Exam A

Question 1

QUESTION 1
 A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described? 
A. White box 
B. Gray box 
C. Black box 
D. Red teaming

Answer 1

A. White box

Question 2

QUESTION 2
A user has forgotten their account password. Which of the following is the BEST recovery strategy?
A. Upgrade the authentication system to use biometrics instead.
B. Temporarily disable password complexity requirements.
C. Set a temporary password that expires upon first use.
D. Retrieve the user password from the credentials database.

Answer 2

C. Set a temporary password that expires upon first use.

Question 3

QUESTION 3
All of the following are valid cryptographic hash functions EXCEPT: 
A. RIPEMD 
B. RC4 
C. SHA-512 
D. MD4

Answer 3

B. RC4 - Rivest Cypher 4 -Stream cipher is the basis for Secure Sockets Layer (SSL) and Wired Equivalent Privacy (WEP).

Question 4

QUESTION 4 
When a certificate issuer is not recognized by a web browser, which of the following is the MOST common reason? 
A. Lack of key escrow 
B. Self-signed certificate 
C. Weak certificate pass-phrase 
D. Weak certificate cipher

Answer 4

B. Self-signed certificate

Question 5

QUESTION 5 
Which of the following PKI components identifies certificates that can no longer be trusted? 
A. CRL 
B. CA public key 
C. Escrow 
D. Recovery agent

Answer 5

A. CRL - Certificate Revocation list

Question 6

QUESTION 6 
Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack? 
A. 802.1x 
B. DHCP 
C. 802.1q 
D. NIPS

Answer 6

A. 802.1x

Question 7

QUESTION 7 
MAC filtering is a form of which of the following?
A. Virtualization 
B. Network Access Control
C. Virtual Private Networking
D. Network Address Translation

Answer 7

B. Network Access Control

Question 8

QUESTION 8 
Which of the following authentication protocols forces centralized wireless authentication?
A. WPA2-Personal 
B. WPA2-Enterprise 
C. WPA2-CCMP 
D. WPA2-TKIP

Answer 8

B. WPA2-Enterprise (Wi-Fi Protected Access 2- Enterprise)

Question 9

QUESTION 9 
A company that purchases insurance to reduce risk is an example of which of the following?
A. Risk deterrence 
B. Risk acceptance 
C. Risk avoidance 
D. Risk transference

Answer 9

D. Risk transference

Question 10

QUESTION 10
Which of the following is a method to prevent ad-hoc configuration mistakes?
A. Implement an auditing strategy
B. Implement an incident management strategy
C. Implement a patch management strategy
D. Implement a change management strategy

Answer 10

D. Implement a change management strategy

Question 11

QUESTION 11 
Which of the following risks may result from improper use of social networking and P2P software? 
A. Shoulder surfing 
B. Denial of service 
C. Information disclosure 
D. Data loss prevention

Answer 11

C. Information disclosure

Question 12

QUESTION 12 
Which of the following malware types is BEST described as protecting itself by hooking system processes and hiding its presence? 
A. Botnet 
B. Rootkit 
C. Logic bomb 
D. Virus

Answer 12

B. Rootkit

Question 13

QUESTION 13 
A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type? 
A. NAT 
B. NIPS 
C. NAC 
D. DMZ

Answer 13

C. NAC - Network Access Control

Question 14

QUESTION 14 
Which of the following would be used for secure remote terminal access? 
A. SSH 
B. TFTP 
C. SCP 
D. SFTP

Answer 14

A. SSH - Secure Shell - 22

Question 15

QUESTION 15 
Without validating user input, an application becomes vulnerable to all of the following EXCEPT:
A. buffer overflow. 
B. command injection. 
C. spear phishing. 
D. SQL injection.

Answer 15

C. spear phishing.

Question 16

QUESTION 16
After verifying that the server and database are running, Jane, the administrator, is still unable to make a TCP connection to the database. Which of the following is the MOST likely cause for this?
A. The server has data execution prevention enabled
B. The server has TPM based protection enabled
C. The server has HIDS installed
D. The server is running a host-based firewall

Answer 16

D. The server is running a host-based firewall

Question 17

QUESTION 17 
Which of the following is used to detect an unknown security vulnerability? 
A. Application fuzzing 
B. Application configuration baseline 
C. Patch management 
D. ID badge

Answer 17

A. Application fuzzing

Question 18

QUESTION 18
Which of the following is a best practice before deploying a new desktop operating system image?
A. Install network monitoring software
B. Perform white box testing
C. Remove single points of failure
D. Verify operating system security settings

Answer 18

D. Verify operating system security settings

Question 19

QUESTION 19
Securing mobile devices involves which of the following checklists?
A. Key escrow, trust model, CRL
B. Cross-site scripting, XSRF, fuzzing
C. Screen lock, encryption, remote wipe
D. Black box, gray box, white box testing

Answer 19

C. Screen lock, encryption, remote wipe

Question 20

QUESTION 20
Which of the following steps should follow the deployment of a patch?
A. Antivirus and anti-malware deployment
B. Audit and verification
C. Fuzzing and exploitation
D. Error and exception handling

Answer 20

B. Audit and verification

Question 21

QUESTION 21 
Lack of internal security resources and high availability requirements are factors that may lead a company to consider:
A. patch management. 
B. encryption. 
C. cloud computing. 
D. anti-malware sotware.

Answer 21

C. cloud computing.

Question 22

QUESTION 22 
Which of the following would be used when a higher level of security is desired for encryption key storage? A. TACACS+ 
B. L2TP 
C. LDAP 
D. TPM

Answer 22

D. TPM - Trusted Platform Module

Question 23

QUESTION 23 
Which of the following is the default port for SCP and SSH? 
A. 21 
B. 22 
C. 404 
D. 443

Answer 23

B. 22 - SSH

Question 24

QUESTION 24 
Which of the following default ports does the hypertext transfer protocol use for non-secure network connections? 
A. 20 
B. 21 
C. 80 
D. 8080

Answer 24

C. 80 - HTTP

Question 25

QUESTION 25 
Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system? A. Biometrics 
B. PKI 
C. Single factor authentication 
D. Multifactor authentication

Answer 25

D. Multifactor authentication

Question 26

QUESTION 26
Which of the following result types would Jane, a security administrator, MOST likely look for during a penetration test?
A. Inability to gain administrative access
B. Open ports
C. Ability to bypass security controls
D. Incorrect configurations

Answer 26

C. Ability to bypass security controls

Question 27

QUESTION 27 
A small business owner has asked the security consultant to suggest an inexpensive means to deter physical intrusions at their place of business. Which of the following would BEST meet their request? 
A. Fake cameras 
B. Proximity readers 
C. Infrared cameras 
D. Security guards

Answer 27

A. Fake cameras

Question 28

QUESTION 28 
Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type? 
A. Smartcard 
B. Token 
C. Discretionary access control 
D. Mandatory access control

Answer 28

A. Smartcard

Question 29

QUESTION 29 
Which of the following devices would MOST likely have a DMZ interface? 
A. Firewall 
B. Switch 
C. Load balancer
 D. Proxy

Answer 29

A. Firewall

Question 30

QUESTION 30 
Which of the following is used to digitally sign an email? 
A. Private key 
B. Public key 
C. Sender's IP
D. Sender's MAC address

Answer 30

A. Private key

Question 31

QUESTION 31 
Pete, the company Chief Information Officer (CIO), has been receiving numerous emails from the help desk directing Pete to a link to verify credentials. Which of the following attacks is underway? 
A. Replay attack 
B. Pharming 
C. Privilege escalation 
D. Spear phishing

Answer 31

D. Spear phishing

Question 32

QUESTION 32 
Pete, a security administrator, noticed that the network analyzer is displaying packets that have all the bits in the option field turned on. Which of the following attacks is underway? 
A. X-Mas 
B. DDoS 
C. Birthday 
D. Smurf

Answer 32

A. X-Mas

Question 33

QUESTION 33 
Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload? 
A. Vulnerability scanner 
B. Fuzzer 
C. Port scanner 
D. Protocol analyzer

Answer 33

D. Protocol analyzer

Question 34

QUESTION 34 
Which of the following is Jane, a security administrator, MOST likely to install in order to capture and analyze zero day exploits? 
A. Honeypot 
B. Antivirus 
C. IPS 
D. IDS

Answer 34

A. Honeypot

Question 35

QUESTION 35 
Which of the following can be implemented to detect file system variations? 
A. EXT3 
B. Hashing 
C. Encryption 
D. NIDS

Answer 35

B. Hashing

Question 36

QUESTION 36 
Which of the following threats is MOST likely to be mitigated by implementing cross-site scripting prevention tools? 
A. Resource starvation 
B. Insider threat 
C. Spear phishing 
D. Session hijacking

Answer 36

D. Session hijacking

Question 37

QUESTION 37 
An attacker has gained access to the corporate network and is attempting to brute force a password to gain access to the accounting system. Which of the following, if implemented, will protect the server? 
A. Single sign-on 
B. Password history 
C. Limit logon attempts 
D. Directory services

Answer 37

C. Limit logon attempts

Question 38

QUESTION 38 
Pete, a security administrator, wants to check user password complexity. Which of the following is the BEST tool to use? 
A. Password history 
B. Password logging 
C. Password cracker 
D. Password hashing

Answer 38

C. Password cracker

Question 39

QUESTION 39 
Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)? 
A. Hashing 
B. Transport encryption 
C. Digital signatures 
D. Steganography

Answer 39

D. Steganography

Question 40

QUESTION 40 
Certificates are used for: (Select TWO). 
A. client authentication. 
B. WEP encryption. 
C. access control lists. 
D. code signing. 
E. password hashing.

Answer 40

A. client authentication. D. code signing.

Question 41

QUESTION 41 
When implementing SSL VPN, which of the following is the FASTEST cipher that Pete, an administrator, can use? 
A. 3DES
B. AES 
C. DES 
D. RC4

Answer 41

D. RC4

Question 42

QUESTION 42 
Which of the following network devices will prevent port scans? 
A. Firewall 
B. Load balancers 
C. NIDS 
D. Sniffer

Answer 42

A. Firewall

Question 43

QUESTION 43 
Which of the following is an operational control? 
A. Concurrent session control 
B. System security categorization 
C. Contingency planning 
D. Session locks

Answer 43

C. Contingency planning

Question 44

QUESTION 44 
Which of the following is a hardware based encryption device? 
A. EFS 
B. TrueCrypt 
C. TPM 
D. SLE

Answer 44

C. TPM - Trusted Platform Module

Question 45

QUESTION 45 
Which of the following is the MOST important step for preserving evidence during forensic procedures? 
A. Involve law enforcement 
B. Chain of custody 
C. Record the time of the incident 
D. Report within one hour of discovery

Answer 45

B. Chain of custody

Question 46

QUESTION 46 
Employees of a company have received emails that fraudulently claim to be from the company's security department. The emails ask the employees to sign-on to an Internet website to verify passwords and personal information. This is an example of which type of attack?
A. Spam 
B. Pharming 
C. Man-in-the-middle 
D. Vishing

Answer 46

B. Pharming

Question 47

QUESTION 47 
A company has implemented software to enforce full disk and removable media encryption for all computers. Which of the following threats can still expose sensitive data on these computers? 
A. Spam 
B. Botnet infection 
C. Stolen laptop 
D. Header manipulation

Answer 47

B. Botnet infection

Question 48

QUESTION 48 
Which of the following MOST interferes with network-based detection techniques? 
A. Mime-encoding 
B. SSL 
C. FTP 
D. Anonymous email accounts

Answer 48

B. SSL - Secure Sockets Layer -

Question 49

QUESTION 49 
Which of the following secure coding concepts can prevent the unintentional execution of malicious code entered in place of proper commands? 
A. Patch management 
B. Proper exception handling 
C. Code reviews 
D. Input validation

Answer 49

D. Input validation

Question 51

QUESTION 51 
A system administrator decides to use SNMPv3 on the network router in AuthPriv mode. Which of the following algorithm combinations would be valid? 
A. AES-RC4 
B. 3DES-MD5 
C. RSA-DSA 
D. SHA1-HMAC

Answer 51

B. 3DES-MD5 - Triple Data Encryption Standard / Message Digest 5

Question 52

QUESTION 52 
Which of the following are encryption algorithms that can use a 128-bit key size? (Select TWO). 
A. AES 
B. RC4 
C. Twofish 
D. DES 
E. SHA2

Answer 52

A. AES - Advanced Encryption Standard C. Twofish - a symmetric key block cipher

Question 53

QUESTION 53
Unsolicited address items and messages are discovered on a Chief Information Officer’s (CIO’s) smartphone. Additionally, files on an administrator’s smartphone are changed or missing. Which of the following BEST describes what may have happened?
A. The CIO and the Administrator were both bluesnarfed.
B. The CIO and the Administrator were both bluejacked.
C. The CIO was bluejacked and the Administrator was bluesnarfed.
D. The CIO was bluesnarfed and the Administrator was bluejacked.

Answer 53

C. The CIO was bluejacked and the Administrator was bluesnarfed.

Question 54

QUESTION 54 
Which of the following devices, connected to an IDS, would allow capture of the MOST traffic? 
A. Switch 
B. Router 
C. Firewall 
D. Hub

Answer 54

D. Hub

Question 55

QUESTION 55 
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? 
A. Spam filter 
B. Protocol analyzer 
C. Web application firewall 
D. Load balancer

Answer 55

B. Protocol analyzer

Question 56

QUESTION 57
Jane, a user, brings in a laptop from home and gets certificate warnings when connecting to corporate intranet sites. These warnings do not occur when using any of the companies’ workstations. Which of the following is MOST likely the issue?
A. The laptop needs to VPN to bypass the NAC.
B. The corporate intranet servers do not trust the laptop.
C. The laptop’s CRL enrollment has expired.
D. The user’s certificate store does not trust the CA.

Answer 56

D. The user’s certificate store does not trust the CA.

Question 57

QUESTION 49 Which of the following secure coding concepts can prevent the unintentional execution of malicious code entered in place of proper commands? A. Patch management B. Proper exception handling C. Code reviews D. Input validation

Answer 57

D. Input validation

Question 58

QUESTION 58 
Which of the following mitigates the loss of a private key in PKI? (Select TWO). 
A. Certificate reissue 
B. Key rotation 
C. Key escrow 
D. Auto enrollment 
E. Recovery agent

Answer 58

C. Key escrow E. Recovery agent

Question 59

QUESTION 59 
Which of the following specifications would Sara, an administrator, implement as a network access control? 
A. 802.1q 
B. 802.3 
C. 802.11n 
D. 802.1x

Answer 59

D. 802.1x

Question 60

QUESTION 56 
Which of the following devices can be used to terminate remote user's established SSL or IPSec tunnels? (Select TWO).
A. NIDS 
B. HIPS 
C. VPN concentrator 
D. Hub E. Firewall

Answer 60

C. VPN concentrator E. Firewall

Question 61

QUESTION 60 
Which of the following malware types propagates automatically, does not typically hide, requires user interaction, and displays marketing ads? 
A. Logic bombs 
B. Rootkits 
C. Spyware 
D. Worms

Answer 61

D. Worms