Exam C

Question 2

QUESTION 1The annual loss expectancy can be calculated by:A. dividing the annualized rate of return by single loss expectancyB. multiplying the annualized rate of return and the single loss expectancyC. subtracting the single loss expectancy from the annualized rate of returnD. adding the single loss expectancy and the annualized rate of return

Answer 2

B. multiplying the annualized rate of return and the single loss expectancy

Question 3

QUESTION 2 Which of the following datacenter environmental controls must be properly configured to prevent equipment failure from water? A. Lighting B. Temperature C. Humidity D. Halon fire suppression

Answer 3

C. Humidity

Question 4

QUESTION 3 Which of the following should the security administrator do when taking a forensic image of a hard drive? A. Image the original hard drive, hash the image, and analyze the original hard drive. B. Copy all the files from the original into a separate hard drive, and hash all the files. C. Hash the original hard drive, image the original hard drive, and hash the image. D. Image the original hard drive, hash the original hard drive, and analyze the hash.

Answer 4

C. Hash the original hard drive, image the original hard drive, and hash the image.

Question 5

QUESTION 4 In order to prevent and detect fraud, which of the following should be implemented? A. Job rotation B. Risk analysis C. Incident management D. Employee evaluations

Answer 5

A. Job rotation

Question 6

QUESTION 5 A vulnerability scan detects an unpatched application that does not exist on the server. Which of the following is the BEST explanation? A. File corruption B. False positive C. Wrong system was scanned D. Signature needs to be updated on the tool

Answer 6

B. False positive

Question 7

QUESTION 6 Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task? A. HIDS B. Firewall C. NIPS D. Spam filter

Answer 7

C. NIPS - Network Intrusion Protection System

Question 8

QUESTION 7 An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that: A. it is being caused by the presence of a rogue access point. B. it is the beginning of a DDoS attack. C. the IDS has been compromised. D. the internal DNS tables have been poisoned.

Answer 8

B. it is the beginning of a DDoS attack.

Question 9

QUESTION 8 Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company’s live modem pool. Which of the following activities is MOST appropriate? A. War dialing B. War chalking C. War driving D. Bluesnarfing

Answer 9

A. War dialing

Question 10

QUESTION 9 Mike, a system administrator, anticipating corporate downsizing this coming November writes a malicious program to execute three weeks later if his account is removed. Which of the following attacks is this? A. Rootkit B. Virus C. Logic Bomb D. Worm

Answer 10

C. Logic Bomb

Question 11

QUESTION 10 The Compliance Department implements a policy stating the Security Analyst must only review security changes and the Security Administrator will implement the changes. This is example of which of the following? A. Job rotation B. Discretionary access control C. Trust models D. Separation of duties

Answer 11

D. Separation of duties

Question 12

QUESTION 11 An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender? A. CRL B. Non-repudiation C. Trust models D. Recovery agents

Answer 12

B. Non-repudiation

Question 13

QUESTION 12 Which of the following protocols would be used to verify connectivity between two remote devices at the LOWEST level of the OSI model? A. DNS B. SCP C. SSH D. ICMP

Answer 13

D. ICMP - Internet Control Message Protocol

Question 14

QUESTION 13 Sara, a user, needs to copy a file from a Linux workstation to a Linux server using the MOST secure file transfer method available. Which of the following protocols would she use? A. SCP B. FTP C. SNMP D. TFTP

Answer 14

A. SCP - Secure Copy Protocol

Question 15

QUESTION 14 Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server? A. Common access card B. Role based access control C. Discretionary access control D. Mandatory access control

Answer 15

B. Role based access control

Question 16

QUESTION 15 Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? A. HIPS B. NIDS C. HIDS D. NIPS

Answer 16

A. HIPS - Host-Based Intrusion Prevention System

Question 17

QUESTION 16 Matt, the security administrator, notices a large number of alerts on the NIDS. Upon further inspection, it is determined that no attack has really taken place. This is an example of a: A. false negative. B. true negative. C. false positive. D. true positive.

Answer 17

C. false positive.

Question 18

QUESTION 17 Sara, a visitor, plugs her Ethernet cable into an open jack in a wall outlet and is unable to connect to the network. This is MOST likely an example of: A. port security. B. implicit deny. C. flood guards. D. loop protection.

Answer 18

A. port security.

Question 19

QUESTION 18 Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished? A. Create a VLAN without a default gateway. B. Remove the network from the routing table. C. Create a virtual switch. D. Commission a stand-alone switch.

Answer 19

C. Create a virtual switch.

Question 20

QUESTION 19 The security principle that is targeted when implementing ACLs is: A. integrity. B. availability. C. confidentiality. D. responsibility.

Answer 20

A. integrity.

Question 21

QUESTION 20 Which of the following is true about two security administrators who are using asymmetric encryption to send encrypted messages to each other? A. When one encrypts the message with the private key, the other can decrypt it with the private key. B. When one encrypts the message with the private key, the other can decrypt it with the public key. C. When one encrypts the message with the public key, the other can use either the public or the private to decrypt it. D. When one encrypts the message with the public key, the other can decrypt it with the public key.

Answer 21

B. When one encrypts the message with the private key, the other can decrypt it with the public key.

Question 22

QUESTION 21 A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default? A. 20 B. 21 C. 22 D. 23

Answer 22

B. 21 FTP File Transfer Protocol

Question 23

QUESTION 22 Which of the following top to bottom sequential firewall rules will allow SSH communication? A. DENY ANY ANY PERMIT ANY ANY TCP 22 PERMIT ANY ANY UDP 22 B. PERMIT ANY ANY UDP 22 PERMIT ANY ANY TCP 21 DENY ANY ANY C. PERMIT ANY ANY TCP 23 PERMIT ANY ANY TCP 22 DENY ANY ANY D. PERMIT ANY ANY TCP 23 DENY ANY ANY PERMIT ANY ANY TCP 22

Answer 23

C. PERMIT ANY ANY TCP 23 PERMIT ANY ANY TCP 22 DENY ANY ANY

Question 24

QUESTION 23 A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following? A. Availability B. Integrity C. Confidentiality D. Fire suppression

Answer 24

A. Availability

Question 25

QUESTION 24 Which of the following Data Loss Prevention strategies is used to ensure that unauthorized users cannot access information stored in specified fields? A. Whole disk encryption B. Trust models C. Database encryption D. Individual file encryption

Answer 25

C. Database encryption

Question 26

QUESTION 25 Which of the following devices can Sara, an administrator, implement to detect and stop known attacks? A. Signature-based NIDS B. Anomaly-based NIDS C. Signature-based NIPS D. Anomaly-based NIPS

Answer 26

C. Signature-based NIPS - Network-Based Intrusion Prevention System

Question 27

QUESTION 26 Which of the following protocols would be implemented to secure file transfers using SSL? A. TFTP B. SCP C. SFTP D. FTPS

Answer 27

D. FTPS - File Transfer Protocol Secure(SSL 989,990)

Question 28

QUESTION 27 Which of the following security concepts are used for data classification and labeling to protect data? (Select TWO). A. Need to know B. Role based access control C. Authentication D. Identification E. Authorization

Answer 28

A. Need to know E. Authorization

Question 29

QUESTION 28 Which of the following cryptography concepts describes securing a file during download? A. Trust model B. Non-repudiation C. Transport encryption D. Key escrow

Answer 29

C. Transport encryption

Question 30

QUESTION 29 Which of the following secure file transfer methods uses port 22 by default? A. FTPS B. SFTP C. SSL D. S/MIME

Answer 30

B. SFTP - Secure File Transfer Protocol-22

Question 31

QUESTION 30 A drawback of utilizing unmonitored proximity badge readers is that they perform: A. authentication without authorization. B. authorization with authentication. C. authorization without authentication. D. authentication with authorization.

Answer 31

C. authorization without authentication.

Question 32

QUESTION 31 While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing? A. EAP-TLS B. PEAP C. WEP D. WPA

Answer 32

C. WEP - Wired Equivalent Privacy

Question 33

QUESTION 32 Pete, a security administrator, instructs the networking team to push out security updates for a suite of programs on client workstations. This is an example of which of the following? A. Cross-site scripting prevention B. Application configuration baseline C. Application hardening D. Application patch management

Answer 33

D. Application patch management

Question 34

QUESTION 33 A company had decided to assign employees laptops instead of desktops to mitigate the risk of company closures due to disasters. Which of the following is the company trying to ensure? A. Succession planning B. Fault tolerance C. Continuity of operations D. Removing single points of failure

Answer 34

C. Continuity of operations

Question 35

QUESTION 34 Sara, a security administrator, has implemented outbound email filtering. Which of the following would this MOST likely protect Sara’s company from? A. Data loss B. Phishing C. SPAM solicitation D. Distributed denial of service attacks

Answer 35

A. Data loss

Question 36

QUESTION 35 Pete, the security administrator, wants to ensure that traffic to the corporate intranet is secure using HTTPS. He configures the firewall to deny traffic to port 80. Now users cannot connect to the intranet even through HTTPS. Which of the following is MOST likely causing the issue? A. The web server is configured on the firewall’s DMZ interface. B. The VLAN is improperly configured. C. The firewall’s MAC address has not been entered into the filtering list. D. The firewall executes an implicit deny.

Answer 36

D. The firewall executes an implicit deny.

Question 37

QUESTION 36 Sara, the network security administrator, wants to separate Finance department traffic from the rest of the company. The company uses the following IP addresses: Servers and switches: 192.168.1.1 - 192.168.1.40 Users: 192.168.1.70 - 192.168.1.110 Finance Users: 192.168.1.200 - 192.168.1.250 Which of the following would BEST meet Sara’s goal? A. Separate Gateways and Subnet mask of 255.255.255.254 B. VLAN and Subnet mask of 255.255.255.252 C. QoS and Subnet mask of 255.255.255.254 D. SwitchPort Security and a Subnet mask of 255.255.255.252

Answer 37

B. VLAN and Subnet mask of 255.255.255.252

Question 38

QUESTION 37 Which of the following ports are used for secure SNMP and FTPS by default? (Select TWO). A. 21 B. 22 C. 123 D. 161 E. 443 F. 8080

Answer 38

B. 22 - SSHD. 161 - SNMP Simple Network Message Protocol

Question 39

QUESTION 38 Which of the following wireless security algorithms is vulnerable to dictionary attacks when weak passwords are used? A. LEAP B. EAP-TLS C. PEAP D. EAP-FAST

Answer 39

A. LEAP - Lightweight Extensible Authentication Protocol

Question 40

QUESTION 39 Power and data cables from the network center travel through the building’s boiler room. Which of the following should be used to prevent data emanation? A. Video monitoring B. EMI shielding C. Plenum CAT6 UTP D. Fire suppression

Answer 40

B. EMI shielding

Question 41

QUESTION 40 Mike, a user, receives an email from his grandmother stating that she is in another country and needs money. The email address belongs to his grandmother. Which of the following attacks is this? A. Man-in-the-middle B. Spoofing C. Relaying D. Pharming

Answer 41

B. Spoofing

Question 42

QUESTION 41 Sara, a user, receives several unwanted instant messages. Which of the following types of attacks is this? A. Phishing B. Vishing C. Spam D. Spim

Answer 42

D. Spim

Question 43

QUESTION 42 Sara, a security administrator, has changed access point signal strength and antenna placement to help prevent which of the following wireless attacks? A. Evil twin B. War driving C. Bluesnarfing D. IV attack

Answer 43

B. War driving

Question 44

QUESTION 43 Which of the following ports is MOST likely using a secure protocol, by default? A. 21 B. 80 C. 110 D. 443

Answer 44

D. 443 (Https)

Question 45

QUESTION 44 Which of the following network ports is MOST likely associated with HTTPS, by default? A. 53 B. 80 C. 123 D. 443

Answer 45

D. 443 HTTPS

Question 46

QUESTION 45 Which of the following allows Mike, a security technician, to view network traffic for analysis? A. Spam filter B. Sniffer C. Router D. Switch

Answer 46

B. Sniffer

Question 47

QUESTION 46 Which of the following should Matt, a security technician, apply to the network for loop protection? A. Spanning tree B. Log analysis C. Implicit deny D. Load balancers

Answer 47

A. Spanning tree

Question 48

QUESTION 47 Which of the following network administration principles is MOST closely associated with firewall ACLs? A. Log analysis B. Port address translation C. Implicit deny D. Stateful inspection

Answer 48

C. Implicit deny

Question 49

QUESTION 48 Which of the following protocols can be used to secure traffic for telecommuters? A. WPA B. IPSec C. ICMP D. SMTP

Answer 49

B. IPSec - Internet Protocol Security

Question 50

QUESTION 49 Which of the following should Sara, a security technician, use to reduce the possibility of an attacker discovering the company’s wireless network? A. Disable SSID broadcast B. Implement TKIP C. Apply MAC filtering D. Upgrade WEP to WPA

Answer 50

A. Disable SSID broadcast (SSID - Service Set Identification)

Question 51

QUESTION 50 Which of the following is a management control? A. Logon banners B. Written security policy C. SYN attack prevention D. Access Control List (ACL)

Answer 51

B. Written security policy

Question 52

QUESTION 51 Which of the following risk concepts BEST supports the identification of fraud? A. Risk transference B. Management controls C. Mandatory vacations D. Risk calculation

Answer 52

C. Mandatory vacations

Question 53

QUESTION 52 Which of the following incident response aspects allows Pete, the security technician, to identify who caused a Distributed Denial of Service (DDoS) attack? A. Network logs B. Live system image C. Record time offset D. Screenshots

Answer 53

A. Network logs

Question 54

QUESTION 53 Which of the following security strategies allows a company to limit damage to internal systems and provides loss control? A. Restoration and recovery strategies B. Deterrent strategies C. Containment strategies D. Detection strategies

Answer 54

C. Containment strategies

Question 55

QUESTION 54 Which of the following must Mike, a user, implement if he wants to send a secret message to Jane, a co-worker, by embedding it within an image? A. Transport encryption B. Steganography C. Hashing D. Digital signature

Answer 55

B. Steganography

Question 56

QUESTION 55 In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using? A. Three factor B. Single factor C. Two factor D. Four factor

Answer 56

B. Single factor

Question 57

QUESTION 56 Which of the following must Jane, a security administrator, implement to ensure all wired ports are authenticated before a user is allowed onto the network? A. Intrusion prevention system B. Web security gateway C. Network access control D. IP access control lists

Answer 57

C. Network access control

Question 58

QUESTION 57 Mike, a server engineer, has received four new servers and must place them in a rack in the datacenter. Which of the following is considered best practice? A. All servers’ air exhaust toward the cold aisle. B. All servers’ air intake toward the cold aisle. C. Alternate servers’ air intake toward the cold and hot aisle. D. Servers’ air intake must be parallel to the cold/hot aisles.

Answer 58

B. All servers’ air intake toward the cold aisle.

Question 59

QUESTION 58 Mike, a security analyst, has captured a packet with the following payload: GET ../../../../system32\/cmd.exe Which of the following is this an example of? A. SQL injection B. Directory traversal C. XML injection D. Buffer overflow

Answer 59

B. Directory traversal

Question 60

QUESTION 59 Sara, the security administrator, needs to open ports on the firewall to allow for secure data transfer. Which of the following TCP ports would allow for secure transfer of files by default? A. 21 B. 22 C. 23 D. 25

Answer 60

B. 22 SSH

Question 61

QUESTION 60 Which of the following technologies would allow for a secure tunneled connection from one site to another? (Select TWO). A. SFTP B. IPSec C. SSH D. HTTPS E. ICMP

Answer 61

B. IPSec - Internet Protocol SecurityC. SSH - Secure Shell 22