Everything Flashcards
All in one spot cause I got tired of sorting them by sections.
1
Q
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.
A
n
2
Q
Used in conjunction, which of the following are PII? (Select TWO).
A. Marital status B. Favorite movie C. Pet's name D. Birthday E. Full name
A
n
3
Q
In a disaster recovery situation, operations are to be moved to an alternate site. Computers and network connectivity are already present; however, production backups are several days out-of- date. Which of the following site types is being described?
A. Cold site
B. High availability site
C. Warm site
D. Hot site
A
n
4
Q
Which of the following malware types is an antivirus scanner MOST unlikely to discover? (Select TWO).
A. Trojan B. Pharming C. Worms D. Virus E. Logic bomb
A
n
5
Q
Which of the following threats corresponds with an attacker targeting specific employees of a company?
A. Spear phishing
B. Phishing
C. Pharming
D. Man-in-the-middle
A
n
6
Q
Which of the following attacks would password masking help mitigate?
A. Shoulder surfing
B. Brute force
C. Tailgating
D. Impersonation
A
n
7
Q
If cookies with non-random sequence numbers are issued upon authentication, which of the following attack types can occur?
A. Directory traversal
B. Session hijacking
C. Cross-site scripting
D. SQL injection
A
n
8
Q
Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?
A. System A fails open. System B fails closed.
B. System A and System B both fail closed.
C. System A and System B both fail open.
D. System A fails closed. System B fails open.
A
n
9
Q
An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application’s security posture?
A. Baseline reporting
B. Protocol analysis
C. Threat modeling
D. Functional testing
A
n
10
Q
A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described?
A. White box
B. Gray box
C. Black box
D. Red teaming
A
n
11
Q
A user has forgotten their account password. Which of the following is the BEST recovery strategy?
A. Upgrade the authentication system to use biometrics instead.
B. Temporarily disable password complexity requirements.
C. Set a temporary password that expires upon first use.
D. Retrieve the user password from the credentials database.
A
n
12
Q
All of the following are valid cryptographic hash functions EXCEPT:
A. RIPEMD.
B. RC4.
C. SHA-512.
D. MD4.
A
n
13
Q
When a certificate issuer is not recognized by a web browser, which of the following is the MOST common reason?
A. Lack of key escrow
B. Self-signed certificate
C. Weak certificate pass-phrase
D. Weak certificate cipher
A
n
14
Q
Which of the following PKI components identifies certificates that can no longer be trusted?
A. CRL
B. CA public key
C. Escrow
D. Recovery agent
A
n
15
Q
Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack?
A. 802.1x
B. DHCP
C. 802.1q
D. NIPS
A
n
16
Q
MAC filtering is a form of which of the following?
A. Virtualization
B. Network Access Control
C. Virtual Private Networking
D. Network Address Translation
A
n
17
Q
Which of the following authentication protocols forces centralized wireless authentication?
A. WPA2-Personal
B. WPA2-Enterprise
C. WPA2-CCMP
D. WPA2-TKIP
A
n
18
Q
A company that purchases insurance to reduce risk is an example of which of the following?
A. Risk deterrence
B. Risk acceptance
C. Risk avoidance
D. Risk transference
A
n
19
Q
Which of the following is a method to prevent ad-hoc configuration mistakes?
A. Implement an auditing strategy
B. Implement an incident management strategy
C. Implement a patch management strategy
D. Implement a change management strategy
A
n
20
Q
Which of the following risks may result from improper use of social networking and P2P software?
A. Shoulder surfing
B. Denial of service
C. Information disclosure
D. Data loss prevention
A
n
21
Q
Which of the following malware types is BEST described as protecting itself by hooking system processes and hiding its presence?
A. Botnet
B. Rootkit
C. Logic bomb
D. Virus
A
n
22
Q
A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date. Which of the following BEST describes this system type?
A. NAT
B. NIPS
C. NAC
D. DMZ
A
n
23
Q
Which of the following would be used for secure remote terminal access?
A. SSH
B. TFTP
C. SCP
D. SFTP
A
n
24
Q
Without validating user input, an application becomes vulnerable to all of the following EXCEPT:
A. buffer overflow.
B. command injection.
C. spear phishing.
D. SQL injection.
A
n
25
After verifying that the server and database are running, Jane, the administrator, is still unable to make a TCP connection to the database. Which of the following is the MOST likely cause for this?
A. The server has data execution prevention enabled
B. The server has TPM based protection enabled
C. The server has HIDS installed
D. The server is running a host-based firewall
n
26
Which of the following is used to detect unknown security vulnerability?
A. Application fuzzing
B. Application configuration baseline
C. Patch management
D. ID badge
n
27
Which of the following is a best practice before deploying a new desktop operating system image?
A. Install network monitoring software
B. Perform white box testing
C. Remove single points of failure
D. Verify operating system security settings
n
28
Securing mobile devices involves which of the following checklists?
A. Key escrow, trust model, CRL
B. Cross-site scripting, XSRF, fuzzing
C. Screen lock, encryption, remote wipe
D. Black box, gray box, white box testing
n
29
Which of the following steps should follow the deployment of a patch?
A. Antivirus and anti-malware deployment
B. Audit and verification
C. Fuzzing and exploitation
D. Error and exception handling
n
30
Lack of internal security resources and high availability requirements are factors that may lead a company to consider:
A. patch management.
B. encryption.
C. cloud computing.
D. anti-malware software.
n
31
Which of the following is the BEST filtering device capable of stateful packet inspection?
A. Switch
B. Protocol analyzer
C. Firewall
D. Router
n
32
An employee's workstation is connected to the corporate LAN. Due to content filtering restrictions, the employee attaches a 3G Internet dongle to get to websites that are blocked by the corporate gateway. Which of the following BEST describes a security implication of this practice?
A. A corporate LAN connection and a 3G Internet connection are acceptable if a host firewall is installed.
B. The security policy should be updated to state that corporate computer equipment should be dual-homed.
C. Content filtering should be disabled because it may prevent access to legitimate sites.
D. Network bridging must be avoided, otherwise it may join two networks of different classifications.
n
33
In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO).
```
A. Subnetting
B. NAT
C. Firewall
D. NAC
E. VPN
```
n
34
If a security issue is resolved, which of the following risk management strategies was used?
A. Deterrence
B. Acceptance
C. Mitigation
D. Avoidance
n
35
Which of the following would be used when a higher level of security is desired for encryption key storage?
A. TACACS+
B. L2TP
C. LDAP
D. TPM
n
36
Which of the following is the default port for SCP and SSH?
A. 21
B. 22
C. 404
D. 443
h
37
Which of the following default ports does the hypertext transfer protocol use for non-secure network connections?
A. 20
B. 21
C. 80
D. 8080
h
38
Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?
A. Biometrics
B. PKI
C. Single factor authentication
D. Multifactor authentication
h
39
Which of the following result types would Jane, a security administrator, MOST likely look for during a penetration test?
A. Inability to gain administrative access
B. Open ports
C. Ability to bypass security controls
D. Incorrect configurations
h
40
A small business owner has asked the security consultant to suggest an inexpensive means to deter physical intrusions at their place of business. Which of the following would BEST meet their request?
A. Fake cameras
B. Proximity readers
C. Infrared cameras
D. Security guards
h
41
Employee badges are encoded with a private encryption key and specific personal information. The encoding is then used to provide access to the network. Which of the following describes this access control type?
A. Smartcard
B. Token
C. Discretionary access control
D. Mandatory access control
h
42
Which of the following devices would MOST likely have a DMZ interface?
A. Firewall
B. Switch
C. Load balancer
D. Proxy
h
43
Which of the following is used to digitally sign an email?
A. Private key
B. Public key
C. Sender's IP
D. Sender's MAC address
h
44
Pete, the company Chief Information Officer (CIO), has been receiving numerous emails from the help desk directing Pete to a link to verify credentials. Which of the following attacks is underway?
A. Replay attack
B. Pharming
C. Privilege escalation
D. Spear phishing
h
45
Pete, a security administrator, noticed that the network analyzer is displaying packets that have all the bits in the option field turned on. Which of the following attacks is underway?
A. X-mas
B. DDoS
C. Birthday
D. Smurf
h
46
Which of the following tools would Matt, a security administrator, MOST likely use to analyze a malicious payload?
A. Vulnerability scanner
B. Fuzzer
C. Port scanner
D. Protocol analyzer
h
47
Which of the following is Jane, a security administrator, MOST likely to install in order to capture and analyze zero day exploits?
A. Honeypot
B. Antivirus
C. IPS
D. IDS
h
48
Which of the following can be implemented to detect file system variations?
A. EXT3
B. Hashing
C. Encryption
D. NIDS
h
49
Which of the following threats is MOST likely to be mitigated by implementing cross-site scripting prevention tools?
A. Resource starvation
B. Insider threat
C. Spear phishing
D. Session hijacking
h
50
An attacker has gained access to the corporate network and is attempting to brute force a password to gain access to the accounting system. Which of the following, if implemented, will protect the server?
A. Single sign-on
B. Password history
C. Limit logon attempts
D. Directory services
h
51
Pete, a security administrator, wants to check user password complexity. Which of the following is the BEST tool to use?
A. Password history
B. Password logging
C. Password cracker
D. Password hashing
h
52
Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?
A. Hashing
B. Transport encryption
C. Digital signatures
D. Steganography
D
53
Certificates are used for: (Select TWO).
```
A. client authentication.
B. WEP encryption.
C. access control lists.
D. code signing.
E. password hashing.
```
h
54
When implementing SSL VPN, which of the following is the FASTEST cipher that Pete, an administrator, can use?
A. 3DES
B. AES
C. DES
D. RC4
h
55
Which of the following network devices will prevent port scans?
A. Firewall
B. Load balancers
C. NIDS
D. Sniffer
h
56
Which of the following is an operational control?
A. Concurrent session control
B. System security categorization
C. Contingency planning
D. Session locks
h
57
Which of the following is a hardware based encryption device?
A. EFS
B. TrueCrypt
C. TPM
D. SLE
h
58
List the Hardware Decrytion devices
h
59
Which of the following is the MOST important step for preserving evidence during forensic procedures?
A. Involve law enforcement
B. Chain of custody
C. Record the time of the incident
D. Report within one hour of discovery
h
60
Employees of a company have received emails that fraudulently claim to be from the company's security department. The emails ask the employees to sign-on to an Internet website to verify passwords and personal information. This is an example of which type of attack?
A. Phishing
B. Pharming
C. Man-in-the-middle
D. Vishing
h
61
A company has implemented software to enforce full disk and removable media encryption for all computers. Which of the following threats can still expose sensitive data on these computers?
A. Spam
B. Botnet infection
C. Stolen laptop
D. Header manipulation
h
62
Which of the following MOST interferes with network-based detection techniques?
A. Mime-encoding
B. SSL
C. FTP
D. Anonymous email accounts
h
63
Which of the following secure coding concepts can prevent the unintentional execution of malicious code entered in place of proper commands?
A. Patch management
B. Proper exception handling
C. Code reviews
D. Input validation
h
64
A certificate authority takes which of the following actions in PKI?
A. Signs and verifies all infrastructure messages
B. Issues and signs all private keys
C. Publishes key escrow lists to CRLs
D. Issues and signs all root certificates
h
65
To ensure the security of a PKI, security technicians should regularly update which of the following, by checking with the CA for newer versions?
A. CRLs
B. Expiration lists
C. Preshared keys
D. Public keys
h
66
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?
A. Malicious code on the local system
B. Shoulder surfing
C. Brute force certificate cracking
D. Distributed dictionary attacks
n
67
An administrator is provided two accounts: one with administrative access but not network services, and the other account with other network services but no administrative access. Which of the following describes this scenario?
A. Least privilege
B. Mandatory access control
C. Multifactor authentication
D. Separation of duties
n
68
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
A. More experienced employees from less experienced employees
B. Changes to program code and the ability to deploy to production
C. Upper level management users from standard development employees
D. The network access layer from the application access layer
n
69
Which of the following will require exceptions when considering the use of 802.1x port security?
A. Switches
B. Printers
C. Laptops
D. Desktops
n
70
Which of the following may cause Jane, the security administrator, to seek an ACL work around?
A. Zero day exploit
B. Dumpster diving
C. Virus outbreak
D. Tailgating
n
71
Which of the following is MOST likely to lead to a breach of security in which Matt, an unauthorized employee, accidently views sensitive data?
A. Lack of business continuity plan
B. Lack of logging and auditing access to files
C. Lack of chain of custody procedure
D. Lack of data labeling, handling, and disposal policies
n
72
A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?
A. The request needs to be sent to the incident management team.
B. The request needs to be approved through the incident management process.
C. The request needs to be approved through the change management process.
D. The request needs to be sent to the change management team.
n
73
Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?
A. Phishing
B. Tailgating
C. Pharming
D. Vishing
n
74
The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it. Which of the following MUST be implemented to allow this type of authorization?
A. Use of CA certificate
B. Use of public keys only
C. Use of private keys only
D. Use of public and private keys
n
75
Jane, a user in the company, is in charge of various financial roles but needs to prepare for an upcoming audit. She uses the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?
A. Account lockout policy
B. Account password enforcement
C. Password complexity enabled
D. Separation of duties
n
76
Pete, an employee, is granted access to only areas of a network folder needed to perform his job. Which of the following describes this form of access control?
A. Separation of duties
B. Time of day restrictions
C. Implicit deny
D. Least privilege
n
77
A security administrator notices unusual activity from a default account when reviewing system logs and finds the account has been compromised. After investigating the incident, the administrator determines the account can be disabled to prevent any further incidents because the account was not necessary for any job functions. Which of the following could have prevented this incident?
A. Enhanced password complexity
B. Disabling unnecessary accounts
C. Reviewing centralized logs
D. Disabling unnecessary services
n
78
A CRL is comprised of:
A. malicious IP addresses.
B. trusted CA's.
C. untrusted private keys.
D. public keys.
n
79
Which of the following can be implemented to prevent Matt, a user, from connecting a hub or switch to a single switch port to access network resources with multiple devices? (Select TWO).
```
A. Subnetting
B. NAC
C. VLAN
D. DMZ
E. Port security
```
n
80
Which of the following devices utilizes behavior heuristics to detect or prevent intrusion into network resources?
A. NIPS
B. VPN concentrators
C. NAT router
D. Flood guard
n
81
Which of the following may significantly reduce data loss if multiple drives fail at the same time?
A. Virtualization
B. RAID
C. Load balancing
D. Server clustering
n
82
Which of the following would MOST likely belong in the DMZ? (Select TWO).
```
A. Finance servers
B. Backup servers
C. Web servers
D. SMTP gateways
E. Laptops
```
n
83
Which of the following protocols would MOST likely be implemented if Pete, a user, wants to transfer files reliably from one location to another?
A. SNMP
B. SSH
C. ICMP
D. SFTP
n
84
Which of the following is a strong cryptographic system used by Windows based systems for authentication?
A. SSO
B. DES
C. NTLMv2
D. LANMAN
n
85
Which of the following algorithms has well documented collisions? (Select TWO).
```
A. AES
B. MD5
C. SHA
D. SHA-256
E. RSA
```
n
86
Which of the following describes common concerns when implementing IPS?
A. Legitimate traffic will be incorrectly blocked
B. False negatives will disrupt network throughput
C. Incompatibilities with existing routers will result in a DoS
D. Security alerts will be minimal until adequate traffic is collected
n
87
Which of the following describes an issue encountered when reconstructing a security incident through the examination of security logs collected from multiple servers?
A. Proprietary log formats prevent review of security alerts
B. Some operating systems do not natively export security logs
C. Security logs are often encrypted
D. Inconsistent time settings interfere with sequential event analysis
n
88
When verifying file integrity on a remote system that is bandwidth limited, which of the following tool combinations provides the STRONGEST confidence?
A. MD5 and 3DES
B. MD5 and SHA-1
C. SHA-256 and RSA
D. SHA-256 and AES
n
89
Jane, the security administrator, needs to be able to test malicious code in an environment where it will not harm the rest of the network. Which of the following would allow Jane to perform this kind of testing?
A. Local isolated environment
B. Networked development environment
C. Infrastructure as a Service
D. Software as a Service
n
90
A company is sending out a message to all users informing them that all internal messages need to be digitally signed. This is a form of which of the following concepts?
A. Availability
B. Non-repudiation
C. Authorization
D. Cryptography
n
91
While performing basic forensic analysis of a hard drive in Sara's, the security administrator, possession, which of the following should be verified during the analysis?
A. Witness statements
B. Image hashes
C. Chain of custody
D. Order of volatility
n
92
A server containing critical data will cost the company $200/hour if it were to be unavailable due to DoS attacks. The security administrator expects the server to become unavailable for a total of two days next year. Which of the following is true about the ALE?
A. The ALE is $48.
B. The ALE is $400.
C. The ALE is $4,800.
D. The ALE is $9,600.
n
93
Jane, a user, installs software downloaded from a trusted website. The installed software causes unwanted pop-ups for pharmaceuticals. Which of the following BEST describes the type of threat?
A. Trojan
B. Backdoor
C. Spyware
D. Adware
n
94
Sara, a security administrator, notices a number of ports being scanned on the perimeter firewall. At first the scanning appears random, but after monitoring the logs for 30 minutes, she determines that the whole port range is being scanned and all TCP flags are being turned on. Which of the following BEST describes this type of threat?
A. Smurf attack
B. X-mas attack
C. Spoofing
D. Malicious insider threat
n
95
The Chief Information Officer (CIO) receives a call from an individual who states they are from the IT department. The caller wants to know the CIOs ID and password to validate their account as part of a yearly account revalidation process. Which of the following BEST describes this scenario?
A. Spam
B. Hoax
C. Spoofing
D. Vishing
n
96
To reduce an organization's risk exposure by verifying compliance with company policy, which of the following should be performed periodically?
A. Qualitative analysis
B. Quantitative analysis
C. Routine audits
D. Incident management
n
97
Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?
A. Disable SSID broadcast
B. Install a RADIUS server
C. Enable MAC filtering
D. Lowering power levels on the AP
n
98
A system administrator decides to use SNMPv3 on the network router in AuthPriv mode. Which of the following algorithm combinations would be valid?
A. AES-RC4
B. 3DES-MD5
C. RSA-DSA
D. SHA1-HMAC
n
99
Which of the following are encryption algorithms that can use a 128-bit key size? (Select TWO).
```
A. AES
B. RC4
C. Twofish
D. DES
E. SHA2
```
n
100
Unsolicited address items and messages are discovered on a Chief Information Officer's (CIO's) smartphone. Additionally, files on an administrator's smartphone are changed or missing. Which of the following BEST describes what may have happened?
A. The CIO and the Administrator were both bluesnarfed.
B. The CIO and the Administrator were both bluejacked.
C. The CIO was bluejacked and the Administrator was bluesnarfed.
D. The CIO was bluesnarfed and the Administrator was bluejacked.
n
101
Which of the following devices, connected to an IDS, would allow capture of the MOST traffic?
A. Switch
B. Router
C. Firewall
D. Hub
n
102
Encryption is used provide which of the following?
a. Integrity
b. Authentication
c. Confidentiality
d. Authorization
C
103
A biometric fingerprint scanner is an example of which of the following?
a. Two-factor authentication
b. Single Sign On
c. Single-factor authorization
d. Single-factor authentication
D
104
A user name, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?
a. SSO
b. Two-factor authentication
c. Single-factor authentication
d. Three-factor authentication
B
105
A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash?
a. A hash is a unique number that is generated based upon the TCP/IP transmission header and should be verified before download.
b. A hash is a unique number that is generated based upon the files contents and used as the SSL key during download.
c. A hash is a unique number that is generated after the file has been encrypted and used as the SSL key during download.
d. A hash is a unique number that is generated based upon the files contents and should be verified after download.
D
106
Bob is looking for a biometric authentication system that offers the highest possible level of security even if this increases possible inconvenience for the users. Which of the following factors should be minimized?
a. FRR
b. FAR
c. CER
d. False Negatives
B
107
In Kerberos what is issued to a user by the KDC when the user successfully logs on?
a. Ticket granting ticket
b. Service ticket
c. Asymmetric key
d. Symmetric key
A
108
Which of the following security steps must a user complete before access is given to the network?
a. Authentication and password
b. Identification and authentication
c. Identification and authorization
d. Authentication and authorization
B
109
LDAP is a protocol which enables which of the following?
a. Secure logon to a federated database
b. VPN access to a remote network
c. Transmission of encrypted keys
d. Queries to a directory service
D
110
Which of the following is the improvement of MS-CHAPv2 over MS-CHAP?
a. Encrypted logon
b. Asymmetric key exchange
c. Mutual authentication
d. SSO
C
111
What is a difference between TACACS+ and RADIUS
a. RADIUS is a AAA provider
b. TACACS+ is a AAA provider
c. RADIUS encrypts the entire authentication process
d. TACACS+ encrypts the entire authentication process
D
112
Which of the following is an example of a technical control?
a. Least Privilege
b. Vulnerability assessments
c. Configuration management
d. Media protection
A
113
Which of the following is an example of a detective control?
a. System backups
b. Change management
c. System hardening
d. Security guard
D
114
Which access control method provides the highest level of security ?
a. Mandatory
b. Discretionary
c. Role based
d. Rule based
A
115
RBAC is based on what?
a. Job functions
b. Labels
c. ACL’s
d. Lattice
A
116
Which access control model is used by NTFS?
a. MAC
b. DAC
c. RBAC
d. DACL
B
117
An inherent flaw associated with DAC is what?
a. Susceptibility to worms
b. Difficulty of administration
c. Susceptibility to Trojans
d. Weak encryption keys
C
118
In which access control model does the object owner establish access?
a. MAC
b. RBAC
c. Rule based
d. DAC
D
119
Which of the following is usually not allowed when conducting video surveillance?
a. Recording audio
b. Recording in low light conditions
c. Recording in color
d. Recording in public areas
A
120
Which network protocol provides for guaranteed delivery of packets
a. UDP
b. ARP
c. FTP
d. TCP
D
121
Which packet is withheld in a SYN flood attack?
a. SYN
b. ACK
c. SYN/ACK
d. Broadcast
B
122
ARP is used to determine which type of address?
a. Logical
b. Network
c. IP
d. Physical
D
123
Secure LDAP uses which port?
a. 443
b. 389
c. 636
d. 143
C
124
Which of the following addresses is on the same subnet with 163.252.50.57/22 00110010 ?
a. 163.252.100.71
b. 163.252.47.12
c. 163.252.80.78
d. 163.252.48.90
D
125
Which device does not understand physical addresses but sends all packets out all its ports?
a. Hub
b. Switch
c. Router
d. VLAN
A
126
Loop protection on a switch may be provided by what?
a. RTP
b. STP
c. FTP
d. TACACS+
B
127
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was the MOST likely using to view this issue?
A. Spam filter
B. Protocol analyzer
C. Web application firewall
D. Load balancer
n
128
Which of the following devices can be used to terminate remote user's established SSL or IPSec tunnels?
(Select TWO).
```
A. NIDS
B. HIPS
C. VPN concentrator
D. Hub
E. Firewall
```
n
129
Jane, a user, brings in a laptop from home and gets certificate warnings when connecting to corporate intranet sites. These warnings do not occur when using any of the companies' workstations. Which of the following is MOST likely the issue?
A. The laptop needs to VPN to bypass the NAC.
B. The corporate intranet servers do not trust the laptop.
C. The laptop's CRL enrollment has expired.
D. The user's certificate store does not trust the C A.
n
130
Which of the following mitigates the loss of a private key in PKI? (Select TWO).
```
A. Certificate reissue
B. Key rotation
C. Key escrow
D. Auto enrollment
E. Recovery agent
```
n
131
Which of the following specifications would Sara, an administrator, implement as a network access control?
A. 802.1q
B. 802.3
C. 802.11n
D. 802.1x
n
132
Which of the following malware types propagates automatically, does not typically hide, requires user interaction, and displays marketing ads?
A. Logic bombs
B. Rootkits
C. Spyware
D. Worms
n
133
Which of the following malware types typically disguises itself within another piece of software, requires user interaction, and does not execute on a specific date?
A. Logic Bomb
B. Trojan
C. Worm
D. Botnet
n
134
Which of the following is MOST commonly identified as an ARP spoofing attack where no email is sent, and flags within the TCP packet are irrelevant?
A. Xmas attack
B. Spam attack
C. Man-in-the-middle attack
D. DDoS attack
n
135
Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?
A. Whaling
B. Impersonation
C. Privilege escalation
D. Spear phishing
n
136
Which of the following is an attack where Pete spreads USB thumb drives throughout a bank's parking lot in order to have malware installed on the banking systems?
A. Tailgating
B. Replay attack
C. Virus
D. Social engineering
n
137
Which of the following attacks significantly relies on staff members wanting to be helpful and supportive of each other?
A. Spoofing
B. Tailgating
C. Dumpster diving
D. Xmas attack
n
138
Which of the following is an attacker attempting to discover open wireless access points?
A. War driving
B. Packet sniffing
C. War chalking
D. Initialization vector
n
139
Which of the following protocols provides Pete, an administrator, with the HIGHEST level of security for device traps?
A. ICMP
B. SNMPv3
C. SSH
D. IPSec
n
140
Which of the following is designed to serve as a risk mitigation strategy?
A. Personally owned devices
B. Disaster recovery plan
C. Calculate proper ROI
D. Zero day exploits
n
141
Who should be contacted FIRST in the event of a security breach?
A. Forensics analysis team
B. Internal auditors
C. Incident response team
D. Software vendors
n
142
Which process will determine maximum tolerable downtime?
A. Business Continuity Planning
B. Contingency Planning
C. Business Impact Analysis
D. Disaster Recovery Plan
n
143
Which of the following provides the MOST protection against zero day attacks via email attachments?
A. Anti-spam
B. Anti-virus
C. Host-based firewalls
D. Patch management
n
144
Which of the following access controls enforces permissions based on data labeling at specific levels?
A. Mandatory access control
B. Separation of duties access control
C. Discretionary access control
D. Role based access control
n
145
A username provides which of the following?
A. Biometrics
B. Identification
C. Authorization
D. Authentication
n
146
Use of group accounts should be minimized to ensure which of the following?
A. Password security
B. Regular auditing
C. Baseline management
D. Individual accountability
n
147
Privilege creep among long-term employees can be mitigated by which of the following procedures?
A. User permission reviews
B. Mandatory vacations
C. Separation of duties
D. Job function rotation
n
148
In which of the following scenarios is PKI LEAST hardened?
A. The CRL is posted to a publicly accessible location.
B. The recorded time offsets are developed with symmetric keys.
C. A malicious CA certificate is loaded on all the clients.
D. All public keys are accessed by an unauthorized user.
n
149
A database server has been compromised via an unpatched vulnerability. An investigation reveals that an application crashed at the time of the compromise. Unauthorized code appeared to be running, although there were no traces of the code found on the file system. Which of the following attack types has MOST likely occurred?
A. Zero day exploit
B. SQL injection
C. LDAP injection
D. Buffer overflow
n
150
Which of the following would Sara, a security administrator, utilize to actively test security controls within an organization?
A. Penetration test
B. Baselining
C. Code review
D. Vulnerability scan
n
151
Which of the following assessments would Pete, the security administrator, use to actively test that an application's security controls are in place?
A. Code review
B. Penetration test
C. Protocol analyzer
D. Vulnerability scan
n
152
Which of the following would Jane, a security administrator, take advantage of to bypass security controls and gain unauthorized remote access into an organization?
A. Vulnerability scan
B. Dumpster diving
C. Virtualization
D. Penetration test
n
153
Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?
A. Penetration test
B. Code review
C. Vulnerability scan
D. Brute Force scan
n
154
The finance department is growing and needs additional computers to support growth. The department also needs to ensure that their traffic is separated from the rest of the network. Matt, the security administrator, needs to add a new switch to accommodate this growth. Which of the following MUST Matt configure on the switch to ensure proper network separation?
A. Implicit deny
B. VLAN management
C. Access control lists
D. Flood guards
n
155
Pete, the security administrator, wants to ensure that only secure protocols are being used to transfer and copy files. Which of the following protocols should he implement?
A. SMTP
B. SCP
C. FTP
D. HTTPS
n
156
Sara, a security administrator, has recently implemented a policy to ban certain attachments from being sent through the corporate email server. This is an example of trying to mitigate which of the following?
A. SQL injection
B. LDAP injection
C. Cross-site scripting
D. Malicious add-ons
n
157
Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).
```
A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b
```
n
158
In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis?(Select TWO).
```
A. Take hashes
B. Begin the chain of custody paperwork
C. Take screen shots
D. Capture the system image
E. Decompile suspicious files
```
n
159
Which of the following is used to certify intermediate authorities in a large PKI deployment?
A. Root CA
B. Recovery agent
C. Root user
D. Key escrow
n
160
Which of the following components MUST be trusted by all parties in PKI?
A. Key escrow
B. CA
C. Private key
D. Recovery key
n
161
Remote employees login to the network using a device displaying a digital number which changes every five minutes. This is an example of which of the following?
A. Block cipher
B. One-time pad
C. Stream cipher
D. Digital signature
n
162
When checking his webmail, Matt, a user, changes the URL's string of characters and is able to get into another user's inbox. This is an example of which of the following?
A. Header manipulation
B. SQL injection
C. XML injection
D. Session hijacking
n
163
Sara, an employee, unintentionally downloads malware that exploits a known vulnerability. Which of the following needs to be enforced to keep this incident from recurring in the future?
A. Input validation
B. Active pop-up blocker
C. Application hardening and error validation
D. Patch management
n
164
Which of the following is being used when a message is buried within the pixels of an image?
A. Steganography
B. Block cipher
C. Encryption
D. Hashing
n
165
Elliptic curve cryptography: (Select TWO)
A. is used in both symmetric and asymmetric encryption.
B. is used mostly in symmetric encryption.
C. is mostly used in embedded devices.
D. produces higher strength encryption with shorter keys.
E. is mostly used in hashing algorithms.
n
166
Which of the following would an antivirus company use to efficiently capture and analyze new and unknown malicious attacks?
A. Fuzzer
B. IDS
C. Proxy
D. Honeynet
n
167
Which of the following is used to translate a public IP to a private IP?
A. NAT
B. CCMP
C. NAC
D. VLAN
n
168
Why is it important for a penetration tester to have established an agreement with management as to which systems and processes are allowed to be tested?
A. Penetration test results are posted publicly, and some systems tested may contain corporate secrets.
B. Penetration testers always need to have a comprehensive list of servers, operating systems, IP subnets, and department personnel prior to ensure a complete test.
C. Having an agreement allows the penetration tester to look for other systems out of scope and test them for threats against the in-scope systems.
D. Some exploits when tested can crash or corrupt a system causing downtime or data loss.
n
169
An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. Which of the following strategies would the administrator MOST likely implement?
A. Full backups on the weekend and incremental during the week
B. Full backups on the weekend and full backups every day
C. Incremental backups on the weekend and differential backups every day
D. Differential backups on the weekend and full backups every day
n
170
Which of the following can be used in code signing?
A. AES
B. RC4
C. GPG
D. CHAP
n
171
Sara, an administrator, disables the beacon function of an access point. Which of the following is accomplished by this?
A. The AP stops broadcasting radio frequencies.
B. The SSID is not broadcasted by the AP.
C. The AP presence is undetectable by wireless sniffers.
D. Wireless clients are now required to use 2.4 GHz.
n
172
Which of the following can use RC4 for encryption? (Select TWO).
```
A. CHAP
B. SSL
C. WEP
D. AES
E. 3DES
```
n
173
Which of the following defines a business goal for system restoration and acceptable data loss?
A. MTTR
B. MTBF
C. RPO
D. Warm site
n
174
Which of the following defines an organization goal for acceptable downtime during a disaster or other contingency?
A. MTBF
B. MTTR
C. RTO
D. RPO
n
175
Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?
A. CCTV system access
B. Dial-up access
C. Changing environmental controls
D. Ping of death
n
176
An ACL placed on which of the following ports would block IMAP traffic?
A. 110
B. 143
C. 389
D. 465
n
177
Which of the following provides the HIGHEST level of confidentiality on a wireless network?
A. Disabling SSID broadcast
B. MAC filtering
C. WPA2
D. Packet switching
n
178
A new AP has been installed and there are problems with packets being dropped. Which of the following BEST explains the packet loss?
A. EMI
B. XML injection
C. DDoS
D. Botnet
n
179
Which of the following intrusion detection methods may generate an alert when Matt, an employee, accesses a server during non-business hours?
A. Signature
B. Time of Day restrictions
C. Heuristic
D. Behavioral
n
180
Which of the following controls should be used to verify a person in charge of payment processing is not colluding with anyone to pay fraudulent invoices?
A. Least privilege
B. Security policy
C. Mandatory vacations
D. Separation of duties
n
181
Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised?
A. Least privilege
B. Sandboxing
C. Black box
D. Application hardening
n
182
Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?
A. Recovery agent
B. Certificate authority
C. Trust model
D. Key escrow
n
183
Which of the following security methods should be used to ensure mobile devices are not removed by unauthorized users when the owner is away from their desk?
A. Screen lock
B. Biometrics
C. Strong passwords
D. Cable lock
n
184
Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?
A. Single sign on
B. IPv6
C. Secure zone transfers
D. VoIP
n
185
Jane, a network technician, notices that users' Internet homepages have been changed to sites that include malware. Which of the following will change the default homepage for the Internet browser to be the same for all users?
A. Flush the DNS cache
B. Remove workstations from the domain
C. Upgrade the Internet browser
D. Implement group policies
n
186
A security administrator wants to scan an infected workstation to understand how the infection occurred. Which of the following should the security administrator do FIRST before scanning the workstation?
A. Make a complete hard drive image
B. Remove the memory
C. Defragment the hard drive
D. Delete all temporary Internet files
n
187
Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?
A. HIPS
B. Antivirus
C. NIDS
D. ACL
n
188
The lead security engineer has been brought in on a new software development project. The software development team will be deploying a base software version and will make multiple software revisions during the project life cycle. The security engineer on the project is concerned with the ability to roll back software changes that cause bugs and/or security concerns. Which of the following should the security engineer suggest to BEST address this issue?
A. Develop a change management policy incorporating network change control.
B. Develop a change management policy incorporating hardware change control.
C. Develop a change management policy incorporating software change control.
D. Develop a change management policy incorporating oversight of the project lifecycle.
n
189
A new wireless network was installed in an office building where there are other wireless networks. Which of the following can the administrator disable to help limit the discovery of the new network?
A. DHCP
B. Default user account
C. MAC filtering
D. SSID broadcast
n
190
Which of the following anti-malware solutions can be implemented to mitigate the risk of phishing?
A. Host based firewalls
B. Anti-spyware
C. Anti-spam
D. Anti-virus
n
191
Which of the following can be used to mitigate risk if a mobile device is lost?
A. Cable lock
B. Transport encryption
C. Voice encryption
D. Strong passwords
n
192
Implementation of server clustering is an example of which of the following security concepts?
A. Traceability
B. Availability
C. Integrity
D. Confidentiality
n
193
The annual loss expectancy can be calculated by:
A. dividing the annualized rate of return by single loss expectancy.
B. multiplying the annualized rate of return and the single loss expectancy.
C. subtracting the single loss expectancy from the annualized rate of return.
D. adding the single loss expectancy and the annualized rate of return.
n
194
Which of the following datacenter environmental controls must be properly configured to prevent equipment failure from water?
A. Lighting
B. Temperature
C. Humidity
D. Halon fire suppression
n
195
Which of the following should the security administrator do when taking a forensic image of a hard drive?
A. Image the original hard drive, hash the image, and analyze the original hard drive.
B. Copy all the files from the original into a separate hard drive, and hash all the files.
C. Hash the original hard drive, image the original hard drive, and hash the image.
D. Image the original hard drive, hash the original hard drive, and analyze the hash.
n
196
In order to prevent and detect fraud, which of the following should be implemented?
A. Job rotation
B. Risk analysis
C. Incident management
D. Employee evaluations
n
197
A vulnerability scan detects an unpatched application that does not exist on the server. Which of the following is the BEST explanation?
A. File corruption
B. False positive
C. Wrong system was scanned
D. Signature needs to be updated on the tool
n
198
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?
A. HIDS
B. Firewall
C. NIPS
D. Spam filter
n
199
An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:
A. it is being caused by the presence of a rogue access point.
B. it is the beginning of a DDoS attack.
C. the IDS has been compromised.
D. the internal DNS tables have been poisoned.
n
200
Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company's live modem pool. Which of the following activities is MOST appropriate?
A. War dialing
B. War chalking
C. War driving
D. Bluesnarfing
n
201
Mike, a system administrator, anticipating corporate downsizing this coming November writes a malicious program to execute three weeks later if his account is removed. Which of the following attacks is this?
A. Rootkit
B. Virus
C. Logic Bomb
D. Worm
n
202
The Compliance Department implements a policy stating the Security Analyst must only review security changes and the Security Administrator will implement the changes. This is example of which of the following?
A. Job rotation
B. Discretionary access control
C. Trust models
D. Separation of duties
n
203
An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?
A. CRL
B. Non-repudiation
C. Trust models
D. Recovery agents
n
204
Which of the following protocols would be used to verify connectivity between two remote devices at the LOWEST level of the OSI model?
A. DNS
B. SCP
C. SSH
D. ICMP
n
205
Sara, a user, needs to copy a file from a Linux workstation to a Linux server using the MOST secure file transfer method available. Which of the following protocols would she use?
A. SCP
B. FTP
C. SNMP
D. TFTP
n
206
Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?
A. Common access card
B. Role based access control
C. Discretionary access control
D. Mandatory access control
n
207
Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?
A. HIPS
B. NIDS
C. HIDS
D. NIPS
n
208
Matt, the security administrator, notices a large number of alerts on the NIDS. Upon further inspection, it is determined that no attack has really taken place. This is an example of a:
A. false negative.
B. true negative.
C. false positive.
D. true positive.
n
209
Sara, a visitor, plugs her Ethernet cable into an open jack in a wall outlet and is unable to connect to the network. This is MOST likely an example of:
A. port security.
B. implicit deny.
C. flood guards.
D. loop protection.
n
210
Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?
A. Create a VLAN without a default gateway.
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.
n
211
The security principle that is targeted when implementing ACLs is:
A. integrity.
B. availability.
C. confidentiality.
D. responsibility.
n
212
Which of the following is true about two security administrators who are using asymmetric encryption to send encrypted messages to each other?
A. When one encrypts the message with the private key, the other can decrypt it with the private key.
B. When one encrypts the message with the private key, the other can decrypt it with the public key.
C. When one encrypts the message with the public key, the other can use either the public or the private to decrypt it.
D. When one encrypts the message with the public key, the other can decrypt it with the public key.
n
213
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
A. 20
B. 21
C. 22
D. 23
n
214
Which of the following top to bottom sequential firewall rules will allow SSH communication?
```
A. DENY ANY ANY
PERMIT ANY ANY TCP 22
PERMIT ANY ANY UDP 22
B. PERMIT ANY ANY UDP 22
PERMIT ANY ANY TCP 21
DENY ANY ANY
C. PERMIT ANY ANY TCP 23
PERMIT ANY ANY TCP 22
DENY ANY ANY
D. PERMIT ANY ANY TCP 23
DENY ANY ANY
PERMIT ANY ANY TCP 22
```
n
215
A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?
A. Availability
B. Integrity
C. Confidentiality
D. Fire suppression
n
216
Which of the following Data Loss Prevention strategies is used to ensure that unauthorized users cannot access information stored in specified fields?
A. Whole disk encryption
B. Trust models
C. Database encryption
D. Individual file encryption
n
217
Which of the following devices can Sara, an administrator, implement to detect and stop known attacks?
A. Signature-based NIDS
B. Anomaly-based NIDS
C. Signature-based NIPS
D. Anomaly-based NIPS
n
218
Which of the following protocols would be implemented to secure file transfers using SSL?
A. TFTP
B. SCP
C. SFTP
D. FTPS
n
219
Which of the following security concepts are used for data classification and labeling to protect data? (Select TWO).
```
A. Need to know
B. Role based access control
C. Authentication
D. Identification
E. Authorization
```
n
220
Which of the following cryptography concepts describes securing a file during download?
A. Trust model
B. Non-repudiation
C. Transport encryption
D. Key escrow
n
221
Which of the following secure file transfer methods uses port 22 by default?
A. FTPS
B. SFTP
C. SSL
D. S/MIME
B
222
A drawback of utilizing unmonitored proximity badge readers is that they perform:
A. authentication without authorization.
B. authorization with authentication.
C. authorization without authentication.
D. authentication with authorization.
n
223
While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing?
A. EAP-TLS
B. PEAP
C. WEP
D. WPA
n
224
Pete, a security administrator, instructs the networking team to push out security updates for a suite of programs on client workstations. This is an example of which of the following?
A. Cross-site scripting prevention
B. Application configuration baseline
C. Application hardening
D. Application patch management
n
225
Which of the following are used to implement VPNs? (Select TWO).
```
A. SFTP
B. IPSec
C. HTTPS
D. SNMP
E. SSL
```
n
226
A company is concerned about physical laptop theft. Which of the following is the LEAST expensive way to prevent this threat?
A. Bollards
B. Full disk encryption
C. Cable locks
D. Safes
n
227
Creating multiple VLAN’s requires how many devices?
a. Multiple switches
b. A single switch
c. Multiple routers
d. A single router
B
228
Andy’s laptop is connected to the network with both a wired and a wireless connection. What condition might this situation allow?
a. Looping
b. Bridging
c. Redundant connection
d. Dual routing
B
229
Which sort of device does not typically forward broadcasts?
a. Gateways
b. Switches
c. Hubs
d. Routers
D
230
Janet is a new network administrator who is trying to properly configure a new router. She knows that she must enforce the concept of implicit deny. Which command should she include in the ACL?
a. The first item should be deny any any
b. The first item should be drop all packets
c. The last item should be deny any any
d. The last item should be drop all packets
C
231
Which of the following is a private address?
a. 192.168.56.134
b. 172.15.6.89
c. 192.16.0.1
d. 172.32.0.1
A - 192.168
232
Which address translation method uses a one to one mapping of private and public addresses?
a. Dynamic NAT
b. Assigned NAT
c. Static NAT
d. PAT
C
233
Which encryption method is not compatible with NAT?
a. SHA1
b. AES
c. DES
d. IPsec
D
234
Many intrusion detection systems look for known patterns to help detect attacks. What type of intrusion detection is this?
a. Anomaly
b. Behavior
c. Heuristic
d. Signature
D
235
The network for ABC Building Supplies was recently subjected to an intensive DDoS attack. Although the network was protected by state-of-the-art network instruction prevention devices utilizing both signature and anomaly detection the attack went unreported. What is the name for this condition as related to a NIPS?
a. False positive
b. False negative
c. True negative
d. True positive
B
236
A honeypot would be installed on a network to:
a. Prevent intruders from entering the network.
b. Trap intruders so the intruders cannot exit the network.
c. Divert intruders from more vital assets.
d. Warn intruders that their presence has been detected.
C
237
What is the difference between an active NIDS and a NIPS?
a. A NIPS is placed in-line with the traffic
b. Only a NIPS can take action after detection
c. A NIPS can incorporate heuristic detection
d. NIPS are hardware devices while NIDS are software installed on a server
A
238
What bandwidth does 802.11a use?
a. 11 Mbit/s
b. 600 Mbit/s
c. 54 Mbit/s
d. 2.4 Mbit/s
C
239
Which protocol was used to overcome the security deficiencies of WEP?
a. TKIP
b. CCMP
c. RC4
d. WPA2
A
240
Theo is considering the pros and cons of using WPA2 in personal or enterprise mode. Of the following what is the primary difference?
a. Personal mode uses an 802.1X sever
b. Enterprise mode requires a pre-shared key
c. Enterprise mode allows strong authentication
d. Personal mode is usually associated with a RADIUS server
C
241
Which authentication method uses TLS?
a. PEAP
b. EAP
c. LEAP
d. TEAP
A
242
Of the following which would provide for the most security on a wireless network?
a. Disabling the SSID broadcast
b. Enabling a MAC filter
c. Requiring WEP encryption
d. Changing the default SSID
C
243
Which tunneling method uses IPsec for encryption?
a. PPTP
b. SSTP
c. IKE
d. L2TP
D
244
A chip on the motherboard used for disk encryption is called what?
a. Trusted Platform Module (TPM)
b. BitLocker
c. Hardware Security Module (HSM)
d. TrueCrypt
A
245
What is the service which allows organizations to limit their hardware footprint and personnel costs by renting access to hardware?
a. Infrastructure as a Service (IaaS)
b. System as a Service (SaaS)
c. Platform as a Service (PaaS)
d. Equipment as a Service (EaaS)
A
246
A piece of code that appears to do something useful while performing a harmful and unexpected function, like stealing passwords, is a:
a. Virus
b. Logic bomb
c. Worm
d. Trojan horse
D
247
Which type of malware requires a host file?
a. Virus
b. Logic bomb
c. Worm
d. Rootkit
A
248
Which type of malware uses hooked processes, or hooking techniques to intercept calls to the operating system?
a. Virus
b. Logic bomb
c. Worm
d. Rootkit
D
249
Which type of attack uses the phone system to trick users into giving up personal and financial information?
a. Phishing
b. Spear Phishing
c. Vishing
d. Whaling
C
250
Logic bombs differ from worms in that:
a. Logic bombs cannot be sent through email.
b. Logic bombs cannot spread from computer to computer.
c. Logic bombs always contain a Trojan component.
d. Logic bombs usually have a date or time component
D
251
A periodic security audit of group policy can:
a. Show that data is being correctly backed up.
b. Show that PII data is being properly protected.
c. Show that virus definitions are up to date on all workstations.
d. Show that unnecessary services are blocked on workstations.
D
252
```
List the Ports:
File Transfer (Default Data)
File Transfer Control
Secure Shell/SCP/SFTP
Telnet
Simple Mail Transfer
TACACS+
Domain Name Server
DHCP Server
TFTP
HTTP
Kerberos
POP3
IMAP4
SNMP
LDAP
HTTPS
IKE (IPSec)
LDAP over SSL/TLS
FTPS
SQL Server
L2TP
PPTP
RADIUS authorization
Bit Torrent (P2P)
```
```
TCP Port UDP Port
20
21
22
23
25
49 49
53 53
67
69
80
88 88
110
143
161
389 389
443
500 500
636 636
989-990
1433
1701
1723 1723
1812 1812
6881-6889
```
253
File Transfer (Default Data) Port:
TCP Port 20
254
File Transfer Control Port
TCP Port 21
255
Secure Shell/SCP/SFTP Port
TCP Port 22
256
Telnet Port
TCP Port 23
257
Simple Mail Transfer Port
TCP Port 25
258
TACACS+ Port
TCP Port 49
| UDP Port 49
259
Domain Name Server Port
TCP Port 53
| UDP Port 53
260
DHCP Server Port
UDP Port 67
261
TFTP Port
UDP Port 69
262
HTTP Port
TCP Port 80
263
Kerberos Port
TCP Port 88
| UDP Port 88
264
POP3 Port
TCP Port 110
265
IMAP4 Port
TCP Port 143
266
SNMP Port
TCP Port 161
267
LDAP Port
TCP Port 389
| UDP Port 389
268
HTTPS Port
TCP Port 443
269
IKE (IPSec) Port
TCP Port 500
| UDP Port 500
270
LDAP over SSL/TLS Port
TCP Port 636
| UDP Port 636
271
FTPS Port
TCP Port 989-990
272
SQL Server Port
TCP Port 1433
273
L2TP Port
UDP Port 1701
274
PPTP Port
TCP Port 1723
| UDP Port 1723
275
RADIUS authorization Port
TCP Port 1812
| UDP Port 1812
276
Bit Torrent (P2P) Port
TCP Port 6881-6889
277
Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?
A. Man-in-the-middle
B. Bluejacking
C. Bluesnarfing
D. Packet sniffing
n
278
Matt, a security administrator, is receiving reports about several SQL injections and buffer overflows through his company's website. Which of the following would reduce the amount of these attack types?
A. Antivirus
B. Anti-spam
C. Input validation
D. Host based firewalls
n
279
A new server image is being created and Sara, the security administrator, would like a baseline created for the servers. Which of the following needs to be taken into account for the baseline?
A. Disabling all unnecessary services
B. Enabling all default accounts
C. Disabling all accounts
D. Enabling all default services
n
280
Pete, a person who appears to be from a delivery company, is holding a stack of boxes. He requests that the door be held open as he enters the office. Which of following attacks has MOST likely taken place? (Select TWO).
```
A. Impersonation
B. Vishing
C. Shoulder surfing
D. Tailgating
E. Whaling
```
n
281
The Chief Information Officer (CIO) is concerned that passwords may be written down and posted in plain sight. Which of the following would BEST mitigate this risk?
A. Password expiration policy
B. Clean desk policy
C. Enforce greater password complexity
D. Acceptable use policy
n
282
Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).
```
A. Private hash
B. Recovery agent
C. Public key
D. Key escrow
E. CRL
```
n
283
A company is concerned about proprietary information leaving the network via email. Which of the following is the BEST solution to remediate the risk?
A. Block port 25 on the network
B. Deploy a firewall on the e-mail server
C. Filter incoming traffic
D. Filter outgoing traffic
n
284
Several departments within a company have a business need to send high volumes of confidential information to customers via email. Which of the following is the BEST solution to mitigate unintentional exposure of confidential information?
A. Employ encryption on all outbound emails containing confidential information.
B. Employ exact data matching and prevent inbound emails with Data Loss Prevention.
C. Employ hashing on all outbound emails containing confidential information.
D. Employ exact data matching and encrypt inbound e-mails with Data Loss Prevention.
n
285
A company had decided to assign employees laptops instead of desktops to mitigate the risk of company closures due to disasters. Which of the following is the company trying to ensure?
A. Succession planning
B. Fault tolerance
C. Continuity of operations
D. Removing single points of failure
n
286
Sara, a security administrator, has implemented outbound email filtering. Which of the following would this MOST likely protect Sara's company from?
A. Data loss
B. Phishing
C. SPAM solicitation
D. Distributed denial of service attacks
n
287
Pete, the security administrator, wants to ensure that traffic to the corporate intranet is secure using HTTPS. He configures the firewall to deny traffic to port 80. Now users cannot connect to the intranet even through HTTPS. Which of the following is MOST likely causing the issue?
A. The web server is configured on the firewall's DMZ interface.
B. The VLAN is improperly configured.
C. The firewall's MAC address has not been entered into the filtering list.
D. The firewall executes an implicit deny.
n
288
Sara, the network security administrator, wants to separate Finance department traffic from the rest of the company. The company uses the following IP addresses:
Servers and switches: 192.168.1.1 - 192.168.1.40
Users: 192.168.1.70 - 192.168.1.110
Finance Users: 192.168.1.200 - 192.168.1.250
Which of the following would BEST meet Sara's goal?
A. Separate Gateways and Subnet mask of 255.255.255.254
B. VLAN and Subnet mask of 255.255.255.252
C. QoS and Subnet mask of 255.255.255.254
D. SwitchPort Security and a Subnet mask of 255.255.255.252
n
289
Which of the following ports are used for secure SNMP and FTPS by default? (Select TWO).
```
A. 21
B. 22
C. 123
D. 161
E. 443
F. 8080
```
n
290
Which of the following wireless security algorithms is vulnerable to dictionary attacks when weak passwords are used?
A. LEAP
B. EAP-TLS
C. PEAP
D. EAP-FAST
n
291
Power and data cables from the network center travel through the building's boiler room. Which of the following should be used to prevent data emanation?
A. Video monitoring
B. EMI shielding
C. Plenum CAT6 UTP
D. Fire suppression
n
292
Mike, a user, receives an email from his grandmother stating that she is in another country and needs money. The email address belongs to his grandmother. Which of the following attacks is this?
A. Man-in-the-middle
B. Spoofing
C. Relaying
D. Pharming
n
293
Sara, a user, receives several unwanted instant messages. Which of the following types of attacks is this?
A. Phishing
B. Vishing
C. Spam
D. Spim
n
294
Sara, a security administrator, has changed access point signal strength and antenna placement to help prevent which of the following wireless attacks?
A. Evil twin
B. War driving
C. Bluesnarfing
D. IV attack
n
295
Which of the following ports is MOST likely using a secure protocol, by default?
A. 21
B. 80
C. 110
D. 443
n
296
Which of the following network ports is MOST likely associated with HTTPS, by default?
A. 53
B. 80
C. 123
D. 443
n
297
Which of the following allows Mike, a security technician, to view network traffic for analysis?
A. Spam filter
B. Sniffer
C. Router
D. Switch
n
298
Which of the following should Matt, a security technician, apply to the network for loop protection?
A. Spanning tree
B. Log analysis
C. Implicit deny
D. Load balancers
n
299
Which of the following network administration principles is MOST closely associated with firewall ACLs?
A. Log analysis
B. Port address translation
C. Implicit deny
D. Stateful inspection
n
300
Which of the following protocols can be used to secure traffic for telecommuters?
A. WPA
B. IPSec
C. ICMP
D. SMTP
n
301
Which of the following should Sara, a security technician, use to reduce the possibility of an attacker discovering the company's wireless network?
A. Disable SSID broadcast
B. Implement TKIP
C. Apply MAC filtering
D. Upgrade WEP to WPA
n
302
Which of the following is a management control?
A. Logon banners
B. Written security policy
C. SYN attack prevention
D. Access Control List (ACL)
n
303
Which of the following risk concepts BEST supports the identification of fraud?
A. Risk transference
B. Management controls
C. Mandatory vacations
D. Risk calculation
n
304
Which of the following incident response aspects allows Pete, the security technician, to identify who caused a Distributed Denial of Service (DDoS) attack?
A. Network logs
B. Live system image
C. Record time offset
D. Screenshots
n
305
Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?
A. Restoration and recovery strategies
B. Deterrent strategies
C. Containment strategies
D. Detection strategies
n
306
Which of the following must Mike, a user, implement if he wants to send a secret message to Jane, a coworker, by embedding it within an image?
A. Transport encryption
B. Steganography
C. Hashing
D. Digital signature
n
307
In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?
A. Three factor
B. Single factor
C. Two factor
D. Four factor
n
308
Which of the following must Jane, a security administrator, implement to ensure all wired ports are authenticated before a user is allowed onto the network?
A. Intrusion prevention system
B. Web security gateway
C. Network access control
D. IP access control lists
n
309
Mike, a server engineer, has received four new servers and must place them in a rack in the datacenter. Which of the following is considered best practice?
A. All servers' air exhaust toward the cold aisle.
B. All servers' air intake toward the cold aisle.
C. Alternate servers' air intake toward the cold and hot aisle.
D. Servers' air intake must be parallel to the cold/hot aisles.
n
310
Mike, a security analyst, has captured a packet with the following payload: GET ../../../../system32\/cmd.exe. Which of the following is this an example of?
A. SQL injection
B. Directory traversal
C. XML injection
D. Buffer overflow
n
311
Sara, the security administrator, needs to open ports on the firewall to allow for secure data transfer. Which of the following TCP ports would allow for secure transfer of files by default?
A. 21
B. 22
C. 23
D. 25
n
312
Which of the following technologies would allow for a secure tunneled connection from one site to another? (Select TWO).
```
A. SFTP
B. IPSec
C. SSH
D. HTTPS
E. ICMP
```
n
313
Which of the following sets numerous flag fields in a TCP packet?
A. XMAS
B. DNS poisoning
C. SYN flood
D. ARP poisoning
n
314
Which of the following devices is MOST commonly used to create a VLAN?
A. Hub
B. Router
C. Firewall
D. Switch
n
315
Which of the following network design elements provides for a one-to-one relationship between an internal network address and an external network address?
A. NAT
B. NAC
C. VLAN
D. PAT
n
316
Using proximity card readers instead of the traditional key punch doors would help to mitigate:
A. impersonation.
B. tailgating.
C. dumpster diving.
D. shoulder surfing.
n
317
In planning for a firewall implementation, Pete, a security administrator, needs a tool to help him understand what traffic patterns are normal on his network. Which of the following tools would help Pete determine traffic patterns?
A. Syslog
B. Protocol analyzer
C. Proxy server
D. Firewall
n
318
Jane, a security administrator, has asked her technicians to determine if a certificate is valid. Which of the following should be checked to determine whether or not a certificate has been invalidated?
A. CA
B. CRL
C. PKI
D. CRC
n
319
TKIP uses which of the following encryption ciphers?
A. RC5
B. AES
C. RC4
D. 3DES
n
320
The process of exchanging public keys is BEST explained as which cryptography concept?
A. Symmetric encryption
B. Asymmetric encryption
C. Key escrow
D. Transport encryption
n
321
Which of the following network segments would be BEST suited for installing a honeypot?
A. Management network
B. Internal network
C. External network
D. DMZ network
n
322
Jane, a security architect, has noticed significant performance loss with the increase in user-base of her PKI infrastructure. Which of the following could she deploy in order to increase response times?
A. Smart card
B. CAC
C. HSM
D. VPN
n
323
Jane, an administrator, needs to transfer DNS zone files from outside of the corporate network.
Which of the following protocols must be used?
A. TCP
B. ICMP
C. UDP
D. IP
n
324
Common access cards use which of the following authentication models?
A. PKI
B. XTACACS
C. RADIUS
D. TACACS
n
325
Which of the following does a second authentication requirement mitigate when accessing privileged areas of a website, such as password changes or user profile changes?
A. Cross-site scripting
B. Cookie stealing
C. Packet sniffing
D. Transitive access
n
326
Which of the following should Sara, a security technician, educate users about when accessing the company wireless network?
A. IV attacks
B. Vishing
C. Rogue access points
D. Hoaxes
n
327
Pete, a security technician, has implemented data loss prevention on a company laptop. Which of the following does this protect against?
A. Connecting the company laptop to external data networks
B. Use of USB drives for legitimate operational purposes
C. Use of unencrypted USB drives for gray box testing
D. Removal of company information without authorization
n
328
Sara, an IT security technician, needs to be able to identify who is in possession of a stolen laptop.
Which of the following BEST addresses her need?
A. Remote sanitization
B. Remote wipe
C. GPS tracking
D. Traceroute
n
329
Which of the following will allow Sara, an IT security technician, to effectively identify a zero-day attack on her systems?
A. Anti-malware
B. Antivirus signatures
C. Host software baseline
D. Virtualization
n
330
Mike, an IT security technician, needs to recommend an authentication mechanism which has a high probability of correctly identifying a user. Which of the following BEST meets this need?
A. Separation of duties
B. Biometrics
C. Passwords
D. Access control list
n
331
Jane receives a spreadsheet via email and double clicks the attachment executing another program inside the spreadsheet. Which of the following types of malware was executed?
A. Spyware
B. Rootkit
C. Trojan
D. Botnet
n
332
Which of the following ports does DNS operate on, by default?
A. 23
B. 53
C. 137
D. 443
n
333
Which of the following is a secure alternate to Telnet?
A. TFTP
B. HTTPS
C. SSH
D. SCP
n
334
Temporary employees are not allowed to work overtime. The information security department must implement a control to enforce this measure. Which of the following measures would BEST enforce this policy?
A. Separation of duties
B. Personal identification card
C. Single sign-on
D. Time of day restrictions
n
335
Sara from IT Governance wants to provide a mathematical probability of an earthquake using facts and figures. Which of the following concepts would achieve this?
A. Qualitative Analysis
B. Impact Analysis
C. Quantitative Analysis
D. SLE divided by the ARO
n
336
A buffer overflow can result in which of the following attack types?
A. DNS poisoning
B. Zero-day
C. Privilege escalation
D. ARP poisoning
n
337
Which of the following is an authentication service that uses UDP as a transport medium?
A. TACACS+
B. LDAP
C. Kerberos
D. RADIUS
n
338
Which of the following is true concerning WEP security?
A. WEP keys are transmitted in plain text.
B. The WEP key initialization process is flawed.
C. The pre-shared WEP keys can be cracked with rainbow tables.
D. WEP uses the weak RC4 cipher.
n
339
Matt, a security administrator, wants to secure VoIP traffic on the internal network from eavesdropping. Which of the following would MOST likely be used?
A. SSL
B. SSH
C. QoS
D. IPSec
n
340
Pete works for a subsidiary company that processes secure transactions for the parent company. Which of the following can be employed to ensure the parent company has access to the subsidiary's encrypted data in an emergency?
A. Trust model
B. Public key infrastructure
C. Symmetrical key encryption
D. Key escrow
n
341
Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).
```
A. Tethering
B. Screen lock PIN
C. Remote wipe
D. Email password
E. GPS tracking
F. Device encryption
```
n
342
Which of the following social engineering attacks is meant for a high-ranking corporate employee?
A. Pharming
B. Whaling
C. Hoax
D. Vishing
n
343
Which of the following is an advantage of using group policy to redirect users' local folders to networked drives in regards to data loss prevention?
A. Sensitive data is not stored on a local computer.
B. Users can track their data for unauthorized revisions.
C. Incremental back-ups are stored locally for easy access.
D. The users are more aware of where their data is stored.
n
344
In the case of laptop theft, which of the following is the BEST action to take to prevent data theft?
A. Use a third-party hard drive encryption product.
B. Install the operating system on a non-default partition letter.
C. Set a BIOS password that must be entered upon system boot.
D. Enforce a strict complex operating system password.
n
345
Pete, a security administrator, has implemented a policy to prevent data loss. Which of the following is the
BEST method of enforcement?
A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.
n
346
Sara, a security administrator, needs to implement the equivalent of a DMZ at the datacenter entrance. Which of the following must she implement?
A. Video surveillance
B. Mantrap
C. Access list
D. Alarm
n
347
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?
A. Vulnerability scanner
B. Honeynet
C. Protocol analyzer
D. Port scanner
n
348
Sara, a senior programmer for an application at a software development company, has also assumed an auditing role within the same company. She will be assessing the security of the application. Which of the following will she be performing?
A. Blue box testing
B. Gray box testing
C. Black box testing
D. White box testing
n
349
Which of the following procedures would be used to mitigate the risk of an internal developer embedding malicious code into a production system?
A. Audit management
B. Mobile device management
C. Incident management
D. Change management
n
350
Mike, a security analyst, is looking to reduce the number of phishing emails received by employees. Which of the following solutions helps prevent this from occurring?
A. HIDS
B. NIDS
C. Antivirus
D. Spam filter
n
351
Which of the following BEST describes a directory traversal attack?
A. A malicious user can insert a known pattern of symbols in a URL to access a file in another section of the directory.
B. A malicious user can change permissions or lock out user access from a webroot directory or
subdirectories.
C. A malicious user can delete a file or directory in the webroot directory or subdirectories.
D. A malicious user can redirect a user to another website across the Internet.
n
352
In her morning review of new vendor patches, Jane has identified an exploit that is marked as critical. Which of the following is the BEST course of action?
A. Jane should wait seven days before testing the patch to ensure that the vendor does not issue an updated version, which would require reapplying the patch.
B. Jane should download the patch and install it to her workstation to test whether it will be able to be applied to all workstations in the environment.
C. Jane should alert the risk management department to document the patch and add it to the next monthly patch deployment cycle.
D. Jane should download the patch to the test network, apply it to affected systems, and evaluate the results on the test systems.
n
353
Matt, a security administrator, has noticed that the website and external systems have been subject to many attack attempts. To verify integrity of the website and critical files, Matt should:
A. require all visitors to the public web home page to create a username and password to view the pages in the website.
B. configure the web application firewall to send a reset packet to the incoming IP from where an attack or scan signature has been detected.
C. create file hashes for website and critical system files, and compare the current file hashes to the baseline at regular time intervals.
D. reboot the web server and database server nightly after the backup has been completed.
n
354
Jane, a security technician, needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should Jane open? (Select TWO).
```
A. TCP 21
B. TCP 23
C. TCP 53
D. UDP 23
E. UDP 53
```
n
355
Pete, a security administrator, is working with Jane, a network administrator, to securely design a network at a new location. The new location will have three departments which should be isolated from each other to maintain confidentiality. Which of the following design elements should Pete implement to meet this goal?
A. VLANs
B. Port security
C. VPNs
D. Flood guards
n
356
Sara, a security administrator, is configuring a new firewall. She has entered statements into the firewall configuration as follows:
Allow all Web traffic
Deny all Telnet traffic
Allow all SSH traffic
Mike, a user on the network, tries unsuccessfully to use RDP to connect to his work computer at home. Which of the following principles BEST explains why Mike's attempt to connect is not successful?
A. Explicit deny
B. Loop protection
C. Implicit deny
D. Implicit permit
n
357
Jane, a security administrator, notices that a program has crashed. Which of the following logs should Jane check?
A. Access log
B. Firewall log
C. Audit log
D. Application log
n
358
A process in which the functionality of an application is tested with some knowledge of the internal mechanisms of the application is known as:
A. white hat testing.
B. black box testing.
C. black hat testing.
D. gray box testing.
n
359
Which of the following passwords is the LEAST complex?
A. MyTrain!45
B. Mytr@in!!
C. MyTr@in12
D. MyTr@in#8
n
360
Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it?
A. Retention of user keys
B. Increased logging on access attempts
C. Retention of user directories and files
D. Access to quarantined files
n
361
Which RAID level is LEAST suitable for disaster recovery plans?
A. 0
B. 1
C. 5
D. 6
n
362
Which of the following security architecture elements also has sniffer functionality? (Select TWO).
```
A. HSM
B. IPS
C. SSL accelerator
D. WAP
E. IDS
```
n
363
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?
A. All users have write access to the directory.
B. Jane has read access to the file.
C. All users have read access to the file.
D. Jane has read access to the directory.
n
364
Sara, an IT security technician, is actively involved in identifying coding issues for her company. Which of the following is an application security technique that she can use to identify unknown weaknesses within the code?
A. Vulnerability scanning
B. Denial of service
C. Fuzzing
D. Port scanning
n
365
Sara, an IT security technician, has identified security weaknesses within her company's code. Which of the following is a common security coding issue?
A. Input validation
B. Application fuzzing
C. Black box testing
D. Vulnerability scanning
n
366
Which of the following is an application security coding problem?
A. Error and exception handling
B. Patch management
C. Application hardening
D. Application fuzzing
n
367
Pete, an IT security technician, needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?
A. Implement IIS hardening by restricting service accounts.
B. Implement database hardening by applying vendor guidelines.
C. Implement perimeter firewall rules to restrict access.
D. Implement OS hardening by applying GPOs.
n
368
Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?
A. Hard drive encryption
B. Infrastructure as a service
C. Software based encryption
D. Data loss prevention
n
369
Jane, an IT security technician, receives a call from the vulnerability assessment team informing her that port 1337 is open on a user's workstation. Which of the following BEST describes this type of malware?
A. Logic bomb
B. Spyware
C. Backdoor
D. Adware
n
370
Which of the following is based on asymmetric keys?
A. CRLs
B. Recovery agent
C. PKI
D. Registration
n
371
Which of the following is BEST described as a notification control, which is supported by other identification controls?
A. Fencing
B. Access list
C. Guards
D. Alarm
n
372
Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?
A. Certification authority
B. Key escrow
C. Certificate revocation list
D. Registration authority
n
373
Which of the following BEST describes the weakness in WEP encryption?
A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.
C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.
n
374
Which of the following is used to ensure message integrity during a TLS transmission?
A. RIPEMD
B. RSA
C. AES
D. HMAC
n
375
Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?
A. Accept the risk saving $10,000.
B. Ignore the risk saving $5,000.
C. Mitigate the risk saving $10,000.
D. Transfer the risk saving $5,000.
n
376
A company has asked Pete, a penetration tester, to test their corporate network. Pete was provided with all of the server names, configurations, and corporate IP addresses. Pete was then instructed to stay off of the Accounting subnet as well as the company web server in the DMZ. Pete was told that social engineering was not in the test scope as well. Which of the following BEST describes this penetration test?
A. Gray box
B. Black box
C. White box
D. Blue box
n
377
Which of the following keys is contained in a digital certificate?
a. Public key
b. Private key
c. Hashing key
d. Session key
A
378
Message authentication codes are used to provide which service?
a. Integrity
b. Fault recovery
c. Key recovery
d. Acknowledgement
A
379
Asymmetric cryptography ensures that:
a. Encryption and authentication can take place without sharing private keys
b. Encryption of the secret key is performed with the fastest algorithm available
c. Encryption occurs only when both parties have been authenticated
d. Encryption factoring is limited to the session key Gateways
A
380
What type of security process allows others to verify the originator of an e-mail message?
a. Authentication
b. Integrity
c. Non-repudiation
d. Confidentiality
A
381
During the digital signature process, asymmetric cryptography satisfies what security requirement?
a. Confidentiality
b. Access control
c. Data integrity
d. Authentication
D
382
One factor that influences the lifespan of a public key certificate and its associated keys is the:
a. Value of the information it is used to protect
b. Cost and management fees
c. Length of the asymmetric hash
d. Data available openly on the cryptographic system
A
383
IDEA, Blowfish, RC5 and CAST-128 are encryption algorithms of which type?
a. Symmetric
b. Asymmetric
c. Hashing
d. Elliptic curve
A
384
The standard encryption algorithm based on Rijndael is known as:
a. AES
b. 3DES
c. DES
d. Skipjack
A
385
What are the three characteristics of a hash?
a. Reversible, unique, fixed length
b. Non-reversible, variable, fixed length
c. Non-reversible, unique, multiple lengths
d. Non-reversible, unique, fixed length
D
386
What is the difference between SHA1 and HMAC-SHA1?
a. HMAC-SHA1 encrypts the hash
b. HMAC-SHA1 creates a 160 bit hash
c. HMAC-SHA1 uses a shared secret key
d. HMAC-SHA1 uses an asymmetric key
C
387
Which hashing method divides passwords into two seven-character blocks?
a. NTLMv2
b. NTLMv1
c. LANMAN
d. RIPEMD
C
388
Which encryption protocol is the fastest?
a. DES
b. AES
c. ECC
d. RC4
D
389
Which encryption protocol is considered to be the most efficient?
a. RSA
b. El Gamal
c. Diffie-Hellman
d. ECC
D
390
Jill checked the box in Outlook to sign a message to John. What type of key did her system use in the signature process?
a. Jill’s public key
b. Jill’s private key
c. John’s public key
d. John’s private key
B
391
After signing the message to John, Jill decides to encrypt it also. What key is used first in this process?
a. Jill’s public key
b. Jill’s private key
c. John’s public key
d. John’s private key
C
392
A CRL query that receives a response in near real time:
a. Indicates that high availability equipment is used
b .Implies that a fault tolerant database is being used
c. Does not guarantee that fresh data is being returned
d. Indicates that the CA is providing near real time updates
C
393
Which device can best help protect against an attacker taking advantage of the TCP three way handshake?
a. Proxy server
b. NIDS
c. Firewall
d. Flood Guard
D
394
The Spacely Sprocket corporate network was recently overwhelmed by a DDoS attack. Bruce, the new network administrator, was told by the investigators that they had been the victim of a Smurf attack. They determined that the attack packets were using ICMP and the source address was spoofed. What type of network traffic consumed the company’s bandwidth ?
a. Malformed packets
b. Poisoned ARP requests
c. Multiplexed packets
d. Broadcast packets
D
395
What security process can help prevent man-in-the-middle attacks?
a. Time stamped tickets
b. Input validation
c. Mutual authentication
d. Encrypted hashes
C
396
What security process can help prevent replay attacks?
a. Time stamped tickets
b. Input validation
c. Mutual authentication
d. Encrypted hashes
A
397
NOOP sleds are associated with what sort of attack?
a. Buffer overflow
b. Cross site scripting
c. SQL injection
d. Cross site request forgery
A
398
A type of testing uses a computer program to send random data to an application. In some cases, the random data can actually crash the program or provide unexpected results indicating a vulnerability. Security professionals use this to test systems for vulnerabilities they can correct while attackers use it to identify vulnerabilities they can exploit. What is the common name for this type of test?
a. Input spraying
b. Randomizing
c. Fuzzing
d. Garbage attack
C
399
Transitive attacks take advantage of what?
a. Unilateral connections
b. Lack of security updates
c. Weak authentication
d. Trust
D
400
What attack allows an attacker to redirect users to a malicious website and steal cookies?
a. Patch
b. Cross-site request forgery (XSRF)
c. Cross-site scripting
d. Quick fix
C
401
How can SMTP open relays best be prevented?
a. Changing the default port
b. Requiring authentication
c. Hashing the SMTP password
d. Using IMAP rather than POP
B
