Practice Test 2 Flashcards
Which of the following is most appropriate if you have limited external public IP addresses available, but a requirement to share those IP addresses with internal hosts that must connect to the public Internet?
A) DMZ
B) Router
C) DHCP server
D) NAT with a firewall
D) NAT with a firewall
Using network address translation (NAT) in conjunction with a firewall enables you to share one external address with multiple internal hosts that require external addresses for their connectivity.A DMZ can contain servers behind a firewall, allowing public access, but it does not inherently offer NAT services. DHCP is used to allocate internal IP addresses, and a router still requires NAT to perform address translation.
Which of the following are usually annoying advertisements that come in the form of pop-up messages in a user’s browser?
A) Trojan
B) Adware
C) Logic bomb
D) Virus
B) Adware
Adware is the usually annoying advertisements that come in the form of pop-up messages in a user?s browser.A virus is a piece of malicious software that must be propagated through a definite user action. A Trojan is a piece of software that seems to be of value to the user, but in reality is malware. A logic bomb is a script set to execute at a certain time, which is usually created by rogue administrators or disgruntled employees.
Which of the following attacks results in mathematical operations that the host or application cannot handle, causing them to fail?
A) SQL injection attack
B) LDAP injection attack
C) Directory traversal attack
D) Integer overflow attack
D) Integer overflow attack
An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.A SQL injection attack targets relational databases that reside behind Web applications. An LDAP injection attack targets directory services databases, such as those used in X.500 implementations. A directory traversal attack targets non-secure directory structures on the host, such as folder structures.
Which of the following desired attributes would make an organization most likely to move to a cloud provider?
A) Accountability
B) Responsibility
C) Availability
D) Control
C) Availability
Availability is the most likely attribute gained through potential redundancy and continuity of operations planning that?s (hopefully) inherent within the cloud environment. Cloud computing usually increases availability of data for users, since it is typically built on highly available, redundant infrastructures.Accountability and responsibility can be established through effective security controls and well-written service-level agreements. Users lose a large measure of control by moving to the cloud.
Which of the following terms describes someone who hacks into systems, with permission of the system?s owner, to discover exploitable vulnerabilities and help secure the system?
A) Black box tester
B) White hat hacker
C) Black hat hacker
D) Gray hat hacker
B) White hat hacker
White hat hackers use their skills to assist in securing systems. They are usually penetration testing professionals or ethical hackers.A gray hat hacker uses his or her skills for both good and evil purposes. A black box tester tests a system without any prior knowledge of the network or infrastructure. A black hat hacker uses his or her skills for malicious purposes.
Which of following uses geolocation features to ensure that a mobile device does not leave specific areas of corporate property?
A) Geofencing
B) Geolocation
C) Geotagging
D) Remote management
A) Geofencing
Geofencing is the use of geolocation features to ensure that a mobile device does not leave specific areas of corporate property.Remote management is the overall process of remotely managing and monitoring mobile devices that are used to connect to the corporate infrastructure. Geolocation is the use of a device?s GPS features to determine device location, locate points of interest, and find other useful information. Geotagging is the practice of marking media files, such as pictures and video, with relevant information such as geographic location (using the GPS features of the mobile device) and time. This information can be used by security professionals to track where and how a mobile device has been used.
A virtual LAN (VLAN) does NOT offer which of the following security controls?
A) Allows different security policies to be applied to different hosts
B) Allows physical segmentation of hosts by IP subnet
C) Creates broadcast domains
D) Allows logical segmentation of hosts by IP subnet
B) Allows physical segmentation of hosts by IP subnet
VLANS do not physically segment hosts; they logically segment them. VLANs break up broadcast domains from a single large one into smaller, logically separated ones. VLANS allow different segments to receive different security policies.
Which of the following regulations would guide a healthcare organization to protect the confidentiality of stored patient data adequately?
A) RMF
B) HIPAA
C) Sarbanes-Oxley
D) PCI
B) HIPAA
HIPAA regulates the protection of patient data in the healthcare and health insurance industry.RMF covers the risk management of U.S. Department of Defense systems; Sarbanes-Oxley and PCI are involved with financial data.
Which attack involves sending specially-crafted traffic to a wireless client and an access point?
A) Initialization vector attack
B) Spoofing attack
C) Deauthentication attack
D) Replay attack
C) Deauthentication attack
A deauthentication attack involves sending specially crafted traffic to a wireless client and an access point, in the hopes of causing them to deauthenticate with each other and disconnect.A spoofing attack involves impersonating a wireless client or access point through either its IP or its MAC address. A replay attack involves the reuse of intercepted non-secure credentials to gain access to a system or network. Initialization vector (IV) attacks involve attempting to break WEP keys by targeting their weak IVs.
Which of the following attacks targets relational databases that reside behind Web applications?
A) Directory traversal attack
B) Integer overflow attack
C) SQL injection attack
D) LDAP injection attack
C) SQL injection attack
A SQL injection attack targets relational databases that reside behind Web applications.An LDAP injection attack targets directory services databases, such as those used in X.500 implementations. A directory traversal attack targets non-secure directory structures on the host, such as folder structures. An integer overflow attack is similar to a buffer overflow attack and results in mathematical operations that the host or application cannot handle, causing them to fail.
Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?
A) Mean time to recovery
B) Mean time to failure
C) Mean time between failures
D) Mean time to replace
A) Mean time to recovery
Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from failure.Mean time between failures (MTBF) represents the manufacturer?s best guess (based on historical data) regarding how much time will pass between major failures of that component. This is assuming that more than one failure will occur, which means that the component will be repaired, rather than replaced. The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired. Mean time to replace is not a valid term.
Which of the following processes uses auditing to ensure that users are traced to and held responsible for their actions?
A) Authentication
B) Authorization
C) Auditing
D) Accountability
D) Accountability
Accountability uses auditing to ensure that users are traced to and held responsible for their actions.Authorization is the process of controlling access to resources through methods that include permissions, rights, and privileges. Authentication is the process of validating that a user?s credentials are authentic, after they have presented them through the identification process. Auditing is the process of reviewing logs and other audit trails to determine what actions have been performed on systems and data.
Which of the following is an access control model based upon various access control rules that apply to users, objects, and actions?
A) Metadata table
B) Rule-based access control
C) Access control list
D) Access approval list
B) Rule-based access control
Rule-based access control is an access control model based upon various access control rules that apply to users, objects, and actions.An access control list (ACL) is a physical or logical list that details specific access levels individuals have to access objects. It is also used on network devices to determine which traffic from various users can enter and exit network devices and access internal hosts. Access approval lists and metadata tables are distractors and are not valid terms.
Scott is an outside specialist hired to audit a small, but suddenly fast-growing company. While performing a user audit, Scott notices that one user, Bradley, a sales intern who has worked for this company intermittently for three years, has the following permissions on the network:Member of Sales groupMember of Printer Administrators groupUser name/password on primary company Internet gatewayMember of Domain Admins for the company Active DirectoryShocked, Scott asks around the office how this intern has this level of access? It seems Bradley has substantial tech skills and the IT department gave him access to printers, gateway, and domain controllers so that he “could help with different problems” over the years. This is a classic example of which of the following?
A) Authentication failure
B) Privilege creep
C) Least privilege
D) False acceptance rate (FAR)
B) Privilege creep
Privilege creep. Bradley keeps getting new privileges, yet nothing is turned off.Authentication failure implies something has gone wrong. There has been no failure in authentication. The principle of least privilege means that administrators never give a user account more rights and permissions than is needed for the user to do his or her job. False acceptance rate indicates the level of errors that the system may generate indicating that unauthorized users are identified and authenticated as valid users in a biometric system.
In many cases a load balancer uses which of the following on a client’s browser to maintain session affinity?
A) Session lock
B) Cookies
C) TLS
D) Client-based code
B) Cookies
Cookies are saved and used by load balancers to maintain a connection between a specfic client and a specfic server, i.e. session affinity.TLS is an encryption method and session lock is an imaginary term. Client-based code could be used, but is not common.
Which of the following devices typically makes requests on behalf of internal clients?
A) Switch
B) Proxy
C) Firewall
D) Router
B) Proxy
A proxy is typically not used as a traffic-filtering device based upon port or protocol, but it makes requests on behalf of internal clients.A firewall is a more complex device, most often seen placed behind the border router. A switch does not filter traffic based upon port or protocol, since it works at a lower level in the OSI model. A router should be used as a first-level filtering device, because it has the ability to filter on basic characteristics of traffic such as port and protocol.
Which of the following 802.11 encryption protocols would you implement to provide the strongest encryption for communications across your wireless network?
A) WPA2
B) WPA
C) WEP
D) HTTPS
A) WPA2
WPA2 (Wi-Fi Protected Access version 2) currently provides the strongest available encryption for wireless networks.WPA and WEP are weaker protocols. HTTPS is a secure protocol for connecting on the Web, but not within your own network.
For which of the following should employees receive training to establish how to handle end-of-life and unnecessary data?
A) Clean desk policies
B) Information classification
C) Data disposal
D) Protection of personally identifiable information (PII) on social media
C) Data disposal
Data disposal guidelines explain how different classifications of data should be properly disposed of to ensure that data is not later pieced together or recovered and exploited.Clean desk policies often dictate how sensitive information should be stored after hours and while uncleared visitors are near the area. Protection of personally identifiable information on social media would be part of an organization?s social media policy. An organization?s information classification policy not only outlines what level of security protections certain data receives, but it also serves to instruct employees on how to treat sensitive data.
Which cryptography concept refers to the requirement for a trusted third party that can hold a special key (in addition to your private and public key pair) that is used to decrypt a stored backup copy of the private key if the original is lost?
A) CRL
B) Key escrow
C) Registrar
D) Certificate authority
B) Key escrow
Key escrow involves a third party that holds a special third key in addition to your private and public key pair.A CRL (certificate revocation list) is not valid in this scenario, as certificate authorities and registrars are used during the certificate life cycle to publish digital certificates.
Which of the following types of injections use standardized database interfaces to attack a Web application?
A) SQL injection
B) Relational injection
C) Hierarchical injection
D) MySQL injection
A) SQL injection
SQL injections inesrt unaticipated SQL commands to try to break the application. MySQL is one of many forms of SQL tools. Relational injection and Hierachal injection are nonsense terms.
Which of the following is used in Windows systems to identify a user account?
A) Security identifier (SID)
B) Access control entry (ACE)
C) Group identifier (GID)
D) User identifier (UID)
A) Security identifier (SID)
A security identifier (SID) is an unique number assigned to each individual user account. It?s never used, even when an account is deleted and re-created.Both a UID and GID refer to unique numbers in Linux and UNIX-based systems that identify users and groups. An access control entry (ACE) is a unique entry in an access control list (ACL) that describes a user?s permissions for accessing objects.
Which of the following security controls should be implemented to make sure that users require previous knowledge of the network identifier to join a network?
A) Change the transmitting frequencies
B) Disable SSID broadcasting
C) Add a VLAN
D) Use MAC address filtering
B) Disable SSID broadcasting
Disable Service Set Identifier (SSID) broadcasting if you?re not actively broadcasting your network name. When this control is implemented, a user must know the name of the network before he or she can connect to it.None of these options will control access with regard to the SSID.
Which of the following is a cryptographic representation of text, but not the text itself? (Choose two.)
A) Message digest
B) Plaintext
C) Ciphertext
D) Hash
A) Message digest
D) Hash
A hash or message digest is a cryptographic representation of variable length text, but it is not the text itself.Plaintext is unencrypted text. Ciphertext is a result of the encryption process and is encrypted text.
What type of evidence in a computer forensics investigation directly supports a particular assertion?
A) Inculpatory evidence
B) Demonstrative evidence
C) Documentary evidence
D) Exculpatory evidence
C) Documentary evidence
Documentary evidence directly supports or proves a definitive assertion.Exculpatory evidence proves innocence. Inculpatory evidence proves guilt. Demonstrative evidence, which can be in the form of charts, graphs, drawings, and so forth, is used to help nontechnical people, such as the members of a jury, understand an event.
Which of the following attacks attempts to send unsolicited ARP messages to a client to add false entries to its ARP cache?
A) Smurf attack
B) ARP poisoning attack
C) Session hijacking attack
D) SYN flood
B) ARP poisoning attack
ARP poisoning is an attempt to send unsolicited ARP messages to a client to add false entries to its ARP cache.A session hijacking attack is an attempt to hijack a user?s Web browsing session by stealing cookies or using other network attack methods. A SYN flood uses TCP SYN segments in its attack, not ICMP. A smurf attack uses ICMP.
What is the last step in the incident response life cycle?
A) Containment, eradication, and recovery
B) Detection and analysis
C) Preparation
D) Post-incident activity
D) Post-incident activity
Post-incident activity is the last step of the incident response life cycle.In order, the steps of the incident response life cycle are preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.
Before information is converted to an unreadable state using cryptography, in what form is the information?
A) Plaintext
B) Message digest
C) Hash
D) Ciphertext
A) Plaintext
Plaintext is unencrypted text. Ciphertext is a result of the encryption process and is encrypted text. A hash, or message digest, is a cryptographic representation of variable length text, but it is not the text itself.
Which of the following policy settings enforces the use of longer password lengths and character spaces to increase password strength?
A) Password history
B) Password complexity
C) Minimum password age
D) Maximum password age
B) Password complexity
Password complexity enforces the use of longer password lengths and character spaces to increase password strength.Password history records previous passwords so they cannot be reused in the system. The maximum password age is used to expire a password after a certain time period. The minimum password age setting is used to force users to use a password for a minimum amount of time before they are allowed to change it. This prevents them from rapidly cycling through the password history in order to reuse an older password.
Which of the following statements best describes an XML injection attack?
A) An attack that exceeds the memory allocated to an application for a particular function, causing it to crash
B) An attack that uses unexpected numerical results from a mathematical operation to overflow a buffer
C) An attack on a database through vulnerabilities in the web application, usually in user input fields
D) An attack that involves sending malicious XML content to a web application, taking advantage of any lack of input validation and XML parsing
D) An attack that involves sending malicious XML content to a web application, taking advantage of any lack of input validation and XML parsing
An XML injection attack involves sending malicious XML content to a Web application, taking advantage of any lack of input validation and XML parsing.A buffer overflow attack exceeds the memory allocated to an application for a particular function, causing it to crash. Although similar to a buffer overflow attack, answer B describes an integer overflow attack, which uses unexpected numerical results from a mathematical operation to overflow a buffer. A SQL injection attacks a database through vulnerabilities in the Web application, usually in user input fields.
Which of the following is a non-secure client-side e-mail protocol that uses TCP port 110?
A) SMTP
B) POP3
C) IMAP4
D) IMAPS
B) POP3
POP3 is a non-secure client-side e-mail protocol that uses TCP port 110.SMTP is a server-side e-mail protocol and is not used over SSL or TLS. SMTP uses TCP port 25. IMAPS is a secure version of the IMAP4 protocol and is used over SSL or TLS connections on TCP port 993. IMAP4 is a non-secure client-side e-mail protocol that uses TCP port 143.
Marisol needs to interconnect multiple VLANs in her production environment. Which of the following network devices would best address this issue?
A) Router
B) Layer 3 switch
C) Firewall
D) Layer 2 switch
B) Layer 3 switch
A layer 3 switch supports inter VLAN routing to interconnect disparate VLANs.A layer 2 switch could interconnect VLAN via trunk ports, but only to interconnect to other layer 2 switches. A router could interconnect two VLANs, but this would take substantial configuration. A firewall is not capable of interconnecting VLANs.
Which type of network intrusion detection system uses defined rule sets to determine when attacks may be occurring?
A) Signature-based system
B) Rule-based system
C) Anomaly-based system
D) Filter-based system
B) Rule-based system
Rule-based systems use predefined rule sets.An anomaly-based system detects unusual network traffic patterns based upon a baseline of normal network traffic. Signature-based systems use predefined traffic signatures, typically downloaded from a vendor. Filter-based systems, such as routers and firewalls, base detection on access control lists that specify traffic that is permitted and denied.
Which of the following is a rogue wireless access point set up to be nearly identical to a legitimate access point?
A) SSID cloaking
B) MAC spoofing
C) Evil twin
D) Jamming
C) Evil twin
An evil twin attack is a rogue wireless access point set up to be nearly identical to a legitimate access point.SSID cloaking is a weak security measure designed to hide the broadcasting of a wireless network?s Service Set Identifier. MAC spoofing is an attempt to impersonate another host by using its MAC address. Jamming is an intentional interference with the signal of a wireless network. It is often part of a DoS attack.
Mike has five Linux sysytems that need access to a shared folder with a Windows file server that’s part of an Active Directory (AD) domain. What can he do to give these systems access to the shared resource? (Choose two.)
A) Install and configure SAMBA on the Linux systems to access the AD
B) Configure access to the resource on the file server
C) Create new local users on the domain controller
D) Create user groups on all the Linux systems
A) Install and configure SAMBA on the Linux systems to access the AD
B) Configure access to the resource on the file server
Install and configure SAMBA on the Linux systems to access the AD and then set up access to the resources on the sharing sysytem (in this case the file server).Linux user groups are useless for accessing Windows resources. One should rarely create local users on a Windows server.
Which of the following is a legacy wireless encryption protocol that uses the RC4 streaming protocol?
A) WPA
B) WPA2
C) 802.1X
D) WEP
D) WEP
WEP is a legacy wireless encryption protocol that has been determined to be very weak and easily broken. It uses the RC4 streaming protocol and weak initialization vectors (24-bit) to encrypt data on wireless networks.WPA2 is an advanced encryption protocol that uses AES. WPA was an interim protocol used to correct some of WEP’s weaknesses. It uses the TKIP protocol. 802.1X is a port-based authentication method, not a wireless encryption protocol.