Deck B

Question 1

One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do?

A. Segment the network

B. Use 802.1X

C. Deploy a proxy sever

D. Configure ACLs

E. Write an acceptable use policy

Answer 1

Segment the network

Question 2

Requiring technicians to report spyware infections is a step in which of the following?

A. Routine audits

B. Change management

C. Incident management

D. Clean desk policy

Answer 2

Incident management

Question 3

Which of the following ports should be used by a system administrator to securely manage a remote server?

A. 22

B. 69

C. 137

D. 445

Answer 3

22

Question 4

A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?

A. NIDS

B. CCTV

C. Firewall

D. NIPS

Answer 4

CCTV

Question 5

Which of the following is replayed during wireless authentication to exploit a weal key infrastructure?

A. Preshared keys

B. Ticket exchange

C. Initialization vectors

D. Certificate exchange

Answer 5

Ticket exchange

Question 6

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;–” and “or 1=1 –“) were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?

A. The user is attempting to highjack the web server session using an open-source browser.

B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.

C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.

D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

Answer 6

The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

Question 7

Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO’s office with various connected cables from the office. Which of the following describes the type of attack that was occurring?

A. Spear phishing

B. Packet sniffing

C. Impersonation

D. MAC flooding

Answer 7

Packet sniffing

Question 8

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?

A. Cluster tip wiping

B. Individual file encryption

C. Full disk encryption

D. Storage retention

Answer 8

Cluster tip wiping

Question 9

Which of the following can be implemented with multiple bit strength?

A. AES

B. DES

C. SHA-1

D. MD5

E. MD4

Answer 9

AES

Question 10

A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?

A. OCSP

B. PKI

C. CA

D. CRL

Answer 10

CRL

Question 11

Which of the following helps to establish an accurate timeline for a network intrusion?

A. Hashing images of compromised systems

B. Reviewing the date of the antivirus definition files

C. Analyzing network traffic and device logs

D. Enforcing DLP controls at the perimeter

Answer 11

Analyzing network traffic and device logs

Question 12

A company recently experienced data loss when a server crashed due to a midday power outage.
Which of the following should be used to prevent this from occurring again?

A. Recovery procedures

B. EMI shielding

C. Environmental monitoring

D. Redundancy

Answer 12

Redundancy

Question 13

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Peter, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Peter indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

A. Privacy Policy

B. Security Policy

C. Consent to Monitoring Policy

D. Acceptable Use Policy

Answer 13

Acceptable Use Policy

Question 14

Which of the following is where an unauthorized device is found allowing access to a network?

A. Bluesnarfing

B. Rogue access point

C. Honeypot

D. IV attack

Answer 14

Rogue access point

Question 15

A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?

A. Site visit to the backup data center

B. Disaster recovery plan review

C. Disaster recovery exercise

D. Restore from backup

Answer 15

Disaster recovery exercise

Question 16

A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?

A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator.

B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll.

C. Create two additional generic accounts, one for payroll and one for sales that users utilize.

D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.

Answer 16

Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.

Question 17

An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?

A. Vulnerability scan

B. Risk assessment

C. Virus scan

D. Network sniffer

Answer 17

Vulnerability scan

Question 18

A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?

A. A CRL

B. Make the RA available

C. A verification authority

D. A redundant CA

Answer 18

A CRL

Question 19

Emily, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

A. A recent security breach in which passwords were cracked.

B. Implementation of configuration management processes.

C. Enforcement of password complexity requirements.

D. Implementation of account lockout procedures.

Answer 19

A recent security breach in which passwords were cracked.

Question 20

Several bins are located throughout a building for secure disposal of sensitive information.
Which of the following does this prevent?

A. Dumpster diving

B. War driving

C. Tailgating

D. War chalking

Answer 20

Dumpster diving

Question 21

Which of the following is the MOST specific plan for various problems that can arise within a system?

A. Business Continuity Plan

B. Continuity of Operation Plan

C. Disaster Recovery Plan

D. IT Contingency Plan

Answer 21

IT Contingency Plan

Question 22

Which of the following provides data the best fault tolerance at the LOWEST cost?

A. Load balancing

B. Clustering

C. Server virtualization

D. RAID 6

Answer 22

RAID 6

Question 23

Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?

A. Subnetting

B. NAT

C. Jabber

D. DMZ

Answer 23

Jabber

Question 24

A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?

A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.

B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.

C. Exploit security controls to determine vulnerabilities and misconfigurations.

D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.

Answer 24

Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.

Question 25

Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?

A. Transport encryption

B. Steganography

C. Hashing

D. Digital signature

Answer 25

Steganography

Question 26

Which of the following is replayed during wireless authentication to exploit a weak key infrastructure?

A. Preshared keys

B. Ticket exchange

C. Initialization vectors

D. Certificate exchange

Answer 26

Ticket exchange

Question 27

A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?

A. Assign users passwords based upon job role.

B. Enforce a minimum password age policy.

C. Prevent users from choosing their own passwords.

D. Increase the password expiration time frame.

Answer 27

Enforce a minimum password age policy.

Question 28

A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?

A. $7,000

B. $10,000

C. $17,500

D. $35,000

Answer 28

$17,500

Question 29

A network consists of various remote sites that connect back to two main locations. Peter, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

A. Block port 23 on the L2 switch at each remote site

B. Block port 23 on the network firewall

C. Block port 25 on the L2 switch at each remote site

D. Block port 25 on the network firewall

Answer 29

Block port 23 on the network firewall

Question 30

A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability?

A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot the server and monitor for any changes

B. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the patch, and monitor for any changes

C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes

D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for any changes

Answer 30

Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes

Question 31

Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues?

A. URL filter

B. Spam filter

C. Packet sniffer

D. Switch

Answer 31

Packet sniffer

Question 32

Which of the following tools will allow a technician to detect security-related TCP connection anomalies?

A. Logical token

B. Performance monitor

C. Public key infrastructure

D. Trusted platform module

Answer 32

Performance monitor

Question 33

A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

A. User assigned privileges

B. Password disablement

C. Multiple account creation

D. Group based privileges

Answer 33

Group based privileges

Question 34

A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:

A. attack surface.

B. application hardening effectiveness.

C. application baseline.

D. OS hardening effectiveness.

Answer 34

attack surface

Question 35

A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?

A. Eye Witness

B. Data Analysis of the hard drive

C. Chain of custody

D. Expert Witness

Answer 35

Chain of custody

Question 36

Emily, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

A. Logic bomb

B. Worm

C. Trojan

D. Adware

Answer 36

Trojan

Question 37

Peter, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?

A. The system is running 802.1x.

B. The system is using NAC.

C. The system is in active-standby mode.

D. The system is virtualized.

Answer 37

The system is virtualized.

Question 38

Which of the following access controls enforces permissions based on data labeling at specific levels?

A. Mandatory access control

B. Separation of duties access control

C. Discretionary access control

D. Role based access control

Answer 38

Mandatory access control

Question 39

A user attempts to install new and relatively unknown software recommended by a colleague. The user is unable to install the program, despite having successfully installed other programs previously. Which of the following is MOST likely the cause for the user’s inability to complete the installation?

A. Application black listing

B. Network Intrusion Prevention System

C. Group policy

D. Application white listing

Answer 39

Application black listing

Question 40

A user ID and password together provide which of the following?

A. Authorization

B. Auditing

C. Authentication

D. Identification

Answer 40

Authentication

Question 41

Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of.

A. Scarcity

B. Familiarity

C. Intimidation

D. Trust

Answer 41

Scarcity

Question 42

Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack?

A. ARP poisoning

B. DoS

C. Replay

D. Brute force

Answer 42

Replay

Question 43

A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?

A. Malicious insider threat

B. Zero-day

C. Client-side attack

D. Malicious add-on

Answer 43

Zero-day

Question 44

Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?

A. Protocol filter

B. Load balancer

C. NIDS

D. Layer 7 firewall

Answer 44

Layer 7 firewall

Question 45

Ann is a member of the Sales group. She needs to collaborate with Peter, a member of the IT group, to edit a file. Currently, the file has the following permissions:
Ann:read/write
Sales Group:read
IT Group:no access If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Peter?

A. Add Peter to the Sales group.

B. Have the system administrator give Peter full access to the file.

C. Give Peter the appropriate access to the file directly.

D. Remove Peter from the IT group and add him to the Sales group.

Answer 45

Give Peter the appropriate access to the file directly.

Question 46

Peter, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

A. Connect the WAP to a different switch.

B. Create a voice VLAN.

C. Create a DMZ.

D. Set the switch ports to 802.1q mode.

Answer 46

Create a voice VLAN.

Question 47

A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet?

A. SCP

B. SSH

C. SFTP

D. SSL

Answer 47

SSH

Question 48

Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee’s credential?

A. Account expiration

B. Password complexity

C. Account lockout

D. Dual factor authentication

Answer 48

Account expiration

Question 49

A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?

A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port

B. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port

C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080

D. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80

Answer 49

Create a static PAT from port 80 on the outside interface to the internal interface on port 8080

Question 50

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log:
22, 25, 445, 1433, 3128, 3389, 6667
Which of the following protocols was used to access the server remotely?

A. LDAP

B. HTTP

C. RDP

D. HTTPS

Answer 50

RDP

Question 51

A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).
Which of the following attack types has occurred?

A. Buffer overflow

B. Cross-site scripting

C. XML injection

D. SQL injection

Answer 51

Buffer overflow

Question 52

Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?

A. TACACS

B. XTACACS

C. RADIUS

D. TACACS+

Answer 52

TACACS+

Question 53

Which of the following uses port 22 by default? (Select THREE).

A. SSH

B. SSL

C. TLS

D. SFTP

E. SCP

F. FTPS

G. SMTP

H. SNMP

Answer 53

SSH

SFTP

SCP

Question 54

A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks.
Which of the following practices is being implemented?

A. Mandatory vacations

B. Job rotation

C. Least privilege

D. Separation of duties

Answer 54

Job rotation

Question 55

The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action?

A. Create a single, shared user account for every system that is audited and logged based upon time of use.

B. Implement a single sign-on application on equipment with sensitive data and high-profile shares.

C. Enact a policy that employees must use their vacation time in a staggered schedule.

D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes.

Answer 55

Enact a policy that employees must use their vacation time in a staggered schedule.

Question 56

Which of the following provides the strongest authentication security on a wireless network?

A. MAC filter

B. WPA2

C. WEP

D. Disable SSID broadcast

Answer 56

WPA2

Question 57

Which of the following common access control models is commonly used on systems to ensure a “need to know” based on classification levels?

A. Role Based Access Controls

B. Mandatory Access Controls

C. Discretionary Access Controls

D. Access Control List

Answer 57

Mandatory Access Controls

Question 58

sers need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?

A. Session Key

B. Public Key

C. Private Key

D. Digital Signature

Answer 58

Private Key

Question 59

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?

A. Lessons Learned

B. Preparation

C. Eradication

D. Identification

Answer 59

Preparation

Question 60

An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims. This describes which of the following?

A. Spear phishing

B. Phishing

C. Smurf attack

D. Vishing

Answer 60

Spear phishing

Question 61

Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?

A. Identify user habits

B. Disconnect system from network

C. Capture system image

D. Interview witnesses

Answer 61

Capture system image

Question 62

A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network.
Which of the following should the administrator implement?

A. WPA2 over EAP-TTLS

B. WPA-PSK

C. WPA2 with WPS

D. WEP over EAP-PEAP

Answer 62

WEP over EAP-PEAP

Question 63

Which of the following incident response plan steps would MOST likely engaging business professionals with the security team to discuss changes to existing procedures?

A. Recovery

B. Incident identification

C. Isolation / quarantine

D. Lessons learned

E. Reporting

Answer 63

Lessons learned

Question 64

What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?

A. Enticement

B. Entrapment

C. Deceit

D. Sting

Answer 64

Entrapment

Question 65

Which of the following can Peter, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program?

A. RAID

B. Clustering

C. Redundancy

D. Virtualization

Answer 65

Clustering

Question 66

Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?

A. 802.1x

B. Data encryption

C. Password strength

D. BGP

Answer 66

802.1x

Question 67

Visible security cameras are considered to be which of the following types of security controls?

A. Technical

B. Compensating

C. Deterrent

D. Administrative

Answer 67

Deterrent

Question 68

A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?

A. DoS

B. Account lockout

C. Password recovery

D. Password complexity

Answer 68

Account lockout

Question 69

Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?

A. SSLv2

B. SSHv1

C. RSA

D. TLS

Answer 69

TLS

Question 70

The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand?

A. Warm site implementation for the datacenter

B. Geographically disparate site redundant datacenter

C. Localized clustering of the datacenter

D. Cold site implementation for the datacenter

Answer 70

Geographically disparate site redundant datacenter

Question 71

Matt, an administrator, is concerned about the wireless network being discovered by war driving.
Which of the following can be done to mitigate this?

A. Enforce a policy for all users to authentic through a biometric device.

B. Disable all SSID broadcasting.

C. Ensure all access points are running the latest firmware.

D. Move all access points into public access areas.

Answer 71

Disable all SSID broadcasting.

Question 72

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

A. User Awareness

B. Acceptable Use Policy

C. Personal Identifiable Information

D. Information Sharing

Answer 72

Personal Identifiable Information

Question 73

A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?

A. Black box testing

B. White box testing

C. Gray box testing

D. Design review

Answer 73

Gray box testing

Question 74

After entering the following information into a SOHO wireless router, a mobile device’s user reports being unable to connect to the network:
PERMIT 0A: D1: FA. B1: 03: 37
DENY 01: 33: 7F: AB: 10: AB
Which of the following is preventing the device from connecting?

A. WPA2-PSK requires a supplicant on the mobile device.

B. Hardware address filtering is blocking the device.

C. TCP/IP Port filtering has been implemented on the SOHO router.

D. IP address filtering has disabled the device from connecting.

Answer 74

Hardware address filtering is blocking the device.

Question 75

Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).

A. 110

B. 137

C. 139

D. 143

E. 161

F. 443

Answer 75

137

139

Question 76

Users are trying to communicate with a network but are unable to do so. A network administrator sees connection attempts on port 20 from outside IP addresses that are being blocked. How can the administrator resolve this?

A. Enable stateful FTP on the firewall

B. Enable inbound SSH connections

C. Enable NETBIOS connections in the firewall

D. Enable HTTPS on port 20

Answer 76

Enable stateful FTP on the firewall

Question 77

A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:

A. Logic bomb.

B. Backdoor.

C. Adware application.

D. Rootkit.

Answer 77

Backdoor

Question 78

Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage and access these servers?

A. SSL

B. TLS

C. HTTP

D. FTP

Answer 78

TLS

Question 79

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?

A. Disable the SSID broadcasting

B. Configure the access points so that MAC filtering is not used

C. Implement WEP encryption on the access points

D. Lower the power for office coverage only

Answer 79

Lower the power for office coverage only

Question 80

After a security incident involving a physical asset, which of the following should be done at the beginning?

A. Record every person who was in possession of assets, continuing post-incident.

B. Create working images of data in the following order: hard drive then RAM.

C. Back up storage devices so work can be performed on the devices immediately.

D. Write a report detailing the incident and mitigation suggestions.

Answer 80

Record every person who was in possession of assets, continuing post-incident.

Question 81

Identifying residual is MOST important to which of the following concepts?

A. Risk deterrence

B. Risk acceptance

C. Risk mitigation

D. Risk avoidance

Answer 81

Risk mitigation

Question 82

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

A. Hard drive encryption

B. Infrastructure as a service

C. Software based encryption

D. Data loss prevention

Answer 82

Hard drive encryption

Question 83

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?

A. Availability

B. Integrity

C. Confidentiality

D. Fire suppression

Answer 83

Availability

Question 84

A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements?

A. Trust model

B. Key escrow

C. OCSP

D. PKI

Answer 84

Trust model

Question 85

CompTIA Security+ Question B-85

A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?

A. Content filtering

B. IDS

C. Audit logs

D. DLP

Answer 85

DLP

Question 86

Connections using point-to-point protocol authenticate using which of the following? (Select TWO).

A. RIPEMD

B. PAP

C. CHAP

D. RC4

E. Kerberos

Answer 86

PAP

CHAP

Question 87

A systems administrator has made several unauthorized changes to the server cluster that resulted in a major outage. This event has been brought to the attention of the Chief Information Office (CIO) and he has requested immediately implement a risk mitigation strategy to prevent this type of event from reoccurring. Which of the following would be the BEST risk mitigation strategy to implement in order to meet this request?

A. Asset Management

B. Change Management

C. Configuration Management

D. Incident Management

Answer 87

Change Management

Question 88

Which of the following security concepts would Emily, the security administrator, use to mitigate the risk of data loss?

A. Record time offset

B. Clean desk policy

C. Cloud computing

D. Routine log review

Answer 88

Clean desk policy

Question 89

A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?

A. Replay

B. DDoS

C. Smurf

D. Ping of Death

Answer 89

Replay

Question 90

Which of the following will allow Peter, a security analyst, to trigger a security alert because of a tracking cookie?

A. Network based firewall

B. Anti-spam software

C. Host based firewall

D. Anti-spyware software

Answer 90

Anti-spyware software

Question 91

Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

A. Trusted OS

B. Host software baselining

C. OS hardening

D. Virtualization

Answer 91

Virtualization

Question 92

A company hosts its public websites internally. The administrator would like to make some changes to the architecture.
The three goals are:
1. reduce the number of public IP addresses in use by the web servers
2. drive all the web traffic through a central point of control
3. mitigate automated attacks that are based on IP address scanning
Which of the following would meet all three goals?

A. Firewall

B. Load balancer

C. URL filter

D. Reverse proxy

Answer 92

Reverse proxy

Question 93

The network administrator is responsible for promoting code to applications on a DMZ web server. Which of the following processes is being followed to ensure application integrity?

A. Application hardening

B. Application firewall review

C. Application change management

D. Application patch management

Answer 93

Application change management

Question 94

In order to enter a high-security datacenter, users are required to speak the password into a voice recognition system. Ann a member if the sales department over hears the password and upon speaks it into the system. The system denies her entry and alerts the security team. Which of the following is the MOST likely reason for her failure to enter the data center?

A. An authentication factor

B. Discretionary access

C. Time of day restrictions

D. Least privilege restrictions

Answer 94

An authentication factor

Question 95

A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?

A. Symmetric encryption

B. Non-repudiation

C. Steganography

D. Hashing

Answer 95

Steganography

Question 96

The security administrator runs an rpm verify command which records the MD5 sum, permissions, and timestamp of each file on the system. The administrator saves this information to a separate server. Which of the following describes the procedure the administrator has performed?

A. Host software base-lining

B. File snapshot collection

C. TPM

D. ROMDB verification

Answer 96

ROMDB verification

Question 97

Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?

A. CCTV system access

B. Dial-up access

C. Changing environmental controls

D. Ping of death

Answer 97

Changing environmental controls

Question 98

Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]——–[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?

A. 192.168.1.30 is a web server.

B. The web server listens on a non-standard port.

C. The router filters port 80 traffic.

D. The router implements NAT.

Answer 98

The router implements NAT.

Question 99

Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?

A. Twofish

B. Diffie-Hellman

C. ECC

D. RSA

Answer 99

ECC

Question 100

Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time.
Which of the following does this illustrate?

A. System image capture

B. Record time offset

C. Order of volatility

D. Chain of custody

Answer 100

Chain of custody