Practice Test #1 Flashcards

Question 1

Q

In which order should the following items be conducted?

A) business impact analysis, ALE, risk analysis
B) risk analysis, ALE, business impact analysis
C) ALE, risk analysis, business impact analysis
D) ALE, business analysis, risk analysis

Answer

A

ALE, risk analysis, business impact analysis

ALE, risk analysis, business impact analysis is correct. The ALE is a dollar figure used in quantitative risk analysis to prioritize risks; therefore, it cannot be calculated after a risk analysis. The business impact analysis can occur only after risks have been identified.

Question 2

Q

While you’re on vacation, you want your assistant, Claude, to manage existing user accounts. You grant Claude the ability only to reset user passwords and modify group memberships. Which security principle have you observed?

A) authorization
B) authentication
C) most privilege
D) least privilege

Answer

A

Least privilege

Least privilege is correct. The concept of least privilege states that only needed rights to perform a certain task should be given and no more.

Question 3

Q

You have approved ten new smartphones for your employees. The phones will be used to run web apps specific to your business. The web apps store data on the mobile devices. What can be done to secure these devices? (Choose two.)

A) use mobile device encryption
B) set the appropriate NTFS file permissions
C) enable SSL for web mini-apps
D) use screen locking

Answer

A

-Use mobile device encryption
-use screen locking

Use mobile device encryption and use screen locking are correct. Encrypting saved data on the mobile device will protect the data if the device is compromised, lost, or stolen. A screen lock requires a PIN to use the device, and it’s highly useful to protect the device from unauthorized use.

Question 4

Q

Which type of planning relates to the recovery of a specific system?

A) business impact analysis
B) risk assessment
C) disaster recovery plan
D) communication plan

Answer

A

Disaster Recovery Plan

Disaster recovery plan is correct. A disaster recovery plan provides step-by-step procedures to return a failed system to a functional state in as little time as possible.

Question 5

Q

Which of the following are true regarding virtual machines? (Choose two.)

A) virtual machines must use shared disk storage
B) compromised virtual machines imply a compromised physical host
C) the MAC address for virtual network cards is configurable
D) virtual machine network cards can be configured on their own VLAN

Answer

A

-The MAC address for virtual network cards is configurable
-Virtual machine network cards can be configured on their own VLAN

The MAC address for virtual network cards is configurable and virtual machine network cards can be configured on their own VLAN are correct. The MAC (Media Access Control) address (for example, 00-26-B9-C5-2A-F1) for virtual network cards is configurable. Virtual network cards can be configured with a VLAN ID, which means they can communicate only with other virtual machine network cards configured with the same VLAN ID.

Question 6

Q

Which term best describes computers under the control of a single malicious user?

A) botnet
B) compromised
C) owned
D) zombie

Answer

A

Botnet

Botnet is correct. Botnets are computers running malicious software (each computer is called a zombie) that are under malicious user control.

Question 7

Q

What type of attack targets senior management in an attempt to have them divulge sensitive information?

A) vishing
B) spear-phishing
C) whaling
D) phishing

Answer

A

Whaling

Whaling is correct. Whaling targets high-profile end users such as corporate executives.

Question 8

Q

What type of system would be used for monitoring and notification of real-time data at a manufacturing site?

A) cloud computing
B) virtualization
C) SNMP
D) SCADA

Answer

A

SCADA

SCADA is correct. Supervisory Control and Data Acquisition (SCADA) consists of hardware and software components to acquire data, monitor equipment, and notify of any hazardous conditions that may exist. The data is gathered and manipulated in real time. SCADA is often used in industrial control system (ICS) environments.

Question 9

Q

Your users have home directories on server ALPHA. You have set the security such that users have full control over file permissions in their own home directories. Which term best describes this configuration?

A) role-based access control
B) discretionary access control
C) mandatory access control
D) user account control

Answer

A

Discretionary access control

Discretionary access control is correct. Discretionary access control (DAC) gives the resource owner (the user owns his or her home directory and its contents) control of assigning permissions to that resource.

Question 10

Q

You must harden six Linux servers on a small departmental network. What should you check for? (Choose two.)

A) SSH daemons
B) enabled unneeded daemons
C) linux patches
D) apache daemons

Answer

A

-Enable unneeded daemons
-linux patches

Enabled unneeded daemons and Linux patches are correct. Linux operating systems must be patched to ensure they are secure. Running unnecessary daemons (services) increases the attack surface.

Question 11

Q

Tanya wants to impress her computer science friends by gaining access to a server housed in a nearby central office owned by the local telephone carrier. She begins by researching the local telephone carrier on the Internet. Later that evening, Tanya sifts through the garbage bins on the local telephone carrier’s premises and discovers printed memos and server configuration documentation. Tanya succeeds in gaining access to a local telephone carrier’s server. What led to her success?

A) dumpster diving
B) impersonation
C) shoulder surfing
D) tailgating

Answer

A

Dumpster Diving

Dumpster diving entails digging through discarded items and trash in search of meaningful information such as passcodes, e-mail addresses, server names, network documentation, and so on.

Question 12

Q

When you’re collecting digital evidence, which of the following data types is considered the most volatile and should therefore be captured first?

A) DVD-ROM disk contents
B) RAM contents
C) USB flash drive contents
D) hard disk contents

Answer

A

RAM contents

RAM contents is correct. Because RAM (random access memory) is reliant on electricity, its contents must be captured first because they will be erased when the machine is powered off.

Question 13

Q

An attacker calls the front desk of a branch office and tells the receptionist he is the senior network engineer working on an approaching e-mail server upgrade. He then asks the receptionist for her e-mail password. What type of attack is this?

A) email
B) social engineering
C) telephone
D) on-path

Answer

A

Social Engineering

Social engineering is correct. Social engineering refers to human trickery and is a big problem. Attackers will often study the business, its processes, and its employees so that they can convince victims of their authenticity.

Question 14

Q

You are the IT person for a shipping company, Ace Shipping, Inc. One of Ace Shipping’s warehouses has received a new 802.11b/g/n wireless router. Users at the warehouse use laptops, tablet PCs, and smart phones. You would like to restrict access to the wireless network. Which of the following are true? (Choose two.)

A) tablet PCs have a MAC address
B) smartphones cannot connect to a WLAN
C) tablet PCs cannot connect to a WLAN
D) smartphones have a MAC address

Answer

A

-Tablet PCs have a MAC address
-Smartphones have a MAC address

Tablet PCs have a MAC address and Smart phones have a MAC address are correct. Tablet PCs and smart phones (and laptops) have MAC addresses for their wireless network cards; therefore, MAC address filtering can be used to restrict access to the wireless router.

Question 15

Q

Leslie is projecting timelines to complete various analysis reports. Which list presents the correct order in which each analysis should be performed?

A) threat, vulnerability
B) threat, risk
C) business impact, risk
D) risk, threat

Answer

A

Threat, risk

Threat, risk is correct. Threat analysis identifies how vulnerable a party is to specific threats, the likelihood of those threats occurring, and their impact. Because a risk assessment relies on organizing threats to maximize potential opportunity, it cannot be conducted before a threat assessment.

Question 16

Q

Which type of attack exploits a website’s trust of a user session?

A) cross-site request forgery
B) DoS
C) directory traversal
D) cross-site scripting

Answer

A

Cross-site request forgery

Cross-site request forgery is correct. Cross-site request forgery attacks trusted user sessions to web servers. For example, victims may click an innocent-looking link in an e-mail message that sends unauthorized commands to a web site that the victim is authenticated to use.

Question 17

Q

You are a Linux server administrator. You need to list the last 10 entries in a text-based firewall log file. Which command should you use?

A) Is
B) chmod
C) tail
D) head

Answer

A

Tail

Tail is correct. The tail command by default shows the last 10 lines of a file unless otherwise specified. For example, to view the last 3 lines of a file, you could use this: tail firewalllog.txt –n 3.

Question 18

Q

Scheduled packet capturing occurs on your network daily from 15:00 to 17:00. You have been asked to open yesterday’s capture and filter out any ping packets. What protocol should you filter by?

A) ICMP
B) TCP
C) UDP
D) IGMP

Answer

A

ICMP

ICMP is correct. Internet Control Message Protocol (ICMP) reports on network congestion and reachability. Utilities such as ping and tracert use ICMP as their transport mechanism.

Question 19

Q

You are present at the scene of a digital crime. You need to ensure that evidence is gathered, documented, and stored in such a way that it will not affect admissibility in a court of law. Which legal standard should you adhere to?

A) legal hold
B) chain of custody
C) order of volatility
D) data sovereignty

Answer

A

Chain of custody

Chain of custody is correct. The chain of custody requires evidence to be gathered in a legal manner, documented, and securely stored at all times

Question 20

Q

Examine the exhibit. An administrator configures a NAT router with a public IP address of 192.168.4.253/24 and an internal IP address of 10.0.0.253/24. When he tests connectivity to external networks, the client stations do not connect and eventually time out. What is the problem?

A) the subnet mask should be 255.0.0.0
B) NAT requires client software to be installed
C) the default gateway must be configured
D) NAT cannot route from one private IP network to another private IP network

Answer

A

The default gateway must be configured

The default gateway must be configured is correct. NAT (Network Address Translation) requires internal devices to set their default gateway address to match the NAT router’s internal IP address. Traffic destined for other networks is then sent to the NAT device, where the packets assume the public IP address of the NAT router. It is important to change default settings for all types of routing devices.

Question 21

Q

Which of the following scenarios best defines fail secure?

A) a server blocks connections when log files run out of disk space
B) a clustered mail server fails over to another cluster node
C) a busy server redirects a user request to an idle server
D) a firewall appliance allows all traffic through when a component fails

Answer

A

A server blocks connections when log files run out of disk space

A server blocks connections when log files run out of disk space is correct. Fail secure means the system will remain secure even in the event of a failure, such as running out of disk space for logging.

Question 22

Q

Which of the following encryption algorithms is considered the strongest?

A) WEP 128-bit
B) SHA-1
C) DES
D) RSA 1024-bit

Answer

A

RSA 1024-bit

RSA 1024-bit is correct. RSA (Rivest, Shamir, Adelman) 1024-bit is a secure asymmetric encryption algorithm.

Question 23

Q

You are modifying the backup schedule for the thirteen Windows and seven Unix servers in your server room. Full backups will occur Saturdays at 9:00 A.M. and incremental backups will occur every weekday starting at 7:00 P.M. Each server contains an average of 400GB of data. Backup tapes are stored in a safe down the hall in the IT manager’s office. What problems exist with this scenario?

A) there is not enough time to perform incremental backups if the start time is 7:00pm
B) backup tapes should be stored offsite
C) incremental backups must be used with differential backups
D) differential backups can be used only with full backups

Answer

A

Backup tapes should be stored offsite

Backup tapes should be stored offsite is correct. Backup tapes (or a verified copy of them) must be stored at an alternate location in case of fire or flood damage, to name just a few possibilities. Organizational data files as well as virtual machine snapshots are often stored on backup media, including in the cloud.

Question 24

Q

Examine the illustration. You cannot connect to http://lachance.mooo.com from your client workstation. What is the problem?

A) the URL must begin with www
B) the subnet mask is incorrect
C) client workstation DNS server configurations should not point to 127.0.0.1
D) the default gateway and the DHCP server cannot use the same IP address

Answer

A

Client workstation DNS server configurations should not point to 127.0.0.1

Client workstation DNS server configurations should not point to 127.0.0.1 is correct. Client workstations do not normally run DNS server software, and 127.0.0.1 is a local loopback IP address. Workstations should be pointing to a functional DNS server running elsewhere. To verify that returned DNS results from server have not been tampered with, DNSSEC can be used to digitally sign DNS records. DNS settings can be verified on a Windows station with the ipconfig command and on a Linux station with the ifconfig command.

Question 25

Q

Which of the following is an example of adhering to the concept of chain of custody when seizing computer equipment?

A) generating file hashes
B) encrypting external USB hard disk contents
C) emptying the window recycle bin
D) applying operating system updates

Answer

A

Generating file hashes

Generating file hashes is correct. File hashes are unique per file and are used to ensure that original data has not been modified; a modified file generates a different unique hash value.

Question 26

Q

Departmental managers complain that they cannot quickly allocate more storage as their department needs dictate. Regulations require data to be store on-premises. Which cloud service model and cloud type would address this scenario?

A) PaaS, private
B) SaaS, community
C) SECaaS, public
D) IaaS, private

Answer

A

IaaS private

IaaS, private is correct. Infrastructure as a service (IaaS) encompasses network and storage infrastructure. Private clouds run on-premises.

Question 27

Q

Under what circumstances might a risk be acceptable? (Choose the best answer.)

A) the ARO is less than the cost of mitigating the risk
B) the SLE is less than the cost of mitigating the risk
C) the ALE is more than the cost of mitigating the risk
D) the ALE is less than the cost of mitigating the risk

Answer

A

The ALE is less than the cost of mitigating the risk

The ALE is less than the cost of mitigating the risk is correct. ALE (annual loss expectancy) is a dollar figure derived from the SLE (single loss expectancy) and the ARO (annual rate of occurrence).

Question 28

Q

Which are the two symmetric encryption algorithms in the list?

A) MD5
B) RSA
C) blowfish
D) RC4

Answer

A

-Blowfish
-RC4

Blowfish and RC4 are correct. Blowfish and RC4 are both symmetric algorithms. Symmetric algorithms use the same key for encryption and decryption.

Question 29

Q

A malicious user, Daniel, gains access to a corporate Wi-Fi network where two other users are exchanging data. Daniel captures network traffic between the two communicating victims, modifies it, and sends it back on the network. How could this type of attack be prevented?

A) computer authentication using PKI
B) hard disk encryption
C) computer authentication using ARP
D) jumbo frames

Answer

A

Computer authentication using PKI

Computer authentication using PKI is correct. Public Key Infrastructure (PKI) certificates from a trusted source could be configured on the two computers. Network traffic from hosts not using a trusted PKI certificate could then be ignored.

Question 30

Q

Which of the following statements are true? (Choose two.)

A) steganography hides communications
B) steganography scrambles communications
C) encryption hides communications
D) encryption scrambles communications

Answer

A

-Steganography hides communications
-Encryption scrambles communications

Encryption scrambles communications and steganography hides communications are correct. Encryption scrambles, or encrypts, data with a public key. A private key is used to decrypt the data. Steganography attempts to conceal the fact that any communication is taking place by placing messages or files within other files. For example, a text document could be hidden within a JPG image file.

Question 31

Q

Which type of attack downgrades HTTPS connections to HTTP?

A) SQL injection
B) DDoS
C) SSL stripping
D) cross-site scripting

Answer

A

SSL stripping

SSL stripping is correct. SSL stripping is considered an HTTPS downgrade attack, whereby a malicious user intercepts user HTTPS requests. The attacker makes an HTTPS connection to the requested site, but the client connection to the attacker, unknown to the client, is still HTTP, thus is not encrypted.

Question 32

Q

You are a Linux server administrator. You need to view the first 10 entries in a text-based application log file. Which command should you use?

A) head
B) tail
C) ls
D) chmod

Answer

A

Head

Head is correct. The head command shows the first 10 lines in a text file. You can also specify a different number of lines to display from a file like this: head file1.txt –n 5.

Question 33

Q

Which of the following are ways to mask PII (personally identifiable information)? (Choose two.)

A) fingerprint
B) anonymous proxy server
C) tattoo
D) gloves

Answer

A

-Anonymous
-Gloves

Anonymous proxy server and gloves are correct. PII uniquely identifies a person and includes items such as a credit card number, e-mail address, signature, and so on. Anonymous proxy servers mask your IP address, and gloves prevent fingerprints from being left behind—these both mask PII.

Question 34

Q

An exported NFS folder named Toronto on a Linux system has the following permissions set:

rwx – owner – root r-x – group – accounting

The parent folder restricts access only to the root account. The root account is a member of the accounting group. User Sean is not given access to the root account, and he is not a member of the accounting group. Which of the following statements is true?

A) sean is explicitly denied access to Toronto folder
B) sean is implicitly denied access to the Toronto folder
C) the root account has r-x to the Toronto folder
D) the root account is implicitly allowed access to the Toronto folder

Answer

A

Sean is implicitly denied access to the Toronto folder

Sean is implicitly denied access to the Toronto folder is correct. Implicit denial means that the end result is a subject is denied through indirect association. This applies not only to file system security but also firewall rule sets. Only user root has access to the parent folder; everybody else is implicitly denied access, including Sean.

Question 35

Q

Gretchen uses her laptop to connect to many different web sites to download free software. Over time, her laptop slows down to the point where it is unusable. You verify that she has plenty of free hard disk space. What do you suspect is causing the slowdown?

A) the disk is storing too many web browser cookies
B) a rootkit is present
C) spyware is installed
D) the disk is fragmented

Answer

A

Spyware is installed

Spyware is installed is correct. Spyware can get installed covertly when you install free software. The spyware then monitors your computer activity and may inventory what type of files or software you have installed. All of this can take its toll on performance over time.

Question 36

Q

Which of the following will remove single points of failure? (Choose two.)

A) NAT
B) server clustering
C) RAID 0
D) RAID 1

Answer

A

-Server clustering
-RAID 1

Server clustering and RAID 1 are correct. Server clusters include two or more servers working together to offer services. A failure of single server should have minimal (if any) impact; any services hosted on the computer are simply taken over by another cluster node. RAID 1 (disk mirroring) can tolerate a single disk failure because every disk write is duplicated onto a separate disk.

Question 37

Q

Files from a seized computer must be analyzed for illegal activity. Using the correct forensic software, you copy the files to another storage device. What should you do to ensure that the copied files’ contents are perfect replicas of the originals?

A) enable write blocking on the storage device
B) set file permissions denying everyone access
C) generate a file hash
D) flag the files and read only

Answer

A

Generate a file hash

Generate a file hash is correct. File hashes are generated by feeding file data into a hashing algorithm, resulting in a unique hash. Any change to a file will result in a different hash, which could indicated a breach of file integrity.

Question 38

Q

What best protects computers from malicious traffic?

A) host-based firewall
B) packet sniffer
C) port scanner
D) PKI

Answer

A

Host-based firewall

Host-based firewall is correct. Host-based firewalls protect a computer primarily from external threats (only certain packets, if any, initiated from external hosts are allowed into the computer).

Question 39

Q

Rachelle is a server administrator. During her required monthly server maintenance duties, Rachelle clears all server logs to increase usable disk space. Her job also requires her to create user accounts and grant permissions to network shared folders and printers. What is the security violation in this scenario?

A) incident management
B) least privilege
C) Separation of Duties
D) acceptable use

Answer

A

Separation of Duties

Separation of duties is correct. Rachelle is a server administrator, and she has the ability to erase all server logs—the potential exists for Rachelle to abuse server administrative privileges and clear any audit trails.

Question 40

Q

A lawyer for a dismissed employee notifies the IT department that for evidence admissibility reasons, the employee’s laptop must be securely stored and all connectivity and modifications related to the machine must be strictly prohibited. Which term does this scenario most closely relate to?

A) data sovereignty
B) chain of custody
C) legal hold
D) order of volatility

Answer

A

Legal hold

Legal hold is correct. Legal hold is a preservation order sometimes issued during e-discovery to ensure that potential evidence is immutable, meaning that it cannot be modified.

Question 41

Q

You are attempting to connect to a corporate wireless network, but the WLAN name does not appear for you to connect to it. Why might this be?

A) ESSID broadcasting has been disabled
B) BSSID broadcasting has been disabled
C) MAC filtering has been disabled
D) MAC filtering has been enabled

Answer

A

ESSID broadcasting has been disabled

ESSID broadcasting has been disabled is correct. Disabling extended service set ID (ESSID) broadcasting prevents the WLAN name from being seen when you’re browsing for wireless networks.

Question 42

Q

Which type of log would list failed login attempts?

A) access log
B) application log
C) security log
D) event log

Answer

A

Security log

Security log is correct. The Windows Security log shows auditing entries related to activity such as logon attempts or file access.

Question 43

Q

A user downloads free software from a web site. Upon installation, the free software takes advantage of an operating system vulnerability that allows remote administrative control for which there is currently no known mitigation. What term best describe this type of software?

A) DoS
B) ransomware
C) worm
D) zero-day exploit

Answer

A

Zero-day exploit

Zero-day exploit is correct. Zero-day exploits take advantage of a vulnerability for which there is no current remedy. The vendor may not even know about the vulnerability that the hacker has discovered.

Question 44

Q

You are a web developer. Some customers report links on your web pages to unrelated offerings of various products. As the web developer, you check your website code and verify that these links are not coded into your web pages. What can you tell your customers was the most likely reason for this?

A) the customers’ computer are infected with a fileless virus
B) the customers’ computers are infected with a worm
C) the customers’ computers are infected with adware
D) the customers computer are infected with a trogan

Answer

A

The customers’ computer are infected with adware

The customers’ computers are infected with adware is correct. Adware could add links to web pages your customers visit for products and services they may want based on their computer usage patterns. Adware is often the result of spyware that monitors a user’s computing activity such as web searches.

Question 45

Q

Which of the following are at risk from spyware?

A) all of the answers are correct
B) files on the hard disk
C) keystrokes
D) web browser home page
E) web browser cookies

Answer

A

All of the answers are correct

All of the answers are correct is correct. Spyware can analyze web browser cookies, files, user keystrokes, and browser home pages to determine user habits and steal personal user information. This data can be sold to marketing firms or used to display relevant ads. All of this is done either without user knowledge or with user consent in exchange for the use of “free” software.

Question 46

Q

You have been asked to configure and secure a wired network. You have linked three 24-port Ethernet switches together. Sixty workstations, one printer, one router, and one server have been plugged in. What should be done with the remaining switch ports?

A) they should be configured to use full duplex
B) they should be disabled
C) they should be associated with a specific MAC address
D) they should be configured with their own VLAN

Answer

A

They should be disabled

They should be disabled is correct. In the interest of security, unused switch ports should be disabled to prevent unauthorized network access.

Question 47

Q

Why would an administrator configure router ACLs (access control lists)?

A) to restrict or allow specific network traffic through the router
B) to restrict the location from which the router can load it’s configuration
C) to restrict what files users can access on the file server
D) to enable the detection of suspicious activity

Answer

A

To restrict or allow specific network traffic through the router

To restrict or allow specific network traffic through the router is correct. Router ACLs allow or deny network traffic through the router. The ACLs can look at IP addresses, protocol types, TCP and UDP port numbers, and so on. Devices such as routers should also be configured with a logon banner stating that the device can be used only for legitimate organizational activities.

Question 48

Q

What can be done to determine whether users and computing equipment are compliant with corporate security policies?

A) use incident response
B) set file permissions
C) use chain of custody
D) conduct routine audits

Answer

A

Conduct routine audits

Conduct routine audits is correct. Routine audits will reveal noncompliance, or policy violations, of established security policies.

Question 49

Q

A remote laptop user, Julie, reports that her workstation hangs for no apparent reason. You are dispatched to troubleshoot the issue the next day when she is in the office. After 20 minutes of troubleshooting, you decide the best solution is to back up and then restore Julie’s data after applying a standard base image that was created last year. Julie then takes the now functional laptop with her on a business trip. What else should have been done to Julie’s laptop? (Choose the best answer.)

A) anti-spyware software should have been installed
B) disk encryption should have been enabled
C) software updates should have been applied
D) TPM should have been enabled

Answer

A

Software updates should have been applied

Software updates should have been applied is correct. Since the image is one year old, software updates, including operating system, application, and virus definition updates, must be applied; otherwise, the system could be vulnerable.

Question 50

Q

Samantha’s user account is temporarily disabled while she is on maternity leave. Soon after this, her account is mistakenly deleted. Six months later, Samantha returns and notifies the help desk that she is unable to log on to the network. Her home directory, however, still remains intact with her encrypted files. The help desk re-creates her account with the same username and a different password and then adds her to the appropriate groups. When Samantha attempts to access files from her home directory, she is denied access. What is the problem?

A) her password must be the same to decrypt the files
B) her new account must use longer passwords
C) her public key must be restored to decrypt the files
D) her private key must be restored to decrypt the files

Answer

A

Her private key must be restored to decrypt the files

Her private key must be restored to decrypt the files is correct. Private keys are used to decrypt data encrypted with the mathematically related public key. Simply re-creating a user account with the same name and password will not work. Some network systems generate public/private key pairs that are unique to the user account. A PKI certificate public key stored in a file or smart card could also have been used to encrypt the files, so the related private key is required to decrypt them.

Question 51

Q

Which type of security appliance detects and attempts to stop network attacks?

A) HIDS
B) NIDS
C) HIPS
D) NIPS

Answer

A

NIPS

NIPS is correct. A network-based intrusion prevention system (NIPS) detects and attempts to stop network attacks because it operates at the network level and aims at filtering all network traffic that passes through it, with the goal of blocking suspicious patterns.

Question 52

Q

A technician has captured network traffic using a protocol analyzer on her station. When she views the captured packets, she sees only her own TCP and UDP transmissions despite the fact that she knows there are other active stations on the same network. Other technicians in her office experience the same packet-capturing results when capturing from their stations (they see only their own TCP and UDP traffic). What is the most likely cause of the problem?

A) the technician enabled a UDP traffic filter
B) the technician was plugged into a hub
C) the technician was plugged into a switch
D) the technician enabled a TCP traffic filter

Answer

A

The technician was plugged into a switch

The technician was plugged into a switch is correct. Each switch port is a collision domain, which means protocol analyzers will see only traffic sent from or going to the machine plugged into that switch port.

Question 53

Q

Identify two benefits of server virtualization. (Choose two.)

A) cheaper software licensing
B) less space required in server room
C) less hardware costs
D) more secure than a physical server

Answer

A

-Less space required in server room
-Less hardware costs

Less hardware costs and Less space required in server room are correct. Less hardware and physical space are required to host virtual servers than physical servers.

Question 54

Q

You have received new server hardware containing six hard disks. Your manager asks that user data stored on the new server be protected from hard disk failure while maximizing disk space utilization efficiency. What should you configure?

A) file hashing
B) disk encryption
C) RAID 1
D) RAID 5

Answer

A

RAID 5

RAID 5 is correct. RAID (Redundant Array of Independent Disks) level 5 writes data evenly across disks (minimum of three) in the stripe set. Parity, or error recovery, information is distributed across disks such that failure of a single physical hard disk can be tolerated, because the parity information can be used to dynamically reconstruct data stored on the failed disk. Compared to RAID 1 (disk mirroring), which duplicates saved data to a second disk, RAID 5 minimizes used disk space.

Question 55

Q

A Windows domain administrator would like to configure all domain controller servers to require complex passwords. Which method is the most efficient way to do this?

A) use group policy
B) write a Powershell script and run the script on each server
C) use a local security policy
D) export the settings from one configured server and import them to the other servers

Answer

A

Use group policy

Use Group Policy.is correct. Group Policy enables the centralized configuration of operating system settings.

Question 56

Q

What types of attacks cannot be mitigated by virus scanners? (Choose all that apply)

A) trojan
B) keylogger
C) ARP cache poisoning
D) DNS poisoning

Answer

A

-ARP cache poisoning
-DNS poisoning

DNS poisoning and ARP cache poisoning are correct.
DNS and ARP poisoning are network-based attacks and not viruses.

Question 57

Q

A small law firm with no technical staff is expanding and hires 20 paralegals in different cities. The firm would like reliable mail server access as well as the latest mail server software. Additional temporary employees may be hired from time to time. Which solution presents the best economical solution?

A) cloud computing
B) upgrading to the latest CPUs
C) custom-bult web mail
D) refurbished server and client hardware

Answer

A

Cloud computing

Cloud computing is correct. Cloud computing presents a hosted solution (a service subscription) for companies requiring reliable, up-to-date computing access while being flexible enough to grow or shrink with company needs. No up-front investment is required for hardware or technicians. Network configuration tasks that would otherwise require technical expertise are facilitated through software-defined networking (SDN), which makes firewalling and network segmentation easy.

Question 58

Q

Which type of risk analysis weighs potential threats based on dollar figures?

A) ALE
B) ARO
C) Quantitative
D) qualitative

Answer

A

Quantitative

Quantatative is correct. Quantitative risk analysis identifies assets and risks and uses calculations such as ALE (annual loss expectancy) to prioritize and budget funds to manage these risks.

Question 59

Q

Your company manufactures bolts. A partner company manufactures nuts. The partner company requires access to your manufacturing data, which is available on your internal web server. What should you configure?

A) SSL
B) router
C) identity federation
D) proxy server

Answer

A

Identity federation

Identity federation is correct. Identity federation uses security tokens generated by a trusted identity source to allow access to resources such as web sites. The federation trust between parties is established using PKI certificates.

Question 60

Q

Which concept exposes users to various roles in order to keep employees’ interest and expand their knowledge of business operations?

A) Separation of Duties
B) succession planning
C) job rotation
D) employee exposure

Answer

A

Job Rotation

Job rotation is correct. Exposing users to various roles is referred to as job rotation. This is considered an administrative security control.

Question 61

Q

A smartphone user encrypts the contents of a 2GB media card using a key generated on her mobile device. The following year the user is issued a new smartphone. She inserts her old 2GB media card but is denied access to its contents. What is the most likely reason for the denied access?

A) the 2GB media card is corrupt
B) the media card was decrypted on the old smartphone, not the new one
C) the media card was encrypted on the old smartphone, not on the new one
D) newer smartphones only accept a minimum of 4GB media cards

Answer

A

The media card was encrypted on the old smartphone, not the new one

The media card was encrypted on the old smart phone, not the new one is correct. Media cards encrypted with device-generated keys can only be decrypted in that same device.

Question 62

Q

Which short-range payment method is commonly used with payment cards and mobile apps?

A) NFC
B) rainbow table
C) WPS
D) RFID

Answer

A

NFC

NFC is correct. Near Field Communication (NFC) is commonly used as a short-range payment method (within a few centimeters).

Question 63

Q

You are developing a mobile device security policy for your company. Some employees will be issued a smart phone that will also be used to store schematics related to a military government contract. Which item should you include in your mobile device security policy?

A) remote wipe
B) TPM
C) HSM
D) TLS

Answer

A

Remote wipe

Remote wipe is correct. Should a smart phone be lost or stolen, remote wipe functionality enables administrators to revert the device to factory settings. In bring your own device (BYOD) environments, technicians can partition work versus personal apps, data, and settings to facilitate the remote wiping of only work items.

Question 64

Q

Which listed example describes implicit deny?

A) Tabitha is added to a group named students and denied read access
B) Tabitha is added to a folder and given read access
C) Tabitha is added to a folder and denied read access
D) Tabitha is added to a group name students and given read access

Answer

A

Tabitha is added to a group named students and denied read access

Tabitha is added to a group named Students and denied Read access is correct. Implicit denial means an entity (Tabitha in this case) is denied access indirectly (via the Students group in this case).
Tabitha is added to a folder and denied Read access is incorrect. The listed item describes explicit denial.

Answer 65

A

Hashing

Hashing is correct. Hashing feeds data into a one-way algorithm, which results in a unique value that can be recomputed and compared against the original in the future. Digitally signing a message encrypts the message hash with a private key. Because the private key is held only by the owner, the owner cannot deny having signed the message; this is also referred to as nonrepudiation.

Answer 66

A

Voice over IP

Voice over IP is correct. The Session Initiation Protocol (SIP) is used to establish and maintain network sessions related to voice and video, such as with VoIP.
Port scanning, router table sharing and connecting to an https web server are incorrect. None of these activities would result in SIP traffic.

Answer 67

A

GPS

GPS is correct. The Global Positioning System (GPS) uses satellites to track objects on the Earth’s surface. This is referred to as geolocation or geotracking and can further be used to limit the use of mobile apps within an area (called geofencing).

Answer 68

A

Recipient’s public key

Recipient’s public key is correct. You must possess the recipient’s public key to encrypt messages. Decryptions occur with the related private key.

Answer 69

A

-File hashes
-Auditing

File hashes and auditing are correct. File hashes generate a unique value for a file at a given point in time. Changes to the file will result in a different hash value. These hashes can be compared to determine whether a file has changed. To track who made a change, file system auditing can be enabled for the appropriate files or folders.

Answer 70

A

Authentication

Authentication is correct. Because an attacker computer sits between two conversing hosts, authenticating the two conversing computers to each other will prevent man-in-the-middle attacks. For example, authentication may require that each host prove its identity via a trusted PKI certificate.

Answer 71

A

Worm

Worm is correct. A worm is self-replicating malicious code that does not have to attach itself to a file as conventional viruses do.

Answer 72

A

Change Wi-Fi channel

Change the Wi-Fi channel is correct. 802.11g wireless routers run in the 2.4 GHz frequency range. In North America, you can configure your wireless router to use one of eleven channels to reduce interference. For example, if both neighbors are using channel 3 in the 2.4 GHz range, you might configure your wireless router to use channel 11 to reduce or eliminate interference. Each channel is spaced approximately 5 MHz from the next, so choosing a closer channel, such as channel 4, may still produce problems.

Answer 73

A

Wireshark

Wireshark is correct. Wireshark is an open source packet capturing and analysis tool.

Answer 74

A

LDAP

LDAP is correct. Lightweight Directory Access Protocol (LDAP) is a standard authentication data source using TCP port 389 for clear-text transmissions and TCP port 636 for encrypted transmissions. Common directory services such as Microsoft Active Directory and Sun ONE Directory Server are all LDAP-compliant.

Answer 75

A

Business impact analysis

Business impact analysis is correct. A business impact analysis identifies how personnel, data systems, clients, and revenue will be affected if a threat is realized.

Answer 76

A

Spam filtering software

Spam filtering software is correct. Unsolicited messages are called spam. Spam filtering software attempts to filter these messages out before they reach the user’s inbox.

Answer 77

A

Spyware

Spyware is correct. Spyware is malware that monitors user activity without user consent. This data can be used to display ads (adware) that could be of interest to the user.

Answer 78

A

Single-factor

Single-factor is correct. Single-factor authentication implies either something you know, something you have, or something you are. In this case it is something the user knows (username and password).

Answer 79

A

Account lockout

Account lockout is correct. Repeated attempts to crack user passwords can be deterred by locking accounts for a period of time after a specified number of incorrect login attempts. Legitimate users may have to call the help desk to have their accounts unlocked if they do not want to wait for the configured lockout duration.

Answer 80

A

Private key

Private key is correct. Web browsers generate a unique session key that is encrypted with the web server’s public key and sent across the network. The web server then uses its mathematically related private key to decrypt the message to expose the session key.

Brainscape's Knowledge GenomeTM

Practice Test #1 Flashcards

Brainscape's Knowledge Genome^TM