Security+ Flashcards
1
Q
Change management is a set of processes that introduce visibility and governance and into the configuration management process.
A
True
2
Q
PCI compliance requires that systems serving up credit card information be patched to mitigate exposures resulting from unknown security vulnerabilities.
A
False
3
Q
SCADA
A
SCADA is an acronym for supervisory control and data acquisition, a computer system for gathering and analyzing real time data. SCADA systems are used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation.
4
Q
Collision Resistance is a property such that given two different hash inputs they should not have equal distances.
A
False hash functions: a hash function H is collision resistant if it is hard to find two inputs that hash to the same output; that is, two inputs a and b such that H(a) = H(b), and a ≠ b. Every hash function with more inputs than outputs will necessarily have collisions.
5
Q
NERC CIP
A
The NERC CIP (North American Electric Reliability Corporation critical infrastructure protection) plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.
6
Q
What is a rainbow table?
A
A rainbow table attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.
7
Q
Rule Based Access Control and Role Based Access Control are the same.
A
False
8
Q
The “___ ____” is a full Bluetooth Pen Testing Suite
A
Blue Diving
9
Q
When s-boxes are defined using pairs of characters they are referred to as diagrams.
A
True In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext — Shannon’s property of confusion.
10
Q
“_________” data at rest and in motion can additionally enhance the security and confidentiality of data in Big Data systems such as Hadoop and NoSQL based platforms.
A
Encrypting
11
Q
“_____ ________” are tools that are commonly used to check system security settings and patch levels.
A
Vulnerability Scanners
12
Q
Name a best practice for controlling malware command and control callbacks from leaving your corporate network.
A
Deploy an authenticated forward proxy.
13
Q
What is a benefit of placing a honeypot on the untrusted internet side of a company’s DMZ?
A
Does not utilize FW and IDS resources and if compromised does not create a launch point int the DMZ.
14
Q
IDS
A
Intrusion Detections System
15
Q
IPS
A
Intrusion Protection System
16
Q
RSA cryptography strength is a function of ALL of the four key characteristics. 1. Primality. 2. Greatest common divisor. 3. Modular inverse computation 4. Modular powers.
A
True
17
Q
Using a “___ ____” is a memory protection technique which a compiler encrypts pointers when stored in memory and decrypting them only when inserted into a CPU’s registers.
A
Point Guard
18
Q
Encase is a popular paid forensics case management tool
A
True EnCase® Forensic is a powerful investigation platform that collects digital data, performs analysis, reports on findings and preserves them in a court validated, forensically sound format.
19
Q
SAML assertions are secured through the use of digital certificates.
A
True Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). … SAML enables Single-Sign On (SSO), a term that means users can log in once, and those same credentials can be reused to log into other service providers
20
Q
“___” filtering can help to ensure that only users with authorized MAC addresses can access a wireless access point.
A
MAC
21
Q
The java runtime can allow untrusted “_____” to run in a sandboxed environment to limit its access to the rest of the system.
A
True
22
Q
When filling out a CSR what is a CN?
A
The Common Name (AKA CN) represents the server name protected by the SSL certificate. The certificate is valid only if the request hostname matches the certificate common name. Most web browsers display a warning message when connecting to an address that does not match the common name in the certificate. A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. … It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.
23
Q
“_____” protects DNS servers and clients from attacks such as DNS Spoofing and DNS Cache Poisoning
A
DNS-SEC DNSSEC strengthens authentication in DNS using digital signatures based on public key cryptography. With DNSSEC, it’s not DNS queries and responses themselves that are cryptographically signed, but rather DNS data itself is signed by the owner of the data.
24
Q
OCTAVE is a suite of tools, processes and methods used for strategic security assessment and planning.
A
True
25
Three types of security control categories include Preventive, Corrective and Detective.
True
26
“\_\_\_\_\_” is the common replacement for Halon for fire suppression
FM200
27
Java programs themselves typically aren’t affected by buffer overflows because the java virtual machine manages register allocation but the JDK and/or JVM itself can be subject to buffer overflows.
False
28
The goals of Incident Response planning and execution are to limit damage, reduce recovery time and recovery costs.
True
29
Second Pre-image Resistance is also known as Strong Collision Avoidance.
False Strong And Weak Collision Resistance Are Not The Same Even though they seem similar, there is a subtle difference between strong and weak collision resistance. Weak collision resistance is bound to a particular input, whereas strong collision resistance applies to any two arbitrary inputs.
30
Tools such as rakes, tension wrenches and bump keys are used for what purpose?
Lock Picking
31
When the SSO is not initiated at the Service Provider is referred to as SP-Initiated SSO.
False Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a
32
Your company wants you to stand up a web server behind your corporate stateful firewall. What change do you need to make on the firewall to allow web users to communicate with the server?
Allow inbound from all IP addresses on tcp port 80
33
Making "\_\_\_\_\_\_\_" of log files is a technique that can make audit logs tamper-evident.
Hashes
34
What is a smart tag attack?
NFC stands for Near Field Communication. Essentially, it's a way for your phone to interact with something in close proximity. It operates within a radius of about 4 cm and provides a wireless connection between your device and another.
35
The Cloud Security alliance defines “\_\_” cloud security domains as part of their cloud controls matrix.
16
36
OFB – a mode of block cipher operation where each block of plaintext is XOR’d with the current output block to be the plaintext block. The current output block is the encrypted version of the previous output block.
False The Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location.
37
“\_\_\_\_ \_\_\_\_\_\_” refers to techniques used to make a possibly weak key, typically a password or passphrase, more secure against a brute force attack by increasing the time it takes to test each possible key.
Key Stretching Others are: Distributed Polynomial Monomial
38
One benefit of Federation is that it keeps password management centralized to the Identity Provider.
True
39
“\_\_\_\_\_\_” generation antivirus solutions utilize activity traps and antivirus signatures to catch and quarantine malware. This generation of malware is sometimes said to have HIPS functionality.
Fourth
40
Active Directory groups are a valid example of RBAC use.
True Role Based Access Control for Active Directory (RBAC AD) enables IT admins to control what individual users can do within Secret Server.
41
What is a 'salt' used for when protecting password data?
In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.
42
“\_\_\_\_” can prevent malicious activities at the host layer.
HIPS A host-based intrusion prevention system (HIPS) is a system or a program employed to protect critical computer systems containing crucial data against viruses and other Internet malware. Starting from the network layer all the way up to the application layer, HIPS protects from known and unknown malicious attacks. HIDS Host Intrusion Detecdtions System
43
What is a bluebug attack?
BlueBugging is an attack in which an attacker exploits Bluetooth on a device to get unauthorized access to the device and manipulate the target device to compromise its security. ... BlueBugging was first found by German researcher Martin Herfurt in 2004, and since then, it has affected many victims.
44
Which of the following two ways typically separate network hosts for security purposes? (Choose two.)
Logically Pyshically Correct Answer: Networks are typically separated for security purposes either physically, logically, or both. Physical separation involves separating network hosts by connecting them to different devices. Logical separation involves separating them through segmented IP subnetworks.
45
All of the following are characteristics of the RADIUS authentication protocol, EXCEPT:
Radius uses tcp 1812
46
Which of the following DES/AES encryption modes is considered the weakest?
Correct Answer: With ECB mode, a given piece of plaintext will always produce the same corresponding piece of ciphertext. This predicability makes it weak. Incorrect Answers: While CBC, OFB, and CTR mode go about the processes in different ways, these modes lack ECB's predicability, adding strength to the underlying cryptosystem.
47
All of the following are supporting elements of authorization, except:
Correct Answer: Validating credentials is an important aspect of authentication, not authorization. incorrect Answers: All of these elements directly support authorization.
48
Which of the following is a protocol used to obtain the status of digital certificates in public keys?
Correct Answer: The Online Certificate Status Protocol (OCSP) is used to obtain the revocation status of digital certificates. It is used as an alternative to certificate revocation lists and enables clients to request and receive the electronic status of digital certificates automatically and in real-time. Incorrect Answers: Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol used in public key cryptography. RSA is the de facto standard used to generate public and private key pairs in a PKI. Elliptic curve cryptography (ECC) is a public key cryptography protocol used on small mobile devices, due to its low power and computing requirements.
49
Which of the following is an example of a trusted OS?
Correct Answer: SELinux is the only example, from the answers given, of a trusted operating system. Incorrect Answers: These operating systems are not considered trusted operating systems, although they can be hardened to varying degrees.
50
Which of the following is a variant of a phishing attack, where a phishing e-mail is sent to a high-value target instead of on a mass scale to all employees?
Correct Answer: Whaling is a social engineering attack that targets people in high-value positions, such as senior executives. It is a form of a phishing attack. Incorrect Answers: Spear phishing involves targeting a particular type of user, regardless of rank in the organization, and basing the attack on more detailed, in-depth information in order to convince the target that the phishing e-mail is actually valid. Vishing is a form of phishing attack that takes place over Voice-over-IP (VoIP) telephone systems. Pharming is a form of DNS attack.
51
All of the following are valid methods to secure static hosts in an organization, except:
The organization should not depend solely upon the users to manage security and static devices, because these devices can be managed just as traditional hosts and network devices are. Incorrect Answers: These are all valid methods of securing static hosts in an organization.
52
Which of the following forms of authentication pass credentials in clear text and is not recommended for use?
Correct Answer: The Password Authentication Protocol (PAP) is an older authentication method that passes usernames and passwords in clear text. For this reason, it is no longer used. Incorrect Answers: CHAP, the Challenge Handshake Authentication Protocol, uses password hashes and challenge methods to authenticate to the system. Passwords are not passed in clear text with this protocol. MS-CHAP (Microsoft CHAP) is a Microsoft proprietary version of CHAP, native to Windows systems. The Extensible Authentication Protocol (EAP) is a modern authentication framework that can use various authentication methods. It also does not pass username and password information in clear text.
53
All of the following are methods that can be used to detect unauthorized (rogue) hosts connected to the network, except:
Correct Answers: MAC addresses can be spoofed, so examining MAC address on filtering logs may not provide any indication of whether a host is authorized or not. Incorrect Answers: All of these are valid methods of detecting rogue hosts that connect to the network.
54
Which of the following statements best defines the recovery point objective (RPO)?
Explanation Correct Answers: The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident. Incorrect Answers: The RPO is the maximum amount of data, not the minimum, that can be lost during a disaster or an incident. RPO refers to data that can be lost, not time itself. RPO is measured in time, not gigabytes.
55
What size WEP key did the original IEEE 802.11b specification use?
Correct Anwer: WEP key sizes are 64-bits (40-bit key and 24-bit initialization vector) or 128-bit (104-bit key and 24-bit initialization vector). The 802.11b standard called for a 64-bit key. Incorrect Answers: Neither 512-bit nor 256-bit are valid WEP key sizes. The original 802.11b standard called for a 64-bit key; the 128-bit key was developed after this standard was issued.
56
Which of the following methods of strengthening weak keys involves taking a weak initial key and feeding it to an algorithm that produces an enhanced key, which is much stronger?
orrect Answer: Key stretching is a technique used to change weak keys into stronger ones by feeding them into an algorithm to produce enhanced keys. Incorrect Answers: Key streaming involves sending individual characters of the key through an algorithm and using mathematical XOR function to change the output. Key repetition is not a valid answer or term. Key exchange involves generating and exchanging a asymmetric key used for a particular communications session, or exchanging public keys in order to use them for public key cryptography.
57
You are trying to determine the appropriate level of high availability for a server. The server must be available on a constant basis, and downtime in a given year cannot exceed 1 hour. It normally takes you about 45 minutes to bring down and restart the server for maintenance. Which of the following reflects the level of availability you require?
Correct Answers 99.99 percent availability accounts for 52 minutes of downtime per year. Incorrect Answers: 99.999 percent availability allows only 5.26 minutes of downtime per year, which may not be enough if the server requires almost an hour of maintenance time. 99.9 percent availability equates to more than 8 hours of downtime per year and exceeds the stated requirement. 99 percent availability is more than 3 days of downtime per year, far exceeding the requirement for no more than 1 hour of downtime.
58
Which of the following is the simplest form of disaster recovery exercise?
Correct Answer: The documentation review is the simplest form of test. In this type of test, the business continuity plan, disaster recovery plan, and associated documents are reviewed by relevant personnel including managers, recovery team members, and anyone else who may have responsibilities directly affecting plans. Incorrect Answers: A tabletop exercise is a type of group review. In a full-scale test, all personnel are usually involved and may actually conduct activities as they would during a real incident. This type of test is more complex and normally requires extensive resources, such as people and equipment, so it is typically conducted infrequently. In a walkthrough test, team members go through the motions of fulfilling the responsibilities and conducting the activities required during an incident or disaster.
59
Which of the following algorithms won the U.S. government?sponsored competition to become the Advanced Encryption Standard (AES)?
Correct Answer: Rijindael was selected as the winner of the NIST competition and became the U.S. government?s Advanced Encryption Standard (AES). Incorrect Answers: Twofish, another symmetric algorithm, was one of the five finalists for the competition, but it did not win. Blowfish is also symmetric algorithm, but was not considered in the competition to be the AES. RC4 is a symmetric streaming cipher commonly seen in WEP and SSL implementations. It was not one of the finalists involved in the AES competition.
60
You have a server that is used for Domain Name System (DNS) queries. You find that it has several open ports, and you intend to close all of the unnecessary ports on the server. The server is listening on ports 22, 25, 53, and 80. Which port must be left open to continue to use DNS functionality?
Correct Answers: DNS uses TCP and UDP port 53, so this port should be left open. Incorrect Answers: All other unnecessary ports should be closed. Port 22 is used by SSH. Port 25 is used by SMTP. Port 80 is used by HTTP.
61
Which of the following technologies allows devices to communicate with each other at very close range through radio signals by using a special chip implanted in the device, and may be vulnerable to eavesdropping and man-in-the-middle attacks?
Correct Answer: Near-field communication is enables devices to send very low-power radio signals to each other by using a special chip implanted in the device. This technology requires that the devices be extremely close or even touching each other. This technology is used for a wide variety of applications, including payments through NFC-enabled smartphones. Incorrect Answers: Neither 802.11 wireless nor Bluetooth technologies are used in this manner. Infrared does not use radio frequency technology; it enables communications between devices using a beam of light.
62
What is the second step in the incident response life cycle?
Correct Answer: Detection and analysis is the second step of the incident response life cycle. Incorrect Answers: In order, the steps of the incident response life cycle are preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.
63
What is the biggest difference between EAP-TLS and EAP-TTLS?
EAP-TLS needs server and client certifcates; EAP-TTLS only needs server certifcates. Incorrect Answers: The EAP standard does not define the use of signed or unsigned certificates, although most implementations require signed certificates.
64
A virtual LAN (VLAN) offers which of the following advantages for network security? (Choose two.)
Correct Answers: VLANs offer the security advantage of logically segmenting hosts, and they allow different segments to receive different security policies. Incorrect Answers: VLANs reduce the size of broadcast domains, not create them but this, in an of itself, does not improve network security. VLANs use logical segmentation, not physical segmentation.
65
The corporate IT manager wants you to implement a process that separates corporate apps from personal apps on mobile devices. Which of the following techniques will enable you to do this?
Correct Answer: Sandboxing separates applications from one another and does not allow them to share execution, user, or data space. Incorrect Answers: Whitelisting enables an administrator to determine which applications and other software the user is allowed to install and execute. Containerization is a technique used to separate different sensitivities of data, such as corporate and personal data on a mobile device. Blacklisting is a method that enables administrators to restrict users from installing and executing certain applications.
66
Which of the following utilities are specifically used to diagnose DNS issues? (Select Two)
Correct Answers: Both dig and nslookup are designed to query DNS servers. Incorrect Answers: One might argue that Nmap and ping might be used to diagnose DNS, but neither of them are specifically for DNS queries. Kali is a Linux distro, not a utility.
67
Risk assessment means evaluating which of the following elements? (Choose two.)
Correct Answers: Probability and impact values are evaluated and assessed during a risk assessment. Incorrect Answers: Threats and vulnerabilities do not have defined values.
68
Which of the following are two characteristics of strong passwords? (Choose two.)
Correct Answer: Password length and the use of additional character space are two important characteristics of password strength and complexity. Incorrect Answers: Neither authentication methods nor encryption strength directly affects password strength.
69
Which of the following describe a false reject rate? (Choose two.)
Explanation Correct Answer: A false reject rate (FRR) is the error caused from rejecting an authorized user; it is also called a Type I error. Incorrect Answer: A false acceptance rate (FAR) is the error caused when an unauthorized user is validated as authorized, also referred to as a Type II error.
70
Marisol sees a tremendous amount of traffic on TCP port 389 from the Internet. Which TCP/IP service should she inspect first?
Correct Answer: The Lightweight Directory Application Protocol (LDAP) uses TCP port 389. Incorrect Answers: SQL is a query language for directories. HTTPS is the secure HTTP protocol for Web pages. TLS is an authentication/encryption protocol.
71
Which of the following encryption protocols uses RC4 with small initialization vector sizes?
Correct Answer: WEP is a legacy wireless encryption protocol that has been determined to be very weak and easily broken. It uses the RC4 streaming protocol and weak initialization vectors (24-bit) to encrypt data on wireless networks. Incorrect Answers: WPA2 is an advanced encryption protocol that uses AES. WPA was an interim protocol used to correct some of WEP's weaknesses. It uses the TKIP protocol. 802.1X is a port-based authentication method, not a wireless encryption protocol.
72
All of the following are considered duties of a first responder to an incident, except:
Correct Answer: Notifying and coordinating with senior management and law enforcement officials is normally the job of a senior leader within the incident response team. Incorrect Answers: The primary job of a first responder is to secure the scene. They are also responsible for notifying the incident response team and initially determining the scope, seriousness, and impact of the incident.
73
Which of the following concepts should be the most important consideration when determining how to budget properly for security controls?
Correct Answer: The risk likelihood and impact should directly determine how much you budget for controls to prevent the occurrence of risk. Incorrect Answers: Asset identification does not require analysis of cost. Risk likelihood and impact are more accurate than threat of natural disaster and qualitative costs in determining how much a solution will actually cost.
74
Which of the following fire suppression chemicals was banned in 1987 and can no longer be used in data centers?
Correct Answer: Halon is a dangerous chemical that was previously used in data centers to suppress fires. However, it was banned in 1987 because it is also dangerous to human beings. Incorrect Answers: Water is still used to combat certain classes of fires. Carbon dioxide is used to combat both liquid and electrical fires. FM-200 has generally replaced Halon in data center fire suppression systems.
75
If a person knows a control exists, and this control keeps him or her from performing a malicious act, what type of control would this be classified as?
Correct Answer: A deterrent control keeps someone from performing a malicious act, provided that he or she knows the control is there and is aware of the consequences for violating it. Incorrect Answers: The difference between a deterrent control and a preventive control is that it is necessary for a potential attacker to have knowledge of the deterrent control for it to be effective. Users do not have to have knowledge of a preventative control for it to function. A corrective control is used to correct a condition when there is either no control at all, or when the existing control is ineffective. Normally, a corrective control is temporary until a more permanent solution is put into place. A compensating control assists and mitigates the risk when an existing control is unable to do so.
76
Which of the following secure e-mail protocols is carried over an SSL or TLS connection and uses TCP port 993?
Correct Answer: IMAPS (secure IMAP) is a secure version of the IMAP4 protocol used over SSL or TLS connections to provide for client e-mail security. Incorrect Answers: SMTP is a server-side e-mail protocol and is not used over SSL or TLS. SMTP uses TCP port 25. POP3 is a non-secure client-side e-mail protocol that uses TCP port 110. IMAP4 is a non-secure client-side e-mail protocol that uses TCP port 143.
77
Which of the following is a key agreement protocol used in public key cryptography?
Correct Answer: Elliptic Curve Diffie-Hellman (ECDH) is a key exchange protocol used in public key cryptography. It is used to negotiate, agree upon, and establish a secure session between two parties. Incorrect Answers: RSA (Rivest-Shamir-Adleman) is the most common public-private key generation algorithm used in public key cryptography. It is used to generate a public and private key pair. AES is the Advanced Encryption Standard, and it is not used in public key cryptography; it is a symmetric key cryptography algorithm. SHA-2 is the second iteration of the Secure Hashing Algorithm and is used to generate message digests for plaintext. It is not used in public key cryptography to exchange keys or establish secure sessions.
78
Which of the following terms indicates the length of time a device is expected to last in operation, and only a single, definitive failure will occur and will require that the device be replaced rather than repaired?
Correct Answer: The mean time to failure (MTTF) is the length of time a device is expected to last in operation. In MTTF, only a single, definitive failure will occur and will require that the device be replaced rather than repaired. Incorrect Answer: Mean time between failures (MTBF) represents the manufacturer's best guess (based on historical data) regarding how much time will pass between major failures of that component. This assumes that more than one failure will occur, which means that the component will be repaired, rather than replaced. Mean time to recovery (MTTR) is the amount of time it takes for a hardware component to recover from failure. Mean time to replace is not a valid term.
79
Which of the following ports would be most likely to allow secure remote access into a system within a data center?
L2TP aligns to TCP port 1701, allowing secure remote access to a system through a VPN connection. Incorrect Answer: UDP port 53 aligns to the Domain Name Service (DNS), UDP port 123 is used by Network Time Protocol (NTP) services, and TCP port 443 is used by HTTP over SSL
80
Which of the following types of public key cryptography uses a web of trust model?
Correct Answer: Pretty good privacy, or PGP, is commonly used between individuals or small groups of people, and it normally does not require a public key infrastructure. It uses a web of trust model, which means that each individual has to be able to trust every other individual who uses PGP to encrypt and decrypt data sent and received by them. Incorrect Answers: RSA is the de-facto key generation protocol used in public key cryptography, and it is normally used in a public key infrastructure type of environment. Diffie-Hellman Exchange (DHE) is a key negotiation and agreement protocol that is used to exchange keys and establish a secure communications session. AES is a symmetric key protocol not used in public key cryptography.
81
Which of the following authentication protocols uses a series of tickets to authenticate users to resources, as well as timestamps to prevent replay attacks?
Correct Answer: Kerberos is an authentication protocol used in Windows Active Directory. It uses a series of tickets and timestamps to authenticate individuals and prevent replay attacks. Incorrect Answers: MS-CHAP is a Microsoft version of the Challenge Handshake Authentication Protocol, used in earlier versions of Windows. It uses challenges and password hashes to authenticate individuals. EAP, the Extensible Authentication Protocol, is an authentication framework that can use several other protocols for secure access across both wired and wireless networks. SESAME (Secure European System for Applications in a Multivendor Environment) is a European-developed authentication protocol that can provide for single sign-on capability. It is not widely used and does not use tickets for authentication.
82
Which of the following secure file copy protocols is used over an SSL or TLS connection?
Correct Answer: FTPS is a secure version of the non-secure FTP protocol and is used over SSL or TLS connections to ensure security when transferring files to or from an Internet-based host. Incorrect Answers: FTP is a non-secure protocol used to copy files to and from Internet-based hosts. SCP is a secure copy protocol used to copy files securely to and from a networked host, and it uses SSH. SFTP is a secure file transfer protocol used to copy files to and from an Internet-based host, and it also uses SSH.
83
Which of the following secure protocols protects traffic during transmission and uses TCP port 443? (Choose two.)
Correct Answers: Both Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols are used to encrypt traffic sent over untrusted networks, such as the Internet. Incorrect Answers: Both use TCP port 443.SCP is part of the SSH protocol suite and is used to copy files securely from one host to another. SSH is a protocol used to connect to and administer hosts remotely. Both SCP and SSH use TCP port 22. UDP uses UDP port 69 and is totally unsecure.
84
If Bobby and Dawn exchange confidential encrypted e-mail messages using public and private key pairs, which of the following keys would Bobby need to encrypt confidential data in an e-mail message sent to Dawn?
Correct Answer: To encrypt information that Dawn can decrypt, using public and private key pairs, Bobby would need Dawn's public key to encrypt data that only her private key can decrypt. Incorrect Answers: Encrypting with Bobby's public key would allow only Bobby's private key to decrypt the data, and only he would possess that. Bobby would not possess Dawn's private key to encrypt data to her, and then only her public key, which everyone would have, would be able to decrypt it, so there would be no confidentiality involved. Bobby would not use his private key to encrypt data, because only his public key can decrypt it, and everyone could have that key, so no confidentiality would be assured.
85
Wissa is updating a printer driver on a Windows system. She downloads the latest driver from the manufacturer's Web site. When installing the driver, Windows warns that the driver is unsigned. To which of the following threats is Wissa exposing her system?
Correct Answer: A refactored driver will work correctly, but might also perform other, malicious actions. Incorrect Answers: Man-in-the-middle might be a result of the refactor, but is not the threat itself. Version control refers to formally tracking different versions of the baseline configuration. Shimming is a library that responds to inputs that the original device driver isn?t designed to handle and would require a separate file.
86
What size is the initialization vector (IV) for the Temporal Key Integrity Protocol (TKIP), used in the WPA standard?
Correct Answer: The IV size for TKIP is 48-bit. Incorrect Answers: The only valid IV size for TKIP is 48-bit.
87
How many rounds does DES perform when it encrypts plaintext?
DES uses 16 rounds of encryption. Incorrect Answers: DES does not use 32,64, or 128 rounds of encryption or decryption processes.
88
All of the following are characteristics of hashing, except:
Correct Answer: Hashes are produced from one-way mathematical functions and cannot be decrypted. Incorrect Answers: All of these are characteristics of hashing.
89
During which stage of a secure development model would you normally find steps such as requirements gathering, analysis, and diagram development?
Correct Answer: In the security requirements stage, requirements for different security functions are determined. Iterations of interviews and surveys might be developed and gathered and diagrams developed to show project milestones. Incorrect Answers: During the secure testing phase of the secure software development model, software is measured or tested against security, functional, and performance requirements. This may include secure code review, application fuzzing, and vulnerability assessments, as well as penetration testing. In the secure design stage, different security functionality is designed into the application. During the secure implementation of software, security requirements are validated as implemented in the application.
90
What type of organizations are the main users of an interconnection service agreement (ISA)?
Correct Answer: Telecoms use Interconnection Service Agreements. Incorrect Answers: Government entities use MOUs because contracts are not the primary method of agreements between entities of the same government but they do not use Interconnection Service Agreements because they don't run or manage Internet or Telecom traffic..
91
Which of the following terms refers to the practices of stealing or obtaining a user?s personal or account information, typically using voice over IP (VoIP) systems?
Correct Answer: Vishing (a combination of the terms voice and phishing) refers to social engineering attacks that make use of VoIP systems to spoof phone numbers, hide caller IDs, and so forth, to obtain personal or account information from unsuspecting users. Incorrect Answers: Phishing involves the use of e-mail targeted to users with a malicious web site link embedded in the e-mail. Whaling involves specifically targeting senior-level executives of an organization for social engineering attacks. VoIP hijacking is a nonexistent term in this context.
92
Which of the following is typically conducted as a first step in the overall business continuity/disaster recovery strategy?
Correct Answer: The business impact analysis (BIA) is a critical first step in developing the business continuity plan (BCP). It involves determining what risks are present and their effects on the business and its assets. Incorrect Answers: The BCP is the overall and final product that the BIA contributes to. The BIA must be completed as one of the first steps, as it essentially is the risk assessment for the BCP. The disaster recovery plan (DRP) concerns itself with recovering the assets and operations of the business immediately following a disaster. A system backup plan is but one element of the DRP and may or may not be one of the first things accomplished for that plan.
93
All of the following are considered elements of a password policy EXCEPT:
Password sharing typically will be in the acceptable use policy (AUP), as a directive to users about what they can and cannot do. Incorrect Answers: Password history, aging, and complexity will all typically be found in a password policy, as technical elements that describe how passwords should be constructed, implemented, and managed by administrators.
94
You are configuring IPSec on your network and need to allow for security association (SA) traffic to pass through the firewall. Which of the following ports does the Internet Key Exchange (IKE) protocol, which is the protocol responsible for the SA setup within IPSec, use?
IKE uses UDP port 500. Incorrect Answers: Port 443 is used by SSL, 22 is used by SSH, and 8080 does not fall into the range of well-known ports (0?1023) but is frequently used by proxy servers and other security devices.
95
Which authentication protocol uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server?
Correct Answer: Microsoft CHAP (MS-CHAP) uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server. Incorrect Answers: Neither EAP nor Kerberos uses MPPE. CHAP is the nonproprietary version and uses MD5 as its hashing algorithm.
96
Kerberos
Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication.[1] Kerberos uses UDP port 88 by default.
97
Which of the wireless encryption protocols uses the RC4 symmetric algorithm for encrypting wireless communication?
WEP (Wired Equivalent Privacy) uses a faulty implementation of the RC4 protocol, in addition to weak initialization vectors, making it an unsecure wireless protocol and as a result should never be used. Incorrect Answers: None of these other protocols use RC4.
98
RC4
RC4 is a stream symmetric cipher. It operates by creating long keystream sequences and adding them to data bytes. RC4 encrypts data by adding it XOR byte by byte, one after the other, to keystream bytes. The whole RC4 algorithm is based on creating keystream bytes.
99
Which of the following is used to identify certificates that are no longer valid for use?
The certificate revocation list (CRL) is used to identify invalid certificates. Incorrect Answers: A CAL is a client access license. PKS is a cryptographic file standard, and a CA is a certificate authority, which issues certificates.
100
bastion host
is a secure host outside the network.
101
intrusion prevention system (IPS)
is used to detect attacks and attempt to prevent them by rerouting traffic, blocking ports, etc.
102
FDE
full disk encryption
103
crossover error
A crossover error is a reference to biometric authentication factors.
104
mantrap
an area between two locked doors from which the second door cannot be opened until the first door is locked, is designed to allow only one person at a time to enter a facility, effectively preventing tailgating.
105
Collusion
Separation of duties and least privilege are two security principles designed to prevent collusion and elevated privileges, respectively.
106
Nonrepudiation
involves preventing a user from denying that he or she performed an action.
107
Cracking
typically involves passwords, not applications.
108
Bob logs on to the network and receives a message indicating that patches are not up to date and that he cannot be granted access to the network until patches are updated. What network feature is responsible for the message?
Network access control (NAC) can be used to prevent hosts from connecting to the network unless they meet certain security requirements, such as patch level, up-to-date antivirus signatures, and so forth.
109
fail-safe
by not doing anything to cause harm when the failure occurs.
110
fail-secure
device responds by making sure the device is using a secure state when a failure occurs.
111
Cross-site scripting (XSS)
enables attackers to inject client-side scripts into web pages viewed by others.
112
buffer overflow
A buffer overflow takes advantage of programming flaws that occur when data overwrites a program?s allocated memory address and enables arbitrary code to be executed in that address.
113
Which of the following best describes a minimum password age setting?
Correct Answer: A minimum password age requires that users must wait a certain amount of time before they are allowed to change passwords. Incorrect Answers: A maximum password age setting requires that users must change passwords after a certain amount of time. Passwords are typically good only for a certain amount of time, not through a certain date. Passwords typically cannot be reused until a certain number of password changes have occurred, preventing the use of the last specified number of passwords.
114
Which of the following wireless attacks specifically attempts to take control of or use Bluetooth-enabled cell phones to make unauthorized calls?
Bluebugging, the most serious of the various Bluetooth attacks, involves an attacker attempting to take control of or use a Bluetooth-enabled cell phone to place calls. Incorrect Answers: Bluejacking is the act of sending unsolicited messages or files to a Bluetooth device. Bluesnarfing is a more serious attack than Bluejacking and involves unauthorized access to information on a Bluetooth-enabled device. Bluesniffing is a false, nonexistent term.
115
When performing an investigation on a mobile device, you would like to ensure that you shield the device from sending or receiving signals. What would you use?
A Faraday cage can be used to shield devices from sending or receiving electronic signals. Incorrect Answers: A protocol analyzer is used to capture and view network traffic. A spectrum analyzer is used for site surveys when designing wireless networks. A signal reducer is not a device used in this context.
116
RARP
the Reverse Address Resolution Protocol, resolves MAC addresses to IP addresses' the exact opposite of ARP.
117
RADIUS
is a remote access authentication technology.
118
All of the following accurately describe the differences between TACACS and RADIUS EXCEPT:
TACACS encrypts all information between the client and server, whereas RADIUS only encrypts the passwords.
119
public key
is used to encrypt a message for him. Bob would then decrypt the message with his private key.
120
private key
used to decrypt, not encrypt, the message in this scenario.
121
Mitigated risk
risk that has been reduced to a lower level.
122
Accepted risk
is what risk the management authority chooses to accept with or without
123
message digest
or hash, can be used to verify the integrity of a message by comparing the original hash to one generated after receipt of the message. If the two match, then integrity is assured. If they do not match, then the message was altered between transmission and receipt.
124
Digital certificates
contain public keys that are distributed to users.
125
Symmetric keys
are not used to provide for integrity, but confidentiality.
126
AES
is a symmetric algorithm that replaces DES.
127
RSA
is an asymmetric algorithm used in public key cryptography.
128
Which of the following are considered symmetric encryption algorithms? (Choose two.)
AES and 3DES are considered encryption standards and use symmetric algorithms. Incorrect Answers: SHA and MD5 are hashing algorithms, and RSA is an asymmetric algorithm.
129
symmetric algorithms
AES and 3DES
130
hashing algorithms
SHA and MD5
131
asymmetric algorithm
RSA
132
Which of the following identifies an example of two-factor authentication?
Correct Answer: The use of a smartcard and PIN involves the use of two factors: something you have and something you know. Incorrect Answers: All of the other answers involve the use of only one factor: something you are or something you know, but not used together.
133
Which of the following algorithms is the stronger hashing algorithm?
SHA-1 (secure hashing algorithm) generates a 160-bit hash. Incorrect Answers; MD5 is a hashing algorithm that generates a 128-bit hash, which is weaker than SHA-1. 3DES and AES-256 are symmetric encryption algorithms, not hashing algorithms
134
When users connect to the wireless network, management wants them to receive a message asking them to agree to the terms of use before being granted wireless network access. What network service could be used to perform this goal?
When users connect to the wireless network, management wants them to receive a message asking them to agree to the terms of use before being granted wireless network access. What network service could be used to perform this goal?
135
Which of the following keys is used for nonrepudiation?
orrect Answer: The private key, when used for nonrepudiation, is used to encrypt text that anyone who possesses the public key can decrypt. This assures that only the person owning the private key could have encrypted it, ensuring that he or she is the one who performed the action. Incorrect Answers: Used in this scenario, this does not guarantee confidentiality, but it does provide for nonrepudiation. Symmetric keys and hashes do not provide for nonrepudiation, because they cannot be used to guarantee who sent a message or performed an action. Public keys can be in the possession of anyone and are used in this case to verify that the private key was used to encrypt the text for nonrepudiation.
136
Which of the following terms is most accurately defined by the amount of time a business can survive without a particular function?
Correct Answer: The maximum tolerable downtime (MTD) indicates how long an asset may be down or offline without seriously impacting the organization. Incorrect Answers: The mean time between failures is an estimate of how long a piece of equipment will perform before failure. The recovery point objective and recovery time objective refer to how much data may be lost during a failure or disaster and the maximum amount of time it must take to recover the system or data, respectively, before the organization is seriously impacted.
137
smurf attack
A smurf attack is a type of ICMP attack where large amounts of ping packets are sent from a spoofed IP address on the network to the network broadcast address, causing many replies back to the victim and possibly bringing about a denial of service. A smurf attack is an example of a DDoS attack.
138
SMTP Port
SMTP uses port 25, not port 110. Port 110 is used by POP3 to receive e-mail messages.
139
POP3 Port
110
140
All of the following are advantages to using NAT, EXCEPT:
Correct Answer: Even when using NAT, firewalls and security devices are required on a network boundary. Incorrect Answers: All of these are advantages to using NAT.
141
An example of the risk mitigation strategy that involves transferring risk to another entity would be:
Correct Answer: Insurance is a method of risk transference where the organization pays a premium for the insurance company to assume the risk. If a disaster or event occurs, the organization is paid for its losses. Incorrect Answers: Separation of duties transfers key duties to another individual but does not transfer the risk away from the organization. A service-level agreement between two parties specifies levels of service and support, but the organization still maintains risk. An alternate site is used to transfer operations from a primary site in the event of a disaster, but the risk is still borne by the organization.
142
Which of the following security measures helps ensure data protection in the event a mobile device is lost or stolen?
Correct Answer: Remote drive or disk wiping is used to ensure data protection and confidentiality on a mobile device in the event it is lost or stolen. Incorrect Answers: Remote destruction and remote encryption are invalid terms in this context. Remote access enables a remote user to authenticate to and access an organization's private network.
143
Which of the following statements bests describes a Trusted Platform Module?
Correct Answer: A Trusted Platform Module (TPM) is a hardware device, usually in the form of an embedded chip, that performs cryptographic functions, such as encrypting an entire hard drive. Incorrect Answers: None of these are valid choices to describe a Trusted Platform Module.
144
n a PKI infrastructure, what is the name of the list that contains all the certificates that have been deemed invalid?
Correct Answer: A certificate revocation list (CRL) contains a list of all invalid or revoked certificates. Incorrect Answers: A certificate denial list and certificate invalidation list are false choices and do not exist. A certificate authority is responsible for issuing certificates.
145
Which of the following protocols uses IPSec to ensure confidentiality?
Correct Answer: IPSec provides encryption services for L2TP when used in a VPN implementation. Incorrect Answers: None of these protocols use IPSec for encryption services.
146
Mutual authentication
requires both sides of a communications session to authenticate to each other.
147
You are troubleshooting a communication problem with an application that sends data to a remote system. What tool can you use to view the traffic being sent on the network by the application?
In order to view network traffic, it must be sniffed or captured using a protocol analyzer (sometimes called a sniffer). Incorrect Answers: These devices cannot be used to capture and view network traf
148
FTP Port
21
149
SSH , SCP, SFTP Port
22
150
Telnet Port
23
151
SMTP Port
25
152
DNS Port
53 TCP/UDP
153
TFTP Port
69 UDP
154
HTTP Port
80
155
Kerberos
88 TCP/UDP
156
POP3 Port
110 TCP
157
NNTP Port
119 TCP
158
RPC/DCOM-scm
135 TCP/UDP
159
NETBIOS
137,138,139 TCP
160
IMAP Mail
143 TCP
161
SNMP Agent
161 UDP
162
SNMP Trap
162 TCP/UDP
163
LDAP
389 TCP/UDP
164
HTTPS Port
443 TCP
165
SMB Shared files Port
445 TCP
166
SNMP with SSL/TLS email over Internet
465/587 TCP
167
SYSLOG
514 UDP
168
LDAP
636 TCP/UDP
169
ISCSI Storage Area Networks
860 TCP
170
FTPS Host to Host File transfer
989/990 TCP
171
IMAP4 with SSL/TLS
993 TCP
172
POP3 SSL/TLS
995 TCP
173
SQL
1433 TCP
174
RADIUS Remote Authentication Dail in Service
1645, accounting 1646 UDP - stamdard 1812/1813
175
L2TP VPN Layer 2 Tunneling protocol no inherit security pair with iPsec
1701 UDP
176
PPTP Tunneling underlying VPN protocol with security
1723 TCP/UDP
177
FCPIP Fiber Channel IP, Storage area networks
3225 TCP/UDP
178
iSCSI Targe Port, Target listenting port for a iSCSI targeted device when linking data storage over IP
3260 TCP
179
RDP
3389 TCP/UDP
180
Diameter replaices RADIUS
3868 TCP
181
Syslog over TLS computer message logging, especially for routers and firewall logs over TLS encrytped connection
6514 TCP
