Practice Test 5

Question 1

David, a programmer, is using the waterfall method for application development. Using this method, at which phase of the SDLC can he stop implementing security measures?

A) Requirements
B) Design
C) Implementation
D) Retirement

Answer 1

D) Retirement

Security is a process that should be addressed at each phase (all stages) of development. You should only stop implementing security measures once the system has reached retirement, has been uninstalled, and has been properly disposed of.

Question 2

Of the following, which item is a list of applications approved for use on your network?

A) Blacklist
B) Red list
C) Whitelist
D) Orange list

Answer 2

C) Whitelist

Whitelists are lists of approved applications. Blacklists are lists of blocked applications. Red lists and Orange lists aren’t industry terms.

Question 3

Neil, a network administrator for a small firm, has discovered several machines on his network are infected with malware. The malware is sending a flood of packets to an external target. What describes this attack?

A) SYN flood
B) DDoS
C) Botnet
D) Backdoor

Answer 3

B) DDoS

While his machines may be part of a botnet, the attack being described by the flood of packets leaving the network is indicative of a distributed denial of service attack. We see nothing in here that is specific and describes a SYN flood attack (SYN was never mentioned in the question). Also, there is no indication of a backdoor based on the scenario provided. On the exam, be careful not to add information into the scenario that has not been given to you. In this question, a DDoS is the best option provided.

Question 4

Jamie recently downloaded a program from an unknown website and now his client files have had their file extensions changed and he cannot open them. He received a popup window that informed him that his files were now encrypted and he must pay some bitcoins to get them decrypted. What has happened?

A) His machine has a rootkit
B) His machine has a logic bomb
C) His machine has a boot sector virus
D) His machine has ransomware

Answer 4

D) His machine has ransomware

This is a perfect description of how ransomware works. Rootkits gain administrative access, logic bombs deploy when certain conditions are met and boot sector viruses infect the boot sector of the target computer.

Question 5

As the manager for network operations at his company, Shane saw an accountant in the hall who thanks him for keeping the antivirus software up to date. When asked what he means, he mentions one of the IT staff members named Michael called him yesterday and remotely connected to his PC to update the antivirus…but there’s no employee named Michael. What happened?

A) IP spoofing
B) MAC spoofing
C) Man-in-the-middle attack
D) Social engineering

Answer 5

D) Social engineering

Social engineering works through weaknesses in people. Nothing in this scenario points to IP spoofing or MAC spoofing and a man-in-the-middle attack would require an attacker to be between the source and target to receive some communication.

Question 6

Ashley is the network administrator for a company. She proceeds to delete the account for a user who left the company last week. The user’s files were encrypted with a private key. How can Ashley view these files?

A) They can be decrypted using the backup user account
B) They can be decrypted using a recovery agent
C) They must be re-created from the former user’s account
D) They can be decrypted using a CRL

Answer 6

B) They can be decrypted using a recovery agent

Ashley can view these files using a recovery agent that can assist with decrypting the files. If there is no recovery agent, then the files cannot be seen.

Question 7

You work for an insurance company as their security administrator. You’ve noticed that there are a few accounts still active of employees who have been left the company for at least a year. You are worried that someone might attempt to access these accounts. What administrative control could be enabled to help prevent these accounts from remaining online and accessible after an employee leaves the company?

A) Password complexity
B) Offboarding procedures
C) Onboarding procedures
D) Password expiration

Answer 7

B) Offboarding procedures

The best option to address this issue would be to setup an administrative control of using proper offboarding procedures. When an employee leaves a company (either by choice or by termination), their accounts should be disabled, their credentials revoked, their access badges returned, and their hardware tokens returned to security. While setting the password expiration dates on the accounts may help prevent someone from logging into a dormant account, this is a technical control and not an administrative one. Password complexity and onboarding procedures have nothing to do with the issue being raised in the question either.

Question 8

Which of the standards below was developed by the WiFi Alliance and is used to implement the requirements of IEEE 802.11i??

A) NIC
B) WPA
C) WPA2
D) TKIP

Answer 8

C) WPA2

WPA2 was used to implement the requirements of IEEE 802.11i. a NIC is a network interface card. WPA is WiFi protected access. TKIP wraps around WEP encryption to make it stronger and is also used in WPA.

Question 9

Ashley is attempting to increase security at her company. She’s currently creating an outline of all aspects of security that will need to be evaluated and acted on. Of the following terms, which one describes the process of improving security in a trusted OS?

A) FDE
B) Hardening
C) SED
D) Baselining

Answer 9

B) Hardening

Hardening is the process of increasing security. FDE is full disk encryption, SED is self-encrypted drives and baselining is establishing a standard. The best option is hardening to accomplish the task.

Question 10

Tracie has been using a packet sniffer to observe traffic in the company network and has noticed that traffic between the web server and the database server is sent in clear text. She would like a solution that will encrypt traffic and also leverage the existing digital certificate infrastructure the company has. Which of the following is the best solution?

A) TLS
B) SSL
C) IPSec
D) WPA2

Answer 10

A) TLS

Transport Layer Security (TLS) can be used to secure any network communications and works in conjunction with several technologies such as HTTP, LDAP, SMTP, etc, and uses digital certificates. SSL is a much older technology that’s been replaced by TLS. IPSec is incorrect because it works with a VPN and WPA2 is security for WiFi.

Question 11

Paul is the web security administrator for a website that does online auctions. A few users are complaining that when they log in to the website, they get a message stating it’s down to try again later. Paul checks and he can visit the site without any problem, even from outside of the network. He also checks the web server log but there is no entry of these users ever connecting. Of the following, which best explains this situation?

A) Typosquatting
B) SQL injection
C) Cross-site scripting
D) Cross-site request forgery

Answer 11

A) Typosquatting

These users look to be logging into a fake web server, which gives us an indication that typosquatting has occurred (a URL named very similar so when users mistype the site name, it goes to a fake site). All other options are methods of attacking a site and in this scenario, the actual website was not attacked.

Question 12

Choose an example of PHI?

A) Passport number
B) Criminal record
C) Fingerprints
D) Name of school attended

Answer 12

C) Fingerprints

Of all listed options, the best option of PHI is fingerprints, according to HIPPA rules. All other options are PII (personally identifiable information) according to the NIST standards.

Question 13

Courtney manages data security on BYOD and COPE devices. She’s specifically concerned about the data being exposed should a device be lost or stolen. Which item would the best to alleviate this concern?

A) Geofencing
B) Screen lock
C) GPS tagging
D) Device encryption

Answer 13

D) Device encryption

Device encryption is the best way to ensure the data on a device is secure in the event the device is stolen. Geofencing limits where your mobile device works, screen locks are great ideas but not related to the scenario and GPS tagging can be used to locate a device, but not to see if data is being copied from a device.

Question 14

Jack manages security devices in his network. He’s implemented a robust NIDS in his network, however, on two occasions the NIDS has missed a breach. What condition does this describe?

A) False negative
B) Port blocking
C) SPI
D) False positive

Answer 14

A) False negative

The IDS missing attacks makes it look like it’s not correctly identifying these attacks, so the configuration would need to be changed. Port blocking is a firewall function, Stateful packet inspection (SPI), also referred to as dynamic packet filtering, is a type of firewall and false positives happen when an IDS improperly labels legitimate traffic which isn’t the case of what’s happening here.

Question 15

Which listed technique attempts to predict the likelihood of a threat occurrence and assigns monetary values in the event of a loss?

A) Change management
B) Vulnerability management
C) Qualitative risk assessment
D) Quantitative risk assessment

Answer 15

D) Quantitative risk assessment

Of the listed techniques to predict a threat occurrence, the one that assigns the monetary value is the quantitative risk assessment, because it assigns numerical values from impacts. Change management is managing configuration changes, vulnerability assessments work to identify vulnerabilities in a network and qualitative risk assessments determine and rank the quality such as a high/medium/low risk.

Question 16

Which is the best choice for naming the account of John Smith – domain admin?

A) dm_jsmith
B) jsmithAdmin
C) AdministratorSmith
D) jsmith

Answer 16

D) jsmith

The best choice of naming an administrative domain account should never actually have an account name that shows the exact account roles. All other options clearly demonstrate the role of the account holder.

Question 17

Laura manages the physical security for her company. She’s especially concerned about an attacker driving a vehicle into the building. Which option below would protect against this threat?

A) A gate
B) Bollards
C) A security guard on duty
D) Security cameras

Answer 17

B) Bollards

Of the options provided, the best object to protect against the threat of someone driving into the building is bollards. Bollards are large concrete objects designed to prevent a vehicle from passing the boundaries. Gates are good, but they can be breached. Security guards aren’t able to stop vehicles and security cameras are passive because they show you what happened but don’t prevent it from happening.

Question 18

The company you work for is considering moving its email server to a hosting company. This will help reduce the cost of hardware and server administration at your local site. Which document formally states the reliability and recourse if reliability isn’t met?

A) MOU
B) SLA
C) ISA
D) BPA

Answer 18

B) SLA

SLA (service level agreements) formally state the expectations of the service provider. Memorandum of Understanding (MOU) describes mutual agreements, Interconnection Security Agreements (ISA) specify technical and security requirements and Business Partners Agreement (BPA) define the legal agreements between partners.

Question 19

Kevin is going over his company’s recertification policy. Which is the best reason to recertify?

A) To audit usage
B) To enhance onboarding
C) To audit permissions
D) To manage credentials

Answer 19

C) To audit permissions

The best reason to recertify is to audit permissions. This involves conducting a periodic audit of permissions. Audit usage is great but doesn’t completely relate. Onboarding doesn’t contain recertification as part of its process and credential management doesn’t fit in this scenario.

Question 20

Rachel manages security for a small bank and has a firewall at the gateway as well as one at each network segment. Each firewall logs all accepted and rejected traffic. Rachel checks each of these logs regularly. What’s the first step that should be taken to improve this firewall configuration?

A) Integrate with SIEM
B) Add a honeypot
C) Integrate with AD
D) Add a honeynet

Answer 20

A) Integrate with SIEM

The first step that should be taken is to integrate it with a SIEM that way all logs are centralized and backed up. Honeypot and honeynet aren’t related to the scenario at all and integrating with AD is a great idea but it doesn’t improve the firewall configuration.

Question 21

Matt manages database security for a university and he’s concerned about ensuring that appropriate security measures are implemented. Which is the most important to database security?

A) Password policies
B) Antivirus
C) EFS
D) Access control policies

Answer 21

D) Access control policies

The most important security measure that can be implemented is the access control policies. This is the most important issue for database security. Password policies are important, antivirus is important and encrypting files is important as well but all of these are not as important as access control in relation to this scenario.

Question 22

You’re responsible for an always-on VPN connection for your company and have been told that it must utilize the most secure mode for IPSec possible. Which of the following is best?

A) Tunneling
B) AH
C) IKE
D) Transport

Answer 22

A) Tunneling

Tunneling mode where IPSec encrypts packets (the entire contents). Authentication Headers provide authentication and integrity but no encryption so it isn’t considered to be secure mode. IKE or Internet key exchange is used for security associations in IPSec and Transport mode only encrypts the data, not the header.

Question 23

Natalie is responsible for the security of web servers and is configuring the WAF to allow only encrypted traffic to and from the web server, including from administrators using the command-line interface. What should she do?

A) Open port 80 and 23, block port 443
B) Open port 443 and 23, block port 80
C) Open port 443 and 22 and block port 80 and 23
D) Open port 443 and block all other ports

Answer 23

C) Open port 443 and 22 and block port 80 and 23

Port 443 is used for HTTPS. HTTP is encrypted via TLS and port 22 is used for SSH and port 23 for telnet. All other options are incorrect because they are not proper ports to block or to open.

Question 24

Your security policy is set to include system testing and security awareness training guidelines. Which of the following types of control is this?

A) Detective technical control
B) Preventative technical control
C) Detective administrative control
D) Preventative administrative control

Answer 24

D) Preventative administrative control

Testing and training are considered to be preventative administrative controls. These items are often followed by policies and how they should be executed. Detective controls uncover violations, preventative technical controls are similar to IPS and detective administrative controls are things such as policies, procedures, and guidelines.

Question 25

You are a security analyst and you have just successfully removed malware from a virtual server. Which could you use to return the virtual server to its last known good state?

A) A sandbox
B) A hypervisor
C) A snapshot
D) Elasticity

Answer 25

C) A snapshot

Snapshots are images of the virtual machines at a certain point in time. A snapshot would be able to return the server to its last known good state. A sandbox is an isolated system, a hypervisor hosts virtual machines, and elasticity makes the system more scalable.

Question 26

You have an email that you are sending to a friend. You want to ensure it retains its integrity during transit, so you decide to digitally sign the email. When using a PKI system, what is used to encrypt the hash digest of the email to create a digital signature?

A) CER
B) Public key
C) Shared key
D) Private key

Answer 26

D) Private key

A digital signature is comprised of a hash digest of the original email that is then encrypted using the sender’s private key. To verify the digital signature upon receipt, the receiver’s email client will decrypt the signature file, hash the email itself, and compare the unencrypted signature file to the newly calculated hash. If they match, then the signature is considered authentic and the email is considered to have good integrity (it hasn’t been changed in transit).

Question 27

You’ve been asked to conduct a penetration test for a small company and for the test, you were only given a company name, the domain name of their website, and the IP address of their gateway router. What describes the type of test?

A) White box test
B) External test
C) Black box test
D) Threat test

Answer 27

C) Black box test

The correct choice is black-box test, which uses minimal information. White-box tests involve complete information. External tests are done from outside the network and the terminology doesn’t match this scenario and the term threat test isn’t an industry term used in penetration testing.

Question 28

Of the following terms, which one refers to the process of establishing a standard for security?

A) Baselining
B) Security evaluation
C) Hardening
D) Normalization

Answer 28

A) Baselining

Baselining is the process of establishing a standard. Any change in the baseline creates what’s known as the baseline deviation. Security evaluations do not establish standards. They can suggest a change to the baseline. Hardening is hardening the operating system or any system but doesn’t provide establishment of standards and normalization is the process of removing duplicates.

Question 29

Your company has implemented a clean desk policy and you were asked to secure physical documents every night. What is the best solution?

A) Department door lock
B) Locking cabinets and drawers
C) Proximity card
D) Onboarding

Answer 29

B) Locking cabinets and drawers

The best solution for a clean desk policy would be locking cabinets and drawers because then the employee is the only one with a key. Department door lock is okay but multiple people will have a key to the department. A proximity card is okay for tracking but it doesn’t prevent information sharing, and onboarding doesn’t apply to this situation.

Question 30

What type of attack is focused on targeting a specific individual like the CEO of a company?

A) Spear phishing
B) Targeting phishing
C) Phishing
D) Whaling

Answer 30

D) Whaling

Whaling is targeting specific individuals. Spear phishing targets a small group, targeted phishing is not an industry term and phishing is a generic term.

Question 31

Olivia manages wireless security in her company and wants completely different WiFi access (ie different SSID, different security levels, different authentication methods) in different parts of the company. What’s the best choice for Olivia to select in WAPs?

A) Fat
B) Thin
C) Repeater
D) Full

Answer 31

A) Fat

The best choice is a Fat WAP. Fat WAP’s have all the controls you need on the WAP itself, including forwarding traffic, etc. Nothing else is required as far as tools or resources, all can be managed from the interface of the WAP itself. Thin WAPs require additional devices for functionality; repeater resends the signal and Full is not a term relating to a WAP.

Question 32

Derrick is a security administrator for a medium-sized mortgage company. He needs to verify that the network is using the most secure login/authentication scheme possible. Which of the following options is the best choice for that?

A) Iris scanning
B) Fingerprint scanning
C) Multifactor authentication
D) Smart cards

Answer 32

C) Multifactor authentication

The best choice for verification is multifactor authentication where at least two of three categories are mused. This would incorporate fingerprint/iris scanning and possibly smart cards because it would incorporate two or more of the types of authentication (something you know, something you have).

Question 33

You work for a company that hired a pen testing firm to test the network. For the test, you gave them details on operating systems you use, applications you run and network devices. What describes this type of test?

A) White box test
B) External test
C) Black box test
D) Threat test

Answer 33

A) White box test

The correct answer is a white-box test. White-box tests can be internal or external and threat test isn’t a term used in industry.

Question 34

A local competitor is offering a new service that is predicted to sell strong. After much research, your company has decided not to launch a competing service due to the uncertainty of the market and the large investment required. Which best describes your company’s decision?

A) Risk transfer
B) Risk avoidance
C) Risk acceptance
D) Risk mitigation

Answer 34

B) Risk avoidance

The company’s decision is best described as risk avoidance. The company has chosen to avoid the risk instead of dealing with it. Risk transfer would be something similar to an insurance policy, risk acceptance is accepting the risk and considering it unlikely and risk mitigation is when the company implements controls to reduce the vulnerabilities.

Question 35

Steven is constantly receiving calls from wireless users who are being redirected to a login page when they connect to the network. The login page comes up whenever the users first connect to the network and attempt to access any website outside of the local area network from within their web browsers. Which of the following is causing this to happen?

A) WEP
B) Key stretching
C) MAC filtering
D) Captive portal

Answer 35

D) Captive portal

When users are redirected to a login page, typically it’s from a Captive Portal. This is a page where users are required to agree to some terms before being granted access to their network. WEP doesn’t apply to this question. Key stretching increases password strength and MAC filtering prohibits anybody who’s not on the allowed list from accessing the network.

Question 36

Choose the type of hypervisor known as “bare metal”?

A) Type 1
B) Type 2
C) Type 3
D) Type 4

Answer 36

A) Type 1

The hypervisor implementation known as “bare metal” is Type I hypervisor. Type II has a host operating system and Type III and Type IV are not legitimate hypervisor systems.

Question 37

Jeff is the network administrator and sometimes needs to run a packet sniffer so he can view the network traffic. He would like to find a well-known packet sniffer that works on Linux. Which of the following is the best choice?

A) Ophcrack
B) Nmap
C) Nessus
D) Tcpdump

Answer 37

D) Tcpdump

Tcpdump is a packet sniffer made for Linux but has been/can be ported to Windows. This allows the user to view the current network traffic. Ophcrack is a Windows password-cracking tool, Nmap is a port scanner, and Nessus is a vulnerability scanner.

Question 38

Buddy is the security manager for a bank and has recently been reading about malware that accesses system memory modules. He would like to find a solution that keeps programs from utilizing system memory. Which of the options would be the best solution?

A) DEP
B) FDE
C) UTM
D) IDS

Answer 38

A) DEP

DEP is the best option (data execution prevention). This resource monitors programs that access system memory and prevent them from doing so. FDE is a good idea but doesn’t prevent anything from accessing system memory; UTM is a great idea but it doesn’t relate to the scenario and IDS systems monitor network traffic, not programs running on a system.

Question 39

As the security administrator, you’re concerned about a variety of attacks that could affect your company’s web server. You’ve recently heard about an attack where an attacker sends more data to a target than the target is expecting. If done correctly, this can cause the target to crash. What type of action can best prevent this type of attack?

A) An SPI firewall
B) An active IDS/IPS
C) Checking buffer boundaries
D) Checking user input

Answer 39

C) Checking buffer boundaries

If you’re concerned about buffer overflows then checking boundaries is the best defense. SPI firewall and active IDS/IPS are a good protection device, they don’t address buffer overflow attacks. Checking user input helps but doesn’t prevent buffer overflow attacks.

Question 40

The web server administrator at your e-commerce company is concerned about someone using netcat to connect to the company web server to retrieve detailed information. What best describes this concern?

A) Passive reconaissance
B) Active reconaissance
C) Banner grabbing
D) Vulnerability scanning

Answer 40

C) Banner grabbing

Banner grabbing is a process where someone connects to a web server and gathers information by “grabbing their banner” which can be done through netcat fairly easily. Banner grabbing is a form of active reconnaissance, but banner grabbing is a better term for it. This scenario doesn’t relate to vulnerability scanning or passive reconnaissance.

Question 41

Kevin manages security for a large university and has just successfully performed a threat analysis for the network. Based on past incidents and studies from similar setups, he has determined that the most prevalent threat is low-skilled attackers who wish to breach the system, simply because they can, for some low-level crime, or even changing a grade. Which term describes this attacker?

A) Hacktivist
B) Amateur
C) Insider
D) Script kiddie

Answer 41

D) Script kiddie

Script kiddie is a low-skilled, low-level hacker. Hacktivists often do things for ideological reasons and nothing in this scenario gives us that indication. Amateur may be a good description, but the technical term is script kiddie and nothing in this scenario tells us it’s an insider threat.

Question 42

Neil is given the task of creating a wireless network for his company. The wireless network needs to implement a wireless protocol that provides the maximum level of security while providing support for older wireless devices, simultaneously. Which protocol should be used?

A) WPA
B) WPA2
C) WEP
D) IV

Answer 42

A) WPA

WPA is the protocol that should be used to help provide him with the maximum level of security while still being compatible with legacy devices on his network. WPA2 wouldn’t work great with older cards, WEP isn’t considered secure and IV is not related to the current scenario.

Question 43

Dawn is a network administrator where the company network is segmented into zones of high security, medium security, low security, and the DMZ. She’s concerned about external intruders and would like to install a honeypot. Which is the most important zone to put the honeypot in?

A) High security
B) Medium security
C) Low security
D) DMZ

Answer 43

D) DMZ

DMZ would be the best spot for a honeypot since the main concern given in the scenario is outsiders. The DMZ sits between the internal and external networks. All other options are incorrect because you can put a honeypot anywhere but the most important zone would be the DMZ.

Question 44

Rhonda manages account security for her company. She’s noticed a receptionist who has an account with a six-character password that hasn’t been changed in two years and her password history isn’t maintained. What is the most significant problem with this account?

A) Nothing, this is adequate for a low-security position
B) The password length is the most significant problem
C) The lack of password history is the most significant problem
D) The age of the password is the most significant problem

Answer 44

B) The password length is the most significant problem

The most significant problem with this account is the password length. The password is too short and these are the most insecure passwords. The lack of password history is a problem as well as the age of the password, but the length is the most significant issue.

Question 45

Josh manages security at a power plant. The facility is sensitive, and security is very important. He would like to incorporate two-factor authentications with physical security. Which of the options below is the best way to meet this requirement?

A) Smart cards
B) A mantrap with a smart card at one door and a pin keypad at the other door
C) A mantrap with video surveillance
D) A fence with smart card gate access

Answer 45

B) A mantrap with a smart card at one door and a pin keypad at the other door

The best option would be 2FA with a mantrap. A smartcard requires a physical card and a PIN number attached requires something you know. Smartcards themselves are single-factor and video surveillance is passive and doesn’t help with 2FA.

Question 46

Of the listed principles, which one is the most important in managing account permissions?

A) Account recertification
B) Usage auditing
C) Standard naming conventions
D) Account recovery

Answer 46

A) Account recertification

The most important principle in managing account permissions is the account recertification. Periodically, this process verifies that permissions still need to be granted. Auditing isn’t as important, standard naming conventions will not help and account recovery doesn’t help with managing permissions.

Question 47

Stewart works for an organization where employees all have cloud-based solutions for data storage. Stewart has requested funding from the CIO in order to install a DLP solution. What security hazard, if any, is Stewart trying to solve?

A) No security hazard
B) Malware from the cloud
C) Data exfiltration through the cloud
D) Security policies don’t apply to the cloud

Answer 47

C) Data exfiltration through the cloud

Cloud storage is an easy way to have data leave your organization. Anything put on the cloud can be accessed from outside of the network, thus data exfiltration through the cloud is the correct answer. There’s always security hazards via the cloud for DLP. Malware is unlikely from a cloud server, but still possible. Company security policies are supposed to apply to any company asset including data storage.

Question 48

Frank is concerned that confidential documents, with proprietary information, may be leaked. The leaks could either be intentional or accidental, but he is looking for a solution that would embed some identifying information into documents in a way that it would not be seen by the reader but could be extracted with the right software. What technology would best meet these needs?

A) Symmetric encryption
B) Steganography
C) Hashing
D) Asymmetric encryption

Answer 48

B) Steganography

The correct choice is steganography. Steganography allows you to embed data, messages, videos, media, whatever into other files. It’s common to use steganography to send out confidential data. Symmetric encryption and asymmetric encryption are types of encryption so do not directly relate to the scenario given and hashing can be useful but it doesn’t meet the task at hand.

Question 49

One of the following items automatically updates browsers with a list of root certificates from an online web source used to track which certificates can be trusted, which one is it?

A) Trust model
B) Key escrow
C) PKI
D) RA

Answer 49

A) Trust model

The trust model is the listed item that automatically updates browsers with a list of certificates for applications. Key escrow is for key storage, PKI identifies a whole infrastructure of hardware, software, policies and people, and RA is registered authority which verifies requests for certificates and forwards the responses.

Question 50

George is a security officer for a bank. When an executive has a laptop decommissioned, he wants to be sure that all of the data is completely wiped and unrecoverable, even via forensic tools. How many times should the hard drive be wiped?

A) 1
B) 3
C) 5
D) 7

Answer 50

D) 7

DoD standard 5220.22-M recommends 7 wipes to completely wipe data. All other answers are less than seven.

Question 51

Of the following RAID levels, which one is considered a “stripe of mirrors”?

A) RAID 1+0
B) RAID 6
C) RAID 0
D) RAID 1

Answer 51

A) RAID 1+0

RAID1+0 is considered a stripe of mirrors because it contains mirrored sets and striped sets. RAID6 is striping with dual parity, RAID0 is striping and RAID1 is just mirroring the data.

Question 52

Scott is the CISO for a bank. In recent readings, he read about an attack where the attacker was able to enumerate all the network resources and was able to make some resources unavailable. All of this was done by exploiting a single protocol. Which protocol would need to be secured to mitigate this attack?

A) SNMP
B) LDAP
C) HTTP
D) DHCP

Answer 52

B) LDAP

The best protocol to mitigate this attack would LDAP because it is considered a directory or a phonebook of your network and if you make LDAP unavailable then the footprint of your network is not as easily obtained. SNMP is a simple network management protocol which could help an attacker but not make the resources unavailable. HTTP is for web pages and DHCP assigns IP addresses, so neither of those fit the scenario.

Question 53

In mobile devices, which of the following algorithms is typically used??

A) 3DES
B) DES
C) ECC
D) AES

Answer 53

C) ECC

ECC is the one used most often. The other options are not used in mobile devices because of the power need and ECC doesn’t typically have a great external disruption.

Question 54

Kenny is responsible for data backups from all the company servers. Two major concerns are the frequency of backup and the security of the backup data. Which feature, would be the most important?

A) Using data encryption
B) Digitally signing the data
C) Using the automated backup scheduling
D) Hashing the backup data

Answer 54

C) Using the automated backup scheduling

It’s important to remember that data encryption can only be decrypted by the person who encrypted the data or someone who has a “key” to decrypt the data. Remember, not all backup utilities encrypt the data. All other options are incorrect because digitally signing the data will not assist with what’s needed nor will automate backup scheduling or hashing the backup data since those are what is being looked for.

Question 55

You are concerned about fault tolerance for the database server you manage. You need to ensure that if a single drive fails, the data can be recovered. What RAID level would be used to support this goal while simultaneously distributing parity bits?

A) RAID 0
B) RAID 1
C) RAID 3
D) RAID 5

Answer 55

D) RAID 5

RAID 5 is full fault tolerance with striping and parity that’s distributed amongst all drives. RAID0 provides disk striping, but no fault tolerance. RAID1 is mirroring which protects loss but doesn’t provide parity. RAID3 is striping with dedicated parity, but the best option for this scenario would be RAID5.

Question 56

You are responsible for security for a defense contracting company and are concerned about users within your network exfiltrating data via sensitive documents to emails. What is the best solution to address this?

A) Email encryption
B) USB blocking
C) NIPS
D) Content filtering

Answer 56

D) Content filtering

Content filtering can also be something that works on content that is set out, not just on web pages and websites and things you view (videos, etc). Email encryption makes it easier to exfiltrate data; USB blocking doesn’t affect email filtration and NIPS cannot stop attachments.

Question 57

Of the following, which best describes a compromised collection of computers being controlled from one central point?

A) Zombienet
B) Botnet
C) Nullnet
D) Attacknet

Answer 57

B) Botnet

Botnet is a compromised collection of computers that function from one central location. The other terms are not industry used terms.

Question 58

Shannon works for a security company that performs pen tests for clients. She’s currently conducting a test of an e-commerce company and discovers that after compromising the web server, she can use the web server to launch a second attack into the company’s internal network. What type of attack is this considered?

A) Internal attack
B) White box testing
C) Black box testing
D) A pivot

Answer 58

D) A pivot

Pivots occur when you successfully exploit one machine and use that to exploit another. Pivots can be internal or external and black-box/white-box testing are types of penetration tests (relating to how much information the person has when they make an attack on the system).

Question 59

You have noticed your company lacks deterrent controls. As the new security administrator, which of the following would you install that satisfies your needs?

A) Lighting
B) Audit logs
C) Audible alarm
D) Antivirus scanner

Answer 59

A) Lighting

Deterrent controls are used to warn attackers. Lighting added will warn individuals. The other examples are examples of detective controls, where they detect but do not prevent.

Question 60

Of the following, which is a symmetric encryption algorithm that works with 128/192/256bit key versions?

A) AES
B) DES
C) RSA
D) TKIP

Answer 60

A) AES

AES works with 128/192 and 256 bits. All other options are incorrect.

Question 61

Cheyenne is doing a penetration test for a client’s network and is currently gathering information from sources such as archive.org, netcraft.com, social media, and other information websites. What stage has just been described?

A) Active reconnaissance
B) Passive reconnaissance
C) Initial exploitation
D) Pivot

Answer 61

B) Passive reconnaissance

This is a prime example of passive reconnaissance because there is no engagement with the target. Active recon has target communication, initial exploitation is actually breaking into the target network and a pivot is when you have breached one system and use that to move to another system.

Question 62

John David works for a large retail company that processes credit card purchases and has been asked to test the network for security issues. The specific test he is running involves checking policies, documentation and past incident reports. What describes this type of test?

A) Vulnerability scan
B) Penetration test
C) Security audit
D) Security test

Answer 62

C) Security audit

Of the answer choices, security audits typically focus on documents, policies, etc. Penetration tests and vulnerability scans are done so to detect vulnerabilities and exploit them (pen tests) and security test is a generic term.

Question 63

Isaac is looking for a physical access solution for his company. He needs the solution to use asymmetric cryptography or public-key cryptography to authorize users. What type of solution is he seeking?

A) Asynchronous password token
B) Challenge response token
C) TOTP token
D) Static password token

Answer 63

B) Challenge response token

The best option for a solution is a challenge-response token. Asynchronous password tokens generate an OTP without a clock; the Time-based One-time Password algorithm (TOTP) uses a one-time password that’s time sensitive and a static password token simply contains a password.

Question 64

As the security director, you identify a security risk to a planned network migration. You decide to continue with the current migration plan anyway since you deem it to be low risk. What type of response technique has been demonstrated?

A) Accept
B) Transfer
C) Avoid
D) Mitigate

Answer 64

A) Accept

In the aforementioned scenario, risk acceptance is what has been demonstrated. Risk transfer is transferring responsibility, risk avoidance is choosing to avoid the risk and mitigation is when you attempt to reduce the vulnerabilities.

Question 65

While working through a malware outbreak, you discover something very odd on your company network. There’s a file that has the same name as a Windows system DLL file and has the same API interface but handles the input very differently. It also looks like applications have been attaching to this file rather than the real system DLL. What best describes this?

A) Shimming
B) Trojan horse
C) Backdoor
D) Refactoring

Answer 65

A) Shimming

By definition, shimming is when an attacker places malware between an application and other files which intercepts the communication of the file. Trojan horses might be used to get into a system, but they don’t apply here. Backdoor means the authorization was circumvented and direct access to the system was achieved and refactoring is a process of changing names of variables/functions in a program and doesn’t apply here.

Question 66

You manage the account access control and authorization at your work, a large college. There are approximately 30,000 students and 1,200 faculty/staff that you manage accounts for. Which of the following is the best access control/account management approach?

A) Group-based
B) Location-based
C) MAC
D) DAC

Answer 66

A) Group-based

The best access control/account management implementation option would be group-based account control where users are placed in groups and permissions are applied to groups. Location-based isn’t bad, but what if everybody from that location belongs in a different group (department, etc)? MAC is secure but very granular and not a great option for a large network and DAC isn’t secure enough.

Question 67

Jason manages password management for his company. Sometimes users cannot remember their passwords. What is the best option for Jason to address this?

A) Changing password history
B) Implementing password recovery
C) Eliminating password complexity
D) Lengthening password age

Answer 67

B) Implementing password recovery

The best option for Jason to address this would be to enable password recovery. If this is set for too short, the users have to change their password too often. Changing password history might help but it won’t help them remember their passwords. Eliminating password complexity is completely insecure and lengthening password age would have a negative impact on security as well.

Question 68

You currently use a PKI (public key infrastructure) in your company to issue digital certificates to users. Recently, you’ve had temporary contractors for a project that is now complete, and management has asked that all digital certificates be revoked. Which PKI component should be consulted for the request?

A) CA
B) CRL
C) RA
D) CSR

Answer 68

B) CRL

A CRL (certificate revocation list) would be the best resource consulted to see about the status of certain revoked digital certificates. A CRL is issued by a CRL issuer, which is typically the CA which also issued the corresponding certificates but could alternatively be some other trusted authority. The CA (certificate authority) issues the digital certificates, the RA (registered authority) forwards the responses to CA, and the CSR is a certified signing request.

Question 69

You have an asset valued at $16,000. The exposure factor of a risk affecting that asset is 35%. The annualized rate of occurrence is 75%. What is the SLE?

A) $5,600
B) $5,000
C) $4,200
D) $3,000

Answer 69

A) $5,600

The SLE is the product of the value (16k) and the EF (.35) or 5600. All other options do not apply because they do not represent single loss expectancy.

Question 70

Choose the type of attack that is based on entering fake information into a target network domain name server?

A) DNS poisoning
B) ARP poisoning
C) Bluesnarfing
D) Bluejacking

Answer 70

A) DNS poisoning

This is a prime example of DNS poisoning also known as domain hijacking. ARP poisoning involves altering IP tables and bluejacking and bluesnarfing are Bluetooth attacks.

Question 71

Janet manages the security of the database servers at the mortgage company where she works. The servers are Windows Server 2016; she’s concerned about file system security. Which Microsoft feature would be most helpful to implement security to the file systems?

A) Password policies
B) EFS
C) Account lockout
D) UAC

Answer 71

B) EFS

The most helpful option to implement would be an EFS which is encrypted file systems. This makes it more difficult for an outsider to obtain your files and it makes it easier for you to keep your files safe. Password policies are important, but not as important, account lockout is important, but not as important and UAC allows the prevention of unauthorized applications, which is very important as well but comes in second to EFS.

Question 72

Choose an agreement that is not as formal as a traditional contract but still has a level of importance to all involved parties?

A) SLA
B) BPA
C) ISA
D) MOU

Answer 72

D) MOU

The MOU (memo of understanding) is the type of agreement that isn’t legally binding. SLAs are measurable, the BPA is a business partnership agreement that establishes expectations and ISA (interconnection security agreement) is an agreement on technical and security requirements between organizations.

Question 73

Penny, a saleslady in your company, sent in a request for assistance with a computer that is behaving sluggishly. You’ve checked but don’t see any obvious malware, but you did locate a temp folder with JPEGs which are screenshots of his desktop. Of the following, which is most likely the cause?

A) She is stealing data from the company
B) There is a backdoor on the computer
C) There is spyware on the system
D) Windows needs to be updated

Answer 73

C) There is spyware on the system

From the scenario, we see that there appears to be spyware on the computer because some spyware takes screen captures and hides them in a temp folder. There doesn’t seem to be any corporate data so she isn’t stealing from the company; nothing indicates a backdoor and updates do not affect this.

Question 74

Of the following resources, which feature of cloud computing would involve deprovisioning resources as needed?

A) Multitenancy
B) Elasticity
C) CMDB
D) Sandboxing

Answer 74

B) Elasticity

Elasticity is the process of deprovisioning resources as needed in order to make room for other resources. Multitenancy is the ability to host multiple environments, CMDB stands for a configuration management database and Sandboxing is the process of creating an isolated environment.

Question 75

Millie is responsible for testing security and uses a tool that identifies vulnerabilities and provides mechanisms to test them by trying to exploit them. What best describes this tool?

A) Vulnerability scanner
B) Exploit framework
C) Metasploit
D) Nessus

Answer 75

B) Exploit framework

The correct choice is exploit frameworks which are tools for finding vulnerabilities and attempting to exploit them. Vulnerability scanners identify, Metasploit is a popular exploit framework but the question doesn’t ask for exact names and the Nessus is a well-known vulnerability scanner.