Implementation

Question 1

Which IPSec mode is used to create a VPN between two gateways

Answer 1

Tunnel mode

Question 2

Who can change a resource’s category in a mandatory access control environment?

Answer 2

Administrators only

Question 3

What is the purpose of content inspection

Answer 3

To search for malicious code or behavior

Question 4

Which information do routers use to forward packets to their destinations?

Answer 4

The network address and subnet mask

Question 5

Where should you physically store mobile devices to prevent theft?

Answer 5

• Locked cabinet

* Safe

Question 6

What is Lightweight Extensible Authentication Protocol (LEAP)

Answer 6

A proprietary wireless LAN authentication method developed by Cisco Systems

Question 7

Between which two OSI layers does Secure Sockets Layer (SSL) operate?

Answer 7

• Between the OSI Transport and Application layers

* Layer 4 to Layer 7

Question 8

What is the purpose of Remote Access Dial-In User Service (RADIUS)?

Answer 8

Enables remote access users to log onto a network through a shared authentication database

Question 9

What is a TMP?

Answer 9

A dedicated processor that uses cryptographic keys to perform a variety of tasks

Question 10

What would a certification authority (CA) do if a private key associated with a certificate had been compromised?

Answer 10

Revoke the certificate

Question 11

Which settings ensure that accounts are not used beyond a certain date and/or time?

Answer 11

Account expiration

Question 12

What is the purpose of network access control (NAC)?

Answer 12

Ensures that the computer on the network meets an organization’s security policies

Question 13

What are the two modes of WPA and WPA2?

Answer 13

• Personal, aka
  
  • Preshared Key
  • WPA-PSK / WPA2-PSK
• Enterprise

Question 14

What is the name of the area that connects to a firewall and offers services to untrusted networks?

Answer 14

Demilitarized zone (DMZ)

Question 15

Which security-server application and protocol implement authentication of users from a central server over UDP?

Answer 15

Remote Authentication Dial-In User Service (RADIUS)

Question 16

What is the purpose of an aggregation switch?

Answer 16

Combine multiple streams of bandwitdh into one

Question 17

Which type of IDS detects malicious packets on a network?

Answer 17

Network intrusion detection system (NIDS)

Question 18

What is a sandbox in a secure staging deployment?

Answer 18

A test environment that is completely isolated from the rest of the network

Question 19

What does the acronym MAC denote?

Answer 19

Mandatory Access Control

Question 20

What application or service uses TCP/UDP port 3389?

Answer 20

Remote Desktop Protocol (RDP)

Question 21

Which audit category will audit all instances of users exercising their rights?

Answer 21

Audit Privilege Use audit category

Question 22

Which setting ensures that repeated attempts to guess a user’s password is not possible beyond the configured value?

Answer 22

Account lockout

Question 23

What is the purpose of BitLocker To Go?

Answer 23

Ensure that USB flash drives issued by the organization are protected by encryption

Question 24

What does the subject field in an X.509 v3 certificate contain?

Answer 24

The name of the certificate owner

Question 25

What does the acronym RADIUS denote?

Answer 25

Remote Authentication Dial-In User Service

Question 26

Which implementation of the File Transfer Protocol (FTP) provides the least security?

Answer 26

Trivial File Transfer Protocol (TFTP)

Question 27

What port number does HTTP use?

Answer 27

Port 80

Question 28

Which two security protocols does IP Security (IPSec) use?

Answer 28

• Authentication Header (AH)

* Encapsulating Security Payload (ESP)

Question 29

What is the purpose of load balancing?

Answer 29

Distribute the workload across multiple devices

Question 30

On which standard is Lightweight Directory Access Protocol (LDAP) based?

Answer 30

X.500

Question 31

What are the non-overlapping channels for 802.11g/n

Answer 31

Channels 1, 6, and 11

Question 32

Which protocol provides real-time, online revocation information about certificates?

Answer 32

Online Certificate Status Protocol (OCSP)

Question 33

What is the purpose of anti-spam applications or filters?

Answer 33

Prevent unsolicited email

Question 34

What is the purpose of a spam filter?

Answer 34

Identify and block unwanted messages

Question 35

What are the non-overlapping channels for 802.11b?

Answer 35

Channels 1, 6, 11, and 14

Question 36

Certificate enrollment procedures typically require a user to provide proof of identify and which other item to a certification authority (CA)?

Answer 36

Public key

Question 37

What is the primary security advantage of using network address translation (NAT)?

Answer 37

Hides internal IP addresses from the public network

Question 38

What does VLAN segregation accomplish?

Answer 38

It protects each individual segment by isolating the segments

Question 39

Which firewall port should you enable to allow POP3 traffic to flow through the firewall?

Answer 39

TCP port 110

Question 40

What is a VPN concentrator?

Answer 40

A device that creates a virtual private network (VPN)

Question 41

Which type of key management does Secure Multipurpose Internet Mail Extensions (S/MIME) use: centralized or decentralized?

Answer 41

Centralized

Question 42

What is the purpose of content inspection?

Answer 42

Search for malicious code or behavior

Question 43

Which security protocol is best used for connection-oriented systems such as an intranet?

Answer 43

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Question 44

Does the S/MIME protocol use certificates?

Answer 44

Yes

Question 45

What is the purpose of MAC filtering?

Answer 45

To restrict the clients that can access a wireless network

Question 46

Which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?

Answer 46

Active detection

Question 47

Which firewall port should you enable to allow SMTP traffic through the firewall?

Answer 47

Port 25

Question 48

On which standard are certificates based?

Answer 48

X.509

Question 49

What is the purpose of secure shell(SSH)?

Answer 49

Secure remote access

Question 50

What is Protected Extensible Authentication Protocol (PEAP)?

Answer 50

A protocol that encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel

Question 51

What is meant by the term hardware root of trust?

Answer 51

Highly reliable hardware, firmware, and software components that perform specific, critical security functions

Question 52

Which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?

Answer 52

TACACS+

Question 53

Why is password disclosure a significant security issue in a single sign-on (SSO)network

Answer 53

It could compromise the entire system because authentication grants access to ANY systems on the network to which the actual user may have permission

Question 54

Which type of IDS or IPS uses an initial database of known attack types but dynamically alerts their signatures based on learned behavior?

Answer 54

Heuristic

Question 55

Which port number is used by SSH, SCP, and SFTP?

Answer 55

Port 22

Question 56

Which authentication protocol uses tickets to authenticate users?

Answer 56

Kerberos

Question 57

Which two chips are used to implement hardware-based encryption?

Answer 57

• Trusted Platform Module (TPM)

* Hardware Security Module (HSM)

Question 58

Which function does a single sign-on (SSO) system provide?

Answer 58

It allows a user to present authentication credentials once and gain access to all computers within the SSO system?

Question 59

What is the top-most level of the LDAP hierarchy?

Answer 59

Root

Question 60

What does the acronym TPM denote?

Answer 60

Trusted Platform Module

Question 61

What does the acronym SMTP denote?

Answer 61

Simple Mail Transfer Protocol

Question 62

Which three security features do digital certificates provide?

Answer 62

• Authentication
• Data integrity
• Non-repudiation

Question 63

Which security device requires physical possession and has passwords that can only be used once?

Answer 63

Token

Question 64

What is the difference between trusted platform module (TMP) chips and hardware security module (HSM) chips

Answer 64

• TPM chips are a part of the motherboard

* HSM chips are part of a PCI cart that is mounted to the motherboard

Question 65

Which type of IDS detects attacks on individual devices?

Answer 65

Host Intrusion Detection System (HIDS)

Question 66

What port number does NNTP use?

Answer 66

TCP port 119

Question 67

Which type of access control is the multi-level security mechanism used by the Department of Defense (DoD)?

Answer 67

Mandatory access control (MAC)

Question 68

Which port number does LDAP use for communications encrypted using SSL/TLS?

Answer 68

Port 636

Question 69

Which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?

Answer 69

TCP port 143

Question 70

What are the two major types of intrusion detection systems (IDS)?

Answer 70

• Network IDS (NIDS)

* Host IDS (HIDS)

Question 71

What defines the allowed uses for a certificate issued by a certification authority (CA)?

Answer 71

Certificate policy

Question 72

What does the acronym KDC denote?

Answer 72

Key distribution center

Question 73

Which port numbers are used by NetBIOS?

Answer 73

Ports 137-139

Question 74

What is the most common type of system used to detect intrusions into a computer network?

Answer 74

Network Intrusion Detection System (NIDS)

Question 75

Which account should you disable immediately after installing a new operating system (OS) to harden the OS?

Answer 75

Guest account

Question 76

What does the acronym IDS denote?

Answer 76

Intrusion Detection System

Question 77

What port number does DNS use?

Answer 77

Port 53

Question 78

Does each VLAN create its own collision domain or its own broadcast domain?

Answer 78

Broadcast domain

Question 79

What is the purpose of S/MIME?

Answer 79

Secure encryption and digital signatures for email

Question 80

What is the purpose of SNMP?

Answer 80

Routing and switching management

Question 81

Which password attack does account lockout policy protect against?

Answer 81

Brute force attack

Question 82

What does the acronym NFC denote?

Answer 82

Near field communication

Question 83

What is Shinnoleth?

Answer 83

An identity management and federated identity-based authentication and authorization system for SAML

Question 84

What is the default automatched key-management protocol for IPSec?

Answer 84

Internet Key Exchange (IKE)

Question 85

What is the name for the data structure that maintains a list of certificates that have been revoked before their expiration date?

Answer 85

Certificate Revocation List (CRL)

Question 86

Which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2

Answer 86

WiFi Protected Access IIversion 2 (WPA2) with CCMP

Question 87

Which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?

Answer 87

Temporal Key Integrity Protocol (TKIP)

Question 88

What is the most significant misuse of cookies?

Answer 88

Misuse of personal data

Question 89

Who has the responsibility for configuring access rights in discretionary access control (DAC)?

Answer 89

The data owner or data custodian

Question 90

Which type of access control was originally developed for military use?

Answer 90

Mandatory Access Control (MAC)

Question 91

What is the default rule found in a firewall’s access control list (ACL)?

Answer 91

Deny All

Question 92

What Ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?

Answer 92

802.1x

Question 93

Can an expired digital certificate be renewed?

Answer 93

No

Question 94

Which Kerberos component holds all users’ and services’ cryptographic keys and generates tickets?

Answer 94

Key Distribution Center (KDC)

Question 95

Which type of IDS detects malicious packets on a network?

Answer 95

Network Intrusion Detection System (NIDS)

Question 96

Which three security features does Authentication Header (AH) provide?

Answer 96

• Integrity
• Authentication
• Anti-replay service

Question 97

What is the name of the list of locations where software can check to see whether a user’s certificate has been revoked?

Answer 97

CRL Distribution Point (CDP)

Question 98

Which port number is used by SMB?

Answer 98

TCP port 445

Question 99

Which type of authentication is accomplished by authenticating both the client and server sides for a connection through the encrypted exchange of credentials?

Answer 99

Mutual authentication

Question 100

What type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?

Answer 100

Virtual Private Network (VPN)

Question 101

Which term is used when the amount of work that a computer has to do is divided between two or more computers so that more work is performed in the same amount of time?

Answer 101

Load balancing

Question 102

What does the acronym PKI denote?

Answer 102

Public key infrastructure

Question 103

What port number does DHCP use?

Answer 103

Port 67

Question 104

Which port number is used by Microsoft SQL Server?

Answer 104

TCP port 1433

Question 105

Which port is used for LDAP authentication?

Answer 105

Port 389

Question 106

Which PKI object do you use to verify that a user sends a message is who they claim to be?

Answer 106

Digital certificate

Question 107

Which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?

Answer 107

Network Address Translation (NAT)

Question 108

How many TCP/UDP ports are vulnerable to malicious attacks?

Answer 108

65,536 ports

Question 109

What does the acronym RBAC denotes?

Answer 109

• Role Based Access Control

* Rule Based Access Control

Question 110

Which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?

Answer 110

TACACS+

Question 111

What is the default PPTP port?

Answer 111

TCP port 1723

Question 112

What does the acronym SED denote?

Answer 112

Self Encrypting Drive

Question 113

What is the name for a fix that addresses a specific Windows system problem or set of problems?

Answer 113

Hotfix

Question 114

Which Linux file contains encrypted user passwords that only the root user can read?

Answer 114

/etc/shadow

Question 115

Which authentication protocol is an open standard: XTACACS or RADIUS?

Answer 115

RADIUS

Question 116

What is the purpose of network access control (NAC)?

Answer 116

Ensures that the computer on the network meets an organization’s security policies

Question 117

Which devices can limit the effectiveness of sniffing attacks: switches or routers?

Answer 117

Switches

Question 118

Which audit category monitors changes to user accounts and groups

Answer 118

Audit Account Management audit category

Question 119

Which protocol is used by network devices to transmit error messages?

Answer 119

Internet Control Message Protocol (ICMP)

Question 120

How do you ensure that data is removed from a mobile device that has been stolen?

Answer 120

Use a remote wipe or sanitation program

Question 121

Which access control model has the lowest cost?

Answer 121

Role-Based Access Control (RBAC)

Question 122

If a user needs administrative-level access, how many user accounts should be issued to the user?

Answer 122

Two accounts

• One for normal tasks
• One for admin level tasks

Question 123

Which security server application and protocol implements authentication and authorization of users from a central server over TCP?

Answer 123

Terminal Access Controller Access Control System Plus (TACACS+)

Question 124

What port does NTP use?

Answer 124

Port 123

Question 125

Which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?

Answer 125

Isolation mode?

Question 126

What is the name for a small piece of information that is saved on a client machine on the hard disk to enable tracking of user information for future Web visits?

Answer 126

Cookie

Question 127

What is the purpose of domain name system security extension (DNSSEC)?

Answer 127

Secure domain name resolution

Question 128

What is the purpose of lightweight dictionary application protocol secure (LDAPS)?

Answer 128

Secure directory services

Question 129

What is the name of the top-most level certification authority (CA)?

Answer 129

• Root authority

* Root CA

Question 130

What portion(s) of the IP packet are encrypted in IPSec transport mode?

Answer 130

The payload

Question 131

Which certification authority (CA) has the highest level of trust in a trust hierarchy?

Answer 131

Root CA

Question 132

What are flood guards?

Answer 132

Devices that protect against Denial of Service (DoS) attacks

Question 133

Which Layer 3 device allows different logical networks to communicate?

Answer 133

Router

Question 134

Which security standard is an enhanced version of Secure Sockets Layer (SSL)

Answer 134

Transport Layer Security (TLS)

Question 135

What do you use to control traffic from the Internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?

Answer 135

Firewall

Question 136

What does the acronym SRTP denote

Answer 136

Secure Real Time Transport Protocol

Question 137

If the user is NOT prompted for credentials when connected to a Network Access Control (NAC) server, what is the user’s computer missing?

Answer 137

Authentication agent

Question 138

What does the acronym WAF

Answer 138

Web application firewall

Question 139

What does the acronym POP denote?

Answer 139

Post Office Protocol

Question 140

What port number does SSH use?

Answer 140

Port 22

Question 141

Which term is used to describe a product that provides network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting?

Answer 141

Unified Threat Management (UTM)

Question 142

Which IPSec mode is used mostly in host-to-host communications?

Answer 142

Transport mode

Question 143

What is the name for the process of tracking user activities by recording selected events in the server activity logs?

Answer 143

Auditing

Question 144

Which two modes does IP Security (IPSec) provide to ensure confidentiality?

Answer 144

• Tunnel mode

* Transport mode

Question 145

What is the default L2TP port?

Answer 145

UDP port 1701

Question 146

What is ANT when used in mobile devices?

Answer 146

A proprietary network technology used for the Internet of Things (IoT)

Question 147

What is the name for a collection of hotfixes that have been combined into a single patch?

Answer 147

Service pack

Question 148

What is a trusted OS?

Answer 148

An operating system that provides support for multilevel security

Question 149

When should an administrative account be used?

Answer 149

When performing admin-level tasks

Question 150

At which OSI layer does IP Security (IPSec) operate?

Answer 150

Network Layer (Layer 3)

Question 151

Which intrusion detection system (IDS) watches for intrusions that match a known identity?

Answer 151

Signature-based IDS

Question 152

What two ports does FTP use?

Answer 152

Ports 20 and 21

Question 153

What does the acronym SAML denote?

Answer 153

Security Assertion Markup Language

Question 154

Why is GPS tracking often disabled?

Answer 154

It is considered a security threat. As long as GPS tracking is enabled and the mobile devie is powered on, the device (and possibly its user) can be located

Question 155

What is the purpose of secure real-time transport protocol (SRTP)?

Answer 155

Secure voice and video

Question 156

What is the term for a device that acts as a concentrator for a wireless LAN?

Answer 156

Wireless Access Point (WAP)

Question 157

What does the acronym FDE denote?

Answer 157

Full Disk Encryption

Question 158

What are the three protocols that can be used for wireless networks?

Answer 158

• Wired Equivalent Privacy (WEP)
• WiFi Protected Access Version 1 (WPAv1)
• WiFi Protected Access Version 2(WPAv2)

Question 159

What is a file considered in a mandatory access control environment?

Answer 159

An object

Question 160

Which type of access control is most suitable for top-secret information?

Answer 160

Mandatory Access Control (MAC)

Question 161

Which type of authentication combines two or more authentication methods, like something that a person knows (such as a password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?

Answer 161

Multi-Factor Authentication

Question 162

What is the purpose of GPS tracking on a mobile device?

Answer 162

Allows a mobile device to be located

Question 163

Would a certification authority (CA) revoke a certificate if the certificate owner’s private key were exposed?

Answer 163

Yes

Question 164

Do certificates provide encryption?

Answer 164

No

Question 165

According to CompTIA, why should you disable the SSID broadcast of your wireless router?

Answer 165

Improve network security

Question 166

What does the acronym L2TP denote?

Answer 166

Layer 2 Tunneling Protocol

Question 167

Which standard developed by RSA offers encryption of email messages and authentication to recieve email using digital signatures?

Answer 167

S/MIME

Question 168

Using role-based access control (RBAC), which entities are assigned roles?

Answer 168

Users or subjects

Question 169

What is a proxy server?

Answer 169

A server that caches and filters content

Question 170

Which Internet protocol based on X.500 is used to access the data stored in a network directory?

Answer 170

Lightweight Directory Access Protocol (LDAP)

Question 171

Is a DHCP server normally placed inside a DMZ?

Answer 171

No

Question 172

What is the purpose of remote access dial-in user service (RADIUS)?

Answer 172

Enables remote access users to log on to a network through a shared authentication database

Question 173

Which audit category tracks access to all objects outside Active Directory?

Answer 173

Audit Object Access audit category

Question 174

Which TCP port number does secure socket layer (SSL) use?

Answer 174

Port 443

Question 175

Which port should you block at your network firewall to prevent Telnet access?

Answer 175

Port 23

Question 176

What is the purpose of mobile device encryption?

Answer 176

Ensure that the contents of the mobile device are confidential

Question 177

Which port number does LDAP use when communications are NOT secured using SSL/TLS?

Answer 177

Port 389

Question 178

What is a good solution if you need to separate two departments into separate networks?

Answer 178

VLAN segregation

Question 179

Which port number is used by SSL, FTPS, and HTTPS?

Answer 179

TCP port 443

Question 180

What defines the way in which a certification authority (CA) implements the creation of certificates?

Answer 180

Certificate practice statement

Question 181

What port number is used by TFTP?

Answer 181

UDP port 69

Question 182

Which protocol provides connectionless integrity, data origin authentication, replay protection, and confidentiality (encryption) using Authentication Header (AH) and Encapsulating Security Payload (ESP)?

Answer 182

Internet Protocol Security (IPSec)

Question 183

Which setting ensures that users periodically change their account passwords?

Answer 183

Password expiration

Question 184

What does the acronym OAUTH denote

Answer 184

Open Authentication

Question 185

What occurs when a user provides a password or proof of identity to a system?

Answer 185

Authentication

Question 186

What does the acronym HSM denote?

Answer 186

Hardware Security Module

Question 187

What is a web security gateway?

Answer 187

A device that filters web content

Question 188

What is key escrow?

Answer 188

When you maintain a secured copy of a user’s private key to ensure that you can recover the lost key

Question 189

What is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?

Answer 189

• Missed detection

* False negative

Question 190

What does the acronym UTM denote?

Answer 190

Unified Threat Management

Question 191

What does the acronym TACACS denote?

Answer 191

Terminal Access Controller Access Control System

Question 192

What are the two advantages of single sign-on (SSO)?

Answer 192

• Convenience

* Centralized administration

Question 193

What is the primary functionality of lightweight directory access protocol (LDAP)?

Answer 193

Controls client access to directories

Question 194

What is an entity that issues and manages certificates?

Answer 194

Certification Authority (CA)

Question 195

What is the purpose of audit logs?

Answer 195

To document actions taken on a computer network and the party responsible for those actions

Question 196

What is another term used for layered security

Answer 196

Defense in depth

Question 197

Which services are usually provided by all-in-one security devices?

Answer 197

• URL filtering
• Content insepction
• Malware inspection

Question 198

Which security protocol is the standard encryption protocol for use with the WPA2 standard?

Answer 198

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Question 199

Which directory protocol does Directory-Enabled Networking (DEN) use?

Answer 199

Lightweight Directory Access Protocol (LDAP)

Question 200

Which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?

Answer 200

Audit Account Logon Events audit category

Question 201

What is the purpose of screen locks on mobile devices?

Answer 201

To prevent users from accessing the mobile device until a password or other factor is entered

Question 202

What does the acronym DAC denote?

Answer 202

Discretionary Access Control

Question 203

Which authentication protocol uses UDP: TACACS+ or RADIUS?

Answer 203

RADIUS

Question 204

What is the main difference between an IDS and an IPS?

Answer 204

• IDS detects intrusions

* IPS prevents intrusions

Question 205

Which port number does SNMP use?

Answer 205

UDP port 161