Quiz #4

Question 1

What two files are commonly attacked using offline brute-force attacks?
a. The Windows SAM and the Linux /etc/passwd file
b. The Windows registry and the Linux /etc/passwd file
c. The Windows registry and the Linux /etc/shadow file
d. The Windows SAM and the Linux /etc/shadow file

Answer 1

d. The Windows SAM and the Linux /etc/shadow file

Question 2

What two techniques are most commonly associated with a pharming attack?
a. Modifying the hosts file on a PC or exploiting a DNS vulnerability on a trusted DNS server
b. Phishing many users and harvesting email addresses from them
c. Phishing many users and harvesting many passwords from them
d. Spoofing DNS server IP addresses or modifying the hosts file on a PC

Answer 2

a. Modifying the hosts file on a PC or exploiting a DNS vulnerability on a trusted DNS server

Question 3

Jared has discovered malware on the workstations of several users. This particular malware provides administrative privileges for the workstation to an external hacker. What best describes this malware?
a. Trojan horse
b. Logic bomb
c. Rootkit
d. Multipartite virus

Answer 3

c. Rootkit

Question 4

Carolyn runs a vulnerability scan of a network device and discovers that the device is running services on TCP ports 22 and 443. What services has she most likely discovered?
a. Telnet and a web server
b. SSH and a web server
c. FTP and a Windows fileshare
d. SSH and a Windows fileshare

Answer 4

b. SSH and a web server

Question 5

Greg wants to gain admission to a network which is protected by a network access control (NAC) system that recognized the hardware address of systems. How can he bypass this protection?
a. Conduct a denial-of-service attack against the NAC system
b. Spoof a legitimate IP address
c. Use MAC cloning to clone a legitimate MAC address.
d. None of the above

Answer 5

c. Use MAC cloning to clone a legitimate MAC address.

Question 6

Daryl is investigating a recent breach of his company’s web server. The attacker used sophisticated techniques and then defaced the website, leaving messages that were denouncing the company’s public policies. He and his team are trying to determine the type of actor who most likely committed the breach. Based on the information provided, who was the most likely threat actor?
a. A script
b. Organized crime
c. Nation-state
d. Hacktivists

Answer 6

d. Hacktivists

Question 7

Susan’s secure building is equipped with alarms that go off if specific doors are opened. As part of a penetration test, Susan wants to determine if the alarms are effective. What technique is used by penetration testers to make alarms less effective?
a. Setting off the alarms as part of a preannounced test
b. Setting off the alarms repeatedly so that staff become used to hearing them go off
c. Disabling the alarms and then opening doors to see if staff report the opened doors
d. Asking staff members to open the doors to see if they will set the alarm off

Answer 7

b. Setting off the alarms repeatedly so that staff become used to hearing them go off

Question 8

In an attempt to observe hacker techniques, a security administrator configures a nonproduction network to be used as a target so that he can covertly monitor network attacks. What is this type of network called?
a. Honeynet
b. Active detection
c. False subnet
d. IDS

Answer 8

a. Honeynet

Question 9

Nora has rented a building with access to bandwidth and power in case her organization ever experiences a disaster. What type of site has she established?
a. A cold site
b. A hot site
c. A warm site
d. A MOU site

Answer 9

a. A cold site

Question 10

Which cloud service model provides the consumer with the infrastructure to create applications and host them?
a. SaaS
b. PaaS
c. IaaS
d. IDaaS

Answer 10

b. PaaS

Question 11

Mike knows that computational overheads are a concern for cryptographic systems. What can he do to help limit the computational needs of his solution?
a. Use hashes instead
b. Use short keys
c. Use elliptic curve encryption
d. Use the RSA algorithm

Answer 11

c. Use elliptic curve encryption

Question 12

Angela wants to help her organization use APIs more securely and needs to select three API security best practices. Which of the following options is not a common API security best practice?
a. Use encryption throughout the API’s request/response cycle
b. Enable auditing and logging
c. Do not trust input strings and validate parameters
d. Authorize before authenticating.

Answer 12

d. Authorize before authenticating.

Question 13

What does the OPAL standard specify?
a. Online personal access licenses
b. The origin of personal accounts and libraries
c. Self-encrypting drives
d. Drive sanitization modes for degaussers

Answer 13

c. Self-encrypting drives

Question 14

Cynthia wants to issue contactless cards to provide access to the buildings she is tasked with securing. Which of the following technologies should she deploy?
a. RFID
b. Wi-Fi
c. Magstripe
d. HOTP

Answer 14

a. RFID

Question 15

Which of the following is not a common way to validate control over a domain for a domain-validated X.509 certificate?
a. Changing the DNS TXT record
b. Changing the IP addresses associated with the domain
c. Responding to an email sent to a contact in the domain’s WHOIS information
d. Publishing a nonce provided by the certificate authority as part of the domain information

Answer 15

b. Changing the IP addresses associated with the domain

Question 16

Tom is responsible for VPN connections in his company. His company uses IPSec for VPNs. What is the primary purpose of AH in IPSec?
a. Encrypt the entire packet
b. Encrypt just the header
c. Authenticate the entire packet
d. Authenticate just the header

Answer 16

c. Authenticate the entire packet

Question 17

Matt has enabled port security on the network switches in his building. What does port security do?
a. Filters by MAC address
b. Prevents routing protocol updates from being sent from protected ports
c. Establishes private VLANs
d. Prevents duplicate MAC addresses from connecting to the network

Answer 17

a. Filters by MAC address

Question 18

Charles has been asked to implement DNSSEC for his organization. Which of the following does it provide?
a. Confidentiality
b. Availability
c. Integrity
d. All of the above

Answer 18

c. Integrity

Question 19

Emily wants to capture HTTPS packets using tcpdump. If the service is running on its default port and her Ethernet adapter is eth0, which tcpdump command should she use?
a. tcpdump eth0 -proto https
b. tcpdump -i eth0 -proto https
c. tcpdump tcp https eth
d. tcpdump -i eth0 tcp port 443

Answer 19

d. tcpdump -i eth0 tcp port 443

Question 20

Mila wants to generate a unique digital fingerprint for a file, and needs to choose between a checksum and a hash. Which option should she choose and why should she choose it?
a. A checksum, because it verifies the contents of the file
b. A hash, because it is unique to the file
c. A hash, because it can be reversed to validate the file
d. A checksum, because it is less prone to collisions than a hash

Answer 20

b. A hash, because it is unique to the file

Question 21

Which of the following scenarios is least likely to result in data recovery being possible?
a. A file is deleted from a disk
b. A disk is degaussed
c. A file is overwritten by a smaller file
d. A hard drive is quick-formatted

Answer 21

b. A disk is degaussed

Question 22

What U.S. federal agency is in charge of COOP?
a. The USDA
b. The NSA
c. The FBI
d. FEMA

Answer 22

d. FEMA

Question 23

Charlene wants to set up a tool that can allow her to see all the systems a given IP address connects to and how much data is sent to that IP by port and protocol. Which of the following tools is not suited to meet that need?
a. IPSec
b. IPFIX
c. sFlow
d. NetFlow

Answer 23

a. IPSec

Question 24

What type of file is created when Windows experiences a blue screen of death?
a. A blue log
b. A security log
c. A dump file
d. A tcpdump

Answer 24

c. A dump file

Question 25

Mark is an office manager at a local bank branch. He wants to ensure that customer information isn’t compromised when the deskside employees are away from their desks for the day. What security concept would Mark use to mitigate this concern?
a. Background checks
b. Continuing education
c. Job rotation
d. Clean desk

Answer 25

d. Clean desk

Question 26

Katie has discovered a Windows 2008 web server running in her environment. What security concern should she list for this system?
a. Windows 2008 only runs on 32-bit platforms
b. Windows 2008 has reached its end of life and cannot be patched
c. Windows 2008 cannot run modern web server software
d. All of the above

Answer 26

b. Windows 2008 has reached its end of life and cannot be patched

Question 27

You are the new security administrator and have discovered your company lacks deterrent controls. Which of the following would you install that satisfies your needs?
a. Lighting
b. Motion sensor
c. Hidden video cameras
d. Antivirus scanner

Answer 27

a. Lighting

Question 28

A security analyst is analyzing the cost the company could incur if the customer database was breached. The database contains 2,500 records with personally identifiable information (PII). Studies show the cost per record would be $300. The likelihood that the database would be breached in the next year is only 5 percent. Which of the following would be the ALE for a security breach?
a. $15.00
b. $37.50
c. $150.00
d. $750.00

Answer 28

b. $37.50

Question 29

You are a security administrator and advise the web development team to include a CAPTCHA on the web page where users register for an account. Which of the following controls is this referring to?
a. Detective
b. Compensating
c. Deterrent
d. Degaussing

Answer 29

c. Deterrent

Question 30

What type of credential policy is typically created to handle contractors and consultants?
a. A personnel policy
b. A service account policy
c. A root account policy
d. A third-party policy

Answer 30

d. A third-party policy