Deck E

Question 1

Which of the following documents outlines the technical and security requirements of an agreement between organizations?

A. BPA

B. RFQ

C. ISA

D. RFC

Answer 1

ISA

Question 2

Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Select TWO).

A. Full device encryption

B. Screen locks

C. GPS

D. Asset tracking

E. Inventory control

Answer 2

Full device encryption

Screen locks

Question 3

Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?

A. Input validation

B. Network intrusion detection system

C. Anomaly-based HIDS

D. Peer review

Answer 3

Input validation

Question 4

Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.
After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?

A. Spam filter

B. Protocol analyzer

C. Web application firewall

D. Load balancer

Answer 4

Protocol analyzer

Question 5

Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A?

A. Steganography

B. Hashing

C. Encryption

D. Digital Signatures

Answer 5

Digital Signatures

Question 6

After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described?

A. Trusted OS

B. Mandatory access control

C. Separation of duties

D. Single sign-on

Answer 6

Single sign-on

Question 7

An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?

A. Data encryption

B. Patching the system

C. Digital signatures

D. File hashing

Answer 7

Data encryption

Question 8

Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company’s network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?

A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password

B. line console 0 password password line vty 0 4 password P@s5W0Rd

C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd

D. line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd

Answer 8

line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd

Question 9

Use of group accounts should be minimized to ensure which of the following?

A. Password security

B. Regular auditing

C. Baseline management

D. Individual accountability

Answer 9

Individual accountability

Question 10

The common method of breaking larger network address space into smaller networks is known as:

A. subnetting.

B. phishing.

C. virtualization.

D. packet filtering.

Answer 10

subnetting

Question 11

Which of the following is described as an attack against an application using a malicious file?

A. Client side attack

B. Spam

C. Impersonation attack

D. Phishing attack

Answer 11

Client side attack

Question 12

Which of the following BEST describes the type of attack that is occurring? (Select TWO).

A. DNS spoofing

B. Man-in-the-middle

C. Backdoor

D. Replay

E. ARP attack

F. Spear phishing

G. Xmas attack

Answer 12

DNS spoofing

Spear phishing

Question 13

Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO).

A. DAC

B. ALE

C. SLE

D. ARO

E. ROI

Answer 13

ALE

SLE

Question 14

A recent review of accounts on various systems has found that after employees’ passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).

A. Reverse encryption

B. Minimum password age

C. Password complexity

D. Account lockouts

E. Password history

F. Password expiration

Answer 14

Minimum password age

Password history

Question 15

Which of the following network devices is used to analyze traffic between various network interfaces?

A. Proxies

B. Firewalls

C. Content inspection

D. Sniffers

Answer 15

Sniffers

Question 16

In order for network monitoring to work properly, you need a PC and a network card running in what mode?

A. Launch

B. Exposed

C. Promiscuous

D. Sweep

Answer 16

Promiscuous

Question 17

An information bank has been established to store contacts, phone numbers and other records.
An application running on UNIX would like to connect to this index server using port 88. Which of the following authentication services would this use this port by default?

A. Kerberos

B. TACACS+

C. Radius

D. LDAP

Answer 17

Kerberos

Question 18

The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring?

A. Unannounced audit response

B. Incident response process

C. Business continuity planning

D. Unified threat management

E. Disaster recovery process

Answer 18

Incident response process

Question 19

Several users’ computers are no longer responding normally and sending out spam email to the users’ entire contact list. This is an example of which of the following?

A. Trojan virus

B. Botnet

C. Worm outbreak

D. Logic bomb

Answer 19

Worm outbreak

Question 20

A security engineer, Peter, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?

A. HTTPS

B. SSH

C. FTP

D. TLS

Answer 20

TLS

Question 21

The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Select TWO)

A. Asset tracking

B. Screen-locks

C. GEO-Tracking

D. Device encryption

Answer 21

Asset tracking

Device encryption

Question 22

During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?

A. Conditional rules under which certain systems may be accessed

B. Matrix of job titles with required access privileges

C. Clearance levels of all company personnel

D. Normal hours of business operation

Answer 22

Matrix of job titles with required access privileges

Question 23

Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?

A. Remote wiping enabled for all removable storage devices

B. Full-disk encryption enabled for all removable storage devices

C. A well defined acceptable use policy

D. A policy which details controls on removable storage use

Answer 23

A policy which details controls on removable storage use

Question 24

Emily, the Chief Security Officer (CSO), has had four security breaches during the past two years.
Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years.
Which of the following should Emily do to address the risk?

A. Accept the risk saving $10,000.

B. Ignore the risk saving $5,000.

C. Mitigate the risk saving $10,000.

D. Transfer the risk saving $5,000.

Answer 24

Transfer the risk saving $5,000.

Question 25

Which of the following protocols is used to authenticate the client and server’s digital certificate?

A. PEAP

B. DNS

C. TLS

D. ICMP

Answer 25

TLS

Question 26

A company is starting to allow employees to use their own personal without centralized management. Employees must contract IT to have their devices configured to use corporate email; access is also available to the corporate cloud-based services. Which of the following is the BEST policy to implement under these circumstances?

A. Acceptable use policy

B. Security policy

C. Group policy

D. Business Agreement policy

Answer 26

Acceptable use policy

Question 27

Which of the following is true about the CRL?

A. It should be kept public

B. It signs other keys

C. It must be kept secret

D. It must be encrypted

Answer 27

It should be kept public

Question 28

Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?

A. Design reviews

B. Baseline reporting

C. Vulnerability scan

D. Code review

Answer 28

Vulnerability scan

Question 29

An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process?

A. Employee is required to share their password with authorized staff prior to leaving the firm

B. Passwords are stored in a reversible form so that they can be recovered when needed

C. Authorized employees have the ability to reset passwords so that the data is accessible

D. All employee data is exported and imported by the employee prior to them leaving the firm

Answer 29

Authorized employees have the ability to reset passwords so that the data is accessible

Question 30

A security administrator is concerned about the strength of user’s passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

A. Increase the password length requirements

B. Increase the password history

C. Shorten the password expiration period

D. Decrease the account lockout time

Answer 30

Shorten the password expiration period

Question 31

Jane, a security administrator, has been tasked with explaining authentication services to the company’s management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company’s environment?

A. Kerberos

B. Least privilege

C. TACACS+

D. LDAP

Answer 31

Kerberos

Question 32

Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?

A. Privacy Policy

B. Least Privilege

C. Acceptable Use

D. Mandatory Vacations

Answer 32

Mandatory Vacations

Question 33

A company is concerned that a compromised certificate may result in a man-in-the-middle attack against backend financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which of the following technologies provides the FASTEST revocation capability?

A. Online Certificate Status Protocol (OCSP)

B. Public Key Cryptography (PKI)

C. Certificate Revocation Lists (CRL)

D. Intermediate Certificate Authority (CA)

Answer 33

Online Certificate Status Protocol (OCSP)

Question 34

The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own?

A. LDAP

B. SAML

C. TACACS

D. RADIUS

Answer 34

LDAP

Question 35

Which of the following functions provides an output which cannot be reversed and converts data into a string of characters?

A. Hashing

B. Stream ciphers

C. Steganography

D. Block ciphers

Answer 35

Hashing

Question 36

Separation of duties is often implemented between developers and administrators in order to separate which of the following?

A. More experienced employees from less experienced employees

B. Changes to program code and the ability to deploy to production

C. Upper level management users from standard development employees

D. The network access layer from the application access layer

Answer 36

Changes to program code and the ability to deploy to production

Question 37

The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity.
Which of the following would be MOST effective for preventing this behavior?

A. Acceptable use policies

B. Host-based firewalls

C. Content inspection

D. Application whitelisting

Answer 37

Application whitelisting

Question 38

Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period?

A. When creating the account, set the account to not remember password history.

B. When creating the account, set an expiration date on the account.

C. When creating the account, set a password expiration date on the account.

D. When creating the account, set the account to have time of day restrictions.

Answer 38

When creating the account, set an expiration date on the account.

Question 39

Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives?

A. Degaussing

B. Physical Destruction

C. Lock up hard drives in a secure safe

D. Wipe

Answer 39

Physical Destruction

Question 40

Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?

A. badlog

B. faillog

C. wronglog

D. killlog

Answer 40

faillog

Question 41

Which of the following means of wireless authentication is easily vulnerable to spoofing?

A. MAC Filtering

B. WPA – LEAP

C. WPA – PEAP

D. Enabled SSID

Answer 41

MAC Filtering

Question 42

A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control?

A. Implicit deny

B. Role-based Access Control

C. Mandatory Access Controls

D. Least privilege

Answer 42

Mandatory Access Controls

Question 43

A security analyst has been notified that trade secrets are being leaked from one of the executives in the corporation. When reviewing this executive’s laptop they notice several pictures of the employee’s pets are on the hard drive and on a cloud storage network. When the analyst hashes the images on the hard drive against the hashes on the cloud network they do not match.
Which of the following describes how the employee is leaking these secrets?

A. Social engineering

B. Steganography

C. Hashing

D. Digital signatures

Answer 43

Steganography

Question 44

An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?

A. SSID broadcast

B. MAC filter

C. WPA2

D. Antenna placement

Answer 44

SSID broadcast

Question 45

Peter, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Peter with detecting this activity?

A. Place a full-time guard at the entrance to confirm user identity.

B. Install a camera and DVR at the entrance to monitor access.

C. Revoke all proximity badge access to make users justify access.

D. Install a motion detector near the entrance.

Answer 45

Install a camera and DVR at the entrance to monitor access.

Question 46

An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?

A. Require IPSec with AH between the servers

B. Require the message-authenticator attribute for each message

C. Use MSCHAPv2 with MPPE instead of PAP

D. Require a long and complex shared secret for the servers

Answer 46

Require IPSec with AH between the servers

Question 47

An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting division require access to a server in the Sales division, but no users in the Human Resources division should have access to resources in any other division, nor should any users in the Sales division have access to resources in the Accounting division. Which of the following network segmentation schemas would BEST meet this objective?

A. Create two VLANS, one for Accounting and Sales, and one for Human Resources.

B. Create one VLAN for the entire organization.

C. Create two VLANs, one for Sales and Human Resources, and one for Accounting.

D. Create three separate VLANS, one for each division.

Answer 47

Create three separate VLANS, one for each division.

Question 48

A recent audit of a company’s identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario? (Select TWO).

A. Automatically disable accounts that have not been utilized for at least 10 days.

B. Utilize automated provisioning and de-provisioning processes where possible.

C. Request that employees provide a list of systems that they have access to prior to leaving the firm.

D. Perform regular user account review / revalidation process.

E. Implement a process where new account creations require management approval.

Answer 48

Utilize automated provisioning and de-provisioning processes where possible.

Perform regular user account review / revalidation process.

Question 49

Which of the following application security testing techniques is implemented when an automated system generates random input data?

A. Fuzzing

B. XSRF

C. Hardening

D. Input validation

Answer 49

Fuzzing

Question 50

Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?

A. Access control lists

B. Continuous monitoring

C. Video surveillance

D. Baseline reporting

Answer 50

Continuous monitoring

Question 51

The recovery agent is used to recover the:

A. Root certificate

B. Key in escrow

C. Public key

D. Private key

Answer 51

Private key

Question 52

Which of the following attacks impact the availability of a system? (Select TWO).

A. Smurf

B. Phishing

C. Spam

D. DDoS

E. Spoofing

Answer 52

Smurf

DDoS

Question 53

Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?

A. User rights reviews

B. Incident management

C. Risk based controls

D. Annual loss expectancy

Answer 53

User rights reviews

Question 54

While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:

A. no longer used to authenticate to most wireless networks.

B. contained in certain wireless packets in plaintext.

C. contained in all wireless broadcast packets by default.

D. no longer supported in 802.11 protocols.

Answer 54

contained in certain wireless packets in plaintext.

Question 55

A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Select TWO).

A. UDP 1723

B. TCP 500

C. TCP 1723

D. UDP 47

E. TCP 47

Answer 55

TCP 1723

UDP 47

Question 56

Which of the following application attacks is used to gain access to SEH?

A. Cookie stealing

B. Buffer overflow

C. Directory traversal

D. XML injection

Answer 56

Buffer overflow

Question 57

An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

A. User rights reviews

B. Least privilege and job rotation

C. Change management

D. Change Control

Answer 57

User rights reviews

Question 58

A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option?

A. PGP, because it employs a web-of-trust that is the most trusted form of PKI.

B. PGP, because it is simple to incorporate into a small environment. PGP, because it is simple to incorporate into a small environment.

C. X.509, because it uses a hierarchical design that is the most trusted form of PKI.

D. X.509, because it is simple to incorporate into a small environment.

Answer 58

PGP, because it is simple to incorporate into a small environment.

Question 59

Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?

A. Two factor authentication

B. Identification and authorization

C. Single sign-on

D. Single factor authentication

Answer 59

Tow factor authentication

Question 60

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following is the security administrator practicing in this example?

A. Explicit deny

B. Port security

C. Access control lists

D. Implicit deny

Answer 60

Access control lists

Question 61

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

A. Disk encryption

B. Encryption policy

C. Solid state drive

D. Mobile device policy

Answer 61

Disk encryption

Question 62

In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?

A. Business Impact Analysis

B. IT Contingency Plan

C. Disaster Recovery Plan

D. Continuity of Operations

Answer 62

Business Impact Analysis

Question 63

Which of the following types of trust models is used by a PKI?

A. Transitive

B. Open source

C. Decentralized

D. Centralized

Answer 63

Centralized

Question 64

After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?

A. Succession planning

B. Disaster recovery plan

C. Information security plan

D. Business impact analysis

Answer 64

Disaster recovery plan

Question 65

A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?

A. LDAP

B. RADIUS

C. Kerberos

D. XTACACS

Answer 65

Kerberos

Question 66

An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts.

B. Implement database hardening by applying vendor guidelines.

C. Implement perimeter firewall rules to restrict access.

D. Implement OS hardening by applying GPOs.

Answer 66

Implement OS hardening by applying GPOs.

Question 67

An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts.

B. Implement database hardening by applying vendor guidelines.

C. Implement perimeter firewall rules to restrict access.

D. Implement OS hardening by applying GPOs.

Answer 67

Implement OS hardening by applying GPOs.

Question 68

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

A. Unexpected input

B. Invalid output

C. Parameterized input

D. Valid output

Answer 68

Unexpected input

Question 69

A network administrator, Peter, arrives at his new job to find that none of the users have changed their network passwords since they were initially hired. Peter wants to have everyone change their passwords immediately. Which of the following policies should be enforced to initiate a password change?

A. Password expiration

B. Password reuse

C. Password recovery

D. Password disablement

Answer 69

Password expiration

Question 70

Which of the following is a common coding error in which boundary checking is not performed?

A. Input validation

B. Fuzzing

C. Secure coding

D. Cross-site scripting

Answer 70

Input validation

Question 71

A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company’s server over a public unencrypted communication channel.
Which of the following implements the required secure key negotiation? (Select TWO).

A. PBKDF2

B. Symmetric encryption

C. Steganography

D. ECDHE

E. Diffie-Hellman

Answer 71

ECDHE

Diffie-Hellman

Question 72

A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?

A. Biometrics

B. Mandatory access control

C. Single sign-on

D. Role-based access control

Answer 72

Biometrics

Question 73

Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann’s administrative capabilities. Which of the following systems should be deployed?

A. Role-based

B. Mandatory

C. Discretionary

D. Rule-based

Answer 73

Discretionary

Question 74

Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?

A. Hardware integrity

B. Data confidentiality

C. Availability of servers

D. Integrity of data

Answer 74

Data confidentiality

Question 75

Peter needs to track employees who log into a confidential database and edit files. In the past, critical files have been edited, and no one admits to making the edits. Which of the following does Peter need to implement in order to enforce accountability?

A. Non-repudiation

B. Fault tolerance

C. Hashing

D. Redundancy

Answer 75

Hashing

Question 76

Peter needs to track employees who log into a confidential database and edit files. In the past, critical files have been edited, and no one admits to making the edits. Which of the following does Peter need to implement in order to enforce accountability?

A. Non-repudiation

B. Fault tolerance

C. Hashing

D. Redundancy

Answer 76

Hashing

Question 77

Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:

A. Brute force.

B. HTML encoding.

C. Web crawling.

D. Fuzzing.

Answer 77

Fuzzing

Question 78

Peter must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following will Peter need to use to BEST accomplish the objective?

A. A pre-shared private key

B. His private key

C. Ann’s public key

D. His public key

Answer 78

His private key

Question 79

Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?

A. Intrusion Detection System

B. Flood Guard Protection

C. Web Application Firewall

D. URL Content Filter

Answer 79

Web Application Firewall

Question 80

Which of the following types of security services are used to support authentication for remote users and devices?

A. Biometrics

B. HSM

C. RADIUS

D. TACACS

Answer 80

RADIUS

Question 81

Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users?

A. IV attack

B. Evil twin

C. War driving

D. Rogue access point

Answer 81

Evil twin

Question 82

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users’ home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO).

A. Enforcing SELinux in the OS kernel is role-based access control

B. Enforcing SELinux in the OS kernel is rule-based access control

C. The policy added by the root user is mandatory access control

D. Enforcing SELinux in the OS kernel is mandatory access control

E. The policy added by the root user is role-based access control

F. The policy added by the root user is rule-based access control

Answer 82

Enforcing SELinux in the OS kernel is mandatory access control

The policy added by the root user is rule-based access control

Question 83

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

A. The malicious user has access to the WPA2-TKIP key.

B. The wireless access point is broadcasting the SSID.

C. The malicious user is able to capture the wired communication.

D. The meeting attendees are using unencrypted hard drives.

Answer 83

The malicious user is able to capture the wired communication.

Question 84

An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?

A. Add reverse encryption

B. Password complexity

C. Increase password length

D. Allow single sign on

Answer 84

Password complexity

Question 85

A security administrator must implement a system that will support and enforce the following file system access control model:
FILE NAMESECURITY LABEL
Employees.docConfidential
Salary.xlsConfidential
OfficePhones.xlsUnclassified
PersonalPhones.xlsRestricted
Which of the following should the security administrator implement?

A. White and black listing

B. SCADA system

C. Trusted OS

D. Version control

Answer 85

Trusted OS

Question 86

A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

A. Backdoor

B. Spyware

C. Logic bomb

D. DDoS

E. Smurf

Answer 86

Spyware

Question 87

Which of the following security architecture elements also has sniffer functionality? (Select TWO).

A. HSM

B. IPS

C. SSL accelerator

D. WAP

E. IDS

Answer 87

IPS

IDS

Question 88

Identifying residual risk is MOST important to which of the following concepts?

A. Risk deterrence

B. Risk acceptance

C. Risk mitigation

D. Risk avoidance

Answer 88

Risk acceptance

Question 89

ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left?

A. Annual account review

B. Account expiration policy

C. Account lockout policy

D. Account disablement

Answer 89

Account expiration policy

Question 90

Which of the following secure file transfer methods uses port 22 by default?

A. FTPS

B. SFTP

C. SSL

D. S/MIME

Answer 90

SFTP

Question 91

RADIUS provides which of the following?

A. Authentication, Authorization, Availability

B. Authentication, Authorization, Auditing

C. Authentication, Accounting, Auditing

D. Authentication, Authorization, Accounting

Answer 91

Authentication, Authorization, Accounting

Question 92

Upper management decides which risk to mitigate based on cost. This is an example of:

A. Qualitative risk assessment

B. Business impact analysis

C. Risk management framework

D. Quantitative risk assessment

Answer 92

Quantitative risk assessment

Question 93

A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?

A. Spoof the MAC address of an observed wireless network client

B. Ping the access point to discover the SSID of the network

C. Perform a dictionary attack on the access point to enumerate the WEP key

D. Capture client to access point disassociation packets to replay on the local PC’s loopback

Answer 93

Spoof the MAC address of an observed wireless network client

Question 94

When creating a public / private key pair, for which of the following ciphers would a user need to specify the key strength?

A. SHA

B. AES

C. DES

D. RSA

Answer 94

RSA

Question 95

Which of the following would provide the STRONGEST encryption?

A. Random one-time pad

B. DES with a 56-bit key

C. AES with a 256-bit key

D. RSA with a 1024-bit key

Answer 95

Random one-time pad

Question 96

A security administrator must implement a wireless encryption system to secure mobile devices’ communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?

A. RC4

B. AES

C. MD5

D. TKIP

Answer 96

RC4

Question 97

A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

A. Implement a virtual firewall

B. Install HIPS on each VM

C. Virtual switches with VLANs

D. Develop a patch management guide

Answer 97

Virtual switches with VLANs

Question 98

Various employees have lost valuable customer data due to hard drives failing in company provided laptops. It has been discovered that the hard drives used in one model of laptops provided by the company has been recalled by the manufactory, The help desk is only able to replace the hard drives after they fail because there is no centralized records of the model of laptop given to each specific user. Which of the following could have prevented this situation from occurring?

A. Data backups

B. Asset tracking

C. Support ownership

D. BYOD policies

Answer 98

Data backups