Pre-Assessment Exam

Question 1

Which preventative measures protect against malware attacks? (Choose two.)

ICMP blocking rules

Alert e-mail notifications

System imaging

Data backups

Answer 1

System imaging

Data backups

In the event of a malware infection, systems can be quickly returned to an operational state by applying a system image. Frequent data backups enable the restoration of data prior to the malware outbreak

Question 2

Stacey, a company executive, complains that her online banking credentials no longer work. After further investigation you determine that the Stacey clicked a link in a fraudulent e-mail meant to deceive bank customers. Which type of attack occurred?

Impersonation

Tailgating

Phishing

Answer 2

Phishing

Phishing scams attempt to convince victims to divulge sensitive information such as online banking credentials

Question 3

Which type of attack involves a malicious user injecting malicious executable code into a web site that will be viewed by others?

Cross-site scripting

Cross-site request forgery

Buffer overflow

Answer 3

Cross-site scripting

In a cross-site scripting (XSS) attack, after malicious scripts are injected into a seemingly trusted web site, victims inadvertently execute that code when visiting the site. This can result from ineffective web form field validation

Question 4

A malicious user enters a coffee shop and configures a Wi-Fi hotspot with the same name as the public Wi-Fi available in that same coffee shop. What has the malicious user configured?

MAC spoofing

IP spoofing

Evil twin

Answer 4

Evil twin

An evil twin is an additional Wi-Fi network configured to appear as an existing legitimate Wi-Fi network for unsuspecting users to connect to

Question 5

What will detect network or host intrusions and take actions to prevent intrusions from succeeding?

IPS

IDS

IPSec

Answer 5

IPS

An intrusion prevention system (IPS) actively monitors network or system activity for abnormal activity and also takes steps to stop it. Abnormal activity can be detected by checking for known attack patterns (signature-based) or variations beyond normal activity (anomaly-based)

Question 6

You must purchase a network device that supports content filtering and virus defense for your LAN. What should you choose?

NAT router

HIPS

Web security gateway

Answer 6

Web security gateway

Web security gateways can perform deep packet inspection (content) to filter network traffic. They also include the ability to detect and deal with malware

Question 7

A router must be configured to allow traffic from certain hosts only. How can this be accomplished?

ACL

Subnet

Proxy server

Answer 7

ACL

Access control lists (ACLs) are router settings that allow or deny various types of network traffic from or to specific hosts

Question 8

Your company issues smart phones to employees for business use. Corporate policy dictates that all data stored on smart phones must be encrypted. To which fundamental security concept does this apply?

Confidentiality

Integrity

Availability

Answer 8

Confidentiality

Confidentiality ensures that data is accessible only to those parties who should be authorized to access the data. Encrypting data stored on smart phones protects that data if the phone is lost or stolen

Question 9

To give a contractor quick network access, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?

Separation of duties

Least privilege

Job rotation

Answer 9

Least privilege

The least privilege principle states users should be given only the rights needed to perform their duties and nothing more. Adding a contractor to the Administrators group grants too much privilege to the contractor

Question 10

Complex passwords are considered which type of security control?

Management

Technical

Physical

Answer 10

Technical

Technical security controls are put in place to protect computing resources such as files, web sites, databases, and so on. Passwords prevent unauthorized users from accessing network resources

Question 11

You are responsible for completing an IT asset report for your company. All IT-related equipment and data must be identified and given a value. What term best describes this action?

Asset identification

Risk assessment

Threat analysis

Answer 11

Asset identification

Asset identification involves identifying assets (including data) and associating a value with them. This can then be used to justify expenditures to protect these assets

Question 12

An insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?

ALE

ROI

Total cost of ownership

Answer 12

ALE

The annual loss expectancy (ALE) value is used with quantitative risk analysis approaches to prioritize and justify expenditures that protect from potential risks. For example, an ALE value of $1000 might justify a $200 annual expense to protect against that risk

Question 13

Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)

Mantrap

Hardware locks

Fingerprint scan

Smartcard

Answer 13

Mantrap

Hardware locks

Mantraps are designed to trap trespassers in a restricted area. Some mantrap variations use two sets of doors, one of which must close before the second one opens. Traditional mantraps do not require access cards. Hardware locks simply require possession of a key. Neither reveals the person’s identity

Question 14

Turtle Airlines has hired you to ensure that its customer reservation system is always online. The software runs and stores data locally on the Linux operating system. What should you do?

Install two Linux servers in a cluster. Cluster the airline software with its data being written to shared storage.

Install a new Linux server. Ensure that the airline software runs from the first server. Schedule airline data to replicate to the new Linux server nightly.

Configure the Linux server with RAID 5.

Answer 14

Install two Linux servers in a cluster. Cluster the airline software with its data being written to shared storage.

Clustering software between two servers will enable the customer reservation system to function even if one server fails, because the data is not stored within a single server; it exists on shared storage that both cluster nodes can access

Question 15

Juanita uses the Firefox web browser on her Linux workstation. She reports that her browser home page keeps changing to web sites offering savings on consumer electronic products. Her virus scanner is running and is up to date. What is causing this problem?

Firefox on Linux automatically changes the home page every two days.

Juanita is experiencing a denial of service attack.

Juanita’s browser configuration is being changed by adware.

Answer 15

Juanita’s browser configuration is being changed by adware.

Adware attempts to expose users to advertisements in various ways, including through pop-ups or changing the web browser home page. Spyware often analyzes user habits so that adware displays relevant advertisements. Some antivirus software also scans for spyware, but not in this case

Question 16

What type of malware dynamically alters itself to avoid detection?

Chameleon malware

Polymorphic malware

Changeling malware

Answer 16

Polymorphic malware

Polymorphic malware dynamically adjusts itself to avoid detection while maintaining its original functionality

Question 17

A user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. The e-mail continues by asking the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?

Phishing

Spam

Dictionary attack

Answer 17

Phishing

Phishing is when the hacker e-mails a victim and hopes she clicks the link that leads her to a fake site (typically a bank). At this point, the hacker hopes the user types information into the fake site (such as bank account information) that he can use to gain access to her real account

Question 18

Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?

Bluejacking

Bluesnarfing

Packet sniffing

Answer 18

Bluesnarfing

Bluesnarfing is the act of connecting to and accessing data from a device over a Bluetooth wireless connection. It is considered much more invasive than packet sniffing or port scanning

Question 19

What type of attack involves the hacker inserting client-side script into the web page?

XSS

Watering hole attack

ARP poisoning

Answer 19

XSS

Cross-site scripting (XSS) is an attack that involves the hacker inserting script code into a web page so that it is then processed and executed by a client system

Question 20

The process of disabling unneeded network services on a computer is referred to as what?

Patching

Fuzzing

Hardening

Answer 20

Hardening

Hardening includes actions such as disabling unneeded services to make a system more secure

Question 21

How can you prevent rogue machines from connecting to your network?

Deploy an IEEE 802.1x configuration.

Use strong passwords for user accounts.

Use IPv6.

Answer 21

Deploy an IEEE 802.1x configuration.

The IEEE 802.1x standard requires that devices be authenticated before being given network access. For example, this might be configured for VPN appliances, network switches, and wireless access points that adhere to the IEEE 802.1x standard

Question 22

ou would like to focus and track malicious activity to a particular host in your DMZ. What should you configure?

Honeynet

Honeypot

DMZ tracker

Answer 22

Honeypot

A honeypot is an intentionally vulnerable host used to attract and track malicious activity

Question 23

A security auditor must determine what types of servers are running on a network. Which tool should be used?

Network mapper

Protocol analyzer

Port scanner

Answer 23

Network mapper

Network mapping utilities such as the open source Cheops tool can map a network’s layout and identify operating systems running on hosts

Question 24

Which type of security testing provides detailed network configuration information to testers?

White box

Black box

Gray box

Answer 24

White box

A white-box test provides testers with detailed configuration information regarding the software or network they are testing

Question 25

The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. What term describes their actions?

Cross-site scripting

Fuzzing

Patching

Answer 25

Fuzzing

Fuzzing is a means of injecting unexpected data into an application to test for weaknesses

Question 26

Which solution can centrally authenticate users between different organizations?

RADIUS

RADIUS federation

EAP-FAST

Answer 26

RADIUS federation

RADIUS federation required a trusted identify provider in one organization. Edge devices forward authentication requests only to a RADIUS server located on a protected network

Question 27

What can be done to protect data after a handheld device is lost or stolen?

Enable encryption.

Execute a remote wipe.

Enable screen lock.

Answer 27

Execute a remote wipe.

Remotely wiping a device if it is lost or stolen clears apps, data, and settings from the device

Question 28

Which of the following correctly identifies an operating system that meets specific government or regulatory security standards?

Hardened OS

Trusted OS

Security OS

Answer 28

Trusted OS

A trusted OS is a secured operating system that meets or exceeds stringent security standards

Question 29

Which standard is a firmware solution for drive encryption?

TPM

DLP

EFS

Answer 29

TPM

Trusted Platform Module (TPM) chips can store cryptographic keys or certificates used to encrypt and decrypt drive contents. If the drive was moved to another computer (even one with TPM), the drive would remain encrypted and inaccessible

Question 30

Your company has issued Android-based smart phones to select employees. Your manager asks you to ensure that data on the smart phones is protected. How do you address your manager’s concerns?

Implement SCADA, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.

Implement PKI VPN authentication certificates, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.

Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.

Answer 30

Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.

Hardening a smart phone includes configuring automatic screen locking, encrypting data on the device, patching the OS and required apps, installing and updating anti-malware, and disabling unnecessary features and software

Question 31

Encrypting stored data is referred to as

Data-in-process

Data-in-transit

Data-at-rest

Answer 31

Data-at-rest

Data-at-rest is data stored on media

Question 32

Which term best describes sensitive medical information?

PHI

TLS

PII

Answer 32

PHI

Protected health information (PHI) refers to sensitive medical information stored and accessed in a secured manner

Question 33

Which of the following is considered multi-factor authentication?

Building access card/smart card

Username/password/smartcard

Username/password/access code

Answer 33

Username/password/smartcard

Usernames and passwords constitute “something you know,” while a smartcard is “something you have”

Question 34

You are evaluating public cloud storage solutions. Users will be authenticated to a local server on your network that will allow them access to cloud storage. Which identity federation standard could be configured to achieve this?

LDAP

SSL

SAML

Answer 34

SAML

Security Assertion Markup Language (SAML) is an XML standard that defines how authentication and authorization data can be transmitted in a federated identity environment

Question 35

Which data forensic term encompasses documenting all aspects of evidence to ensure its integrity?

Legal hold

Encryption

Chain of custody

Answer 35

Chain of custody

The chain of custody ensures that the whereabouts of evidence can be accounted for at all time, including who accessed the evidence

Question 36

The Human Resources department in your company has a policy for conducting thorough background checks before hiring new employees. What type of control is this?

Administrative

Least privilege

Technical

Answer 36

Administrative

Hiring practices are administrative controls

Question 37

Which type of card can be used to access computer systems as well as buildings? Choose the best term.

Smart card

CAC

Hardware token

Answer 37

CAC

Common access cards (CAC) grant access to multiple items

Question 38

Which cryptographic approach uses points on a curve to define public and private key pairs?

RSA

DES

ECC

Answer 38

ECC

Elliptic curve cryptography (ECC) is public key cryptography based on points on an elliptic curve

Question 39

Your colleagues report that there is a short timeframe in which a revoked certificate can still be used. Why is this?

The CRL is published periodically.

The CRL is published immediately but must replicate to all hosts.

The CRL lists only revoked certificate serial numbers; it is not used in any way.

Answer 39

The CRL is published periodically.

The CRL is not published immediately; it is published either manually or on a schedule, so there may be a small timeframe in which revoked certificates can still be used

Question 40

Which IPSec mode encrypts not only the payload but all packet headers?

AH

Tunnel

Transport

Answer 40

Tunnel

Tunnel mode encrypts the entire packet and adds new headers. This is often used for IPSec VPNs