Exam E

Question 2

QUESTION 1Which of the following BEST describes a demilitarized zone?A. A buffer zone between protected and unprotected networks.B. A network where all servers exist and are monitored.C. A sterile, isolated network segment with access lists.D. A private network that is protected by a firewall and a VLAN.

Answer 2

A. A buffer zone between protected and unprotected networks.

Question 3

QUESTION 2Which of the following statements BEST describes the basic functionality of a network firewall?A. Improves communication between trusted and non-trusted networksB. Redirects accepted traffic to the proper VLANC. Provides stateful packet inspection of TCP trafficD. Accepts and rejects data based on content

Answer 3

C. Provides stateful packet inspection of TCP traffic

Question 4

QUESTION 3Which of the following BEST describes the function of a protocol analyzer?A. It allows a security technician to decrypt packets as they traverse the network.B. It allows a security technician to encrypt packets as they traverse the network.C. It allows a security technician to perform deep state packet inspection.D. It allows a security technician to perform hardware device troubleshooting.

Answer 4

C. It allows a security technician to perform deep state packet inspection.

Question 5

QUESTION 4Which of the following network solutions would BEST allow Jane, a security technician, to host an extranet application for her company?A. Platform as a ServiceB. Infrastructure as a ServiceC. Storage as a ServiceD. Software as a Service

Answer 5

D. Software as a Service

Question 6

QUESTION 5Which of the following network design elements BEST provides a testing environment to perform malware analysis?A. Platform as a Service (PaaS)B. DMZC. VirtualizationD. Proxies

Answer 6

C. Virtualization

Question 7

QUESTION 6Matt, a security technician, is attempting to explain why some of the company policies should be changed for high risk IT positions. Which of the following concepts BEST explains his support for fraud detection?A. Time of day restrictions is more likely to discover fraud than the other fraud detection methods.B. Least privilege principles allow internal audit teams to discover fraud while a staff member is out of the office.C. Separation of duties is a better fraud detection method than mandatory vacations; therefore, it should be used.D. Mandatory vacations support the company discovering fraud while staff members are out of the office.

Answer 7

D. Mandatory vacations support the company discovering fraud while staff members are out of the office.

Question 8

QUESTION 7Jane, a security technician, is working with the network firewall team to implement access controls at the company’s demarc as part of the initiation of configuration management processes. One of the network technicians asks Jane to explain the access control type found in a firewall. With which of the following should Jane respond?A. Rule based access controlB. Role based access controlC. Discretionary access controlD. Mandatory access control

Answer 8

A. Rule based access control

Question 9

QUESTION 8Sara, a security administrator, has been tasked with explaining smart cards to the company’s management team. Which of the following are smart cards? (Select TWO).A. DACB. TokensC. CACD. ACLE. PIV

Answer 9

C. CAC - Common Access Card E. PIV - Personal Identity Verification Card

Question 10

QUESTION 9Jane, a security architect, is implementing security controls throughout her organization. Which of the following BEST explains the vulnerability in the formula that a Risk = Threat x Vulnerability x Impact?A. Vulnerability is related to the risk that an event will take place.B. Vulnerability is related to value of potential loss.C. Vulnerability is related to the probability that a control will fail.D. Vulnerability is related to the probability of the event.

Answer 10

C. Vulnerability is related to the probability that a control will fail.

Question 11

QUESTION 10Jane, a security analyst, has recently implemented a password complexity requirement within the company systems. Which of the following BEST explains this requirement?A. Accounts shall be required to adhere to no less than 15 characters for all personnel accounts.B. Accounts shall have two uppercase, two lowercase, and one number or special character.C. Accounts shall be changed no less than every ninety (90) days for service accounts.D. Accounts shall be disabled after a period of thirty (30) days if the account has not logged on within thattime period.

Answer 11

B. Accounts shall have two uppercase, two lowercase, and one number or special character.

Question 12

QUESTION 11Pete, an email administrator, notices that Sara and Matt are exchanging image files back and forth. Pete opens an image and sees the image is from the company’s intranet. Pete checks the MD5 hash of the file on the Internet page versus the file Sara and Matt are sending and the hash values do not match. Which of the following is this MOST likely an example of?A. Key escrowB. SteganographyC. Digital signatureD. Non-repudiation

Answer 12

B. Steganography

Question 13

QUESTION 12The HR department has been rotating positions in their own department and hiring new employees to fill positions. It is the end of the year and Pete, the CEO, is concerned about performance reviews and salaries being leaked from the corporate file server. Which of the following should Pete request be done to ensure only the required employees have access to the performance reviews?A. Perform an audit for access.B. Encrypt the data.C. Check the logs for access.D. Move the data to a USB drive.

Answer 13

A. Perform an audit for access.

Question 14

QUESTION 13Jane is building a new web server. Jane only wants to run a web server on a workstation so she disables the default web site, turns off FTP, adds a certificate, and enables port 443 on the web server. Jane is performing which of the following?A. Application patch managementB. Exception handlingC. Application hardeningD. Application baselining

Answer 14

C. Application hardening

Question 15

QUESTION 14Pete’s boss is concerned with the amount of down time the shipping and receiving server is having. He asks Pete to provide him with numbers on the mean time between failures. Which of the following equations could Pete perform to provide this information to his boss?A. Calculate the Annual Loss Expectancy for the year.B. Track the man hours and expenses of the system being down for a month.C. The operational time of the server divided by the number of times the system went down.D. Calculate the Annual Rate of Occurrence for the year.

Answer 15

C. The operational time of the server divided by the number of times the system went down.

Question 16

QUESTION 15The information security department regularly walks the campus and around the buildings looking forunauthorized open wireless networks. This is an example of which of the following?A. A site surveyB. Antenna placementC. War dialingD. War driving

Answer 16

D. War driving

Question 17

QUESTION 16Sara, an attacker, launches a man-in-the-middle attack against Pete. While sniffing Pete’s network traffic, Sara is able to acquire the current cookies Pete is using. Which of the following can Sara use these cookies for?A. Buffer overflowB. Header manipulationC. ARP poisoningD. Session hijacking

Answer 17

D. Session hijacking

Question 18

QUESTION 17Users are reporting having trouble connecting to a certain web server. Pete, the security engineer,discovers the server appears to be running optimally at the OS level. Upon deeper investigation, Pete determines that the server is suspiciously flooding users with RST packets when they attempt to connect. Which of the following tools did Pete MOST likely use to discover this?A. HoneynetB. Network snifferC. Vulnerability scannerD. Port scanner

Answer 18

B. Network sniffer

Question 19

QUESTION 18The lobby of the hotel allows users to plug in their laptops to access the Internet. This network is also used for the IP based phones in the hotel lobby. Mike, the security engineer, wants to secure the phones so that guests cannot electronically eavesdrop on other guests. Which of the following would Mike MOST likely implement?A. VLANB. Port securityC. MPLSD. Separate voice gateway

Answer 19

A. VLAN

Question 20

QUESTION 19Jane, the security engineer, is tasked with hardening routers. She would like to ensure that network access to the corporate router is allowed only to the IT group and from authorized machines. Which of the following would MOST likely be implemented to meet this security goal? (Select TWO).A. SNMPB. HTTPSC. ACLD. Disable consoleE. SSHF. TACACS+

Answer 20

C. ACL - Access Control List F. TACACS+ - Terminal Access Controller Access-Control System Plus - 49

Question 21

QUESTION 20Jane, the network administrator, would like wireless users to authenticate to the network’s RADIUS server via EAP prior to connecting to the WLAN. Which of the following would MOST likely be implemented to facilitate this authentication?A. 802.1xB. WPA2-PSKC. WEPD. TACACS+

Answer 21

A. 802.1x

Question 22

QUESTION 21After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall?A. 25B. 68C. 80D. 443

Answer 22

B. 68 (DHCP)

Question 23

QUESTION 22Which of the following could Sara, an administrator, use in a workplace to remove sensitive data at rest from the premises?A. Network snifferB. Personally owned devicesC. Vulnerability scannerD. Hardware locks

Answer 23

B. Personally owned devices

Question 24

QUESTION 23Pete, the system administrator, has concerns regarding users losing their company provided smartphones. Pete’s focus is on equipment recovery. Which of the following BEST addresses his concerns?A. Enforce device passwords.B. Use remote sanitation.C. Enable GPS trackingD. Encrypt stored data.

Answer 24

C. Enable GPS tracking

Question 25

QUESTION 24Pete, the system administrator, wishes to monitor and limit users’ access to external websites. Which of the following would BEST address this?A. Block all traffic on port 80.B. Implement NIDS.C. Use server load balancers.D. Install a proxy server.

Answer 25

D. Install a proxy server.

Question 26

QUESTION 25Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?A. PATB. NAPC. DNATD. NAC

Answer 26

A. PAT - Port Address Translation

Question 27

QUESTION 26An external company has notified Jane at ABC Co. that their web server was attacked by one of ABC’s IP addresses. The external company provides the time of the attack and the following log information:SRC IP: 182.45.88.12SRC Port: TCP 1335DST IP: 12.42.8.122DST Port: TCP 443Given that ABC uses PAT at their firewall, which of the following is true about this incident?A. Jane cannot identify the ABC’s internal IP address that launched the attack because it happened over HTTPS.B. The external company must provide the packet payload in order for Jane to identify the ABC’s IP that launched the attack.C. The external company did not provide enough information for Jane to be able to identify the ABC’s internal IP that launched the attack.D. Jane can identify the ABC’s internal IP address that launched the attack by reviewing the Firewall logs.

Answer 27

D. Jane can identify the ABC’s internal IP address that launched the attack by reviewing the Firewall logs.

Question 28

QUESTION 27Which of the following settings can Jane, the network administrator, implement in the computer lab to ensure that user credentials cannot be captured by the next computer user?A. Implement full drive encryption on all lab computers.B. Reverse the computer to its original state upon reboot.C. Do not display last username in logon screen.D. Deploy privacy screens on all lab computers.

Answer 28

C. Do not display last username in logon screen.

Question 29

QUESTION 28Jane, a security administrator, is reviewing the company’s official documentation to mitigate the risk of data loss due to personally owned devices being connected to perform company related work. Which of the following documentation should Jane MOST likely review and update?A. Acceptable riskB. Data retention policyC. Acceptable use policyD. End user license agreement

Answer 29

C. Acceptable use policy

Question 30

QUESTION 29After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?A. Succession planningB. Disaster recovery planC. Information security planD. Business impact analysis

Answer 30

B. Disaster recovery plan

Question 31

QUESTION 30Pete, a security administrator, has implemented SSH across all network infrastructure devices in the enterprise. Which of the following protocols will be used to exchange keying material within SSH?A. Transport layer protocolB. IPSecC. Diffie-HellmanD. Secure socket layer

Answer 31

C. Diffie-Hellman

Question 32

QUESTION 31A user has just returned from security awareness training, where users were encouraged to strengthen their passwords and voicemail codes. Which of the following would be the MOST secure password for theuser’s workstation?A. H0me0nTh3RangeB. Letme1nNowC. $3cur1#yD. Passw0rd99

Answer 32

C. $3cur1#y

Question 33

QUESTION 32Matt must come up with a design solution which will enable remote users to securely access network resources. Which of the following design elements will enable Matt to meet this objective?A. DMZB. VLANC. VPND. NAT

Answer 33

C. VPN

Question 34

QUESTION 33Sara, a security technician, has been asked to design a solution which will enable external users to have access to a Web server, while keeping the internal network unaffected by this access. Which of the following would BEST meet this objective?A. Place the Web server on a VLANB. Place the Web server inside of the internal firewallC. Place the Web server in a DMZD. Place the Web server on a VPN

Answer 34

C. Place the Web server in a DMZ

Question 35

QUESTION 34Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?A. TCP 23B. UDP 69C. TCP 22D. TCP 21

Answer 35

C. TCP 22

Question 36

QUESTION 35A company that provides streaming media has recently experienced latency during certain times of the day. Which of the following would mitigate the latency issue?A. Web security gatewayB. FirewallC. Load balancingD. VPN concentrator

Answer 36

C. Load balancing

Question 37

QUESTION 36Matt, a security technician, notices a high number of ARP spoofing attacks on his network. Which of the following design elements would mitigate ARP spoofing attacks?A. Flood guardsB. Implicit denyC. VLANsD. Loop protection

Answer 37

A. Flood guards

Question 38

QUESTION 37Matt works for an organization that requires data to be recovered in the shortest amount of time possible. Which of the following backup types would BEST meet the organization’s needs?A. Full backups dailyB. Differential backups monthlyC. Full backups weeklyD. Incremental backups monthly

Answer 38

A. Full backups daily

Question 39

QUESTION 38How would a technician secure a router configuration if placed in an unsecured closet?A. Mount the router into an immovable rack.B. Enable SSH for maintenance of the router.C. Disable the console port on the router.D. Label the router with contact information.

Answer 39

C. Disable the console port on the router.

Question 40

QUESTION 39Which of the following firewall rules would only block tftp traffic and record it?A. deny udp any server logB. deny udp any server eq 69C. deny tcp any server logD. deny udp any server eq 69 log

Answer 40

D. deny udp any server eq 69 log

Question 41

QUESTION 40Which of the following services should be disabled to stop attackers from using a web server as a mail relay?A. IMAPB. SMTPC. SNMPD. POP3

Answer 41

B. SMTP - Simple Mail Transfer Protocol - 25

Question 42

QUESTION 41Mapping one IP address to another IP address is an example of:A. MAC.B. DMZ.C. NAC.D. NAT.

Answer 42

D. NAT - Network Address Translation

Question 43

QUESTION 42A security administrator has a requirement to encrypt several directories that are non-hierarchical. Which of the following encryption models would BEST meet this requirement?A. AES512B. Database encryptionC. File encryptionD. Full disk encryption

Answer 43

D. Full disk encryption

Question 44

QUESTION 43Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are backdoors and logic bombs. Which of the following differentiates these two types of malware?A. A backdoor is a coding issue that can be discovered by proper configuration management processes.B. A logic bomb is typically hidden within the boot sector of the hard drive and is used to cause DDoS.C. A backdoor is a third generation attack which is typically low risk because only highly trained staff can achieve it.D. A logic bomb is undetectable by current antivirus signatures because a patch has not been issued.

Answer 44

A. A backdoor is a coding issue that can be discovered by proper configuration management processes.

Question 45

QUESTION 44Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?A. Viruses are a subset of botnets which are used as part of SYN attacks.B. Botnets are a subset of malware which are used as part of DDoS attacks.C. Viruses are a class of malware which create hidden openings within an OS.D. Botnets are used within DR to ensure network uptime and viruses are not.

Answer 45

B. Botnets are a subset of malware which are used as part of DDoS attacks.

Question 46

QUESTION 45Which of the following BEST explains the use of an HSM within the company servers?A. Thumb drives present a significant threat which is mitigated by HSM.B. Software encryption can perform multiple functions required by HSM.C. Data loss by removable media can be prevented with DLP.D. Hardware encryption is faster than software encryption.

Answer 46

D. Hardware encryption is faster than software encryption.

Question 47

QUESTION 46Which of the following technologies can store multi-tenant data with different security requirements?A. Data loss preventionB. Trusted platform moduleC. Hard drive encryptionD. Cloud computing

Answer 47

D. Cloud computing

Question 48

QUESTION 47Which of the following technologies prevents USB drives from being recognized by company systems?A. Registry keysB. Full disk encryptionC. USB encryptionD. Data loss prevention

Answer 48

A. Registry keys

Question 49

QUESTION 48Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data.Where and how should Matt meet this requirement?A. Matt should implement access control lists and turn on EFS.B. Matt should implement DLP and encrypt the company database.C. Matt should install Truecrypt and encrypt the company server.D. Matt should install TPMs and encrypt the company database.

Answer 49

B. Matt should implement DLP and encrypt the company database.

Question 50

QUESTION 49Which of the following types of encryption will help in protecting files on a PED?A. Mobile device encryptionB. Transport layer encryptionC. Encrypted hidden containerD. Database encryption

Answer 50

A. Mobile device encryption

Question 51

QUESTION 50Which of the following is MOST closely associated with BitLocker?A. ACLB. DOSC. DLPD. TPM

Answer 51

D. TPM - Trusted Platform Module

Question 52

QUESTION 51Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company’s password policy. Which of the following should Pete do NEXT?A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant.B. Tell the application development manager to code the application to adhere to the company’s password policy.C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.

Answer 52

B. Tell the application development manager to code the application to adhere to the company’s password policy.

Question 53

QUESTION 52Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?A. A recent security breach in which passwords were cracked.B. Implementation of configuration management processes.C. Enforcement of password complexity requirements.D. Implementation of account lockout procedures.

Answer 53

A. A recent security breach in which passwords were cracked.

Question 54

QUESTION 53Which of the following presents the STRONGEST access control?A. MACB. TACACSC. DACD. RBAC

Answer 54

A. MAC

Question 55

QUESTION 54Which of the following encompasses application patch management?A. Configuration managementB. Policy managementC. Cross-site request forgeryD. Fuzzing

Answer 55

A. Configuration management

Question 56

QUESTION 55Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?A. Buffer overflowB. Pop-up blockersC. Cross-site scriptingD. Fuzzing

Answer 56

A. Buffer overflow

Question 57

QUESTION 56Which of the following is the LEAST volatile when performing incident response procedures?A. RegistersB. RAID cacheC. RAMD. Hard drive

Answer 57

D. Hard drive

Question 58

QUESTION 57Which of the following can allow Sara, a security analyst, to encrypt individual files on a system?A. EFSB. Single sign-onC. TLSD. Journaled file system

Answer 58

A. EFS - Encrypting File System

Question 59

QUESTION 58An encryption method where the plain text and cipher text are always the same size is an example of which of the following types of encryption?A. RC4B. MD5C. Steam CipherD. Block Cipher

Answer 59

D. Block Cipher

Question 60

QUESTION 59The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following?A. Rainbow tables attacksB. Brute force attacksC. Birthday attacksD. Cognitive passwords attacks

Answer 60

D. Cognitive passwords attacks

Question 61

QUESTION 60The compliance team comes out with a new policy that all data stored on tapes over 3 years must be degaussed. This BEST describes which of the following types of policies?A. Data handlingB. Data classificationC. Data labelingD. Data disposal

Answer 61

D. Data disposal