Deck A Flashcards by Jerry Brinson

Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).

A. Spam filter

B. Load balancer

C. Antivirus

D. Proxies

E. Firewall

F. NIDS

G. URL filtering

Proxies

Firewall

URL filtering

How well did you know this?

Not at all

Perfectly

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

A. NoSQL databases are not vulnerable to XSRF attacks from the application server.

B. NoSQL databases are not vulnerable to SQL injection attacks.

C. NoSQL databases encrypt sensitive information by default.

D. NoSQL databases perform faster than SQL databases on the same hardware.

NoSQL databases are not vulnerable to SQL injection attacks.

How well did you know this?

Not at all

Perfectly

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

A. Patch management

B. Application hardening

C. White box testing

D. Black box testing

Patch management

How well did you know this?

Not at all

Perfectly

A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?

A. Create conduct policies prohibiting sharing credentials.

B. Enforce a policy shortening the credential expiration timeframe.

C. Implement biometric readers on laptops and restricted areas.

D. Install security cameras in areas containing sensitive systems.

Implement biometric readers on laptops and restricted areas.

How well did you know this?

Not at all

Perfectly

Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?

A. Enticement

B. Entrapment

C. Deceit

D. Sting

Entrapment

How well did you know this?

Not at all

Perfectly

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?

A. Dual-factor authentication

B. Multifactor authentication

C. Single factor authentication

D. Biometric authentication

Single factor authentication

How well did you know this?

Not at all

Perfectly

Peter, the system administrator, has concerns regarding users losing their company provided smartphones. Peter’s focus is on equipment recovery. Which of the following BEST addresses his concerns?

A. Enforce device passwords.

B. Use remote sanitation.

C. Enable GPS tracking.

D. Encrypt stored data.

Enable GPS tracking

How well did you know this?

Not at all

Perfectly

An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?

A. Using a software file recovery disc

B. Mounting the drive in read-only mode

C. Imaging based on order of volatility

D. Hashing the image after capture

Mounting the drive in read-only mode

How well did you know this?

Not at all

Perfectly

A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?

A. Antivirus

B. Pop-up blocker

C. Spyware blocker

D. Anti-spam

Pop-up blocker

How well did you know this?

Not at all

Perfectly

Which of the following would be a reason for developers to utilize an AES cipher in CCM mode (Counter with Chain Block Message Authentication Code)?

A. It enables the ability to reverse the encryption with a separate key

B. It allows for one time pad inclusions with the passphrase

C. Counter mode alternates between synchronous and asynchronous encryption

D. It allows a block cipher to function as a steam cipher

It allows a block cipher to function as a steam cipher

How well did you know this?

Not at all

Perfectly

A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis?

A. Insufficient encryption methods

B. Large scale natural disasters

C. Corporate espionage

D. Lack of antivirus software

Lack of antivirus software

How well did you know this?

Not at all

Perfectly

Which of the following disaster recovery strategies has the highest cost and shortest recovery time?

A. Warm site

B. Hot site

C. Cold site

D. Co-location site

Hot site

How well did you know this?

Not at all

Perfectly

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

A. Disable the wired ports

B. Use channels 1, 4 and 7 only

C. Enable MAC filtering

D. Disable SSID broadcast

E. Switch from 802.11a to 802.11b

Enable MAC filtering

Disable SSID broadcast

How well did you know this?

Not at all

Perfectly

Peter, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

A. Disable default SSID broadcasting.

B. Use WPA instead of WEP encryption.

C. Lower the access point’s power settings.

D. Implement MAC filtering on the access point.

Implement MAC filtering on the access point.

How well did you know this?

Not at all

Perfectly

An organization has a need for security control that identifies when an organizational system has been unplugged and a rouge system has been plugged in. The security control must also provide the ability to supply automated notifications. Which of the following would allow the organization to BEST meet this business requirement?

A. MAC filtering

B. ACL

C. SNMP

D. Port security

Port security

How well did you know this?

Not at all

Perfectly

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

A. Configure an access list.

B. Configure spanning tree protocol.

C. Configure port security.

D. Configure loop protection.

Configure port security

How well did you know this?

Not at all

Perfectly

Which of the following is a best practice when a mistake is made during a forensics examination?

A. The examiner should verify the tools before, during, and after an examination.

B. The examiner should attempt to hide the mistake during cross-examination.

C. The examiner should document the mistake and workaround the problem.

D. The examiner should disclose the mistake and assess another area of the disc.

The examiner should document the mistake and workaround the problem.

How well did you know this?

Not at all

Perfectly

After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data.
Which of the following controls support this goal?

A. Contingency planning

B. Encryption and stronger access control

C. Hashing and non-repudiation

D. Redundancy and fault tolerance

Encryption and stronger access control

How well did you know this?

Not at all

Perfectly

Which of the following is true about asymmetric encryption?

A. A message encrypted with the private key can be decrypted by the same key

B. A message encrypted with the public key can be decrypted with a shared key.

C. A message encrypted with a shared key, can be decrypted by the same key.

D. A message encrypted with the public key can be decrypted with the private key.

A message encrypted with the public key can be decrypted with the private key.

How well did you know this?

Not at all

Perfectly

Establishing a method to erase or clear cluster tips is an example of securing which of the following?

A. Data in transit

B. Data at rest

C. Data in use

D. Data in motion

Data at rest

How well did you know this?

Not at all

Perfectly

Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?

A. Social networking use training

B. Personally owned device policy training

C. Tailgating awareness policy training

D. Information classification training

Information classification training

How well did you know this?

Not at all

Perfectly

Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device?

A. Block cipher

B. Elliptical curve cryptography

C. Diffie-Hellman algorithm

D. Stream cipher

Elliptical curve cryptography

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST likely cause of users being unable to verify a single user’s email signature and that user being unable to decrypt sent messages?

A. Unmatched key pairs

B. Corrupt key escrow

C. Weak public key

D. Weak private key

Unmatched key pairs

How well did you know this?

Not at all

Perfectly

A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?

A. Change the encryption from TKIP-based to CCMP-based.

B. Set all nearby access points to operate on the same channel.

C. Configure the access point to use WEP instead of WPA2.

D. Enable all access points to broadcast their SSIDs.

Change the encryption from TKIP-based to CCMP-based.

How well did you know this?

Not at all

Perfectly

Which of the following ports is used to securely transfer files between remote UNIX systems? A. 21 B. 22 C. 69 D. 445

A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO). A. SSH B. TFTP C. NTLM D. TKIP E. SMTP F. PGP/GPG

SSH PGP/GPG

Which of the following is MOST critical in protecting control systems that cannot be regularly patched? A. Asset inventory B. Full disk encryption C. Vulnerability scanning D. Network segmentation

Full disk encryption

Datacenter access is controlled with proximity badges that record all entries and exits from the datacenter. The access records are used to identify which staff members accessed the data center in the event of equipment theft. Which of the following MUST be prevented in order for this policy to be effective? A. Password reuse B. Phishing C. Social engineering D. Tailgating

Tailgating

The use of social networking sites introduces the risk of: A. Disclosure of proprietary information B. Data classification issues C. Data availability issues D. Broken chain of custody

Disclosure of proprietary information

Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service? A. Clustering B. RAID C. Backup Redundancy D. Cold site

Clustering

Which of the following wireless security technologies continuously supplies new keys for WEP? A. TKIP B. Mac filtering C. WPA2 D. WPA

TKIP

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation? A. Management B. Administrative C. Technical D. Operational

Technical

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO). A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements. B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. C. Developed recovery strategies, test plans, post-test evaluation and update processes. D. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential. E. Methods to review and report on system logs, incident response, and incident handling.

Methods and templates to respond to press requests, institutional and regulatory reporting requirements. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.

On a train, an individual is watching a proprietary video on Peter’s laptop without his knowledge. Which of the following does this describe? A. Tailgating B. Shoulder surfing C. Interference D. Illegal downloading

Shoulder surfing

A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model? A. Software as a Service B. DMZ C. Remote access support D. Infrastructure as a Service

Software as a Service

Which of the following network design elements allows for many internal devices to share one public IP address? A. DNAT B. PAT C. DNS D. DMZ

PAT

A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack? A. Zero-day B. SQL injection C. Buffer overflow D. XSRF

Buffer overflow

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: "Perform Purchase" Which of the following has MOST likely occurred? A. SQL injection B. Cookie stealing C. XSRF D. XSS

XSRF

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection? A. HIPS B. Antivirus C. NIDS D. ACL

HIPS

The system administrator is reviewing the following logs from the company web server: 12: 34:56 GET /directory_listing.php?user=admin&pass=admin1 12: 34:57 GET /directory_listing.php?user=admin&pass=admin2 12: 34:58 GET /directory_listing.php?user=admin&pass=1admin 12: 34:59 GET /directory_listing.php?user=admin&pass=2admin Which of the following is this an example of? A. Online rainbow table attack B. Offline brute force attack C. Offline dictionary attack D. Online hybrid attack

Online hybrid attack

A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link? A. MPLS should be run in IPVPN mode. B. SSL/TLS for all application flows. C. IPSec VPN tunnels on top of the MPLS link. D. HTTPS and SSH for all application flows.

IPSec VPN tunnels on top of the MPLS link.

The security manager must store a copy of a sensitive document and needs to verify at a later point that the document has not been altered. Which of the following will accomplish the security manager’s objective? A. RSA B. AES C. MD5 D. SHA

MD5

A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff? A. Virtualization B. Subnetting C. IaaS D. SaaS

Virtualization

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique? A. Disabling unnecessary accounts B. Rogue machine detection C. Encrypting sensitive files D. Implementing antivirus

Rogue machine detection

Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks? A. NAT B. Virtualization C. NAC D. Subnetting

Subnetting

One of the most consistently reported software security vulnerabilities that leads to major exploits is: A. Lack of malware detection. B. Attack surface decrease. C. Inadequate network hardening. D. Poor input validation.

Poor input validation.

An auditor’s report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors’ accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding? A. Disable unnecessary contractor accounts and inform the auditor of the update. B. Reset contractor accounts and inform the auditor of the update. C. Inform the auditor that the accounts belong to the contractors. D. Delete contractor accounts and inform the auditor of the update.

Disable unnecessary contractor accounts and inform the auditor of the update.

Emily, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? A. Buffer overflow B. Pop-up blockers C. Cross-site scripting D. Fuzzing

Buffer overflow

Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future? A. Data loss prevention B. Enforcing complex passwords C. Security awareness training D. Digital signatures

Security awareness training

Using a heuristic system to detect an anomaly in a computer’s baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred? A. Cookie stealing B. Zero-day C. Directory traversal D. XML injection

Zero-day

A network administrator has recently updated their network devices to ensure redundancy is in place so that: A. switches can redistribute routes across the network. B. environmental monitoring can be performed. C. single points of failure are removed. D. hot and cold aisles are functioning.

single points of failure are removed.

Customers’ credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future? A. Application firewalls B. Manual updates C. Firmware version control D. Encrypted TCP wrappers

Encrypted TCP wrappers

Peter, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO). A. Private hash B. Recovery agent C. Public key D. Key escrow E. CRL

Recovery agent Key escrow

Peter, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? A. No competition with the company’s official social presence B. Protection against malware introduced by banner ads C. Increased user productivity based upon fewer distractions D. Elimination of risks caused by unauthorized P2P file sharing

Protection against malware introduced by banner ads

The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future? A. User permissions reviews B. Incident response team C. Change management D. Routine auditing

Routine auditing

An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start? A. Review past security incidents and their resolution B. Rewrite the existing security policy C. Implement an intrusion prevention system D. Install honey pot systems

Implement an intrusion prevention system

A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used? A. RC4 B. DES C. 3DES D. AES

AES

A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts? A. Confidentiality B. Availability C. Succession planning D. Integrity

Availability

Emily, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Emily should immediately implement which of the following? A. Acceptable Use Policy B. Physical security controls C. Technical controls D. Security awareness training

Security awareness training

A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server? A. The new virtual server’s MAC address was not added to the ACL on the switch B. The new virtual server’s MAC address triggered a port security violation on the switch C. The new virtual server’s MAC address triggered an implicit deny in the switch D. The new virtual server’s MAC address was not added to the firewall rules on the switch

The new virtual server’s MAC address was not added to the ACL on the switch

Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure? A. Hardware load balancing B. RAID C. A cold site D. A host standby

RAID

Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges? A. Internal account audits B. Account disablement C. Time of day restriction D. Password complexity

Internal account audits

Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains? Server 1: 192.168.100.6 Server 2: 192.168.100.9 Server 3: 192.169.100.20 A. /24 B. /27 C. /28 D. /29 E. /30

/29

Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following? A. Application patch management B. Cross-site scripting prevention C. Creating a security baseline D. System hardening

System hardening

Which of the following is best practice to put at the end of an ACL? A. Implicit deny B. Time of day restrictions C. Implicit allow D. SNMP string

Implicit deny

Some customers have reported receiving an untrusted certificate warning when visiting the company’s website. The administrator ensures that the certificate is not expired and that customers have trusted the original issuer of the certificate. Which of the following could be causing the problem? A. The intermediate CA certificates were not installed on the server. B. The certificate is not the correct type for a virtual server. C. The encryption key used in the certificate is too short. D. The client’s browser is trying to negotiate SSL instead of TLS

The intermediate CA certificates were not installed on the server.

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used? A. WEP B. LEAP C. EAP-TLS D. TKIP

EAP-TLS

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network? A. Rogue access point B. Zero day attack C. Packet sniffing D. LDAP injection

LDAP injection

A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this? A. External penetration test B. Internal vulnerability scan C. External vulnerability scan D. Internal penetration test

External vulnerability scan

While opening an email attachment, Peter, a customer, receives an error that the application has encountered an unexpected issue and must be shut down. This could be an example of which of the following attacks? A. Cross-site scripting B. Buffer overflow C. Header manipulation D. Directory traversal

Buffer overflow

Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption? A. Blowfish B. DES C. SHA256 D. HMAC

Blowfish

It is MOST important to make sure that the firewall is configured to do which of the following? A. Alert management of a possible intrusion. B. Deny all traffic and only permit by exception. C. Deny all traffic based on known signatures. D. Alert the administrator of a possible intrusion.

Deny all traffic and only permit by exception.

A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack? A. Configure MAC filtering on the switch. B. Configure loop protection on the switch. C. Configure flood guards on the switch. D. Configure 802.1x authentication on the switch.

Configure flood guards on the switch.

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types? A. Rule based access control B. Mandatory access control C. User assigned privilege D. Discretionary access control

Discretionary access control

Which of the following is required to allow multiple servers to exist on one physical server? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Virtualization D. Infrastructure as a Service (IaaS)

Virtualization

An organization is required to log all user internet activity. Which of the following would accomplish this requirement? A. Configure an access list on the default gateway router. Configure the default gateway router to log all web traffic to a syslog server B. Configure a firewall on the internal network. On the client IP address configuration, use the IP address of the firewall as the default gateway, configure the firewall to log all traffic to a syslog server C. Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server D. Configure an access list on the core switch, configure the core switch to log all web traffic to a syslog server

Configure a proxy server on the internal network and configure the proxy server to log all web traffic to a syslog server

When employees that use certificates leave the company they should be added to which of the following? A. PKI B. CA C. CRL D. TKIP

CRL

A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario? A. Encryption B. Digital signatures C. Steganography D. Hashing E. Perfect forward secrecy

Digital signatures

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security? A. Initial baseline configuration snapshots B. Firewall, IPS and network segmentation C. Event log analysis and incident response D. Continuous security monitoring processes

Continuous security monitoring processes

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident? A. MAC Spoofing B. Session Hijacking C. Impersonation D. Zero-day

Zero-day

A security technician is working with the network firewall team to implement access controls at the company’s demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond? A. Rule based access control B. Role based access control C. Discretionary access control D. Mandatory access control

Rule based access control

During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use? A. Port scanner B. Network sniffer C. Protocol analyzer D. Process list

Port scanner

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system? A. Penetration test B. Vulnerability scan C. Load testing D. Port scanner

Vulnerability scan

Digital certificates can be used to ensure which of the following? (Select TWO). A. Availability B. Confidentiality C. Verification D. Authorization E. Non-repudiation

Confidentiality Non-repudiation

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on? A. Lessons Learned B. Eradication C. Recovery D. Preparation

Preparation

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place? A. IV attack B. WEP cracking C. WPA cracking D. Rogue AP

WPA cracking

Which of the following offers the LEAST secure encryption capabilities? A. TwoFish B. PAP C. NTLM D. CHAP

PAP

Visitors entering a building are required to close the back door before the front door of the same entry room is open. Which of the following is being described? A. Tailgating B. Fencing C. Screening D. Mantrap

Mantrap

Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment? A. Protocol analyzer B. Router C. Firewall D. HIPS

Protocol analyzer

Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption? A. HTTPS B. WEP C. WPA D. WPA 2

WEP

Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task? A. HIDS B. Firewall C. NIPS D. Spam filter

NIPS

Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing? A. Port security B. Flood guards C. Loop protection D. Implicit deny

Implicit deny

The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following? A. Stream ciphers B. Transport encryption C. Key escrow D. Block ciphers

Transport encryption

A CRL is comprised of. A. Malicious IP addresses. B. Trusted CA’s. C. Untrusted private keys. D. Public keys.

Public keys

Used in conjunction, which of the following are PII? (Select TWO). A. Marital status B. Favorite movie C. Pet’s name D. Birthday E. Full name

Birthday Full name

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques? A. UDP B. IPv6 C. IPSec D. VPN

IPv6

Which of the following is a programming interface that allows a remote computer to run programs on a local machine? A. RPC B. RSH C. SSH D. SSL

RPC

Which of the following would Peter, a security administrator, do to limit a wireless signal from penetrating the exterior walls? A. Implement TKIP encryption B. Consider antenna placement C. Disable the SSID broadcast D. Disable WPA

Consider antenna placement

The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter’s HVAC. Which of the following can be implemented? A. Cold site B. Load balancing C. Warm site D. Hot site

Warm site

A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment? A. Chain of custody B. Tracking man hours C. Record time offset D. Capture video traffic

Record time offset