Domain 4

Question 1

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
A. Well established and defined digital forensics process
B. Establishing Enterprise-owned Botnets for preemptive attacks
C. Be able to retaliate under the framework of Active Defense
D. Collaboration with law enforcement

Answer 1

Answer : Well established and defined digital forensics process

Question 2

Which of the following is a countermeasure to prevent unauthorized database access from web applications?
A. Session encryption
B. Removing all stored procedures
C. Input sanitization
D. Library control

Answer 2

Answer : Input sanitization

Question 3

Security related breaches are assessed and contained through which of the following?
A. The IT support team.
B. A forensic analysis.
C. Incident response
D. Physical security team.

Answer 3

Answer : Incident response

Question 4

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
A. In-line hardware keyloggers don’t require physical access
B. In-line hardware keyloggers don’t comply to industry regulations
C. In-line hardware keyloggers are undetectable by software
D. In-line hardware keyloggers are relatively inexpensive

Answer 4

Answer : In-line hardware keyloggers are undetectable by software

Question 5

Which of the following is the MAIN security concern for public cloud computing?
A. Unable to control physical access to the servers
B. Unable to track log on activity
C. Unable to run anti-virus scans
D. Unable to patch systems as needed

Answer 5

Answer : Unable to control physical access to the servers

Question 6

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?
A. Configure logging on each access point
B. Install a firewall software on each wireless access point.
C. Provide IP and MAC address
D. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Answer 6

Answer : Provide IP and MAC address

Question 7

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
A. non-repudiation
B. conflict resolution
C. strong authentication
D. digital rights management

Answer 7

Answer : non-repudiation

Question 8

The process of identifying and classifying assets is typically included in the
A. Threat analysis process
B. Asset configuration management process
C. Business Impact Analysis
D. Disaster Recovery plan

Answer 8

Answer : Business Impact Analysis

Question 9

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
A. The need to change accounting periods on a regular basis.
B. The requirement to post entries for a closed accounting period.
C. The need to create and modify the chart of accounts and its allocations.
D. The lack of policies and procedures for the proper segregation of duties.

Answer 9

Answer : The lack of policies and procedures for the proper segregation of duties.

Question 10

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
A. Execute
B. Read
C. Administrator
D. Public

Answer 10

Answer : Public

Question 11

What is the FIRST step in developing the vulnerability management program?
A. Baseline the Environment
B. Maintain and Monitor
C. Organization Vulnerability
D. Define Policy

Answer 11

Answer : Baseline the Environment

Question 12

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:
A. ‘ o 1=1 - -
B. /../../../../
C. “DROPTABLE USERNAME”
D. NOPS

Answer 12

Answer : ‘ o 1=1 - -

Question 13

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
A. Enterprise Risk Assessment
B. Disaster recovery strategic plan
C. Business continuity plan
D. Application mapping document

Answer 13

Answer : Disaster recovery strategic plan

Question 14

The process of creating a system which divides documents based on their security level to manage access to private data is known as
A. security coding
B. data security system
C. data classification
D. privacy protection

Answer 14

Answer : data classification

Question 15

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
A. Your public key
B. The recipient’s private key
C. The recipient’s public key
D. Certificate authority key

Answer 15

Answer : The recipient’s public key

Question 16

The process for identifying, collecting, and producing digital information in support of legal proceedings is called
A. chain of custody.
B. electronic discovery.
C. evidence tampering.
D. electronic review.

Answer 16

Answer : electronic discovery.

Question 17

An anonymity network is a series of?
A. Covert government networks
B. War driving maps
C. Government networks in Tora
D. Virtual network tunnels

Answer 17

Answer : Virtual network tunnels

Question 18

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
A. Comprehensive Log-Files from all servers and network devices affected during the attack
B. Fully trained network forensic experts to analyze all data right after the attack
C. Uninterrupted Chain of Custody
D. Expert forensics witness

Answer 18

Answer : Uninterrupted Chain of Custody

Question 19

Which of the following is a symmetric encryption algorithm?
A. 3DES
B. MD5
C. ECC
D. RSA

Answer 19

Answer : 3DES

Question 20

What type of attack requires the least amount of technical equipment and has the highest success rate?
A. War driving
B. Operating system attacks
C. Social engineering
D. Shrink wrap attack

Answer 20

Answer : Social engineering

Question 21

Physical security measures typically include which of the following components?
A. Physical, Technical, Operational
B. Technical, Strong Password, Operational
C. Operational, Biometric, Physical
D. Strong password, Biometric, Common Access Card

Answer 21

Answer : Physical, Technical, Operational

Question 22

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?
A. Containment
B. Recovery
C. Identification
D. Eradication

Answer 22

Answer : Eradication

Question 23

Which of the following backup sites takes the longest recovery time?
A. Cold site
B. Hot site
C. Warm site
D. Mobile backup site

Answer 23

Answer : Cold site

Question 24

Which of the following statements about Encapsulating Security Payload (ESP) is true?
A. It is an IPSec protocol.
B. It is a text-based communication protocol.
C. It uses TCP port 22 as the default port and operates at the application layer.
D. It uses UDP port 22

Answer 24

Answer : It is an IPSec protocol.

Question 25

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
A. Shared key
B. Asynchronous
C. Open
D. None

Answer 25

Answer : Shared key

Question 26

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
A. 4, 2, 5, 3, 1
B. 2, 5, 3, 1, 4
C. 4, 5, 2, 3, 1
D. 4, 3, 5, 2, 1

Answer 26

Answer : 4, 2, 5, 3, 1

Question 27

In terms of supporting a forensic investigation, it is now imperative that managers, first responders, etc., accomplish the following actions to the computer under investigation:
A. Secure the area and shut-down the computer until investigators arrive
B. Secure the area and attempt to maintain power until investigators arrive
C. Immediately place hard drive and other components in an anti-static bag
D. Secure the area.

Answer 27

Answer : Secure the area and attempt to maintain power until investigators arrive

Question 28

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?
A. Trusted and untrusted networks
B. Type of authentication
C. Storage encryption
D. Log retention

Answer 28

Answer : Trusted and untrusted networks

Question 29

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
A. Traffic Analysis
B. Deep-Packet inspection
C. Packet sampling
D. Heuristic analysis

Answer 29

Answer : Deep-Packet inspection

Question 30

Which wireless encryption technology makes use of temporal keys?
A. Wireless Application Protocol (WAP)
B. Wifi Protected Access version 2 (WPA2)
C. Wireless Equivalence Protocol (WEP)
D. Extensible Authentication Protocol (EAP)

Answer 30

Answer : Wifi Protected Access version 2 (WPA2)