Deck K

Question 1

Which of the following cryptographic related browser settings allows an organization to communicate securely?

A. SSL 3.0/TLS 1.0

B. 3DES

C. Trusted Sites

D. HMAC

Answer 1

SSL 3.0/TLS 1.0

Question 2

Peter, an employee, needs a certificate to encrypt data. Which of the following would issue Peter a certificate?

A. Certification authority

B. Key escrow

C. Certificate revocation list

D. Registration authority

Answer 2

Certification authority

Question 3

A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?

A. Zero-day

B. Buffer overflow

C. Cross site scripting

D. Malicious add-on

Answer 3

Buffer overflow

Question 4

Which of the following is a directional antenna that can be used in point-to-point or point-to-multi­point WiFi communication systems? (Select TWO).

A. Backfire

B. Dipole

C. Omni

D. PTZ

E. Dish

Answer 4

Backfire

Dish

Question 5

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:

A. Set up a honeypot and place false project documentation on an unsecure share.

B. Block access to the project documentation using a firewall.

C. Increase antivirus coverage of the project servers.

D. Apply security updates and harden the OS on all project servers.

Answer 5

Set up a honeypot and place false project documentation on an unsecure share.

Question 6

An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions.
Which of the following database designs provides the BEST security for the online store?

A. Use encryption for the credential fields and hash the credit card field

B. Encrypt the username and hash the password

C. Hash the credential fields and use encryption for the credit card field

D. Hash both the credential fields and the credit card field

Answer 6

Hash the credential fields and use encryption for the credit card field

Question 7

Which of the following is characterized by an attack against a mobile device?

A. Evil twin

B. Header manipulation

C. Blue jacking

D. Rogue AP

Answer 7

Blue jacking

Question 8

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

A. To ensure proper use of social media

B. To reduce organizational IT risk

C. To detail business impact analyses

D. To train staff on zero-days

Answer 8

To reduce organizational IT risk

Question 9

Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?

A. Increased availability of network services due to higher throughput

B. Longer MTBF of hardware due to lower operating temperatures

C. Higher data integrity due to more efficient SSD cooling

D. Longer UPS run time due to increased airflow

Answer 9

Longer MTBF of hardware due to lower operating temperatures

Question 10

Which of the following components MUST be trusted by all parties in PKI?

A. Key escrow

B. CA

C. Private key

D. Recovery key

Answer 10

CA

Question 11

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?

A. Phishing

B. Tailgating

C. Pharming

D. Vishing

Answer 11

Vishing

Question 12

Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?

A. Restoration and recovery strategies

B. Deterrent strategies

C. Containment strategies

D. Detection strategies

Answer 12

Containment strategies

Question 13

Which of the following results in datacenters with failed humidity controls? (Select TWO).

A. Excessive EMI

B. Electrostatic charge

C. Improper ventilation

D. Condensation

E. Irregular temperature

Answer 13

Electrostatic charge

Condensation

Question 14

A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?

A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna.

B. Change the encryption used so that the encryption protocol is CCMP-based.

C. Disable the network’s SSID and configure the router to only access store devices based on MAC addresses.

D. Increase the access point’s encryption from WEP to WPA TKIP.

Answer 14

Change the encryption used so that the encryption protocol is CCMP-based.

Question 15

A small company has recently purchased cell phones for managers to use while working outside if the office.
The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company’s requirements?

A. Screen-lock

B. Disable removable storage

C. Full device encryption

D. Remote wiping

Answer 15

Screen-lock

Question 16

A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?

A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.

B. Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset.

C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.

D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.

Answer 16

Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.

Question 17

The system administrator has been notified that many users are having difficulty connecting to the company’s wireless network. They take a new laptop and physically go to the access point and connect with no problems. Which of the following would be the MOST likely cause?

A. The certificate used to authenticate users has been compromised and revoked.

B. Multiple war drivers in the parking lot have exhausted all available IPs from the pool to deny access.

C. An attacker has gained access to the access point and has changed the encryption keys.

D. An unauthorized access point has been configured to operate on the same channel.

Answer 17

An unauthorized access point has been configured to operate on the same channel.

Question 18

Which of the following is the term for a fix for a known software problem?

A. Skiff

B. Patch

C. Slipstream

D. Upgrade

Answer 18

Patch

Question 19

A company determines a need for additional protection from rogue devices plugging into physical ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network access?

A. Intrusion Prevention Systems

B. MAC filtering

C. Flood guards

D. 802.1x

Answer 19

802.1x

Question 20

Which of the following describes the purpose of an MOU?

A. Define interoperability requirements

B. Define data backup process

C. Define onboard/offboard procedure

D. Define responsibilities of each party

Answer 20

Define responsibilities of each party

Question 21

Peter, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.
INSERT INTO message `
This is an example of which of the following?

A. XSS attack

B. XML injection attack

C. Buffer overflow attack

D. SQL injection attack

Answer 21

XSS attack

Question 22

While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).

A. 20

B. 21

C. 22

D. 68

E. 69

Answer 22

20

21

Question 23

A security administrator wants to implement a solution which will allow some applications to run under the user’s home directory and only have access to files stored within the same user’s folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?

A. OS Virtualization

B. Trusted OS

C. Process sandboxing

D. File permission

Answer 23

Process sandboxing

Question 24

The finance department just procured a software application that needs to communicate back to the vendor server via SSL. Which of the following default ports on the firewall must the security engineer open to accomplish this task?

A. 80

B. 130

C. 443

D. 3389

Answer 24

443

Question 25

Which of the following is the MOST secure protocol to transfer files?

A. FTP

B. FTPS

C. SSH

D. TELNET

Answer 25

FTPS

Question 26

A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and re-imaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures could have been implemented to aid the authorities in their investigation?

A. A comparison should have been created from the original system’s file hashes

B. Witness testimony should have been taken by the administrator

C. The company should have established a chain of custody tracking the laptop

D. A system image should have been created and stored

Answer 26

A system image should have been created and stored

Question 27

If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing?

A. Transitive trust

B. Public key trust

C. Certificate authority trust

D. Domain level trust

Answer 27

Transitive trust

Question 28

Which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence?

A. Mitigation

B. Identification

C. Preparation

D. Lessons learned

Answer 28

Lessons learned

Question 29

Which of the following passwords is the LEAST complex?

A. MyTrain!45

B. Mytr@in!!

C. MyTr@in12

D. MyTr@in#8

Answer 29

Mytr@in!!

Question 30

Which of the following concepts is used by digital signatures to ensure integrity of the data?

A. Non-repudiation

B. Hashing

C. Transport encryption

D. Key escrow

Answer 30

Hashing

Question 31

A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity?

A. Key escrow

B. Private key verification

C. Public key verification

D. Certificate revocation list

Answer 31

Certificate revocation list

Question 32

A corporation has experienced several media leaks of proprietary data on various web forums. The posts were made during business hours and it is believed that the culprit is posting during work hours from a corporate machine. The Chief Information Officer (CIO) wants to scan internet traffic and keep records for later use in legal proceedings once the culprit is found. Which of the following provides the BEST solution?

A. Protocol analyzer

B. NIPS

C. Proxy server

D. HIDS

Answer 32

Protocol analyzer

Question 33

It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?

A. Integrity

B. Safety

C. Availability

D. Confidentiality

Answer 33

Integrity

Question 34

Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?

A. Subnetting

B. NAT

C. Quality of service

D. NAC

Answer 34

Quality of service

Question 35

Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?

A. Virtualization

B. Remote access

C. Network access control

D. Blade servers

Answer 35

Virtualization

Question 36

A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?

A. Vishing

B. Phishing

C. Whaling

D. SPAM

E. SPIM

Answer 36

Phishing

Question 37

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

A. VLAN

B. Subnet

C. VPN

D. DMZ

Answer 37

DMZ

Question 38

An advantage of virtualizing servers, databases, and office applications is:

A. Centralized management.

B. Providing greater resources to users.

C. Stronger access control.

D. Decentralized management.

Answer 38

Centralized management

Question 39

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

A. Email scanning

B. Content discovery

C. Database fingerprinting

D. Endpoint protection

Answer 39

Endpoint protection

Question 40

Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint?

A. SHA1

B. MD2

C. MD4

D. MD5

Answer 40

SHA1

Question 41

Which of the following is true about the recovery agent?

A. It can decrypt messages of users who lost their private key.

B. It can recover both the private and public key of federated users.

C. It can recover and provide users with their lost or private key.

D. It can recover and provide users with their lost public key.

Answer 41

It can decrypt messages of users who lost their private key.

Question 42

A network administrator is asked to send a large file containing PII to a business associate.
Which of the following protocols is the BEST choice to use?

A. SSH

B. SFTP

C. SMTP

D. FTP

Answer 42

SFTP

Question 43

A major security risk with co-mingling of hosts with different security requirements is:

A. Security policy violations.

B. Zombie attacks.

C. Password compromises.

D. Privilege creep.

Answer 43

Security policy violations

Question 44

Prior to leaving for an extended vacation, Peter uses his mobile phone to take a picture of his family in the house living room. Peter posts the picture on a popular social media site together with the message: “Heading to our two weeks vacation to Italy.” Upon returning home, Peter discovers that the house was burglarized. Which of the following is the MOST likely reason the house was burglarized if nobody knew Peter’s home address?

A. Peter has enabled the device access control feature on his mobile phone.

B. Peter’s home address can be easily found using the TRACEROUTE command.

C. The picture uploaded to the social media site was geo-tagged by the mobile phone.

D. The message posted on the social media site informs everyone the house will be empty.

Answer 44

The picture uploaded to the social media site was geo-tagged by the mobile phone.

Question 45

A security Operations Center was scanning a subnet for infections and found a contaminated machine. One of the administrators disabled the switch port that the machine was connected to, and informed a local technician of the infection. Which of the following steps did the administrator perform?

A. Escalation

B. Identification

C. Notification

D. Quarantine

E. Preparation

Answer 45

Notification

Quarantine

Question 46

A resent OS patch caused an extended outage. It took the IT department several hours to uncover the cause of the issue due to the system owner who installed the patch being out of the office. Which of the following could help reduce the likelihood of this situation occurring in the future?

A. Separation of duties

B. Change management procedures

C. Incident management procedures

D. User rights audits and reviews

Answer 46

Change management procedures

Question 47

Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?

A. Proxies

B. Load balancers

C. Protocol analyzer

D. VPN concentrator

Answer 47

Proxies

Question 48

Which of the following would be used as a secure substitute for Telnet?

A. SSH

B. SFTP

C. SSL

D. HTTPS

Answer 48

SSH

Question 49

The act of magnetically erasing all of the data on a disk is known as:

A. Wiping

B. Dissolution

C. Scrubbing

D. Degaussing

Answer 49

Degaussing

Question 50

An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE).

A. TCP 22

B. TCP 23

C. TCP 25

D. TCP 53

E. TCP 110

F. TCP 143

G. TCP 445

Answer 50

TCP 25

TCP 110

TCP 143

Question 51

Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended?

A. Screen lock

B. Voice encryption

C. GPS tracking

D. Device encryption

Answer 51

Screen lock

Question 52

Which of the following is the below pseudo-code an example of? 
IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT 

A. Buffer overflow prevention

B. Input validation

C. CSRF prevention

D. Cross-site scripting prevention

Answer 52

Input validation

Question 53

Encryption of data at rest is important for sensitive information because of which of the following?

A. Facilitates tier 2 support, by preventing users from changing the OS

B. Renders the recovery of data harder in the event of user password loss

C. Allows the remote removal of data following eDiscovery requests

D. Prevents data from being accessed following theft of physical equipment

Answer 53

Prevents data from being accessed following theft of physical equipment

Question 54

A security technician needs to open ports on a firewall to allow for domain name resolution.
Which of the following ports should be opened? (Select TWO).

A. TCP 21

B. TCP 23

C. TCP 53

D. UDP 23

E. UDP 53

Answer 54

TCP 53

UDP 53

Question 55

Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption?

A. Reduces processing overhead required to access the encrypted files

B. Double encryption causes the individually encrypted files to partially lose their properties

C. Individually encrypted files will remain encrypted when copied to external media

D. File level access control only apply to individually encrypted files in a fully encrypted drive

Answer 55

Individually encrypted files will remain encrypted when copied to external media

Question 56

Certificates are used for: (Select TWO).

A. Client authentication.

B. WEP encryption.

C. Access control lists.

D. Code signing.

E. Password hashing.

Answer 56

Client authentication

Code signing

Question 57

The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?

A. Rainbow tables attacks

B. Brute force attacks

C. Birthday attacks

D. Cognitive passwords attacks

Answer 57

Cognitive passwords attacks

Question 58

An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?

A. TCP/IP

B. SSL

C. SCP

D. SSH

Answer 58

SSL

Question 59

Which of the following concepts defines the requirement for data availability?

A. Authentication to RADIUS

B. Non-repudiation of email messages

C. Disaster recovery planning

D. Encryption of email messages

Answer 59

Disaster recovery planning

Question 60

Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

A. 21/UDP

B. 21/TCP

C. 22/UDP

D. 22/TCP

Answer 60

22/TCP

Question 61

An auditor is given access to a conference room to conduct an analysis. When they connect their laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?

A. Ethernet cable is damaged

B. The host firewall is set to disallow outbound connections

C. Network Access Control

D. The switch port is administratively shutdown

Answer 61

Network Access Control

Question 62

Employee badges are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the following describes this access control type?

A. Smartcard

B. Token

C. Discretionary access control

D. Mandatory access control

Answer 62

Smartcard

Question 63

Which of the following could cause a browser to display the message below?
“The security certificate presented by this website was issued for a different website’s address.”

A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs.

B. The website is using a wildcard certificate issued for the company’s domain.

C. HTTPS://127.0.01 was used instead of HTTPS://localhost.

D. The website is using an expired self signed certificate.

Answer 63

HTTPS://127.0.01 was used instead of HTTPS://localhost.

Question 64

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

A. Trust model

B. Public Key Infrastructure

C. Private key

D. Key escrow

Answer 64

Key escrow

Question 65

A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?

A. Account lockout policy

B. Account password enforcement

C. Password complexity enabled

D. Separation of duties

Answer 65

Separation of duties

Question 66

Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches?

A. DIAMETER

B. RADIUS

C. TACACS+

D. Kerberos

Answer 66

TACACS+

Question 67

Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?

A. Authentication server

B. Server certificate

C. Key length

D. EAP method

Answer 67

Key length

Question 68

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements?

A. Username and password

B. Retina scan and fingerprint scan

C. USB token and PIN

D. Proximity badge and token

Answer 68

USB token and PIN

Question 69

Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

A. Vulnerability scanning

B. Port scanning

C. Penetration testing

D. Black box

Answer 69

Vulnerability scanning

Question 70

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

A. Web of trust

B. Non-repudiation

C. Key escrow

D. Certificate revocation list

Answer 70

Key escrow

Question 71

Ann wants to send a file to Peter using PKI. Which of the following should Ann use in order to sign the file?

A. Peter’s public key

B. Peter’s private key

C. Ann’s public key

D. Ann’s private key

Answer 71

Ann’s private key

Question 72

One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

A. File level encryption with alphanumeric passwords

B. Biometric authentication and cloud storage

C. Whole disk encryption with two-factor authentication

D. BIOS passwords and two-factor authentication

Answer 72

Whole disk encryption with two-factor authentication

Question 73

A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?

A. The old APs use 802.11a

B. Users did not enter the MAC of the new APs

C. The new APs use MIMO

D. A site survey was not conducted

Answer 73

A site survey was not conducted

Question 74

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

A. Installing anti-malware

B. Implementing an IDS

C. Taking a baseline configuration

D. Disabling unnecessary services

Answer 74

Disabling unnecessary services

Question 75

Peter analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00:
00: 01]Successful Login: 015 192.168.1.123 : local
[00:
00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00:
00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00:
00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00:
00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124

A. Reporting

B. IDS

C. Monitor system logs

D. Hardening

Answer 75

Hardening

Question 76

A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?

A. Succession plan

B. Continuity of operation plan

C. Disaster recovery plan

D. Business impact analysis

Answer 76

Business impact analysis

Question 77

Peter, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Peter?

A. Succession planning

B. Disaster recovery

C. Separation of duty

D. Removing single loss expectancy

Answer 77

Succession planning

Question 78

An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?

A. Use a stateful firewall

B. Enable MAC filtering

C. Upgrade to WPA2 encryption

D. Force the WAP to use channel 1

Answer 78

Enable MAC filtering

Question 79

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

A. Incident management

B. Clean desk policy

C. Routine audits

D. Change management

Answer 79

Change management

Question 80

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts

B. Print baseline configuration

C. Enable access lists

D. Disable unused ports

Answer 80

Disable unused ports

Question 81

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Select TWO).

A. Change the firewall default settings so that it implements an implicit deny

B. Apply the current ACL to all interfaces of the firewall

C. Remove the current ACL

D. Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53

E. Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53

F. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

Answer 81

Change the firewall default settings so that it implements an implicit deny

Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

Question 82

An administrator notices that former temporary employees’ accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?

A. Implement a password expiration policy.

B. Implement an account expiration date for permanent employees.

C. Implement time of day restrictions for all temporary employees.

D. Run a last logon script to look for inactive accounts.

Answer 82

Run a last logon script to look for inactive accounts.

Question 83

The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as:

A. Stabilizing

B. Reinforcing

C. Hardening

D. Toughening

Answer 83

Hardening

Question 84

An incident occurred when an outside attacker was able to gain access to network resources. During the incident response, investigation security logs indicated multiple failed login attempts for a network administrator. Which of the following controls, if in place could have BEST prevented this successful attack?

A. Password history

B. Password complexity

C. Account lockout

D. Account expiration

Answer 84

Account lockout

Question 85

Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal. Which of the following kind of IDS is in use?

A. Protocol based

B. Heuristic based

C. Signature based

D. Anomaly based

Answer 85

Anomaly based

Question 86

To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following?

A. Full disk encryption

B. Application isolation

C. Digital rights management

D. Data execution prevention

Answer 86

Full disk encryption

Question 87

A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user’s host:
Old hosts’ file: 127.0.0.1 localhost New hosts’ file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?

A. Spear phishing

B. Pharming

C. Phishing

D. Vishing

Answer 87

Pharming

Question 88

Which of the following BEST explains Platform as a Service?

A. An external entity that provides a physical or virtual instance of an installed operating system

B. A third party vendor supplying support services to maintain physical platforms and servers

C. An external group providing operating systems installed on virtual servers with web applications

D. An internal group providing physical server instances without installed operating systems or support

Answer 88

An external group providing operating systems installed on virtual servers with web applications

Question 89

Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?

A. Risk transference

B. Change management

C. Configuration management

D. Access control revalidation

Answer 89

Change management

Question 90

Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?

A. Recipient’s private key

B. Sender’s public key

C. Recipient’s public key

D. Sender’s private key

Answer 90

Sender’s public key

Question 91

A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

A. Firewall

B. Application

C. IDS

D. Security

Answer 91

Security

Question 92

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68.
Which of the following replies has the administrator received?

A. The loopback address

B. The local MAC address

C. IPv4 address

D. IPv6 address

Answer 92

IPv6 address

Question 93

A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO).

A. AES

B. PGP

C. SHA

D. MD5

E. ECDHE

Answer 93

SHA

MD5

Question 94

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

A. Honeypot

B. Port scanner

C. Protocol analyzer

D. Vulnerability scanner

Answer 94

Protocol analyzer

Question 95

A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening’ state. No other ports are open. Which of the following services should be disabled to ensure secure communications?

A. HTTPS

B. HTTP

C. RDP

D. TELNET

Answer 95

HTTP

Question 96

Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?

A. SFTP

B. HTTPS

C. TFTP

D. TLS

Answer 96

TLS

Question 97

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES

B. MD5

C. SHA

D. SHA-256

E. RSA

Answer 97

MD5

SHA

Question 98

Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).

A. Scanning printing of documents.

B. Scanning of outbound IM (Instance Messaging).

C. Scanning copying of documents to USB.

D. Scanning of SharePoint document library.

E. Scanning of shared drives.

F. Scanning of HTTP user traffic.

Answer 98

Scanning of outbound IM (Instance Messaging).

Scanning of HTTP user traffic.

Question 99

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

A. Privilege escalation

B. Advanced persistent threat

C. Malicious insider threat

D. Spear phishing

Answer 99

Advanced persistent threat

Question 100

Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?

A. SQL injection

B. Session hijacking and XML injection

C. Cookies and attachments

D. Buffer overflow and XSS

Answer 100

SQL injection