Practice Exam 2

Question 1

The most common form of authentication factor is a __________.

A. Password

B. Fingerprint

C. Smartcard

D. Token

Answer 1

A. Password

A password is the most common form of authentication. Fingerprints, smartcards, and tokens are widely used, but they aren’t the most widely used forms of authentication.

Question 2

You’ve just received an email message that describes a new malicious code threat that’s ravaging the Internet. The message contains detailed information about the threat, describes the damage it can inflict, and provides instructions on how to remove it from your system. The message states that you can easily detect whether you’ve already been a victim of this threat by checking for the presence of three files in the \Windows\System32 folder. As a countermeasure, the message instructs you to delete these three files from your system to prevent further spread of the threat. What should your first action be, based on this message?

A. Locate and delete the identified files.

B. Perform a system backup.

C. Inform your network administrator.

D. Send the message to others in the office.

Answer 2

C. Inform your network administrator.

The best first response to a hoax message such as this is to inform your network administrator. Performing a system backup isn’t a bad idea, just not the best choice for your first response. Don’t follow the instructions or send the message to others.

Question 3

Which of the following is not true of a NoSQL DBMS?

A. NoSQL uses a nonrelational database structure, such as hierarchical or multilevel nesting/referencing.

B. NoSQL cannot support Structured Query Language expressions.

C. NoSQL is well suited for managing extremely large collections of data.

D. NoSQL solutions typically do not support ACID.

Answer 3

B. NoSQL cannot support Structured Query Language expressions.

Some NoSQL DBMS systems support SQL expressions.

Question 4

Which of the following represents the most secure system from a best practices perspective?

A. Removing all unneeded services and protocols

B. Using a new operating system right out of the box

C. Installing every available optional component

D. Using a firewall to provide boundary protection

Answer 4

A. Removing all unneeded services and protocols

The best solution is to remove all unneeded services and protocols. Using an operating system right out of the box and installing all components is never considered a secure option. Adding a firewall to a locked-down system is a security improvement but not a valid replacement for first removing things that aren’t needed on the server.

Question 5

The technology used to prevent EMI from entering or leaving a specific room is known as __________.

A. Padded cell

B. TEMPEST

C. Site surveys

D. Directory service

Answer 5

B. TEMPEST

TEMPEST is the technology used to prevent EMI (electromagnetic interference) from entering or leaving a specific room. A padded cell is used to delay an intruder with a fake environment while that person’s activities are logged. Site surveys are used to detect where the signal from a wireless access point can be detected. A directory service is a searchable index of network resources.

Question 6

Why is Internet email so vulnerable to attack?

A. It uses IP addresses to route messages.

B. Anyone can use email.

C. It requires adherence to standards.

D. It’s often sent using SMTP in clear form.

Answer 6

D. It’s often sent using SMTP in clear form.

Email is vulnerable to attack because it often uses SMTP (Simple Mail Transfer Protocol) and sends messages in clear form. Email’s use of IP addresses via the domain names found in email addresses, the fact that anyone can use email, and the fact that it requires adherence to standards doesn’t make email any more vulnerable than any other form of TCP/IP application.

Question 7

The form of password attack that attempts to process every possible combination to discover passwords stored in an accounts database is known as what?

A. Dictionary attack

B. Brute-force attack

C. Birthday attack

D. Mathematical attack

Answer 7

B. Brute-force attack

A brute-force password attack attempts to process every possible combination to discover passwords stored in an accounts database. A dictionary attack is similar but uses a predefined set or list of passwords rather than every possible combination. A birthday attack (reverse hash matching) is a process most password attacks use, but it doesn’t imply that all possible password combinations are tried. A mathematical attack attempts to exploit the algorithm of a cryptography solution; it’s usually not associated with password attacks.

Question 8

What is the most crucial part of enabling an investigator to reconstruct the correct order of criminal events from all the records and data collected from a crime scene during a forensic investigation?

A. Take hashes of collected data

B. Make notes of each task performed

C. Record time offset

D. Send out legal hold letters

Answer 8

C. Record time offset

As an event is recorded into a log file, it is encoded with a time stamp. The time stamp is pulled from the clock on the local device where the log file is written or sent with the event from the originating device if remote logging is performed. However, it is all too common for the clocks of the devices and computers in a network to be out of time sync to some degree. Recording the time offset is taking note of the difference between the device clock and the standard; it is used to adjust the time of log entries in order to sync events and activities across multiple network devices. Management of log times is essential for the chronological reconstruction of attack or compromise events.

Question 9

What form of network segmentation should be used to prevent all cross-communication between devices?

A. Airgap

B. VLAN

C. Subnets

D. Virtualization

Answer 9

A. Airgap

Physical segmentation is when no links are established between networks. This is also known as an airgap. If there are no cables and no wireless connections between two networks, then a physical network segregation, segmentation, or isolation has been achieved. This is the most reliable means of prohibiting unwanted transfer of data.

Question 10

What form of recovery site requires the least amount of downtime before mission-critical business operations can resume?

A. Cold

B. Warm

C. Hot

D. Offsite

Answer 10

C. Hot

A hot site requires the least amount of downtime before mission-critical business operations can resume, because it is a real-time mirror of the primary site.

Question 11

In a MAC environment, when a user has clearance for assets but is still unable to access those assets, what other security feature is in force?

A. Principle of least privilege

B. Need to know

C. Privacy

D. Service-level agreement

Answer 11

B. Need to know

Need to know is the MAC environment’s granular access control method. The principle of least privilege is the DAC environment’s concept of granular access control. Privacy and SLAs aren’t forms of access control.

Question 12

Sensitivity labels are used by which form of access control?

A. DAC

B. MAC

C. RBAC

D. TBAC

Answer 12

B. MAC

MAC (media/mandatory access control) uses sensitivity labels. DAC (discretionary access control) uses identity. RBAC (role-based access control) uses job descriptions. TBAC (task-based access control) uses work tasks.

Question 13

The purpose of a replay attack is ___________.

A. Intercepting encrypted data

B. Preventing a server from responding to legitimate resource requests

C. Discovering passwords

D. Gaining access to resources based on a user’s credentials

Answer 13

D. Gaining access to resources based on a user’s credentials

The purpose of a replay attack is to gain access to resources based on a user’s credentials. A replay attack isn’t used to intercept encrypted data, prevent a server from responding to legitimate resource requests, or discover passwords.

Question 14

Which of the following is not an example of symmetric cryptography?

A. AES

B. Blowfish

C. CAST-128

D. RSA

Answer 14

D. RSA

RSA is asymmetric. AES, Blowfish, and CAST-128 are symmetric.

Question 15

Which of the following is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentlemen’s handshake (neither of which is typically written down), and can be called a “letter of intent”?

A. MOU

B. ISA

C. SLA

D. BPA

Answer 15

A. MOU

An MOU (memorandum of understanding) is an expression of agreement or aligned intent, will, or purpose between two entities. An MOU is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentlemen’s handshake (neither of which is typically written down). An MOU can also be called a “letter of intent.”

Question 16

Which of the following is not considered a secure coding technique?

A. Using immutable systems

B. Using stored procedures

C. Code signing

D. Server-side validation

Answer 16

A. Using immutable systems

Programmers need to adopt secure coding practices, security experts need to train programmers, and security auditors need to monitor code throughout development for proper security elements.

Question 17

Certificates have what single purpose?

A. Proving identity

B. Proving quality

C. Providing encryption security

D. Exchanging encryption keys

Answer 17

A. Proving identity

Certificates have the single purpose of proving identity. They don’t prove quality or provide encryption security, and they aren’t used to exchange encryption keys.

Question 18

When a vendor releases a patch, which of the following is the most important?

A. Installing the patch immediately

B. Setting up automatic patch installation

C. Allowing users to apply patches

D. Testing the patch before implementation

Answer 18

D. Testing the patch before implementation

It is most important to test patches before installing them onto production systems. Otherwise, business tasks can be interrupted if the patch does not perform as expected. Never rush to install a patch if that means skipping testing. Do not automatically roll out patches; be sure to test them first. Do not give users the power to install patches; this should be managed by administrators.

Question 19

In order to prevent any one administrator from taking full control over a cryptography system or performing fraud, which of the following solutions should not be implemented?

A. M of N control

B. Job rotation

C. Multiple key pairs

D. Separation of duties

Answer 19

B. Job rotation

Job rotation isn’t appropriate in this situation since it trains a single person to perform all administrative tasks and therefore provides each person with the ability to overrun the entire system. M of N controls, multiple key pairs, and separation of duties should be used to prevent a single person from compromising the entire system.

Question 20

Why should generic, anonymous, or group accounts be prohibited?

A. No support for multifactor authentication

B. Not supported by LDAP

C. Inability to hold individuals accountable

D. Requires the use of a TPM

Answer 20

C. Inability to hold individuals accountable

Generic account prohibition is the rule that no generic or shared or anonymous accounts should be allowed in private networks or on any system where security is important. Only with unique accounts per subject is it possible to track the activities of individuals and be able to hold them accountable for their actions and any violations of company policy or the law.

Question 21

Which of the following is a form of web security that encrypts web sessions for modern web servers and browsers?

A. SSH

B. S-HTTP

C. TLS

D. IPSec

Answer 21

C. TLS

TLS (Transport Layer Security) is the primary form of security used on modern web servers and browsers to encrypt web sessions. SSH (Secure Shell) and IPSec (Internet Protocol Security) are not directly related to web sessions. S-HTTP (Secure HTTP) is a legacy security protocol that is no longer supported by most web servers and browsers.

Question 22

Which form of penetration testing is able to determine the risk level resulting from a standard employee who becomes dissatisfied with their job?

A. Gray box

B. Vulnerability analysis

C. Black box

D. White box

Answer 22

A. Gray box

Gray-box testing combines the two other approaches to perform an evaluation based on partial knowledge of the target environment. The results are a security evaluation from the perspective of a disgruntled employee. An employee has some knowledge of the organization and its security and has some level of physical and logical access.

Question 23

When a cryptography solution uses keys that are easily guessed due to their short length, this allows for a form of attack known as ___________.

A. Eavesdropping attack

B. Birthday attack

C. Social engineering attack

D. Spoofing attack

Answer 23

B. Birthday attack

When a cryptography solution uses keys that are short, this allows for a form of attack known as a birthday attack. Eavesdropping, social engineering, and spoofing aren’t directly associated with cryptography attacks.

Question 24

What is a cipher suite?

A. A standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication

B. A communication tunnel between two entities across an intermediary network

C. A storage process by which copies of private keys and/or secret keys are retained by a centralized management system

D. A process by which one communication is hidden inside another communication

Answer 24

A. A standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication

A cipher suite a standardized collection of authentication, encryption, and hashing algorithms used to set or define the parameters for a security network communication. A VPN is a communication tunnel between two entities across an intermediary network. Key escrow is a storage process by which copies of private keys and/or secret keys are retained by a centralized management system. Steganography is a process by which one communication is hidden inside another communication.

Question 25

What is the programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer? A. DLL injection B. Pointer dereferencing C. Integer overflow D. Pivot

Answer 25

B. Pointer dereferencing Pointer dereferencing is the programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer.

Question 26

Which of the following is a form of malicious code injection attack where attackers are able to compromise a web server and inject their own malicious code into the content sent to other visitors? A. Cross-site scripting B. Form field manipulation C. Birthday attack D. Spoofing attack

Answer 26

A. Cross-site scripting Cross-site scripting is a form of malicious code injection attack where attackers are able to compromise a web server and inject their own malicious code into the content sent to other visitors. Form field manipulation occurs when an attack changes elements in a web document on the client side before submitting results back to the web server. A birthday attack is associated with hashing. Spoofing is falsifying source information.

Question 27

What form of federation trust should be established between domain entities A and B as well as B and C in order for members of each domain to be able to access the resources of all three of the linked domains? A. One-way nontransitive trusts B. One-way transitive trusts C. Two-way nontransitive trusts D. Two-way transitive trusts

Answer 27

D. Two-way transitive trusts Two-way transitive trusts between domains A and B as well as B and C will link all three domains in such a way that members of any domain can access resources in any other domain.

Question 28

TACACS, a solution similar to RADIUS, is based on what RFC? A. RFC 1918 B. RFC 2828 C. RFC 1492 D. RFC 1087

Answer 28

C. RFC 1492 TACACS (Terminal Access Controller Access Control System) is based on RFC 1492. RFC 1918 defines private IP (Internet Protocol) addresses. RFC 2828 is the Internet security glossary. RFC 1087 is the “ethics and the Internet” document.

Question 29

Certificates operate under the security concept of \_\_\_\_\_\_\_\_\_\_. A. Principle of least privilege B. Trusted third party C. Separation of duties D. Need to know

Answer 29

B. Trusted third party Certificates operate under the security concept of trusted third party. Certificates aren't associated with the principle of least privilege, separation of duties, or need to know.

Question 30

Data is not always stored statically on a storage device. Thus, a range of security mechanisms are needed to provide reasonable protection over a range of events and circumstances. Which of the following is a false statement? A. Data in-transit is data being communicated over a network connection. B. Session encryption should be used to protect data in-transit. C. Storage encryption, such as file encryption or whole-drive encryption, should be used to protect data at-rest. D. Data in-use should be protected against disclosure with hashing.

Answer 30

D. Data in-use should be protected against disclosure with hashing. Hashing is an integrity protecting mechanism, not a protection against disclosure. Data in-use is data being actively processed by an application. Open and active data is only secure if the logical and physical environment is secure. A well-established security baseline and physical access control are needed to provide reasonable protection for data in-use.

Question 31

Which of the following is not an essential element in locking down a server? A. Remove unneeded components. B. Install updates and patches. C. Perform user awareness training. D. Configure the system according to company standards and baselines.

Answer 31

C. Perform user awareness training. User awareness training is an essential part of security, but it isn't directly related to locking down a server. Server lockdown should include removing unneeded components, installing updates and patches, and complying with company standards and baselines.

Question 32

What type of security zone can be positioned so it operates as a buffer network between the secured private network and the Internet and can host publicly accessible services? A. Honeypot B. DMZ C. Extranet D. Intranet

Answer 32

B. DMZ A DMZ (demilitarized zone) is a type of security zone that can be positioned so it operates as a buffer network between the secured private network and the Internet and can host publicly accessible services. A honeypot is a false network used to trap intruders; it isn't used to host public services. An extranet is for limited partner access, not public. An intranet is the private secured network.

Question 33

What certificate format is also a file extension and stores Base64 ASCII-encoded certificate information for server certificates, intermediate certificates, and private keys? A. DER B. PFX C. P7B D. PEM

Answer 33

D. PEM PEM (Privacy-Enhanced Electronic Mail) is a certificate format that uses Base64 (ASCII) to encode the certificate details into a file with a .pem, .crt, .cer, or .key extension. PEM certificate files include “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” statements. PEM can be used to store server certificates, intermediate certificates, and private keys.

Question 34

What is integrated into WPA-2 as a replacement for TKIP and is based on AES? A. CCMP B. IEEE 802.1x C. LEAP D. ECDHE

Answer 34

A. CCMP Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) was created to replace WEP and WPA's TKIP. CCMP is based on AES. It's the preferred standard security protocol of 802.11 wireless networking indicated by 802.11i.

Question 35

You work for a government agency that must control access to the network and its resources using classifications. However, there are an insufficient number of classifications in order to have detailed control over access. What additional element can be added to the existing authorization system to grant granular control over resource access? A. Separation of duties B. DAC C. Need to know D. MAC

Answer 35

C. Need to know MAC isn't a very granular controlled security environment. An improvement to MAC includes the use of need to know, a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they're compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain).

Question 36

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ are devices or applications that generate passwords based on a nonrepeating one-way function, such as a hash or HMAC (hash message authentication code) (i.e., a type of hash that uses a symmetric key in the hashing process) operation. A. SCADA B. CHAP C. HOTP D. FCoE

Answer 36

C. HOTP HOTP (HMAC-based One-time Password) tokens, or asynchronous dynamic password tokens, devices, or applications, generate passwords based on a nonrepeating one-way function, such as a hash or HMAC (hash message authentication code) (i.e., a type of hash that used a symmetric key in the hashing process) operation. Note the TOTP (time base one-time password) is similar, but it generates the one-time use unique code based on a fixed time interval.

Question 37

Which of the following features commonly found on a mobile phone may prevent an unauthorized thief from gaining access to sensitive information? A. Screen lock B. Storage device encryption C. Remote wipe D. GPS tracking

Answer 37

C. Remote wipe A remote wipe may allow you to remove all device contents once the mobile phone is reported missing or stolen. Screen lock is not a true security measure. Storage device encryption is not a common feature of mobile phones. GPS tracking will not prevent access to sensitive information.

Question 38

You are the security manager for a small organization. You have been designing training for all employees to reduce security violations, improve adherence to company policies, and prevent user-caused system compromise. You have included talking points related to avoiding email attachments, discontinuing use of USB drives, and being cautious of odd requests, especially those demanding instant responses and that encourage breaking or bending company rules. However, in spite of these precautionary training measures, there is still concern that workers can be harmed when a social-engineering attacker plants malicious code on a commonly visited location in order to compromise a specific or group of targets. What is this type of attack called? A. Piggybacking B. Hoax C. Watering hole attack D. Vishing

Answer 38

C. Watering hole attack A watering hole attack is a form of targeted attack against a region, a group, or an organization. The attack is performed in three main phases. The first phase is to observe the target's habits. The goal is to discover a common resource, site, or location that one or more members of the target frequent. These locations are considered the watering hole. The second phase is to plant malware on watering hole systems. The third phase is to wait for members of the target to revisit the poisoned watering hole and then bring the infection back into the group.

Question 39

Which of the following describes a community cloud? A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. B. A cloud service within a corporate network and isolated from the Internet. C. A cloud service that is accessible to the general public typically over an Internet connection. D. A cloud service that is partially hosted within an organization for private use and that uses external services to offer recourse to outsiders.

Answer 39

A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. A community cloud is a cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange. A private cloud is a cloud service within a corporate network and isolated from the Internet. A public could is a cloud service that is accessible to the general public typically over an Internet connection. A hybrid cloud is a cloud service that is partially hosted within an organization for private use and that uses external services to offer recourse to outsiders.

Question 40

An organization wants to use a wireless network internally, but they do not want any possibility of external access or detection. What security tool should be used? A. Airgap B. Faraday cage C. Biometric authentication D. Screen filters

Answer 40

B. Faraday cage A Faraday cage is an enclosure that blocks or absorbs electromagnetic fields or signals. Faraday cage containers, computer cases, rack-mount systems, rooms, or even building materials are used to create a blockage against the transmission of data, information, metadata, or other emanations from computers and other electronics. Devices inside a Faraday cage can use EM fields for communications, such as wireless or Bluetooth, but devices outside of the cage will not be able to eavesdrop on the signals of the systems within the cage.

Question 41

As data is transmitted from one system to another across a VPN link, the normal LAN TCP/IP traffic is __________ the VPN protocol. A. Replaced by B. Converted into C. Hashed with D. Encapsulated in

Answer 41

D. Encapsulated in As data is transmitted from one system to another across a VPN (virtual private network) link, the normal LAN (large area network) TCP/IP (Transmission Control Protocol/Internet Protocol) traffic is encapsulated in the VPN protocol.

Question 42

The basis of application server hardening depends primarily on \_\_\_\_\_\_\_\_\_\_. A. The function of the server B. The number of users C. The size of the average resource transmitted D. Local versus remote access

Answer 42

A. The function of the server The basis of application server hardening depends primarily on the function of the server. The number of users, the size of transmissions, and whether users access the server locally or remotely are at best secondary issues.

Question 43

What form of removable media is best suited for backups that are to be used in disaster recovery processes? A. CD B. USB thumb drives C. Flash memory cards D. Tape

Answer 43

D. Tape Tape is the best form of removable media for backups that are to be used in disaster recovery processes. CDs, USB thumb drives, and flash memory cards often don't have sufficient capacity to be suitable for large backups.

Question 44

Which of the following is considered the least secure? A. Out-of-band key exchange B. ECDHE key exchange C. In-band key exchange D. One-time pad-based keys

Answer 44

C. In-band key exchange In-band key exchange is often considered less secure than any other key exchange option because there is greater risk of an eavesdropping or man-in-the-middle attack being able to capture and/or intercept the exchange.

Question 45

Your organization operates a popular website. The user base is growing at a phenomenal rate and there seems to be an increasing need for password recovery. You do not wish to send passwords through email, so what other technique would be effective, can be automated, and will have minimum impact on administrative overhead once implemented? A. Certificate revocation and reissue B. Static default passwords C. Security questions D. Delete existing account; have users re-create an account

Answer 45

C. Security questions A common alternative password recovery method often preferred to that of emailed passwords is asking the user a set of security questions aimed at proving or verifying their identity before providing an interface to change their current password.

Question 46

What is a honeypot used to do? A. Encourage security policy compliance. B. Test the security perimeter of a network. C. Establish a secured communication link across an untrusted network. D. Lure and detain intruders.

Answer 46

D. Lure and detain intruders. A honeypot is used to lure and detain intruders. Awareness training is used to encourage security policy compliance. Penetration testing is used to test the security perimeter of a network. A VPN (virtual private network) is used to establish a secured communication link across an untrusted network.

Question 47

What is an incident? A. Any occurrence that takes place during a certain period of time B. Any person or tool that can take advantage of a vulnerability C. The path or means by which an attack can gain access to a target in order to cause harm D. An event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization's data

Answer 47

D. An event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization's data An incident is an event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization's data. Any occurrence that takes place during a certain period of time is an event. A threat is any person or tool that can take advantage of a vulnerability. A threat vector is the path or means by which an attack can gain access to a target in order to cause harm.

Question 48

Because FTP doesn't offer security, what attack is it vulnerable to? A. Birthday B. Packet sniffing C. Replay D. Social engineering

Answer 48

B. Packet sniffing FTP is vulnerable to packet sniffing attacks. Birthday attacks focus on hashing. Replay attacks focus on encrypted authentication traffic. Social engineering attacks focus on people rather than technology.

Question 49

The best defense against spoofed network traffic is \_\_\_\_\_\_\_\_\_\_\_. A. An ingress filter B. A switch C. A web server D. Kerberos

Answer 49

A. An ingress filter The best defense against spoofed network traffic is an ingress filter. A switch is used to connect individual systems or subnets together. A web server is used to distribute web content. Kerberos is an authentication system. None of these other three items addresses spoofed network traffic.

Question 50

What cryptographic tool can be used to increase the difficulty of hashing and prevent password cracking from being as effective? A. IV B. XOR C. Salt D. Nonce

Answer 50

C. Salt A salt is secret data added to input material prior to the hashing process. Salting hashes makes the process of attaching hashes much more complicated and computationally intensive. Salts are sometimes part of an authentication system, such as on Linux and many websites, but not on Windows. Authentication salts add additional characters to a password just before it is hashed. Salting passwords makes the act of password cracking more difficult for an attacker.

Question 51

A new wireless access point has been installed in your office. You wish to determine what areas of the office receive the strongest and weakest signals as well as whether the access point can be reached from outside of your office. This activity is known as what? A. A site survey B. Penetration testing C. Risk assessment D. Business continuity planning

Answer 51

A. A site survey This activity is known as a site survey. Penetration testing uses cracking tools to test a security perimeter. Risk assessment evaluates the risks of a secured environment. Business continuity planning is used to support business operations when processes are threatened.

Question 52

The act of falsifying data is also known as \_\_\_\_\_\_\_\_\_\_\_. A. Impersonation B. Spoofing C. Social engineering D. Replay

Answer 52

B. Spoofing The act of falsifying data is also known as spoofing. Impersonation is the assumption of another user's identity. Social engineering involves convincing someone to perform a restricted activity or reveal confidential information. Replay attacks occur when authentication traffic is captured and retransmitted.

Question 53

Which of the following is a common example of a host-based IDS that uses signature detection? A. Firewall B. Padded cell C. Virus scanner D. Penetration testing

Answer 53

C. Virus scanner A virus scanner is a common example of a host-based IDS (intrusion detection system) that uses signature detection. Firewalls, padded cells, and penetration testing aren't forms of IDS.

Question 54

By what means can a flaw in WPS be attacked in order for an unauthorized device to be able to connect into an otherwise secure wireless network? A. Use a deauthorization flood B. Operate an evil twin C. Guess the activation PIN D. Perform war chalking

Answer 54

C. Guess the activation PIN WPS (WiFi Protected Setup) is a security standard for wireless networks. It was intended to simply the effort involved in adding new clients to a well-secured wireless network. It operates by auto-connecting the first new wireless client to seek the network once the administrator triggered the feature by pressing the WPS button on the base station. However, the standard also called for a code that could be sent to the base station remotely in order to trigger WPS negotiation without the need to be able to physically press the button on the base station. This led to a brute-force guessing attack that could enable a hacker to guess the WPS code in just hours, which in turned enabled the hacker to connect their own unauthorized system to the wireless network.

Question 55

Which of the following is more closely associated with client-side validation rather than server-side validation? A. Protecting a system against input submitted by a malicious user B. Filtering for known scriptable or malicious content (such as SQL commands or script calls) C. Blocking meta-characters D. Providing better response or feedback to the typical user

Answer 55

D. Providing better response or feedback to the typical user Client-side validation is better suited for providing better response or feedback to the typical user. By contrast, server-side validation is better suited for protecting a system against input submitted by a malicious user, such as filtering for known scriptable or malicious content (such as SQL commands or script calls) and blocking meta-characters.

Question 56

Which of the following describes the operation performed by a file integrity check? A. Encrypting the file with a symmetric key B. Comparing the current hash of a file to the stored/previous hash of a file C. Checking the file size and filename against a directory index D. Using a private key to encrypt a hash of the file

Answer 56

B. Comparing the current hash of a file to the stored/previous hash of a file File integrity checking is the activity of comparing the current hash of a file to the stored/previous hash of a file. The purpose is to detect whether the file has retained its integrity (the hashes match exactly) or it has been changed (the hashes do not match).

Question 57

Which of the following physical control mechanisms will serve to delay an intruder once their presence is detected? A. Mantrap B. Security cameras C. Fencing D. Guard dogs

Answer 57

A. Mantrap A mantrap will delay an intruder once their presence is detected. Security cameras, fencing, and guard dogs aren't guaranteed to delay an intruder to keep them from escaping.

Question 58

Which of the following is not a benefit of SFTP? A. It is interoperable with other FTP solutions. B. It provides logon credential protection. C. It encrypts data traffic. D. It uses SSH to provide security.

Answer 58

A. It is interoperable with other FTP solutions. SFTP (Secure FTP) isn't interoperable with other FTP solutions; only SFTP clients can interact with SFTP servers. SFTP provides logon credential protection, encrypts data traffic, and uses SSH (Secure Shell) to provide security.

Question 59

Which of the following is not a form of asymmetric cryptography? A. RSA B. Diffie-Hellman C. Blowfish D. ElGamal

Answer 59

C. Blowfish Blowfish is symmetric. RSA (Rivest, Shamir, and Adleman), Diffie-Hellman, and ElGamal are asymmetric.

Question 60

What hacker technique can be used over a network connection to discover the identity of services active on a computer system? A. Port scanning B. Banner grabbing C. Sniffing D. ARP poisoning

Answer 60

B. Banner grabbing Banner grabbing may reveal the identity of a service when used against an open port across a network connection. Port scanning is used to determine whether ports are open or closed. Sniffing is used to collect network traffic to reveal the contents of the headers and nonencrypted payloads. ARP (Address Resolution Protocol) poisoning is used to trick a switch into rerouting traffic.

Question 61

You attempt to visit Amazon.com but mistakenly type amazin.com. The website you see is an obvious rip-off of the valid online merchant. What is this situation called? A. Watering hole attack B. Typo squatting C. Rainbow tables D. Spear phishing

Answer 61

B. Typo squatting Typo squatting, or URL hijacking, is a practice employed to capture traffic when a user mistypes the domain name or IP address of an intended resource. A squatter will predict URL typos and then register those domain names to direct traffic to their own site.

Question 62

When CHAP is used for authentication, how are the passwords transmitted from the client to the authentication server? A. In hashed form B. In clear text C. As a ticket D. Encrypted with AES

Answer 62

A. In hashed form CHAP (Challenge Handshake Authentication Protocol) uses MD5 to hash passwords before transmission. PAP (Password Authentication Protocol) sends passwords in the clear. Kerberos uses tickets. AES (Advanced Encryption Standard) is an encryption algorithm that isn't used by CHAP.

Question 63

Which of the following authentication actions is the strongest? A. Three passwords consisting of 50 characters each B. A password, a fingerprint, and a smartcard C. Two biometrics and a token D. A token, a handprint, and an iris scan

Answer 63

B. A password, a fingerprint, and a smartcard Multifactor authentication, which uses different factors, is always stronger than using fewer different factors or multiples of one factor.

Question 64

What type of token device produces new time-derived passwords on a specific time interval that can be used only a single time when attempting to authenticate? A. HOTP B. HMAC C. SAML D. TOTP

Answer 64

D. TOTP The two main types of token devices are TOTP and HOTP. Time-based one-time password (TOTP) tokens or synchronous dynamic password tokens are devices or applications that generate passwords at fixed time intervals, such as every 60 seconds. HMAC-based one-time password (HOTP) tokens or asynchronous dynamic password tokens are devices or applications that generate passwords not based on fixed time intervals but instead based on a nonrepeating one-way function, such as a hash or hash message authentication code (HMAC—a type of hash that uses a symmetric key in the hashing process) operation.

Question 65

The most commonly overlooked aspect of mobile phone eavesdropping is related to \_\_\_\_\_\_\_\_\_. A. Wireless networking B. Storage device encryption C. Overhearing conversations D. Screen locks

Answer 65

C. Overhearing conversations The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networking, storage device encryption, and screen locks.

Question 66

What encryption system is used to protect SFTP? A. SSH B. TLS C. IPSec D. WPA-2

Answer 66

A. SSH Secure FTP (SFTP) is a secured alternative to standard FTP. Standard FTP sends all data, including authentication traffic, in the clear. Thus, there is no confidentiality protection. SFTP encrypts both authentication and data traffic between the client and server by employing SSH to provide secure FTP communications.

Question 67

Cookies pose a risk to \_\_\_\_\_\_\_\_\_\_\_. A. Network infrastructure B. Privacy C. Physical security D. Availability

Answer 67

B. Privacy Cookies pose a risk to privacy. They don't pose a risk to network infrastructure, physical security, or availability.

Question 68

Which of the following is a goal of NAC? A. Reduce social engineering threats B. Map internal private addresses to external public addresses C. Distribute IP address configurations D. Reduce zero-day attacks

Answer 68

D. Reduce zero-day attacks The goals of Network Access Control (NAC) include preventing/reducing zero-day attacks, enforcing security policy throughout the network, and using identities to perform access control.

Question 69

Which type of Bluetooth attack allows an attacker to send messages to a target mobile device that may appear on the screen automatically? A. Bluesnarfing B. Bluesniffing C. Bluesmacking D. Bluejacking

Answer 69

D. Bluejacking Bluejacking involves sending messages to Bluetooth-capable devices without the permission of the owner/user. These messages often appear on a device's screen automatically.

Question 70

Which of the following technologies enables numerous internal clients to access the Internet over a few leased public IP addresses? A. SSL B. L2TP C. SSH D. NAT

Answer 70

D. NAT NAT (network address translation) enables numerous internal clients to access the Internet over a few leased public IP addresses. SSL (Secure Sockets Layer) is a security solution often used on web servers. L2TP (Layer 2 Tunneling Protocol) is a VPN (virtual private network) protocol. SSH (Secure Shell) is a secure replacement for Telnet.

Question 71

What is the size of an SHA-1 hash output? A. 160 bits B. 128 bits C. 192 bits D. 56 bits

Answer 71

A. 160 bits SHA-1’s hash output is 160 bits. MD5, MD4, and MD2 produce 128-bit hash output.

Question 72

Which of the following is not part of the CIA triad? A. Confidentiality B. Integrity C. Availability D. Authentication

Answer 72

D. Authentication Authentication is not part of the CIA triad. The CIA triad consists of confidentiality, integrity, and availability.

Question 73

The basis of a reliable disaster recovery and business continuity plan is \_\_\_\_\_\_\_\_\_\_\_. A. User awareness B. A warm alternate site C. Backups D. Redundant hardware

Answer 73

C. Backups Backups form the basis of a reliable disaster recovery and business continuity plan. User awareness, warm alternate sites, and redundant hardware may improve DRP (disaster recovery planning) and BCP (business continuity planning), but they aren't essential like backups.

Question 74

Kerberos is an example of which of the following security technologies? A. Physical access control B. Monitoring system C. Single sign-on D. Authentication factor

Answer 74

C. Single sign-on Kerberos is an example of a single sign-on security technology. A mantrap is an example of a physical access control device. Auditing is an example of a monitoring system. A password is an example of an authentication factor.

Question 75

Hashing is used for what primary purpose? A. Integrity verification B. Digital envelopes C. Data encryption D. Authentication

Answer 75

A. Integrity verification Hashing is used primarily for integrity verification. Digital envelopes are produced using asymmetric encryption, not hashing. Data encryption is performed using symmetric encryption or asymmetric encryption. Authentication can be provided for by symmetric encryption or asymmetric encryption.

Question 76

When will a certificate authority (CA) be likely to revoke a certificate? A. When the subject profits from the use of the certificate B. When the subject requests a suspension C. When the subject obtains certificates from other CAs D. When the subject changes its verified identity

Answer 76

D. When the subject changes its verified identity A CA will revoke a certificate when the subject's verified identity changes. The CA isn't likely to revoke when the subject profits, at a request for a suspension, or when the subject obtains certificates from other CAs. There are other reasons why a CA may revoke a certificate than those included in this list, such as if the subject requests it.

Question 77

What is the measurement of the amount of data that can be lost during a disaster, as measured in time, which if that level is exceeded, the organization will be unable to return to normal operations? A. RTO B. MTD C. RPO D. MTTR

Answer 77

C. RPO The recovery point objective (RPO) is a measurement of how much loss can be accepted by the organization when a disaster occurs. This acceptable loss is measured in time.

Question 78

Which access control system allows an administrator to choose the level of access to grant to users? A. RBAC B. MAC C. TBAC D. DAC

Answer 78

D. DAC DAC (discretionary access control) is based on the discretion of a user (that is, the administrator). RBAC (role-based access control), MAC (media/mandatory access control), and TBAC (task-based access control) are based on rules: job descriptions, classifications, and work tasks, respectively.

Question 79

\_\_\_\_\_\_\_\_\_\_\_\_ are formal contracts (or at least written documents) that define some form of arrangements where two entities agree to work with each other in some capacity. This could be an agreement between a supplier and customer or between equals. A. Service-level agreements B. Business partners agreements C. Interoperability agreements D. Memorandum of understanding

Answer 79

C. Interoperability agreements Interoperability agreements are formal contracts (or at least written documents) that define some form of arrangements where two entities agree to work with each other in some capacity. This could be an agreement between a supplier and customer or between equals. An SLA is a contract between a supplier and a customer. A BPA is a contract between two entities dictating their business relationship. An MOU is an expression of agreement or aligned intent, will, or purpose between two entities.

Question 80

SSH is considered a secure replacement for \_\_\_\_\_\_\_\_\_\_. A. TFTP B. VPN C. SSL D. Telnet

Answer 80

D. Telnet SSH (Secure Shell) is considered a secure replacement for Telnet. SSH isn't a replacement for TFTP (Trivial File Transfer Protocol). VPN (virtual private network) and SSL (Secure Sockets Layer) are already secure. Additionally, SSH can function as a VPN and can encrypt protocols similar to SSL/TLS. For example, FTP can be SSL/TLS encrypted to become FTPS or SSH encrypted to become SFTP. While SSH may be an alternative to VPNs and SSL, it is not a secure replacement as the typical VPN and SSL are already secured (with the standard caveat that nothing is perfectly secure and many secure concepts have flaws or known exploits).

Question 81

After checking into your hotel room, you attempt to connect to the Internet over the free WiFi network. You are prompted by a hotel logo screen to agree to terms of service and provide both your room number and your last name. Once you complete the request, you are able to access the Internet. What is this procedure known as? A. Captive portal B. Onboarding C. DHCP reservation D. Formal enrollment

Answer 81

A. Captive portal A captive portal is an authentication technique that redirects a newly connected wireless web client to a portal access control page. The portal page may require the user to input payment information, provide logon credentials, or input an access code.

Question 82

What can birthday attacks focus on? A. Asymmetric keys B. Digital certificates C. Hashing D. Encrypted files

Answer 82

C. Hashing Birthday attacks can focus on hashing. Mathematical and social engineering attacks focus on asymmetric keys and encrypted files. Intrusions to certificate authorities (CAs) may be used against digital certificates.

Question 83

What are the four elements in a secure staging deployment environment? A. Authentication, authorization, auditing, and accounting B. Development, test, staging, and production C. Preventive, detective, deterrent, and corrective D. Physical, logical, administrative, and operational

Answer 83

B. Development, test, staging, and production The organization's IT environment must be configured and segmented to properly implement staging. This often requires at least four main network divisions: development, test, staging, and production.

Question 84

What is the primary reason to maintain a password history? A. Monitor account logins B. Force complexity requirements compliance C. Provide for legal investigations D. Prevent password reuse

Answer 84

D. Prevent password reuse Password history is an authentication protection feature that tracks previous passwords (by archiving hashes) in order to prevent password reuse.

Question 85

What is a significant difference between vulnerability scanners and penetration testing? A. One tests both the infrastructure and personnel. B. One tests only internal weaknesses. C. One tests only for configuration errors. D. One is used to find problems before hackers do.

Answer 85

A. One tests both the infrastructure and personnel. The primary difference between vulnerability assessment and penetration testing is that penetration testing tests both the infrastructure and the personnel. Vulnerability assessment is performed by a security administrator using an automated tool that is designed solely to test the configuration of target systems.