Session 3

Question 1

A business need exists for a business to make sure they can be up and running at a moment’s notice in case of a disaster. What type of site needs to be set up?
Choices:

A - Hot
B - Cold
C - Warm
D - Urgent

Answer 1

A - Hot

Question 2

What is the implementation of policies, controls, and procedures to recover from a disaster called?
Choices:

A - Hot site planning
B - Warm site planning
C - Business continuity planning
D - Disaster recovery planning

Answer 2

C - Business continuity planning

Question 3

What is the most important reason for keeping legacy systems on a separate network segment?
Choices:

A - Legacy systems are often not supported
B - Legacy systems can slow down the network
C - Legacy systems are often incompatible with the current network
D - Legacy systems are often incompatible with the current server operating system

Answer 3

A - Legacy systems are often not supported

Question 4

A business has five main applications. One is subject to HIPAA requirements. What is the best way to secure the overall network?
Choices:

A - Host the HIPAA application virtually
B - Host the HIPAA application on a different subnet
C - Make sure all five applications conform to HIPAA requirements
D - Train all users in HIPAA requirements, even if they do not use the HIPAA application

Answer 4

A - Host the HIPAA application virtually

Question 5

What type of update is most common to a router?
Choices:

A - OS
B - Driver
C - Feature
D - Firmware

Answer 5

D - Firmware

Question 6

What type of update is most commonly associated with enhancing device functionality?
Choices:

A - OS
B - Driver
C - Feature
D - Firmware

Answer 6

B - Driver

Question 7

Which of the following updates would be considered a major update?
Choices:

A - 3.1.7
B - 3.0.0
C - 3.1.1
D - 3.1.1.1

Answer 7

B - 3.0.0

Question 8

Why should vulnerability patches be installed as soon as possible?
Choices:

A - They fix viruses
B - They offer new features
C - They fix functionality issues
D - They fix potential security threats

Answer 8

D - They fix potential security threats

Question 9

In which type of policy do users acknowledge that their network activity is being tracked?
Choices:

A - Network
B - Security
C - Acceptable use
D - Consent to monitoring

Answer 9

D - Consent to monitoring

Question 10

Which policy addresses the use of personal USB drives on corporate machines?
Choices:

A - Network
B - Security
C - Acceptable use
D - Consent to monitoring

Answer 10

C - Acceptable use

Question 11

Which is the best first step in avoiding user risk in network security?
Choices:

A - Business continuity
B - Vulnerability scanning
C - End-user awareness and training
D - Adherence to standards and policies

Answer 11

C - End-user awareness and training

Question 12

A network administrator is about to make a major update to a server. The administrator wants to take a snapshot of the current configuration so that the update can be rolled back if needed. What is this snapshot called?
Choices:

A - Baseline
B - Graphing
C - Log management
D - Asset management

Answer 12

A - Baseline

Question 13

Which is true about on-boarding and off-boarding a mobile device?
Choices:

A - On-boarding involves placing it on the network while off-boarding involves removing it from the
network
B - On-boarding involves placing it on the network while off-boarding involves removing company-
owned applications and resources
C - On-boarding is the process of getting a mobile device ready for network connectivity while off-
boarding involves removing it from the network
D - On-boarding is the process of getting a mobile device ready for network connectivity while off-
boarding involves removing company-owned applications and resources

Answer 13

D - On-boarding is the process of getting a mobile device ready for network connectivity while off-
boarding involves removing company-owned applications and resources

Question 14

What is the role of a first responder?
Choices:

A - To start chain of custody
B - To start forensics analysis
C - To be the first to collect evidence in an incident
D - To see if a potential security incident is indeed an incident

Answer 14

D - To see if a potential security incident is indeed an incident

Question 15

What is the release of secure information to an untrusted environment known as?
Choices:

A - Data breach
B - Data incident
C - Information breach
D - Information incident

Answer 15

A - Data breach

Question 16

A network administrator wants to exploit weaknesses in network security. What should the administrator conduct?
Choices:

A - Session hijacking
B - Social engineering
C - Penetration testing
D - Vulnerability scanning

Answer 16

C - Penetration testing

Question 17

What is the main method for a denial of service (DoS) attack?
Choices:

A - Turn off all network services
B - Attack and turn off all of the routers in a network
C - Take over the administrator account and change its password
D - Overload a network with traffic so that there is no bandwidth left

Answer 17

D - Overload a network with traffic so that there is no bandwidth left

Question 18

Which is a collection of computers that contain malicious software that can be controlled remotely?
Choices:

A - Botnet
B - Zombie
C - Keylogger
D - Trojan horse

Answer 18

A - Botnet

Question 19

A flood of ping requests have come into the network, causing the regular network functionality to slow down, and, in some cases, stop. What is this best described as?
Choices:

A - Botnet
B - Traffic spike
C - Smurf attack
D - Coordinated attack

Answer 19

B - Traffic spike

Question 20

A user calls the help desk and says that when accessing an internal website, the user is being redirected to a site that is asking for personal information. This is most likely what type of attack?
Choices:

A - DNS
B - Phishing
C - Spoofing
D - ARP cache poisoning

Answer 20

A - DNS

Question 21

A network attack in which an attacker sends a UDP request to a server managing time and then gets a response containing multiple responses is what type of attack?
Choices:

A - NTP
B - DNS
C - Smurf
D - Kerberos

Answer 21

A - NTP

Question 22

A junior network administrator is learning about DoS attacks. The administrator stages an NTP attack. The only problem is the administrator thought he/she was on the testing network but this was done in production. What type of DoS attack is this?
Choices:

A - Inside
B - Physical
C - Distributed
D - Unintentional

Answer 22

D - Unintentional

Question 23

A DoS attack on a network has taken place. Upon examining the situation, it is determined that the only way to end the attack is to change the IP address of the router on the network. What type of DoS attack has taken place?
Choices:

A - Reflective
B - Distributed
C - Permanent
D - Unintentional

Answer 23

C - Permanent

Question 24

What type of attack involves a TCP attack in which packets are never acknowledged?
Choices:

A - Reflective
B - SYN flood
C - ACK flood
D - Brute force

Answer 24

B - SYN flood

Question 25

Which type of attack spoofs UDP packets to a network’s broadcast address?
Choices:

A - Fraggle
B - Smurfing
C - Brute force
D - Ping of Death

Answer 25

A - Fraggle

Question 26

A wireless access point added to a network without permission is known as what type of access point?
Choices:

A - Evil twin
B - Smurfing
C - Session hijack
D - Rogue access point

Answer 26

D - Rogue access point

Question 27

A junior network administrator asks a senior network administrator about wardriving. How would the senior network administrator respond?
Choices:

A - Wardriving is the act of driving around looking for evil twins
B - Wardriving is the act of driving around looking for rogue access points
C - Wardriving is the act of driving around looking for an open wireless access point
D - Wardriving is the act of driving around looking for a chalk mark indicating an open wireless

Answer 27

C - Wardriving is the act of driving around looking for an open wireless access point

Question 28

Which is the process of sending unsolicited messages over a Bluetooth connection?
Choices:

A - Bluejacking
B - Bluesnarfing
C - Bluehijacking
D - Bluemessaging

Answer 28

A - Bluejacking

Question 29

Which is the process of gaining unauthorized access to a Bluetooth connection and then viewing, copying, or deleting data?
Choices:

A - Bluejacking
B - Bluesnarfing
C - Bluehijacking
D - Bluemessaging

Answer 29

B - Bluesnarfing

Question 30

A person attempting to hack a network is doing so through constantly trying to guess the Administrator account password. What type of attack is taking place?
Choices:

A - Dictionary
B - Brute force
C - Session hijacking
D - Man-in-the-middle

Answer 30

B - Brute force

Question 31

Which is an attack that steals session information from a user and uses it to make the recipient think the original session with the original user is still open?
Choices:

A - Spoofing
B - Zero day attack
C - Session hijacking
D - Session engineering

Answer 31

C - Session hijacking

Question 32

Two users are having an instant message conversation. One user gets up and forgets to lock the machine. A disgruntled employee sits down and keeps the conversation going, obtaining confidential information during the conversation. What type of attack is this?
Choices:

A - Brute force
B - Session hijacking
C - Man-in-the-middle
D - Social engineering

Answer 32

C - Man-in-the-middle

Question 33

Which is an attack that uses a VLAN to gain access to resources on other VLANs?
Choices:

A - VLAN hopping
B - VLAN hijacking
C - VLAN smurfing
D - VLAN engineering

Answer 33

A - VLAN hopping

Question 34

Which are types of malware that will typically degrade network performance? Choose three.
Choices:

A - Virus
B - Worm
C - Trojan horse
D - Social engineering

Answer 34

A - Virus
B - Worm
C - Trojan horse

Question 35

What is often perceived as the biggest threat to network security?
Choices:

A - Open ports
B - Unsecure protocols
C - Disgruntled employees
D - Unnecessary running services

Answer 35

C - Disgruntled employees

Question 36

What is the best way to reduce vulnerabilities in network services?
Choices:

A - Make sure all services are patched
B - Turn off services that are not needed
C - Make sure all services are encrypted
D - Use a domain account as the service account

Answer 36

B - Turn off services that are not needed

Question 37

A network administrator wants to find open ports on a system. What tool should the administrator use?
Choices:

A - Port mapper
B - Port scanner
C - Port replicator
D - Protocol analyzer

Answer 37

B - Port scanner

Question 38

What is a major vulnerability for transferring data through wireless networks?
Choices:

A - Using WEP encryption
B - Unencrypted channels
C - Broadcasting the SSID
D - Turning off MAC filtering

Answer 38

B - Unencrypted channels

Question 39

Which protocol sends a username and password in clear text?
Choices:

A - PAP
B - RSA
C - CHAP
D - MS-CHAP

Answer 39

A - PAP

Question 40

Which protocol is not considered secure for logging into UNIX systems?
Choices:

A - SSH
B - SLIP
C - TFTP
D - Telnet

Answer 40

D - Telnet

Question 41

Why is it not a good idea to log into a website if the URL starts with HTTP?
Choices:

A - In HTTP, data is encrypted
B - In HTTP, data is not encrypted
C - HTTP does not support biometrics
D - In HTTP, passwords are not covered up when entered

Answer 41

B - In HTTP, data is not encrypted

Question 42

A user needs to transfer a file to a business partner, but the file is too large for email. What is a good alternative to email for transferring files?
Choices:

A - FTP
B - SLIP
C - HTTP
D - Telnet

Answer 42

A - FTP

Question 43

Which is a better alternative to Telnet given that it is more secure than Telnet?
Choices:

A - SSL
B - SSH
C - SFTP
D - HTTPS

Answer 43

B - SSH

Question 44

What does SNMPv3 support that SNMPv2 does not?
Choices:

A - Encryption
B - Automation
C - Accounting
D - Authorization

Answer 44

A - Encryption

Question 45

What should a URL start with if a website requires the user to log in?
Choices:

A - FTP
B - HTTP
C - SFTP
D - HTTPS

Answer 45

D - HTTPS

Question 46

Which is the switch security feature that limits connectivity to its network to a specific list of IP addresses?
Choices:

A - ARP inspection
B - DHCP snooping
C - IP address filtering
D - MAC address filtering

Answer 46

B - DHCP snooping

Question 47

Which switch port security feature, when set up, will drop data packets from invalid IP-to-MAC address bindings?
Choices:

A - ARP inspection
B - DHCP snooping
C - IP address filtering
D - MAC address filtering

Answer 47

A - ARP inspection

Question 48

Twenty users are in one building in a LAN; ten are in sales and the other 10 in administrative positions. Their job duties and permission needs to the network differ greatly between the two groups. What is the best way to set two networks up, one for each group?
Choices:

A - Separate the two groups into VLANs
B - Create two subnets, one for each group
C - Set different permissions for each group
D - Create two collision domains, one for each group

Answer 48

A - Separate the two groups into VLANs

Question 49

Which are parts of a strong password? Choose three.
Choices:

A - At least one number
B - At least eight characters
C - An expiration every 30 days
D - At least one uppercase letter

Answer 49

A - At least one number
B - At least eight characters
D - At least one uppercase letter

Question 50

An antivirus program that is installed on each workstation is known as what type of antimalware program?
Choices:

A - Host-based
B - Cloud-based
C - Server-based
D - Network-based

Answer 50

A - Host-based

Question 51

What is the biggest advantage of running antimalware software from the cloud versus running antimalware software from a local server?
Choices:

A - Lower CPU usage
B - Lower RAM usage
C - Lower bandwidth usage
D - Less time to run a virus scan

Answer 51

A - Lower CPU usage

Question 52

A new network policy states that guest accounts on the network cannot use the web to check personal e- mail. What should be installed to enforce this policy?
Choices:

A - Router
B - Firewall
C - Proxy server
D - Reverse proxy server

Answer 52

C - Proxy server

Question 53

Blocking all attempts to relay traffic through SMTP is an example of which type of filtering?
Choices:

A - IP
B - Port
C - Web
D - Content

Answer 53

B - Port

Question 54

When first setting up a network, users are granted access to one specific folder on one specific network drive. All other access has to be approved by management. This is an example of which concept?
Choices:

A - Explicit Deny
B - Explicit Allow
C - Implicit Deny
D - Implicit Allow

Answer 54

C - Implicit Deny

Question 55

Which authentication method does EAP not support?
Choices:

A - Tokens
B - Smart cards
C - Digital certificates
D - Fingerprint recognition

Answer 55

D - Fingerprint recognition

Question 56

What are advantages to using Kerberos for authentication? Choose three.
Choices:

A - It uses encryption on its messages
B - It is a cross-platform authentication piece
C - It uses multiple sign-ons for authentication
D - It provides secure authentication over insecure networks

Answer 56

A - It uses encryption on its messages
B - It is a cross-platform authentication piece
D - It provides secure authentication over insecure networks

Question 57

Which type of authentication is known for single-sign on?
Choices:

A - EAP
B - PAP
C - CHAP
D - Kerberos

Answer 57

D - Kerberos

Question 58

Which is a one-way hash that can be used with an encryption protocol?
Choices:

A - EAP
B - PAP
C - SHA
D - MD5

Answer 58

C - SHA

Question 59

To make sure all incoming ICMP data packets are blocked, which is the best tool to use?
Choices:

A - NIPS
B - HIDS
C - Firewall
D - Content filter

Answer 59

C - Firewall

Question 60

A firewall application running on a desktop is an example of which kind of firewall?
Choices:

A - Host-based
B - Network-based
C - Session-based
D - Application-based

Answer 60

A - Host-based

Question 61

What devices on home networks often contain firewall capabilities? Choose two.
Choices:

A - Hub
B - Switch
C - Router
D - Wireless access point

Answer 61

C - Router

D - Wireless access point

Question 62

What type of firewall detects applications, users, and devices?
Choices:

A - User-aware
B - Context-aware
C - Software-aware
D - Application-aware

Answer 62

B - Context-aware

Question 63

How is a virtual-wire firewall different from a routed firewall?
Choices:

A - Virtual-wire supports NAT
B - Virtual-wire supports layer 3
C - Virtual-wire supports switching
D - Virtual-wire does not need an IP address

Answer 63

D - Virtual-wire does not need an IP address

Question 64

What part of a network needs to be accessible to both inside and outside sources in the network?
Choices:

A - DMZ
B - Routed
C - Perimeter
D - Virtual-wire

Answer 64

A - DMZ

Question 65

Which type of device will warn an administrator about a possible intrusion on a workstation?
Choices:

A - HIDS
B - NIDS
C - Firewall
D - PacketShaper

Answer 65

A - HIDS

Question 66

Which type of device can temporarily shut off a port if it suspects a network attack?
Choices:

A - HIPS
B - NIPS
C - HIDS
D - NIDS

Answer 66

B - NIPS

Question 67

Which type of device/service can stop an employee from reaching a gaming website?
Choices:

A - Proxy server
B - Content filter
C - PacketShaper
D - Web redirector

Answer 67

B - Content filter

Question 68

Which type of server can cache content and also act as a content filter?
Choices:

A - NAT
B - DNS
C - Proxy
D - DHCP

Answer 68

C - Proxy

Question 69

When a firewall is referred to as one that performs UTM, what can it perform besides firewall duties? Choose three.
Choices:

A - Load balancing
B - Content filtering
C - User management
D - Intrusion prevention

Answer 69

A - Load balancing
B - Content filtering
D - Intrusion prevention

Question 70

A network diagram that shows all of the cabling, the cabling types, and distances is known as what diagram?
Choices:

A - Logical topology
B - Cabling diagram
C - Physical topology
D - Wiring schematic

Answer 70

D - Wiring schematic

Question 71

What will an IP address utilization document most likely contain?
Choices:

A - A list of DNS servers
B - A list of DHCP scopes
C - IP addresses of every device on the network
D - IP addresses of every device on the network with a static IP address

Answer 71

D - IP addresses of every device on the network with a static IP address

Question 72

System manuals, support manuals, and instructional books are examples of what type of documentation?
Choices:

A - Training manuals
B - Vendor documentation
C - Application documentation
D - Manufacturer documentation

Answer 72

B - Vendor documentation

Question 73

What type of network authentication provides for port-based authentication?
Choices:

A - 802.1q
B - 802.1w
C - 802.1X
D - 802.1ac

Answer 73

C - 802.1X

Question 74

What is evaluated during a posture assessment on a system? Choose two.
Choices:

A - Settings
B - Equipment
C - Applications
D - Vulnerabilities

Answer 74

A - Settings

C - Applications

Question 75

A user logs into a college campus computer. None of the information is saved when the user logs out. What type of agent is running on the computer?
Choices:

A - Guest
B - Persistent
C - Quarantine
D - Nonpersistent

Answer 75

D - Nonpersistent

Question 76

A user attempts to connect to the corporate network from a home machine. The remote access server discovers that the home machine’s antivirus software is not up to date. What type of network can the remote access server connect the home machine to until it updates its antivirus software?
Choices:

A - Edge network
B - Guest network
C - Update network
D - Quarantine network

Answer 76

D - Quarantine network

Question 77

Upon conducting a security review, the head of security notices that there is a lot of tailgating going on at the building’s main entrance. What should be set up in order to mitigate tailgating?
Choices:

A - Mantrap
B - Video monitor
C - Security guard
D - Door access control

Answer 77

A - Mantrap

Question 78

Which is the best type of authority figure to use an access list to control who is allowed in a building?
Choices:

A - Key fob
B - ID badges
C - Security guard
D - Door access control

Answer 78

C - Security guard

Question 79

Protection in a Building Besides the front door and data-confidential areas, what is considered the most important room to protect in a building?
Choices:

A - Mantrap
B - Security room
C - Network closet
D - Video monitoring room

Answer 79

C - Network closet

Question 80

The protection of computer centers and network closets, key fobs, keypads, cipher locks, and biometrics are all examples of what?
Choices:

A - Door locks
B - Multiple barriers
C - Proximity readers
D - Door access controls

Answer 80

D - Door access controls

Question 81

Which devices allows entrance to a building based on seeing an ID card or badge?
Choices:

A - Key fob
B - Cipher lock
C - Keypad lock
D - Proximity reader

Answer 81

D - Proximity reader

Question 82

What type of door access control involves entering a code on the lock in order to access a room?
Choices:

A - Key fob
B - Biometrics
C - Cipher lock
D - Proximity reader

Answer 82

C - Cipher lock

Question 83

An electrical outlet that is typically orange signifies a dedicated ground. What is the purpose of a dedicated ground?
Choices:

A - A sag on this ground does not affect any other device
B - A blackout on this ground does not affect any other device
C - A brownout on this ground does not affect any other device
D - A spike sent to this ground does not affect any other device

Answer 83

D - A spike sent to this ground does not affect any other device

Question 84

What should a technician wear in order to avoid ESD while working on hardware?
Choices:

A - Antistatic vest
B - Antistatic smock
C - Antistatic gloves
D - Antistatic wrist strap

Answer 84

D - Antistatic wrist strap

Question 85

Which is a best practice when installing racks?
Choices:

A - Avoid stacking racks too high
B - Follow the manufacturer’s manual
C - Make the rack fit in the space given
D - Use the tools that come with the rack

Answer 85

B - Follow the manufacturer’s manual

Question 86

What should be taken into consideration when placing servers in a server room? Choose three.
Choices:

A - Safety
B - Air flow
C - Electrical access
D - Grouping the servers

Answer 86

A - Safety
B - Air flow
C - Electrical access

Question 87

In case of an emergency, what should be posted and known so that people know where the emergency exits are?
Choices:

A - Fail open
B - Fail close
C - Server room
D - Building layout

Answer 87

D - Building layout

Question 88

Which part of a building layout shows ways to get out of a building should a fire start?
Choices:

A - Fire escape plan
B - Fail open/Fail close
C - Emergency alert system
D - Fire suppression system

Answer 88

A - Fire escape plan

Question 89

A UPS generating power in the case of an outage is what type of fail system?
Choices:

A - Fail safe
B - Fail open
C - Fail closed
D - Fail on demand

Answer 89

B - Fail open

Question 90

In emergency alert systems, which extinguisher system requires a sealed environment to operate?
Choices:

A - Gas-based
B - Foam-based
C - Water-based
D - Chemical-based

Answer 90

A - Gas-based

Question 91

What types of HVACs condition a server room for humidity levels?
Choices:

A - ARV
B - ERV
C - CRV
D - HRV

Answer 91

B - ERV

Question 92

Who is the person whose duty is to see if a security incident is indeed an incident?
Choices:

A - First responder
B - Forensics analyst
C - Evidence collector
D - Security administrator

Answer 92

A - First responder

Question 93

A network administrator has secured an area after a security incident. What should the network administrator immediately start doing?
Choices:

A - Collect evidence
B - Escalate the case
C - Transport the data
D - Document the scene

Answer 93

D - Document the scene

Question 94

What site helps with steps to recover after a computer has been compromised?
Choices:

A - www.fbi.gov
B - www.cert.org
C - www.iana.org
D - www.us-cert.gov

Answer 94

B - www.cert.org

Question 95

Which is the process of logging who has evidence, who has seen evidence, and where the evidence has been?
Choices:

A - Data transport
B - Data collection
C - Forensics report
D - Chain of custody

Answer 95

D - Chain of custody

Question 96

Besides physical security, what can be used to secure data during transport?
Choices:

A - Encryption
B - Legal hold
C - Backup copies
D - Documentation

Answer 96

A - Encryption

Question 97

What is the process in which data needs to be kept for evidence even long after an incident takes place known as?
Choices:

A - Legal hold
B - Data collection
C - Chain of custody
D - Forensics report

Answer 97

A - Legal hold