Exam A Flashcards
QUESTION 1 A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described? A. White box B. Gray box C. Black box D. Red teaming
A. White box
QUESTION 2
A user has forgotten their account password. Which of the following is the BEST recovery strategy?
A. Upgrade the authentication system to use biometrics instead.
B. Temporarily disable password complexity requirements.
C. Set a temporary password that expires upon first use.
D. Retrieve the user password from the credentials database.
C. Set a temporary password that expires upon first use.
QUESTION 3 All of the following are valid cryptographic hash functions EXCEPT: A. RIPEMD B. RC4 C. SHA-512 D. MD4
B. RC4 - Rivest Cypher 4 -Stream cipher is the basis for Secure Sockets Layer (SSL) and Wired Equivalent Privacy (WEP).
QUESTION 4 When a certificate issuer is not recognized by a web browser, which of the following is the MOST common reason? A. Lack of key escrow B. Self-signed certificate C. Weak certificate pass-phrase D. Weak certificate cipher
B. Self-signed certificate
QUESTION 5 Which of the following PKI components identifies certificates that can no longer be trusted? A. CRL B. CA public key C. Escrow D. Recovery agent
A. CRL - Certificate Revocation list
QUESTION 6 Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack? A. 802.1x B. DHCP C. 802.1q D. NIPS
A. 802.1x
QUESTION 7 MAC filtering is a form of which of the following? A. Virtualization B. Network Access Control C. Virtual Private Networking D. Network Address Translation
B. Network Access Control
QUESTION 8 Which of the following authentication protocols forces centralized wireless authentication? A. WPA2-Personal B. WPA2-Enterprise C. WPA2-CCMP D. WPA2-TKIP
B. WPA2-Enterprise (Wi-Fi Protected Access 2- Enterprise)
QUESTION 9 A company that purchases insurance to reduce risk is an example of which of the following? A. Risk deterrence B. Risk acceptance C. Risk avoidance D. Risk transference
D. Risk transference
QUESTION 10
Which of the following is a method to prevent ad-hoc configuration mistakes?
A. Implement an auditing strategy
B. Implement an incident management strategy
C. Implement a patch management strategy
D. Implement a change management strategy
D. Implement a change management strategy
QUESTION 11 Which of the following risks may result from improper use of social networking and P2P software? A. Shoulder surfing B. Denial of service C. Information disclosure D. Data loss prevention
C. Information disclosure
QUESTION 12 Which of the following malware types is BEST described as protecting itself by hooking system processes and hiding its presence? A. Botnet B. Rootkit C. Logic bomb D. Virus
B. Rootkit
QUESTION 13 A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type? A. NAT B. NIPS C. NAC D. DMZ
C. NAC - Network Access Control
QUESTION 14 Which of the following would be used for secure remote terminal access? A. SSH B. TFTP C. SCP D. SFTP
A. SSH - Secure Shell - 22
QUESTION 15 Without validating user input, an application becomes vulnerable to all of the following EXCEPT: A. buffer overflow. B. command injection. C. spear phishing. D. SQL injection.
C. spear phishing.
QUESTION 16
After verifying that the server and database are running, Jane, the administrator, is still unable to make a TCP connection to the database. Which of the following is the MOST likely cause for this?
A. The server has data execution prevention enabled
B. The server has TPM based protection enabled
C. The server has HIDS installed
D. The server is running a host-based firewall
D. The server is running a host-based firewall
QUESTION 17 Which of the following is used to detect an unknown security vulnerability? A. Application fuzzing B. Application configuration baseline C. Patch management D. ID badge
A. Application fuzzing
QUESTION 18
Which of the following is a best practice before deploying a new desktop operating system image?
A. Install network monitoring software
B. Perform white box testing
C. Remove single points of failure
D. Verify operating system security settings
D. Verify operating system security settings
QUESTION 19
Securing mobile devices involves which of the following checklists?
A. Key escrow, trust model, CRL
B. Cross-site scripting, XSRF, fuzzing
C. Screen lock, encryption, remote wipe
D. Black box, gray box, white box testing
C. Screen lock, encryption, remote wipe
QUESTION 20
Which of the following steps should follow the deployment of a patch?
A. Antivirus and anti-malware deployment
B. Audit and verification
C. Fuzzing and exploitation
D. Error and exception handling
B. Audit and verification
QUESTION 21 Lack of internal security resources and high availability requirements are factors that may lead a company to consider: A. patch management. B. encryption. C. cloud computing. D. anti-malware sotware.
C. cloud computing.
QUESTION 22 Which of the following would be used when a higher level of security is desired for encryption key storage? A. TACACS+ B. L2TP C. LDAP D. TPM
D. TPM - Trusted Platform Module
QUESTION 23 Which of the following is the default port for SCP and SSH? A. 21 B. 22 C. 404 D. 443
B. 22 - SSH
QUESTION 24 Which of the following default ports does the hypertext transfer protocol use for non-secure network connections? A. 20 B. 21 C. 80 D. 8080
C. 80 - HTTP
QUESTION 25 Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system? A. Biometrics B. PKI C. Single factor authentication D. Multifactor authentication
D. Multifactor authentication
QUESTION 26
Which of the following result types would Jane, a security administrator, MOST likely look for during a penetration test?
A. Inability to gain administrative access
B. Open ports
C. Ability to bypass security controls
D. Incorrect configurations
C. Ability to bypass security controls
QUESTION 27 A small business owner has asked the security consultant to suggest an inexpensive means to deter physical intrusions at their place of business. Which of the following would BEST meet their request? A. Fake cameras B. Proximity readers C. Infrared cameras D. Security guards
A. Fake cameras
QUESTION 28 Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type? A. Smartcard B. Token C. Discretionary access control D. Mandatory access control
A. Smartcard
QUESTION 29 Which of the following devices would MOST likely have a DMZ interface? A. Firewall B. Switch C. Load balancer D. Proxy
A. Firewall
QUESTION 30 Which of the following is used to digitally sign an email? A. Private key B. Public key C. Sender's IP D. Sender's MAC address
A. Private key
QUESTION 31 Pete, the company Chief Information Officer (CIO), has been receiving numerous emails from the help desk directing Pete to a link to verify credentials. Which of the following attacks is underway? A. Replay attack B. Pharming C. Privilege escalation D. Spear phishing
D. Spear phishing
QUESTION 32 Pete, a security administrator, noticed that the network analyzer is displaying packets that have all the bits in the option field turned on. Which of the following attacks is underway? A. X-Mas B. DDoS C. Birthday D. Smurf
A. X-Mas
QUESTION 33 Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload? A. Vulnerability scanner B. Fuzzer C. Port scanner D. Protocol analyzer
D. Protocol analyzer
QUESTION 34 Which of the following is Jane, a security administrator, MOST likely to install in order to capture and analyze zero day exploits? A. Honeypot B. Antivirus C. IPS D. IDS
A. Honeypot
QUESTION 35 Which of the following can be implemented to detect file system variations? A. EXT3 B. Hashing C. Encryption D. NIDS
B. Hashing
QUESTION 36 Which of the following threats is MOST likely to be mitigated by implementing cross-site scripting prevention tools? A. Resource starvation B. Insider threat C. Spear phishing D. Session hijacking
D. Session hijacking
QUESTION 37 An attacker has gained access to the corporate network and is attempting to brute force a password to gain access to the accounting system. Which of the following, if implemented, will protect the server? A. Single sign-on B. Password history C. Limit logon attempts D. Directory services
C. Limit logon attempts
QUESTION 38 Pete, a security administrator, wants to check user password complexity. Which of the following is the BEST tool to use? A. Password history B. Password logging C. Password cracker D. Password hashing
C. Password cracker
QUESTION 39 Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)? A. Hashing B. Transport encryption C. Digital signatures D. Steganography
D. Steganography
QUESTION 40 Certificates are used for: (Select TWO). A. client authentication. B. WEP encryption. C. access control lists. D. code signing. E. password hashing.
A. client authentication. D. code signing.
QUESTION 41 When implementing SSL VPN, which of the following is the FASTEST cipher that Pete, an administrator, can use? A. 3DES B. AES C. DES D. RC4
D. RC4
QUESTION 42 Which of the following network devices will prevent port scans? A. Firewall B. Load balancers C. NIDS D. Sniffer
A. Firewall
QUESTION 43 Which of the following is an operational control? A. Concurrent session control B. System security categorization C. Contingency planning D. Session locks
C. Contingency planning
QUESTION 44 Which of the following is a hardware based encryption device? A. EFS B. TrueCrypt C. TPM D. SLE
C. TPM - Trusted Platform Module
QUESTION 45 Which of the following is the MOST important step for preserving evidence during forensic procedures? A. Involve law enforcement B. Chain of custody C. Record the time of the incident D. Report within one hour of discovery
B. Chain of custody
QUESTION 46 Employees of a company have received emails that fraudulently claim to be from the company's security department. The emails ask the employees to sign-on to an Internet website to verify passwords and personal information. This is an example of which type of attack? A. Spam B. Pharming C. Man-in-the-middle D. Vishing
B. Pharming
QUESTION 47 A company has implemented software to enforce full disk and removable media encryption for all computers. Which of the following threats can still expose sensitive data on these computers? A. Spam B. Botnet infection C. Stolen laptop D. Header manipulation
B. Botnet infection
QUESTION 48 Which of the following MOST interferes with network-based detection techniques? A. Mime-encoding B. SSL C. FTP D. Anonymous email accounts
B. SSL - Secure Sockets Layer -
QUESTION 49 Which of the following secure coding concepts can prevent the unintentional execution of malicious code entered in place of proper commands? A. Patch management B. Proper exception handling C. Code reviews D. Input validation
D. Input validation
QUESTION 51 A system administrator decides to use SNMPv3 on the network router in AuthPriv mode. Which of the following algorithm combinations would be valid? A. AES-RC4 B. 3DES-MD5 C. RSA-DSA D. SHA1-HMAC
B. 3DES-MD5 - Triple Data Encryption Standard / Message Digest 5
QUESTION 52 Which of the following are encryption algorithms that can use a 128-bit key size? (Select TWO). A. AES B. RC4 C. Twofish D. DES E. SHA2
A. AES - Advanced Encryption Standard C. Twofish - a symmetric key block cipher
QUESTION 53
Unsolicited address items and messages are discovered on a Chief Information Officer’s (CIO’s) smartphone. Additionally, files on an administrator’s smartphone are changed or missing. Which of the following BEST describes what may have happened?
A. The CIO and the Administrator were both bluesnarfed.
B. The CIO and the Administrator were both bluejacked.
C. The CIO was bluejacked and the Administrator was bluesnarfed.
D. The CIO was bluesnarfed and the Administrator was bluejacked.
C. The CIO was bluejacked and the Administrator was bluesnarfed.
QUESTION 54 Which of the following devices, connected to an IDS, would allow capture of the MOST traffic? A. Switch B. Router C. Firewall D. Hub
D. Hub
QUESTION 55 Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer
B. Protocol analyzer
QUESTION 57
Jane, a user, brings in a laptop from home and gets certificate warnings when connecting to corporate intranet sites. These warnings do not occur when using any of the companies’ workstations. Which of the following is MOST likely the issue?
A. The laptop needs to VPN to bypass the NAC.
B. The corporate intranet servers do not trust the laptop.
C. The laptop’s CRL enrollment has expired.
D. The user’s certificate store does not trust the CA.
D. The user’s certificate store does not trust the CA.
QUESTION 49 Which of the following secure coding concepts can prevent the unintentional execution of malicious code entered in place of proper commands? A. Patch management B. Proper exception handling C. Code reviews D. Input validation
D. Input validation
QUESTION 58 Which of the following mitigates the loss of a private key in PKI? (Select TWO). A. Certificate reissue B. Key rotation C. Key escrow D. Auto enrollment E. Recovery agent
C. Key escrow E. Recovery agent
QUESTION 59 Which of the following specifications would Sara, an administrator, implement as a network access control? A. 802.1q B. 802.3 C. 802.11n D. 802.1x
D. 802.1x
QUESTION 56 Which of the following devices can be used to terminate remote user's established SSL or IPSec tunnels? (Select TWO). A. NIDS B. HIPS C. VPN concentrator D. Hub E. Firewall
C. VPN concentrator E. Firewall
QUESTION 60 Which of the following malware types propagates automatically, does not typically hide, requires user interaction, and displays marketing ads? A. Logic bombs B. Rootkits C. Spyware D. Worms
D. Worms
