Deck D

Question 1

Which of the following was launched against a company based on the following IDS log?
122.41.15.252 – – [21/May/2012:00:17:20 +1200] “GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAA HTTP/1.1″ 200 2731 “http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209″ “Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)”

A. SQL injection

B. Buffer overflow attack

C. XSS attack

D. Online password crack

Answer 1

Buffer overflow attack

Question 2

During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic?

A. FTP

B. DNS

C. Email

D. NetBIOS

Answer 2

DNS

Question 3

Peter, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal?

A. Firewall

B. Switch

C. URL content filter

D. Spam filter

Answer 3

URL content filter

Question 4

Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?

A. Authentication

B. Blacklisting

C. Whitelisting

D. Acceptable use policy

Answer 4

Whitelisting

Question 5

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO).

A. Permit redirection to Internet-facing web URLs.

B. Ensure all HTML tags are enclosed in angle brackets, e.g., ””.

C. Validate and filter input on the server side and client side.

D. Use a web proxy to pass website requests between the user and the application.

E. Restrict and sanitize use of special characters in input and URLs.

Answer 5

Validate and filter input on the server side and client side.

Restrict and sanitize use of special characters in input and URLs.

Question 6

Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?

A. Implement a HIDS to protect the SCADA system

B. Implement a Layer 2 switch to access the SCADA system

C. Implement a firewall to protect the SCADA system

D. Implement a NIDS to protect the SCADA system

Answer 6

Implement a firewall to protect the SCADA system

Question 7

Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?

A. DLP

B. CRL

C. TPM

D. HSM

Answer 7

DLP

Question 8

A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?

A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware.

B. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops.

C. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access.

D. Laptops that are placed in a sleep mode allow full data access when powered back on.

Answer 8

Laptops that are placed in a sleep mode allow full data access when powered back on.

Question 9

The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the following is the team performing?

A. Grey box testing

B. Black box testing

C. Penetration testing

D. White box testing

Answer 9

Black box testing

Question 10

An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?

A. RADIUS

B. Kerberos

C. TACACS+

D. LDAP

Answer 10

LDAP

Question 11

Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO).

A. Increase password complexity

B. Deploy an IDS to capture suspicious logins

C. Implement password history

D. Implement monitoring of logins

E. Implement password expiration

F. Increase password length

Answer 11

Increase password complexity

Increase password length

Question 12

Peter, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?

A. Gray Box Testing

B. Black Box Testing

C. Business Impact Analysis

D. White Box Testing

Answer 12

Gray Box Testing

Question 13

Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

A. Privacy Policy

B. Least Privilege

C. Acceptable Use

D. Mandatory Vacations

Answer 13

Mandatory Vacations

Question 14

A security administrator has concerns that employees are installing unapproved applications on their company provide smartphones. Which of the following would BEST mitigate this?

A. Implement remote wiping user acceptance policies

B. Disable removable storage capabilities

C. Implement an application whitelist

D. Disable the built-in web browsers

Answer 14

Implement an application whitelist

Question 15

A new security policy being implemented requires all email within the organization be digitally signed by the author using PGP. Which of the following would needs to be created for each user?

A. A certificate authority

B. A key escrow

C. A trusted key

D. A public and private key

Answer 15

A certificate authority

Question 16

If you don’t know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?

A. macconfig

B. ifconfig

C. ipconfig

D. config

Answer 16

ifconfig

Question 17

Peter, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?

A. PAP, MSCHAPv2

B. CHAP, PAP

C. MSCHAPv2, NTLMv2

D. NTLM, NTLMv2

Answer 17

PAP, MSCHAPv2

Question 18

Emily, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Emily then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?

A. Phishing

B. Shoulder surfing

C. Impersonation

D. Tailgating

Answer 18

Impersonation

Question 19

An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this?

A. certificate, private key, and intermediate certificate chain

B. certificate, intermediate certificate chain, and root certificate

C. certificate, root certificate, and certificate signing request

D. certificate, public key, and certificate signing request

Answer 19

certificate, private key, and intermediate certificate chain

Question 20

Which of the following provides additional encryption strength by repeating the encryption process with additional keys?

A. AES

B. 3DES

C. TwoFish

D. Blowfish

Answer 20

3DES

Question 21

Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.
Which of the following would be the BEST control to implement?

A. File encryption

B. Printer hardening

C. Clean desk policies

D. Data loss prevention

Answer 21

Data loss prevention

Question 22

A security engineer is asked by the company’s development team to recommend the most secure method for password storage.
Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).

A. PBKDF2

B. MD5

C. SHA2

D. Bcrypt

E. AES

F. CHAP

Answer 22

PBKDF2

Bcrypt

Question 23

An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?

A. Integrity

B. Availability

C. Confidentiality

D. Remediation

Answer 23

Integrity

Question 24

A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?

A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.

B. Obtain the vendor’s email and phone number and call them back after identifying the number of systems affected by the patch.

C. Give the caller the database version and patch level so that they can receive help applying the patch.

D. Call the police to report the contact about the database systems, and then check system logs for attack attempts.

Answer 24

Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.

Question 25

Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router’s logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer’s reports?

A. Configure the router so that wireless access is based upon the connecting device’s hardware address.

B. Modify the connection’s encryption method so that it is using WEP instead of WPA2.

C. Implement connections via secure tunnel with additional software on the developer’s computers.

D. Configure the router so that its name is not visible to devices scanning for wireless networks.

Answer 25

Configure the router so that wireless access is based upon the connecting device’s hardware address.

Question 26

Which of the following is an authentication service that uses UDP as a transport medium?

A. TACACS+

B. LDAP

C. Kerberos

D. RADIUS

Answer 26

RADIUS

Question 27

The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail. Which of the following BEST describes this attack?

A. Whaling

B. Vishing

C. Spear phishing

D. Impersonation

Answer 27

Whaling

Question 28

In order to use a two-way trust model the security administrator MUST implement which of the following?

A. DAC

B. PKI

C. HTTPS

D. TPM

Answer 28

PKI

Question 29

Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following?

A. Vulnerability scanning

B. SQL injection

C. Penetration testing

D. Antivirus update

Answer 29

Vulnerability scanning

Question 30

Peter an application developer is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Peter filters client-side JAVA input. Which of the following is Peter attempting to prevent?

A. SQL injections

B. Watering holes

C. Cross site scripting

D. Pharming

Answer 30

Cross site scripting

Question 31

An administrator has to determine host operating systems on the network and has deployed a transparent proxy. Which of the following fingerprint types would this solution use?

A. Packet

B. Active

C. Port

D. Passive

Answer 31

Passive

Question 32

Which of the following is a security risk regarding the use of public P2P as a method of collaboration?

A. Data integrity is susceptible to being compromised.

B. Monitoring data changes induces a higher cost.

C. Users are not responsible for data usage tracking.

D. Limiting the amount of necessary space for data storage.

Answer 32

Data integrity is susceptible to being compromised.

Question 33

Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway?

A. Wireless jamming

B. Evil twin

C. Rogue AP

D. Packet sniffing

Answer 33

Wireless jamming

Question 34

Peter is the accounts payable agent for ABC Company. Peter has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?

A. Mandatory vacation

B. Job rotation

C. Separation of duties

D. Replacement

Answer 34

Mandatory vacation

Question 35

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

A. Remove the staff group from the payroll folder

B. Implicit deny on the payroll folder for the staff group

C. Implicit deny on the payroll folder for the managers group

D. Remove inheritance from the payroll folder

Answer 35

Implicit deny on the payroll folder for the staff group

Question 36

A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?

A. Command shell restrictions

B. Restricted interface

C. Warning banners

D. Session output pipe to /dev/null

Answer 36

Warning banners

Question 37

A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

A. Enforce Kerberos

B. Deploy smart cards

C. Time of day restrictions

D. Access control lists

Answer 37

Time of day restrictions

Question 38

Key elements of a business impact analysis should include which of the following tasks?

A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.

B. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.

C. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.

D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

Answer 38

Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

Question 39

Which of the following uses both a public and private key?

A. RSA

B. AES

C. MD5

D. SHA

Answer 39

RSA

Question 40

The Chief Information Security Officer (CISO) is concerned that users could bring their personal laptops to work and plug them directly into the network port under their desk. Which of the following should be configured on the network switch to prevent this from happening?

A. Access control lists

B. Loop protection

C. Firewall rule

D. Port security

Answer 40

Port security

Question 41

A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented?

A. Guards

B. CCTV

C. Bollards

D. Spike strip

Answer 41

Guards

Question 42

A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system.
Which of the following describes this cause?

A. Application hardening

B. False positive

C. Baseline code review

D. False negative

Answer 42

False positive

Question 43

Peter, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Peter had already been working for two hours before leaving the premises.
A security technician was asked to prepare a report of files that had changed since last night’s integrity scan.
Which of the following could the technician use to prepare the report? (Select TWO).

A. PGP

B. MD5

C. ECC

D. AES

E. Blowfish

F. HMAC

Answer 43

MD5

HMAC

Question 44

Which of the following devices is BEST suited for servers that need to store private keys?

A. Hardware security module

B. Hardened network firewall

C. Solid state disk drive

D. Hardened host firewall

Answer 44

Hardware security module

Question 45

Which of the following policies is implemented in order to minimize data loss or theft?

A. PII handling

B. Password policy

C. Chain of custody

D. Zero day exploits

Answer 45

PII handling

Question 46

Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords?

A. Hybrid

B. Birthday attack

C. Dictionary

D. Rainbow tables

Answer 46

Rainbow tables

Question 47

An employee in the accounting department recently received a phishing email that instructed them to click a link in the email to view an important message from the IRS which threatened penalties if a response was not received by the end of the business day. The employee clicked on the link and the machine was infected with malware. Which of the following principles BEST describes why this social engineering ploy was successful?

A. Scarcity

B. Familiarity

C. Social proof

D. Urgency

Answer 47

Scarcity

Question 48

Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

A. Attributes based

B. Implicit deny

C. Role based

D. Rule based

Answer 48

Attributes based

Question 49

An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA?

A. CSR

B. Recovery agent

C. Private key

D. CRL

Answer 49

CSR

Question 50

Which of the following concepts is a term that directly relates to customer privacy considerations?

A. Data handling policies

B. Personally identifiable information

C. Information classification

D. Clean desk policies

Answer 50

Personally identifiable information

Question 51

In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise. Which of the following is MOST important to the security manager?

A. Impact

B. SLE

C. ALE

D. ARO

Answer 51

SLE

Question 52

Which of the following malware types typically allows an attacker to monitor a user’s computer, is characterized by a drive-by download, and requires no user interaction?

A. Virus

B. Logic bomb

C. Spyware

D. Adware

Answer 52

Spyware

Question 53

The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?

A. A NIDS was used in place of a NIPS.

B. The log is not in UTC.

C. The external party uses a firewall.

D. ABC company uses PAT.

Answer 53

ABC company uses PAT.

Question 54

In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO).

A. Take hashes

B. Begin the chain of custody paperwork

C. Take screen shots

D. Capture the system image

E. Decompile suspicious files

Answer 54

Take hashes

Capture the system image

Question 55

Which of the following has a storage root key?

A. HSM

B. EFS

C. TPM

D. TKIP

Answer 55

TPM

Question 56

Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO).

A. Steganography images

B. Internal memory

C. Master boot records

D. Removable memory cards

E. Public keys

Answer 56

Internal memory

Removable memory cards

Question 57

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

A. Baseline reporting

B. Input validation

C. Determine attack surface

D. Design reviews

Answer 57

Design reviews

Question 58

A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?

A. NAT and DMZ

B. VPN and IPSec

C. Switches and a firewall

D. 802.1x and VLANs

Answer 58

802.1x and VLANs

Question 59

A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of
192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

A. Brute force password attack

B. Cross-site request forgery

C. Cross-site scripting

D. Fuzzing

Answer 59

Cross-site request forgery

Question 60

Which of the following firewall rules only denies DNS zone transfers?

A. deny udp any any port 53

B. deny ip any any

C. deny tcp any any port 53

D. deny all dns packets

Answer 60

deny tcp any any port 53

Question 61

Which of the following allows Peter, a security technician, to provide the MOST secure wireless implementation?

A. Implement WPA

B. Disable SSID

C. Adjust antenna placement

D. Implement WEP

Answer 61

Implement WPA

Question 62

Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of:

A. Redundant systems.

B. Separation of duties.

C. Layered security.

D. Application control.

Answer 62

Layered security

Question 63

Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?

A. Hoax

B. Phishing

C. Vishing

D. Whaling

Answer 63

Vishing

Question 64

A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal?

A. NIDS

B. NAC

C. DLP

D. DMZ

E. Port Security

Answer 64

NAC

Question 65

A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

A. Peer review

B. Component testing

C. Penetration testing

D. Vulnerability testing

Answer 65

Vulnerability testing

Question 66

Which of the following technologies can store multi-tenant data with different security requirements?

A. Data loss prevention

B. Trusted platform module

C. Hard drive encryption

D. Cloud computing

Answer 66

Cloud computing

Question 67

During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing.
Which of the following is MOST likely to protect the SCADA systems from misuse?

A. Update anti-virus definitions on SCADA systems

B. Audit accounts on the SCADA systems

C. Install a firewall on the SCADA network

D. Deploy NIPS at the edge of the SCADA network

Answer 67

Deploy NIPS at the edge of the SCADA network

Question 68

A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.
SSIDStateChannelLevel
Computer AreUs1connected170dbm
Computer AreUs2connected580dbm
Computer AreUs3connected375dbm
Computer AreUs4connected695dbm
Which of the following is this an example of?

A. Rogue access point

B. Near field communication

C. Jamming

D. Packet sniffing

Answer 68

Rogue access point

Question 69

While rarely enforced, mandatory vacation policies are effective at uncovering:

A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems.

B. Collusion between two employees who perform the same business function.

C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team.

D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.

Answer 69

Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.

Question 70

Which of the following offers the LEAST amount of protection against data theft by USB drives?

A. DLP

B. Database encryption

C. TPM

D. Cloud computing

Answer 70

Cloud computing

Question 71

The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following?

A. The risks associated with the large capacity of USB drives and their concealable nature

B. The security costs associated with securing the USB drives over time

C. The cost associated with distributing a large volume of the USB pens

D. The security risks associated with combining USB drives and cell phones on a network

Answer 71

The risks associated with the large capacity of USB drives and their concealable nature

Question 72

Emily, a security administrator, manually hashes all network device configuration files daily and compares them to the previous days’ hashes. Which of the following security concepts is Emily using?

A. Confidentiality

B. Compliance

C. Integrity

D. Availability

Answer 72

Integrity

Question 73

Which of the following protocols operates at the HIGHEST level of the OSI model?

A. ICMP

B. IPSec

C. SCP

D. TCP

Answer 73

SCP

Question 74

Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?

A. Kerberos

B. LDAP

C. SAML

D. RADIUS

Answer 74

RADIUS

Question 75

The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?

A. User permissions

B. Policy enforcement

C. Routine audits

D. Change management

Answer 75

Routine audits

Question 76

A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?

A. War chalking

B. Bluejacking

C. War driving

D. Bluesnarfing

Answer 76

Bluejacking

Question 77

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems. Which of the following phases of incident response is MOST appropriate as a FIRST response?

A. Recovery

B. Follow-up

C. Validation

D. Identification

E. Eradication

F. Containment

Answer 77

Identification

Question 78

Which of the following BEST represents the goal of a vulnerability assessment?

A. To test how a system reacts to known threats

B. To reduce the likelihood of exploitation

C. To determine the system’s security posture

D. To analyze risk mitigation strategies

Answer 78

To determine the system’s security posture

Question 79

After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points:
Corpnet
Coffeeshop
FreePublicWifi
Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?

A. Infrastructure as a Service

B. Load balancer

C. Evil twin

D. Virtualized network

Answer 79

Evil twin

Question 80

Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?

A. TACACS+

B. Secure LDAP

C. RADIUS

D. Kerberos

Answer 80

Kerberos

Question 81

Which of the following assessments would Peter, the security administrator, use to actively test that an application’s security controls are in place?

A. Code review

B. Penetration test

C. Protocol analyzer

D. Vulnerability scan

Answer 81

Penetration test

Question 82

When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record?

A. DNSSEC record

B. IPv4 DNS record

C. IPSEC DNS record

D. IPv6 DNS record

Answer 82

IPv6 DNS record

Question 83

The datacenter design team is implementing a system, which requires all servers installed in racks to face in a predetermined direction. AN infrared camera will be used to verify that servers are properly racked. Which of the following datacenter elements is being designed?

A. Hot and cold aisles

B. Humidity control

C. HVAC system

D. EMI shielding

Answer 83

Hot and cold aisles

Question 84

Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network?

A. Application white listing

B. Remote wiping

C. Acceptable use policy

D. Mobile device management

Answer 84

Mobile device management

Question 85

Which of the following is BEST used as a secure replacement for TELNET?

A. HTTPS

B. HMAC

C. GPG

D. SSH

Answer 85

SSH

Question 86

Which of the following concepts are included on the three sides of the “security triangle”? (Select THREE).

A. Confidentiality

B. Availability

C. Integrity

D. Authorization

E. Authentication

F. Continuity

Answer 86

Confidentiality

Availability

Integrity

Question 87

Which of the following devices would MOST likely have a DMZ interface?

A. Firewall

B. Switch

C. Load balancer

D. Proxy

Answer 87

Firewall

Question 88

An administrator has two servers and wants them to communicate with each other using a secure algorithm.
Which of the following choose to provide both CRC integrity checks and RCA encryption?

A. NTLM

B. RSA

C. CHAP

D. ECDHE

Answer 88

ECDHE

Question 89

The fundamental information security principals include confidentiality, availability and which of the following?

A. The ability to secure data against unauthorized disclosure to external sources

B. The capacity of a system to resist unauthorized changes to stored information

C. The confidence with which a system can attest to the identity of a user

D. The characteristic of a system to provide uninterrupted service to authorized users

Answer 89

The capacity of a system to resist unauthorized changes to stored information

Question 90

Which of the following is BEST utilized to actively test security controls on a particular system?

A. Port scanning

B. Penetration test

C. Vulnerability scanning

D. Grey/Gray box

Answer 90

Penetration test

Question 91

Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?

A. WEP

B. MAC filtering

C. Disabled SSID broadcast

D. TKIP

Answer 91

MAC filtering

Question 92

Which of the following can use RC4 for encryption? (Select TWO).

A. CHAP

B. SSL

C. WEP

D. AES

E. 3DES

Answer 92

SSL

WEP

Question 93

Peter, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity’s of Peter’s certificate? (Select TWO).

A. The CA’s public key

B. Peter’s private key

C. Ann’s public key

D. The CA’s private key

E. Peter’s public key

F. Ann’s private key

Answer 93

The CA’s public key

Peter’s public key

Question 94

Which of the following should a security technician implement to identify untrusted certificates?

A. CA

B. PKI

C. CRL

D. Recovery agent

Answer 94

CRL

Question 95

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

A. XSRF Attacks

B. Fuzzing

C. Input Validations

D. SQL Injections

Answer 95

Fuzzing

Question 96

In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?

A. Identification

B. Authorization

C. Authentication

D. Multifactor authentication

Answer 96

Authentication

Question 97

A network stream needs to be encrypted. Emily, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Emily selected?

A. Block cipher

B. Stream cipher

C. CRC

D. Hashing algorithm

Answer 97

Block cipher

Question 98

Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO).

A. Separation of duties

B. Job rotation

C. Mandatory vacation

D. Time of day restrictions

E. Least privilege

Answer 98

Separation of duties

Least privilege

Question 99

Which of the following is synonymous with a server’s certificate?

A. Public key

B. CRL

C. Private key

D. Recovery agent

Answer 99

Public key

Question 100

Peter, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?

A. Viruses are a subset of botnets which are used as part of SYN attacks.

B. Botnets are a subset of malware which are used as part of DDoS attacks.

C. Viruses are a class of malware which create hidden openings within an OS.

D. Botnets are used within DR to ensure network uptime and viruses are not.

Answer 100

Botnets are a subset of malware which are used as part of DDoS attacks.