Practice Test (2)

Question 1

One of your colleagues attempted to ping a computer name and received the response of fe80::3281:80ea:b72b:0b55. What type of address did the colleague view?

IPv6

IPv4

MAC address

Answer 1

IPv6

An IPv6 address is a 128-bit address that uses hexadecimal values (0–9 and A–F)

Question 2

Which of the following defines the act of sending unsolicited messages to nearby Bluetooth devices?

Bluesnarfing

Brute force

Bluejacking

Answer 2

Bluejacking

Bluejacking is the act of sending unsolicited messages from one Bluetooth device to another Bluetooth device such as smartphones, tablets, and laptop computers

Question 3

You are a system administrator and you are creating a public and private key pair. You have to specify the key strength. Which of the following would be your best choice?

RSA

DES

MD5

Answer 3

RSA

RSA is an asymmetric algorithm that uses private and public keys to encrypt and decrypt data

Question 4

You are the security administrator for the sales department and the department needs to email high volumes of sensitive information to clients to help close sales. All emails go through a DLP scanner. Which of the following is the best solution to help the department protect the sensitive information?

Automatically encrypt outgoing emails.

Monitor all outgoing emails.

Automatically encrypt incoming emails.

Answer 4

Automatically encrypt outgoing emails.

Automatically encrypting outgoing emails will protect the company’s sensitive email that may contain personally identifiable information. Should the email be intercepted, the attacker wouldn’t be able to read the information contained in the email

Question 5

You are the IT security officer of your company and have established a security policy that requires users to protect all sensitive documents to avoid their being stolen. What policy have you implemented?

Separation of duties

Clean desk

Job rotation

Answer 5

Clean desk

Clean desk policy ensures that all sensitive/confidential documents are removed from an end-user workstation and locked up when the documents are not in use

Question 6

Which of the following options can a security administrator deploy on a mobile device that will deter undesirable people from seeing the data on the device if it is left unattended?

Screen lock

Push notification services

Remote wipe

Answer 6

Screen lock

The screen lock option can be enabled to prevent an unauthorized person from viewing the data on a device should the owner leave it unattended. This option can be configured to enable within seconds to minutes if device is unattended

Question 7

You are a system administrator and are asked to prevent staff members from using each other’s credentials to access secured areas of the building. Which of the following will best address this request?

Install a biometric reader at the entrance of the secure area.

Install a proximity card reader at the entrance of the secure area.

Implement least privilege.

Answer 7

Install a biometric reader at the entrance of the secure area.

Biometrics are a person’s physical characteristics, such as a fingerprint, retina, hand geometry, and voice

Question 8

A sales manager has asked for an option for sales reps who travel to have secure remote access to your company’s database server. Which of the following should you configure for the sales reps?

VPN

WLAN

NAT

Answer 8

VPN

A virtual private network (VPN) creates an encrypted connection between a remote client and a private network over an insecure network such as the Internet

Question 9

An attacker tricks one of your employees into clicking on a malicious link that causes an unwanted action on the website the employee is currently authenticated to. What type of attack is this?

Replay

Cross-site request forgery

Cross-site scripting

Answer 9

Cross-site request forgery

A cross-site request forgery attack occurs when an attacker tricks a user into performing unwanted actions on a website the user is currently authenticated to

Question 10

Which of the following is considered the strongest access control?

RBAC

DAC

MAC

Answer 10

MAC

The correct answer is mandatory access control (MAC). Access is controlled by comparing security labels with security clearances such as Confidential, Secret, and Top Secret

Question 11

Your company wants to expand its data center, but has limited space to store additional hardware. The IT staff needs to continue their operations while expansion is underway. Which of the following would best accomplish this expansion idea?

IaaS

Virtualization

Public cloud

Answer 11

Virtualization

Virtualization allows the creation of virtual resources such as a server operating system. Multiple operating systems can run on one machine by sharing the resources such as RAM, hard drive, and CPU

Question 12

Which of the following algorithms have known collisions? (Choose two.)

MD5

AES

SHA

SHA-256

RSA

Answer 12

MD5

SHA

MD5 and SHA have known cases of collisions

Question 13

Which of the following must a security administrator implement to allow customers, vendors, suppliers, and other businesses to obtain information while preventing access to the company’s entire network?

Internet

Extranet

Honeynet

Answer 13

Extranet

An extranet will give customers, vendors, suppliers, and other business access to a controlled private network while preventing them from accessing the company’s entire network

Question 14

The head of HR is conducting an exit interview with an IT network administrator named Matt. The interview questions include Matt’s view of his manager, why he is leaving his current position, and what he liked most about his job. Which of the following should also be addressed in this exit interview?

Job rotation

Background checks

Property return form

Answer 14

Property return form

A property return form properly records all equipment, keys, and badges that must be surrendered to the company when the employee leaves the company

Question 15

Which of the following is considered the least secure authentication method?

CHAP

NTLM

PAP

Answer 15

PAP

Password Authentication Protocol (PAP) is an authentication protocol that sends the username and password as plain text to the authentication server

Question 16

You are a security administrator for your company and have been asked to recommend a secure method for storing passwords due to recent brute-force attempts. Which of the following will provide the best protection? (Choose two.)

ROT13

BCRYPT

RIPEMD

PBKDF2

Answer 16

BCRYPT

PBKDF2

BCRYPT and PBKDF2 use key stretching to reduce brute-force attacks against vulnerabilities of encrypted keys. Both are considered password hashing functions

Question 17

You installed a WAP for a local coffee shop and have discovered the signal is extending into the parking lot. Which of the following configurations will best correct this issue?

Change the antenna type.

Disable the SSID broadcast.

Reduce the signal strength for indoor coverage only.

Answer 17

Reduce the signal strength for indoor coverage only.

The correct answer is to reduce the signal strength for indoor coverage only. This action will prevent potential attackers from accessing the wireless access point and possibly compromising the users currently connected. Having the signal limited inside the business will help determine who is possibly connected

Question 18

You are a network administrator for a bank. A branch manager discovers that the deskside employees have the ability to delete lending policies found in a folder within the file server. You review the permissions and notice the deskside employees have “modify” permissions to the folder. The employees should have read permissions only. Which of the following security principles has been violated?

Time-of-day restrictions

Separation of duties

Least privilege

Answer 18

Least privilege

Least privilege gives users the lowest level of rights so they can do their job to limit the potential chance of security breach

Question 19

Which of the following concepts of cryptography ensures integrity of data by the use of digital signatures?

Steganography

Key exchange

Hashing

Answer 19

Hashing

Hashing transforms a string of characters into a key that represents the original string. When the string of characters is transformed and compared to the original hash, it will identify whether the string has been modified

Question 20

Your manager has asked you to recommend a public key infrastructure component to store certificates that are no longer valid. Which of the following is the best choice?

Intermediate CA

CSR

CRL

Answer 20

CRL

A certificate revocation list (CRL) is a list of certificates that were revoked by a CA before their expiration date. The certificates listed in the CRL should not be considered trusted

Question 21

You are a backup operator and receive a call from a user asking you to send sensitive documents immediately because their manager is going to a meeting with the company’s executives. The user states the manager’s files are corrupted and he is attending the meeting in the next 5 minutes. Which of the following forms of social engineering best describes this situation?

Scarcity

Consensus

Intimidation

Answer 21

Intimidation

The user is using an intimidation tactic to get the employee to take action quickly. Sometimes intimidation tactics can be combined with other principles such as urgency

Question 22

Which of the following controls can you implement together to prevent data loss if a mobile device is lost or stolen? (Choose two.)

Geofencing

Full-device encryption

Screen locks

Push notification services

Answer 22

Full-device encryption

Screen locks

The correct answers are full-device encryption and screen locks. Full-device encryption encodes all the user’s data on a mobile device by using an encrypted key, and enabling screen lock prevents an unauthorized person from viewing the data on a device should the owner leave it unattended

Question 23

A chief security officer (CSO) notices that a large number of contractors work for the company. When a contractor leaves the company, the provisioning team is not notified. The CSO wants to ensure the contractors cannot access the network when they leave. Which of the following polices best supports the CSO’s plan?

Account lockout policy

Enforce password history

Account expiration policy

Answer 23

Account expiration policy

Account expiration policy will prevent the contracts from attempting to access the network after they leave. The provisioning team can set a date when the contract is set to leave, and the user will not be able to have access to systems within the company’s network

Question 24

The CISO wants to strengthen the password policy by adding special characters to users’ passwords. Which of the following control best achieves this goal?

Password complexity

Password length

Password history

Answer 24

Password complexity

Password complexity is a rule that demands inclusion of three of the four following character sets: lowercase letters, uppercase letters, numerals, and special characters

Question 25

Which of the following deployment models allows a business to have more control of the devices given to employees that handle company information?

COPE

BYOD

CYOD

Answer 25

CYOD

CYOD (Choose Your Own Device) allows an employee to choose from a limited number of devices. The business can also limit the usage of the device to work activities only

Question 26

A network administrator uses their fingerprint and enters a PIN to log onto a server. Which of the following best describes this example?

Identification

Single authentication

Multifactor authentication

Answer 26

Multifactor authentication

Multifactor authentication requires more than one method of authentication from independent credentials: something you know, something you have, and something you are

Question 27

Your company wants to perform a privacy threshold assessment (PTA) to identify all PII residing in its systems before retiring hardware. Which of the following would be examples of PII? (Choose two.)

Date of birth

Email address

Race

Fingerprint

Answer 27

Email address

Fingerprint

The correct answers are email address and fingerprint. Personally identifiable information (PII) is any information that can be used to distinguish or trace an individual’s identity

Question 28

Your HIPS is incorrectly reporting legitimate network traffic as suspicious activity. What is this best known as?

False positive

False negative

Credentialed

Answer 28

False positive

The correct answer is a false positive. When legitimate data enters a system and the host intrusion prevention system (HIPS) mistakenly marks it as malicious, it is referred to as a false positive

Question 29

Matt, a network administrator, is asking how to configure the switches and routers to securely monitor their status. Which of the following protocols would he need to implement on the devices?

SNMP

SMTP

SNMPv3

Answer 29

SNMPv3

The correct answer is SNMPv3. Simple Network Management Protocol (SNMP) collects and organizes information about managed devices on an IP network. SNMPv3 is the newest version and its primary feature is enhanced security

Question 30

Your company has issued a hardware token-based authentication to administrators to reduce the risk of password compromise. The tokens display a code that automatically changes every 30 seconds. Which of the following best describes this authentication mechanism?

TOTP

HOTP

Smartcard

Answer 30

TOTP

A Time-Based One-Time Password (TOTP) is a temporary passcode that is generated for the use of authenticating to a computer system and the passcode is valid for a certain amount of time—for example, 30 seconds

Question 31

You are the network administrator for your company’s Microsoft network. Your CISO is planning the network security and wants a secure protocol that will authenticate all users logging into the network. Which of the following authentication protocols would be the best choice?

RADIUS

TACACS+

Kerberos

Answer 31

Kerberos

Kerberos is an authentication protocol that uses tickets to allow access to resources within the network

Question 32

Which of the following is not a vulnerability of end-of-life systems?

When systems can’t be updated, firewalls and antiviruses are not sufficient protection.

Out-of-date systems can result in fines in regulated industries.

When an out-of-date system reaches the end-of-life, it will automatically shut down.

Answer 32

When an out-of-date system reaches the end-of-life, it will automatically shut down.

The correct answer is C. This is not a vulnerability, because most systems will not automatically shut down when they have reached their end-of-life period

Question 33

Which of the following statements are true regarding viruses and worms? (Choose two.)

A virus is a malware that self-replicates over the network.

A worm is a malware that self-replicates over the network.

A virus is a malware that replicates by attaching itself to a file.

A worm is a malware that replicates by attaching itself to a file.

Answer 33

A worm is a malware that self-replicates over the network.

A virus is a malware that replicates by attaching itself to a file.

A worm self-replicates itself over the network to consume bandwidth and a virus needs to be attached to a file to be replicated over the network

Question 34

Which of the following wireless attacks would be used to impersonate another WAP to obtain unauthorized information from nearby mobile users?

Rogue access point

Evil twin

Bluejacking

Answer 34

Evil twin

An evil twin is a fake access point that looks like a legitimate one. The attacker will use the same network name and transmit beacons to get a user to connect. This allows the attacker to gain personal information without the end user knowing

Question 35

Tony, a security administrator, discovered through an audit that all the company’s access points are currently configured to use WPA with TKIP for encryption. Tony needs to improve the encryption on the access points. Which of the following would be the best option for Tony?

WPA2 with CCMP

WEP

WPA with CCMP

Answer 35

WPA2 with CCMP

WPA2 with CCMP provides data confidentiality and authentication. CCMP uses a 128-bit key, which is considered secured against attacks

Question 36

Your department manager assigns Tony, a network administrator, the job of expressing the business and financial effects that a failed SQL server would cause if it was down for 4 hours. What type of analysis must Tony perform?

Security audit

Asset identification

Business impact analysis

Answer 36

Business impact analysis

Business impact analysis (BIA) usually identifies costs linked to failures. These costs may include equipment replacement, salaries paid to employees to catch up with loss of work, and loss of profits

Question 37

You are the security administrator for a local hospital. The doctors want to prevent the data from being altered while working on their mobile devices. Which of the following would most likely accomplish the request?

Cloud storage

Wiping

SIEM

Answer 37

Cloud storage

Cloud storage offers protection from cyberattacks since the data is backed up. Should the data become corrupted, the hospital can recover the data from cloud storage

Question 38

You are a Unix engineer, and on October 29 you discovered that a former employee had planted malicious code that would destroy 4,000 servers at your company. This malicious code would have caused millions of dollars worth of damage and shut down your company for at least a week. The malware was set to detonate at 9:00 a.m. on January 31. What type of malware did you discover?

Logic bomb

RAT

Spyware

Answer 38

Logic bomb

A logic bomb is a malicious code that is inserted intentionally and designed to execute under certain circumstances. It is designed to display a false message, delete or corrupt data, or have other unwanted effects

Question 39

Which of the following is defined as hacking into a computer system for a politically or socially motivated purpose?

Hacktivist

Insider

Script kiddie

Answer 39

Hacktivist

A hacktivist’s purpose is to perform hacktivism. This is the act of hacking into a computer system for a politically or socially motivated purpose

Question 40

A network administrator with your company has received phone calls from an individual who is requesting information about their personal finances. Which of the following type of attack is occurring?

Whaling

Phishing

Vishing

Answer 40

Vishing

Vishing is a type of social engineering attack that tries to trick a person into disclosing secure information over the phone or a Voice over IP (VoIP) call

Question 41

Which of the following can be restricted on a mobile device to prevent security violations? (Choose three.)

Third-party app stores

Biometrics

Content management

Rooting

Sideloading

Answer 41

Third-party app stores

Rooting

Sideloading

The correct answers are third-party app store, rooting, and sideloading. Restricting these options will increase the security of a device. Third-party app stores can carry apps that may contain malware. Companies will allow certain apps to be downloaded. Rooting is the process of gaining privileged control over a device. For a user with root access, anything is possible, such as installing new applications, uninstalling system applications, and revoking existing permissions. Sideloading is installing applications on a mobile device without using an official distributed scheme

Question 42

Which of the following does a remote access VPN usually rely on? (Choose two.)

IPSec

DES

SSL

SFTP

Answer 42

IPSec

SSL

The correct answers are IPSec and SSL. IPSec protects IP packets that are exchanged between the remote network and an IPSec gateway, which is located on the edge of a private network. Secure Socket Layer (SSL) usually supplies a secure access to a single application

Question 43

Matt, a security administrator, wants to use a two-way trust model for the owner of a certificate and the entity relying on the certificate. Which of the following is the best option to use?

WPA

Object identifiers

PKI

Answer 43

PKI

Public Key Infrastructure (PKI) distributes and identifies public keys to users and computers securely over a network. It also verifies the identity of the owner of the public key

Question 44

If domain A trusts domain B, and domain B trusts domain C, then domain A trusts domain C. Which concept does this describe?

Federation

Single sign-on

Transitive trust

Answer 44

Transitive trust

Transitive trust is a two-way relationship that is created between parent and child domains in a Microsoft Active Directory forest. When a child domain is created, it will share the resources with its parent domain automatically. This allows an authenticated user to access resources in both the child and parent domains

Question 45

A user entered a username and password to log into the company’s network. Which of the following best describes the username?

Authentication

Identification

Accounting

Answer 45

Identification

Identification is used to identify a user within the system. It allows each user to distinguish itself from other users

Question 46

Which of the following tools can be used to hide messages within a file?

Data sanitization

Steganography

Tracert

Answer 46

Steganography

Steganography is the practice of hiding a message such as a file within a picture

Question 47

Which of the following is best used to prevent ARP poisoning on a local network? (Choose two.)

Antivirus

Static ARP entries

Patching management

Port security

Answer 47

Static ARP entries

Port security

The correct answers are static ARP entries and port security. Static ARP entry is the process of assigning a MAC address to an IP address to prevent an attacker from poisoning the cache. Disabling unused physical ports will prevent an attacker from plugging in their laptop and performing an ARP poisoning

Question 48

Which of the following is the best practice to place at the end of an ACL?

USB blocking

MAC filtering

Implicit deny

Answer 48

Implicit deny

Implicit deny is placed at the bottom of the list. If traffic goes through the ACL list of rules and isn’t explicitly denied or allowed, implicit deny will deny the traffic as it is the last rule. In other words, if traffic is not explicitly allowed within an access list, then by default it is denied