Everything

Question 1

Which of the following is the BEST approach to perform risk mitigation of user access control rights?

A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.

Answer 1

n

Question 2

Used in conjunction, which of the following are PII? (Select TWO).

A. Marital status
B. Favorite movie
C. Pet's name
D. Birthday
E. Full name

Answer 2

n

Question 3

In a disaster recovery situation, operations are to be moved to an alternate site. Computers and network connectivity are already present; however, production backups are several days out-of- date. Which of the following site types is being described?

A. Cold site
B. High availability site
C. Warm site
D. Hot site

Answer 3

n

Question 4

Which of the following malware types is an antivirus scanner MOST unlikely to discover? (Select TWO).

A. Trojan
B. Pharming
C. Worms
D. Virus
E. Logic bomb

Answer 4

n

Question 5

Which of the following threats corresponds with an attacker targeting specific employees of a company?

A. Spear phishing
B. Phishing
C. Pharming
D. Man-in-the-middle

Answer 5

n

Question 6

Which of the following attacks would password masking help mitigate?

A. Shoulder surfing
B. Brute force
C. Tailgating
D. Impersonation

Answer 6

n

Question 7

If cookies with non-random sequence numbers are issued upon authentication, which of the following attack types can occur?

A. Directory traversal
B. Session hijacking
C. Cross-site scripting
D. SQL injection

Answer 7

n

Question 8

Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?

A. System A fails open. System B fails closed.
B. System A and System B both fail closed.
C. System A and System B both fail open.
D. System A fails closed. System B fails open.

Answer 8

n

Question 9

An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application’s security posture?

A. Baseline reporting
B. Protocol analysis
C. Threat modeling
D. Functional testing

Answer 9

n

Question 10

A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described?

A. White box
B. Gray box
C. Black box
D. Red teaming

Answer 10

n

Question 11

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

A. Upgrade the authentication system to use biometrics instead.
B. Temporarily disable password complexity requirements.
C. Set a temporary password that expires upon first use.
D. Retrieve the user password from the credentials database.

Answer 11

n

Question 12

All of the following are valid cryptographic hash functions EXCEPT:

A. RIPEMD.
B. RC4.
C. SHA-512.
D. MD4.

Answer 12

n

Question 13

When a certificate issuer is not recognized by a web browser, which of the following is the MOST common reason?

A. Lack of key escrow
B. Self-signed certificate
C. Weak certificate pass-phrase
D. Weak certificate cipher

Answer 13

n

Question 14

Which of the following PKI components identifies certificates that can no longer be trusted?

A. CRL
B. CA public key
C. Escrow
D. Recovery agent

Answer 14

n

Question 15

Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack?

A. 802.1x
B. DHCP
C. 802.1q
D. NIPS

Answer 15

n

Question 16

MAC filtering is a form of which of the following?

A. Virtualization
B. Network Access Control
C. Virtual Private Networking
D. Network Address Translation

Answer 16

n

Question 17

Which of the following authentication protocols forces centralized wireless authentication?

A. WPA2-Personal
B. WPA2-Enterprise
C. WPA2-CCMP
D. WPA2-TKIP

Answer 17

n

Question 18

A company that purchases insurance to reduce risk is an example of which of the following?

A. Risk deterrence
B. Risk acceptance
C. Risk avoidance
D. Risk transference

Answer 18

n

Question 19

Which of the following is a method to prevent ad-hoc configuration mistakes?

A. Implement an auditing strategy
B. Implement an incident management strategy
C. Implement a patch management strategy
D. Implement a change management strategy

Answer 19

n

Question 20

Which of the following risks may result from improper use of social networking and P2P software?

A. Shoulder surfing
B. Denial of service
C. Information disclosure
D. Data loss prevention

Answer 20

n

Question 21

Which of the following malware types is BEST described as protecting itself by hooking system processes and hiding its presence?

A. Botnet
B. Rootkit
C. Logic bomb
D. Virus

Answer 21

n

Question 22

A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date. Which of the following BEST describes this system type?

A. NAT
B. NIPS
C. NAC
D. DMZ

Answer 22

n

Question 23

Which of the following would be used for secure remote terminal access?

A. SSH
B. TFTP
C. SCP
D. SFTP

Answer 23

n

Question 24

Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

A. buffer overflow.
B. command injection.
C. spear phishing.
D. SQL injection.

Answer 24

n

Question 25

After verifying that the server and database are running, Jane, the administrator, is still unable to make a TCP connection to the database. Which of the following is the MOST likely cause for this?

A. The server has data execution prevention enabled
B. The server has TPM based protection enabled
C. The server has HIDS installed
D. The server is running a host-based firewall

Answer 25

n

Question 26

Which of the following is used to detect unknown security vulnerability?

A. Application fuzzing
B. Application configuration baseline
C. Patch management
D. ID badge

Answer 26

n

Question 27

Which of the following is a best practice before deploying a new desktop operating system image?

A. Install network monitoring software
B. Perform white box testing
C. Remove single points of failure
D. Verify operating system security settings

Answer 27

n

Question 28

Securing mobile devices involves which of the following checklists?

A. Key escrow, trust model, CRL
B. Cross-site scripting, XSRF, fuzzing
C. Screen lock, encryption, remote wipe
D. Black box, gray box, white box testing

Answer 28

n

Question 29

Which of the following steps should follow the deployment of a patch?

A. Antivirus and anti-malware deployment
B. Audit and verification
C. Fuzzing and exploitation
D. Error and exception handling

Answer 29

n

Question 30

Lack of internal security resources and high availability requirements are factors that may lead a company to consider:

A. patch management.
B. encryption.
C. cloud computing.
D. anti-malware software.

Answer 30

n

Question 31

Which of the following is the BEST filtering device capable of stateful packet inspection?

A. Switch
B. Protocol analyzer
C. Firewall
D. Router

Answer 31

n

Question 32

An employee’s workstation is connected to the corporate LAN. Due to content filtering restrictions, the employee attaches a 3G Internet dongle to get to websites that are blocked by the corporate gateway. Which of the following BEST describes a security implication of this practice?

A. A corporate LAN connection and a 3G Internet connection are acceptable if a host firewall is installed.
B. The security policy should be updated to state that corporate computer equipment should be dual-homed.
C. Content filtering should be disabled because it may prevent access to legitimate sites.
D. Network bridging must be avoided, otherwise it may join two networks of different classifications.

Answer 32

n

Question 33

In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO).

A. Subnetting
B. NAT
C. Firewall
D. NAC
E. VPN

Answer 33

n

Question 34

If a security issue is resolved, which of the following risk management strategies was used?

A. Deterrence
B. Acceptance
C. Mitigation
D. Avoidance

Answer 34

n

Question 35

Which of the following would be used when a higher level of security is desired for encryption key storage?

A. TACACS+
B. L2TP
C. LDAP
D. TPM

Answer 35

n

Question 36

Which of the following is the default port for SCP and SSH?

A. 21
B. 22
C. 404
D. 443

Answer 36

h

Question 37

Which of the following default ports does the hypertext transfer protocol use for non-secure network connections?

A. 20
B. 21
C. 80
D. 8080

Answer 37

h

Question 38

Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

A. Biometrics
B. PKI
C. Single factor authentication
D. Multifactor authentication

Answer 38

h

Question 39

Which of the following result types would Jane, a security administrator, MOST likely look for during a penetration test?

A. Inability to gain administrative access
B. Open ports
C. Ability to bypass security controls
D. Incorrect configurations

Answer 39

h

Question 40

A small business owner has asked the security consultant to suggest an inexpensive means to deter physical intrusions at their place of business. Which of the following would BEST meet their request?

A. Fake cameras
B. Proximity readers
C. Infrared cameras
D. Security guards

Answer 40

h

Question 41

Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type?

A. Smartcard
B. Token
C. Discretionary access control
D. Mandatory access control

Answer 41

h

Question 42

Which of the following devices would MOST likely have a DMZ interface?

A. Firewall
B. Switch
C. Load balancer
D. Proxy

Answer 42

h

Question 43

Which of the following is used to digitally sign an email?

A. Private key
B. Public key
C. Sender’s IP
D. Sender’s MAC address

Answer 43

h

Question 44

Pete, the company Chief Information Officer (CIO), has been receiving numerous emails from the help desk directing Pete to a link to verify credentials. Which of the following attacks is underway?

A. Replay attack
B. Pharming
C. Privilege escalation
D. Spear phishing

Answer 44

h

Question 45

Pete, a security administrator, noticed that the network analyzer is displaying packets that have all the bits in the option field turned on. Which of the following attacks is underway?

A. X-mas
B. DDoS
C. Birthday
D. Smurf

Answer 45

h

Question 46

Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload?

A. Vulnerability scanner
B. Fuzzer
C. Port scanner
D. Protocol analyzer

Answer 46

h

Question 47

Which of the following is Jane, a security administrator, MOST likely to install in order to capture and analyze zero day exploits?

A. Honeypot
B. Antivirus
C. IPS
D. IDS

Answer 47

h

Question 48

Which of the following can be implemented to detect file system variations?

A. EXT3
B. Hashing
C. Encryption
D. NIDS

Answer 48

h

Question 49

Which of the following threats is MOST likely to be mitigated by implementing cross-site scripting prevention tools?

A. Resource starvation
B. Insider threat
C. Spear phishing
D. Session hijacking

Answer 49

h

Question 50

An attacker has gained access to the corporate network and is attempting to brute force a password to gain access to the accounting system. Which of the following, if implemented, will protect the server?

A. Single sign-on
B. Password history
C. Limit logon attempts
D. Directory services

Answer 50

h

Question 51

Pete, a security administrator, wants to check user password complexity. Which of the following is the BEST tool to use?

A. Password history
B. Password logging
C. Password cracker
D. Password hashing

Answer 51

h

Question 52

Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

A. Hashing
B. Transport encryption
C. Digital signatures
D. Steganography

Answer 52

D

Question 53

Certificates are used for: (Select TWO).

A. client authentication.
B. WEP encryption.
C. access control lists.
D. code signing.
E. password hashing.

Answer 53

h

Question 54

When implementing SSL VPN, which of the following is the FASTEST cipher that Pete, an administrator, can use?

A. 3DES
B. AES
C. DES
D. RC4

Answer 54

h

Question 55

Which of the following network devices will prevent port scans?

A. Firewall
B. Load balancers
C. NIDS
D. Sniffer

Answer 55

h

Question 56

Which of the following is an operational control?

A. Concurrent session control
B. System security categorization
C. Contingency planning
D. Session locks

Answer 56

h

Question 57

Which of the following is a hardware based encryption device?

A. EFS
B. TrueCrypt
C. TPM
D. SLE

Answer 57

h

Question 58

List the Hardware Decrytion devices

Answer 58

h

Question 59

Which of the following is the MOST important step for preserving evidence during forensic procedures?

A. Involve law enforcement
B. Chain of custody
C. Record the time of the incident
D. Report within one hour of discovery

Answer 59

h

Question 60

Employees of a company have received emails that fraudulently claim to be from the company’s security department. The emails ask the employees to sign-on to an Internet website to verify passwords and personal information. This is an example of which type of attack?

A. Phishing
B. Pharming
C. Man-in-the-middle
D. Vishing

Answer 60

h

Question 61

A company has implemented software to enforce full disk and removable media encryption for all computers. Which of the following threats can still expose sensitive data on these computers?

A. Spam
B. Botnet infection
C. Stolen laptop
D. Header manipulation

Answer 61

h

Question 62

Which of the following MOST interferes with network-based detection techniques?

A. Mime-encoding
B. SSL
C. FTP
D. Anonymous email accounts

Answer 62

h

Question 63

Which of the following secure coding concepts can prevent the unintentional execution of malicious code entered in place of proper commands?

A. Patch management
B. Proper exception handling
C. Code reviews
D. Input validation

Answer 63

h

Question 64

A certificate authority takes which of the following actions in PKI?

A. Signs and verifies all infrastructure messages
B. Issues and signs all private keys
C. Publishes key escrow lists to CRLs
D. Issues and signs all root certificates

Answer 64

h

Question 65

To ensure the security of a PKI, security technicians should regularly update which of the following, by checking with the CA for newer versions?

A. CRLs
B. Expiration lists
C. Preshared keys
D. Public keys

Answer 65

h

Question 66

Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?

A. Malicious code on the local system
B. Shoulder surfing
C. Brute force certificate cracking
D. Distributed dictionary attacks

Answer 66

n

Question 67

An administrator is provided two accounts: one with administrative access but not network services, and the other account with other network services but no administrative access. Which of the following describes this scenario?

A. Least privilege
B. Mandatory access control
C. Multifactor authentication
D. Separation of duties

Answer 67

n

Question 68

Separation of duties is often implemented between developers and administrators in order to separate which of the following?

A. More experienced employees from less experienced employees
B. Changes to program code and the ability to deploy to production
C. Upper level management users from standard development employees
D. The network access layer from the application access layer

Answer 68

n

Question 69

Which of the following will require exceptions when considering the use of 802.1x port security?

A. Switches
B. Printers
C. Laptops
D. Desktops

Answer 69

n

Question 70

Which of the following may cause Jane, the security administrator, to seek an ACL work around?

A. Zero day exploit
B. Dumpster diving
C. Virus outbreak
D. Tailgating

Answer 70

n

Question 71

Which of the following is MOST likely to lead to a breach of security in which Matt, an unauthorized employee, accidently views sensitive data?

A. Lack of business continuity plan
B. Lack of logging and auditing access to files
C. Lack of chain of custody procedure
D. Lack of data labeling, handling, and disposal policies

Answer 71

n

Question 72

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

A. The request needs to be sent to the incident management team.
B. The request needs to be approved through the incident management process.
C. The request needs to be approved through the change management process.
D. The request needs to be sent to the change management team.

Answer 72

n

Question 73

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?

A. Phishing
B. Tailgating
C. Pharming
D. Vishing

Answer 73

n

Question 74

The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it. Which of the following MUST be implemented to allow this type of authorization?

A. Use of CA certificate
B. Use of public keys only
C. Use of private keys only
D. Use of public and private keys

Answer 74

n

Question 75

Jane, a user in the company, is in charge of various financial roles but needs to prepare for an upcoming audit. She uses the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?

A. Account lockout policy
B. Account password enforcement
C. Password complexity enabled
D. Separation of duties

Answer 75

n

Question 76

Pete, an employee, is granted access to only areas of a network folder needed to perform his job. Which of the following describes this form of access control?

A. Separation of duties
B. Time of day restrictions
C. Implicit deny
D. Least privilege

Answer 76

n

Question 77

A security administrator notices unusual activity from a default account when reviewing system logs and finds the account has been compromised. After investigating the incident, the administrator determines the account can be disabled to prevent any further incidents because the account was not necessary for any job functions. Which of the following could have prevented this incident?

A. Enhanced password complexity
B. Disabling unnecessary accounts
C. Reviewing centralized logs
D. Disabling unnecessary services

Answer 77

n

Question 78

A CRL is comprised of:

A. malicious IP addresses.
B. trusted CA’s.
C. untrusted private keys.
D. public keys.

Answer 78

n

Question 79

Which of the following can be implemented to prevent Matt, a user, from connecting a hub or switch to a single switch port to access network resources with multiple devices? (Select TWO).

A. Subnetting
B. NAC
C. VLAN
D. DMZ
E. Port security

Answer 79

n

Question 80

Which of the following devices utilizes behavior heuristics to detect or prevent intrusion into network resources?

A. NIPS
B. VPN concentrators
C. NAT router
D. Flood guard

Answer 80

n

Question 81

Which of the following may significantly reduce data loss if multiple drives fail at the same time?

A. Virtualization
B. RAID
C. Load balancing
D. Server clustering

Answer 81

n

Question 82

Which of the following would MOST likely belong in the DMZ? (Select TWO).

A. Finance servers
B. Backup servers
C. Web servers
D. SMTP gateways
E. Laptops

Answer 82

n

Question 83

Which of the following protocols would MOST likely be implemented if Pete, a user, wants to transfer files reliably from one location to another?

A. SNMP
B. SSH
C. ICMP
D. SFTP

Answer 83

n

Question 84

Which of the following is a strong cryptographic system used by Windows based systems for authentication?

A. SSO
B. DES
C. NTLMv2
D. LANMAN

Answer 84

n

Question 85

Which of the following algorithms has well documented collisions? (Select TWO).

A. AES
B. MD5
C. SHA
D. SHA-256
E. RSA

Answer 85

n

Question 86

Which of the following describes common concerns when implementing IPS?

A. Legitimate traffic will be incorrectly blocked
B. False negatives will disrupt network throughput
C. Incompatibilities with existing routers will result in a DoS
D. Security alerts will be minimal until adequate traffic is collected

Answer 86

n

Question 87

Which of the following describes an issue encountered when reconstructing a security incident through the examination of security logs collected from multiple servers?

A. Proprietary log formats prevent review of security alerts
B. Some operating systems do not natively export security logs
C. Security logs are often encrypted
D. Inconsistent time settings interfere with sequential event analysis

Answer 87

n

Question 88

When verifying file integrity on a remote system that is bandwidth limited, which of the following tool combinations provides the STRONGEST confidence?

A. MD5 and 3DES
B. MD5 and SHA-1
C. SHA-256 and RSA
D. SHA-256 and AES

Answer 88

n

Question 89

Jane, the security administrator, needs to be able to test malicious code in an environment where it will not harm the rest of the network. Which of the following would allow Jane to perform this kind of testing?

A. Local isolated environment
B. Networked development environment
C. Infrastructure as a Service
D. Software as a Service

Answer 89

n

Question 90

A company is sending out a message to all users informing them that all internal messages need to be digitally signed. This is a form of which of the following concepts?

A. Availability
B. Non-repudiation
C. Authorization
D. Cryptography

Answer 90

n

Question 91

While performing basic forensic analysis of a hard drive in Sara’s, the security administrator, possession, which of the following should be verified during the analysis?

A. Witness statements
B. Image hashes
C. Chain of custody
D. Order of volatility

Answer 91

n

Question 92

A server containing critical data will cost the company $200/hour if it were to be unavailable due to DoS attacks. The security administrator expects the server to become unavailable for a total of two days next year. Which of the following is true about the ALE?

A. The ALE is $48.
B. The ALE is $400.
C. The ALE is $4,800.
D. The ALE is $9,600.

Answer 92

n

Question 93

Jane, a user, installs software downloaded from a trusted website. The installed software causes unwanted pop-ups for pharmaceuticals. Which of the following BEST describes the type of threat?

A. Trojan
B. Backdoor
C. Spyware
D. Adware

Answer 93

n

Question 94

Sara, a security administrator, notices a number of ports being scanned on the perimeter firewall. At first the scanning appears random, but after monitoring the logs for 30 minutes, she determines that the whole port range is being scanned and all TCP flags are being turned on. Which of the following BEST describes this type of threat?

A. Smurf attack
B. X-mas attack
C. Spoofing
D. Malicious insider threat

Answer 94

n

Question 95

The Chief Information Officer (CIO) receives a call from an individual who states they are from the IT department. The caller wants to know the CIOs ID and password to validate their account as part of a yearly account revalidation process. Which of the following BEST describes this scenario?

A. Spam
B. Hoax
C. Spoofing
D. Vishing

Answer 95

n

Question 96

To reduce an organization’s risk exposure by verifying compliance with company policy, which of the following should be performed periodically?

A. Qualitative analysis
B. Quantitative analysis
C. Routine audits
D. Incident management

Answer 96

n

Question 97

Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?

A. Disable SSID broadcast
B. Install a RADIUS server
C. Enable MAC filtering
D. Lowering power levels on the AP

Answer 97

n

Question 98

A system administrator decides to use SNMPv3 on the network router in AuthPriv mode. Which of the following algorithm combinations would be valid?

A. AES-RC4
B. 3DES-MD5
C. RSA-DSA
D. SHA1-HMAC

Answer 98

n

Question 99

Which of the following are encryption algorithms that can use a 128-bit key size? (Select TWO).

A. AES
B. RC4
C. Twofish
D. DES
E. SHA2

Answer 99

n

Question 100

Unsolicited address items and messages are discovered on a Chief Information Officer’s (CIO’s) smartphone. Additionally, files on an administrator’s smartphone are changed or missing. Which of the following BEST describes what may have happened?

A. The CIO and the Administrator were both bluesnarfed.
B. The CIO and the Administrator were both bluejacked.
C. The CIO was bluejacked and the Administrator was bluesnarfed.
D. The CIO was bluesnarfed and the Administrator was bluejacked.

Answer 100

n

Question 101

Which of the following devices, connected to an IDS, would allow capture of the MOST traffic?

A. Switch
B. Router
C. Firewall
D. Hub

Answer 101

n

Question 102

Encryption is used provide which of the following?

a. Integrity
b. Authentication
c. Confidentiality
d. Authorization

Answer 102

C

Question 103

A biometric fingerprint scanner is an example of which of the following?

a. Two-factor authentication
b. Single Sign On
c. Single-factor authorization
d. Single-factor authentication

Answer 103

D

Question 104

A user name, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?

a. SSO
b. Two-factor authentication
c. Single-factor authentication
d. Three-factor authentication

Answer 104

B

Question 105

A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash?

a. A hash is a unique number that is generated based upon the TCP/IP transmission header and should be verified before download.
b. A hash is a unique number that is generated based upon the files contents and used as the SSL key during download.
c. A hash is a unique number that is generated after the file has been encrypted and used as the SSL key during download.
d. A hash is a unique number that is generated based upon the files contents and should be verified after download.

Answer 105

D

Question 106

Bob is looking for a biometric authentication system that offers the highest possible level of security even if this increases possible inconvenience for the users. Which of the following factors should be minimized?

a. FRR
b. FAR
c. CER
d. False Negatives

Answer 106

B

Question 107

In Kerberos what is issued to a user by the KDC when the user successfully logs on?

a. Ticket granting ticket
b. Service ticket
c. Asymmetric key
d. Symmetric key

Answer 107

A

Question 108

Which of the following security steps must a user complete before access is given to the network?

a. Authentication and password
b. Identification and authentication
c. Identification and authorization
d. Authentication and authorization

Answer 108

B

Question 109

LDAP is a protocol which enables which of the following?

a. Secure logon to a federated database
b. VPN access to a remote network
c. Transmission of encrypted keys
d. Queries to a directory service

Answer 109

D

Question 110

Which of the following is the improvement of MS-CHAPv2 over MS-CHAP?

a. Encrypted logon
b. Asymmetric key exchange
c. Mutual authentication
d. SSO

Answer 110

C

Question 111

What is a difference between TACACS+ and RADIUS

a. RADIUS is a AAA provider
b. TACACS+ is a AAA provider
c. RADIUS encrypts the entire authentication process
d. TACACS+ encrypts the entire authentication process

Answer 111

D

Question 112

Which of the following is an example of a technical control?

a. Least Privilege
b. Vulnerability assessments
c. Configuration management
d. Media protection

Answer 112

A

Question 113

Which of the following is an example of a detective control?

a. System backups
b. Change management
c. System hardening
d. Security guard

Answer 113

D

Question 114

Which access control method provides the highest level of security ?

a. Mandatory
b. Discretionary
c. Role based
d. Rule based

Answer 114

A

Question 115

RBAC is based on what?

a. Job functions
b. Labels
c. ACL’s
d. Lattice

Answer 115

A

Question 116

Which access control model is used by NTFS?

a. MAC
b. DAC
c. RBAC
d. DACL

Answer 116

B

Question 117

An inherent flaw associated with DAC is what?

a. Susceptibility to worms
b. Difficulty of administration
c. Susceptibility to Trojans
d. Weak encryption keys

Answer 117

C

Question 118

In which access control model does the object owner establish access?

a. MAC
b. RBAC
c. Rule based
d. DAC

Answer 118

D

Question 119

Which of the following is usually not allowed when conducting video surveillance?

a. Recording audio
b. Recording in low light conditions
c. Recording in color
d. Recording in public areas

Answer 119

A

Question 120

Which network protocol provides for guaranteed delivery of packets

a. UDP
b. ARP
c. FTP
d. TCP

Answer 120

D

Question 121

Which packet is withheld in a SYN flood attack?

a. SYN
b. ACK
c. SYN/ACK
d. Broadcast

Answer 121

B

Question 122

ARP is used to determine which type of address?

a. Logical
b. Network
c. IP
d. Physical

Answer 122

D

Question 123

Secure LDAP uses which port?

a. 443
b. 389
c. 636
d. 143

Answer 123

C

Question 124

Which of the following addresses is on the same subnet with 163.252.50.57/22 00110010 ?

a. 163.252.100.71
b. 163.252.47.12
c. 163.252.80.78
d. 163.252.48.90

Answer 124

D

Question 125

Which device does not understand physical addresses but sends all packets out all its ports?

a. Hub
b. Switch
c. Router
d. VLAN

Answer 125

A

Question 126

Loop protection on a switch may be provided by what?

a. RTP
b. STP
c. FTP
d. TACACS+

Answer 126

B

Question 127

Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was the MOST likely using to view this issue?

A. Spam filter
B. Protocol analyzer
C. Web application firewall
D. Load balancer

Answer 127

n

Question 128

Which of the following devices can be used to terminate remote user’s established SSL or IPSec tunnels?
(Select TWO).

A. NIDS
B. HIPS
C. VPN concentrator
D. Hub
E. Firewall

Answer 128

n

Question 129

Jane, a user, brings in a laptop from home and gets certificate warnings when connecting to corporate intranet sites. These warnings do not occur when using any of the companies’ workstations. Which of the following is MOST likely the issue?

A. The laptop needs to VPN to bypass the NAC.
B. The corporate intranet servers do not trust the laptop.
C. The laptop’s CRL enrollment has expired.
D. The user’s certificate store does not trust the C A.

Answer 129

n

Question 130

Which of the following mitigates the loss of a private key in PKI? (Select TWO).

A. Certificate reissue
B. Key rotation
C. Key escrow
D. Auto enrollment
E. Recovery agent

Answer 130

n

Question 131

Which of the following specifications would Sara, an administrator, implement as a network access control?

A. 802.1q
B. 802.3
C. 802.11n
D. 802.1x

Answer 131

n

Question 132

Which of the following malware types propagates automatically, does not typically hide, requires user interaction, and displays marketing ads?

A. Logic bombs
B. Rootkits
C. Spyware
D. Worms

Answer 132

n

Question 133

Which of the following malware types typically disguises itself within another piece of software, requires user interaction, and does not execute on a specific date?

A. Logic Bomb
B. Trojan
C. Worm
D. Botnet

Answer 133

n

Question 134

Which of the following is MOST commonly identified as an ARP spoofing attack where no email is sent, and flags within the TCP packet are irrelevant?

A. Xmas attack
B. Spam attack
C. Man-in-the-middle attack
D. DDoS attack

Answer 134

n

Question 135

Which of the following is characterized by an attacker attempting to map out an organization’s staff hierarchy in order to send targeted emails?

A. Whaling
B. Impersonation
C. Privilege escalation
D. Spear phishing

Answer 135

n

Question 136

Which of the following is an attack where Pete spreads USB thumb drives throughout a bank’s parking lot in order to have malware installed on the banking systems?

A. Tailgating
B. Replay attack
C. Virus
D. Social engineering

Answer 136

n

Question 137

Which of the following attacks significantly relies on staff members wanting to be helpful and supportive of each other?

A. Spoofing
B. Tailgating
C. Dumpster diving
D. Xmas attack

Answer 137

n

Question 138

Which of the following is an attacker attempting to discover open wireless access points?

A. War driving
B. Packet sniffing
C. War chalking
D. Initialization vector

Answer 138

n

Question 139

Which of the following protocols provides Pete, an administrator, with the HIGHEST level of security for device traps?

A. ICMP
B. SNMPv3
C. SSH
D. IPSec

Answer 139

n

Question 140

Which of the following is designed to serve as a risk mitigation strategy?

A. Personally owned devices
B. Disaster recovery plan
C. Calculate proper ROI
D. Zero day exploits

Answer 140

n

Question 141

Who should be contacted FIRST in the event of a security breach?

A. Forensics analysis team
B. Internal auditors
C. Incident response team
D. Software vendors

Answer 141

n

Question 142

Which process will determine maximum tolerable downtime?

A. Business Continuity Planning
B. Contingency Planning
C. Business Impact Analysis
D. Disaster Recovery Plan

Answer 142

n

Question 143

Which of the following provides the MOST protection against zero day attacks via email attachments?

A. Anti-spam
B. Anti-virus
C. Host-based firewalls
D. Patch management

Answer 143

n

Question 144

Which of the following access controls enforces permissions based on data labeling at specific levels?

A. Mandatory access control
B. Separation of duties access control
C. Discretionary access control
D. Role based access control

Answer 144

n

Question 145

A username provides which of the following?

A. Biometrics
B. Identification
C. Authorization
D. Authentication

Answer 145

n

Question 146

Use of group accounts should be minimized to ensure which of the following?

A. Password security
B. Regular auditing
C. Baseline management
D. Individual accountability

Answer 146

n

Question 147

Privilege creep among long-term employees can be mitigated by which of the following procedures?

A. User permission reviews
B. Mandatory vacations
C. Separation of duties
D. Job function rotation

Answer 147

n

Question 148

In which of the following scenarios is PKI LEAST hardened?

A. The CRL is posted to a publicly accessible location.
B. The recorded time offsets are developed with symmetric keys.
C. A malicious CA certificate is loaded on all the clients.
D. All public keys are accessed by an unauthorized user.

Answer 148

n

Question 149

A database server has been compromised via an unpatched vulnerability. An investigation reveals that an application crashed at the time of the compromise. Unauthorized code appeared to be running, although there were no traces of the code found on the file system. Which of the following attack types has MOST likely occurred?

A. Zero day exploit
B. SQL injection
C. LDAP injection
D. Buffer overflow

Answer 149

n

Question 150

Which of the following would Sara, a security administrator, utilize to actively test security controls within an organization?

A. Penetration test
B. Baselining
C. Code review
D. Vulnerability scan

Answer 150

n

Question 151

Which of the following assessments would Pete, the security administrator, use to actively test that an application’s security controls are in place?

A. Code review
B. Penetration test
C. Protocol analyzer
D. Vulnerability scan

Answer 151

n

Question 152

Which of the following would Jane, a security administrator, take advantage of to bypass security controls and gain unauthorized remote access into an organization?

A. Vulnerability scan
B. Dumpster diving
C. Virtualization
D. Penetration test

Answer 152

n

Question 153

Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?

A. Penetration test
B. Code review
C. Vulnerability scan
D. Brute Force scan

Answer 153

n

Question 154

The finance department is growing and needs additional computers to support growth. The department also needs to ensure that their traffic is separated from the rest of the network. Matt, the security administrator, needs to add a new switch to accommodate this growth. Which of the following MUST Matt configure on the switch to ensure proper network separation?

A. Implicit deny
B. VLAN management
C. Access control lists
D. Flood guards

Answer 154

n

Question 155

Pete, the security administrator, wants to ensure that only secure protocols are being used to transfer and copy files. Which of the following protocols should he implement?

A. SMTP
B. SCP
C. FTP
D. HTTPS

Answer 155

n

Question 156

Sara, a security administrator, has recently implemented a policy to ban certain attachments from being sent through the corporate email server. This is an example of trying to mitigate which of the following?

A. SQL injection
B. LDAP injection
C. Cross-site scripting
D. Malicious add-ons

Answer 156

n

Question 157

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b

Answer 157

n

Question 158

In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis?(Select TWO).

A. Take hashes
B. Begin the chain of custody paperwork
C. Take screen shots
D. Capture the system image
E. Decompile suspicious files

Answer 158

n

Question 159

Which of the following is used to certify intermediate authorities in a large PKI deployment?

A. Root CA
B. Recovery agent
C. Root user
D. Key escrow

Answer 159

n

Question 160

Which of the following components MUST be trusted by all parties in PKI?

A. Key escrow
B. CA
C. Private key
D. Recovery key

Answer 160

n

Question 161

Remote employees login to the network using a device displaying a digital number which changes every five minutes. This is an example of which of the following?

A. Block cipher
B. One-time pad
C. Stream cipher
D. Digital signature

Answer 161

n

Question 162

When checking his webmail, Matt, a user, changes the URL’s string of characters and is able to get into another user’s inbox. This is an example of which of the following?

A. Header manipulation
B. SQL injection
C. XML injection
D. Session hijacking

Answer 162

n

Question 163

Sara, an employee, unintentionally downloads malware that exploits a known vulnerability. Which of the following needs to be enforced to keep this incident from recurring in the future?

A. Input validation
B. Active pop-up blocker
C. Application hardening and error validation
D. Patch management

Answer 163

n

Question 164

Which of the following is being used when a message is buried within the pixels of an image?

A. Steganography
B. Block cipher
C. Encryption
D. Hashing

Answer 164

n

Question 165

Elliptic curve cryptography: (Select TWO)

A. is used in both symmetric and asymmetric encryption.
B. is used mostly in symmetric encryption.
C. is mostly used in embedded devices.
D. produces higher strength encryption with shorter keys.
E. is mostly used in hashing algorithms.

Answer 165

n

Question 166

Which of the following would an antivirus company use to efficiently capture and analyze new and unknown malicious attacks?

A. Fuzzer
B. IDS
C. Proxy
D. Honeynet

Answer 166

n

Question 167

Which of the following is used to translate a public IP to a private IP?

A. NAT
B. CCMP
C. NAC
D. VLAN

Answer 167

n

Question 168

Why is it important for a penetration tester to have established an agreement with management as to which systems and processes are allowed to be tested?

A. Penetration test results are posted publicly, and some systems tested may contain corporate secrets.
B. Penetration testers always need to have a comprehensive list of servers, operating systems, IP subnets, and department personnel prior to ensure a complete test.
C. Having an agreement allows the penetration tester to look for other systems out of scope and test them for threats against the in-scope systems.
D. Some exploits when tested can crash or corrupt a system causing downtime or data loss.

Answer 168

n

Question 169

An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. Which of the following strategies would the administrator MOST likely implement?

A. Full backups on the weekend and incremental during the week
B. Full backups on the weekend and full backups every day
C. Incremental backups on the weekend and differential backups every day
D. Differential backups on the weekend and full backups every day

Answer 169

n

Question 170

Which of the following can be used in code signing?

A. AES
B. RC4
C. GPG
D. CHAP

Answer 170

n

Question 171

Sara, an administrator, disables the beacon function of an access point. Which of the following is accomplished by this?

A. The AP stops broadcasting radio frequencies.
B. The SSID is not broadcasted by the AP.
C. The AP presence is undetectable by wireless sniffers.
D. Wireless clients are now required to use 2.4 GHz.

Answer 171

n

Question 172

Which of the following can use RC4 for encryption? (Select TWO).

A. CHAP
B. SSL
C. WEP
D. AES
E. 3DES

Answer 172

n

Question 173

Which of the following defines a business goal for system restoration and acceptable data loss?

A. MTTR
B. MTBF
C. RPO
D. Warm site

Answer 173

n

Question 174

Which of the following defines an organization goal for acceptable downtime during a disaster or other contingency?

A. MTBF
B. MTTR
C. RTO
D. RPO

Answer 174

n

Question 175

Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?

A. CCTV system access
B. Dial-up access
C. Changing environmental controls
D. Ping of death

Answer 175

n

Question 176

An ACL placed on which of the following ports would block IMAP traffic?

A. 110
B. 143
C. 389
D. 465

Answer 176

n

Question 177

Which of the following provides the HIGHEST level of confidentiality on a wireless network?

A. Disabling SSID broadcast
B. MAC filtering
C. WPA2
D. Packet switching

Answer 177

n

Question 178

A new AP has been installed and there are problems with packets being dropped. Which of the following BEST explains the packet loss?

A. EMI
B. XML injection
C. DDoS
D. Botnet

Answer 178

n

Question 179

Which of the following intrusion detection methods may generate an alert when Matt, an employee, accesses a server during non-business hours?

A. Signature
B. Time of Day restrictions
C. Heuristic
D. Behavioral

Answer 179

n

Question 180

Which of the following controls should be used to verify a person in charge of payment processing is not colluding with anyone to pay fraudulent invoices?

A. Least privilege
B. Security policy
C. Mandatory vacations
D. Separation of duties

Answer 180

n

Question 181

Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?

A. Least privilege
B. Sandboxing
C. Black box
D. Application hardening

Answer 181

n

Question 182

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?

A. Recovery agent
B. Certificate authority
C. Trust model
D. Key escrow

Answer 182

n

Question 183

Which of the following security methods should be used to ensure mobile devices are not removed by unauthorized users when the owner is away from their desk?

A. Screen lock
B. Biometrics
C. Strong passwords
D. Cable lock

Answer 183

n

Question 184

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?

A. Single sign on
B. IPv6
C. Secure zone transfers
D. VoIP

Answer 184

n

Question 185

Jane, a network technician, notices that users’ Internet homepages have been changed to sites that include malware. Which of the following will change the default homepage for the Internet browser to be the same for all users?

A. Flush the DNS cache
B. Remove workstations from the domain
C. Upgrade the Internet browser
D. Implement group policies

Answer 185

n

Question 186

A security administrator wants to scan an infected workstation to understand how the infection occurred. Which of the following should the security administrator do FIRST before scanning the workstation?

A. Make a complete hard drive image
B. Remove the memory
C. Defragment the hard drive
D. Delete all temporary Internet files

Answer 186

n

Question 187

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

A. HIPS
B. Antivirus
C. NIDS
D. ACL

Answer 187

n

Question 188

The lead security engineer has been brought in on a new software development project. The software development team will be deploying a base software version and will make multiple software revisions during the project life cycle. The security engineer on the project is concerned with the ability to roll back software changes that cause bugs and/or security concerns. Which of the following should the security engineer suggest to BEST address this issue?

A. Develop a change management policy incorporating network change control.
B. Develop a change management policy incorporating hardware change control.
C. Develop a change management policy incorporating software change control.
D. Develop a change management policy incorporating oversight of the project lifecycle.

Answer 188

n

Question 189

A new wireless network was installed in an office building where there are other wireless networks. Which of the following can the administrator disable to help limit the discovery of the new network?

A. DHCP
B. Default user account
C. MAC filtering
D. SSID broadcast

Answer 189

n

Question 190

Which of the following anti-malware solutions can be implemented to mitigate the risk of phishing?

A. Host based firewalls
B. Anti-spyware
C. Anti-spam
D. Anti-virus

Answer 190

n

Question 191

Which of the following can be used to mitigate risk if a mobile device is lost?

A. Cable lock
B. Transport encryption
C. Voice encryption
D. Strong passwords

Answer 191

n

Question 192

Implementation of server clustering is an example of which of the following security concepts?

A. Traceability
B. Availability
C. Integrity
D. Confidentiality

Answer 192

n

Question 193

The annual loss expectancy can be calculated by:

A. dividing the annualized rate of return by single loss expectancy.
B. multiplying the annualized rate of return and the single loss expectancy.
C. subtracting the single loss expectancy from the annualized rate of return.
D. adding the single loss expectancy and the annualized rate of return.

Answer 193

n

Question 194

Which of the following datacenter environmental controls must be properly configured to prevent equipment failure from water?

A. Lighting
B. Temperature
C. Humidity
D. Halon fire suppression

Answer 194

n

Question 195

Which of the following should the security administrator do when taking a forensic image of a hard drive?

A. Image the original hard drive, hash the image, and analyze the original hard drive.
B. Copy all the files from the original into a separate hard drive, and hash all the files.
C. Hash the original hard drive, image the original hard drive, and hash the image.
D. Image the original hard drive, hash the original hard drive, and analyze the hash.

Answer 195

n

Question 196

In order to prevent and detect fraud, which of the following should be implemented?

A. Job rotation
B. Risk analysis
C. Incident management
D. Employee evaluations

Answer 196

n

Question 197

A vulnerability scan detects an unpatched application that does not exist on the server. Which of the following is the BEST explanation?

A. File corruption
B. False positive
C. Wrong system was scanned
D. Signature needs to be updated on the tool

Answer 197

n

Question 198

Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task?

A. HIDS
B. Firewall
C. NIPS
D. Spam filter

Answer 198

n

Question 199

An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:

A. it is being caused by the presence of a rogue access point.
B. it is the beginning of a DDoS attack.
C. the IDS has been compromised.
D. the internal DNS tables have been poisoned.

Answer 199

n

Question 200

Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company’s live modem pool. Which of the following activities is MOST appropriate?

A. War dialing
B. War chalking
C. War driving
D. Bluesnarfing

Answer 200

n

Question 201

Mike, a system administrator, anticipating corporate downsizing this coming November writes a malicious program to execute three weeks later if his account is removed. Which of the following attacks is this?

A. Rootkit
B. Virus
C. Logic Bomb
D. Worm

Answer 201

n

Question 202

The Compliance Department implements a policy stating the Security Analyst must only review security changes and the Security Administrator will implement the changes. This is example of which of the following?

A. Job rotation
B. Discretionary access control
C. Trust models
D. Separation of duties

Answer 202

n

Question 203

An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?

A. CRL
B. Non-repudiation
C. Trust models
D. Recovery agents

Answer 203

n

Question 204

Which of the following protocols would be used to verify connectivity between two remote devices at the LOWEST level of the OSI model?

A. DNS
B. SCP
C. SSH
D. ICMP

Answer 204

n

Question 205

Sara, a user, needs to copy a file from a Linux workstation to a Linux server using the MOST secure file transfer method available. Which of the following protocols would she use?

A. SCP
B. FTP
C. SNMP
D. TFTP

Answer 205

n

Question 206

Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?

A. Common access card
B. Role based access control
C. Discretionary access control
D. Mandatory access control

Answer 206

n

Question 207

Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?

A. HIPS
B. NIDS
C. HIDS
D. NIPS

Answer 207

n

Question 208

Matt, the security administrator, notices a large number of alerts on the NIDS. Upon further inspection, it is determined that no attack has really taken place. This is an example of a:

A. false negative.
B. true negative.
C. false positive.
D. true positive.

Answer 208

n

Question 209

Sara, a visitor, plugs her Ethernet cable into an open jack in a wall outlet and is unable to connect to the network. This is MOST likely an example of:

A. port security.
B. implicit deny.
C. flood guards.
D. loop protection.

Answer 209

n

Question 210

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?

A. Create a VLAN without a default gateway.
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.

Answer 210

n

Question 211

The security principle that is targeted when implementing ACLs is:

A. integrity.
B. availability.
C. confidentiality.
D. responsibility.

Answer 211

n

Question 212

Which of the following is true about two security administrators who are using asymmetric encryption to send encrypted messages to each other?

A. When one encrypts the message with the private key, the other can decrypt it with the private key.
B. When one encrypts the message with the private key, the other can decrypt it with the public key.
C. When one encrypts the message with the public key, the other can use either the public or the private to decrypt it.
D. When one encrypts the message with the public key, the other can decrypt it with the public key.

Answer 212

n

Question 213

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

A. 20
B. 21
C. 22
D. 23

Answer 213

n

Question 214

Which of the following top to bottom sequential firewall rules will allow SSH communication?

A. DENY ANY ANY
PERMIT ANY ANY TCP 22
PERMIT ANY ANY UDP 22
B. PERMIT ANY ANY UDP 22
PERMIT ANY ANY TCP 21
DENY ANY ANY
C. PERMIT ANY ANY TCP 23
PERMIT ANY ANY TCP 22
DENY ANY ANY
D. PERMIT ANY ANY TCP 23
DENY ANY ANY
PERMIT ANY ANY TCP 22

Answer 214

n

Question 215

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?

A. Availability
B. Integrity
C. Confidentiality
D. Fire suppression

Answer 215

n

Question 216

Which of the following Data Loss Prevention strategies is used to ensure that unauthorized users cannot access information stored in specified fields?

A. Whole disk encryption
B. Trust models
C. Database encryption
D. Individual file encryption

Answer 216

n

Question 217

Which of the following devices can Sara, an administrator, implement to detect and stop known attacks?

A. Signature-based NIDS
B. Anomaly-based NIDS
C. Signature-based NIPS
D. Anomaly-based NIPS

Answer 217

n

Question 218

Which of the following protocols would be implemented to secure file transfers using SSL?

A. TFTP
B. SCP
C. SFTP
D. FTPS

Answer 218

n

Question 219

Which of the following security concepts are used for data classification and labeling to protect data? (Select TWO).

A. Need to know
B. Role based access control
C. Authentication
D. Identification
E. Authorization

Answer 219

n

Question 220

Which of the following cryptography concepts describes securing a file during download?

A. Trust model
B. Non-repudiation
C. Transport encryption
D. Key escrow

Answer 220

n

Question 221

Which of the following secure file transfer methods uses port 22 by default?

A. FTPS
B. SFTP
C. SSL
D. S/MIME

Answer 221

B

Question 222

A drawback of utilizing unmonitored proximity badge readers is that they perform:

A. authentication without authorization.
B. authorization with authentication.
C. authorization without authentication.
D. authentication with authorization.

Answer 222

n

Question 223

While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing?

A. EAP-TLS
B. PEAP
C. WEP
D. WPA

Answer 223

n

Question 224

Pete, a security administrator, instructs the networking team to push out security updates for a suite of programs on client workstations. This is an example of which of the following?

A. Cross-site scripting prevention
B. Application configuration baseline
C. Application hardening
D. Application patch management

Answer 224

n

Question 225

Which of the following are used to implement VPNs? (Select TWO).

A. SFTP
B. IPSec
C. HTTPS
D. SNMP
E. SSL

Answer 225

n

Question 226

A company is concerned about physical laptop theft. Which of the following is the LEAST expensive way to prevent this threat?

A. Bollards
B. Full disk encryption
C. Cable locks
D. Safes

Answer 226

n

Question 227

Creating multiple VLAN’s requires how many devices?

a. Multiple switches
b. A single switch
c. Multiple routers
d. A single router

Answer 227

B

Question 228

Andy’s laptop is connected to the network with both a wired and a wireless connection. What condition might this situation allow?

a. Looping
b. Bridging
c. Redundant connection
d. Dual routing

Answer 228

B

Question 229

Which sort of device does not typically forward broadcasts?

a. Gateways
b. Switches
c. Hubs
d. Routers

Answer 229

D

Question 230

Janet is a new network administrator who is trying to properly configure a new router. She knows that she must enforce the concept of implicit deny. Which command should she include in the ACL?

a. The first item should be deny any any
b. The first item should be drop all packets
c. The last item should be deny any any
d. The last item should be drop all packets

Answer 230

C

Question 231

Which of the following is a private address?

a. 192.168.56.134
b. 172.15.6.89
c. 192.16.0.1
d. 172.32.0.1

Answer 231

A - 192.168

Question 232

Which address translation method uses a one to one mapping of private and public addresses?

a. Dynamic NAT
b. Assigned NAT
c. Static NAT
d. PAT

Answer 232

C

Question 233

Which encryption method is not compatible with NAT?

a. SHA1
b. AES
c. DES
d. IPsec

Answer 233

D

Question 234

Many intrusion detection systems look for known patterns to help detect attacks. What type of intrusion detection is this?

a. Anomaly
b. Behavior
c. Heuristic
d. Signature

Answer 234

D

Question 235

The network for ABC Building Supplies was recently subjected to an intensive DDoS attack. Although the network was protected by state-of-the-art network instruction prevention devices utilizing both signature and anomaly detection the attack went unreported. What is the name for this condition as related to a NIPS?

a. False positive
b. False negative
c. True negative
d. True positive

Answer 235

B

Question 236

A honeypot would be installed on a network to:

a. Prevent intruders from entering the network.
b. Trap intruders so the intruders cannot exit the network.
c. Divert intruders from more vital assets.
d. Warn intruders that their presence has been detected.

Answer 236

C

Question 237

What is the difference between an active NIDS and a NIPS?

a. A NIPS is placed in-line with the traffic
b. Only a NIPS can take action after detection
c. A NIPS can incorporate heuristic detection
d. NIPS are hardware devices while NIDS are software installed on a server

Answer 237

A

Question 238

What bandwidth does 802.11a use?

a. 11 Mbit/s
b. 600 Mbit/s
c. 54 Mbit/s
d. 2.4 Mbit/s

Answer 238

C

Question 239

Which protocol was used to overcome the security deficiencies of WEP?

a. TKIP
b. CCMP
c. RC4
d. WPA2

Answer 239

A

Question 240

Theo is considering the pros and cons of using WPA2 in personal or enterprise mode. Of the following what is the primary difference?

a. Personal mode uses an 802.1X sever
b. Enterprise mode requires a pre-shared key
c. Enterprise mode allows strong authentication
d. Personal mode is usually associated with a RADIUS server

Answer 240

C

Question 241

Which authentication method uses TLS?

a. PEAP
b. EAP
c. LEAP
d. TEAP

Answer 241

A

Question 242

Of the following which would provide for the most security on a wireless network?

a. Disabling the SSID broadcast
b. Enabling a MAC filter
c. Requiring WEP encryption
d. Changing the default SSID

Answer 242

C

Question 243

Which tunneling method uses IPsec for encryption?

a. PPTP
b. SSTP
c. IKE
d. L2TP

Answer 243

D

Question 244

A chip on the motherboard used for disk encryption is called what?

a. Trusted Platform Module (TPM)
b. BitLocker
c. Hardware Security Module (HSM)
d. TrueCrypt

Answer 244

A

Question 245

What is the service which allows organizations to limit their hardware footprint and personnel costs by renting access to hardware?

a. Infrastructure as a Service (IaaS)
b. System as a Service (SaaS)
c. Platform as a Service (PaaS)
d. Equipment as a Service (EaaS)

Answer 245

A

Question 246

A piece of code that appears to do something useful while performing a harmful and unexpected function, like stealing passwords, is a:

a. Virus
b. Logic bomb
c. Worm
d. Trojan horse

Answer 246

D

Question 247

Which type of malware requires a host file?

a. Virus
b. Logic bomb
c. Worm
d. Rootkit

Answer 247

A

Question 248

Which type of malware uses hooked processes, or hooking techniques to intercept calls to the operating system?

a. Virus
b. Logic bomb
c. Worm
d. Rootkit

Answer 248

D

Question 249

Which type of attack uses the phone system to trick users into giving up personal and financial information?

a. Phishing
b. Spear Phishing
c. Vishing
d. Whaling

Answer 249

C

Question 250

Logic bombs differ from worms in that:

a. Logic bombs cannot be sent through email.
b. Logic bombs cannot spread from computer to computer.
c. Logic bombs always contain a Trojan component.
d. Logic bombs usually have a date or time component

Answer 250

D

Question 251

A periodic security audit of group policy can:

a. Show that data is being correctly backed up.
b. Show that PII data is being properly protected.
c. Show that virus definitions are up to date on all workstations.
d. Show that unnecessary services are blocked on workstations.

Answer 251

D

Question 252

List the Ports:
File Transfer (Default Data)
File Transfer Control
Secure Shell/SCP/SFTP
Telnet
Simple Mail Transfer
TACACS+
Domain Name Server
DHCP Server
TFTP
HTTP
Kerberos
POP3
IMAP4
SNMP
LDAP
HTTPS
IKE (IPSec)
LDAP over SSL/TLS
FTPS
SQL Server
L2TP
PPTP
RADIUS authorization
Bit Torrent (P2P)

Answer 252

TCP Port	UDP Port
20	
21	
22	
23	
25	
49	49
53	53
	67
	69
80	
88	88
110	
143	
161	
389	389
443	
500	500
636	636
989-990	
1433	
	1701
1723	1723
1812	1812
6881-6889

Question 253

File Transfer (Default Data) Port:

Answer 253

TCP Port 20

Question 254

File Transfer Control Port

Answer 254

TCP Port 21

Question 255

Secure Shell/SCP/SFTP Port

Answer 255

TCP Port 22

Question 256

Telnet Port

Answer 256

TCP Port 23

Question 257

Simple Mail Transfer Port

Answer 257

TCP Port 25

Question 258

TACACS+ Port

Answer 258

TCP Port 49

UDP Port 49

Question 259

Domain Name Server Port

Answer 259

TCP Port 53

UDP Port 53

Question 260

DHCP Server Port

Answer 260

UDP Port 67

Question 261

TFTP Port

Answer 261

UDP Port 69

Question 262

HTTP Port

Answer 262

TCP Port 80

Question 263

Kerberos Port

Answer 263

TCP Port 88

UDP Port 88

Question 264

POP3 Port

Answer 264

TCP Port 110

Question 265

IMAP4 Port

Answer 265

TCP Port 143

Question 266

SNMP Port

Answer 266

TCP Port 161

Question 267

LDAP Port

Answer 267

TCP Port 389

UDP Port 389

Question 268

HTTPS Port

Answer 268

TCP Port 443

Question 269

IKE (IPSec) Port

Answer 269

TCP Port 500

UDP Port 500

Question 270

LDAP over SSL/TLS Port

Answer 270

TCP Port 636

UDP Port 636

Question 271

FTPS Port

Answer 271

TCP Port 989-990

Question 272

SQL Server Port

Answer 272

TCP Port 1433

Question 273

L2TP Port

Answer 273

UDP Port 1701

Question 274

PPTP Port

Answer 274

TCP Port 1723

UDP Port 1723

Question 275

RADIUS authorization Port

Answer 275

TCP Port 1812

UDP Port 1812

Question 276

Bit Torrent (P2P) Port

Answer 276

TCP Port 6881-6889

Question 277

Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?

A. Man-in-the-middle
B. Bluejacking
C. Bluesnarfing
D. Packet sniffing

Answer 277

n

Question 278

Matt, a security administrator, is receiving reports about several SQL injections and buffer overflows through his company’s website. Which of the following would reduce the amount of these attack types?

A. Antivirus
B. Anti-spam
C. Input validation
D. Host based firewalls

Answer 278

n

Question 279

A new server image is being created and Sara, the security administrator, would like a baseline created for the servers. Which of the following needs to be taken into account for the baseline?

A. Disabling all unnecessary services
B. Enabling all default accounts
C. Disabling all accounts
D. Enabling all default services

Answer 279

n

Question 280

Pete, a person who appears to be from a delivery company, is holding a stack of boxes. He requests that the door be held open as he enters the office. Which of following attacks has MOST likely taken place? (Select TWO).

A. Impersonation
B. Vishing
C. Shoulder surfing
D. Tailgating
E. Whaling

Answer 280

n

Question 281

The Chief Information Officer (CIO) is concerned that passwords may be written down and posted in plain sight. Which of the following would BEST mitigate this risk?

A. Password expiration policy
B. Clean desk policy
C. Enforce greater password complexity
D. Acceptable use policy

Answer 281

n

Question 282

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

A. Private hash
B. Recovery agent
C. Public key
D. Key escrow
E. CRL

Answer 282

n

Question 283

A company is concerned about proprietary information leaving the network via email. Which of the following is the BEST solution to remediate the risk?

A. Block port 25 on the network
B. Deploy a firewall on the e-mail server
C. Filter incoming traffic
D. Filter outgoing traffic

Answer 283

n

Question 284

Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information?

A. Employ encryption on all outbound emails containing confidential information.
B. Employ exact data matching and prevent inbound emails with Data Loss Prevention.
C. Employ hashing on all outbound emails containing confidential information.
D. Employ exact data matching and encrypt inbound e-mails with Data Loss Prevention.

Answer 284

n

Question 285

A company had decided to assign employees laptops instead of desktops to mitigate the risk of company closures due to disasters. Which of the following is the company trying to ensure?

A. Succession planning
B. Fault tolerance
C. Continuity of operations
D. Removing single points of failure

Answer 285

n

Question 286

Sara, a security administrator, has implemented outbound email filtering. Which of the following would this MOST likely protect Sara’s company from?

A. Data loss
B. Phishing
C. SPAM solicitation
D. Distributed denial of service attacks

Answer 286

n

Question 287

Pete, the security administrator, wants to ensure that traffic to the corporate intranet is secure using HTTPS. He configures the firewall to deny traffic to port 80. Now users cannot connect to the intranet even through HTTPS. Which of the following is MOST likely causing the issue?

A. The web server is configured on the firewall’s DMZ interface.
B. The VLAN is improperly configured.
C. The firewall’s MAC address has not been entered into the filtering list.
D. The firewall executes an implicit deny.

Answer 287

n

Question 288

Sara, the network security administrator, wants to separate Finance department traffic from the rest of the company. The company uses the following IP addresses:
Servers and switches: 192.168.1.1 - 192.168.1.40
Users: 192.168.1.70 - 192.168.1.110
Finance Users: 192.168.1.200 - 192.168.1.250
Which of the following would BEST meet Sara’s goal?

A. Separate Gateways and Subnet mask of 255.255.255.254
B. VLAN and Subnet mask of 255.255.255.252
C. QoS and Subnet mask of 255.255.255.254
D. SwitchPort Security and a Subnet mask of 255.255.255.252

Answer 288

n

Question 289

Which of the following ports are used for secure SNMP and FTPS by default? (Select TWO).

A. 21
B. 22
C. 123
D. 161
E. 443
F. 8080

Answer 289

n

Question 290

Which of the following wireless security algorithms is vulnerable to dictionary attacks when weak passwords are used?

A. LEAP
B. EAP-TLS
C. PEAP
D. EAP-FAST

Answer 290

n

Question 291

Power and data cables from the network center travel through the building’s boiler room. Which of the following should be used to prevent data emanation?

A. Video monitoring
B. EMI shielding
C. Plenum CAT6 UTP
D. Fire suppression

Answer 291

n

Question 292

Mike, a user, receives an email from his grandmother stating that she is in another country and needs money. The email address belongs to his grandmother. Which of the following attacks is this?

A. Man-in-the-middle
B. Spoofing
C. Relaying
D. Pharming

Answer 292

n

Question 293

Sara, a user, receives several unwanted instant messages. Which of the following types of attacks is this?

A. Phishing
B. Vishing
C. Spam
D. Spim

Answer 293

n

Question 294

Sara, a security administrator, has changed access point signal strength and antenna placement to help prevent which of the following wireless attacks?

A. Evil twin
B. War driving
C. Bluesnarfing
D. IV attack

Answer 294

n

Question 295

Which of the following ports is MOST likely using a secure protocol, by default?

A. 21
B. 80
C. 110
D. 443

Answer 295

n

Question 296

Which of the following network ports is MOST likely associated with HTTPS, by default?

A. 53
B. 80
C. 123
D. 443

Answer 296

n

Question 297

Which of the following allows Mike, a security technician, to view network traffic for analysis?

A. Spam filter
B. Sniffer
C. Router
D. Switch

Answer 297

n

Question 298

Which of the following should Matt, a security technician, apply to the network for loop protection?

A. Spanning tree
B. Log analysis
C. Implicit deny
D. Load balancers

Answer 298

n

Question 299

Which of the following network administration principles is MOST closely associated with firewall ACLs?

A. Log analysis
B. Port address translation
C. Implicit deny
D. Stateful inspection

Answer 299

n

Question 300

Which of the following protocols can be used to secure traffic for telecommuters?

A. WPA
B. IPSec
C. ICMP
D. SMTP

Answer 300

n

Question 301

Which of the following should Sara, a security technician, use to reduce the possibility of an attacker discovering the company’s wireless network?

A. Disable SSID broadcast
B. Implement TKIP
C. Apply MAC filtering
D. Upgrade WEP to WPA

Answer 301

n

Question 302

Which of the following is a management control?

A. Logon banners
B. Written security policy
C. SYN attack prevention
D. Access Control List (ACL)

Answer 302

n

Question 303

Which of the following risk concepts BEST supports the identification of fraud?

A. Risk transference
B. Management controls
C. Mandatory vacations
D. Risk calculation

Answer 303

n

Question 304

Which of the following incident response aspects allows Pete, the security technician, to identify who caused a Distributed Denial of Service (DDoS) attack?

A. Network logs
B. Live system image
C. Record time offset
D. Screenshots

Answer 304

n

Question 305

Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?

A. Restoration and recovery strategies
B. Deterrent strategies
C. Containment strategies
D. Detection strategies

Answer 305

n

Question 306

Which of the following must Mike, a user, implement if he wants to send a secret message to Jane, a coworker, by embedding it within an image?

A. Transport encryption
B. Steganography
C. Hashing
D. Digital signature

Answer 306

n

Question 307

In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?

A. Three factor
B. Single factor
C. Two factor
D. Four factor

Answer 307

n

Question 308

Which of the following must Jane, a security administrator, implement to ensure all wired ports are authenticated before a user is allowed onto the network?

A. Intrusion prevention system
B. Web security gateway
C. Network access control
D. IP access control lists

Answer 308

n

Question 309

Mike, a server engineer, has received four new servers and must place them in a rack in the datacenter. Which of the following is considered best practice?

A. All servers’ air exhaust toward the cold aisle.
B. All servers’ air intake toward the cold aisle.
C. Alternate servers’ air intake toward the cold and hot aisle.
D. Servers’ air intake must be parallel to the cold/hot aisles.

Answer 309

n

Question 310

Mike, a security analyst, has captured a packet with the following payload: GET ../../../../system32\/cmd.exe. Which of the following is this an example of?

A. SQL injection
B. Directory traversal
C. XML injection
D. Buffer overflow

Answer 310

n

Question 311

Sara, the security administrator, needs to open ports on the firewall to allow for secure data transfer. Which of the following TCP ports would allow for secure transfer of files by default?

A. 21
B. 22
C. 23
D. 25

Answer 311

n

Question 312

Which of the following technologies would allow for a secure tunneled connection from one site to another? (Select TWO).

A. SFTP
B. IPSec
C. SSH
D. HTTPS
E. ICMP

Answer 312

n

Question 313

Which of the following sets numerous flag fields in a TCP packet?

A. XMAS
B. DNS poisoning
C. SYN flood
D. ARP poisoning

Answer 313

n

Question 314

Which of the following devices is MOST commonly used to create a VLAN?

A. Hub
B. Router
C. Firewall
D. Switch

Answer 314

n

Question 315

Which of the following network design elements provides for a one-to-one relationship between an internal network address and an external network address?

A. NAT
B. NAC
C. VLAN
D. PAT

Answer 315

n

Question 316

Using proximity card readers instead of the traditional key punch doors would help to mitigate:

A. impersonation.
B. tailgating.
C. dumpster diving.
D. shoulder surfing.

Answer 316

n

Question 317

In planning for a firewall implementation, Pete, a security administrator, needs a tool to help him understand what traffic patterns are normal on his network. Which of the following tools would help Pete determine traffic patterns?

A. Syslog
B. Protocol analyzer
C. Proxy server
D. Firewall

Answer 317

n

Question 318

Jane, a security administrator, has asked her technicians to determine if a certificate is valid. Which of the following should be checked to determine whether or not a certificate has been invalidated?

A. CA
B. CRL
C. PKI
D. CRC

Answer 318

n

Question 319

TKIP uses which of the following encryption ciphers?

A. RC5
B. AES
C. RC4
D. 3DES

Answer 319

n

Question 320

The process of exchanging public keys is BEST explained as which cryptography concept?

A. Symmetric encryption
B. Asymmetric encryption
C. Key escrow
D. Transport encryption

Answer 320

n

Question 321

Which of the following network segments would be BEST suited for installing a honeypot?

A. Management network
B. Internal network
C. External network
D. DMZ network

Answer 321

n

Question 322

Jane, a security architect, has noticed significant performance loss with the increase in user-base of her PKI infrastructure. Which of the following could she deploy in order to increase response times?

A. Smart card
B. CAC
C. HSM
D. VPN

Answer 322

n

Question 323

Jane, an administrator, needs to transfer DNS zone files from outside of the corporate network.
Which of the following protocols must be used?

A. TCP
B. ICMP
C. UDP
D. IP

Answer 323

n

Question 324

Common access cards use which of the following authentication models?

A. PKI
B. XTACACS
C. RADIUS
D. TACACS

Answer 324

n

Question 325

Which of the following does a second authentication requirement mitigate when accessing privileged areas of a website, such as password changes or user profile changes?

A. Cross-site scripting
B. Cookie stealing
C. Packet sniffing
D. Transitive access

Answer 325

n

Question 326

Which of the following should Sara, a security technician, educate users about when accessing the company wireless network?

A. IV attacks
B. Vishing
C. Rogue access points
D. Hoaxes

Answer 326

n

Question 327

Pete, a security technician, has implemented data loss prevention on a company laptop. Which of the following does this protect against?

A. Connecting the company laptop to external data networks
B. Use of USB drives for legitimate operational purposes
C. Use of unencrypted USB drives for gray box testing
D. Removal of company information without authorization

Answer 327

n

Question 328

Sara, an IT security technician, needs to be able to identify who is in possession of a stolen laptop.
Which of the following BEST addresses her need?

A. Remote sanitization
B. Remote wipe
C. GPS tracking
D. Traceroute

Answer 328

n

Question 329

Which of the following will allow Sara, an IT security technician, to effectively identify a zero-day attack on her systems?

A. Anti-malware
B. Antivirus signatures
C. Host software baseline
D. Virtualization

Answer 329

n

Question 330

Mike, an IT security technician, needs to recommend an authentication mechanism which has a high probability of correctly identifying a user. Which of the following BEST meets this need?

A. Separation of duties
B. Biometrics
C. Passwords
D. Access control list

Answer 330

n

Question 331

Jane receives a spreadsheet via email and double clicks the attachment executing another program inside the spreadsheet. Which of the following types of malware was executed?

A. Spyware
B. Rootkit
C. Trojan
D. Botnet

Answer 331

n

Question 332

Which of the following ports does DNS operate on, by default?

A. 23
B. 53
C. 137
D. 443

Answer 332

n

Question 333

Which of the following is a secure alternate to Telnet?

A. TFTP
B. HTTPS
C. SSH
D. SCP

Answer 333

n

Question 334

Temporary employees are not allowed to work overtime. The information security department must implement a control to enforce this measure. Which of the following measures would BEST enforce this policy?

A. Separation of duties
B. Personal identification card
C. Single sign-on
D. Time of day restrictions

Answer 334

n

Question 335

Sara from IT Governance wants to provide a mathematical probability of an earthquake using facts and figures. Which of the following concepts would achieve this?

A. Qualitative Analysis
B. Impact Analysis
C. Quantitative Analysis
D. SLE divided by the ARO

Answer 335

n

Question 336

A buffer overflow can result in which of the following attack types?

A. DNS poisoning
B. Zero-day
C. Privilege escalation
D. ARP poisoning

Answer 336

n

Question 337

Which of the following is an authentication service that uses UDP as a transport medium?

A. TACACS+
B. LDAP
C. Kerberos
D. RADIUS

Answer 337

n

Question 338

Which of the following is true concerning WEP security?

A. WEP keys are transmitted in plain text.
B. The WEP key initialization process is flawed.
C. The pre-shared WEP keys can be cracked with rainbow tables.
D. WEP uses the weak RC4 cipher.

Answer 338

n

Question 339

Matt, a security administrator, wants to secure VoIP traffic on the internal network from eavesdropping. Which of the following would MOST likely be used?

A. SSL
B. SSH
C. QoS
D. IPSec

Answer 339

n

Question 340

Pete works for a subsidiary company that processes secure transactions for the parent company. Which of the following can be employed to ensure the parent company has access to the subsidiary’s encrypted data in an emergency?

A. Trust model
B. Public key infrastructure
C. Symmetrical key encryption
D. Key escrow

Answer 340

n

Question 341

Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).

A. Tethering
B. Screen lock PIN
C. Remote wipe
D. Email password
E. GPS tracking
F. Device encryption

Answer 341

n

Question 342

Which of the following social engineering attacks is meant for a high-ranking corporate employee?

A. Pharming
B. Whaling
C. Hoax
D. Vishing

Answer 342

n

Question 343

Which of the following is an advantage of using group policy to redirect users’ local folders to networked drives in regards to data loss prevention?

A. Sensitive data is not stored on a local computer.
B. Users can track their data for unauthorized revisions.
C. Incremental back-ups are stored locally for easy access.
D. The users are more aware of where their data is stored.

Answer 343

n

Question 344

In the case of laptop theft, which of the following is the BEST action to take to prevent data theft?

A. Use a third-party hard drive encryption product.
B. Install the operating system on a non-default partition letter.
C. Set a BIOS password that must be entered upon system boot.
D. Enforce a strict complex operating system password.

Answer 344

n

Question 345

Pete, a security administrator, has implemented a policy to prevent data loss. Which of the following is the
BEST method of enforcement?

A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.

Answer 345

n

Question 346

Sara, a security administrator, needs to implement the equivalent of a DMZ at the datacenter entrance. Which of the following must she implement?

A. Video surveillance
B. Mantrap
C. Access list
D. Alarm

Answer 346

n

Question 347

Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane’s company?

A. Vulnerability scanner
B. Honeynet
C. Protocol analyzer
D. Port scanner

Answer 347

n

Question 348

Sara, a senior programmer for an application at a software development company, has also assumed an auditing role within the same company. She will be assessing the security of the application. Which of the following will she be performing?

A. Blue box testing
B. Gray box testing
C. Black box testing
D. White box testing

Answer 348

n

Question 349

Which of the following procedures would be used to mitigate the risk of an internal developer embedding malicious code into a production system?

A. Audit management
B. Mobile device management
C. Incident management
D. Change management

Answer 349

n

Question 350

Mike, a security analyst, is looking to reduce the number of phishing emails received by employees. Which of the following solutions helps prevent this from occurring?

A. HIDS
B. NIDS
C. Antivirus
D. Spam filter

Answer 350

n

Question 351

Which of the following BEST describes a directory traversal attack?

A. A malicious user can insert a known pattern of symbols in a URL to access a file in another section of the directory.
B. A malicious user can change permissions or lock out user access from a webroot directory or
subdirectories.
C. A malicious user can delete a file or directory in the webroot directory or subdirectories.
D. A malicious user can redirect a user to another website across the Internet.

Answer 351

n

Question 352

In her morning review of new vendor patches, Jane has identified an exploit that is marked as critical. Which of the following is the BEST course of action?

A. Jane should wait seven days before testing the patch to ensure that the vendor does not issue an updated version, which would require reapplying the patch.
B. Jane should download the patch and install it to her workstation to test whether it will be able to be applied to all workstations in the environment.
C. Jane should alert the risk management department to document the patch and add it to the next monthly patch deployment cycle.
D. Jane should download the patch to the test network, apply it to affected systems, and evaluate the results on the test systems.

Answer 352

n

Question 353

Matt, a security administrator, has noticed that the website and external systems have been subject to many attack attempts. To verify integrity of the website and critical files, Matt should:

A. require all visitors to the public web home page to create a username and password to view the pages in the website.
B. configure the web application firewall to send a reset packet to the incoming IP from where an attack or scan signature has been detected.
C. create file hashes for website and critical system files, and compare the current file hashes to the baseline at regular time intervals.
D. reboot the web server and database server nightly after the backup has been completed.

Answer 353

n

Question 354

Jane, a security technician, needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should Jane open? (Select TWO).

A. TCP 21
B. TCP 23
C. TCP 53
D. UDP 23
E. UDP 53

Answer 354

n

Question 355

Pete, a security administrator, is working with Jane, a network administrator, to securely design a network at a new location. The new location will have three departments which should be isolated from each other to maintain confidentiality. Which of the following design elements should Pete implement to meet this goal?

A. VLANs
B. Port security
C. VPNs
D. Flood guards

Answer 355

n

Question 356

Sara, a security administrator, is configuring a new firewall. She has entered statements into the firewall configuration as follows:
Allow all Web traffic
Deny all Telnet traffic
Allow all SSH traffic
Mike, a user on the network, tries unsuccessfully to use RDP to connect to his work computer at home. Which of the following principles BEST explains why Mike’s attempt to connect is not successful?

A. Explicit deny
B. Loop protection
C. Implicit deny
D. Implicit permit

Answer 356

n

Question 357

Jane, a security administrator, notices that a program has crashed. Which of the following logs should Jane check?

A. Access log
B. Firewall log
C. Audit log
D. Application log

Answer 357

n

Question 358

A process in which the functionality of an application is tested with some knowledge of the internal mechanisms of the application is known as:

A. white hat testing.
B. black box testing.
C. black hat testing.
D. gray box testing.

Answer 358

n

Question 359

Which of the following passwords is the LEAST complex?

A. MyTrain!45
B. Mytr@in!!
C. MyTr@in12
D. MyTr@in#8

Answer 359

n

Question 360

Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it?

A. Retention of user keys
B. Increased logging on access attempts
C. Retention of user directories and files
D. Access to quarantined files

Answer 360

n

Question 361

Which RAID level is LEAST suitable for disaster recovery plans?

A. 0
B. 1
C. 5
D. 6

Answer 361

n

Question 362

Which of the following security architecture elements also has sniffer functionality? (Select TWO).

A. HSM
B. IPS
C. SSL accelerator
D. WAP
E. IDS

Answer 362

n

Question 363

During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?

A. All users have write access to the directory.
B. Jane has read access to the file.
C. All users have read access to the file.
D. Jane has read access to the directory.

Answer 363

n

Question 364

Sara, an IT security technician, is actively involved in identifying coding issues for her company. Which of the following is an application security technique that she can use to identify unknown weaknesses within the code?

A. Vulnerability scanning
B. Denial of service
C. Fuzzing
D. Port scanning

Answer 364

n

Question 365

Sara, an IT security technician, has identified security weaknesses within her company’s code. Which of the following is a common security coding issue?

A. Input validation
B. Application fuzzing
C. Black box testing
D. Vulnerability scanning

Answer 365

n

Question 366

Which of the following is an application security coding problem?

A. Error and exception handling
B. Patch management
C. Application hardening
D. Application fuzzing

Answer 366

n

Question 367

Pete, an IT security technician, needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts.
B. Implement database hardening by applying vendor guidelines.
C. Implement perimeter firewall rules to restrict access.
D. Implement OS hardening by applying GPOs.

Answer 367

n

Question 368

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

A. Hard drive encryption
B. Infrastructure as a service
C. Software based encryption
D. Data loss prevention

Answer 368

n

Question 369

Jane, an IT security technician, receives a call from the vulnerability assessment team informing her that port 1337 is open on a user’s workstation. Which of the following BEST describes this type of malware?

A. Logic bomb
B. Spyware
C. Backdoor
D. Adware

Answer 369

n

Question 370

Which of the following is based on asymmetric keys?

A. CRLs
B. Recovery agent
C. PKI
D. Registration

Answer 370

n

Question 371

Which of the following is BEST described as a notification control, which is supported by other identification controls?

A. Fencing
B. Access list
C. Guards
D. Alarm

Answer 371

n

Question 372

Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

A. Certification authority
B. Key escrow
C. Certificate revocation list
D. Registration authority

Answer 372

n

Question 373

Which of the following BEST describes the weakness in WEP encryption?

A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.
C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Answer 373

n

Question 374

Which of the following is used to ensure message integrity during a TLS transmission?

A. RIPEMD
B. RSA
C. AES
D. HMAC

Answer 374

n

Question 375

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?

A. Accept the risk saving $10,000.
B. Ignore the risk saving $5,000.
C. Mitigate the risk saving $10,000.
D. Transfer the risk saving $5,000.

Answer 375

n

Question 376

A company has asked Pete, a penetration tester, to test their corporate network. Pete was provided with all of the server names, configurations, and corporate IP addresses. Pete was then instructed to stay off of the Accounting subnet as well as the company web server in the DMZ. Pete was told that social engineering was not in the test scope as well. Which of the following BEST describes this penetration test?

A. Gray box
B. Black box
C. White box
D. Blue box

Answer 376

n

Question 377

Which of the following keys is contained in a digital certificate?

a. Public key
b. Private key
c. Hashing key
d. Session key

Answer 377

A

Question 378

Message authentication codes are used to provide which service?

a. Integrity
b. Fault recovery
c. Key recovery
d. Acknowledgement

Answer 378

A

Question 379

Asymmetric cryptography ensures that:

a. Encryption and authentication can take place without sharing private keys
b. Encryption of the secret key is performed with the fastest algorithm available
c. Encryption occurs only when both parties have been authenticated
d. Encryption factoring is limited to the session key Gateways

Answer 379

A

Question 380

What type of security process allows others to verify the originator of an e-mail message?

a. Authentication
b. Integrity
c. Non-repudiation
d. Confidentiality

Answer 380

A

Question 381

During the digital signature process, asymmetric cryptography satisfies what security requirement?

a. Confidentiality
b. Access control
c. Data integrity
d. Authentication

Answer 381

D

Question 382

One factor that influences the lifespan of a public key certificate and its associated keys is the:

a. Value of the information it is used to protect
b. Cost and management fees
c. Length of the asymmetric hash
d. Data available openly on the cryptographic system

Answer 382

A

Question 383

IDEA, Blowfish, RC5 and CAST-128 are encryption algorithms of which type?

a. Symmetric
b. Asymmetric
c. Hashing
d. Elliptic curve

Answer 383

A

Question 384

The standard encryption algorithm based on Rijndael is known as:

a. AES
b. 3DES
c. DES
d. Skipjack

Answer 384

A

Question 385

What are the three characteristics of a hash?

a. Reversible, unique, fixed length
b. Non-reversible, variable, fixed length
c. Non-reversible, unique, multiple lengths
d. Non-reversible, unique, fixed length

Answer 385

D

Question 386

What is the difference between SHA1 and HMAC-SHA1?

a. HMAC-SHA1 encrypts the hash
b. HMAC-SHA1 creates a 160 bit hash
c. HMAC-SHA1 uses a shared secret key
d. HMAC-SHA1 uses an asymmetric key

Answer 386

C

Question 387

Which hashing method divides passwords into two seven-character blocks?

a. NTLMv2
b. NTLMv1
c. LANMAN
d. RIPEMD

Answer 387

C

Question 388

Which encryption protocol is the fastest?

a. DES
b. AES
c. ECC
d. RC4

Answer 388

D

Question 389

Which encryption protocol is considered to be the most efficient?

a. RSA
b. El Gamal
c. Diffie-Hellman
d. ECC

Answer 389

D

Question 390

Jill checked the box in Outlook to sign a message to John. What type of key did her system use in the signature process?

a. Jill’s public key
b. Jill’s private key
c. John’s public key
d. John’s private key

Answer 390

B

Question 391

After signing the message to John, Jill decides to encrypt it also. What key is used first in this process?

a. Jill’s public key
b. Jill’s private key
c. John’s public key
d. John’s private key

Answer 391

C

Question 392

A CRL query that receives a response in near real time:

a. Indicates that high availability equipment is used
b .Implies that a fault tolerant database is being used
c. Does not guarantee that fresh data is being returned
d. Indicates that the CA is providing near real time updates

Answer 392

C

Question 393

Which device can best help protect against an attacker taking advantage of the TCP three way handshake?

a. Proxy server
b. NIDS
c. Firewall
d. Flood Guard

Answer 393

D

Question 394

The Spacely Sprocket corporate network was recently overwhelmed by a DDoS attack. Bruce, the new network administrator, was told by the investigators that they had been the victim of a Smurf attack. They determined that the attack packets were using ICMP and the source address was spoofed. What type of network traffic consumed the company’s bandwidth ?

a. Malformed packets
b. Poisoned ARP requests
c. Multiplexed packets
d. Broadcast packets

Answer 394

D

Question 395

What security process can help prevent man-in-the-middle attacks?

a. Time stamped tickets
b. Input validation
c. Mutual authentication
d. Encrypted hashes

Answer 395

C

Question 396

What security process can help prevent replay attacks?

a. Time stamped tickets
b. Input validation
c. Mutual authentication
d. Encrypted hashes

Answer 396

A

Question 397

NOOP sleds are associated with what sort of attack?

a. Buffer overflow
b. Cross site scripting
c. SQL injection
d. Cross site request forgery

Answer 397

A

Question 398

A type of testing uses a computer program to send random data to an application. In some cases, the random data can actually crash the program or provide unexpected results indicating a vulnerability. Security professionals use this to test systems for vulnerabilities they can correct while attackers use it to identify vulnerabilities they can exploit. What is the common name for this type of test?

a. Input spraying
b. Randomizing
c. Fuzzing
d. Garbage attack

Answer 398

C

Question 399

Transitive attacks take advantage of what?

a. Unilateral connections
b. Lack of security updates
c. Weak authentication
d. Trust

Answer 399

D

Question 400

What attack allows an attacker to redirect users to a malicious website and steal cookies?

a. Patch
b. Cross-site request forgery (XSRF)
c. Cross-site scripting
d. Quick fix

Answer 400

C

Question 401

How can SMTP open relays best be prevented?

a. Changing the default port
b. Requiring authentication
c. Hashing the SMTP password
d. Using IMAP rather than POP

Answer 401

B