Q17

Question 1

Which of the following is the best response after detecting and verifying an incident?
A.   Contain it.
B.    Report it.
C.   Remediate it.
D.   Gather evidence.

Answer 1

A. Contain it.

Question 2

Which of the following are denial-of-service attacks? (Choose three.)
A.   Teardrop
B.    Smurf
C.   Ping of death
D.   Spoofing

Answer 2

A. Teardrop
B. Smurf
C. Ping of death

Question 3

A web server hosted on the Internet was recently attacked, exploiting a vulnerability in the operating system. The operating system vendor assisted in the incident investigation and verified the vulnerability was not previously known. What type of attack was this?
A.   Botnet
B.    Zero-day exploit
C.   Denial-of-service
D.   Distributed denial-of-service

Answer 3

B. Zero-day exploit

Question 4

Of the following choices, which is the most common method of distributing malware?
A.   Drive-by downloads
B.    USB flash drives
C.   Ransomware
D.   Unapproved software

Answer 4

A. Drive-by downloads

Question 5

Of the following choices, what indicates the primary purpose of an intrusion detection system (IDS)?
A.   Detect abnormal activity
B.    Diagnose system failures
C.   Rate system performance
D.   Test a system for vulnerabilities

Answer 5

A. Detect abnormal activity

Question 6

Which of the following is true for a host-based intrusion detection system (HIDS)?
A. It monitors an entire network.
B. It monitors a single system.
C. It’s invisible to attackers and authorized users.
D. It cannot detect malicious code.

Answer 6

B. It monitors a single system.

Question 7

Which of the following is a fake network designed to tempt intruders with unpatched and unprotected security vulnerabilities and false data?
A.   IDS
B.    Honeynet
C.   Padded cell
D.   Pseudo flaw

Answer 7

B. Honeynet

Question 8

Of the following choices, what is the best form of anti-malware protection?
A. Multiple solutions on each system
B. A single solution throughout the organization
C. Anti-malware protection at several locations
D. One-hundred-percent content filtering at all border gateways

Answer 8

C. Anti-malware protection at several locations

Question 9

When using penetration testing to verify the strength of your security policy, which of the following is not recommended?
A. Mimicking attacks previously perpetrated against your system
B. Performing attacks without management knowledge
C. Using manual and automated attack tools
D. Reconfiguring the system to resolve any discovered vulnerabilities

Answer 9

B. Performing attacks without management knowledge

Question 10

What is used to keep subjects accountable for their actions while they are authenticated to a system?
A.   Authentication
B.    Monitoring
C.   Account lockout
D.   User entitlement review

Answer 10

B. Monitoring

Question 11

What type of a security control is an audit trail?
A.   Administrative
B.    Detective
C.   Corrective  
D.   Physical

Answer 11

B. Detective

Question 12

Which of the following options is a methodical examination or review of an environment to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright crimes?
A.   Penetration testing
B.    Auditing
C.   Risk analysis
D.   Entrapment

Answer 12

B. Auditing

Question 13

What can be used to reduce the amount of logged or audited data using nonstatistical methods?
A.   Clipping levels
B.    Sampling
C.   Log analysis
D.   Alarm triggers

Answer 13

A. Clipping levels

Question 14

Which of the following focuses more on the patterns and trends of data than on the actual content?
A.   Keystroke monitoring
B.    Traffic analysis
C.   Event logging
D.   Security auditing

Answer 14

B. Traffic analysis

Question 15

What would detect when a user has more privileges than necessary?
A.   Account management
B.    User entitlement
C.   audit Logging
D.   Reporting

Answer 15

B. User entitlement