Q251-Q299

Question 1

Which of the following is the below pseudo-code an example of?
IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT
A. Buffer overflow prevention
B. Input validation
C. CSRF prevention
D. Cross-site scripting prevention

Answer 1

B. Input validation

Question 2

A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?

A. RADIUS B. TACACS+ C. Kerberos D. LDAP

Answer 2

B. TACACS+

Question 3

Which of the following can use RC4 for encryption? (Select TWO).
A. CHAP B. SSL C. WEP D. AES E. 3DES

Answer 3

B. SSL

C. WEP

Question 4

Which of the following defines a business goal for system restoration and acceptable data loss?
A. MTTR
B. MTBF
C. RPO
D. Warm site

Answer 4

C. RPO

Question 5

If Organization A trusts Organization B and Organization B trusts Organization C, then Organization A trusts Organization C. Which of the following PKI concepts is this describing?

A. Transitive trust
B. Public key trust
C. Certificate authority trust
D. Domain level trust

Answer 5

A. Transitive trust

Question 6

Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
A. Business continuity planning B. Continuity of operations
C. Business impact analysis
D. Succession planning

Answer 6

D. Succession planning

Question 7

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?
A. Recovery agent
B. Certificate authority 
C. Trust model
D. Key escrow

Answer 7

A. Recovery agent

Question 8

Which of the following devices will help prevent a laptop from being removed from a certain location?

A. Device encryption
B. Cable locks
C. GPS tracking
D. Remote data wipes

Answer 8

B. Cable locks

Question 9

Which of the following is the MOST secure protocol to transfer files?
A. FTP
B. FTPS
C. SSH
D. TELNET

Answer 9

B. FTPS

Question 10

Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?
A. Signature based IPS B. Signature based IDS C. Application based IPS D. Anomaly based IDS

Answer 10

D. Anomaly based IDS

Question 11

A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?

A. Command shell restrictions
B. Restricted interface
C. Warning banners
D. Session output pipe to /dev/null

Answer 11

C. Warning banners

Question 12

Which of the following protocols is used to authenticate the client and server’s digital certificate?
A. PEAP B. DNS C. TLS D. ICMP

Answer 12

C. TLS

Question 13

Which of the following can be used to mitigate risk if a mobile device is lost?
A. Cable lock
B. Transport encryption C. Voice encryption
D. Strong passwords

Answer 13

D. Strong passwords

Question 14

Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?
A. Record time offset B. Clean desk policy C. Cloud computing D. Routine log review

Answer 14

B. Clean desk policy

Question 15

Which of the following is an example of multifactor authentication?
A. Credit card and PIN
B. Username and password C. Password and PIN
D. Fingerprint and retina scan

Answer 15

A. Credit card and PIN

Question 16

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?
A. Proper error handling
B. Proper input validation
C. Improper input validation
D. Improper error handling

Answer 16

B. Proper input validation

Question 17

Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).
A. Spam filter
B. Load balancer C. Antivirus
D. Proxies
E. Firewall
F. NIDS
G. URL filtering

Answer 17

D. Proxies
E. Firewall
G. URL filtering

Question 18

Several bins are located throughout a building for secure disposal of sensitive information. Which of the following does this prevent?
A. Dumpster diving B. War driving
C. Tailgating
D. War chalking

Answer 18

A. Dumpster diving

Question 19

Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected?
A. Application design
B. Application security
C. Initial baseline configuration D. Management of interfaces

Answer 19

C. Initial baseline configuration

Question 20

Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?
A. Acceptable Use Policy
B. Physical security controls C. Technical controls
D. Security awareness training

Answer 20

D. Security awareness training

Question 21

Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?
A. HIDS
B. Firewall
C. NIPS
D. Spam filter

Answer 21

C. NIPS

Question 22

Mike, a security professional, is tasked with actively verifying the strength of the security controls on a company’s live modem pool. Which of the following activities is MOST appropriate?
A. War dialing B. War chalking C. War driving D. Bluesnarfing

Answer 22

A. War dialing

Question 23

Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?
A. Evil twin
B. DNS poisoning C. Vishing
D. Session hijacking

Answer 23

B. DNS poisoning

Question 24

An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?
A. CRL
B. Non-repudiation C. Trust models
D. Recovery agents

Answer 24

B. Non-repudiation

Question 25

Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?
A. HIPS B. NIDS C. HIDS D. NIPS

Answer 25

A. HIPS

Question 26

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?
A. Create a VLAN without a default gateway.
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.

Answer 26

C. Create a virtual switch.

Question 27

A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control?
A. Implicit deny
B. Role-based Access Control C. Mandatory Access Controls D. Least privilege

Answer 27

C. Mandatory Access Controls

Question 28

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
A. 20 B. 21 C. 22 D. 23

Answer 28

B. 21

Question 29

Which of the following could cause a browser to display the message below?
“The security certificate presented by this website was issued for a different website’s address.”
A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs.
B. The website is using a wildcard certificate issued for the company’s domain.
C. HTTPS://127.0.01 was used instead of HTTPS://localhost.
D. The website is using an expired self signed certificate.

Answer 29

C. HTTPS://127.0.01 was used instead of HTTPS://localhost.

Question 30

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?
A. Availability
B. Integrity
C. Confidentiality D. Fire suppression

Answer 30

A. Availability

Question 31

Which of the following pseudocodes can be used to handle program exceptions?

A. If program detects another instance of itself, then kill program instance. B. If user enters invalid input, then restart program.
C. If program module crashes, then restart program module.
D. If user’s input exceeds buffer length, then truncate the input.

Answer 31

C. If program module crashes, then restart program module.

Question 32

Which of the following technologies uses multiple devices to share work?
A. Switching
B. Load balancing C. RAID
D. VPN concentrator

Answer 32

B. Load balancing

Question 33

Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?
A. SFTP B. HTTPS C. TFTP D. TLS

Answer 33

B. HTTPS

Question 34

Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?

A. Man-in-the-middle B. Bluejacking
C. Bluesnarfing
D. Packet sniffing

Answer 34

B. Bluejacking

Question 35

Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task?
(Select TWO).
A. Private hash
B. Recovery agent C. Public key
D. Key escrow
E. CRL

Answer 35

B. Recovery agent

D. Key escrow

Question 36

Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?
A. Incident management B. Server clustering
C. Change management D. Forensic analysis

Answer 36

C. Change management

Question 37

Which of the following can Pete, a security administrator, use to distribute the processing effort when generating hashes for a password cracking program?

A. RAID
B. Clustering C. Redundancy D. Virtualization

Answer 37

B. Clustering

Question 38

Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?
A. Identify user habits
B. Disconnect system from network C. Capture system image
D. Interview witnesses

Answer 38

C. Capture system image

Question 39

Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?
A. Placement of antenna
B. Disabling the SSID
C. Implementing WPA2
D. Enabling the MAC filtering

Answer 39

A. Placement of antenna

Question 40

Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?
A. Implement WPA
B. Disable SSID
C. Adjust antenna placement D. Implement WEP

Answer 40

A. Implement WPA

Question 41

Which of the following is a management control?
A. Logon banners
B. Written security policy
C. SYN attack prevention
D. Access Control List (ACL)

Answer 41

B. Written security policy

Question 42

Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?
A. Restoration and recovery strategies 
B. Deterrent strategies
C. Containment strategies
D. Detection strategies

Answer 42

C. Containment strategies

Question 43

In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?
A. Three factor B. Single factor C. Two factor D. Four factor

Answer 43

B. Single factor

Question 44

Using proximity card readers instead of the traditional key punch doors would help to mitigate:
A. Impersonation B. Tailgating
C. Dumpster diving D. Shoulder surfing

Answer 44

D. Shoulder surfing

Question 45

Which of the following application attacks is used to gain access to SEH?
A. Cookie stealing B. Buffer overflow
C. Directory traversal D. XML injection

Answer 45

B. Buffer overflow

Question 46

Which of the following is an authentication service that uses UDP as a transport medium?

A. TACACS+ B. LDAP
C. Kerberos D. RADIUS

Answer 46

D. RADIUS

Question 47

Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).
A. Tethering
B. Screen lock PIN C. Remote wipe
D. Email password E. GPS tracking
F. Device encryption

Answer 47

C. Remote wipe

F. Device encryption

Question 48

Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane's company?
A. Vulnerability scanner 
B. Honeynet
C. Protocol analyzer
D. Port scanner

Answer 48

B. Honeynet

Question 49

Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?
A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations

Answer 49

D. Mandatory Vacations

Question 50

Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?
A. Network based firewall B. Anti-spam software
C. Host based firewall
D. Anti-spyware software

Answer 50

D. Anti-spyware software