Question 55

6 
An exampe of attacking the inherent trust a weg browser imparts to a web session is: 
A. Cross-site scripting
B. Rogue WAP 
C. Man-in-the-middle attacke 
D. Smurf Attack

Answer 55

A is correct. Cross-site scripting is an attack methodology; while all are attacks, this answer is most closely related to the web.

B, C, and D are incorrect. They are not tied directly to web browser activity.

Question 56

29 
TCP port 21 is typically associated with which protocal? 
A. SMTP 
B. SSH
C. FTP 
D. FTPS

Answer 56

C is correct. FTP uses TCP port 21 for control channel.

A is incorrect; SMTP uses port 25.
B is incorrect; SSH uses port 22.
D is incorrect; FTPS uses ports 989/990.

Question 57

An attack that simultaneously involves many attackers in an attempt to shut down services in known as what?
A. DDoS
B. DoS
C. War-chalking 
D. Social engineering

Answer 57

A is correct; an attack that simultaneously involves many attackers in an attempt to shut down services is known as a Distributed Denial of Service attack (DDoS). A DDoS attack is usually perpetrated by Zombie machines.

B is incorrect; Denial of Service is not from multiple attackers.
C is incorrect; war-chalking is the leaving of visual clues as to wireless locations.
D is incorrect; social engineering is an attack against the people element of security.

Question 58

Define DDoS:

(3) characteristics

Answer 58

1. Distributed Denial of Service attack (DDoS).
2. an attack that simultaneously involves many attackers in an attempt to shut down services
3. A DDoS attack is usually perpetrated by Zombie machines

Question 59

30 
A top-level CA exists in what type of PKI trust model? 
A. tower architecture
B. mesh architecture
C. hierarchical architecture 
D. web of trust

Answer 59

C is correct. A top-level CA is necessary to establish a hierarchical trust model.

A and B are incorrect. They are nonsensical distractors.
D is incorrect. Web of trust is a flat model dependent upon trust with peers.

Question 60

92
Which type of social enginerring attack targets only specific individuals high up in an organization, such as the corporate officers, with e-mail attempting to get them to reveal personal or sensitive information? 
A. Phishing 
B. Whaling 
C. Spammig 
D. Spear phishing

Answer 60

B is correct; whaling refers to the use of more senior execs to create trust in lower levels to any unauthorized users.

A, C, and D are incorrect. They are all social engineering attacks, but with different methodologies.

Question 61

25
What is the best way to generate a complex password>
A. concatenating two words so the password strength is greater than 10 characters
B. random generations from a computer program
C. using a passphrase
D. using your birth date and a name together

Answer 61

C is correct. A complex password is long and utilizes alphabetic and numeric characters. The best way to generate a complex password is as a passphrase.

A is incorrect. A dictionary attack can concatenate two words.
B is incorrect. Random passwords are difficult to remember and their use often results in users writing them down.
D is incorrect. Concatenating known pieces of information can be guessed.

Question 62

57

A Linux or UNIX file with the permissions 760 means what?

Answer 62

D is correct; a Linux or UNIX file with the permissions 760 means rwx for the owner, rw for the group, and no access for all others: 4=read (r), 2=write (w), and 1=execute (x).

A is incorrect; it is 751.
B is incorrect; it is 720.
C is incorrect; it is 750.

Question 63

83
To help secure production web servers, sample files:
A. should be set to read-only but left in place
B. should be removed from production servers
C. should be set to read-write and left in place
D. should be moved to a folder called/samples

Answer 63

B is correct; to help secure production web servers, sample files should be removed from all production servers.

A, C, and D are incorrect as they allow unneeded information to reside on production servers.

Question 64

18 
Quantum cryptography is best used for: 
A. Secure Key Distribution 
B. Mobile Devices 
C. MEssage Integrity 
D. Authentication 

Hint: Quantum cryptography can detect interception

Answer 64

A is correct. Quantum cryptography is best utilized for secure key distribution.

B, C, and D are incorrect. Quantum cryptography is computationally challenging (bad for mobile), and its strength is in detecting interception and in strength of encryption-ruling out C and D.

Question 65

1 
Spoofing can be described as: 
A. sending large columns of unsolicitied information 
B. pretending o be someone you are not 
C. monitoring network traffic 
D. scanning network traffic 

Hint
The common definition of spoofing is to do what?

Answer 65

B is correct. Spoofing can be described as pretending to be someone you are not.

A is incorrect; this is flooding.
C and D are not attacks, but rather are techniques to detect attacks.

Question 66

69 
Who is responsible for access control on objects in the Manatory Access Control (MAC) model? 
A. owner of hte object 
B. creatore of the object 
C. system adminsitrator 
D. security officer

Hint:
In the MAC model, permissions are predetermined.

Answer 66

C is correct; the system administrator is responsible for Mandatory Access Control model implementation on the system.

A and B are incorrect; owners and creators can administer Discretionary Access Control (DAC) systems. D is incorrect; it is a simple distractor.

Question 67

63
An application that executes malicious code when a predetermined event occurs is called what?

Hint: 
A predetermined event is the trigger of a broad class of attacks.

Answer 67

D is correct; logic bombs will execute based on predetermined events.

A is incorrect; evil twin is a wireless attack. B is incorrect; root kits are a means of changing the system files and operation of an OS. C is incorrect; back doors are alternative means of entry.

Question 68

35 
Which of the following is not a typical cloud-based offering? 
A. platform as a service 
B. infrastructure as a service 
C. authentification as a service 
D. software as a service 

Hint:
What are the attributes of cloud-based services?

Answer 68

C is correct; authentication does not lend itself to the autoprovisioning aspects of cloud services.

A is incorrect; Platform as a Service (PaaS) is the autoprovisioning of platforms across a network.
B is incorrect; Infrastructure as a Service (IaaS) is the autoprovisioning of infrastructure across a network.
D is incorrect; Software as a Service (SaaS) is the autoprovisioning of software across a network.

Question 69

40 
Which Boolean operator is most commonly used in cryptographic applications? 
A. XOR 
B. NOR 
C. OR 
D. NAND 

Hint:
Streaming ciphers.

Answer 69

A is correct; the Exclusive OR (XOR) is typically used to encrypt and decrypt data.

B, C, and D are incorrect; they are built from logical distractors.

Question 70

74 
Which of the following is not cryptogaphic algorithm used for encryption? 
A. DES
B. MD5
C. ECC
D. AES 

Hint:
Encryption implies decryption.

Answer 70

B is correct; MD5 is a hash algorithm and is not used to encrypt information.

A is incorrect; DES is the Data Encryption Standard.
C is incorrect; ECC is elliptic curve cryptography.
D is incorrect; AES is Advanced Encryption Standard.

Question 71

24
What is tailgating?
A. observing another employee enter a security code
B. slipstreaming
C. cascading
D. following another individual through an open door

Hint
Tailgating when driving refers to what?

Answer 71

D is correct. Following an individual through a normally locked door is called tailgating.

A is incorrect, it is a form of social engineering called shoulder surfing.
B and C are incorrect. They are nonsensical distractors.

Question 72

7
All employees should be expected to read nad understand which of hte following documents associated with end-user resonsibilities? 
A. acceptable user agreement 
B. firewall rules
C. flodd guard procedures 
D. business impact analysis 

Hint:
All employees” is key.

Answer 72

A is correct. All employees should read and understand the firm’s acceptable use policy.

B, C, and D are common security elements used as distractors. Not all choices would apply to all employees.

Question 73

72 
Which type of social enginering attack utilizes voice messaging to send insolicitied bulk messages? 
A. Vishing 
B. SPIM 
C. SPAM 
D. War driving 

Hint:
Instant messaging is a voice communication technology.

Answer 73

B is correct. SPIM is basically SPAM sent via a messaging service.

A is incorrect; vishing is basically a variation of phishing that uses voice communication technology to obtain the information the attacker is seeking.

C is incorrect; SPAM is not associated directly with voice messaging. When it is, it is called SPIM, making B a better choice.
D is incorrect; it is a nonsensical distractor.

Question 74

32 Testers who have full access to design and coding elements in developing their test plan are using which methodology? 
A. black box testing 
B. grey box testing 
C. open source testing 
D. white box testing 

Hint:
Memorization element, no hint available

Answer 74

D is correct; white box testing refers to testing schemes where design and coding decisions are open to inspection.

A is incorrect; black-box testing refers to testing in which the testers have no knowledge of what is inside.
B is incorrect; grey-box testing refers to partial knowledge.
C is incorrect; it is a combination of terms meant to distract.

Question 75

81 Data classification allows an organization to determine what?
A. Data retention Policy: when can data be destroyed?
B. Data storage policy: how should data be stored?
C. Data security policy: how much protection does data the nata need?
D. Data duplication policy: how the data should be copied.

Hint:
Data classification is the foundation of _____, which can then be used to make crucial data management decisions.

Hint:

Answer 75

C is correct; data classification is the cornerstone of determining what the security requirements are for the data.

A is incorrect; retention is not strictly determined by data sensitivity (classification). B is incorrect; storage is not strictly determined by data sensitivity (classification). D is incorrect; duplication is not strictly determined by data sensitivity (classification).

Question 76

To help secure DNS servers, zone transfers should:
A. be limited to DNS servers that need access to the entire zone information for update and replication purposes
B. always be disabled
C. restricted to hosts on the local network only
D. be permitted as long as another DNS server is making the zone transfer request.

Hint:
The objective is to secure DNS operations, not restrict them.

Answer 76

A is correct; zone transfers should be limited to DNS servers that need access to the entire zone information for update and replication purposes.

B, C, and D are incorrect as they would impair DNS operations.

Question 77

5
What type of device stores and issues certificates? 
A. CA
B. WAP
C. PEAP 
D. Router 

Hint
Which elements belong to PKI?

Answer 77

A is correct. A certificate authority (CA) stores and issues certificates.

B, C, and D are incorrect; they are security acronyms and terms used to distract.

Question 78

51 
What is the term given to the process of returning to an earlier release of a software application in the event that a new release causes either a partial or complete failure? 
A. software backup 
B. software oatch purge 
C. backout 
D. software scrub 

Hint:
In the event of failure during a software update, one needs a ____ plan.

Answer 78

C is correct; a backout plan is the steps to restore a system in the event of a failure of an upgrade.

A, B, and D are incorrect; they are distractors constructed from relevant terms.

Question 79

45 
Which of the following is centralized security based on typical job types? 
A. MAC
B. RBAC
C. Realm-based 
D. DAC

Hint:
“Typical job types” implies groups.

Answer 79

B is correct; Role-based Access Control (RBAC) grants access based on the type of work the user is granted.

A is incorrect; Mandatory Access Control is based on data, not job type.
C is incorrect; Realm-based is not based on job types.
D is incorrect; Discretionary Access Control is based on data, not job type.

Question 80

22
A \_\_\_\_\_\_\_\_\_\_ refers to a bootable media device left in the open with an enticing title. 
A. USB stick 
B. live CD
C. Road apple 
D. phishing stinger 

Hint:
Slang Term

Answer 80

C is correct. “Road apple” is the term used to describe the social engineering attack associated with leaving bootable media for people to pick up and use.

A and B are incorrect; they can be bootable media, but are not necessarily an attack.
D is a nonsense distractor.

Question 81

76 
PKI is used to manage identitied through the use of: 
A. certificates 
B. digital signatures 
C. kerberos tickets 
D. hardward-based tokens 

Hint
___________’s are used to convey information on identities between parties.

Answer 81

A is correct; a PKI uses certificates to pass keys associated with identities.

B is incorrect; digital signatures involve certificates and PKI, but they don’t manage the identities.
C is incorrect; Kerberos can involve certificates and PKI, but it doesn’t manage the identities.
D is a distractor using a security term.

Question 82

16
A one-way algorithm that creates a unique fized-size number from a variable-length message is known as what? 
A. Algorithmic Number Sequence 
B. Symmetric encryption 
C. RIPEMD
D. Hash 

Hint:
MD5 and SHA1 are examples.

Answer 82

D is correct. A hash is a fixed-sized result of an algorithm that is generated based on the content of the input to an algorithm.

A is incorrect; it is a nonsense term.
B and C are cryptographic terms associated with other cryptographic items, not fixed block.

Question 83

Give 2 examples of a “Hash”

*a one-way algorithm that creates a unique fized-size number from a variable-length message

Answer 83

MD5 and SHA1

Question 84

84
On mail servers, relaying occurs when:
A. a message is forwaded between local users
B. the server handles a message and neither the sender not the recipient is a local user
C. the server handles a message and the sender is not a local user
D. the server handles a message and the recipient is not a local user

Hint:
Mail relay is used to spoof mail addresses.

Answer 84

B is correct; on mail servers, relaying occurs when the server handles a message and neither the sender nor the recipient is a local user.

A, C, and D are incorrect as they are all related to normal e-mail processing.

Question 85

2 
Flood Guards are related to which elements of network security? 
A. spanning tree algorithm
B. IDS/IPS
C. routing 
D. physical security 

Hint:
Floods would be detected by what element on a network?

Answer 85

B is correct. Flooding-type attacks can be caught using an intrusion detection (or prevention) system.

A is incorrect. Spanning Tree Algorithm is related to loop protection.
C and D are incorrect. Both are legitimate terms, but not related to flooding attacks and prevention.

Question 86

Define
IDS
IPS
& what it does?

Answer 86

intrusion detection system
intrusion prevention system

Flood Guards related to which elements of network security? Flooding-type attacks can be caught using these.

Question 87

71 
Kerberos systems require which of the following item(s)? 
A. (KDC) Key Distribution Center 
B. (RAS) Remote Access Server 
C.  Client Certificate 
D. (CA) Certificate Authority 

Hint
Kerberos uses tickets to pass ____ between requestor and servers.

Answer 87

A is correct; Kerberos uses a KDC, which is composed of two parts, an Authentication Server (AS) and a Ticket Granting Server (TGS).

B, C, and D are incorrect; an RAS is not required, nor is a client certificate or a certificate authority in the Kerberos scheme.

Question 88

What (2) parts compose “Kerberos”

Answer 88

(AS) Authentification Server

(TGS) Ticket Granting Server

Question 89

Which media is most susceptible to EMI? 
A. Fiber Optic 
B. Unshielded Twisted-Pair (UTP) 
C. Thicknet 
D.  IR transfers 

Hint
What is the definition of EMI, and what is it related to?

Answer 89

B is correct. Unshielded Twisted-Pair (UTP) is most susceptible to electromagnetic interference.

A and D are incorrect. Both of these media are outside the typical frequency range of EMI, and in the case of fiber optics, shielded as well.
C is incorrect as it is a shielded cable.

Question 90

50
Escalation auditing is the process of looking for:

A. an increase in the nubmer of users on a system
B. a decrease in user rights
C. an increase in privilege
D. unauthorized logins

Hint:
Escalation is a key term in the question.

Answer 90

C is correct; escalation auditing is the process of looking for an increase in privilege.

A is incorrect; this is a nonsensical distractor.
B is incorrect; this is not an escalation issue. The audit searches for threats that can come from an increase in privilege.
D is incorrect; although unauthorized logins are a security issue, they are not related to this topic.

Question 91

85
Internet content filter appliances can be used to:
A. restrict outgoing network traffic
B. block end-users access to specific types of data based on content
C. manage website content across multiple web servers
D. prevent intrusions to web servers

Hint:
Purpose is to filter Internet-based content.

Answer 91

B is correct; Internet content filters act to restrict the types of information being accessed by web users.

A is incorrect; this is data loss prevention.
C is incorrect; this is load balancing.
D is incorrect; this is done by web application firewalls.

Question 92

39 
Which protocol is a countermeasure for network sniffing? 
A. Telnet 
B. SSH
C. FTP 
D. TCP 

Hint:
Plaintext can be sniffed.

Answer 92

B is correct; Secure Shell (SSH) encrypts traffic, making the traffic not available to sniffers.

A, C, and D are incorrect; they are all plaintext protocols, with their traffic available for sniffing.

Question 93

Define (SSH)

Answer 93

Secure Shell (SSH) encrypts traffic, making the traffic not available to sniffers.

Question 94

9 
Which of the following is not classification of a security control type? 
A. Techincal 
B. Managerial 
C. Auditable 
D. Operational 

Hint
There are three main types of security controls.

Answer 94

C is correct. Auditability is not a descriptive element associated with security controls.

A, B, and D are incorrect.
They are all types of security controls.

Question 95

12
What does ACL stnad for? 
A. Access Configuration List 
B. Approved Computer Listing 
C. Access Control List 
D. Audit Control List 

Hint
Files use these for permissions.

Answer 95

C is correct. ACL stands for Access Control list.

A and D are incorrect; they are distractors from unrelated technical terms.
B is incorrect; it is a nonsensical distractor.

Question 96

42 
Which ofthe following does not secure e-mail? 
A. PGP
B. S/MIME
C. MIME
D. OpenPGP 

Hint
Securing e-mail requires encryption.

Answer 96

C is correct, as S/MIME, PGP, and OpenPGP are all methods of securing e-mail via encryption. MIME is not encrypted.

A, B, and D are incorrect, as they all enable encryption with e-mail.

Question 97

Name (3) methods for securing e-mail.

Answer 97

1. S/MIME
2. PGP
3. OpenPGP

Question 98

96 
Which of hte following is an environmental issue that could breach computer security? 
A. Brute Force attack 
B. Social Engineering 
C. Air Conditioning 
D. Piggybacking 

Hint
Environmental issue

Answer 98

C. Air conditioning failures can lead to overheating and system shutdowns, adversely affecting availability, one of the elements of security.

A, B, and D are incorrect; they are security term distractors.

Question 99

77 
A key element in using PKI certificate security is the use of which of the following? 
A. digital signature 
B. Web of trust 
C. RA
D. CRL 

Hint:
How do you know a certificate is still valid?

Answer 99

D is correct. CRL (Certificate Revocation List) is the best answer. The CRL determines whether the issuer has revoked the certificate.

A and C are incorrect; they are involved, but not in any fashion that provides better security than a CRL.
B is incorrect; it is not involved in PKI certificate trust decisions.

Question 100

Define (CRL)

And what it does?

Answer 100

Certificate Revocation List

*a key element in using PKI certificate security

Question 101

49 
Lockouts prevent what type of activity 
A. 135, 137, 139 
B. 137, 138, 139 
C. 135, 139 
D. 137, 139 

Hint
This is a memorization element.

Answer 101

B is correct; UDP 137 is NetBIOS name service, UDP 138 is NetBIOS Datagram service, and TCP 139 is NetBIOS connection.

A and C are incorrect; as port 135 is not associated with NetBIOS.
D is incorrect as it skips port 138, which is part of NetBIOS.

Question 102

10
Which of the following correctly describes the TCP three-way handshake? 
A. SYN, SYN/ACK, ACK
B. SYN, SYN, ACK
C. SYN, ACK, FIN
D. SYN, PSH, FIN

Hint
Think of a conversation

Answer 102

A is correct. The three-way handshake is as follows: SYN, SYN/ACK, ACK. Each of these items is represented as one bit in the TCP Header.

B, C, and D are incorrect; they are IP flags used as distractors.

Question 103

82
A disadvantage of a Full backup is”

A. it cna only be stored on tape
B. it takes the longest time to restore
C. it contains all data on the system
D. it can contain malware

Hint
What are the operational characteristics of a Full backup compared to other types?

Answer 103

B is correct; a full backup takes the longest to restore as it contains all information.

A is incorrect; full backups can be stored on a variety of media.
C is incorrect; it is not a disadvantage.
D is incorrect; all backups can backup malware infections, it is not unique to full backups.

Question 104

87
An advantage of symmetric key-based encryption over asymmetric encryption is:

A. speed of operation for bulk encryption/decryption
B. simplicity of lagorithm for coding
C. an increased level of security
D. ease of key distribution

Hint
Symmetric key-based encryption is commonly used for what functions?

Answer 104

A is correct; symmetric key is faster than asymmetric key cryptography, hence it is better for bulk operations.

B is incorrect; symmetric vs. asymmetric has no relation to complexity of algorithms.
C is incorrect; symmetric vs. asymmetric has no relation to level of security.
D is incorrect; asymmetric algorithms solve key distribution issues.

Question 105

52
What type of survey is performed to assess the optimal location of Wireless Access Points?

A. WAP survey
B. Site survey
C. Spectrum survey
D. LAN survey

Hint
The location of wireless devices is dependent upon what?

Answer 105

B is correct; a site survey is performed to assess the optimal location of Wireless Access Points.

A, C, and D are distractors built from common wireless terms.

Question 106

58
Configuring the operating system of a hard drive with RAID 1, is an example of what?

A. fault redundanct
B. fault recovery
C. fault tolerance
D. swapping

Hint
This is a definition question.

Answer 106

C is correct; configuring the operating system of a hard drive with RAID 1 is an example of fault tolerance.

A, B, and D are distractors made from common terms in this area of knowledge.

Question 107

93
Which security princicple has to be combined with host security to avoid introducing or overlooking vulnerabilities in a system?

A. Network Security
B. Layered Security
C. Defense in Depth
D. Least Privilege

Hint:
Hosts work with ______.

Answer 107

A is correct. Network security must be combined with host-based security to close all potential paths of attack.

B, C, and D are incorrect as they all offer incomplete solutions. A is more comprehensive and the best answer.

Question 108

37
Which of the following protocols cannot travers NAT?

A. SMTP
B. NTP
C. L2TP
D. FTP

Hint
NAT occurs at what level of the OSI model?

Answer 108

C is correct; L2TP cannot traverse NAT. One recommended option is to have the VPN terminate at the firewall instead of traversing it.

A, B, and D are incorrect; SMTP, NTP, and FTP applications can communicate across NAT.

Question 109

100
In which of the following attacks does the attacker ensure that all communication going to or from the target machine passes through the attacker’s machine?

A. replay attack
B. spoofing
C. brute force attack
D. Man-in-the-middle attack

Hint
The name describes how the data flows.

Answer 109

D is correct; in the man-in-the-middle attack, the attacking machine inserts itself in the path of communications between the target machine and its connections.

A is incorrect; in replay attacks, the replay packets do not involve all data.
B is incorrect; spoofing is falsifying content fields.
C is incorrect; the brute force method alleviates the importance of the positioning of the attacker with respect to their pattern of attack.