Practice Test (1) Flashcards
You are asked to separate the Sales and Marketing department’s network traffic on a layer 2 device within a LAN. This will reduce broadcast traffic and prevent the departments from seeing each other’s resources. Which of the following types of network design would be the best choice?
MAC
NAT
VLAN
VLAN
A virtual LAN (VLAN) is designed to allow network administrators to segment networks within a LAN. Each network will not be able to see traffic assigned to other systems within other VLANs within the same LAN
You are a network administrator and your company has asked you to perform a survey of the campus for open Wi-Fi access points. You walk around with your smartphone looking for unsecured access points that you can connect to without a password. What type of penetration testing concept is this called?
Escalation of privilege
Active reconnaissance
Passive reconnaissance
Passive reconnaissance
Passive reconnaissance is an attempt to obtain information about a computer system and networks without actively engaging with the system
Which of the following is a certificate-based authentication that allows individuals access to U.S. federal resources and facilities?
Proximity card
TOTP
PIV card
PIV card
A personal identity verification (PIV) card contains the necessary data for the cardholder to be allowed to enter federal facilities
You attempt to log into your company’s network with a laptop. The laptop is quarantined to a restricted VLAN until the laptop’s virus definitions are updated. Which of the following best describes this network component?
NAT
DMZ
NAC
NAC
A Network Access Control (NAC) enforces security policies and manages access to a network. It enables compliant, authenticated, and trusted devices to enter the network and access resources. If the device isn’t compliant, it will either be denied access or have limited access until the device becomes compliant
You have been asked to implement a security control that will limit tailgating in high-secured areas. Which of the following security control would you choose?
Mantrap
Faraday cage
Airgap
Mantrap
A mantrap is a physical security access control that contains two sets of doors. When the first set of doors is closed, the second set opens. This access control prevents unauthorized access to a secure area
Your company’s network administrator is placing an Internet web server in an isolated area of the company’s network for security purposes. Which of the following architecture concepts is the network administrator implementing?
Honeynet
DMZ
Proxy
DMZ
A dematerialized zone (DMZ) separates the local area network (LAN) from untrusted networks such as the Internet. Resources that are placed in the DMZ are accessible from the Internet and protect resources located in the LAN
Your company is offering a new product on its website. You are asked to ensure availability of the web server when it receives a large number of requests. Which of the following would be the best option to fulfill this request?
VPN concentrator
SIEM
Load balancer
Load balancer
A load-balancer will distribute and manage network traffic across several servers to increase performance
You are a security administrator for a manufacturing company that produces compounded medications. To ensure individuals are not accessing sensitive areas where the medications are created, you want to implement a physical security control. Which of the following would be the best option?
Security guard
Signs
Faraday cage
Security guard
A security guard is a major role in all layers of security. A guard can execute many functions such as patrolling checkpoints, overseeing electronic access control, replying to alarms, and examining video surveillance
An attacker exploited a bug, unknown to the developer, to gain access to a database server. Which of the following best describes this type of attack?
Zero-day
Cross-site scripting
ARP poisoning
Zero-day
A zero-day attack takes advantage of a security vulnerability on the same day the vulnerability becomes known. Attackers may find vulnerabilities before the company discovers it
A new employee added network drops to a new section of the company’s building. The cables were placed across several fluorescent lights. When users attempted to connect to the data center on the network, they experienced intermittent connectivity. Which of the following environmental controls was the most likely cause of this issue?
DMZ
EMI
BIOS
EMI
Electromagnetic interference (EMI) will disrupt the operation of an electronic device when it is in the area of an electromagnetic field
What method should you choose to authenticate a remote workstation before it gains access to a local LAN?
Router
Proxy server
VPN concentrator
VPN concentrator
A VPN concentrator is a device that creates a remote access or site-to-site VPN connection. A VPN concentrator is used when a company has a large number of VPN tunnels
Which of the following allows a company to store a cryptographic key with a trusted third party and release it only to the sender or receiver with proper authorization?
CRL
Key escrow
Trust model
Key escrow
A key escrow is a location in where keys can be gained by authorized users to decrypt encrypted data
Your company recently upgraded the HVAC system for its server room. Which of the following security implications would the company be most concerned about?
Confidentiality
Availability
Integrity
Availability
Availability would be the biggest concern because the computers would not operate properly if the HVAC system does not work properly. Should the HVAC system not cool the server room adequately, the computers would not operate and become unavailable to their users
Your company provides secure wireless Internet access to visitors and vendors working onsite. Some of the vendors are reporting they are unable to view the wireless network. Which of the following best describes the issue?
MAC filtering is enabled on the WAP.
The SSID broadcast is disabled.
The wrong antenna type is being used.
The SSID broadcast is disabled.
The correct answer is that the SSID broadcast is disabled. Disabling the SSID, the user must enter the SSID to attempt to connect the wireless access point
Your company’s sales team is working late at the end of the month to ensure all sales are reported for the month. The sales members notice they cannot save or print reports after regular hours. Which of the following general concepts is preventing the sales members from performing their job?
Job rotation
Time-of-day restrictions
Least privilege
Time-of-day restrictions
Time-of-day restrictions are a form of logical access control where specific applications or systems are restricted access outside of specific hours
Which of the following symmetric algorithms are block ciphers? (Choose three.)
3DES
ECDHE
RSA
RC4
SHA
Twofish
3DES
RC4
Twofish
3DES, RC4, and Twofish are known as symmetric algorithms. They use the same key to encrypt and decrypt data
A security officer has asked you to use a password cracking tool on the company’s computers. Which of the following best describes what the security officer is trying to accomplish?
Looking for strong passwords
Enforcing a password complexity policy
Looking for weak passwords
Looking for weak passwords
The correct answer is looking for weak passwords. A password-cracking tool can potentially discover users who are currently using weak passwords
Which of the following test gives testers comprehensive network design information?
White box
Black box
Gray box
White box
White-box testing refers to the process of testing a network with all information known about the network or layout
You are the network administrator for your company and want to implement a wireless network and prevent unauthorized access. Which of the following would be the best option?
RADIUS
TACACS+
Kerberos
RADIUS
Remote Authentication Dial-In User Service (RADIUS) enables remote access servers to communicate with a central server. This central server is used to authenticate and authorize users to access network services and resources
Why is input validation important to secure coding techniques? (Choose two.)
It mitigates shoulder surfing.
It mitigates buffer overflow attacks.
It mitigates ARP poisoning.
It mitigates XSS vulnerabilities.
It mitigates buffer overflow attacks.
It mitigates XSS vulnerabilities.
The correct answers are mitigating buffer overflow attacks and cross-site scripts (XSS) vulnerabilities. A buffer overflow attack occurs when a program attempts to place more data in a buffer (memory) than it can hold. This action can corrupt data, crash the program, or execute malicious code. XSS vulnerabilities are found in web applications and are executed by injecting malicious code to gather users’ information
To authenticate, a Windows 10 user draws a circle around a picture of a dog’s nose and then touches each ear starting with the right ear. Which of the following concepts is this describing?
Something you do
Something you know
Something you have
Something you do
The correct answer is something you do. This is an example of picture password. A user selects a photo of their choice and record gestures over it. Each gesture can be a line, a circle, or a dot, executed in an exact order. The user will repeat the gestures to log into their Windows account
Which of the following countermeasures is designed to best protect against a brute-force password attack?
Account disablement
Password length
Account lockout
Account lockout
Account lockout prevents the hacker from accessing the user’s account by guessing a username and password. It also locks the account for a determined amount of time or until an administrator has unlocked the account
You are a security administrator reviewing the results from a network security audit. You are reviewing options to implement a solution to address the potential poisoning of name resolution server records. Which of the following would be the best choice?
SSH
DNSSEC
TLS
DNSSEC
DNS Security Extensions (DNSSEC) protect against attackers hijacking the DNS process and taking control of the session. DNSSEC digitally signs data so that the user can be assured the data is valid
Your manager has implemented a new policy that requires employees to shred all sensitive documents. Which of the following attacks is your manager attempting to prevent?
Tailgating
Dumpster diving
Shoulder surfing
Dumpster diving
Dumpster diving is an attack performed by searching through trash for sensitive information that could be used to perform an attack on a company’s network
Which of the following cryptography algorithms support multiple bit strengths?
DES
MD5
AES
AES
Advanced Encryption Standard (AES) uses key sizes that are 128, 192, and 256 bits
A network security auditor will perform various simulated network attacks against your company’s network. Which should the security auditor acquire first?
Vulnerability testing authorization
Transfer risk response
Penetration testing authorization
Penetration testing authorization
The correct answer is penetration testing authorization. This authorization’s goal is to protect the security auditor performing the work against likely attacks
A system administrator is told an application is not able to handle the large amount of traffic the server is receiving on a daily basis. The attack takes the server offline and causes it to drop packets occasionally. The system administrator needs to find another solution while keeping the application secure and available. Which of the following would be the best solution?
Sandboxing
DMZ
Cloud computing
Cloud computing
Cloud computing is based on the concept of a hosted service provided over the Internet. Companies can have access to power processing and power storage rather than burdening the cost of creating and hosting their own system
You are a security administrator and are observing unusual behavior in your network from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. You have updated the antivirus definition files and performed a full antivirus scan. The scan doesn’t show any clues of infection. Which of the following best describes what has happened on the workstation?
Buffer overflow
Session hijacking
Zero-day attack
Zero-day attack
A zero-day attack takes advantage of a security vulnerability on the same day the vulnerability becomes known. Attackers may find vulnerabilities before the company discovers it
You are the security engineer and have discovered that communication within your company’s encrypted wireless network is being captured with a sniffing program. The data being captured is then being decrypted to obtain the employee’s credentials to be used at a later time. Which of the following protocols is most likely being used on the wireless access point? (Choose two.)
WPA2 Personal
WPA2 Enterprise
WPA
WEP
WPA
WEP
Wired Equivalent Privacy (WEP) and WiFi Protected Access (WPA) are security protocols for WLANs. They are known to have vulnerabilities and are prone to attacks
A network manager has implemented a strategy so that all workstations on the network will receive required security updates regularly. Which of the following best describes what the network manager implemented?
Sandboxing
Ad hoc
Patch management
Patch management
Patch management consists of collecting, testing, and installing patches to a computer within a local network
Your manager wants to secure the FTP server by using SSL. Which of the following should you configure?
FTPS
SFTP
SSH
FTPS
FTPS (File Transfer Protocol Secure) is an extension to FTP (File Transfer Protocol) with added support for Transport Layer Security (TLS) and Secure Socket Layer (SSL) security technology
You are an IT security officer and you want to classify and assess privacy risks throughout the development life cycle of a program or system. Which of the following tools would be best to use for this purpose?
BIA
PIA
RTO
PIA
PIA (privacy impact assessment) is a tool used to collect personally identifiable information (PII). It states what is collected and how the information will be maintained and how it will be protected
Which of the following types of risk analysis makes use of ALE?
Qualitative
SLE
Quantitative
Quantitative
The correct answer is quantitative. Specific dollar values are used to prioritize risk. This is why ALE (annual loss expectancy) is classified as quantitative risk analysis
Which of the following statements best describes mandatory vacations?
Companies ensure their employees can take time off to conduct activities together.
Companies use them as a tool to ensure employees are taking the correct amount of days off.
Companies use them as a tool for security protection to detect fraud.
Companies use them as a tool for security protection to detect fraud.
Companies will use mandatory vacations policy to detect fraud by having a second person who is familiar with the duties help discover any illicit activities
Which of the following would you enable in a laptop’s BIOS to provide full disk encryption?
USB
HSM
TPM
TPM
A Trusted Platform Module (TPM) should be enabled because it is a specialized chip, also known as a hardware root of trust, that stores RSA encryption keys that are specific to the operating system for hardware authentication
Your company has hired a third-party auditing firm to conduct a penetration test against your network. The firm wasn’t given any information related to the company’s network. What type of test is the company performing?
White box
Red box
Black box
Black box
Black-box testing refers to the process of testing a network without any information known about the network or layout
Server room access is controlled with proximity cards and records all entries and exits.
These records are referred to if missing equipment is discovered, so employees can be identified. Which of the following must be prevented for this policy to become effective?
Shoulder surfing
Tailgating
Vishing
Tailgating
Tailgating, often referred to as piggybacking, is a physical security violation where an unauthorized person follows an authorized person (an employee) into a secure area
Company users are stating they are unable to access the network file server. A company security administrator checks the router ACL and knows users can access the web server, email server, and printing services. Which of the following is preventing access to the network file server?
Implicit deny
Port security
Flood guard
Implicit deny
Implicit deny is placed at the bottom of the list. If traffic goes through the ACL list of rules and isn’t explicitly denied or allowed, implicit deny will deny the traffic as it is the last rule. In other words, if traffic is not explicitly allowed within an access list, then by default it is denied
An employee informs you that the Internet connection is slow and they are having difficulty accessing websites to perform their job. You analyze their computer and discover the MAC address of the default gateway in the ARP cache is not correct. What type of attack have you discovered?
DNS poisoning
Impersonation
ARP poisoning
ARP poisoning
ARP poisoning is an attack created by an attacker by sending spoofed Address Resolution Protocol (ARP) messages onto a local network. This allows the attacker to monitor data passing through the network
Tony, a college student, downloaded a free word editor program to complete his essay. After downloading and installing the software, Tony noticed his computer was running slow and he was receiving notifications from his antivirus program. Which of the following best describes the malware that he installed?
Worm
Ransomware
Trojan
Trojan
A Trojan is malware that is disguised as a legitimate program and can allow hackers to gain access to a user’s system
Which of the following measures the amount of time required to return a failed device, component, or network to normal functionality?
RTO
MTTR
MTBF
MTTR
MTTR (mean time to repair) is the average time it takes for a failed device or component to be repaired or replaced
Natural disasters and intentional man-made attacks can cause the death of employees and customers. What type of impact is this?
Safety
Life
Finance
Life
The correct answer is life. Natural disasters and intentional man-made attacks can jeopardize the lives of employees. These attacks could include severe weather events, arson and other fires, and terrorist attacks
A user finds and downloads an exploit that will take advantage of website vulnerabilities. The user isn’t knowledgeable about the exploit and runs the exploit against multiple websites to gain access. Which of the following best describes this user?
Man-in-the-middle
Script kiddie
White hat
Script kiddie
A script kiddie is an immature hacker with little knowledge about exploits. The typical script kiddie will use existing and well-known techniques and scripts to search for and exploit weaknesses in a computer system
You are the IT security officer and you plan to develop a general cybersecurity awareness training program for the employees. Which of the following best describes these employees?
Data owners
Users
System administrators
Users
The correct answer is users. The company’s standard employees are their first line of defense. Users receive general cybersecurity awareness training
he system administrator needs to secure the company’s data-at-rest. Which of the following would provide the strongest protection?
Implement biometrics controls on each workstation.
Implement full-disk encryption.
Implement a host intrusion prevention system.
Implement full-disk encryption.
Full-disk encryption will protect the data that is not currently being accessed should the hard drive be compromised. Full-disk encryption will prevent an unauthorized individual from reading the data on the hard drive
Which of the following is a true statement about qualitative risk analysis?
It uses numeric values to measure the impact of risk.
It uses descriptions and words to measure the impact of risk.
It uses industry best practices and records.
It uses descriptions and words to measure the impact of risk.
Qualitative risk analysis uses descriptions and words to measure the amount of impact of risk. A weakness of qualitative risk analysis involves sometimes subjective and untestable methodology
Which of the following firewalls tracks the operating state and characteristics of network connections traversing it?
Stateful firewall
Stateless firewall
Application firewall
Stateful firewall
A stateful firewall distinguishes valid packets for different types of connections. Packets that match a known active connection will be allowed to pass through the firewall
Which of the following are examples of PII? (Choose two.)
Fingerprint
MAC address
Home address
Gender
Fingerprint
Home address
The correct answers are fingerprint and home address. This data is often used to distinguish an individual identity as per the personally identifiable information definition used by NIST
An employee informs you they have lost a corporate mobile device. What is the first action you perform?
Enable push notification services.
Remotely wipe the mobile device.
Enable screen lock.
Remotely wipe the mobile device.
The correct answer is to remotely wipe the mobile device. This action will prevent sensitive data from being accessed by an unauthorized person
You have created a backup routine that includes a full backup each Sunday night and a backup each night of all data that has changed since Sunday’s backup. Which of the following best describes this backup schedule?
Full and incremental
Full and differential
Snapshots
Full and differential
The correct answer is full and differential. Full backup is considered the most basic type as it copies all of the files. Differential backup copies all the files that have changed since the last full backup
