Practice Test #2

Question 1

Which TCP/IP protocol can be used to manage and monitor all types of network devices?

A)SNMP
B) NIPS
C) SMTP
D) NIDS

Answer 1

SNMP

(SNMP) Simple Network Management Protocol is an industry standard for managing and monitoring printers, servers, workstations, routers, switches, IP phones, and so on. SNMP version 3 should be used because it provides encryption and integrity functionality.

Question 2

While discussing incident response policies during a meeting, your boss requests a dollar figure and the amount of downtime the company would suffer if a worm infected the corporate LAN. What type of study should you conduct?

A) business impact analysis
B) vulnerability analysis
C) packet analysis
D) risk analysis

Answer 2

Business impact analysis

Business impact analysis is correct. Studying the effect of unfavorable events (such as a computer worm) upon business operations is referred to as a business impact analysis.

Question 3

A malicious user uses an Internet chat room to issue commands to 700 compromised computers around the world. The zombies are instructed to execute a smurf attack against a web site. What type of attack is this?

A) exploitation framework
B) distributed denial-of-service
C) distributed cracker
D) distributed gargamel-elgamel attack

Answer 3

Distributed denial-of-service

Distributed denial of service is correct. Distributed denial of service (DDoS) attacks flood victim networks with traffic in an attempt to prevent legitimate service access. Using a botnet to execute a smurf attack does just this.

Question 4

An organic food retail chain is adding six new stores within the next month. Each retail store outlet will accept cash, debit, and credit card payments. To satisfy the board of directors, the IT staff is asked to provide a solution that will ensure data transfers to unauthorized locations can be monitored and/or blocked. What kind of solutions should the IT staff investigate?

A) HSM
B) ARP
C) DLP
D) TLS

Answer 4

DLP

DLP is correct. Data loss prevention (DLP) ensures that private data stays private. This can be done with deep packet inspection such as data (e-mail messages, attachments) leaving an intranet or entering or leaving the cloud, data copied to media, data sent to printers, and so on.

Question 5

Which security principle enables the discovery of potentially inappropriate or fraudulent activity committed by employees?

A) job rotation
B) Separation of Duties
C) mandatory vacations
D) data loss prevention

Answer 5

Mandatory Vacations

Mandatory vacations enable the potential discovery of irregularities in a job role by whoever fills that role while an employee is on vacation. The new person can audit previous activities or compile associated reports that uncover fraudulent activity.

Question 6

A Linux firewall administrator creates a rule allowing inbound packets from 148.34.99.17 destined for TCP port 22 on 206.2.4.45. Which of the following statements regarding this firewall rule are true, assuming default ports are in use? (Choose three.)

A) successful connections from 148.34.99.17 to 206.2.4.45 will be encrypted
B) the rule applies to layer 6 of the OSI model
C) the rule allows SSH administration of 206.2.4.45
D) the rule applies to layer 4 of the OSI model

Answer 6

-Successful connections from 148.34.99.17 to 206.2.4.45 will be encrypted
-The rule allows SSH administration of 206.2.4.45
-The rule applies to layer 4 of the OSI model

SSH by default uses TCP port 22 to allow encrypted connections for remote administration from 148.34.99.17 targeted to the SSH host at 206.2.4.45. Port numbers apply to layer 4 (Transport) of the OSI model.

Question 7

Which term describes an intentionally vulnerable computer used to track malicious activity?

A) unpatched
B) honeypot
C) logging host
D) honeynet

Answer 7

Honeypot

Honeypot is correct. Honeypots are left intentionally vulnerable to attract malicious attacks for logging or analytical purposes.

Question 8

Which type of attack attempts to trick users into providing their legitimate web site credentials to access malicious web sites?

A) phishing
B) spam
C) Social Engineering
D) cross-site scripting

Answer 8

Phishing

Phishing scams often manifest themselves as web site links within official looking e-mail messages asking a user to confirm her account information or something similar. The unsuspecting user is then redirected to a malicious web site that captures the credentials she enters.

Question 9

Which key is used to encrypt a file in a PKI environment?

A) session key
B) random key
C) public key
D) private key

Answer 9

Public key

Public key is correct. Public keys are most often used to encrypt user files directly or to generate file encryption keys that are then used to encrypt files. The mathematically related private key is used to decrypt user files. The keys can be stored in a directory (such as Microsoft Active Directory), in a protected file on a disk, or on a smart card. Storing private keys in unprotected files, such as those without password protection, is considered a poor key management practice.

Question 10

Which type of SOC report focuses on the efficacy of security controls required to meet trust principles?

A) SOC 2 type 2
B) SOC 2 type 1
C) SOC 2 type 4
D) SOC 2 type 3

Answer 10

SOC 2 type 1

SOC 2 Type 1 is correct. SOC 2 Type 1 documents IT systems and business processes to ensure compliance with security trust requirements.

Question 11

Users complain about junk mail occupying more space in their inboxes than legitimate mail. What should be used to reduce the junk mail entering user mailboxes?

A) PKI
B) port scanner
C) TLS
D) spam filtering

Answer 11

Spam filtering

Spam filtering is correct. Junk e-mail is called spam, and it can be reduced by configuring spam filtering software.

Question 12

You must determine which TCP port a custom seismic activity application uses in order to configure a firewall rule allowing access to the program. The application is running on a host named ROVER that also runs other custom network applications. Users connect to an internal web site, which in turn connects to ROVER to use the custom application. How can you find out which TCP port the custom application uses?

A) generate activity to the seismic activity app and capture the traffic
B) run a port scan against ROVER
C) run the NETSTAT -P TCP command
D) ping ROVER

Answer 12

Generate activity to the seismic activity app and capture the traffic

Generate activity to the seismic activity app and capture the traffic is correct. Using a protocol analyzer (packet sniffer) such as Wireshark or the Linux tcpdump command to capture the relevant network traffic from the web site to ROVER will reveal the TCP port being used by examining the TCP packet header. This enables technicians to use the port number to configure application or network-based firewall rules correctly.

Question 13

To increase response time to your public web site, you decide to purchase three network load-balancing appliances to match your three web servers. Your web site is registered with the name www.faroutwidets.com using IP address 216.76.0.55. What IP addresses should the public interface of each load balancer assume?

A) 216.76.0.55, 216.76.0.55, 216.76.0.55
B) 216.76.0.52, 216.76.0.53, 216.76.0.54
C) 216.76.0.56, 216.76.0.57, 216.76.0.58
D) 216.76.0.55, 216.76.0.56, 216.76.0.57

Answer 13

216.76.0.55, 216.76.0.55, 216.76.0.55

216.76.0.55, 216.76.0.55, 216.76.0.55 is correct. Network load balancers (NLBs) should accept client requests to the requested service (216.76.0.55); thus, they must all be configured to listen on the same virtual IP address. Incoming client requests are then distributed to the least busy backend web servers. When multiple load balancers are used, active/active configurations mean all load balancers are active simultaneously. Active/passive means only one load balancer is active; the passive node becomes active when the active node goes down.

Question 14

Which technique can easily reveal internal business procedures and computing configurations?

A) shoulder surfing
B) phishing
C) tailgating
D) dumpster diving

Answer 14

Dumpster Diving

Dumpster diving is correct. Dumpster diving involves analyzing discarded documentation to learn about a company’s operations, view employee names and e-mail addresses, and so on.

Question 15

You are modifying a script that retrieves computer statistics remotely in an enterprise network. The script has a .PS1 file extension and contains statements such as this:

Get-Service | Where{$_.status –eq "Running"}

What type of script is this?

A) shell scripting
B) batch file
C) powershell
D) python script

Answer 15

PowerShell

PowerShell is correct. Microsoft PowerShell uses a verb-noun type of syntax and is used by network administrators to manage computers.

Question 16

A technician connects to an Internet SMTP host using the telnet command and issues the following commands: Helo smtp1.acme.ca Mail from:president@whitehouse.gov Rcpt to:billgates@microsoft.com Data:Subject:Linux versus Windows Hi Bill. Please take note that open source software is set to achieve world dominance. Thanks. – The Pres ``` How can these two users prevent this type of attack? (Choose two.)

A) exchange public key
B) disable SMTP on smtp1.acme.ca
C) Uninstall telnet from all computers
D) digitally sign e-mails using private key

Answer 16

-Exchange public key
-Digitally sign e-mails using private key

Exchange public keys and digitally sign e-mails using private keys are correct. A private key is used by the sender to generate a unique signature for an e-mail message. The recipient uses the related sender public key to verify the validity of the signature. Spoofed SMTP messages cannot have a valid digital signature, since hackers will not have access to the sender’s private key.

Question 17

Social engineering breaches which of the following?

A) intimidation
B) trust
C) authority
D) familiarity

Answer 17

Trust

Trust is correct. Social engineering is a breach of trust in which victims are lured into trusting the validity of the person or company they are in communication with.

Question 18

Which concept exposes employees to varying job roles to increase their overall knowledge of the business?

A) Separation of Duties
B) job rotation
C) mandatory vacations
D) least privilege

Answer 18

Job Rotation

Job rotation is correct. Job rotation enables employees to learn about various business roles, which is beneficial to the organization.

Question 19

A user reports that when he connects to a secured website at https://www.fakeacmewidgets.com, the web address changes to http://www.fakeredirect.uk, but the website content looks the same. The user has never noticed this URL change before. What type of attack does this behavior indicate?

A) DoS
B) ARP poisoning
C) cross-site scripting
D) DNS poisoning

Answer 19

DNS poisoning

DNS poisoning is correct. DNS poisoning can redirect requests for a legitimate web site address to another web server that may gather personal user information such as account numbers or passwords.

Question 20

Chandra is a software developer. She has just completed a web application for a hardened e-commerce web site. What should be done before the application goes live?

A) ping the website to ensure it is functional
B) use security fuzzing
C) patch the web server
D) test the PKI code in the web application

Answer 20

Use security fuzzing

Use security fuzzing is correct. Security fuzzing is a process by which sample data is passed to the application to test its security and functionality.

Question 21

Two users agree on a passphrase that is used to encrypt communications between their cell phones. Which of the following best describes this type of key?

A) private
B) public
C) asymmetric
D) symmetric

Answer 21

Symmetric

Symmetric is correct. When the same key is used to encrypt and decrypt, this is called symmetric encryption.

Question 22

Which of the following are considered benefits of server virtualization? (Choose two.)

A) centralized data storage
B) faster network access
C) cheaper software licensing
D) efficient application of software updates

Answer 22

-Centralized data storage
-Efficient application of software updates

Efficient application of software updates and centralized data storage are correct. Because virtualized servers could be running on the same physical host, patch deployment is efficient. Virtualized servers often use shared disk storage, thus centralizing data and making backups quicker and easier.

Question 23

Which two activities commonly result from hacker-controlled botnets consisting of many infected computers?

A) DDoS
B) spam
C) ransomware
D) spyware

Answer 23

-DDoS
-Spam

DDoS and Spam are correct. Botnets are collections of computers under hacker control. Spam messages or distributed denial of service (DDoS) attacks are easily launched from botnets because of the number of controlled computers. DDoS mitigators use techniques such as up-to-date IP reputation databases to detect attacks.

Question 24

Which type of security testing does not provide any information at all to testers?

A) partially known environment
B) known environment
C) laterally known environment
D) unknown environment

Answer 24

Unknown environment

Unknown environment security testing does not provide any information on software coding, network layout or addressing, phone numbers, usernames, and so on. Testers must piece together relevant data to construct a picture of what they are testing.

Question 25

What can be done to harden a public e-commerce web server, assuming default ports are being used? (Choose two.)

A) do not use an administrative account to run the web server
B) do not use TCP port 80 or 443
C) install an SSL certificate and enable PKI
D) install a PKI certificate and enable TLS

Answer 25

-Do not use an administrative account to run the web server
-Install a PKI certificate and enable TLS

Install a PKI certificate and enable TLS and Do not use an administrative account to run the web server. are correct. You can enable TLS and install a PKI certificate on a web server. Web servers run with a user account, and this should be a limited account with limited system privileges in case the web server is compromised by an attacker.

Question 26

What can be used to prevent malicious e-mail file attachments from being opened by users?

A) antivirus software
B) anti-spam software
C) host-based firewall
D) pop-up blocker

Answer 26

Antivirus software

Antivirus software running on user computers can detect infected file attachments sent via e-mail.

Question 27

An unsuspecting user downloads a free hard disk optimization program. A few days later, her bank notifies her that her credit card has been used in another country. Which type of malware is most likely responsible for this security breach?

A) worm
B) spam
C) trojan
D) zombie

Answer 27

Trojan

Trojans present themselves as useful, benign software when in fact they are malicious code. A downloaded disk optimization program could contain a keylogger that captures credit card information that a user types in.

Question 28

An attacker enters an office building and plugs his laptop into an unused network jack behind a plant in the reception area. He is then connected to the LAN, where he initiates an ARP poisoning attack. How could this have been prevented? (Choose two.)

A) use a strict IPSec policy for all LAN computers
B) update all virus scanners
C) disable unused switch ports
D) use a strict firewall policy on the perimeter firewall

Answer 28

-Use a strict IPSec policy for all LAN computers
-Disable unused switch ports

IPSec can be used to ensure that network traffic is accepted only from appropriate computers. For example, a LAN could use PKI certificates with IPSec—traffic from computers without a trusted PKI certificate would simply be dropped. Switch ports not in use should be disabled to prevent unauthorized network connectivity.

Question 29

You have been tasked with ensuring that sensitive data is properly removed from decommissioned storage devices. Which term describes what must be done?

A) stapling
B) data sanitization
C) key escrow
D) pinning

Answer 29

Data sanitization

Data sanitization is a technique used to ensure that data remnants cannot be retrieved from used storage media.

Question 30

An employee signs a document stating that company e-mail may be used only to conduct business; personal messages are forbidden. What type of policy is this?

A) e-mail retention
B) acceptable use
C) storage retention
D) disaster recovery

Answer 30

Acceptable Use

A document stating how company assets can and cannot be used is an acceptable use policy.

Question 31

A retail sales clerk is not allowed to maintain related bookkeeping records for accounting purposes. Which security principle does this apply to?

A) job rotation
B) due diligence
C) Separation of Duties
D) least privilege

Answer 31

Separation of Duties

To reduce the possibility of fraud, no single business task and its bookkeeping should be performed by a single person.

Question 32

Which Linux command can be used to capture network traffic?

A) chmod
B) tcpdump
C) head
D) grep

Answer 32

Tcpdump

The tcpdump command can be used to capture network traffic. Command line parameters control through which network interface capturing occurs and whether captured traffic is displayed on the screen or written to a file.

Question 33

Your manager asks you to identify the amount of time and personnel required to address a worm virus infection on the corporate WAN. You estimate it would take six technicians two days to remove the infection, at a total cost of $2800. Which type of analysis would this dollar figure best relate to?

A) Quantitative risk analysis
B) business impact analysis
C) ALE analysis
D) ARO analysis

Answer 33

Business impact analysis

A business impact analysis studies the impact (financial in this case) that an incident presents to a business.

Question 34

One of your Linux servers periodically hangs until you force a reboot. You decide to investigate the issue to determine what circumstances may be causing the failure. What should you do?

A) log in to the Linux host with the root account
B) view modification time stamps for files in the/etc directory
C) analyze the Linux server logs around the failure dates and times
D) view files in the/etc directory

Answer 34

Analyze the Linux server logs around the failure dates and times

Analyze the Linux server logs around the failure dates and times is correct. You should analyze the Linux log files to determine what may have been happening around the dates and time of the failures. Missing date ranges within logs could indicate an anomaly that warrants further analysis.

Question 35

A user logs in to a workstation by providing a username and password. She then accesses secured resources on additional server and Intranet web sites without authenticating a second time. What has been configured to enable this?

A) cookies
B) SSO
C) smartcard
D) PKI

Answer 35

SSO

SSO is correct. Single Sign-On (SSO) eliminates additional authentication prompts by using pass-through authentication.

Question 36

Which tool can be used primarily to detect security misconfigurations?

A) port scanner
B) vulnerability scanner
C) protocol analyzer
D) virus scanner

Answer 36

Vulnerability scanner

Vulnerability scanner is correct. Vulnerability scanners scan one or more network devices for security weaknesses, usually by comparing a database of known vulnerabilities against a machine’s configuration.

Question 37

You need to analyze a disk volume on a Linux server, but you do not want to modify the original file system in any way. Which Linux command should you use to create an exact copy of the disk volume for forensic analysis?

A) chmod
B) grep
C) dd
D) nslookup

Answer 37

DD

DD is correct. The Linux dd command can be used to create an exact copy of a disk volume, while leaving the original disk volume intact.

Question 38

Which of the following best describes security fuzzing?

A) jamming wifi radio-frequencies to prevent rogue access points
B) conducting a quick overview security audit
C) injecting spoofed packets on a network
D) providing random data to test application security

Answer 38

Providing random data to test application security

Application fuzzing refers to the process of submitting sample data to test software.

Question 39

You need to view the contents of a text-based Linux configuration file. Which command should you use?

A) cat
B) grep
C) head
D) chmod

Answer 39

Cat

cat is correct. The cat command is used to view the contents of text files, for example: cat file1.txt.

Question 40

What can be done to secure user accounts from brute-force password attacks? (Choose the best answer.)

A) create user accounts from user templates
B) set account expiration dates
C) enable account lockout
D) enable SSO

Answer 40

Enable account lockout

Enable account lockout is correct. Account lockout protects user accounts from repeated attempts to crack passwords. The account is locked for a period of time after a number of incorrect password attempts.

Question 41

What type of server provides centralized authentication services for devices such as Ethernet switches and wireless routers?

A) DNS
B) HTTP
C) LDAPS
D) RADIUS

Answer 41

RADIUS

RADIUS (Remote Authentication Dial-In User Service) servers provide centralized authentication. RADIUS clients such as wireless routers and Ethernet switches forward client requests to a RADIUS server for authentication before allowing network access. This type of authentication is a variation of network access control (NAC). Checking requesting clients for other items, such as applied updates, up-to-date virus signature databases, and so on, requires a client agent.

Question 42

Your NIDS alerts you of excessive network traffic spreading through each of your five VLANs. The problem seems to stem from malicious software that keeps replicating itself across the network. You react according to your incident response plan by turning off the affected switches. What caused the problem?

A) trojan
B) worm
C) fileless virus
D) spyware

Answer 42

Worm

Worms are self-replicating malware that can consume network bandwidth, resulting in an unusable network. Virus scanners can detect known worm patterns. Inline network-based intrusion and detection systems (NIDs) examine network traffic as it traverses the network as opposed to stored captures (passive or offline).

Question 43

You must distribute the network traffic among a collection of mirrored servers. Which device should you use?

A) proxy server
B) NAT
C) load mirror
D) load balancer

Answer 43

Load balancer

Load balancer is correct. Load balancers attempt to distribute network traffic evenly to a collection of hosts. Unlike DNS round robin configurations to distribute network traffic, load balancers can detect unavailable hosts and prevent traffic from being sent to them.

Question 44

A Linux administrator enables hardware disk encryption for data drives used by a Linux server. The operating system disk is physically located in the Linux server but the data drives exist on a SAN (storage area network). Which of the following statements is true?

A) disk encryption is not possible for SAN disk
B) the confidentiality of the data is being protected
C) linux cannot use SAN disk
D) the integrity of the data is being protected

Answer 44

The confidentiality of the data is being protected

The confidentiality of the data is being protected is correct. Encryption protects data confidentially. Only authorized parties possessing the correct decryption keys can access encrypted data.

Question 45

An attacker uses a word list while attempting to hack user passwords. What type of attack is this?

A) dictionary
B) birthday
C) known plain text
D) collision

Answer 45

Dictionary

Dictionary is correct. Dictionary attacks use word lists against a user account with the intent of finding the correct password.

Question 46

You are conducting a lunch-and-learn session about computer security awareness for employees in your home office. Mary, one of the session participants, asks what dangers exist in P2P (peer-to-peer) file-sharing networks. How do you respond to Mary? (Choose two.)

A) corrupt driver’s
B) Trojans
C) IP address spoofing
D) spyware

Answer 46

-Trojans
-Spyware

Trojans and Spyware are correct. Malware such as Trojans and spyware exist in many shared files on P2P networks, and they present an entry point for the initial exploitation of a network. Trojans appear to be useful (for example, a piece of downloaded software), while spyware (which could be delivered via a Trojan) gathers personal information without user consent.

Question 47

You are a Linux server administrator. You need to modify file system permissions through a shell script. Which Linux command should you use to accomplish this within the shell script?

A) tail
B) ls
C) chmod
D) head

Answer 47

Chmod

chmod is correct. The chmod command is used to manipulate Linux file system permissions. For example, to assign the current owning user of a file read, write, and execute permissions you could use this: chmod u=rwx file1.txt.

Question 48

Which of the following statements regarding capturing wireless network traffic with a packet sniffer are true? (Choose two.)

A) wireless router administrative credentials sent over HTTP are vulnerable
B) most wireless routers behave as hubs do, all wireless clients exist in a single collision domain
C) traffic can be captured prior to associating with the wireless router
D) all packets are encapsulated in 802.1x packets

Answer 48

Wireless router administrative credentials sent over HTTP are vulnerable
Most wireless routers behave as hubs do, all wireless clients exist in a single collision domain

Most wireless routers behave as hubs do; all wireless clients exist in a single collision domain and wireless router administrative credentials sent over HTTP are vulnerable are correct. Most wireless routers do not isolate wireless client connections; this means once you have connected to the wireless network and begun a network capture, you will see all wireless client traffic. Newer wireless routers support isolation mode, which behaves much like an Ethernet switch (each port is its own collision domain). Most wireless routers use HTTP to transmit administrative credentials. Capturing this traffic means the credentials can easily be learned; HTTPS should be configured so that administrative credentials are encrypted.

Question 49

Which type of tool is commonly used to automate incident response?

A) SIEM
B) MDM
C) PKI
D) SOAR

Answer 49

SOAR

SOAR is correct. Security orchestration, automation, and response (SOAR) solutions use runbooks to automate incident response thus reducing incident response time.

Question 50

Which item offloads the cryptographic processing responsibilities of a host computer?

A) HSM
B) bit locker
C) truecrypt
D) EFS

Answer 50

HSM

HSM is correct. HSM devices perform cryptographic calculations, thus eliminating this task from the host computer system.

Question 51

A technician is researching new rack mount servers to determine the maximum BTU value of all servers in the server room. Which related item should the technician consider?

A) fire suppression
B) network bandwidth requirements
C) HVAC
D) required server processing speed

Answer 51

HVAC

HVAC is correct. HVAC (heating, ventilation, air conditioning) must be considered when discussing server BTUs (British thermal units). BTUs measure thermal energy (heat), and your server room air conditioning must be able to displace the BTUs generated by your computing equipment; otherwise, the server room will be much too warm for your equipment.

Question 52

Your disaster recovery plan requires the quickest possible data restoration from backup tape. Which strategy should you employ?

A) daily full backup
B) daily differential backup
C) weekly full backup, daily incremental backup
D) daily full backup, weekly incremental backup

Answer 52

Daily full backup

Daily full backup is correct. Daily full backups archive all data, even if it has not changed since the last full backup. This requires more storage capacity and time to perform the backup, but restoration is the quickest, since it is a single backup set.

Question 53

You need to implement a solution that can help prevent sensitive data from being leaked out of the company via e-mail, texting, file copying, and social media file sharing. What type of solution should you consider?

A) DLP
B) HSM
C) PKI
D) TLS

Answer 53

DLP

DLP is correct. Data loss prevention (DLP) solutions can be implemented to limit data leakage outside of the organization. This could be achieved with embedded watermarks on photos and videos and the limited ability to send e-mail file attachments only to users within the organization.

Question 54

Which network component can commonly be configured as a NAT (network address translation) device?

A) VPN concentrator
B) proxy server
C) layer 2 Ethernet switch
D) router

Answer 54

Router

Router is correct. Routers are OSI layer 3 (Network) devices that have at least two interfaces connecting to different networks. NAT normally runs on a router and can be configured to allow devices on an internal network with private TCP/IP addresses to gain access to a public network using the NAT router’s public IP address.

Question 55

Which of the following commonly result from spyware infections? (Choose three.)

A) reformatted hard disk
B) money stolen through online banking
C) identity theft
D) slower computer

Answer 55

-Money stolen through online banking
-Identity theft
-Slower computer

Identity theft, money stolen through online banking, and slower computer are correct. Spyware can track your computing habits, including web sites you visit, things you type in, programs you use, and so on. This can lead to identity theft and financial theft, and it can slow down your computer, since spyware is present and running all the time.

Question 56

What can an administrator configure to prevent users from reusing old passwords within a short period of time? (Choose two.)

A) maximum password age
B) minimum password age
C) password length
D) password history

Answer 56

-Minimum password age
-Password history

Minimum password age and password history are correct. Minimum password age is the amount of time that must pass before users can reset their passwords again. Combined with password history, this can prevent users from changing their passwords multiple times (password history) to the point where they can reuse old passwords within a short period of time.

Question 57

Which name describes furthering a political or social agenda through computer hacking?

A) organized crime
B) hacktivist
C) unknown environment attackers
D) script kiddie

Answer 57

Hacktivist

Hacktivist is correct. Hacktivists use technology to promote their agendas.

Question 58

Which items would be found in an IP header? (Choose two.)

A) TTL value
B) source TCP port
C) source MAC address
D) source IP address

Answer 58

-TTL value
-Source IP address

Source IP address and TTL value are correct. Among other fields, the IP header in a packet contains the source IP address and the TTL (time-to-live) value. The TTL value on newer Windows operating systems (such as 7, 8, and 10) is normally set to 128. This value determines how many routers (hops) the packet can travel though before being discarded.

Question 59

Which authentication protocol grants tickets to authenticated entities, which are then used to access network resources?

A) CHAP
B) RADIUS
C) LDAP
D) kerberos

Answer 59

Kerberos

Kerberos is correct. Kerberos is an authentication protocol that grants tickets to authenticated entities. The tickets are presented to various network resources to prove the identity of the requestor. Microsoft Active Directory uses the Kerberos protocol.

Question 60

In crafting your DRP, you outline the procedure in which PKI user-encrypted files for damaged user accounts can be decrypted. Which statement regarding this plan is correct?

A) the damaged user account should be recreated with the same name to decrypt the files
B) restore user public keys from backup
C) restore user private keys from backup
D) the files cannot be decrypted if the user account is damaged

Answer 60

Restore user private keys from backup

Restore user private keys from backup is correct. In a PKI environment, users have a pair of mathematically related keys that can be stored in a certificate file, in a directory service, on a smart card, and so on. Private keys are used to decrypt files; the public key is used to encrypt.

Question 61

Chris, a network technician, identifies a way to gain remote administrative access to a Linux host without knowing administrative credentials. What has Chris discovered?

A) exploit
B) vulnerability
C) virus
D) worm

Answer 61

Exploit

Exploit is correct. An exploit takes advantage of a vulnerability.

Question 62

Your company must have the ability to examine outbound Internet traffic to ensure that attempts to access inappropriate web sites are blocked. What should you configure?

A) layer 3 firewall
B) layer 4 firewall
C) layer 7 firewall
D) layer 2 firewall

Answer 62

Layer 7 firewall

Layer 7 firewall is correct. Layer 7 (Application) of the OSI model refers to application-specific functionality, such as a web browser connecting to a specific URL.

Question 63

Which of the following is an example of high availability?

A) web server cluster
B) encrypted hard disks
C) RAID 0
D) file hashes for sensitive documents

Answer 63

Web server cluster

Web server cluster is correct. A cluster consists of two or more servers working together to ensure that a service is always available, such as a web site.

Question 64

A technician analyzes historical web server performance and determines there is a 7 percent chance per year that a server outage will occur for three hours. The web server hosts an e-commerce site that generates on average $350 per hour. What is the ALE (annual loss expectancy) value?

A) $15,000
B) $8.16
C) $350
D) $73.50

Answer 64

$73.50

$73.50 is correct. The SLE (single loss expectancy) value of $350 is multiplied by the amount of downtime (three hours), which is multiplied by the ARO (annual rate of occurrence) value of 7 percent to arrive at $73.50. This is the dollar amount represented per annum by this risk. So, for example, spending $500 per annum to minimize this risk is not justified.

Question 65

File hashing addresses which security concern?

A) encryption
B) authentication
C) integrity
D) confidentiality

Answer 65

Integrity

Integrity is correct. File hashing generates a unique value (message digest) that is unique to a file. Any change to the file will result in a different unique message digest. The message digest can be used to determine if files have changed.

Question 66

In the near future your company will be using a PKI for IT systems and for building access. As the IT security director, you must decide where user PKI information will be stored. Which two storage options from the following list are valid?

A) smart card
B) USB mouse
C) file
D) TPM

Answer 66

-Smart card
-File

File and smart card are correct. User PKI information, potentially including the private key, could be stored in a password-protected file or written to the chip in a smart card using the proper hardware.

Question 67

You would like to ensure that an authentication server is always available. Two authentication servers are clustered together with the authentication data stored on shared disk storage. What must be done to eliminate any single points of failure? (Choose two.)

A) configure the shared disk storage with RAID 1
B) enable a second NIC in each cluster node
C) enable all CPU cores
D) add a third server to the cluster

Answer 67

-Configure the shared disk storage with RAID 1
-Enable a second NIC in each cluster node

Enable a second NIC in each cluster node and configure the shared disk storage with RAID 1 are correct. A second NIC (network interface card) ensures that network communication continues if one NIC fails. With RAID level 1, also called disk mirroring, data written to one disk is also written to a second disk for safety.

Question 68

While having lunch in an urban center, you decide to connect to an unencrypted WLAN you notice while scanning for wireless networks with your smartphone. The WLAN signal is available at full strength. When you attempt to connect, after a timeout period, the connection is unsuccessful. You can connect to other Wi-Fi networks. What could be causing this?

A) the SSID is not broadcasting
B) your WLAN NIC card needs a new antenna
C) MAC filtering is in use
D) the wireless router needs a new antenna

Answer 68

MAC filtering is in use

MAC filtering is in use is correct. MAC (Media Access Control) filtering controls access to the WLAN via a list of allowed MAC addresses. MAC addresses are unique 48-bit addresses burned into all network cards, for example, 00-26-B9-C5-2A-F1.

Question 69

Which of the following are block ciphers? (Choose two.)

A) blowfish
B) A5
C) AES
D) RC4

Answer 69

-Blowfish
-AES

AES and Blowfish are correct. AES (Advanced Encryption Standard) and Blowfish are block ciphers, which encrypt data in blocks at a time versus bits or bytes at a time.

Question 70

A router is configured to allow outbound TCP ports 80, 443, and 25. You would like to use the Remote Desktop Protocol to access a server at another location. Which of the following statements is correct, assuming default ports are being used?

A) you will be able to RDP to the external server
B) you will not be able to RDP to the external server because the router is explicitly denying RDP packets
C) you will not be able to RDP to the external server because the router is implicitly allowing RDP packets
D) you will not be able to RDP to the external server because the router is implicitly denying RDP packets

Answer 70

You will not be able to RDP to the external server because the router is implicitly denying RDP packets

You will not be able to RDP to the external server because the router is implicitly denying RDP packets is correct. RDP (Remote Desktop Protocol) uses TCP port 3389, and this is implicitly denied because only ports 80, 443, and 25 allow traffic out.

Question 71

What term describes a trusted third party possessing decryption keys?

A) certificate authority
B) certificate revocation list
C) key escrow
D) public key infrastructure

Answer 71

Key escrow

Key escrow is correct. A key escrow holds decryption keys in trust and is not related to the company, institution, or government agency that issued the keys. The keys can be used in the event of a catastrophe or because of legal requirements.

Question 72

You are installing a wireless router on the first floor of a commercial building. What should you do to minimize the possibility of Wi-Fi users connecting from the street? (Choose two.)

A) set the SSID to “floor 1”
B) disable DNS on the wireless router
C) disable DHCP on the wireless router
D) place the wireless router in the center of the building

Answer 72

-Disable DHCP on the wireless router
-Place the wireless router in the center of the building

Place the wireless router in the center of the building and disable DHCP on the wireless router are correct. Placing the wireless router in the center of the building reduces the signal strength outside of the building. Disabling DHCP (Dynamic Host Configuration Protocol) means connecting clients must manually configure an appropriate IP address, subnet mask, default gateway, and DNS server.

Question 73

What danger is prevalent for companies that do not shred corporate documents before disposing of them?

A) dumpster diving
B) whaling
C) tailgating
D) phishing

Answer 73

Dumpster Diving

Dumpster diving is correct. Much can be learned about an individual or a business by rifling through their garbage. Often documentation, bills, contact lists, and other papers can provide valuable information to malicious users, especially for social engineering attacks. Shredding documents eliminates this risk.

Question 74

Which of the following encryption algorithms is asymmetric?

A) AES
B) blowfish
C) 3DES
D) RSA

Answer 74

RSA

RSA is correct. RSA is an asymmetric encryption algorithm. A mathematically related public and private key pair is used to secure communications; data is encrypted with the public key and decrypted with the private key. The public key can safely be distributed by any party wanting to encrypt data for the key owner; however, the private key must be accessible only by the owner.

Question 75

A user would like to use FTP to transfer a file to an FTP server. Other users who download the same file from the FTP server must have a way to ensure that the file has not been tampered with. Which protocol can perform this function?

A) TCP
B) SHA-3
C) SSL
D) AES

Answer 75

SHA-3

SHA-3 is correct. SHA-3 is a hashing algorithm used to calculate a unique hash value. Changes to the source data (the file transferred to the FTP [File Transfer Protocol] server in this case) would invalidate the unique hash value when it is calculated again.

Question 76

Which type of risk analysis uses ALE figures to prioritize risks?

A) inverted
B) subverted
C) qualitative
D) quantitative

Answer 76

Quantitative

Quantitative is correct. Quantitative risk analysis uses dollar values (quantities) to prioritize threats. The ALE value represents a cost should the risk occur.

Question 77

While configuring IPSec to secure internal LAN traffic, you must specify an integrity algorithm. Which of the following would be valid choices? (Choose two.)

A) 3DES
B) SHA-1
C) RSA
D) MD5

Answer 77

-SHA-1
-MD5

SHA-1 and MD5 are correct. Integrity algorithms such as SHA-1 and MD5 are used to ensure that messages come from who they say they came from and have not been tampered with.

Question 78

What can be done to secure virtualized operating systems?

A) patch the virtual machine OS
B) use a virtual machine cluster
C) nothing can be done because virtualized operating systems are vulnerable
D) use a private IP address range

Answer 78

Patch the virtual machine OS

Patch the virtual machine OS is correct. Patching a virtual OS is just as important as patching the OS on the physical host. To attackers on a network, virtual hosts generally appear as physical hosts, whether the OS is server-based or, in the case of virtual desktop infrastructure (VDI), client-based.

Question 79

Merlin is a junior IT assistant. The configuration details for a preconfigured wireless router have been e-mailed to Merlin from Headquarters and are as follows: SSID – WR_452 SSID Broadcasting – Disabled Admin Password – Or@nge$ WPA PSK Passphrase – B00t@bl3 MAC Filtering – Disabled DHCP – Enabled The sales team has received new smart phones and must have access to corporate intranet servers. Merlin configures each smart phone to connect to WR_452, and when prompted for a passphrase he enters Or@nge$, but the devices never connect to the wireless network. What is the problem?

A) MAC filtering should be enabled
B) the ESSID is case sensitive
C) merlin should have entered B00t@bl3 for the passphrase
D) WPA passphrases must be at least 13 characters long

Answer 79

Merlin should have entered B00t@bl3 for the passphrase

Merlin should have entered B00t@bl3 for the passphrase is correct. The WPA PSK (Wi-Fi Protected Access Pre-shared Key) of B00t@bl3 should have been entered; Or@nge$ is the password used when administering the wireless router, not connecting to it.

Question 80

You notice excessive network traffic when client stations connect to Windows Update to download patches and hotfixes. You would like to minimize network utilization. What should you do?

A) configure an internal patch update server
B) disable windows update on all client stations
C) disable TLS
D) use full duplex

Answer 80

Configure an internal patch update server

Configure an internal patch update server is correct. Internal patch update servers (such as Microsoft WSUS—Windows Server Update Services) deploy software updates to internal stations instead of their each downloading the updates, thus minimizing network utilization.