Overall

Question 1

Trivial File Transfer Protocol (TFTP) port

Answer 1

Port 69

Question 2

File Transfer Protol (FTP) port

Answer 2

Port 20/21

Question 3

Network Time Protocol (NTP) port

Answer 3

Port 123

Question 4

Simple Mail Transfer Protocol (SMTP) port

Answer 4

Port 25

Question 5

Simple Network Management Protocol (SNMP) v3

Answer 5

Uses UDP port 161, 162

Question 6

Remote Desktop Protocol (RDP)

Answer 6

UDP/TCP port 3389

Question 7

File Transfer Protocol Secure or SSL (FTP/S) port

Answer 7

Port 989, 990

Question 8

SSH or Secure File Transfer Protocol (S/FTP) port

Answer 8

Port 22

Question 9

Terminal Access Controller Access Control System (TACACS) port

Answer 9

Port 49

Question 10

Kerberos port

Answer 10

Port 88

Question 11

Microsoft SQL Server port

Answer 11

1433

Question 12

Lightweight Directory Access Protocol (LDAP)

Answer 12

port 389 (TCP/UDP)

Question 13

Lighweight Directory Access Protocol SSL (LDAP/S) port

Answer 13

Port 636

Question 14

HTTP port

Answer 14

port 80

Question 15

HTTPS port

Answer 15

Port 443 (uses SSL/TLS)

Question 16

Telnet port

Answer 16

port 23

Question 17

SSH port

Answer 17

port 22

Question 18

NetBIOS port

Answer 18

ports 137-139

Question 19

Secure Copy Protocol (SCP) port

Answer 19

Port 22 (uses SSH)

Question 20

Post Office Protocol (POP) port

Answer 20

port 110

Question 21

A user notifies you that a software application displays advertisements while the application is executing. Of which security threat is this an example?

Answer 21

ADWARE- software application that displays advertisments while the application is executing.

Question 22

A tunneling protocol that provides secure authentication and data encryption.

Answer 22

IPSEC (Internet Protocol Security)

Question 23

A network management protocol that allows communications between network devices and management console.

Answer 23

SNMP (Simple Network Management Protocol)

Question 24

A File transfer protocol that uses SSH for security

Answer 24

SFTP (SSH or Secure File Transfer Protocol)

Question 25

A file transfer protocol that uses SSL for security

Answer 25

FTPS (File Transfer Protocol Secure/SSL)

Question 26

Software that requires that your activites be monitored and tracked. Collect cookies and report on a users activities.

Answer 26

Spyware

Question 27

A program that spreads itself through network connection.

Answer 27

WORM

Question 28

Which condition might indicate that a hacker is hacking a network?

Answer 28

A MAJOR INCREASE IN ICMP TRAFFIC

*Hacking a network with a ping of death ‘Denial-of-Service’ (DOS) attack

Question 29

What network devices can you use to connect two or more of the LANsegments together without collisions?

Answer 29

Bride, router and switches, connect LAN segments.

Question 30

Whichevents should be considered as part of the business continuity plan?

Answer 30

Natural, disaster, hardware and failure

Question 31

What would include ISO compliance, adhereing to NIST and Payment Card Industry DataSecurity Standard (PCI-DSS). “General” stating a wide range of standards covered.

Answer 31

General-Purpose-Guides

Question 32

_______ is a key distrubution protocol & distribution protocol used for secure IP communications, such as IPSEC (Internet Protocol Security).

Answer 32

SKIP (Simple Key Management Protocol for Internet Protocols)

Question 33

________ involves accepting the risk and leaving the security plan the same.

Answer 33

Acceptance

Question 34

________ involves modifying the security plan to eliminate the risk or its impact.

Answer 34

Avoidance

Question 35

________ involves transferring the risk and it’s consequiences to a third party.

Answer 35

Transference

Question 36

________ involves reducing the probability or impact of a risk (taking action to minimize probability.

Answer 36

Mitigation

Question 37

What can hide itself from antivirus software by distorting its own code. When spreading, it jumbles and garbles it’s own code to prevent antivirus software from detecting its presence.

Answer 37

self-garbling virus

Question 38

What hides the changes it makes to the system files and boot records, making it difficult to detect its presence. Maintains a copy of a file before infecting it and presents the orginal copy to the monitoring sofware so that no changes are detected by the system.

Answer 38

Stealh virus

Question 39

Virus progreams written in Word Basic, visual Basic and VBScript. Platfor independent, typically infects systems through microsoft office products.

Answer 39

macro virus

Question 40

What detects data or files that are hidden within other files?

Answer 40

Steganagraphy tools

Question 41

What tools are used to ensure that information is completely removed from a device beore it is descarded, sold or recycled.

Answer 41

Data Sanitization tools

Question 42

What tools are used by a network administrator to test the security of a network, such as penetration test (metasploit).

Answer 42

Exploitation Frameworks

Question 43

__________ is the general term for tools that help you locate weaknesses in your network before they are exploited by an attacker

Answer 43

Vulnerability Scanner

Question 44

A password, PIN, name of a childhood friend, color of first car, similar questions are examples of which authentication?

Answer 44

Something You Know

Question 45

Fingerprints, voice prints, retina scan & Iris scans and biometrics are examples of which authentication?

Answer 45

Something You Are

Question 46

Under _________, a set of organizational roles are defined and users are allocated to those roles. Under this system, the right to modifiy roles is reserved to admin accounts. The system is non-discretionary, as each user has no right to modify the ACL of a resooure, even though they can change the resoure in other ways.

Answer 46

Role-based Access Control (RBAC)

Question 47

The owner is originally the creator of the resource, though ownership can be assigned to another user. The owner is granted FULL control over the resource, meaning the owner can modify it’s ACL to grant rights to others.

Answer 47

Discretionary Access Control (DAC)

Question 48

_______ & _______ attacks target virtual machines. These attacks attempt to detect virtual servers and machines on a network. Once the virtual machines are identified, various techniques are used to attack the VM’s to breach the hos and eventually the netwrok.

Answer 48

Red Pill & Scooby Doo attacks

Question 49

DES uses ______ encryption keys.

Answer 49

56-bit encryption keys

Question 50

AES uses _____, _____, and ____ bit encryption keys.

Answer 50

128, 192 and 256 bit encryption keys.

Question 51

MD5 produces _________ checksums

Answer 51

128-bit checksums

Question 52

What produces 256-bit checksums?

Answer 52

SHA-256 aka SHA-2

Question 53

___________ produces 160-bit checksums

Answer 53

SHA-1 (Secure Hashing Algorithm)

Question 54

___________ - means identifying the risk and no longer engaging the activities associated with that risk. Example; no longer accept credit card information via email.

Answer 54

Risk Avoidance

Question 55

______ uses a combination of conventional symmetric-key cryptography for speed and public-key cryptography for ease of secure key exchange. It supports the following algorithms: RSA, DSA, cipher, IDEA, 3DES, CAST5, Blowfish, AES-128/192/256, CAMELLIA, HASH: MD5, SHA-1, SHA-265, 384,/512/224, RIPEND-160. Is an alternative to the PGP suite of cryptographic software.

Answer 55

GNU Privacy Guard (GPG)

Question 56

Is a symmetric-key block cipher, a streaming cipher. 1-bit at a time, 1-round. Developed at the Massachusetts Institute of Technology. Supports variable length encryption keys.

Answer 56

Rivest Cipher (RC4, RC5)

RC4 - is a streaming cipher
RC5/RC6 - are block ciphers

Question 57

Protocol for transporting secure voice and video.

Answer 57

Secure Real-Time Transport Protocol (SRTP)

Question 58

Types of commercial data classifications

Answer 58

Confidential, Private, Sensitive, Public

Question 59

Types of military data classifications

Answer 59

Sensitive, Confidential, Secret, Top Secret

Question 60

_____ is any information that can be used for the purpose of identifying, locating or contacting any specific individual, either combined with other easily accessible sources or by itself.
Can include data linked to any individual through medical, employment, financial, or educational records. Several of these information sets that might be utilized to identify a certain individual could consist of a name, email address, biometric data, telephone number, fingerprints or social security number.

Answer 60

PII (Personal Identifiable Information)

Question 61

_____ is any information related to the health status, health care provision or health care payment that can further be linked to any specific individual. It can rather broadly interpreted and includes any sort of medical payment history or records of a patient.

Answer 61

PHI (Personal Health Information)

Question 62

Org roles that deal with data classification?

Answer 62

Data custodian, data steward, data owner and privacy officer.

Question 63

What is a another term for technical controls

Answer 63

logical controls

Question 64

_____ to suppress fire that has magnesium, sodium and potassium as it’s elements.

Answer 64

Dry Powder

Question 65

_____ are used when the fire involves electrical equipment and wires. They can also be used to surpress class B fires that include liquids.

Answer 65

Halon or carbon dioxide

Question 66

_____ allows users to gain access to restricted directories. If an operating system command, like rm -rf/etc/passwords sent via HTML string.

Answer 66

command injection

Question 67

_____ occurs when a user enters values in an XML query that takes advantage of security loopholes.

Answer 67

XML injections

Question 68

_____ occurs when a user enters values in an LDAP query that takes advantage of a security loopholes

Answer 68

LDAP injection

Question 69

_____ occurs when Hackers learn of a security vulnerability on the same day that it is discovered by the application vendor.

Answer 69

Zero day attack

Question 70

_____ occurs when a hacker is able to manipulate a packet header to deface, hijack or poison the packet.

Answer 70

Header manipulation

Question 71

An add-on that a user adds for a particular functionality, but reality serves as a way for a hacker to create a security breach.

Answer 71

Malicious Add-ons

Question 72

_____ is used in a Kerberos network authentication to distribute resource access keys.

Answer 72

Key Distribution Center (KDC)

Question 73

_____ generates and validates digital certificates and verfiies the authenticity of the cerificate elements.

Answer 73

Certification Authority

Question 74

Occurs when a hacker intercepts messages from a sender, modifies those messages and sends them to a legitimate receiver. This type of attack often inolves interrupting network traffic to insert malicious code.

Answer 74

Man-in-the-middle attack

Question 75

Occurs when a script on a website is configured to manipulate a computer other than the we server.

Answer 75

cross-site scripting (XSS)

Question 76

Management wants to protect all traffic on the company’s HTTP/HTTPS server. You have been asked to recommend a solution. Which device is the best solution?

Answer 76

Web Application Firewall – it can be implemented in hardware or software to protect a web server from a cross-site scripting attack.

• Best to protect HTTP/HTTPS server
• Security at Application Layer (layer 7) OSI model

Question 77

Your organization has recently implemented a new security policy that includes the implementation of the principle of least privilege. You need to ensure that users understand this principle. What is the best implementation of this principle?

Answer 77

Issuing the “Run as” command to execute administrative tasks during a regular user session.

Question 78

____ is a router funtion, where an application compares the incoming or outgoing IP address to an ACL. Other types of ______ perform similar functions on MAC addresses or switch port.

Answer 78

Anti-spoofing

*A NIDS/NIPS would not check IP addresses traffic for spoofing.

Question 79

An attack that sends unsolicited messages over Bluetooth connection.

Answer 79

Bluejacking

Question 80

The act of gaining unauthorized access to a device and the network it is connecting to through it’s bluetooth connection.

Answer 80

Bluesnarfing

Question 81

Malicious code activated by a specific event is called?

• Backdoor
• Dropper
• Logic Bomb
• Retrovirus

Answer 81

Logic Bomb

Question 82

Which of the following answers refers to an undocumented (and often legitimate) way of gaining access to a program, online service, or an entire computer system?

• logic bomb
• trojan horse
• rootkit
• backdoor

Answer 82

Backdoor

Question 83

An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as?

• shoulder surfing
• privilege escalation
• social engineering
• penetration testing

Answer 83

Social Engineering

Question 84

A fraudulent email requesting its recipient to reveal sensitive information (e.g. username and password) used later by an attacker for the purpose of identity theft is an example of? (select all that apply)

• phishing
• social engineering
• bluejacking
• vishing

Answer 84

Phishing & Social Engineering

Question 85

Phishing scams targeting a specific group of people are referred to as?

• vishing
• spear phishing
• spoofing
• whaling

Answer 85

Spear Phishing

Question 86

Phishing scams targeting people holding high positions in an organization or business are known as?

• Vishing
• Bluesnarfing
• Whaling
• Bluejacking
• Pharming

Answer 86

Whaling

Question 87

The practice of using a telephone system to manipulate user into disclosing confidential information is called?

• Whaling
• Spear Phishing
• Vishing
• Pharming

Answer 87

Vishing

Question 88

What is tailgating?

Answer 88

Gaining unauthorized access to restricted areas by following another person

Question 89

Which social engineering attack relies an identity theft?

Answer 89

Impersonation

Question 90

A situation in which an unauthorized person can view another users displays or keyboard to learn their password or other confidential information is referred to as?

• Spear Phishing
• Tailgating
• Shoulder Surfing
• Spoofing

Answer 90

Shoulder Surfing

Question 91

The actual key size of _____ is 64 bits, however 8 bits are used for parity check. Therefore, the effective key size of ______ is 56 bits. ______ users 16 rounds of computation.

Answer 91

DES (Data Encryption Standard)

Question 92

What is the best method to avoid buffer overflows?

Answer 92

“Execute a well-written program” - a well written program is the best method to prevent buffer overflow errors. Buffer overlow is caused when input data is not verified for appropriate length at the time of input. Buffer overflow & boundary condition errors are examples of input validation errors.

Question 93

What is typically part of an information policy?

Answer 93

Classification of Information: is typically part of an information policy. A company usually has two information classification: Public & Proprietary. Some companies also use the ‘restricted’ classification.

Question 94

A social engineering technique where by attackers under disguise of legitimate request attempt to gain access to confidential information they shouldn’t have access to is commonly referred to as?

Answer 94

Phishing

Question 95

You are training several IT professionals on security and access control. You need to explain to the professsionals the most common form of identification and authentication.

What identification and authentication mechanism should you explain?

Answer 95

USER identification with usable password

Question 96

You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients.

What should you implement?

Answer 96

Isolation Mode - This mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients

Question 97

What is another name for a cross-site request forgery? (XSRF)

Answer 97

Session riding - This application issue involves unauthorized commands coming from a trusted user to a user or website.

Question 98

Your manager suspects that your network is under attack. You have been asked to provide information regarding traffic flow and statistical information for your network.

Which tool should you use?

Answer 98

Protocol Analyzer - provides information regarding traffic flow and statistical information for your network. A protocol analyzer is also referred to as a network analyzer or packet sniffer (wire-shark).

Question 99

You have recently implemented a new Public Key Infrastructure (PKI) for your organization. You need to back up the entity that is responsible for certifying the public key pair of the roo CA. Which entity must you back up?

Answer 99

Root CA - You should backup the Root CA. The Root Certification Authority (CA) must certify its own public key pair

Question 100

You suspect that several users are attempting to install unauthorized software. Upon researching, you discover that the attempts were unsuccessful. What tool did you implement that logged those attempts and indentified the users?

Answer 100

Application Whitelist - is a practice of denying all applications except for those that are approved. Those approved applications are designated as whitelisted.

Question 101

You are responsible for managing your company’s virtualization environment. Which feature should NOT be allowed on a virtualization host?

Answer 101

Browsing the internet

–If the host has a security breach (spyware/malware) anything that affects a virtualization host also affects all virtual computers on the host.

Question 102

You have a highly mobile workforce and they often work in airplanes, airports and other public places. Management is concerned that unauthorized users can obtain information when personnel are using the devices in public places. Which of these could be implemented to help mitigate risk?

• CAC logins
• set devices to isolation mode
• finger print readers
• screen filters

Answer 102

Screen Filters

Question 103

Match the tools on the left with the descriptions given on the right.

1. Nessus
2. Wireshark
3. SNORT
4. Cain & Abbel

a. Password recovery tool
b. Network Protocol Analzyer
c. Network Intrusion Detection System
d. Vulnerability Scanner

Answer 103

Wireshark – Network Protocol Analyzer

Nessus – Vulnerability Scanner

Snort – Intrusion Detection System

Cain & Abel – Password Recovery Tool

Question 104

During maintenance, you often discover unauthorized devices connected to your wireless network. You need to ensure that only authorized corporate devices can connect to the network. What should you configure to increase the security of this wireless network?

Answer 104

MAC filtering - with this filtering, the MAC address of each network interface card (NIC) that attempts to connect to the network is checked. Only MAC address that are specifically allowed connection are granted connection.

Question 105

What preserves the existence and integrity of relevant electronic records (and paper records) when litigation is imminent?

Answer 105

Legal Hold - is the term for the preservation of information relevant to impending lawsuit. Personnel will be instructed not to destroy or alter information relating to the topic of the lawsuit.

Question 106

Ensures that users have the appropriate permissions to complete the tasks that are part of their job. By implementing permission auditing and review, you ensure that privilege creep does not occur.

Answer 106

Permission Auditing and Review

Question 107

Ensures that accounts are still being used. By implementing usage auditing and review, you ensure that accounts that are no longer in use are disabled.

Answer 107

Usage auditing and Review

Question 108

Which Instrusion Detection System (IDS) uses a magnetic field to detect intrusions?

Answer 108

A proximity detector

Question 109

Passphrase is easiest to remember (according to the test)

Answer 109

True – According to the test; Passphrase is easiest to remember

Question 110

_________- A bit-level copy of the disk, refers to making a copy at the sector level to cover every part of the area that can store used data, such as slack space and free space. You should also perform forensic hashing of the disk contents, Before and after.

Answer 110

Forensic investigation

Question 111

______ - is formed when a malicious program is installed on several host computers and is remotely triggered.

Answer 111

Botnet

Question 112

_______ backups begin with a full backup. On each day thereafter you would backup all of the changes that occurred since your last full backup. It’s cumulative. The order to resotre is the last full backup and the most recent _______backup.

• *Does not reset archive bit.
• *They do not dependent on the other backups.

Answer 112

‘Differential’ backup

Question 113

________ backups begin with a full backup. On each day thereafter you would backup that specific day’s changes only the order of restoration would be to resotre the last full backup first and then to resotre each day’s incremental backup in order from oldest to newest.

** Resets archive bit, dependent on each backup.

Answer 113

‘Incremental’ Backup

Question 114

______ - a testing environment isolated from a live or production environment.

______ - mechanism for safely running untrusted programs

Answer 114

Sandbox - a testing environment isolated from a live or production environment.

Sandboxing - mechanism for safely running untrusted programs.

Question 115

In a ___________, Certification Authorities (CA’s) are arranged in a heirarchy and sign public key pairs.

Answer 115

“PKI infrastructure” Public Key Infrastructure (PKI)

Question 116

What is cross-site request forgery (XRSF)?

Answer 116

When a script on a website is configured to manipulate a computer other than the web server.

Cross-site Request Forgery (XSRF) occurs when unauthorized commands are executed on a web server by a trusted user.

Question 117

Which SIEM feature would be best for long-term storage and security?

Answer 117

Logs/WORM - provides the best option for longer-term storage and security. WORM is an acronym for “Write Once, Read Many” and the data cannot be modified once it has been written.

Question 118

What is SIEM?

Answer 118

SIEM is a subsection within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.

Question 119

Your organization is a subcontractor for a major government defense contractor. While writing an incident response plan, you must determine the circumstances under which to bring in an outside contractor. Which portion of the incident response plan includes this information?

Answer 119

Reporting and escalation guidelines – The reporting requirements would indicate how incidents are reported, what documentation is required, and what outside agencies (if any) should be indentified.

Escalation guidelines would indicate udner what circumstances you need to ask for additional assistance.

Question 120

Your client is migrating from a windows based server to an apache server. You need to convert X.509 certificate on the new Apache server. What is the original file extension for the X.509 certificate?

Answer 120

PFX - a PFX certificate file is used by Microsoft, and contains both the public and private keys. The container is fully encrypted. You should use OpenSSL to convert this into a PEM encoded file. The two most common file types for exporting the private key are PFX and P12 (can contain certificates, certificate chains and private keys).

Question 121

Recently, several confidential messages from your company have been intercepted. Your company has decided to implement PGP to encrypt files. Which type of model does the encryption use?

a. bus
b. web
c. heirarchy
d. ring

Answer 121

web

PGP uses a ‘web of trust’ to validate public key pairs. Web of trust model users sign their own key pairs. If a user wants to receive a file enctrypted with PFP, the user must first supply the public key.

Question 122

Which memory vulnerability is associated with multithreaded applications?

a. DLL injection
b. Race Condition
c. Resource exhaustion
d. Pointer dereferencing

Answer 122

Race condition

it occurs when you have a variable that is accessed by several threads of an application. Improper handling of that varialbe can lead to unexpected values associated with the variable in question.

Question 123

Your client is developing a new wesite. The web administrator has indicated that she would like to use a low-cost certificate to offer Transport Layer Security (TLS) to the new domain.
What type of certificate should you recommend?

Answer 123

Domain validation - are very common. They are low-cost and are often used by web admins to offer TLS to a domain. They are validated using only the domain name.

Question 124

Users are complaining that the new biometric identification system is difficult to use. They are saying that even though the initial login worked fine, they have difficulty logging in later. In addition to user training, what should you investigate?

Answer 124

FRR (False Rejection Rate) - You should investigate the devices FRR to determine its accuracy. FRR measures how likely it would be that an authorized user is denied acess to the system. Express as a ratio.

Question 125

You want to ensure that cerificates that have expired, been replaced or were revoked are no longer used. You discover that updates to the list of invalid certificates may take 24-48 hrs to circulate. Leaving a window of vulnerabiility in which invalid keys may be accepted.
Which of these solutions is the BEST to use if you want to avoid accepting invalid keys?

a. OCSP
b. OID
c. CSR
d. CRL

Answer 125

OCSP (Online Certificate Status Protocol)

-is a real-time protocol for validating keys. OCSP is replacing CRL, which takes 24-48 hrs to broadcast.

Question 126

What is STP and what is it used for?

Answer 126

STIP is “Spanning Tree Protocol”. It is the primary loop protection on an ethernet network.

Question 127

What system will provide an alert in the event of a breach on a “single” server or computer?

a. HIPS
b. DNS
c. OCSP
d. HIDS

Answer 127

HIDS (Host-based Intrusion Detection System)

Note: Intrusion “detection” system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on it’s network interface.

Question 128

Passwords based on some personal fact or opinion. They are things like you mothers maiden name, your favorite color or school where you graduated.

a. static password
b. software-generated password
c. dynamic password
d. cognitive password
e. biometric login

Answer 128

Cognitive passwords

Question 129

Occurs when an attacker exploits the three-packet Transmission Control Protocol (TCP) handshake? A _____ attack is a type of denial-of-service (DOS) attack?

a. man in the middle
b. SYN flood
c. smurf
d. brute force

Answer 129

SYN flood attack

-is a form of denial-of-service attack in which an attacker sends a succession of SYN (synchronize) requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic

Question 130

Occurs when unexpected values are provided as input to an application to make the application crash.

a. Fuzzing
b. XSRF
c. XSS
d. Footprinting

Answer 130

Fuzzing

-hackers will use thousands of commands to crash a program and watch the crash log to find a way to input code where that commands might be stored and get the program to do it’s bidding (example).

Question 131

_____ is a “system” or a program employed to protect critical computer systems containing crucial data against viruses and other internal malware. _____ will go a step further and stop the attack, to help “prevent” data loss. Logs inbound traffic.

a. HIPS
b. DNS
c. OCSP
d. HIDS

Answer 131

HIPS (Host-based Intrusion Prevention System

Question 132

You are researching the different types of firewalls that you can install to protect your company’s network and assets. Which type of firewall is most detrimental to network performance?

a. circuit-level proxy firewall
b. packet filtering firewall
c. stateful inspection firewall
d. application-level proxy firewall

Answer 132

Application-level proxy firewall - is most detrimental to the network performance because it requires more processing per packet.

Question 133

You need to ensure that a set of users can access information regarding departmental expenses. However, each user should only be able to view the expenses for the department in which they work. Senior Managers should be able to view the expenses for all departments. Which database security feature provides this granular access control?

Answer 133

Database view - content dependent access control is based on sensitivity of information and the user privilege.

Question 134

You have decided to install a proxy server on your network. Which type of proxy is also called a “surrogate proxy”?

Answer 134

Reverse Proxy - It faces the internal network and is used for several purposes, including web page caching, decryptioin, authentication, and load-balancing.

Question 135

You have just installed a new PTP server, but you do not know what information the FTP server is transmitting when a user initially connects to it. Which tool could you use to discover that information and consequiently know hwat information an attacker could exploit?

Answer 135

Banner Grabbing - a network administrator could use banner grabbing to identify information to circumvent that exploit. Banner grabbing intercepts a text file sent by a server or a host. The text file includes OS information and in the case of a web server, perhaps the basic configuration info. The attacker can then exploit that information.

Question 136

Your company has recently adopted a new security policy that states that all confidential emails must be signed using a digital signature. Which three elements are provided by implementation of this technology. (Choose three)

a. Non-repudiation
b. identification
c. authentication
d. authorization
e. integrity

Answer 136

non-repudiation

authentication

integrity

Question 137

You have been hired as the security administrator for a company. During your first weeks, you discover that most of the client and server computers are not protected from intrusions in any way. For the servers, management wants you to implement a solution that will prevent intrusions on a single server.
Which system should you implement to satisfy management requiest?

a. IDS
b. HIPS
c. IPS
d. HIDS

Answer 137

HIPS - implement “Host Intrusion Prevention System” to prevent intrusions on a single server or computer.

Question 138

You have setup an auditing system for the servers on your network. Which three statements regarding an audit trail are not true?

a. An audit trail logs service access.
b. An audit trail shows unsuccessful login attempts.
c. An audit trail is reviewed only when an intrusion is detected.
d. An audit trail does not record successful login attempts.
e. An audit trail is a preventative control.

Answer 138

An audit trail is reviewed only when an intrusion is detected.
An audit trail does not record successful login attempts.
An audit trail is a preventative control.

Question 139

The new anti-virus application that your company purchased claims that it protects against all types of viruses, including multipart viruses. Which statement correctly defines this type of virus?

a. A multipart virus can infect executable files and boot sectors of hard disk drives.
b. A multipart virus can hide itself from anti-virus software by distorting it’s own code
c. A multipart virus can change some of it’s characteristics while it replicates
d. A multipart virus is encoded in a macro

Answer 139

A multipart virus can infect executable files and boot sectors of hard disk drives.