Practice Test 3 Flashcards

Question 1

Q

Which of the following networking technologies provides for local area network segregation using switches?

A) RADIUS
B) Virtualization
C) VPN
D) VLAN

Answer

A

D) VLAN

VLANs (virtual LANs) provide for local area network segmentation and separation and are implemented on switches.RADIUS is a remote access authentication technology. Virtualization refers to the creation and management of virtual hosts running in a virtualized environment. VPN is a secure remote access technology.

Question 2

Q

All of the following are considered elements of a password policy EXCEPT:

A) Password aging
B) Password sharing
C) Password history
D) Password complexity

Answer

A

B) Password sharing

Password sharing typically will be in the acceptable use policy (AUP), as a directive to users about what they can and cannot do.Password history, aging, and complexity will all typically be found in a password policy, as technical elements that describe how passwords should be constructed, implemented, and managed by administrators.

Question 3

Q

All of the following are considered secure application development practices EXCEPT:

A) Input validation
B) Back doors
C) Memory management
D) Error and exception handling

Answer

A

B) Back doors

Back doors are a security risk due to the possibility that an attacker could use them to gain unauthorized access to the program.All of these are considered secure coding and application development practices.

Question 4

Q

All of the following are types of penetration testing EXCEPT:

A) Black box
B) Gray box
C) White box
D) Blue box

Answer

A

D) Blue box

Blue box testing is not a type of penetration testing.Black box testing involves a penetration test where the test team has no knowledge of the network. In gray box testing, the tester may have some knowledge given to them, such as an infrastructure diagram or IP address list. In a white box test, the test team has full and detailed knowledge of the network, its design, functions, and applications.

Question 5

Q

The network administrator for your office has configured the company web site for SSL by applying a certificate to the site. What port will you need to open on the firewall to allow communication to the site?

A) 80
B) 22
C) 443
D) 53

Answer

A

C) 443

TCP port 443 must be opened on the firewall to allow SSL traffic to pass.None of these ports are used by SSL.

Question 6

Q

Which of the following security controls is designed to prevent tailgating?

A) Separation of duties
B) Mantrap
C) Multifactor authentication
D) Least privilege

Answer

A

B) Mantrap

A mantrap, an area between two locked doors from which the second door cannot be opened until the first door is locked, is designed to allow only one person at a time to enter a facility, effectively preventing tailgating.Separation of duties and least privilege are two security principles designed to prevent collusion and elevated privileges, respectively. Multifactor authentication is designed to positively identify and authenticate an individual but does not prevent tailgating.

Question 7

Q

Ashlyn, the senior security officer within your organization, has requested that you create a plan for an active security test that tries to bypass the security controls of an asset. What type of test would you plan?

A) Vulnerability scan
B) Risk assessment
C) Code review
D) Penetration test

Answer

A

D) Penetration test

A penetration test is considered an active test because you are actually interacting with the target system and trying to bypass the security controls.A vulnerability scan is considered a passive test because it only involves reviewing the configuration of a system to determine if there are any vulnerabilities. A risk assessment helps identify risks for each asset. A code review involves reviewing the code of an application to look for flaws.

Question 8

Q

Which of the following attacks involves sending ICMP packets from a spoofed IP address to the network’s broadcast address?

A) Smurf attack
B) Watering hole attack
C) Botnet
D) RAT

Answer

A

A) Smurf attack

A smurf attack is a type of ICMP attack where large amounts of ping packets are sent from a spoofed IP address on the network to the network broadcast address, causing many replies back to the victim and possibly bringing about a denial of service. A smurf attack is an example of a DDoS attack.A remote access Trojan (RAT) is malicious software that the user typically installs without knowing it, such as by installing a game from the Internet or by running a program that was e-mailed to them that is malicious software. The RAT program then opens a back door for the hacker to gain access to the system remotely at a later time. A botnet is a group of compromised systems that the hacker has control over and uses to attack a victim’s system. A watering hole attack is when the hacker determines sites you may want to visit and then compromises those sites by planting viruses or malicious code on them. When you visit the site (which you trust), you are then infected with the virus.

Question 9

Q

Which of the following simple command-line tools would be used from the host to determine what open ports a host is listening on?

A) ping
B) netstat
C) ifconfig
D) nbtstat

Answer

A

B) netstat

netstat is a tool found on both Unix/Linux and Windows hosts that can give network statistics and connection information, including port usage. This would help determine if a host is listening on an unexpected or unwanted port.None of the other choices give information on open ports. nbtstat is a command found only on Windows hosts and gives NetBIOS usage information. Ping is found on both Unix/Linux and Windows hosts but only sends simple ICMP requests to a host. ifconfig is found only on Unix and Linux hosts and only gives network interface configuration information.

Question 10

Q

A term used to identify an authentication scheme that involves both sides of the communication authenticating is:

A) Single sign on
B) Nonrepudiation
C) Mutual authentication
D) Hashing

Answer

A

C) Mutual authentication

Mutual authentication requires both sides of a communications session to authenticate to each other.Single sign-on (SSO) is a concept that provides for one authentication to be used for multiple resources. Nonrepudiation ensures that a party cannot deny that it took an action. Hashing involves a one-way function that produces a message digest from a piece of text.

Question 11

Q

You are troubleshooting a communication problem with an application that sends data to a remote system. What tool can you use to view the traffic being sent on the network by the application?

A) Spectrum analyzer
B) Frequency analyzer
C) Protocol analyzer
D) Switch monitor

Answer

A

C) Protocol analyzer

In order to view network traffic, it must be sniffed or captured using a protocol analyzer (sometimes called a sniffer).These devices cannot be used to capture and view network traffic.

Question 12

Q

Which type of malware is difficult to detect and replaces key operating system files?

A) Worm
B) Rootkit
C) Logic bomb
D) Trojan

Answer

A

B) Rootkit

A rootkit is very difficult to detect and often replaces key operating system files with compromised versions, allowing an attacker to access administrative-level functions.A worm is a self-propagating piece of malware that can spread without user intervention. A Trojan is a piece of malware that disguises itself as useful software. A logic bomb is a malicious script that typically activates after a certain date or event.

Question 13

Q

A user complains that he or she cannot access sites that use the HTTPS protocol. Which port should be opened on the firewall to allow this traffic?

A) 8080
B) 443
C) 80
D) 22

Answer

A

B) 443

TCP port 443 is used by HTTPS protocol, which uses SSL as its secure session protocol. Both are associated with port 443.Port 80 is used by HTTP, port 22 by SSH, and port 8080 by some proxy server implementations.

Question 14

Q

You are configuring IPSec on your network and need to allow for security association (SA) traffic to pass through the firewall. Which of the following ports does the Internet Key Exchange (IKE) protocol, which is the protocol responsible for the SA setup within IPSec, use?

A) 8080
B) 500
C) 22
D) 443

Answer

A

B) 500

IKE uses UDP port 500.Port 443 is used by SSL, 22 is used by SSH, and 8080 does not fall into the range of well-known ports (0-1023) but is frequently used by proxy servers and other security devices.

Question 15

Q

Which of the following is a Type I error?

A) False negative
B) False rejection rate
C) False acceptance rate
D) Crossover error rate

Answer

A

B) False rejection rate

A false rejection rate (FRR) is a Type I error in biometrics. This also equates to a false positive.A false acceptance rate (FAR) is a Type II error and referred to sometimes as a false negative. The crossover error rate (CER) is the point where the FRR and FAR are equal.

Question 16

Q

Which of the following protocols is considered a secure replacement for Telnet?

A) SSL
B) SSH
C) TLS
D) RLOGIN

Answer

A

B) SSH

Secure Shell (SSH) is considered a secure replacement for Telnet.TLS and SSL are secure session protocols used in HTTPS traffic. RLOGIN is an older, nonsecure protocol.

Question 17

Q

Which of the following choices concerns itself with ensuring that data is not modified or destroyed while in storage or transit?

A) Integrity
B) Confidentiality
C) Availability
D) Nonrepudiation

Answer

A

A) Integrity

Integrity is concerned with ensuring that data is not modified.Confidentiality protects information from unauthorized access. Availability provides for information and systems to be online and ready for users at any time. Nonrepudiation means that a user cannot deny that he or she took an action.

Question 18

Q

Which type of intrusion detection system identifies suspicious activity by monitoring log files on the system?

A) NIDS
B) ACL
C) HIDS
D) NIPS

Answer

A

C) HIDS

A host-based intrusion detection system (HIDS) monitors local system activity and logs for indications of an attack.A NIDS is a network-based intrusion detection system and does not monitor host log files. A NIPS is a network-based intrusion prevention system and works on the network instead of the host. An ACL is an access control list and is used to allow or deny traffic through a router or grant/deny permissions to resources.

Question 19

Q

You are the security administrator for a small company and would like to limit clients that can connect to the wireless network by hardware address. What would you do?

A) Implement NAC
B) Implement WEP
C) Enable SSID cloaking
D) Implement MAC filtering

Answer

A

D) Implement MAC filtering

MAC address filtering, although not an effective security measure by itself, can be used to limit which clients, by hardware address, can connect to the wireless network. WEP is a wireless security protocol. NAC prevents clients from connecting that do not meet specified security requirements, such as patch level or antivirus signature. SSID cloaking merely prevents potential wireless clients from seeing the wireless network name by stopping it from being broadcast.

Question 20

Q

Which of the wireless encryption protocols uses the RC4 symmetric algorithm for encrypting wireless communication?

A) WPA2
B) WEP
C) TLS
D) EAP

Answer

A

B) WEP

WEP (Wired Equivalent Privacy) uses a faulty implementation of the RC4 protocol, in addition to weak initialization vectors, making it an unsecure wireless protocol and as a result should never be used.None of these other protocols use RC4.

Question 21

Q

Which of the following identifies a security reason to perform a site survey to identify rogue access points?

A) Frequency overlap
B) Signal propagation
C) Bypass security controls
D) Interference

Answer

A

C) Bypass security controls

Rogue wireless routers could be used by unauthorized individuals to access the network and bypass security controls such as firewalls.These issues may affect performance and can be important to security, but do not have a direct impact on securing the wireless network.

Question 22

Q

Which of the following steps is the first to be accomplished during a penetration test?

A) Port scanning
B) Password cracking
C) Obtain permission for the test
D) Privilege escalation

Answer

A

C) Obtain permission for the test

Before beginning any type of penetration test or vulnerability assessment, you must first obtain permission from the responsible system owner to avoid legal or liability issues.Although these are all valid steps to take during a penetration test or vulnerability assessment, none of these should be started without obtaining permission from the responsible system owner.

Question 23

Q

When performing an investigation on a mobile device, you would like to ensure that you shield the device from sending or receiving signals. What would you use?

A) Protocol analyzer
B) Spectrum analyzer
C) Faraday cage
D) Signal reducer

Answer

A

C) Faraday cage

A Faraday cage can be used to shield devices from sending or receiving electronic signals.A protocol analyzer is used to capture and view network traffic. A spectrum analyzer is used for site surveys when designing wireless networks. A signal reducer is not a device used in this context.

Question 24

Q

All of the following accurately describe the differences between TACACS and RADIUS EXCEPT:

A) TACACS encrypts only passwords between the client and server
B) RADIUS encrypts only passwords between the client and the server
C) RADIUS uses UDP
D) TACACS uses TCP

Answer

A

A) TACACS encrypts only passwords between the client and server

TACACS encrypts all information between the client and server, whereas RADIUS only encrypts the passwords.All of these are accurate descriptions of differences between RADIUS and TACACS.

Question 25

Q

When a user types his or her username into a logon screen, this is known as ___________?

A) Authorization
B) Authentication
C) Impersonation
D) Identification

Answer

A

D) Identification

Identification is the first step in the process and involves the user presenting his or her credentials to the server.Authentication occurs after identification and involves the user?s credentials being authenticated by the server. Authorization refers to granting an authenticated user the correct access to an object. Impersonation is an invalid term in this context.

Question 26

Q

The risk that remains after all reducing and mitigation actions have been taken is called:

A) Residual risk
B) Low risk
C) Mitigated risk
D) Accepted risk

Answer

A

A) Residual risk

Residual risk is what risk remains after all mitigation and reduction strategies have been implemented.Low risk is a level that may be accepted without mitigation or requires little mitigation. Accepted risk is what risk the management authority chooses to accept with or without mitigations in place. Mitigated risk is that risk that has been reduced to a lower level.

Question 27

Q

When users connect to the wireless network, management wants them to receive a message asking them to agree to the terms of use before being granted wireless network access. What network service could be used to perform this goal?

A) NAC
B) Multifactor authentication
C) PKI
D) Kerberos

Answer

A

A) NAC

Network access control (NAC) can be used to enforce logon or connection banners that will require users to agree to terms of use before being allowed to connect to the network.None of these other technologies can be used to enforce logon warning banners requiring users to agree to terms of use before being allowed to access the network.

Question 28

Q

Your company has a salesperson who travels a lot and will be connecting to hotel networks. What security recommendation would you make for her laptop?

A) Unencrypted drive
B) Host-based firewall
C) FDE
D) Null password

Answer

A

B) Host-based firewall

A host-based firewall should be used when connecting to untrusted networks, such as one in a hotel.Having an unencrypted drive and null password are not security recommendations. Although full disk encryption (FDE) can help if the laptop is lost or stolen, it will not help you in situations when you are making connections to an unknown and potentially unsecure network. You could potentially be infected with a virus by connecting to an unknown network without having a firewall enabled, or be vulnerable to an attack.

Question 29

Q

Your manager is interested in implementing a strong authentication scheme. Which of the following is considered the strongest authentication?

A) PIN
B) Fingerprint
C) Username/password
D) Iris scan

Answer

A

D) Iris scan

Out of the choices given, an iris scan is the strongest method of authentication, as these patterns are very unique to individuals. Of all of the biometric authentication methods, including voiceprint and fingerprints, iris scans are most accurate.Username and password combinations are not considered strong methods of authentication, as would be a PIN by itself. These are all considered single-factor forms of authentication. Fingerprints are not considered as strong a method of biometric authentication as iris scans.

Question 30

Q

In a PKI infrastructure, what is the name of the list that contains all the certificates that have been deemed invalid?

A) Certification invalidation list
B) Certificate revocation list
C) Certificate denial list
D) Certificate authority

Answer

A

B) Certificate revocation list

A certificate revocation list (CRL) contains a list of all invalid or revoked certificates.A certificate denial list and certificate invalidation list are false choices and do not exist. A certificate authority is responsible for issuing certificates.

Question 31

Q

When working with asymmetric encryption, which of the following is used to encrypt a message sent from Bob to Sue?

A) Bob’s public key
B) Sue’s private key
C) Sue’s public key
D) Bob’s private key

Answer

A

C) Sue’s public key

Sue’s public key is used to encrypt a message from Bob to Sue, as only Sue?s private key can decrypt it. Sue’s private key can only decrypt the message, and Bob does not possess it. Neither of Bob’s keys can be used to encrypt a confidential message to Sue.

Question 32

Q

Which of the following statements are correct with regard to the concepts of fail-secure and fail-safe? (Choose two.)

A) A fail-safe device responds by not doing anything to cause harm when the failure occurs
B) A fail-safe device responds by making sure the device is using a secure state when a failure occurs
C) A fail-secure device responds by not doing anything to cause harm when the failure occurs
D) A fail-secure device responds by making sure the device is using a secure state when a failure occurs

Answer

A

A) A fail-safe device responds by not doing anything to cause harm when the failure occurs
D) A fail-secure device responds by making sure the device is using a secure state when a failure occurs

A fail-safe device responds by not doing anything to cause harm when the failure occurs. A fail-secure device responds by making sure the device is using a secure state when a failure occurs.A is the definition of fail-safe, and B is the definition of fail-secure, not the other way around.

Question 33

Q

Which of the following is typically conducted as a first step in the overall business continuity/disaster recovery strategy?

A) System backup plan
B) Disaster recovery plan
C) Business continuity plan
D) Business impact analysis

Answer

A

D) Business impact analysis

The business impact analysis (BIA) is a critical first step in developing the business continuity plan (BCP). It involves determining what risks are present and their effects on the business and its assets.The BCP is the overall and final product that the BIA contributes to. The BIA must be completed as one of the first steps, as it essentially is the risk assessment for the BCP. The disaster recovery plan (DRP) concerns itself with recovering the assets and operations of the business immediately following a disaster. A system backup plan is but one element of the DRP and may or may not be one of the first things accomplished for that plan.

Question 34

Q

Which of the following protocols is a more secure version of the SSL protocol?

A) AES
B) RSA
C) TLS
D) SSH

Answer

A

C) TLS

Transport Layer Security (TLS) is considered a strong replacement for SSL.SSH is a secure replacement for Telnet and other nonsecure protocols. AES is a symmetric algorithm that replaces DES. RSA is an asymmetric algorithm used in public key cryptography.

Question 35

Q

Which device, when implemented with VLANs, can help reduce both collision and the size of broadcast domains?

A) Switch
B) Bridge
C) Router
D) Hub

Answer

A

A) Switch

Switches natively help reduce collision domains and, when VLANs are implemented on them, help reduce broadcast domains.Routers can help reduce or eliminate broadcast domains, and bridges can help reduce collision domains, but neither of these devices use VLANs. Hubs do not reduce collision or broadcast domains.

Question 36

Q

Which of the following technologies is NOT typically used to design secure network architectures?

A) VLAN
B) VPN
C) DMZ
D) Clustering

Answer

A

D) Clustering

Although it is part of high availability design, clustering is not typically used in the design and implementation of a secure network architecture. DMZs are used as a security buffer zone to separate internal networks and resources from externally accessible ones. VLANs are used to segregate local networks, providing a secure internal infrastructure. VPNs provide for secure remote access solutions.

Question 37

Q

Which of the following best describes a minimum password age setting?

A) Users must wait a certain amount of time before they are allowed to change passwords
B) Users must not change passwords until a certain date
C) Passwords cannot be reused until they have been expired a certain amount of time
D) Users must change passwords after a certain amount of time

Answer

A

A) Users must wait a certain amount of time before they are allowed to change passwords

A minimum password age requires that users must wait a certain amount of time before they are allowed to change passwords.A maximum password age setting requires that users must change passwords after a certain amount of time. Passwords are typically good only for a certain amount of time, not through a certain date. Passwords typically cannot be reused until a certain number of password changes have occurred, preventing the use of the last specified number of passwords.

Question 38

Q

You are performing a site survey of a company location and notice that one of the wireless access points is on top of a bookshelf that is located by the outer wall of the building. What is the security concern?

A) Damage due to failing
B) Interference
C) Wireless network access by persons outside the building
D) Signal degradation

Answer

A

C) Wireless network access by persons outside the building

Because of the placement near the outer wall, the wireless access point?s signals could be detected outside the building and could allow an unauthorized user to eavesdrop on or use the connection.Damage due to falling is a concern, but not the most immediate security concern. Interference could happen only if other wireless devices are nearby that transmit on frequencies close to the one that the access point uses. This is a performance concern, but not typically a security concern unless it is malicious in nature and seeks to cause a denial-of-service condition. Signal degradation for the rest of the facility would not be caused by the placement of the access point next to the outer wall.

Question 39

Q

All of the following are potential application security issues requiring attention EXCEPT:

A) Malware
B) Cross-site scripting
C) SQL injection
D) Buffer overflows

Answer

A

A) Malware

Malware is a security issue, but not specific to any applications.All of these are potential application security issues that could affect both web-based and client-server applications.

Question 40

Q

You have an Internet-facing web server that only serves static web pages to users. Recently you have discovered that someone has been using your server as a mail relay. Which service and port should you remove to stop this type of attack?

A) SMTP port 110
B) SMTP port 25
C) HTTP port 80
D) HTTP port 443

Answer

A

B) SMTP port 25

Simple Mail Transport Protocol (SMTP) uses TCP port 25 and is used to send e-mail and should not be running on an Internet-facing server that only provides a web site.HTTP (port 80) must be allowed to run on the server to provide web content to users. SMTP uses port 25, not port 110. Port 110 is used by POP3 to receive e-mail messages. HTTPS uses port 443, not HTTP.

Question 41

Q

Which of the following is used to identify certificates that are no longer valid for use?

A) CAL
B) CA
C) PKS
D) CRL

Answer

A

D) CRL

The certificate revocation list (CRL) is used to identify invalid certificates.A CAL is a client access license. PKS is a cryptographic file standard, and a CA is a certificate authority, which issues certificates.

Question 42

Q

Which of the following wireless attacks specifically attempts to take control of or use Bluetooth-enabled cell phones to make unauthorized calls?

A) Bluebugging
B) Bluejacking
C) Bluesniffing
D) Bluesnarfing

Answer

A

A) Bluebugging

Bluebugging, the most serious of the various Bluetooth attacks, involves an attacker attempting to take control of or use a Bluetooth-enabled cell phone to place calls.Bluejacking is the act of sending unsolicited messages or files to a Bluetooth device. Bluesnarfing is a more serious attack than Bluejacking and involves unauthorized access to information on a Bluetooth-enabled device. Bluesniffing is a false, nonexistent term.

Question 43

Q

Which of the following goals of information security deals with identifying modifications to data?

A) Confidentiality
B) Availability
C) Nonrepudiation
D) Integrity

Answer

A

D) Integrity

Integrity provides for detection of data modification.Confidentiality deals with protecting data from unauthorized access, not modification. Availability ensures data and systems are available to authorized users whenever needed. Nonrepudiation involves preventing a user from denying that he or she performed an action.

Question 44

Q

Your manager has asked that you perform an assessment of user passwords on the servers but wants to ensure that when you test the passwords you do not lock the user accounts. Which type of password audit should you perform?

A) Account lockout audit
B) White-box penetration test
C) Online password audit
D) Offline password audit

Answer

A

D) Offline password audit

If the goal is to prevent user account lockout, then offline password auditing is the correct method.Online auditing would definitely lock out user accounts as soon as the account lockout threshold is reached. An account lockout audit is an invalid type of audit, and a white-box penetration test involves full system or network testing and is incorrect in this context.

Question 45

Q

Which authentication protocol uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server?

A) CHAP
B) MS-CHAP
C) Kerberos
D) EAP

Answer

A

B) MS-CHAP

Microsoft CHAP (MS-CHAP) uses Microsoft Point-to-Point Encryption (MPPE) protocol to encrypt all traffic from the client to the server. Neither EAP nor Kerberos uses MPPE. CHAP is the non-proprietary version and uses MD5 as its hashing algorithm.

Question 46

Q

Which of the following terms is most accurately defined by the amount of time a business can survive without a particular function?

A) Recovery time objective (RTO)
B) Maximum tolerable downtime (MTD)
C) Recovery point objective (RPO)
D) Mean time between failures (MTBF)

Answer

A

B) Maximum tolerable downtime (MTD)

The maximum tolerable downtime (MTD) indicates how long an asset may be down or offline without seriously impacting the organization.The mean time between failures is an estimate of how long a piece of equipment will perform before failure. The recovery point objective and recovery time objective refer to how much data may be lost during a failure or disaster and the maximum amount of time it must take to recover the system or data, respectively, before the organization is seriously impacted.

Question 47

Q

A printed e-mail would be considered which kind of evidence?

A) Direct evidence
B) Demonstrative evidence
C) Real evidence
D) Documentary evidence

Answer

A

D) Documentary evidence

Documentary evidence is usually a printed form of evidence, a recording, or photograph.Real (or physical) evidence is a tangible object presented in court (such as a weapon). Direct evidence is testimony from someone who actually witnessed the event. Demonstrative evidence is presenting a physical object that displays the results of an event that occurred.

Question 48

Q

Your manager has read a lot about server virtualization and is wondering if there are any security benefits to using server virtualization. How would you respond?

A) Decentralized server security
B) Larger hardware footprint
C) More work required to harden systems
D) Fewer systems to physically secure

Answer

A

D) Fewer systems to physically secure

Virtualization results in fewer physical systems (and less hardware) that must be secured.None of the other choices offer any benefits, security or otherwise, of virtualization.

Question 49

Q

Susan has received an e-mail message from her brother stating that if she forwards the e-mail to 10 different people that she will receive good fortune over the next three years. Susan forwards the e-mail. What policy has Susan violated in this example?

A) Need-to-know policy
B) Least privilege policy
C) Acceptable usage policy
D) Social engineering policy

Answer

A

C) Acceptable usage policy

An acceptable use policy (AUP) defines what users may and may not do with regard to information systems, including e-mail.These policies apply to a wide range of security issues but do not define what actions users may perform on information systems.

Question 50

Q

Which of the following terms refers to the practices of stealing or obtaining a user?s personal or account information, typically using voice over IP (VoIP) systems?

A) Vishing
B) Phishing
C) VoIP hijacking
D) Whaling

Answer

A

A) Vishing

Vishing (a combination of the terms voice and phishing) refers to social engineering attacks that make use of VoIP systems to spoof phone numbers, hide caller IDs, and so forth, to obtain personal or account information from unsuspecting users.Phishing involves the use of e-mail targeted to users with a malicious web site link embedded in the e-mail. Whaling involves specifically targeting senior-level executives of an organization for social engineering attacks. VoIP hijacking is a nonexistent term in this context.

Question 51

Q

A common attack on databases through a web-based form is called:

A) SQL injection
B) Cross-site scripting
C) XML injection
D) Directory traversal

Answer

A

A) SQL injection

SQL injection is a common attack on databases through a web-based form, where the attacker injects SQL commands into the form input.Cross-site scripting allows client-side scripts to be run on a web site. XML injection is an attack that injects faulty or malicious XML code into an XML statement. Directory traversal is the ability to search a web server?s directories and files.

Question 52

Q

Which of the following application attacks allows attackers to inject client-side script into web pages viewed by other users?

A) XML injection
B) Buffer overflow
C) SQL injection
D) Cross-site scripting

Answer

A

D) Cross-site scripting

Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by others.XML injection occurs when malicious XML code is inserted into an XML statement. SQL injection involves inserting faulty SQL input commands into a site that connects to a database, producing unintended results or returning privileged information. A buffer overflow takes advantage of programming flaws that occur when data overwrites a program?s allocated memory address and enables arbitrary code to be executed in that address.

Question 53

Q

Which of the following describes the best security practice to use when granting users elevated or administrative privileges?

A) Users who require higher privileges should be placed in the Administrators group
B) Users should have a normal user account for routine tasks, and an administrative account for tasks that require higher privilege
C) Users who perform administrative-level tasks should be given the Domain Administrator user account name and password
D) Administrative privileges should be granted directly to those user accounts that perform administrative-level tasks

Answer

A

B) Users should have a normal user account for routine tasks, and an administrative account for tasks that require higher privilege

Users should have a normal user account for routine tasks, and an administrative account for tasks that require higher privileges.None of these choices are considered to be good security practices. User accounts should not be directly granted administrative privileges, and ordinary user-level accounts should not be placed in the Administrators group. Additionally, no one should be given the Domain Administrator’s username and password to use on a routine basis.

Question 54

Q

Which of the following devices is intentionally left nonsecure, with the hopes of luring a hacker away from the network and observing them?

A) IPS
B) IDS
C) Honeypot
D) Bastion hosts

Answer

A

C) Honeypot

A honeypot is a host that has been left with some vulnerabilities open to lure a hacker away from attacking the network and to observe his or her attack methods.A bastion host is a secure host outside the network. An intrusion detection system (IDS) is used to detect network attacks. An intrusion prevention system (IPS) is used to detect attacks and attempt to prevent them by rerouting traffic, blocking ports, etc.

Question 55

Q

Which of the following is the best way to prevent cross-site scripting attacks?

A) Block ports 443 and 80 on the firewall
B) Require certificate-based authentication for website access
C) Validate the input into a website for illegal characters in a particular field
D) Restrict CGI script execution

Answer

A

C) Validate the input into a website for illegal characters in a particular field

Validating the input into a web site form for illegal characters in a field is the best choice for preventing cross-site scripting (XSS) attacks.Blocking ports 443 and 80 will make the site unusable, as these are the typical ports used to access web sites. Requiring certificate-based authentication will not prevent cross-site scripting attacks and is an unnecessary measure. CGI is not a method used for cross-site scripting attacks.

Question 56

Q

Which of the following statements bests describes a Trusted Platform Module?

A) A code module that performs authentication
B) A secure logon module
C) A software module that prevents application attacks
D) A hardware module that performs cryptographic functions

Answer

A

D) A hardware module that performs cryptographic functions

A Trusted Platform Module (TPM) is a hardware device, usually in the form of an embedded chip, that performs cryptographic functions, such as encrypting an entire hard drive.None of these are valid choices to describe a Trusted Platform Module.

Question 57

Q

Which authentication technology makes use of a key distribution center composed of an authentication server and a ticket-granting service?

A) Sesame
B) Kerberos
C) Single sign on
D) RADIUS

Answer

A

B) Kerberos

Kerberos uses a key distribution center (KDC), which consists of an authentication server and a ticket-granting service.None of these choices is associated with these terms.

Question 58

Q

A ‘deny any-any’ rule in a firewall ruleset is normally placed:

A) Nowhere in the ruleset if it has a default allow policy
B) Below the last allow rule, but above the first deny rule in the ruleset
C) At the top of the ruleset
D) At the bottom of the ruleset

Answer

A

D) At the bottom of the ruleset

A ‘deny any-any’ rule denies all traffic from all sources, so it should be the last rule in the ruleset. Placement of the ‘deny-any-any’ rule anywhere else in the ruleset would prevent any other rules that follow it from processing.

Question 59

Q

The hacker has managed to modify the cache on the system that stores the IP address and corresponding MAC address with inappropriate entries. What type of attack has occurred?

A) DHCP poisoning
B) DNS poisoning
C) VLAN poisoning
D) ARP poisoning

Answer

A

D) ARP poisoning

ARP poisoning involves introducing false entries into the host’s ARP cache, essentially spoofing MAC addresses. DNS poisoning involves introducing false entries into a DNS server?s cache or its zone files. DHCP and VLAN poisoning are invalid answers.

Question 60

Q

Which of the following attacks is NOT typically attempted by a rogue access point on a wireless network?

A) Brute force
B) Evil twin
C) Interference
D) Spoofing

Answer

A

A) Brute force

A brute-force attack is typically a password attack. It may be used separately to break wireless passwords but is not unique to wireless attacks.All of these are attack methods that a rogue access point could attempt to engage in, resulting in a denial-of-service condition on the wireless network (as in the case of intentional interference), or by spoofing valid access points to entice an unsuspecting client to connect to it.

Question 61

Q

Which of the following are considered symmetric encryption algorithms? (Choose two.)

A) MD5
B) AES
C) 3DES
D) SHA
E) RSA

Answer

A

B) AES
C) 3DES

AES and 3DES are considered encryption standards and use symmetric algorithms. SHA and MD5 are hashing algorithms, and RSA is an asymmetric algorithm.

Question 62

Q

Which of the following files might the hacker modify in order to redirect a user to the wrong web site?

A) hosts
B) ARP cache
C) lmhosts
D) services

Answer

A

A) hosts

The hosts file on a local machine provides for fully qualified domain name (FQDN) resolution in the absence of DNS and can be used to redirect users to the wrong web site.The lmhosts file is a Windows-specific file that maps computer names to IP addresses. The services file lists well-known services, such as HTTP and FTP. The ARP cache contains recently resolved local network IP addresses to MAC addresses.

Question 63

Q

Bob logs on to the network and receives a message indicating that patches are not up to date and that he cannot be granted access to the network until patches are updated. What network feature is responsible for the message?

A) NAT
B) TPM
C) NAC
D) VPN

Answer

A

C) NAC

Network access control (NAC) can be used to prevent hosts from connecting to the network unless they meet certain security requirements, such as patch level, up-to-date antivirus signatures, and so forth.None of these other technologies are concerned with enforcing host security requirements prior to connecting to the network.

Question 64

Q

Which of the following protocols uses IPSec to ensure confidentiality?

A) L2TP
B) SSL
C) PPTP
D) PPP

Answer

A

A) L2TP

IPSec provides encryption services for L2TP when used in a VPN implementation.None of these protocols use IPSec for encryption services.

Answer 65

A

A) ARP

Address Resolution Protocol (ARP) resolves IP addresses to MAC addresses.RARP, the Reverse Address Resolution Protocol, resolves MAC addresses to IP addresses?the exact opposite of ARP. DNS, the Domain Name System, resolves fully qualified domain names (FQDN) to IP addresses. DHCP, the Dynamic Host Configuration Protocol, dynamically issues IP addressing information to hosts.

Answer 66

A

A) Opening unused ports

Opening unused ports would increase the attack surface on a host. Closing unused ports is considered a good hardening practice.All of the other choices are considered good security measures to use when hardening a host.

Answer 67

A

A) Least privilege

The principle of least privilege allows users to have only the privileges necessary to perform their duties and no more.Separation of duties requires critical roles to be split among personnel so no one user has the privileges to commit fraud or to abuse his or her role. Role-based access control and discretionary access control are access control models.

Answer 68

A

C) Risk elimination

Risk can never be completely eliminated, only dealt with.These are all valid 5.0 Risk Management strategies.

Answer 69

A

D) Private key

The private key, when used for nonrepudiation, is used to encrypt text that anyone who possesses the public key can decrypt. This assures that only the person owning the private key could have encrypted it, ensuring that he or she is the one who performed the action. Used in this scenario, this does not guarantee confidentiality, but it does provide for nonrepudiation. Symmetric keys and hashes do not provide for nonrepudiation, because they cannot be used to guarantee who sent a message or performed an action. Public keys can be in the possession of anyone and are used in this case to verify that the private key was used to encrypt the text for nonrepudiation.

Answer 70

A

D) RAID

Redundant Array of Independent Disks (RAID) is used to provide for fault tolerance and recovery against disk failures.Striping is used to improve performance but offers no fault tolerance unless used with parity bits. Clustering is used to provide server fault tolerance. Network load balancing is used to enhance network performance through balancing network traffic among servers.

Answer 71

A

B) Public key

Bob’s public key is used to encrypt a message for him. Bob would then decrypt the message with his private key.Symmetric keys and hashes are not used to encrypt a message to an individual in a PKI environment. The private key would be used to decrypt, not encrypt, the message in this scenario.

Answer 72

A

A) Firewalls and other security devices are not required

Even when using NAT, firewalls and security devices are required on a network boundary.All of these are advantages to using NAT.

Answer 73

A

C) System hardening

System hardening involves disabling unnecessary services and protocols on a host, as well as uninstalling software that is not needed. System reduction, network hardening and application restriction are incorrect. These are nonexistent terms used as distractors.

Answer 74

A

D) Threat

A threat is defined as an entity or event that has the potential to cause harm or damage to an asset. A threat could cause the organization to suffer a financial loss.Risk is the possibility that a threat could harm an asset. A vulnerability is a weakness in the system. A loss is what damage occurs when a vulnerability is exploited by a threat.

Answer 75

A

D) Message digest

A message digest, or hash, can be used to verify the integrity of a message by comparing the original hash to one generated after receipt of the message. If the two match, then integrity is assured. If they do not match, then the message was altered between transmission and receipt.Digital certificates contain public keys that are distributed to users. Digital signatures provide for authentication. Symmetric keys are not used to provide for integrity, but confidentiality.

Answer 76

A

D) SHA-1

SHA-1 (secure hashing algorithm) generates a 160-bit hash.MD5 is a hashing algorithm that generates a 128-bit hash, which is weaker than SHA-1. 3DES and AES-256 are symmetric encryption algorithms, not hashing algorithms.

Answer 77

A

C) Insurance

Insurance is a method of risk transference where the organization pays a premium for the insurance company to assume the risk. If a disaster or event occurs, the organization is paid for its losses.Separation of duties transfers key duties to another individual but does not transfer the risk away from the organization. A service-level agreement between two parties specifies levels of service and support, but the organization still maintains risk. An alternate site is used to transfer operations from a primary site in the event of a disaster, but the risk is still borne by the organization.

Answer 78

A

C) RAM

RAM is the most volatile source of information and is easily lost. It must be collected first during a computer forensics investigation.The order of volatility, and order of evidence collection, is RAM, swap file, hard disk, and CD/DVDs.

Answer 79

A

D) Collision

A collision occurs when two pieces of plaintext are hashed and produce identical hashes.A crossover error is a reference to biometric authentication factors. Interference refers to wireless networks, and disruption is an invalid term in this context.

Answer 80

A

D) Passwords must include the userid

Passwords should not be created that include the user?s userid. All of these practices contribute to a secure password.

Answer 81

A

A) Anything that is not specifically allowed is denied by default

Anything that is not specified as allowed is typically denied, with no deny rules necessary. It is implicitly denied, versus explicitly denied.These statements would describe an explicit deny, an explicit allow, and an implicit allow, respectively.

Answer 82

A

B) Fuzzing

Fuzzing is an application vulnerability testing technique that sends invalid or unexpected data to the application, with the intent to see if any security vulnerabilities exist.Cracking typically involves passwords, not applications. Scanning usually means network port or service scanning. Spoofing means to masquerade as another entity, usually by spoofing an IP address, MAC address, or user.

Answer 83

A

B) VPN concentrator

A VPN concentrator serves as a centralized authentication point for virtual private network connections.None of these devices are used to provide centralized authentication services for secure remote access connections.

Answer 84

A

D) Hot site

A hot site is an alternate processing site that can function almost immediately after a disaster and has equipment and data prepositioned, as well as full utilities.Cold sites have only space and utilities available and take longer to activate. Warm sites have space, utilities, and possibly some equipment and furniture, but still need equipment, personnel, and data transferred, so they cannot be activated instantly. Reciprocal sites are alternate locations provided by and in agreement with another organization and are typically co-located with that organization.

Answer 85

A

A) DNS poisoning

DNS poisoning involves introducing false entries into a DNS server’s zone file, or a server’s hostname-to-IP address cache, both with the intent of misdirecting a DNS resolution request to a different server or site. ARP poisoning involves introducing false entries into a host’s ARP cache, which maps MAC addresses to IP addresses. DHCP poisoning is a false term, although there are several known DHCP network attacks. Session hijacking involves intercepting and taking over an in-progress communications session between two hosts.

Answer 86

A

C) Remote wiping

Remote drive or disk wiping is used to ensure data protection and confidentiality on a mobile device in the event it is lost or stolen.Remote destruction and remote encryption are invalid terms in this context. Remote access enables a remote user to authenticate to and access an organization?s private network.

Answer 87

A

A) Role-based access control

Role-based access control grants access to groups performing specific functions, or roles, but not to individuals.Discretionary access control allows data owners/creators to grant access to individuals or groups. Mandatory access control permits only administrators to grant access, based upon security labels. Rule-based access control grants access to resources based upon specific rules associated with the resource.

Answer 88

A

C) Smartcard and PIN

Use of a smartcard and PIN involves the use of two factors: something you have and something you know.All of the other answers involve the use of only one factor: something you are or something you know, but not used together.

Answer 89

A

D) Logic bomb

A logic bomb is a type of malware, usually very difficult to detect, that is designed to activate only after a specific time has passed or a specific date or event has occurred.These other types of malware are not tied to specific dates or events.

Brainscape's Knowledge GenomeTM

Practice Test 3 Flashcards

Brainscape's Knowledge Genome^TM