grheb Flashcards
1. You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and to create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task? A. Policies B. Standards C. Guidelines D. BIA
C
Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards.
2. Consider the following scenario. The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the SLE for this scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67
A
It does not matter how frequent a loss is projected (only once every 60 years, in this case). What does matter is that each occurrence will be disastrous: SLE (single loss expectancy) is equal to asset value (AV) times exposure factor (EF). In this case, asset value is $2 million and the exposure factor is 1.
3. Consider the following scenario. The asset value of your company’s primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following amounts is the ALE for this scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67
D ALE (annual loss expectancy) is equal to the SLE times the annualized rate of occurrence. In this case, the SLE is $2 million and the ARO is 1/60.
4. Consider the following scenario. The asset value of your company's primary servers is $2 million, and they are housed in a single office building in Anderson, Indiana. Field offices are scattered throughout the United States, but the workstations located at the field offices serve as thin clients and access data from the Anderson servers. Tornados in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the ARO for this scenario? A. 0.0167 B. 1 C. 5 D. 16.7 E. 60
A ARO (annualized rate of occurrence) is the frequency (in number of years) that an event can be expected to happen. In this case, ARO is 1/60, or 0.0167.
5. Which of the following strategies involves identifying a risk and making the decision to discontinue engaging in the action? A. Risk acceptance B. Risk avoidance C. Risk mitigation D. Risk transference
B
Risk avoidance involves identifying a risk and making the decision no longer to engage in the actions associated with that risk
6. Which of the following policy statements may include an escalation contact in the event that the person dealing with a situation needs to know who to contact? A. Scope B. Exception C. Overview D. Accountability
B
The exception policy statement may include an escalation contact in the event that the person dealing with a situation needs to know who to contact.
7.Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
A
A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization.
8. What is the term used for events that were mistakenly flagged although they weren't truly events about which to be concerned? A. Fool's gold B. Non-incidents C. Error flags D. False positives
D
False positives are events that were mistakenly flagged and aren’t truly events to be concerned about.
9. Which of the following is the structured approach that is followed to secure a company's assets? A. Audit management B. Incident management C. Change management D. Skill management
C
Change management is the structured approach that is followed to secure a company’s assets.
10. Which of the following strategies involves sharing some of the risk burden with someone else, such as an insurance company? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference
E
Risk transference involves sharing some of the risk burden with someone else, such as an insurance company.
11. The risk assessment component, in conjunction with the \_\_\_\_\_\_\_\_, provides the organization with an accurate picture of the situation facing it. A. RAC B. ALE C. BIA D. RMG
C
The risk assessment component, in conjunction with the business impact analysis (BIA), provides an organization with an accurate picture of the situation it faces.
12. Which of the following policy statements should address who is responsible for ensuring that the policy is enforced? A. Scope B. Exception C. Overview D. Accountability
D
The accountability policy statement should address who is responsible for ensuring that the policy is enforced.
13. Which of the following strategies is accomplished any time you take steps to reduce risk? A. Risk acceptance B. Risk avoidance C. Risk transference D. Risk mitigation
D
Risk mitigation is accomplished any time you take steps to reduce
14. If you calculate the SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is: A. $400 B. $4,000 C. $40,000 D. $400,000
C
If you calculate the SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is $40,000 ($4,000 × 10).
15. Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
B
The acceptable use policies describe how the employees in an organization can use company systems and resources, both software and hardware.
16. Separation of duties helps to prevent an individual from embezzling money from a company. To embezzle funds successfully, an individual would need to recruit others to commit an act of \_\_\_\_\_\_\_\_\_\_\_\_\_\_ (an agreement between two or more parties established for the purpose of committing deception or fraud). A. Misappropriation B. Misuse C. Collusion D. Fraud
C
Collusion is an agreement between two or more parties established for the purpose of committing deception or fraud. Collusion, when part of a crime, is also a criminal act in and of itself.
17. Which of the following agreements contains the technical information regarding the technical and security requirements of the interconnection between two or more organizations? A. BPA B. MOA C. ISA D. MOU
C The ISA (interconnection security agreement) specifies the technical and security requirements of the interconnection.
18. If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE? A. $6,250 B. $12,500 C. $25,000 D. $100,000
A
If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then the ALE is $6,250 ($25,000 × 0.25).
19. Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control
C
The principle of least privilege should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.
20. Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to live with it? A. Risk acceptance B. Risk avoidance C. Risk transference D. Risk mitigation
A
Risk acceptance necessitates an identified risk that those involved understand the potential cost or damage and agree to accept it.
1.A periodic update that corrects problems in one version of a product is called a(n) \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_. A. Hotfix B. Overhaul C. Service pack D. Security update
C
A periodic update that corrects problems in one version of a product is called a service pack. Option A is incorrect; a hotfix is an immediate and urgent fix for a specific problem. Option B is incorrect: overhaul is not a term used in the industry. Option D is incorrect; a patch is done to fix a specific problem.
2.Which device monitors network traffic in a passive manner? A. Sniffer B. IDS C. Firewall D. Web browser
B
An IDS monitors network traffic, but it does not take any specific action and is therefore considered passive. Option A is incorrect because sniffers tend to be run for a specific period of time by a human operator. Option C is incorrect; a firewall is for blocking traffic, not monitoring, and is not passive. Option D is incorrect; a web browser is for viewing web pages.
3.What is a system that is intended or designed to be broken into by an attacker?
A. Honeypot
B. Honeybucket
C. Decoy
D. Spoofing system
E. Deleted if the employee has been terminated
A
A honeypot is a system specifically designed to be being broken into. Options B, C, and D are not the terms used in the industry.
4.In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization? A. Supervisor B. Administrator C. Root D. Director
B
An administrator is the term for someone setting security policy in an IDS. Options A, C, and D are not the terms used in the industry.
5.You are a junior security administrator for a large bank. You have been asked to make the database servers as secure as they can be. The process of making certain that an entity (operating system, application, and so on) is as secure as it can be is known as which of the following? A. Stabilizing B. Reinforcing C. Hardening D. Toughening
C
Hardening is the term used for making a system as secure as it can be. Answers A, B, and D are not the terms used in the industry.
6.John is working on designing a network for the insurance company where he is employed. He wants to put the web server in an area that has somewhat less security so that outside users might access it. But he does not want that to compromise the security of the rest of the network. What would be John’s best approach?
A. Place the web server in a honeynet.
B. Place the web server on the guest network segment.
C. Place the web server in a DMZ.
D. Place the web server outside his network.
C
DMZs are meant to set public-facing servers. The exterior firewall of the DMZ is more permissive than the interior, making the DMZ somewhat less secure. Option A is incorrect; a honeynet is designed to catch attackers, and it should not be obviously less secure than the actual production network. Option B is incorrect; a guest network is not meant to be accessible from the outside world. Option D is incorrect; it would be completely insecure, not just somewhat less secure.
7.Tom has been instructed to find a security standard, applicable to the United States, that will help him develop appropriate security policies. He has found a standard that describes 8 principles and 14 practices that can be used to develop security policies. What standard is Tom most likely reviewing? A. ISO/IEC 27001:2013 B. NIST 800-12 C. NIST 800-14 E. ISA/IEC-62443 4
C
The other answers are other standards.
B:An Introduction to Information Security
C:Principles and Practices for Securing IT Systems
8.Juanita is implementing a security mechanism that will fully encrypt the hard drive of laptops in her organization. The encryption and decryption will be automatic. What best describes what Juanita is implementing?
A. AES
B. TPM
C. FDE
D. SED
D SED (self-encrypting drive) is described in this scenario. The other options are related to cryptography but are not automatic. For example, FDE (full disk encryption) would fully encrypt the hard drive, but it would not be automatic.
9.Ahmed has been working to mitigate the threat of malware in his network. He has selected a specific vendor (Vendor ABC) for his antivirus software. He is using ABC products everywhere he needs antivirus software. Is this the correct decision? Why or why not?
A. Yes, consistency is more secure.
B. Yes, this will make the process more affordable.
C. No, this violates control diversity.
D. No, this violates vendor diversity.
D
This violated vendor diversity. He is using the same vendor for all of his antimalware. If there is any flaw in that vendor, or the algorithm used by that vendor misses a specific virus, then it will be missed everywhere.
10.You are concerned about your backup files becoming infected with malware. Which of the following technologies would be best to protect your backup? A. Air-gap B. SPI firewall C. DMZ D. VLAN
A
An air-gapped backup is not exposed to the network and thus is far less likely to become infected. In fact, the only possibility for infection at the moment is that a backup is transferred to the air-gapped storage. If antivirus is run just prior to this action, then the chances of malware in the backup become extremely small. The other options have nothing to do with protecting backups.
1.Which of the following devices is the most capable of providing infrastructure security? A. Hub B. Switch C. Router D. Modem
C
Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened.
2.Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?
A. Prevents unauthorized packets from entering the network
B. Allows all packets to leave the network
C. Allows all packets to enter the network
D. Eliminates collisions in the network
A
Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic.
3.Which device stores information about destinations in a network (choose the best answer)? A. Hub B. Modem C. Firewall D. Router
D
Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router.
4.As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency? A. Hub B. Switch C. Router D. PBX
B
Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used.
5.You've been notified that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security? A. IPSec B. PPTP C. L2TP D. L2F
A
IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.
6.Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—used to shift a load from one device to another? A. Proxy B. Hub C. Load balancer D. Switch
C
A load balancer can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another.
7.Which of the following are multiport devices that improve network efficiency? A. Switches B. Modems C. Gateways D. Concentrators
A
Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network.
8.Which IDS system uses algorithms to analyze the traffic passing through the network? A. Arithmetical B. Algebraic C. Statistical D. Heuristic
D
A heuristic system uses algorithms to analyze the traffic passing through the network.
9.Which of the following can be used to offload the public-key encryption to a separate hardware plug-in card? A. SSL accelerator B. Load balancer C. Proxy firewall D. SIEM
A
Since encrypting data is very processor intensive, SSL accelerators can be used to offload the public-key encryption to a separate plug-in card.
10.Which of the following protections implies that information, once written, cannot be modified? A. DLP B. ROM C. WORM D. NAC
C With WORM (write-once-read-many) protection, information, once written, cannot be modified thus assuring that the data cannot be tampered with once it is written to the device.
11.In which two modes can IPSec work? A. Tunneling and Storing B. Transport and Storing C. Tunneling and Transport D. At-Rest and At-Ease
C
IPSec can work in either Tunneling or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload.
12.With which tunnel configuration are only some (usually all incoming) requests routed and encrypted over the VPN? A. Split B. Full C. Partial D. Hybrid
A
With a full tunnel configuration, all requests are routed and encrypted through the VPN, whereas with a split tunnel, only some requests (usually all incoming) are routed and encrypted over the VPN.
13.With which type of load balance scheduling is the first client request sent to the first group of servers, the second is sent to the second, and so on? A. Affinity B. Round-robin C. Sequential D. Progressive
B
With round-robin load balancing, the first client request is sent to the first group of servers, the second is sent to the second, and so on.
14.Which type of load balancing configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in? A. Active-active B. Cooperative-sharing C. Equal-partner D. Proactive-colleague
A
An active-active configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in.
15.Which of the following work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination? A. SSL filters B. SSL gateways C. SSL accelerators D. SSL decryptors
D
SSL decryptors work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination.
16.Which of the following is a chip that can store cryptographic keys, passwords, or certificates? A. HMP B. TPM C. MTP D. PMH
B
TPM (trusted platform module) is the name assigned to a chip that can store cryptographic keys, passwords, or certificates.
Which AP-based technology can increase security dramatically by allowing or denying access based on a client’s physical address?
17.Which AP-based technology can increase security dramatically by allowing or denying access based on a client's physical address? A. MAC filtering B. UTM (unified threat management) C. Round-robin D. WORM
A
With MAC filtering each host is identified by its MAC address and allowed (or denied) access based on that.
18.Which network devices are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two? A. Accelerators B. Proxies C. Bridges D. Balancers
C
Bridges are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two.
19.Which problem can occur when more than one bridge or switch is implemented on the network, and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not? A. Backdoors B. Dead zones C. Collisions D. Loops
D
Loops can occur when more than one bridge or switch is implemented on the network and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not.
20.To combat the problem described in Question 19(loop problem), which of the following technologies enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent problems? A. ESSID B. SSID C. BRD D. STP
D
To combat the loop problem, technologies such as the Spanning Tree Protocol (STP) enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent loops.
1.John is a network administrator for ACME company. He is trying to explain least privileges to a new technician. Which of the following is the basic premise of least privilege?
A. Always assign responsibilities to the administrator who has the minimum permissions required.
B. When assigning permissions, give users only the permissions they need to do their work and no more.
C. Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing.
D. Do not give management more permissions than users.
B
Least privileges means to grant just enough privileges to do the job and no more. The other answers do not describe least privileges.
2.The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be slightly reduced. Which access model allows users some flexibility for information-sharing purposes? A. DAC B. MAC C. RBAC D. MLAC
A
Discretionary access control allows users to define access. Option B is incorrect; this would be more restrictive. Option C is role-based access control. Option D is not an access control mechanism
3.Ahmed has been directed to ensure that LDAP on his network is secure. LDAP is an example of which of the following?
A. Directory access protocol
B. IDS
C. Tiered model application development environment
D. File server
A
LDAP, or Lightweight Directory Access Control, is a directory access protocol. The other answers are not related to directory access.
4.Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on preestablished access and can't be changed by users? A. MAC B. DAC C. RBAC D. Kerberos
A
Mandatory access control cannot be modified by users and is considered more secure. Option B is incorrect—DAC provides the users flexibility and is less secure. Option C is incorrect; RBAC is not based on preestablished access, but rather roles. Option D is incorrect; Kerberos is an authentication protocol, not an access method.
5.Your office administrator is being trained to perform server backups. Which access control method would be ideal for this situation? A. MAC B. DAC C. RBAC D. Security tokens
C
Role-based access control is based on the user’s role, in this case the office administrator. Options A and B are incorrect and are not based on user roles. Option D is not related to access.
6.You've been assigned to mentor a junior administrator and bring her up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems? A. CHAP B. Kerberos C. Biometrics D. Smartcards
B
Kerberos uses a KDC (key distribution center). The other options do not.
7.After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon? A. Multifactor B. Biometrics C. Smartcard D. Kerberos
A
Multifactor authentication uses more than one method. Options B, C, and D are all one-factor methods.
8.Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session? A. Tokens B. Certificate C. Smartcard D. Kerberos
A
Tokens are secure and can be one-time tokens. Options B, C, and D can all be used more than once.
9.Which of the following is the term used whenever two or more parties authenticate each other? A. SSO B. Multifactor authentication C. Mutual authentication D. Tunneling
C
Two parties authenticating each other is mutual authentication. The other options do not describe this.
10.You have added a new child domain to your network. As a result of this, the child has adopted all of the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this? A. LDAP access B. XML access C. Fuzzing access D. Transitive access
D
This is a classic example of transitive access. Option A is incorrect; LDAP is a directory access protocol. Options B and C are not access descriptions.
11.Which of the following is a type of smartcard issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees? A. PIV B. POV C. DLP D. CAC
D
The CAC is the smartcard used by the U.S. Department of Defense.
12.You are working as a security administrator for a small financial institution. You want to use an authentication method that will periodically reauthenticate clients. Which protocol is best suited for this? A. PAP B. SPAP C. KERBEROS D. CHAP
D
CHAP periodically reauthenticates. Options A, B, and C are all authentication methods but do not reauthenticate.
13.Which command most likely produced the output shown in the graphic? Interface: 192.168.1.104 -- OXc Internet Address Physical Address Type 192.168.1.1 60-38-e0-6f-c9-d3 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static A. arp -a B. ping -a C. netstat D. nslookup
A
This is the output from arp -a. The other answers will not produce this output.
14.John is trying to determine the origin of an email. He has captured the email headers and knows the IP address of the originating email server. What command would show John the complete path to that IP address? A. ping -a B. arp C. tracert D. nslookup
C
tracert (or traceroute in Linux) will show the complete path to the IP address. Option A is incorrect—ping shows if a site is reachable but not the path to it. Option B is incorrect—arp shows address resolution protocol tables. Option D is incorrect; nslookup is used with DNS.
15.Juanita is the security administrator for a large university. She is concerned about copyright issues and wants to ensure that her university does not violate copyrights. What would be her main concern regarding unauthorized software?
A. It might be copyrighted.
B. It might be used to circumvent copyright protection.
C. That should not be a copyright concern.
D. It is not a concern if she has a least one license for the software.
A
Software is subject to copyright, and unauthorized software might be copyrighted software.
16.Terrance is examining an authentication system that was developed at MIT and uses tickets for authentication. What system is Terrance most likely examining? A. CHAP B. MS-CHAP C. KERBEROS D. OATH
C
Kerberos was invented at MIT and uses tickets for authentication. Options A and B are Challenge Handshake Authentication Protocol, which does not use tickets. Option D also is an authentication protocol that does not use tickets.
17.Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects? A. High FRR, low FAR B. High FAR, low FRR C. Low CER D. High CER
C
You want a crossover error rate, also called equal error rate, and you want it to be low.
18.Jarod is evaluating web-based, single sign-on solutions. Which of the following technologies is most associated with web page authorization? A. SAML B. PIV C. CHAP D. RBAC
A
SAML is used with web page authorization. Option B is incorrect—PIV is a type of smartcard. Option C is incorrect—CHAP is a type of authentication protocol. Option D is incorrect—RBAC is an access control protocol.
19.You are a network administrator for ACME Corporation. You want to implement a new access control mechanism. The mechanism you are considering takes into account the entire environment/scenario of the access request. What does this describe? A. MAC B. DAC C. RBAC D. ABAC
D
Attribute-based authentication control looks at the entire environment. Options A, B, and C are all access control methods but do not consider the entire environment.
20.Dennis has implemented an authentication system that uses a password, a PIN, and the user's birthday. What best describes this system? A. Single factor B. Two factor C. Three factor D. Strong authentication
A
Although three items are used, they are all Type I, something you know. Two-factor or strong authentication requires two authentication methods from two different categories (Type I, II, or III).
1.An IV attack is usually associated with which of the following wireless protocols? A. WEP B. WAP C. WPA D. WPA2
A
An IV attack is usually associated with the WEP wireless protocol.
2.What is the size of the initialization vector (IV) that WEP uses for encryption? A. 6-bit B. 24-bit C. 56-bit D. 128-bit
B
The initialization vector (IV) that WEP uses for encryption is 24-bit.
3.What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on things such as the MAC address of your machine and the serial number of the packet? A. 128-bit B. 64-bit C. 56-bit D. 12-bit
A
TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the host device and the serial number of the packet.
4.hat technology is used to send data between phones that are in close proximity to each other? A. NFC B. IBI C. IBJ D. IFNC
A
Near field communication (NFC) is used to send data between phones that are in close proximity.
5.What technology is used to simplify network setup by allowing a router to have the administrator push a button on it to allow a new host to join? A. WEP B. WPA C. WTLS D. WPS
D WPS (Wi-Fi Protected Setup) is intended to simplify network setup for home and small offices.
6.Which of the following technologies is used to identify and track tags attached to objects? A. NFC B. RFID C. IV D. DSC
B
RFID (radio frequency identification) technology is used to identify and track tags attached to objects.
7.What type of attack captures portions of a session to play back later to convince a host that it is still talking to the original connection? A. Replay B. Echo C. Duplication D. Reprise
A
A replay attack captures portions of a session to play back later to convince a host that it is still talking to the original connection.
8.Which standard defines port-based security for wireless network access control? A. 802.1n B. 802.1g C. 802.1x D. 802.1s
C
The 802.1x standard defines port-based security for wireless network access control.
9.Which of the following types of attacks involves the sending of unsolicited messages over a Bluetooth connection? A. Bluesmurfing B. Bluesnarfing C. Bluewhaling D. Bluejacking
D
Bluejacking is the sending of unsolicited messages over a Bluetooth connection.
10.Karl has checked into a hotel after a long day of travel. He is attempting to check his daily deluge of email messages using the free in-room Wi-Fi, but it keeps losing the connection. When he calls the front desk, they suggest that he might want to use the premium the Wi-Fi (which costs more) to get a better connection. What type of attack could this scenario represent? A. Upselling B. Cross-selling C. Disassociation D. Imitation
C
With a disassociation attack, the intruder sends a frame to the AP with a spoofed address to make it look like it came from the victim and disconnects them from the network.
11.Frustrated with the low signal that the devices in his cubicle receive, Spencer brings in his own access point and creates his own network. Kristin, a co-worker, tells him that if the boss finds out about this it is grounds for immediate dismissal, and he should read the employee handbook if he has any questions. Setting up your own access point represents which of the following? A. Degenerate B. Rogue C. Corporeal D. Temporal
B
A rogue access point is any unauthorized wireless access point on a network.
12.During the authentication part of setting up his small office access point, Wolfgang was required to enter a PIN within 60 seconds. This process is known as: A. Wired Equivalent Privacy B. WiFi Protected Access C. WiFi Protected Setup D. WiFi Authentication Protection
C
An authentication process that requires the user to do something in order to complete the enrollment process is known as WiFi Protected Setup (WPS).
13.Which security protocol for wireless networks attempts to establish the same security for them as would be present in a wired network? A. WEP B. WEB C. WELL D. WALL
A
Wired Equivalent Privacy (WEP) is a security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network.
14.Evan fears that the tenant in the office next door is using RF interference to try to force his small company to vacate the building in frustration. Purposely obstructing or interfering with a signal is known as which of the following? A. Shoving B. Jamming C. Cramming D. Blocking
B
Jamming is purposely obstructing or interfering with a signal.
15.What is a disassociation attack more commonly known as? A. Decertification attack B. Disconfirmation attack C. Deauthentication attack D. Denial attack
C
A disassociation attack is commonly referred to as a deauthentication attack.
16.With near field communication (NFC) technology, the industry tends to use what distance as “near”? A. 1 inch B. 1.2 inches C. 1.6 inches D. 2 inches
C
While there is no hardcoded standard defining “near,” the industry tends to use 4cm (1.6 inches) as the distance.
17.With Bluetooth devices suddenly popping up everywhere in your network, you want to secure as many of them as possible. One of the simplest methods of securing these devices is not to set their attribute to: A. Discoverable B. Transmit C. Announce D. Communicate
A
One of the simplest ways to secure Bluetooth devices is not to set their attribute to Discoverable.
18.Which of the following is the gaining of unauthorized access through a Bluetooth connection? A. Bluejumping B. Bluesnarfing C. Bluerunning D. Bluelining
B
Bluesnarfing is the gaining of unauthorized access through a Bluetooth connection.
19.A client calls you and says that he wants to turn off the SSID broadcast on his small network because he is afraid that those simply scanning for a network are finding it and trying to connect to it. You inform him that this is a very weak form of security and suggest some other options, but he is insistent on this being done. What is this form of hiding the router known as? A. Veiling B. Masking C. Shrouding D. Cloaking
D
Cloaking is a method of protecting the network that involves turning off the SSID broadcast. The access point is still there and accessible by those who know of its existence, but it prevents those who are just scanning from finding it.
20.Which of the following is attack in which a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit? A. Collision B. Evil twin C. NFC D. WPS
B
In an evil twin attack, a rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
