Question Set 4 Flashcards by Landon Todd

Who is responsible for establishing access permissions to network resources in the DAC access control model? A. The system administrator B. The owner of the resource C. The system administrator and the owner of the resource D. The user requiring access to the resource

B. The owner of the resource

How well did you know this?

Not at all

Perfectly

Which access control system allows the system administrator to establish access permissions to network resources? A. MAC B. DAC C. RBAC D. None of the above

A. MAC

How well did you know this?

Not at all

Perfectly

Which of the following access control models uses roles to determine access permissions? A. MAC B. DAC C. RBAC D. None of the above

C. RBAC

How well did you know this?

Not at all

Perfectly

How is access control permissions established in the RBAC access control model? A. The system administrator B. The owner of the resource C. The roles or responsibilities users have in the organization D. None of the above

C. The roles or responsibilities users have in the organization

How well did you know this?

Not at all

Perfectly

What does the DAC access control model use to identify the users who have permissions to a resource? A. Predefined access privileges B. The role or responsibilities users have in the organization C. Access Control Lists D. None of the above

C. ACLs

How well did you know this?

Not at all

Perfectly

What does the MAC access control model use to identify the users who have permissions to a resource? A. Perdefined access privileges B. The role or responsibilities users have in the organization C. Access Control Lists D. None of the above

A. Predefined access privileges

How well did you know this?

Not at all

Perfectly

Which of the following statements regarding the MAC access control models is TRUE? A. The Mandatory Access Control (MAC) model is a dynamic model. B. In the Mandatory Access Control (MAC) the owner of a resource establishes access privileges to that resource. C. In the Mandatory Access Control (MAC) users cannot share resources dynamically. D. The Mandatory Access Control (MAC) model is not restrictive.

C. In the Mandatory Access Control (MAC) users cannot share resources dynamically

How well did you know this?

Not at all

Perfectly

Which of the following are types of certificate-based authentication? (SELECT TWO) A. Many-to-one mapping B. One-to-one mapping C. One-to-many mapping D. Many-to-many mapping

A. Many-to-one mapping B. One-to-one mapping

How well did you know this?

Not at all

Perfectly

The ability to logon to multiple systems with the same credentials is typically known as: A. decentralized management B. single sign-on C. Role Based Access Control (RBAC) D. centralized management

B. single sign-on

How well did you know this?

Not at all

Perfectly

Remote authentication allows you to authenticate Zendesk users using a locally hosted script. Which of the following is an example of remote authentication? A. A user on a metropolitan are network (MAN) accesses a host by entering a username and password pair while not connected to the LAN. B. A user on a campus are network (CAN) connects to a server in another building and enters a username and password pair. C. A user in one building logs on to the network by entering a username and password into a host in the same building. D. A user in one city logs onto a netwrok by connecting to a domain server in another city.

D. A user in one city logs onto a network by connecting to a domain server in another city.

How well did you know this?

Not at all

Perfectly

The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw. A. The DAC (Discretionary Access Control) model uses only the identity of the user or sspecific process to control access to a resource. This creates a security loophole for Trojan horse attacks. B. The DAC (Discretionary Access Control) model uses certificates to control access to resources. This creates an opportunity for attackers to use your certificates. C. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. This allows anyone to use an account to access resources. D. The DAC (Discretionary Access Control) model does not have any known security flaws.

A. The DAC (Discretionary Access Control) model uses only the identity of the user or sspecific process to control access to a resource. This creates a security loophole for Trojan horse attacks.

How well did you know this?

Not at all

Perfectly

You work as the network administrator for ABZ.com. The ABZ.com network uses the RBAC (Role Based Access Control) model. You must plan the security strategy for users to access resources on the ABZ.com network. The types of resources you must control access to our mailboxes and files and printers. ABZ.com is divided into distinct departments and functions named Finance Sales Research and Development and Production respectively. Each user has its own workstation and accesses resources based on the department wherein he/she works. You must determine which roles to create to support the RBAC (Role Based Access Control) model. Which of the following roles should you create? A. Create mailbox and file and printer roles. B. Create Finance Sales Research and Development and Production roles. C. Create user and workstation roles. D. Create allow access and deny access roles.

B. Create Finance Sales Research and Development and Production roles.

How well did you know this?

Not at all

Perfectly

Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. A. MACs (Mandatory Access Control) method B. RBACs (Role Based Access Control) method C. LBACs (List Based Access Control) method D. DACs (Discretionary Access Control) method

A. MACs (Mandatory Access Control) method

How well did you know this?

Not at all

Perfectly

Choose the terminology or concept which best describes a (Mandatory Access Control) model. A. Lattice B. Bell La-Padula C. BIBA D. Clark and Wilson

A. Lattice

How well did you know this?

Not at all

Perfectly

Which authentiation method does the following sequence: Logon request encrypts value response server challenge compare encrypts results authorize or fail refer to? A. Certificates B. Security Tokens C. CHAP D. Kerberos

C. CHAP

How well did you know this?

Not at all

Perfectly

Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. FTP B. Email C. Web D. DNS

A. FTP

How well did you know this?

Not at all

Perfectly

Which of the following will restrict access to files according to the identity of the user or group? A. MAC B. CRL C. PKI D. DAC

D. DAC

How well did you know this?

Not at all

Perfectly

Which of the following network authentication protocols uses symmetric key cryptography stores a shared key for each network resource and uses a Key Distrobution Center (KDC)? A. RADIUS B. TACACS+ C. Kerberos D. PKI

C. Kerberos

How well did you know this?

Not at all

Perfectly

Which of the following access control models uses subject and object labels? A. Mandatory Access Control (MAC) B. Role Based Access Control (RBAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)

A. Mandatory Access Control (MAC)

How well did you know this?

Not at all

Perfectly

Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. Access control lists B. Ownership C. Group membership D. Sensitivity labels

D. Sensitivity labels

How well did you know this?

Not at all

Perfectly

Which of the following types of authentication BEST describes providing a username password and undergoing a thumb print scan to access a workstation? A. Multifactor B. Mutual C. Biometric D. Kerberos

A. Multifactor

How well did you know this?

Not at all

Perfectly

Users would not like to enter credentials to each server or application to conduct their normal work. Which type of stategy can solve this problem? A. Biometrics B. Smart card C. Two-factor authentication D. SSO

D. SSO

How well did you know this?

Not at all

Perfectly

Kerberos uses which of the following ports by default? A. 23 B. 88 C. 139 D. 443

B. 88

How well did you know this?

Not at all

Perfectly

Which of the following authentication systems make use of the KDC Key Distribution Center? A. Certificates B. Security Tokens C. CHAP D. Kerberos

D. Kerberos

How well did you know this?

Not at all

Perfectly

Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession? A. Smart Cards B. Kerberos C. CHAP D. Certificate

A. Smart Cards

Users need to access their email and several secure applications from any workstation on the network. In addition an authentication system implemented by the administraotr requires the use of a username password and a company issued smart card. This is an example of which of the following? A. Three factor authentication B. SSO C. ACL D. Least privilege

B. SSO

Which of the following statements regarding authentication protocols is FALSE? A. PAP is insecure because usernames and passwords are sent over the network in celar text. B. CHAP is more secure than PAP because it encrypts usernames and passwords before they are sent over the network. C. RADIUS is a client/server-based system that provides authenticaton authorization and accounting services for remote dial-up access. D. MS-CHAP version 1 is capable of mutual authentication of both the client and the server

D. MS-CHAP version 1 is capable of mutual authentication of both the client and the server

Many unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking? A. Mantrap B. Token access C. Security badges D. Hardware locks

A. Mantrap

Which definition best defines what a challenge-response session is? A. A challenge-response session is a workstation or system that produces a random challange string that the user provides when prompted in conjunction with the proper PIN (Personal Identification Number). B. A challenge-response session is a workstation or system that produces a random login ID that the user provides when prompted in conjunction with the proper PIN (Personal Identification Number). C. A challenge-response session is a special hardware device used to produce random text in a cryptography system. D. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.

A. A challenge-response session is a workstation or system that produces a random challange string that the user provides when prompted in conjunction with the proper PIN (Personal Identification Number).

The hashing algorithm is created from a hash value making it nearly impossible to derive the original input number. Which item can implement the strongest hashing algorithm? A. NTLMv2 B. LANMAN C. NTLM D. VLAN

A. NTLMv2

For which reason are clocks used in Kerberos authentication? A. Clocks are used to ensure proper connections. B. Clocks are used to ensure that tickets expire correctly. C. Clocks are used to generate the seed value for the encryptions key. D. Clocks are used to both benchmark and specify the optimal encryption algorithm.

B. Clocks are used to ensure that tickets expire correctly.

A VPN typically provides a remote access link from one host to another over: A. an intranet B. a modern C. a network interface card D. the Internet

D. the Internet

In which authentication model a ticket granting server is an important concept? A. CHAP B. PAP C. Kerberos D. RADIUS

C. Kerberos

In a secure environment which authentication mechanism will perform better? A. RADIUS because it encrypts client-server passwords. B. TACACS because it encrypts client-server negotiation dialogs. C. TACACS because it is a remote access authentication service. D. RADIUS because it is a remote access authentication service

B. TACACS because it encrypts client-server negotiation dialogs.

Which goals can be achieved by use of secuity templates? (SELECT TWO) A. To ensure that PKI will work properly within the company's trust model B. To ensure that performance is standardized across all servers. C. To ensure that servers are in compliance with the corporate security policy. D. To ensure that all servers start from a common security configuration.

C. To ensure that servers are in compliance with the corporate security policy. D. To ensure that all servers start from a common security configuration.

A newly hired security specialist is aked to evaluate a company's network security. The secuity specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take? A. Install software patches B. Disable non-essential services C. Enforce the security policy D. Password management

C. Enforce the security policy

Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment? A. Proxy B. NIDS C. ACL D. HIDS

C. ACL

Giving each user or a group of users only the access they need to do their job is an example of which of the following security principals? A. Least privilege B. Defense in depth C. Separation of duties D. Access control

A. Least privilege

The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer. A. At the stage when the connection is established and at whichever time after the connection has been established. B. At the stage when the connection is established and when the connection is disconnected. C. At the stage when the connection is established. D. At the stage when the connection is diconnected.

A. At the stage when the connection is established and at whichever time after the connection has been established.

Most key fob based identification systems use which of the following types of authentication mechanisms? A. Kerberos B. Biometrics C. Username/password D. Token

C. Username/password D. Token

A graphical user interface (GUI) is a type of user interface which allows people to interact with electronic devices such as computers; hand-held devices such as MP3 Players Portable Media Players or Gaming devices; household appliances and office equipment. Which of the following will allow a technician to restrict a user accessing to the GUI? A. Use of logical tokens B. Group policy implementation C. Password policy enforcement D. Access control lists

B. Group policy implementation

Which authentication method will prevent a replay attack from occuring? A. RADIUS B. L2TP C. Kerberos D. CHAP

C. Kerberos

Access controls based on security labels associated with each data item and each user are known as: A. Mandatory Access Control (MAC) B. Role Based Access Control (RBAC) C. List Based Access Control (LBAC) D. Discrectionay Access Control (DAC)

A. MAC

A user is assigned access rights explicitly. This is feature of which of the following access control models? A. Discretionary Access Control (DAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Role Based Access Control (RBAC)

A. DAC

During which phase of identification and authentication does proofing occur? A. Authenication B. Testing C. Verification D. Identification

D. Indentification

During which phase of identification and authentication does proofing occur? A. Authentication B. Testing C. Verification D. Identification

D. Identification

Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. Single sign-on B. Encryption protocol C. Access control lists D. Constrained user interfaces

A. Single sign-on

Which security action should be finished before access is given to the network? A. Identification and authorization B. Identification and authentication C. Authentication and authorization D. Authentication and password

B. Identifciation and authentication

The authendication process wehre the user can access several resources without the need for multiple credentials is known as: A. Discretionary Access Control (DAC) B. Need to know C. Decentralized management D. single sign-on

D. Single sign-on

Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized? A. False acceptance B. False positive C. False rejection D. False negative

C. False rejection

Which of the following is the best description about the method of controlling how and when users can connect in from home? A. Remote access policy B. Remote authentication C. Terminal access control D. Virtual Private Networking (VPN)

A. Remote Access Policy

The implicit deny will block anything you didn't specifically allow but you may have allowed stuff that you don't need. A technician is reviewing the system logs for a firewall and is told that there is an implicit deny whithin the ACL. Which is an example of an implicit deny? A. An implicit deny statement denies all traffic from one network to another B. Each item is denied by default because of the implicit deny. C. Items which are not specifically given access are denied by default. D. An ACL is a way to secure traffic from one network to another

C. Items which are not specifically given access are denied by default.

In order to allow for more oversight of past transactions a company decides to exchange positions of the purchasing agent and the accounts receivable agent. Which is an example of this? A. Seperation of duties B. Least privilege C. Implicit deny D. Job rotation

D. Job rotation

Which method could identify when unauthorized access has occurred? A. Implement session termination mechanism. B. Implement previous logon notification. C. Implement session lock mechanism D. Implement two-factor authentication.

B. Implement previous logon notification

Which item is not a logical access control method? A. biometrics B. Group Policy C. ACL D. Software token

A. Biometrics

Which one of the following options will create a security buffer zone between two rooms? A. Mantrap B. Anti-pass back C. DMZ D. Turnstile

A. Mantrap

On the basis of certain ports which of the following will allow wireless access to network resources? A. 802.11a B. 802.11n C. 802.1x D. 802.11g

C. 802.1x

An organization has a hierarchical-based concept of privilege management with administrators having full access human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as: A. Discretionary Access Control (DAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Role Based Access Control (RBAC)

D Role Based Access Control (RBAC)

The first step in creating a security baseline would be: A. identifying the use case B. installing software patches C. vulnerability testing D. creating a security policy

D. Creating a security policy

You work as a network administrator for your company. Your company requires you to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has a video surveillance system. Which additional control can be performed? A. ACL B. Defense-in-depth C. Logical token D. Mantrap

D. Mantrap

Which solution can be used by a user to implement very tight security controls for technicians that seek to enter the user's datacenter? A. Combination locks and key locks B. Smartcard and proximity readers C. Magnetic lock and pin D. Biometric reader and smartcard

D. Biometric reader and smartcard

The difference between identification and authentication is that: A. authentication verifies a set of credentials while identification verifies the identity of the network. B. Authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. C. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. D. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials.

C. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.

From the listing of attacks which analyzes how the operating system (OS) responds to specific network traffic in an attempt to determine the operating system running in your networking environment? A. Operating system scanning B. Reverse engineering C. Fingerprinting D. Host hijacking

C. Fingerprinting

Both the server and the client authenticate before exchanging data. This is an example of which of the following? A. SSO B. biometrics C. mutual authentication D. multifactor authentication

C. mutual authentication

After the maximum number attempts have failed which of the following could set an account to lockout for 30 minutes? A. Account lockout threshold B. Account lockout duration C. Password complexity requirements D. Key distribution center

B. Account lockout duration

Which of the following has largely replaced SLIP? A. SLIP (Serial Line Internet Protocol) B. PPP (Point-to-Point Protocol) C. VPN D. RADIUS (Remote Authentication Dial-In User Service)

B PPP (Point-to-Point Protocol)

Which of the following definitions fit correctly to RADIUS? A. is an older protocol that was used in early remote access environments. B. has largely replaced SLIP and offers multiple protocol support including Appletalk IPX and DECnet. C. are used to make connections between private networks across a public network such as the Internet. D. is a mechanism that allows authentication of dial-in and other network connections

D. is a mechanism that allows authentication of dial-in and other network connections

Which of the definitions fit correctly to TACACS? A. is an older protocol that was used in early remote access environments. B. has largely replaced SLIP and offers multiple protocol support including AppleTalk IPX and DECnet. C. are used to make connections between private networks across a public network such as the Internet. D. It allows credentials to be accepted from muliple methods including Kerberos.

D. It allows credentials to be accepted from multiple methods including Kerberos.

Job rotation is a cross-training technique where organizations minimize collusion amongst staff. A. True B. False

A. True

The Lightweight Directory Access Protocol or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. A user needs to implement secure LDAP on the network. Which port number will secure LDAP use by default? A. 53 B. 389 C. 443 D. 636

D 636

An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. DRP B. BCP C. SLA D. VPN

C. SLA

The staff must be cross-trained in different functional areas in order to detect fraud. Which of the following is an example of this? A. Implicit deny B. Least privilege C. Separation of duties D. Job rotation

D. Job rotation

Which of the following improves security in a wireless system? A. IP spoofing B. MAC filtering C. SSID spoofing D. Closed network

B. MAC filtering

Which of the following is a list of discrete entries that are known to be benign? A. whitelist B. signature C. Blacklist D. ACL

A. Whitelist

IDS is short for Intrusion Detection Systems. Which option is the MOST basic form of IDS? A. Signature B. Statistical C. Anomaly D. Behavioral

A. Signature

Which description is correct concerning the process of comparing cryptographic hash functions of system executables configuration files and log files? A. File integrity auditing B. Stateful packet filtering C. Host based intrusion detection D. Network based intrusion detection

A. File integrity auditing

Which tool can best monitor changes to the approved system baseline? A. Enterprise antivirus software B. Enterprise performance monitoring software C. Enterprise key management software D. Enterprise resource planning software

B. Enterprise performance monitoring software

Audit log information can BEST be protected by: (SELECT TWO) A. using a VPN B. an IDS C. access controls that restrict usage D. recording to write-once media

C. Access controls that restrict usage D. recording to write-once media

John works as a network administrator for his company. He uses a tool to check SMTP DNS POP3 and ICMP packets on the network. This is an example of which of the following? A. A vulnerability scan B. A protocol analyzer C. A penetration test D. A port scanner

B. A protocol analyzer

Which of the following should be done if an audit recording fails in an information system? A. Log off the user B. Overwrite the oldest audit records C. Stop generating audit records D. Send an alert to the appropriate personnel

D. Send an alert to the approprate personnel

Which of the following steps is MOST often overlooked during the auditing process? A. Reviewing event logs regularly B. Enabling auditing on the system C. Auditing every system event D. Deciding what events to audit

A. Reviewing event logs regularly

What should be taken into consideration while exexcuting proper logging procedures? (SELECT TWO) A. The information that is needed to recontruct events B. The password requirements for user accounts C. The virtual memory allocated on the log server D. The amount of disk space required

A. The information that is needed to recontruct events D. The amount of disk space required

In computer programming DLL injection is a technique used to run code within the address space of another process by forcing it to load a dynamic-link library. Which activity is MOST closely associated with DLL injection? A. Penetration testing B. SQL servers C. Network mapping D. Vulnerability assessment

A. Penetration testing

Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Which of the following can most effectively determine whether network utilization is abnormal? A. Application log B. Performance baseline C. Systems monitor D. Security log

B. Performance baseline

When an IDS is configured to match a specific traffic pattern then which of the following is this referring to? A. Signature-based B. Behavior-based C. Anomaly-based D. Heuristic-based

A. Signature-based

A system admin reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take? A. Notify management B. Determine the business impact C. Contact law enformcement officials D. Contain the problem

D. Contain the problem

After analyzing vulnerability and applying a security patch which non-intrusive action should be taken to verify that the vulnerability was truly removed? A. Update the antivirus definition file B. Apply a security patch from the vendor C. Repeat the vulnerability scan D. Perform a penetration test

C. Repeat the vulnerability test

Which NIDS configuration is based on specific netwrok traffic? A. Anomaly-based B. Host-based C. Behavior-based D. Signature-based

D. Signature-based

Which tool can help the technician to fine all open ports on the network? A. Router ACL B. Performance monitor C. Protocol analyzer D. Network scanner

D. Network scanner

Malicious port scanning is a method of attack to determine which of the following? A. Computer name B. The fingerprint of the operating system C. The physical cabling topology of a network D. User IDs and passwords

B. The fingerprint of the operating system

Network traffic is data in a network. Which tool can be used to review network traffic for clear text passwords? A. Port scanner B. Protocol analyzer C. Firewall D. Password cracker

B Protocol analyzer

Which of the following is not identified within the penetration testing scope of work? A. a complete list of all network vulnerabilities B. handling of information collected by the penetration testing team C. IP addresses of machines from which penetration testing will be exexcuted D. a list of acceptable testing techniques and tools to be utilized

A. a complete list of all network vulnerabilities

Choose the figure which represents the number of ports in the TCP/IP which are vulnerable to being scanned attacked and exploited. A. 32 ports B. 1024 ports C. 65535 ports D. 16777216 ports

C. 65535

After installing new software on a machine what needs to be updated to the baseline? A. Honeypot B. Signature-based NIPS C. Signature-based NIDS D. Behavior-based HIDS

D. Behavior-based HIDS

A network technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which item can help determine the amount of CPU cycles being consumed? A. Install malware scanning software B. Run performance monitor to evaluate the CPU usage C. Use a protocol analyzer to find the cause of the traffic D. Install HIDS to determine the CPU usage

B. Run performance monitor to evaluate the CPU usage

Which of the following ports are typically used by email clients? (SELECT TWO) A. 3389 B. 194 C. 143 D. 110

C. 143 D. 110

A DNS server uses a specific port number. Choose this port number from the options. A. Port 32 B. Port 53 C. Port 65535 D. Port 16777216

B. 53

Which practice is the best to secure log files? A. Copy or save the logs to a remote log server. B. Change security settings to avoid corruption. C. Log all failed and successful login attempts D. Deny administrators all access to log files to prevent write failures.

A. Copy or save the logs to a remote log server

Nmap has been run against a server and more open ports than expected have been discovered. Which of the following would be the FIRST step to take? A. All ports should be closed and observed to see whether a process tries to reopen the port. B. NMAP should be run again and observed to see whether different results are obtained. C. All ports should be left open and traffic monitored for malicious activity. D. The process using the ports should be examined.

D. The process using the ports should be examined

Which scanner can find a rootkit? A. email scanner B. malware scanner C. anti-spam scanner D. Adware scanner

B. Malware scanner

Which of the following is the MOST effective way for an administrator to determine what security holes reside on a network? A. Perform a vulnerability assessment B. Run a port scan C. Run a sniffer D. Install and monitor an IDS

A. Perform a vulnerability assessment

Your company has already implemented two-factor authentication adn wants to install a third authentication factor. If the existing authentication system uses strong passwords and PKI tokens which item would provide a third factor? A. Six digit PINs B. Pass phrases C. Fingerprint scanner D. Elliptic curve

C. Fingerprint scanner

Identify the item that can determine which flags are set in a TCP/IP handshake? A. Network mapper B. FIN/RST C. Protocol analyzer D. SYN/ACK

C. Protocol analyzer

Which of the following BEST describes an attempt to transfer DNS zone data? A. Evasion B. Fraggle C. Teardrop D. Reconnaissance

D. Reconnaissance

Which method is the LEAST intrusive to check the environement for known software flaws? A. Port scanner B. Vulnerability scanner C. Penetration test D. Protocol analyzer

B. Vulnerability scanner

After auditing file which log will show unauthorized usage attempts? A. application B. performance C. security D. system

C. Security

Which of the following is a reason to use a vulnerability scanner? A. To identify open ports on a system B. To assist with protocol analyzing C. To identfiy remote access policies D. To assist with PKI implementation

A. To identify open ports on a system

Look at the following intrustion detection systems carefuly which one uses well defined models of how an attack occurs? A. Anomaly B. Protocol C. Signature D. Behavior

C. Signature

Which of the following logs shows when the workstation was last shutdown? A. DHCP B. Security C. Access D. System

D. System

One of the below is a description for a password cracker which one is it? A. A program that can locate and read a password file B. A program that provides software registration passwords and keys C. A program that performs comparative analysis. D. A program that obtains privileged access to the system

C. A program that performs comparative analysis

Risk assessment is a common first step in a risk managment process. Risk assessment is the determination of quantitative or qualitative vaule of risk related to a concrete situation and a recognized threat (also called hazard.) As a best practice risk assessment should be based upon which of the following? A. An absolute measurement of threats B. A qualitative measurement of risk and impact C. A quantitative measurement of risk impact and asset value D. A survey of annual loss potential threats and asset value.

C. A quantitative measurement of risk impact and asset value

Which of the below options would you consider as a program that constantly observes data traveling over a network? A. Smurfer B. Sniffer C. Fragmenter D. Spoofer

B. Sniffer

Which of the following will requre setting a baseline? (SELECT TWO) A. Anomaly-based monitoring B. Signature-based monitoring C. NIPS D. Behavior-based monitoring

A. Anomaly-based monitoring D. Behavior-based monitoring

Choose the most effective method of preventing computer viruses from spreading throughout the network. A. You should require root/administrator access to run programs and applications B. You should enable scanning of all e-mail attachments C. You should prevent the execution of .vbs files D. You should install a host based IDS

B. You should enable scanning of all e-mail attachments

An Auditing system is necessary to prevent attacks on what part of the system? A. the files B. the operating system C. the systems memory D. none of the above

A. the files

Choose the network mapping tool (scanner) which uses ICMP. A. A port scanner B. A map scanner C. A ping scanner D. A share scanner

C. A ping scanner

One type of port scan can determine which ports in a listening state on the network and can then perform a two way handshake. Which type of port scan can perform this set of actions? A. A TCP SYN scan B. A TCP connect scan C. A TCP fin scan D. A TCP null scan

A. TCP SYN scan

Which security measures should be recommended while implementing system logging procedures? (SELECT TWO) A. Collect system temporary files B. Apply retention policies on the log files C. Perform CRC checks D. Perform hashing of the log files

B. Apply retention policies on the log files C. Perform CRC checks

Tom is a network administrator of his company. He suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which logs will be the BEST place to look for information? A. Antivirus logs B. Firewall logs C. DNS logs D. Intrusion detection logs

B. Firewall logs

A technician is auditing the security posture of an organization. The audit shows that many of the users have the ability to access the company's accounting information. Which of the following should the technician recommend to address this problem? A. Changing file level audit settings B. Implementing a host based intrusion detection system. C. Changing the user rights and security groups D. Implementing a host based intrusion prevention system

C. Changing the user rights and security groups

What description is true about penetration testing? A. Simulating an actual attack on a network B. Establishing a security baseline C. Hacking into a network for malicious reasons D. Detecting active intrusions

A. Simulating an actual attack on a network

Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network? A. The firewall's logs B. the attacking computer's audit logs C. The target computer's audit logs D. The domain controller's logs

C. The target computer's audit logs

On a company's LAN port 3535 is typically blocked for outbound traffic. An end-user has recently purchased a legitimate business program that needs to make outbound calls through this port. Which step should be taken by a technician to allow this? (SELECT TWO) A. Change the users subnet mask B. Open the port on the company's firewall C. Open the port on the VLAN D. Open the port on the users personal software firewall

B. Open the port on the company's firewall D. Open the port on the users personal software firewall

The purpose of a DNS server is to enable people and applications to lookup records in DNS tables. Why implement security logging on a DNS server? A. To monitor unauthorized zone transfers B. To control unauthorized DNS DoS C. To measure the DNS server performance. D. To perform penetration testing on the DNS server

A. To monitor unauthorized zone transfers

Which of the following statements are true regarding File Sharing? A. FTP is a protocol a client and a server. B. Security was based on the honor system C. As discussed earlier SSH is a program that allows connections to be secured by encrypting the session between the client and the server D. When files are stored on a workstation the connection is referred to as a peer-to-peer connection

D. When files are stored on a workstation the connection is referred to as a peer-to-peer connection

Which of the following BEST be used to determine the topology of a network and discover unknown devices? A. Vulnerability scanner B. NIPS C. Protocol analyzer D. Network mapper

D. Network mapper

When should a technician perform penetration testing? A. When the technician suspects that weak passwords exist on the network. B. When the technician is trying to guess passwords on a network C. When the technician has permission from the owner of the network D. When the technician is war driving and trying to gain access

C. When the technician has permission from the owner of the network

On which of the following is a security technician MOST likely to find usernames? A. DNS logs B. Application logs C. Firewall logs D. DHCP logs

B. Application logs

Most current encryption schemes are based on: A. digital rights management B. time stamps C. randomizing D. algorithms

D. algorithms

Most current encryption schemes are based on: A. digital rights management B. time stamps C. randomizing D. algorithms

D. algorithms

Which of the following types of cryptography is typically used to provide an integrity check? A. Public key B. Asymmetric C. Symmetric D. Hash

D. Hash

The Public Key Infrastructure (PKI) is a set of hardware software people policies and procedures needed to create manage store distribute and revoke digital certificates. The public key infrastructure is based on which encryption schemes? A. Symmetric B. Quantum C. Asymmetric D. Elliptical curve

C. Asymmetric

Which of the following refers to the ability to be reasonably certain that data is not disclosed to unintended persons? A. non-repundiation B. Integrity C. Authentication D. Confidentiality

D. Confidentiality

Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database. Which description is correct when a hashing algorithm generates the same hash for two different messages? A. A one-way hash occurred B. A hashing chain occurred C. A collision occurred D. A deviation occurred

C. A collision occurred

Which of the following describes a type of algorithm that cannot be reversed in order to decode the data? A. Symmetric B. One Way Function C. Asymmetric D. Pseudorandom Number Generator (PRNG)

B. One Way Function

CRL is short for Certificate Revocation List. Which types of keys are included in a CRL? A. Both public and private keys B. Public keys C. Steganographic keys D. Private keys

A. Both public and private keys

Secret key encryption is also known as: A. symmetrical B. replay C. one way function D. asymmetrical

A. symmetrical

What may happen when hashing two different files creates the same result? A. a mirror B. a collision C. a duplication D. a pseudo-random event

B. collision

Password cracking tools are available worldwide over the Internet. Which one of the following items is a password cracking tool? A. Wireshark B. Nessus C. John the Ripper D. AirSnort

C. John the Ripper

Which statement is true about the cryptographic algorithm employed by TLS to establish a session key? A. Blowfish B. Diffie-Hellman C. IKE D. RSA

B. Diffie-Hellman

Which of the following would be an easy way to determine whether a secure web page has a valid certificate? A. Right click on the lock at the bottom of the browser and check the certificate information. B. Contact Thawte or Verisign and ask about the web page C. Contact the web page's web master D. Ensure that the web URL starts with https

A. Right click on the lock at the bottom of the browser and check the certificate information.

Encryption is the conversion of data into a form called a ciphertext that cannot be easily understood by unauthorized people. Which of the following is considered the weakest encryption? A. SHA B. DES C. RSA D. AES

B. DES

Which method will most effectively verify that a patch file downloaded from the third party has not been modified since the time that the original manufacturer released the patch? A. Compare the final MD5 hash with the original. B. Compare the final LANMAN hash with the original. C. Download the patch file through a SSL connection. D. Download the patch file over an AES encrypted VPN connection.

A. Compare the final MD5 hash with the original

A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature the message digest is encrypted with which of the following keys? A. Senders public key B. Recievers private key C. Recievers public key D. Senders private key

D. Senders private key

Which password management system best provides for a system with a large number or users? A. Self service password reset management systems B. Locally saved passwords management systems C. Multiple access methods management systems D. Synchronized passwords management systems

A. Self service password reset management systems

Removable storage has been around almost as long as the computer itself. Which of the following is the GREATEST security risk regarding removable storage? A. Availability of data B. Integrity of data C. Not enough space available D. Confidentiality of data

D. Confidentiality of data

Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received? A. Anti-aliasing B. Data integrity C. Asymmetric cryptography D. Non-repudiation

D non-repudiation

IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just authentication) and to provide protection against replays. Which of the following is correct about authentication headers (AH)? A. The authentication information is a keyed hash based on all of the bytes in the packet. B. The authentication information may be the same on different packets if the integrity remains in place. C. The authentication information hash will increase by one if the bytes remain the same on transfer. D. The authentication information hash will remain the same if the bytes change on transfer.

A. The authentication information is a keyed hash based on all of the bytes in the packet.

Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with? A. Authentication B. Integrity C. Non-repudiation D. Confidentiality

B. Integrity

A security specialist has downloaded a free security software tool from a trusted industry site. The source has published the MD5 hash values for the executable program. The specialist performs a successful virus scan on the download but the MD5 hash is different. Which of the following steps should the specialist take? A. Avoid executing the file and contact the source website administrator. B. Ignore the MD5 hash values can change during IP fragmentation. C. Re-run the anti-virus program to ensure that it contains no virus execute D. Install the executable program because there was probably a mistake with the MD5 vaule.

A. Avoid executing the file and contact the source website administrator.

Which algorithms can best encrypt large amounts of data? A. Asymmetric key algorithms B. Symmetric key algorithms C. ECC algorithms D. Hashing algorithms

B. Symmetric key algorithms

Which of the following connectivity is required for a web server that is hosting an SSL based web site? A. Port 443 inbound B. Port 443 outbound C. Port 80 inbound D. Port 80 outbound

A. Port 443 inbound

Which item will effectively allow for fast highly secure encryption of a USB flash drive? A. 3DES B. SHA-1 C. MD5 D. AES256

D. AES 256

Which types of keys will be used if a server and workstation communicate via SSL? (SELECT TWO) A. Public Key B. Recovery Key C. Session Key D. Keylogger

A. Public Key C. Session Key

Which of the following could cause communication errors with an IPSec VPN tunnel because of changes made to the IP header? A. SOCKS B. NAT C. DNS D. Private addressing

B. NAT

How to make sure that when an employee leaves the company permanently the company will have access to their private keys? A. Store the keys in escrow B. Store them in a CRL C. Obtain the employees hardware token D. Immediately delete the account

A. Store the keys in escrow

Identify the service provided by message authentication code (MAC) hash: A. data recovery B. fault tolerance C. key recovery D. inetegrity

D. inegrity

Which key can be used by a user to log into their network with a smart card? A. Public key B. Cipher key C. Shared key D. Private key

D. Private key

Which of the following would be an effective way to ensure that a compromised PKI key can not access a system? A. Reconfigure the key B. Revoke the key C. Delete the key D. Renew the key

B. Revoke the key

Which of the following provides the MOST secure form of encryption? A. 3DES B. Diffie-Hellman C. DES D. AES

D. AES

Which of the following describes the validation of a messages origin? A. integrity B. Confidentiality C. Non-repudiation

C. Non-repudiation

Using software on a individual computer to generate a key pair is an example of which of the following approaches to PKI architecture? A. Decentralized B. Centralized C. Hub and spoke D. Distrubuted key

A. Decentralized

Which description is true about how to accomplish steganography in graphic files? A. Replacing the most significant bit of each byte. B. Replacing the most significant byte of each bit C. Replacing the least significant byte of each bit D. Replacing the least significant bit of each byte

D. Replacing the least signifcant bit of each byte

Which of the following types of encryption would be BEST to use for a large amount of data? A. Asymmetric B. Symmetric C. ROT13 D. Hash

B. Symmetric

What is steganography primarily used for? A. Data integrity B. Message digest C. Hide information D. Encrypt information

C. Hide information

A company has instituted a VPN to allow remote users to connect to the office. As time progresses multiple security associations are created with each association being more secure. Which of the following should be implemented to automate the selection of the BEST security association for each user? A. AES B. 3DES C. SHA D. IKE

D. IKE

A small manufacturing company wants to deploy secure wireless on their network. Which of the following wireless security protocols could be used? (SELECT TWO) A. WEP B. IPX C. WPA D. WAN

A. WEP C. WPA

Which of the following uses private key/public key technology to secure web sites? A. SSL B. TCP C. Media Access Control (MAC) D. Access Control List (ACL)

A. SSL

Which of the following is the MOST significant flaw in Pretty Good Privacy (PGP) authentication? A. Private keys can be compromised. B. A user must trust the public key that is received C. It is subject to a man-in-the-middle attack D. Weak encryption can easily be broken

B. A user must trust the public key that is received

Which option is correct about a hash algorithms ability to avoid the same output from two guessed inputs? A. Collision strength B. Collision resistance C. Collision strength D. Collision metric

B. Collision resistance

Which of the following would be an example of a hardware device where keys can be stored? (SELECT TWO) A. PCI Card B. Smart card C. PCMCIA card D. Network Interface Card (NIC)

B. Smart Card C. PCMCIA card

Encryption is the conversion of data into a form called a ciphertext that cannot be easily understood by unauthorized people. Which encryption is the strongest by use of mathematical evaluation techniques? A. 3DES B. ROT13 C. AES D. DES

C. AES

The Diffie-Hellman encryption algorithm relies on which of the following? A. Tunneling B. Digital signatures C. Key exchange D. Passwords

C. Key exchange

Non-repudiation is enforced by which of the following? A. Secret keys B. Digital signatures C. PKI D. Cipher Block chaining

B. Digital signatures

Which is the primary objective to implement performance monitoring applications on network systems from a security standpoint? A. To detect host intrusions from external networks B. To detect network intrusions from external attackers C. To detect integrity degradations to network attached storage D. To detect availability degradations caused by attackers

D. To detect availability degradations caused by attackers

Which key is generally applied FIRST to a message digest to provide non-repudiation by use of asymmetric cryptography? A. Private key of the receiver B. Private key of the sender C. Public key of the sender D. Public key of the receiver

B. Private key of the sender

Which item can easily create an unencrypted tunnel between two devices? A. PPTP B. AES C. L2TP D. HTTPS

C. L2TP

In order to encrypt credit card data which will be the most secure algorithm with the least CPU utilization? A. 3DES B. AES C. SHA-1 D. MD5

B. AES

Which of the following encryption algorithms relies on the inability to factor large prime numbers? A. Eliptic Curve B. AES256 C. RSA D. SHA-1

C. RSA

The Public Key Infrastructure (PKI) is a set of hardware software people policies and procedures needed to create manage store distribute certificates. An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting the body of an email the executive wants to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which asymmetric key should be used by the executive to encrypt the signature? A. Shared B. Private C. Hash D. Public

B. Private

Which protocol can be used to ensure transmissions on port 443? A. HTTPS B. SHTTP C. Telnet D. SFTP

A. HTTPS

Which of the following protocols is used to transmit data between a web browser and a web server? A. SSH B. HTTP C. SFTP D. IMAP4

B. HTTP

Which statement correctly describes the difference between a secure cipher and a secure hash? A. A hash can be reversed a cipher cannot. B. A hash produces a variable output for any input size a cipher does not. C. A cipher can be reversed a hash cannot. D. A cipher produces the same size output for any input size a hash does not.

C. A cipher can be reversed a hash cannot.

Recently your company has implemented a work from home program. Employees should connect securely from home to the corporate network. Which encryption technology can be used to achieve this goal? A. L2TP B. IPSec C. PPPoE D. PPTP

B. IPSec

In cryptography a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Pre-shared keys can be applied to which of the following? A. TPM B. PGP C. Digital Signature D. CA

B. PGP

Which of the following definitions fit correctly to PPTP? A. It supports encapsulation in a single point-to-point environment. B. It was created by Cisco as a method of creating tunnels primarily for dial-up connections. C. It is primarily a point-to-point protocol. D. It is tunneling protocol originally designed for UNIX systems.

A. It supports encapsulation in a single point-to-point environment.

From the list of protocols which two are VPN tunneling protocols? (CHOOSE TWO Protocols) A. PPP B. SLIP C. L2TP D. PPTP

C. L2TP D. PPTP

Which encryption algorithms can be used to encrypt and decrypt data? A. NTLM B. MD5 C. SHA-1 D. RC5

D. RC5

Choose the option that details one of the primary benefits of using S/MIME (Secure/Multipurpose Internet Mail Extension)? A. S/MIME allows users to send both encrypted and digitally signed e-mail messages. B. S/MIME allows users to send anonymous e-mail messages. C. S/MIME allows users to send e-mail messages with a return receipt. D. S/MIME expedites the delivery of e-mail messages.

A. S/MIME allows users to send both encrypted and digitally signed e-mail messages

Choose the scheme or system used by PGP (Pretty Good Privacy) to encrypt data. A. Asymmetric scheme B. Symmetric scheme C. Symmetric key distribution system D. Asymmetric key distribution system

A. Asymmetric scheme

All of the following provide confidentiality protection as part of the underlying protocol EXCEPT: A. SSL B. SSH C. L2TP D. IPSec

C. L2TP

Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data? A. Steganography B. Worm C. Trojan horse D. Virus

A. Steganography

Which of the following would allow for secure key exchange over an unsecured network without a pre-shared key? A. 3DES B. AES C. DH-ECC D. MD5

C. DH-ECC

How many keys are utilized with asymmetric cryptography? A. One B. Two C. Five D. Seven

B. Two

Which of the following increases the collision resistance of a harsh? A. Salt B. Increase the input length C. Rainbow Table D. Larger key space

A. Salt

You work as a network administrator for your company. Taking personal safely into consideration what fire suppression substances types can effectively prevent damage to electronic equipment? A. Halon B. CO2 C. Water D. Foam

B. CO2

Which of the following would be MOST important to have to ensure that a company will be able to recover in case of severe environmental trouble or destruction? A. Disaster recovery plan B. Alternate sites C. Offsite storage D. Fault tolerant systems

A. Disaster recovery plan

Documentation describing a group of expected minimum behaviors is known as: A. the need to know B. acceptable usage C. the seperation of duties D. a code of ethics

D. a code of ethics

Sending a patch through a testing and approval process is an example of which option? A. Acceptable use policies B. Change management C. User education and awareness training D. Disaster planning

B. Change management

A company's new employees are asked to sign a document that describes the methods of and purposes for accessing the company's IT systems. Which of the following BEST describes this document? A. Privacy Act of 1974 B. Authorized Access Policy C. Due dilligence form D. Acceptable Use Policy

D. Acceptable Use Policy

In addition to bribery and forgery which of the following are the MOST common techniques that attackers use to socially engineer people? (SELECT TWO) A. Phreaking B. Dumpster diving C. Flattery D. Assuming a position of authority

C. Flattery D. Assuming a position of authority

The risks of social engineering can be decreased by implementing: (SELECT TWO) A. security awareness training B. risk assessment policies C. operating system patching instructions D. identity verification methods

A. security awareness training D. identity verification methods

Non-essential services are often appealing to attackers because non-essential services: (SELECT TWO) A. consume less bandwidth B. are not visible to an IDS C. are not typically configured correctly or secured D. sustain attacks that go unnoticed

C. are not typically configured correctly or secured D. sustain attacks that go unnoticed

In order to recover discarded company documents which of the following might an attacker resort to? A. Shoulder surfing B. Phishing C. Dumpster diving D. Insider theft

C. Dumpster diving

Turnstiles double entry doors and security guards are all prevention measures for which of the following types of social engineering? A. Piggybacking B. Looking over a co-worker's shoulds to retrieve information C. Looking through a co-worker's trash to retrieve information D. Impersonation

A. Piggybacking

Alex is a network administrator of his company. He is backing up all server data nightly to a local NAS device. Which additional action should Alex perform to block disaster in the case the primary site is permanently lost? A. Backup all data at a present interval to removable disk and store the disk in a fireproof safe in the buildings basement. B. Backup all data at a preset interval to tape and store those tapes at a sister site in another city. C. Backup all data at a present interval to tape and store those tapes at a sister stite across the street. D. Backup all data at a present interval to removable disk and store the disk in a safety deposit box at the administrators home.

B. Backup all data at a present interval to tape and store and store those tapes at a sister site in another city.

A travel reservation organization conducts the majority of its transactions via a public facing website. Any downtime to this website will lead to serious financial damage for this organization. One web server is connected to several distrubuted database servers. Which statement is correct about this scenario? A. RAID B. Warm site C. Proxy server D. Single point of failure

D. Single point of failure

A technician is conducting a forensics analysis on a computer system. Which step should be taken FIRST? A. Search for Trojans B. Look for hidden files C. Get a binary copy of the system D. Analyze temporary files

C. Get a binary copy of the system

Which is the correct order in which crucial equipment should draw power? A. Backup generator UPS battery UPS line conditioner B. Uninterruptible Power Supply batter UPS line conditioner backup generator C. Backup generator UPS line conditioner UPS battery D. UPS line conditioner UPS battery and backup generator

D. UPS line conditioner UPS battery and backup generator

Which description is correct about the form used while transferring evidence? A. evidence log B. booking slip C. chain of custody D. Affidavit

C. Chain of custody

Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as: A. a phishing attack B. a Trojan horse C. a man-in-the-middle attack D. social engineering

D. Social engineering

Which of the following describes an attacker encouraging a person to perform an action in order to be successful? A. Man-in-the-middle B. Social engineering C. Back door D. Password guessing

B. Social engineering

A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as: A. spam B. phishing C. packet sniffing D. a hoax

B. phishing

To preserve evidence for later use in court which of the following needs to be documented? A. Audit trail of systems usage B. Disaster recovery plan C. Chain of certificates D. Chain of custody

D. Chain of custody

Which of the following is a major reason that social engineering attacks succeed? A. Strong passwords are not required B. Lack of security awareness C. Multiple logins are allowed D. Audit logs are not monitored frequently

B. Lack of security awareness

Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media? A. Incremental B. Differential C. Full D. Delta

B. Differential

When setting password rules which of the following would lower the level of security of a network? A. Passwords must be greater than six characters and contain at least one non-alpha B. All passwords are set to expire at regular intervals and users are required to choose new passwords that have not been used before. C. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users. D. After a set number of failed attempts the server will lock out any user account forcing the user to call the administrator to re-enable the account.

C. Complex passwords that users can not remotely change are randomly generated by the administrator and given to users.

How to test the integrity of a company's backup data? A. by reviewing the written procedures B. by conducting another backup C. by restoring part of the backup D. by using software to recover deleted files

C. By restoring part of the backup

Social engineering attacks would be MOST effective in which of the following environments? (SELECT TWO) A. A locked windowless building B. A military facility with computer equipment containing biometrics C. A public building that has shared office space. D. A company with a help desk whose personnel have minimal training.

C. A public building that has shared office space. D. A company with a help desk whose personnel have minimal training.

For the following sites which one has the means (e.g. equipment software and communications) to facilitate a full recovery within minutes? A. Cold site B. Hot site C. Warm site D. Reciprocal site

B. Hot site

Which description is true about the external security testing? A. Conducted from outside the perimeter switch but inside the border router. B. Conducted from outside the perimeter switch but inside the firewall. C. Conducted from outside the organizations security perimeter. D. Conducted from outside the building that hosts the organizations servers.

C. Conducted from outside the organizations security perimeter

What should be established immediately upon evidence seizure? A. Forensic analysis B. Start the incident respond plan C. Chain of custody D. Damage and loss control

C. Chain of custody

Which of the following would be the MOST effective backup site for disaster recovery? A. Cold site B. Warm site C. Hot site D. Reciprocal agreement

C. Hot site

Which of the following describes backing up files and software that have changed since that last full or incremental backup? A. Full backup B. Differential backup C. Incremental backup D. Delta backup

B. Differential backup

Human resource department personnel should be trained about security policy: A. guidelines and enforcement B. maintenance C. monitoring and administration D. implemenation

A. guidelines and enforcement

An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following? A. Faraday cage B. Mantrap C. Grounded wiring frame D. TEMPEST

A. Faraday cage

Which of the following is not a step in the incident response? A. recovery B. repudiation C. containment D. eradication

B. repudiation

In a classified environment a clearance into a Top Secret compartment only allows access to certain information within that compartment. This is known as: A. dual control B. need to know C. separation of duties D. acceptable use

B. Need to know

A representative from the human resouces department informs a security specialist that an employee has been terminated. Which of the following would be the BEST action to take? A. Disable the employee's user accounts and keep the data for a specified period of time. B. Disable the employee's user accounts and delete all data. C. Contact the employee's supervisor regarding disposition of user accounts. D. Change the employee's user password and keep the data for a specified period.

A. Disable the employee's user accounts and keep the data for a specified period of time.

Which one of the following processes is best to remove PII data from a disk drive before reuse? A. Reformatting B. Sanitization C. Degaussing D. Destruction

B. Sanitization

Default passwords in hardware and software should be changed: A. if a threat becomes known B. once each month C. when the hardware or software is turned on D. when the vendor requires it

C. when the hardware or software is turned on

The main objective of risk management in an organization is to reduce risk to a level: A. where the ALE is lower than the SLE B. where the ARO equals the SLE C. the organization will mitigate D. the organization will accept

D. the organization will accept

Following a disaster which of the following functions should be returned FIRST from the backup facility to the primary facility? A. Web services B. Systems functions C. Executive functions D. Least critical functions

D. Least critical functions

Choose the attack or mailicious code that cannot be prevented or deterred solely through using technical measures. A. Dictionary attacks B. Man in the middle attacks C. DoS attacks D. Social engineering

D. Social engineering

Which one of the following options will allow for a network to remain operational after a T1 failure? A. Redundant servers B. Redundant ISP C. RAID 5 drive array D. Uninterruptible Power Supply (UPS)

B. Redundant ISP

Which description is correct about a tool used by organizations to verify whether or not a staff member has been involved in mailicious activity? A. Mandatory vacations B. Time of day restrictions C. Implicit deny D. Implicit allow

A. Mandatory vacations

Which of the following need to be backed up on a domain controller to be able to recover Active Directory? A. System Files B. User date C. system date D. Operating system

C. System state

On the topic of comaring viruses and hoaxes which statement is TRUE? Choose the best TRUE statement. A. Hoaxes can create as much damage as a real virus. B.Hoaxes are harmless pranks and should be ignored. C. Hoaxes can help educate users about a virus D. Hoaxes carry a mailicious payload and can be destructive

A. Hoaxes can create as much damage as a real virus

Which security measure should be used while implementing access control? A. Password complexity requirements B. Disabling SSID broadcast C. Time of day restrictions D. Changing default passwords

A. Password complexity requirements

An administrator wants to make usre that no equipment is damaged when encountering a fire or false alarm in the server room. Which type of fire suppression system should be used? A. Carbon dioxide B. deluge sprinkler C. Hydrogen Peroxide D. Wet pipe sprinkler

A. Carbon dioxide

When power must be delivered to critical systems which of the following is a countermeasure? A. Backup generator B. Warm site C. Redundant power supplies D. Uninterruptible power supplies (UPSs)

A. backup generator

Who is finally in charge of the amount of residual risk? A. the senior management B. The DRP coordinator C. The security technician D. The organizations security officer

A. The senior management