Questions 0-200

Question 1

Which part of the security policies must a user be aware of? A. The applicable policies themselves and the effect caused by security breach B. The person responsible for creating the policies. C. The total number of policies that are there. D. None of the above

Answer 1

Which part of the security policies must a user be aware of? A. The applicable policies themselves and the effect caused by security breach (Answer) B. The person responsible for creating the policies. C. The total number of policies that are there. D. None of the above Explanation It is very essential for every employee/user to know the relevant security policies and the effect of security breach

Question 2

Which of the following is necessary even after an employee has attended a security awareness program? A. Ensure security update bulletins are distributed to all employees at regular intervals. B. Assign a test score to the employee for the training attended C. Ensure the employee goes through one more such training D. None of the above

Answer 2

Which of the following is necessary even after an employee has attended a security awareness program? A. Ensure security update bulletins are distributed to all employees at regular intervals. (Answer) B. Assign a test score to the employee for the training attended C. Ensure the employee goes through one more such training D. None of the above Explanation The security awareness program attended by the employee may provide security awareness up to that date only. Any improvements and up gradation in security awareness there after must reach all the staff in form of bulletins.

Question 3

Which of the following will not be available on a cold site? A. Electricity B. Networking C. Space D. None of the above

Answer 3

Which of the following will not be available on a cold site? A. Electricity B. Networking (Answer) C. Space D. None of the above Explanation Cold site usually has electricity and space for furniture. Networking will have to be set up from scratch.

Question 4

If you cannot afford a hot site- which of the following would be an alternate solution? A. Warm site B. Cold site C. Luke warm site D. None of the above

Answer 4

If you cannot afford a hot site- which of the following would be an alternate solution? A. Warm site (Answer) B. Cold site C. Luke warm site D. None of the above Explanation A warm site would provide all facilities other than computers. Hence the return time to business is usually more than t hat in hot site.

Question 5

Which of the following backup is most time consuming to restore during a server crash? A. Differential backup B. Incremental backup C. Full backup D. None of the above

Answer 5

Which of the following backup is most time consuming to restore during a server crash? A. Differential backup B. Incremental backup (Answer) C. Full backup D. None of the above Explanation Incremental backups take the fastest to perform in comparison with full and differential backups- but are the longest to restore

Question 6

Which of the following is an ideal location for storing the backup? A. Offsite location B. Within the main site C. In the same city as head office D. None of the above

Answer 6

Which of the following is an ideal location for storing the backup? A. Offsite location (Missed) B. Within the main site (Missed) C. In the same city as head office D. None of the above Explanation Any off site location is good. Within the vicinity of the site will ensure that data backup is safe in case of fire and is also available at short notice when required to restore. In general- Budget and security concerns should dictate distance- as far away location will protect against natural disasters that may effect the city/neighbrohood

Question 7

Which of the following enhances the server availability on the network? Choose the best answer A. Server mirroring B. Server clustering C. PDC D. None of the above

Answer 7

Which of the following enhances the server availability on the network? Choose the best answer A. Server mirroring B. Server clustering (Answer) C. PDC D. None of the above Explanation Server clustering is the ideal solution for enhancing file server availability on the network

Question 8

Backup is required only for electric power and not electronic data. T/F? A. True B. False

Answer 8

Backup is required only for electric power and not electronic data. T/F? A. True B. False (Answer) Explanation All precautions for networks are being taken to preserve network and data availability. Hence iti s mandatory that data be given maximum online and offline fault tolerance.

Question 9

Surge protectors are meant to provide backup to electrical and electronic devices. T/F? A. True B. False

Answer 9

Surge protectors are meant to provide backup to electrical and electronic devices. T/F? A. True (Answer) B. False Explanation Surge protectors as the name suggests provides electronic devices protection against power surge

Question 10

In case of fire- which o the following needs to be programmed to be put off instantly? A. Electric supply B. Air conditioner C. Fire D. None of the above

Answer 10

In case of fire- which o the following needs to be programmed to be put off instantly? A. Electric supply (Answer) B. Air conditioner C. Fire (Your Answer) D. None of the above Explanation Leaving the electric supply on during fire can have disastrous effect on the site. T o avoid this- it is ideal that the electric supply be programmed to be put off with the usage of heat sensors.

Question 11

Which of the following is essential for backing up burglar alarms and surveillance systems? Choose two A. Burglar alarms are connected to the local police or security organization through telephone lines B. Burglar alarms are connected to the local police or security organization being powered by electric supply C. None

Answer 11

Which of the following is essential for backing up burglar alarms and surveillance systems? Choose two A. Burglar alarms are connected to the local police or security organization through telephone lines (Missed) B. Burglar alarms are connected to the local police or security organization being powered by electric supply (Missed) C. None Explanation Usually burglar alarms are connected to the local police or security organization through telephone lines as well as being powered by electric supply. Hence it is important to backup telephone lines as well as power lines.

Question 12

Cipher text can be used for punch system locks. T/F? A. True B. False

Answer 12

Cipher text can be used for punch system locks. T/F? A. True B. False (Answer) Explanation Cipher locks can be used in punch lock systems and not Cipher text. Cipher text is an encryption scheme.

Question 13

Which of the following provide protection to the enterprise premises against attackers? Choose two A. Burglar alarms B. Bullet proof jackets C. Surveillance systems D. Public address systems

Answer 13

Which of the following provide protection to the enterprise premises against attackers? Choose two A. Burglar alarms (Missed) B. Bullet proof jackets C. Surveillance systems (Missed) D. Public address systems (Your Answer) Explanation Burglar alarms and surveillance systems are an integral part of tracking and alerting authorities against intruders and attackers.

Question 14

Which of the following can be referred to as highly confidential data? A. Intranet web site B. Customer information C. Budget related information D. None of the above

Answer 14

Which of the following can be referred to as highly confidential data? A. Intranet web site B. Customer information (Answer) C. Budget related information D. None of the above Explanation Customer information is usually classified as highly confidential information. Budget related information is classified as confidential information.

Question 15

Which of the following will allow you to take stock of sensitive data in the organization? A. Scanning all floppies that are allowed into the network B. Running scan disk on all drives C. Auditing all servers for stored data D. None of the above

Answer 15

Which of the following will allow you to take stock of sensitive data in the organization? A. Scanning all floppies that are allowed into the network B. Running scan disk on all drives C. Auditing all servers for stored data (Answer) D. None of the above Explanation By auditing all servers in the network for stored data- you can classify data as sensitive or non-sensitive. Auditing is the best process of taking stock of sensitive data in the network.

Question 16

Which of the following statements are true about the way data classification can be made? Choose two A. It must be adhoc or informal B. It may be adhoc or informal C. The strategy usually involves a scheme that splits into different levels D. The strategy usually involves a ten level scheme.

Answer 16

Which of the following statements are true about the way data classification can be made? Choose two A. It must be adhoc or informal B. It may be adhoc or informal (Missed) C. The strategy usually involves a scheme that splits into different levels (Missed) D. The strategy usually involves a ten level scheme. Explanation It is important to have a classification of data to ensure correct levels of security to the relevant type of data. Although it is possible to have informal methods to classify data- it is much methodical to employ a strategy to achieve the end result. The usual strategy employs a scheme that splits into different levels to classify data in the organization. The number of levels is usually dependent on the company needs and requirements or security.

Question 17

As per a company policy- which of the following personnel should be considered as insiders? Choose two. A. Key employees B. Contractors C. Ex-employees D. Vendors

Answer 17

As per a company policy- which of the following personnel should be considered as insiders? Choose two. A. Key employees (Missed) B. Contractors (Missed) C. Ex-employees D. Vendors Explanation Although as per certain company policies that provide granular clarity and specific information- even ex-employees are considered as insiders- by and large many corporates consider only key employees and contractors as insiders as they require some kind of an access to the company resources and in specific network resources.

Question 18

The block size in RC5 can range from 0 to 255. Y/N? A. Yes B. No

Answer 18

The block size in RC5 can range from 0 to 255. Y/N? A. Yes B. No (Answer) Explanation The block size in RC5 can be 32-bit- 64-bit or 128-bit.

Question 19

Which of the following best describes Ron’s Code 2? A. RC2 or Ron’s code 2 is a 64-bit block cipher. B. It was devised by Ron Rivest. C. None

Answer 19

Which of the following best describes Ron’s Code 2? A. RC2 or Ron’s code 2 is a 64-bit block cipher. (Missed) B. It was devised by Ron Rivest. (Missed) C. None Explanation

Question 20

Which of the following is provided by IDEA? Choose two. A. High level security B. Complex implementation C. Ease of implementation D. Average security level

Answer 20

Which of the following is provided by IDEA? Choose two. A. High level security (Missed) B. Complex implementation C. Ease of implementation (Missed) D. Average security level Explanation IDEA provides high level of security along with ease of implementation.

Question 21

Differential cryptanalysis is nothing but pattern studying. T/F? A. True B. False

Answer 21

Differential cryptanalysis is nothing but pattern studying. T/F? A. True (Answer) B. False Explanation Differential Cryptanalysis is nothing but pattern studying. It chooses a pair of plain text with specific differences.

Question 22

Which of the following is required by the cipher when it is important to maintain a message as a secret? A. Generate one cipher text for that message B. Generate at least 5 cipher text for that message C. Generate several cipher text. D. None of the above.

Answer 22

Which of the following is required by the cipher when it is important to maintain a message as a secret? A. Generate one cipher text for that message B. Generate at least 5 cipher text for that message C. Generate several cipher text. (Answer) D. None of the above. Explanation To keep a message a secret it is required that the cipher must be able to generate several cipher text.

Question 23

Which of the following is the most common attack faced by the DES algorithm? A. DoS B. Brute force attack C. Code attack D. None of the above

Answer 23

Which of the following is the most common attack faced by the DES algorithm? A. DoS B. Brute force attack (Answer) C. Code attack D. None of the above Explanation Brute force attack is the most common attack faced by the DES algorithm

Question 24

Cryptography without keys is more secure than cryptography with keys. T/F? A. True B. False

Answer 24

Cryptography without keys is more secure than cryptography with keys. T/F? A. True B. False (Answer) Explanation Cryptography without keys is not at all secure as the deciphering program will reside on the same media where the data or message is being received. In case of thest- the data can be stolen along with the deciphering program.

Question 25

Which of the following can be termed as brute force attack? A. Trying all combinations to break a code B. Breaking into strong cryptography C. Forcibly capturing all data being transmitted D. None of the above

Answer 25

Which of the following can be termed as brute force attack? A. Trying all combinations to break a code (Answer) B. Breaking into strong cryptography C. Forcibly capturing all data being transmitted D. None of the above Explanation When a particular message has been encrypted using random combinations- a person who is capturing this message will have to try all combinations of deciphering possible to expose the original message. This is known as brute force attack.

Question 26

Which of the following types of cryptography is possible? Choose two. A. Cryptography with keys B. Cryptography without keys C. Cryptography before encryption D. Cryptography without encryption

Answer 26

Which of the following types of cryptography is possible? Choose two. A. Cryptography with keys (Missed) B. Cryptography without keys (Missed) C. Cryptography before encryption D. Cryptography without encryption Explanation Cryptography without encryption and before encryption is not cryptography at all. Cryptography is possible with keys and without keys. When used without keys- it will be using simple or complex substitution.

Question 27

Which of the following are the two key-based algorithms? A. Symmetric algorithm B. Asymmetric algorithm C. 128-bit key algorithm D. 1024-bit key algorithm

Answer 27

Which of the following are the two key-based algorithms? A. Symmetric algorithm (Missed) B. Asymmetric algorithm (Missed) C. 128-bit key algorithm D. 1024-bit key algorithm Explanation There are two types of key-based algorithms. Depending on the key pair types they use- they can be categorized as symmetric or asymmetric algorithms.

Question 28

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. C. The messages will be dropped and retransmitted. D. None of the above

Answer 28

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. (Answer) C. The messages will be dropped and retransmitted. D. None of the above Explanation When cryptography uses hash function on a plain text- a fixed length of data called the message digest is generated. This message digest helps to preserve the data integrity by generating a a digest value when the data was originally transmitted. If during transmission the data gests modified- the message digest value that will be resulting will be a totally different value from the original one. This is usually verified at the receiving end before accepting and confirming the receipt of data.

Question 29

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. C. The messages will be dropped and retransmitted. D. None of the above

Answer 29

When employing message digest- if data does get modified- which of the following will be the result of that modification? A. The receiving end and the sending end will receive an alert notification B. The resulting digest after data modification will contain a completely different value. (Answer) C. The messages will be dropped and retransmitted. D. None of the above Explanation When cryptography uses hash function on a plain text- a fixed length of data called the message digest is generated. This message digest helps to preserve the data integrity by generating a a digest value when the data was originally transmitted. If during transmission the data gests modified- the message digest value that will be resulting will be a totally different value from the original one. This is usually verified at the receiving end before accepting and confirming the receipt of data.

Question 30

A digital signature is synonymous to which of the following? A. Finger print B. Hand written signature C. Blood sample D. None of the above

Answer 30

A digital signature is synonymous to which of the following? A. Finger print B. Hand written signature (Answer) C. Blood sample D. None of the above Explanation A digital signature is synonymous to hand written signature. A signature though unique to that person varies with the persons? age. Similarly although a digital signature is unique and is used to establish the origin of that signature- it can vary from situation to situation.

Question 31

Which of the following statements about Public Key Cryptography are true? Choose two. A. You need to have a security setup configured on both the sending as well as the receiving ends to implement Public Key Cryptography. B. You do not need an existing security setup C. Public key can only encrypt and private key can only decrypt. D. Public key can encrypt as well as decrypt- private key can only decrypt E. None of the above

Answer 31

Which of the following statements about Public Key Cryptography are true? Choose two. A. You need to have a security setup configured on both the sending as well as the receiving ends to implement Public Key Cryptography. B. You do not need an existing security setup (Missed) C. Public key can only encrypt and private key can only decrypt. (Missed) D. Public key can encrypt as well as decrypt- private key can only decrypt E. None of the above Explanation The implementation of Public key cryptography does not need any existing security measure to be implemented. Public key can only encrypt and Private key can only decrypt.

Question 32

The concept of public key cryptography was introduced by Diffie-Hellman. T/F? A. True B. False

Answer 32

The concept of public key cryptography was introduced by Diffie-Hellman. T/F? A. True (Answer) B. False Explanation The issues with key distribution faced by conventional encryption- was overcome by the Public-key cryptography concepts introduced by Diffie-Hellman.

Question 33

Which of the following is an advantage of using conventional encryption? A. It is the most secure B. It is very fast C. It is economical D. None of the above

Answer 33

Which of the following is an advantage of using conventional encryption? A. It is the most secure B. It is very fast (Answer) C. It is economical D. None of the above Explanation When conventional encryption is used for stored data rather than the data being transmitted- encryption and decryption process can be very fast.

Question 34

When employing Caesars Cipher key value of 3- which of the following will be the decrypted equivalent of JGOOQ? A. HELLO B. WHAT C. WHEN D. DATE

Answer 34

When employing Caesars Cipher key value of 3- which of the following will be the decrypted equivalent of JGOOQ? A. HELLO (Answer) B. WHAT C. WHEN D. DATE Explanation According to Caesar?s Cipher key value of 3- you would be sliding up the alphabetical value by 3. Hence ?H? would be represented as J- ?E? as G- ?L? as O and ?O? as Q.

Question 35

In symmetric-key encryption- one key will be used for encryption and another will be used for decryption to provide maximum security. T/F? A. True B. False

Answer 35

In symmetric-key encryption- one key will be used for encryption and another will be used for decryption to provide maximum security. T/F? A. True B. False (Answer) Explanation In symmetric-key encryption- one key will be used for encryption as well as decryption.

Question 36

Which of the following will be required to perform Cryptanalysis? Choose three. A. Mathematical tools B. Analytical reasoning C. Pattern finding D. Mathematical reasoning E. Advanced calculators

Answer 36

Which of the following will be required to perform Cryptanalysis? Choose three. A. Mathematical tools (Missed) B. Analytical reasoning (Missed) C. Pattern finding (Missed) D. Mathematical reasoning E. Advanced calculators Explanation Cryptanalysis is a process of studying the pattern of secure communication and breaking it. It involves complex combination such as patience and determination combined with skills of pattern finding- mathematical tools and analytical reasoning.

Question 37

Which of the following is responsible for key issues relating to security of inter-bank communications? A. IETF B. ISI C. NSA D. ABA

Answer 37

Which of the following is responsible for key issues relating to security of inter-bank communications? A. IETF B. ISI C. NSA D. ABA (Answer) Explanation ABA concerns itself with key issues in providing security to financial transaction/communication between banks.

Question 38

RSA is the encryption system used in cellular devices. T/F? A. True B. False

Answer 38

RSA is the encryption system used in cellular devices. T/F? A. True B. False (Answer) Explanation ECC is the encryption system used in cellular devices.

Question 39

What is the requirement for cryptography? Choose two. A. To avoid unauthorized access of information being stored B. To avoid unauthorized access of network resources C. To avoid unauthorized access of information being transmitted. D. To avoid unauthorized access of network servers

Answer 39

What is the requirement for cryptography? Choose two. A. To avoid unauthorized access of information being stored (Missed) B. To avoid unauthorized access of network resources C. To avoid unauthorized access of information being transmitted. (Missed) D. To avoid unauthorized access of network servers Explanation Network resource access will have to be controlled through access permissions. Server access will have to be controlled through physical security to the server. Unauthorized access prevention of stored information or information being transmitted is the role of cryptography.

Question 40

Which of the following are encryption systems? Choose two. A. RC5 B. Blowfish C. MAC D. ARP

Answer 40

Which of the following are encryption systems? Choose two. A. RC5 (Missed) B. Blowfish (Missed) C. MAC D. ARP Explanation RC5 and Blowfish are encryption systems. MAC is a type of hardware address. ARP is a protocol that resolves MAC address to IP address.

Question 41

Which of the following is true about Public/Private key pairs? Choose two. A. They form an essential part of Website security B. They are used by Certificate security system C. They are a pair of clear text passwords D. They are obsolete.

Answer 41

Which of the following is true about Public/Private key pairs? Choose two. A. They form an essential part of Website security (Missed) B. They are used by Certificate security system (Missed) C. They are a pair of clear text passwords D. They are obsolete. Explanation They forma an essential part of Web site security system- as it is the most convenient security system for Web sites considering that clients would be accessing the Web site over the public network. The Certificate security system uses the basic logic of Public/Private key pairs.

Question 42

Does NTFS provide file system security? A. Yes B. No

Answer 42

Does NTFS provide file system security? A. Yes (Answer) B. No Explanation NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

Question 43

Which of the following statements about the SHA (Security Hash Algorithm) are true? Choose two. A. SHA is a security hash algorithm that is used with encryption protocols B. Its latest version is SHA-1 C. None

Answer 43

Which of the following statements about the SHA (Security Hash Algorithm) are true? Choose two. A. SHA is a security hash algorithm that is used with encryption protocols (Missed) B. Its latest version is SHA-1 (Missed) C. None Explanation SHA is a security hash algorithm that is used with encryption protocols. Its latest version is SHA-1

Question 44

To prevent internal Web servers from being accessed you must block TCP port 20. T/F? A. True B. False

Answer 44

To prevent internal Web servers from being accessed you must block TCP port 20. T/F? A. True B. False (Answer) Explanation The port number 443 must also be blocked.

Question 45

Authorized update is one way of securing DNS serer. T/F? A. True B. False

Answer 45

Authorized update is one way of securing DNS serer. T/F? A. True (Answer) B. False Explanation Authorizing the sender of the update and then checking for verification purpose is one way of securing the DNS server database and service availability.

Question 46

Which of the following is an ideal practice to ensure network resources safety? Choose three. A. Rename guest accounts B. Rename administrator accounts. C. Ensure there is just one administrator account present. D. Ensure the administrator account does not have a blank password E. None of the above

Answer 46

Which of the following is an ideal practice to ensure network resources safety? Choose three. A. Rename guest accounts (Missed) B. Rename administrator accounts. (Missed) C. Ensure there is just one administrator account present. D. Ensure the administrator account does not have a blank password (Missed) E. None of the above Explanation It is not wise to have just one administrator account in case that administrator gets locked out. It is always safe to rename guest and administrator accounts renamed. Administrator passwords must be difficult to guess and should not be blank.

Question 47

Which of the following is true about providing security to database servers? Choose two. A. Do not host a database server on the same server as your web server. B. Do not host a database server on a server based system C. Employ a three-tier model D. Employ a centralized administration model.

Answer 47

Which of the following is true about providing security to database servers? Choose two. A. Do not host a database server on the same server as your web server. (Missed) B. Do not host a database server on a server based system C. Employ a three-tier model (Missed) D. Employ a centralized administration model. Explanation It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.

Question 48

If you wish to allow the external users access your Web server you must block port number 110. T/F? A. True B. False

Answer 48

If you wish to allow the external users access your Web server you must block port number 110. T/F? A. True B. False (Answer) Explanation If you wish to allow the external users access your Web server you must unblock port number 80.

Question 49

Which of the following can secure your internal server best- against external attacks? Choose all that apply. A. Perform OS hardening by blocking all access to this server B. Perform OS hardening by verify and terminating all un used service C. Regularly check for unused usernames and disable or delete them. D. Ensure you are running a vulnerability check on this server at regular intervals.

Answer 49

Which of the following can secure your internal server best- against external attacks? Choose all that apply. A. Perform OS hardening by blocking all access to this server B. Perform OS hardening by verify and terminating all un used service (Missed) C. Regularly check for unused usernames and disable or delete them. (Missed) D. Ensure you are running a vulnerability check on this server at regular intervals. (Missed) Explanation The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server- no unused user names are existing in the user database- all vulnerabilities are being verified and monitored at required intervals.

Question 50

If you have implemented a DHCP in your network and you would wish to secure this service so that no external user will be able to become a DHCP client- which of the following would you ensure? A. Block port numbers 20 and 21 on the external interface for incoming connections B. Block port numbers 20 and 21 on the internal interface. C. Block port numbers 67 and 68 on the external interface for incoming connections D. Block port numbers 67 and 68 on the internal interface

Answer 50

If you have implemented a DHCP in your network and you would wish to secure this service so that no external user will be able to become a DHCP client- which of the following would you ensure? A. Block port numbers 20 and 21 on the external interface for incoming connections B. Block port numbers 20 and 21 on the internal interface. C. Block port numbers 67 and 68 on the external interface for incoming connections (Answer) D. Block port numbers 67 and 68 on the internal interface Explanation Blocking port numbers 67 and 68 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the internal DHCP service.

Question 51

When faced with an outgoing packet- which of the following header components would a firewall look at first? A. Protocol information B. Source address C. Destination address D. No of bytes in the header

Answer 51

When faced with an outgoing packet- which of the following header components would a firewall look at first? A. Protocol information B. Source address C. Destination address (Answer) D. No of bytes in the header Explanation The firewall will first look at the destination address.

Question 52

Which of the following firewall policies is most restrictive? A. Any any B. Deny all C. Permit all D. None of the above

Answer 52

Which of the following firewall policies is most restrictive? A. Any any B. Deny all (Answer) C. Permit all D. None of the above Explanation The ?deny all? is the most restrictive statement that is implicitly defined in the fireall when no other statement is configured. This will get applied to all packets that do not match with the criteria mentioned in the list above the ?deny all? statement.

Question 53

Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F? A. True B. False

Answer 53

Stateful inspection firewall will operate on all the 7 layers of the OSI reference model. T/F? A. True B. False (Answer) Explanation Stateful Inspection firewall will not operate on all the & layers of OSI reference mode.

Question 54

Which of the following will relates to how the external world can access the internal network resources? A. Network policy B. Firewall policy C. Access policy D. None of the above

Answer 54

Which of the following will relates to how the external world can access the internal network resources? A. Network policy B. Firewall policy C. Access policy (Answer) D. None of the above Explanation The access policy or the Service access policy will dictate to what extend the external users can access internal network resources or which of the internal resources will be totally inaccessible to the outside world.

Question 55

Which of the following about the Stateful inspection firewall is true? Choose two. A. It maintains a state table B. It maintains a routing table C. It functions on the network layer D. It functions on the application layer.

Answer 55

Which of the following about the Stateful inspection firewall is true? Choose two. A. It maintains a state table (Missed) B. It maintains a routing table C. It functions on the network layer (Missed) D. It functions on the application layer. Explanation The Stateful inspection firewall- monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.

Question 56

Which of the following are capable of functioning as a Firewall? Choose two A. Proxy B. Router C. PC D. Switch

Answer 56

Which of the following are capable of functioning as a Firewall? Choose two A. Proxy (Missed) B. Router (Missed) C. PC D. Switch Explanation Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.

Question 57

If you wish to block FTP access to your Web server- which of the following Firewall types should you consider? A. Stateful Inspection B. Port filtering C. Packet filtering D. Application filtering

Answer 57

If you wish to block FTP access to your Web server- which of the following Firewall types should you consider? A. Stateful Inspection B. Port filtering C. Packet filtering (Answer) D. Application filtering Explanation Stateful inspection is a type of filtering used when complex security is required and header information of packets will have to be read to perform filtering. In the above mentioned scenario- you just need filtering based on port numbers. This type of filtering is done in packet filtering firewall types. Port filtering is a function and not a firewall type. Application filtering is irrelevant.

Question 58

Which of the following communications use the 2.4 GHz frequency? Choose three. A. The microwave operates B. Blue-tooth C. Wireless

Answer 58

Which of the following communications use the 2.4 GHz frequency? Choose three. A. The microwave operates (Missed) B. Blue-tooth (Missed) C. Wireless (Missed) Explanation The microwave operates on the 2.4 GHz range- which is why is it is necessary to place the Wireless 802.11b and g devices slightly apart from Microwave device when used in homes. Blue-tooth as well as Wireless 802.11b and g devices operate on 2.4 GHz frequency.

Question 59

To which layer do the following communicating devices belong? Switch- Ethernet Card. A. Physical layer B. Datalink layer C. Network Layer D. None of the above

Answer 59

To which layer do the following communicating devices belong? Switch- Ethernet Card. A. Physical layer B. Datalink layer (Answer) C. Network Layer D. None of the above Explanation The mentioned devices? purpose is media access. Media access is the responsibility of Layer 2 or the data link layer. Hence the devices belong to data link layer.

Question 60

Which of the following statements about a Modem are true? Choose two. A. It steps us AC voltage B. It steps down DC voltage C. It modulates and demodulates signals for the Computer and the telephone line. D. It converts Analog signals to digital and vice versa.

Answer 60

Which of the following statements about a Modem are true? Choose two. A. It steps us AC voltage B. It steps down DC voltage C. It modulates and demodulates signals for the Computer and the telephone line. (Missed) D. It converts Analog signals to digital and vice versa. (Missed) Explanation As the name suggests the modem mainly modulates and demodulates signals. Seated (logically) between the telephone line and the PC- it is responsible for converting the analog signals of the telephone to the digital signals required by the PC and vice versa.

Question 61

Which of the following statements regarding Infrared communication is true? Choose three. A. It requires line of sight B. It requires the same radio frequency at the transmitting and receiving end. C. It is least secure. D. Interception is possible if the tapping devices is also in the line of sight E. Interception is possible if the tapping device is also tuned to the same radio frequency as the main communicating devices.

Answer 61

Which of the following statements regarding Infrared communication is true? Choose three. A. It requires line of sight (Missed) B. It requires the same radio frequency at the transmitting and receiving end. C. It is least secure. (Missed) D. Interception is possible if the tapping devices is also in the line of sight (Missed) E. Interception is possible if the tapping device is also tuned to the same radio frequency as the main communicating devices. Explanation Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.

Question 62

Which of the following port numbers is used by SMTP? A. 25 B. 26 C. 27

Answer 62

Which of the following port numbers is used by SMTP? A. 25 (Answer) B. 26 C. 27 Explanation SMTP service uses port number 25.

Question 63

Which of the following statements about an email server is/are true? Choose only answer(s) that apply A. Verifies if destination domain is self or not before transmitting a mail B. Verifies if recipient is from local domain or not before receiving an email C. Verifies if email is infected or not D. None of the above

Answer 63

Which of the following statements about an email server is/are true? Choose only answer(s) that apply A. Verifies if destination domain is self or not before transmitting a mail (Missed) B. Verifies if recipient is from local domain or not before receiving an email C. Verifies if email is infected or not (Missed) D. None of the above Explanation Before transmitting any email- the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.

Question 64

When configuring antivirus for email- which of the following configurations must be applied? Choose two. A. Scan before downloading B. Scan before sending C. Scan before opening D. Scan after receiving

Answer 64

When configuring antivirus for email- which of the following configurations must be applied? Choose two. A. Scan before downloading (Missed) B. Scan before sending (Missed) C. Scan before opening D. Scan after receiving Explanation Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.

Question 65

Which of the following virus types can be transmitted via email? Choose two most common types that apply. A. Worms B. Trojan horse C. Boot Record virus D. EXE file virus

Answer 65

Which of the following virus types can be transmitted via email? Choose two most common types that apply. A. Worms (Missed) B. Trojan horse (Missed) C. Boot Record virus D. EXE file virus Explanation Usually email attachments are documents- pictures or zip files. EXE files are usually too large to be sent as mail attachments hence EXE file virus is not appropriate. Boot record virus is deposited into a system through floppy media and not via email.

Question 66

L2TP can work over which of the following networks? Choose all appropriate answers. A. IP B. IPX C. SNA D. None of the above

Answer 66

L2TP can work over which of the following networks? Choose all appropriate answers. A. IP (Missed) B. IPX (Missed) C. SNA (Missed) D. None of the above Explanation L2TP (Layer 2 Tunneling Protocol) was created by Cisco as well as Microsoft. It is meant to function over IP- IPX and SNA networks.

Question 67

Which of the following will be compulsory tasks to run on Web servers of your network? Choose two. A. There are web sites that keep updating vulnerability information for different platforms. B. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. C. update virus definition files regularly. D. None

Answer 67

Which of the following will be compulsory tasks to run on Web servers of your network? Choose two. A. There are web sites that keep updating vulnerability information for different platforms. (Missed) B. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. (Missed) C. update virus definition files regularly. (Missed) D. None Explanation There are web sites that keep updating vulnerability information for different platforms. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. Another mandatory task is to update virus definition files regularly.

Question 68

Which of the following would help with dedicated authentication to dial-in clients? A. TACACS (Terminal Access Controller Access Control System) B. RADIUS C. IAS (Internet Authentication Server)

Answer 68

Which of the following would help with dedicated authentication to dial-in clients? A. TACACS (Terminal Access Controller Access Control System) (Missed) B. RADIUS (Missed) C. IAS (Internet Authentication Server) Explanation TACACS (Terminal Access Controller Access Control System)- RADIUS are both dedicated authenticating services for dial in users. IAS (Internet Authentication Server) is not ideally meant for this purpose.

Question 69

You are configuring a VPN whose tunnel passes through the public network. You are concerned for the security as your VPN may be connecting across the globe to several networks operating on different platforms. Which of the following would be ideal to secure your VPN? Choose the best answer. A. PPTP B. IPSec C. Kerberos D. Certificate

Answer 69

You are configuring a VPN whose tunnel passes through the public network. You are concerned for the security as your VPN may be connecting across the globe to several networks operating on different platforms. Which of the following would be ideal to secure your VPN? Choose the best answer. A. PPTP B. IPSec (Answer) C. Kerberos D. Certificate (Your Answer) Explanation Since the only protocol that supports cross platform communication is IP- the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.

Question 70

When a remote user is dialing-in to the network- which of the following servers would be challenging his request for authentication first? A. RADIUS server would be challenging the users request first- the rest of the servers on the network B. RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user C. None

Answer 70

When a remote user is dialing-in to the network- which of the following servers would be challenging his request for authentication first? A. RADIUS server would be challenging the users request first- the rest of the servers on the network (Missed) B. RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user (Missed) C. None Explanation In the mentioned scenario- the RADIUS server would be challenging the users request first- the rest of the servers on the network- would then verify with this RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user.

Question 71

Which of the following protocols could a VPN make use of? Choose two. A. PPTP B. L2TP C. HTTP D. NNTP

Answer 71

Which of the following protocols could a VPN make use of? Choose two. A. PPTP (Missed) B. L2TP (Missed) C. HTTP D. NNTP Explanation A VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.

Question 72

Which of the following is the most popular protocol that is used in dial-up connections? A. SLIP B. PPTP C. POP3 D. PPP

Answer 72

Which of the following is the most popular protocol that is used in dial-up connections? A. SLIP B. PPTP C. POP3 D. PPP (Answer) Explanation SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.

Question 73

To transfer mails between email servers of different domains you would require POP3 service. T/F? A. True B. False

Answer 73

To transfer mails between email servers of different domains you would require POP3 service. T/F? A. True B. False (Answer) Explanation To transfer mails between email servers of different domains you would require SMTP service.

Question 74

Which of the following protocols help to gain MAC address of a PC on the network? A. ARP B. FTP C. TFTP D. DHCP

Answer 74

Which of the following protocols help to gain MAC address of a PC on the network? A. ARP (Answer) B. FTP C. TFTP D. DHCP Explanation Address Resolution Protocol (ARP) of the IP protocol suite is responsible for obtaining MAC address of the PC whose IP address is available for communication.

Question 75

You are planning on hosting an eCommerce Web server. You are intent on making the server secure against all external attacks possible. Which of the following would be the best way to test your server for its weaknesses? Choose the best answer. A. Ping to the server B. Simulate a DDoS attack on that server C. Simulate a DoS attack on the server D. Check if all the patches and required antivirus software has been loaded o the server.

Answer 75

You are planning on hosting an eCommerce Web server. You are intent on making the server secure against all external attacks possible. Which of the following would be the best way to test your server for its weaknesses? Choose the best answer. A. Ping to the server B. Simulate a DDoS attack on that server (Answer) C. Simulate a DoS attack on the server D. Check if all the patches and required antivirus software has been loaded o the server. Explanation Ping the server will only ensure if the connectivity is proper. Simulating a DoS attack could only test for a very few vulnerabilities on the server. DDoS (Distributed DoS) would test for more vulnerabilities on the server than the DoS would. Checking for patches and antivirus is just a precaution. It is not a process of testing for vulnerabilities.

Question 76

Which of the following can be termed as the Denial of Service Attack? A. A computer on your network has crashed B. Your router is unable to find a destination outside of your network C. Your Web server has gone into a loop trying to service a client request. D. You keyboard is no longer responding.

Answer 76

Which of the following can be termed as the Denial of Service Attack? A. A computer on your network has crashed B. Your router is unable to find a destination outside of your network C. Your Web server has gone into a loop trying to service a client request. (Answer) D. You keyboard is no longer responding. Explanation DoS is a way of engaging a Web Server continuously in one specific task by outing it on a loop and ensuring it is unable to respond to any further requests.

Question 77

Which of the following is a Wireless LAN susceptible to? A. Loss of signal strength B. Eavesdropping C. Blackout D. EMI

Answer 77

Which of the following is a Wireless LAN susceptible to? A. Loss of signal strength B. Eavesdropping (Answer) C. Blackout D. EMI Explanation Wireless LANs are most susceptible to eavesdropping as the media here is dependent on frequency for transmission and reception. This makes the media very susceptible to overhearing or eavesdropping as well.

Question 78

Which of the following services when placed on the edge of the newtork- will provide security to the entire network? A. Firewall B. Router C. Antivirus D. None of the above

Answer 78

Which of the following services when placed on the edge of the newtork- will provide security to the entire network? A. Firewall (Answer) B. Router C. Antivirus D. None of the above Explanation Router is a gateway and antivirus resides on all systems. Firewall is meant to safe guard the network from external attacks.

Question 79

If you were implementing an Enterprise network that require remote users connecting to the Intranet- which of the following services would be most important? A. DNS B. DHCP C. RAS D. None of the above

Answer 79

If you were implementing an Enterprise network that require remote users connecting to the Intranet- which of the following services would be most important? A. DNS B. DHCP (Answer) C. RAS D. None of the above Explanation It is imperative that remote users be assigned a separate block of IP addresses for the purpose of connecting to the company Intranet. This is inline with security for the network. This dynamic allocation will be possible only with the help of DHCP service.

Question 80

RADIUS is abbreviation for Remote Access Data Inspection User Service. T/F? A. True B. False

Answer 80

RADIUS is abbreviation for Remote Access Data Inspection User Service. T/F? A. True B. False (Answer) Explanation RADIUS is abbreviation for Remote Access Dial In User Service.

Question 81

If you had to implement a foolproof method of establishing User ID in your organization- which of the following would you choose? Choose the best answer. A. Smart Card B. Username/Password C. Biometric D. Credit Card

Answer 81

If you had to implement a foolproof method of establishing User ID in your organization- which of the following would you choose? Choose the best answer. A. Smart Card B. Username/Password C. Biometric (Answer) D. Credit Card Explanation Biometric will authenticate or establish User ID depending on the physical attribute of the user. For ex: Finger print- hand scan or retina scan. Since these physical attributes are always physically attached to the person- there is no fear of any of these being lost or reaching wrong hands. Hence Biometric is the most secure form of authentication.

Question 82

Which of the following are an advantage and a disadvantage with clear text authentication? A. Advantage is that it is easy to remember passwords B. Advantage is that it is easy to implement C. Disadvantage is that it is difficult to implement D. Disadvantage is that it is not secure

Answer 82

Which of the following are an advantage and a disadvantage with clear text authentication? A. Advantage is that it is easy to remember passwords B. Advantage is that it is easy to implement (Missed) C. Disadvantage is that it is difficult to implement D. Disadvantage is that it is not secure (Missed) Explanation Clear text authentication is very simple and easy to implement and verify. But a network that has implemented clear text security is not very secure as it is very easy to decipher clear text passwords.

Question 83

To allow access to a campus you would use Kerberos. T/F? A. True B. False

Answer 83

To allow access to a campus you would use Kerberos. T/F? A. True B. False (Answer) Explanation To allow access to a campus you would use smart cards.

Question 84

Which of the following does the Biometrics use to establish user identity? Choose two A. Finger prints B. Retinal scan C. Some times the DNA structure too to establish user Id

Answer 84

Which of the following does the Biometrics use to establish user identity? Choose two A. Finger prints (Missed) B. Retinal scan (Missed) C. Some times the DNA structure too to establish user Id (Missed) Explanation The Biometrics uses finger prints- retinal scan and some times the DNA structure too to establish user Id.

Question 85

Which of the following are key components in the Kerberos system? Choose two. A. The Kerberos system requires a Key Distribution Center (KDC) which is responsible for authenticating any network user- Computer or Service. B. None

Answer 85

Which of the following are key components in the Kerberos system? Choose two. A. The Kerberos system requires a Key Distribution Center (KDC) which is responsible for authenticating any network user- Computer or Service. (Answer) B. None Explanation The Kerberos system requires a Key Distribution Center (KDC) which is responsible for authenticating any network user- Computer or Service. Depending on whether the authentication fails or succeeds the ticket will be granted to the end user- Computer or Service.

Question 86

Which of the following is true about a token system? Choose all that apply. A. A token is generated when a user has been successfully authenticated B. This token is attached to the users session and will be destroyed once the session is terminated C. This token is attached to the users session and will be destroyed after the user has logged out

Answer 86

Which of the following is true about a token system? Choose all that apply. A. A token is generated when a user has been successfully authenticated (Missed) B. This token is attached to the users session and will be destroyed once the session is terminated (Missed) C. This token is attached to the users session and will be destroyed after the user has logged out (Missed) Explanation A token is generated when a user has been successfully authenticated. This token is attached to the users? session and will be destroyed once the session is terminated or after the user has logged out. This token will contain user access permission assigned on the network resources for that user.

Question 87

Which of the following does NOT happen during a CHAP authentication? Choose all that apply A. The server issues password to any body requesting for it. B. The server poses the challenge for the password request. C. The server requests for the password. D. The server expects a clear text password initially.

Answer 87

Which of the following does NOT happen during a CHAP authentication? Choose all that apply A. The server issues password to any body requesting for it. (Missed) B. The server poses the challenge for the password request. C. The server requests for the password. (Missed) D. The server expects a clear text password initially. (Missed) Explanation Whenever a user requests login- the Server poses a challenge and then the user provides the requested password and then the server will decide based on the credentials if it should authorize the user or not. This is what is referred to as three-way handshake.

Question 88

Certificates are best used in which of the following scenarios? Choose all that apply. A. LAN authentication B. Accessing Web sites C. Dial-Up connections D. Intranet login

Answer 88

Certificates are best used in which of the following scenarios? Choose all that apply. A. LAN authentication B. Accessing Web sites (Missed) C. Dial-Up connections D. Intranet login (Missed) Explanation LAN login will be secure if the network policies in the organization follow book rules. It will not require certificates. Certificates are best used during WAN access. For ex: when using web sites that require you to provide confidential information about yourself- or when you are logging in to the Intranet- from an unknown location. The Dial-up connection in itself does not require any authentication except with the service provider.

Question 89

Which of the following statements relating to the MAC model is true? Choose two. A. MAC uses static mapping or predefined access privileges B. MAC cannot allow dynamic sharing of resources C. MAC uses ACL to assign privileges D. MAC allows dynamic sharing of resources

Answer 89

Which of the following statements relating to the MAC model is true? Choose two. A. MAC uses static mapping or predefined access privileges (Missed) B. MAC cannot allow dynamic sharing of resources (Missed) C. MAC uses ACL to assign privileges D. MAC allows dynamic sharing of resources Explanation MAC uses a static or predefined set of access privileges and hence cannot allow dynamic sharing of resources.

Question 90

While assigning access privilege using the DAC- which of the following will you be needing? A. User database B. Access Control list C. Resource list D. None of the above

Answer 90

While assigning access privilege using the DAC- which of the following will you be needing? A. User database B. Access Control list (Answer) C. Resource list D. None of the above Explanation The information of mapping users to their permissions for resource access would be available in the ACL.

Question 91

You are the system administrator for your organization. You are responsible for access privilege for which of the following control systems? A. Mandatory Access Control B. Discretionary Access Control C. Role Based Access Control D. Any of the above

Answer 91

You are the system administrator for your organization. You are responsible for access privilege for which of the following control systems? A. Mandatory Access Control (Answer) B. Discretionary Access Control C. Role Based Access Control D. Any of the above Explanation System administrator is responsible for access control in the MAC model. The owner of the organization will be responsible for DAC. The RBAC is dependent on the role played by the user in the organization.

Question 92

Which of the following processes will allow you to ascertain organizational assets? A. Auditing B. Monitoring C. Troubleshooting D. None of the above

Answer 92

Which of the following processes will allow you to ascertain organizational assets? A. Auditing (Answer) B. Monitoring C. Troubleshooting D. None of the above Explanation Auditing is an accounting process where in the organization assets and deficits will be accounted for.

Question 93

Which of the following vulnerabilities could be a common error on the servers? A. Virus database not being updated as per schedule B. Forgetting to restart the server C. Installing an incorrect version of an application D. None of the above

Answer 93

Which of the following vulnerabilities could be a common error on the servers? A. Virus database not being updated as per schedule (Answer) B. Forgetting to restart the server C. Installing an incorrect version of an application D. None of the above Explanation Virus database not being updated as per schedule could be a common but serious error on the servers that gives rise to vulnerabilities.

Question 94

Which of the following is necessary when analyzing threats? A. View the data in the history to analyze the pattern and frequency of an occurrence B. Analyze if the threat is external or internal C. Isolate people in the organization from whom you fear a threat D. None of the above

Answer 94

Which of the following is necessary when analyzing threats? A. View the data in the history to analyze the pattern and frequency of an occurrence (Answer) B. Analyze if the threat is external or internal C. Isolate people in the organization from whom you fear a threat D. None of the above Explanation View the data in the history and study any visible occurrences to analyze the pattern and frequency of its occurrence. This will allow you to be better prepared for risk management.

Question 95

Which of the following is necessary when analyzing threats? A. View the data in the history to analyze the pattern and frequency of an occurrence B. Analyze if the threat is external or internal C. Isolate people in the organization from whom you fear a threat D. None of the above

Answer 95

Which of the following is necessary when analyzing threats? A. View the data in the history to analyze the pattern and frequency of an occurrence (Answer) B. Analyze if the threat is external or internal C. Isolate people in the organization from whom you fear a threat D. None of the above Explanation View the data in the history and study any visible occurrences to analyze the pattern and frequency of its occurrence. This will allow you to be better prepared for risk management.

Question 96

Which of the following is the best way to ensure that contact employees no longer use the network resources once their contract with the organization is over? Choose two A. Ensure you create a separate group for contractors. B. Ensure that you disable the account of the contractor who has completed contract C. Ensure you assign permissions to individual contractor each time D. Ensure you monitor the logged in users to forcibly logout a contract employee who has completed contract.

Answer 96

Which of the following is the best way to ensure that contact employees no longer use the network resources once their contract with the organization is over? Choose two A. Ensure you create a separate group for contractors. (Missed) B. Ensure that you disable the account of the contractor who has completed contract (Missed) C. Ensure you assign permissions to individual contractor each time D. Ensure you monitor the logged in users to forcibly logout a contract employee who has completed contract. Explanation A separate group for contract employees will be a good idea as they are all similar in nature of role and will require similar access to the network. Disabling an account of the contractor who has completed contract is a must as he will no longer be able to login.

Question 97

Which of the following is an essential configuration for email messages? A. Content sensitivity action B. Sender specific action C. Receipt date specific action D. None of the above

Answer 97

Which of the following is an essential configuration for email messages? A. Content sensitivity action (Answer) B. Sender specific action C. Receipt date specific action D. None of the above Explanation Content specific action will ensure that you can discard the mail that is containing sensitive or prohibited data.

Question 98

It is ideal that a network supports a specific encryption standard only. T/F? A. True B. False

Answer 98

It is ideal that a network supports a specific encryption standard only. T/F? A. True B. False (Answer) Explanation Supporting only a specific encryption standard will make that network a closed network and will make it impossible to communicate with networks that follow flexibility in encryption.

Question 99

It is ideal for any organization to employ an encryption scheme that can address its entire organizations data security either stores or transmitted. T/F? A. True B. False

Answer 99

It is ideal for any organization to employ an encryption scheme that can address its entire organizations data security either stores or transmitted. T/F? A. True B. False (Answer) Explanation No one encryption scheme can handle the security required by an entire organization. It will usually be a combination of two or more.

Question 100

refers to the idea that information should only be accessible to its intended recipients and those authorized to receive the information. All other parties should not be able to access the information.

Answer 100

Confidentiality

Question 101

is the concept that information should remain in the same form as it was originally intended (i.e. not maliciously changed);

Answer 101

Integrity

Question 102

refers to the idea that information should be accessible (think Denial of Service)

Answer 102

Availability

Question 103

refers to the ability to protect the confidentiality of information through controlling a user’s access to that information

Answer 103

Access Control

Question 104

refers to the idea that a user should be accountable to actions performed under his/her name.

Answer 104

Accountability

Question 105

is the idea that a user should not be able to repudiate that he/she is responsible for something (for example- a file may say to have been edited by John- but how do we know John actually edited it?)

Answer 105

Non-repudiation

Question 106

Client sends login information to KDC (Key Distribution Center)- which verifies a client’s credentials and sends a request to TGS (Ticket Granting Server). The TGS sends a TGT (Ticket Granting Ticket) to the client.

Answer 106

Kerberos

Question 107

Sending TCP packets to deny availability

Answer 107

SYN Flood

Question 108

Sending ICMP (usually ping) packets to deny availability

Answer 108

ICMP Flood

Question 109

Sending UDP packets to deny availability

Answer 109

UDP Flood

Question 110

A special ICMP Flood attack that broadcasts ICMP requests

Answer 110

Smurf

Question 111

Sending a malformed packet that overflows a memory address to deny availability and possibly gain privileges (destroy confidentiality/integrity)

Answer 111

Buffer Overflow

Question 112

Gain access through a secret program (Trojan horse)

Answer 112

Backdoor

Question 113

Read information off the network

Answer 113

Sniffing

Question 114

Hiding or disguising an address to make it appear that the requests come from another source

Answer 114

Spoofing

Question 115

Intercepting packets and changing the contents (denies confidentiality and integrity)

Answer 115

Man-in-the-Middle

Question 116

Session key sniffed and then used

Answer 116

Replay

Question 117

Probability-based

Answer 117

Birthday attack

Question 118

Low-tech attack on people who don’t understand security

Answer 118

Social engineering

Question 119

Propagates through user action (usually email)

Answer 119

Virus

Question 120

Self-propagating and uses exploits

Answer 120

Worm

Question 121

Fuel: Common organic combustibles: Suppression Tech: Water

Answer 121

Fire Class: A

Question 122

Fuel: Fuels: Suppression Tech: Carbon dioxide- soda acid- Halon

Answer 122

Fire Class: B

Question 123

Fuel: Electrical fires: Suppression Tech: Carbon dioxide- Halon

Answer 123

Fire Class: C

Question 124

Fuel: Chemical: Suppression Tech: Halon- specialized agents

Answer 124

Fire Class: D

Question 125

Remote Access Technologies : PPP is RAS or VPN?

Answer 125

RAS

Question 126

Remote Access Technologies : RADIUS is RAS or VPN?

Answer 126

RAS

Question 127

Remote Access Technologies : TACACS is RAS or VPN?

Answer 127

RAS

Question 128

Remote Access Technologies : TACACS+ is RAS or VPN?

Answer 128

RAS

Question 129

Remote Access Technologies : PPTP is RAS or VPN?

Answer 129

VPN

Question 130

Remote Access Technologies : L2F is RAS or VPN?

Answer 130

VPN

Question 131

Remote Access Technologies : L2TP is RAS or VPN?

Answer 131

VPN

Question 132

Remote Access Technologies : IPSec is RAS or VPN?

Answer 132

VPN

Question 133

Remote Access Technologies : PPP uses what protocal?

Answer 133

TCP/IP

Question 134

Remote Access Technologies : RADIUS uses what protocal?

Answer 134

UDP

Question 135

Remote Access Technologies : TACACS uses what protocal?

Answer 135

UDP

Question 136

Remote Access Technologies : TACACS+ uses what protocal?

Answer 136

TCP

Question 137

Remote Access Technologies : PPTP uses what protocal?

Answer 137

Layer 2

Question 138

Remote Access Technologies : L2F uses what protocal?

Answer 138

Layer 2

Question 139

Remote Access Technologies : L2TP uses what protocal?

Answer 139

Layer 2

Question 140

Remote Access Technologies : IPSec uses what protocal?

Answer 140

Layer 3

Question 141

DES is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 141

Symmetric

Question 142

3DES is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 142

Symmetric

Question 143

AES is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 143

Symmetric

Question 144

RC5 is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 144

Symmetric

Question 145

RSA is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 145

Asymmetric

Question 146

Diffie-Hellman is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 146

Asymmetric

Question 147

El Gamal is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 147

Asymmetric

Question 148

MD5 is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 148

Hash (Digest)

Question 149

SHA-1 is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 149

Hash

Question 150

HMAC is what type of algorithm? Symetric- Asymmetric or Hash?

Answer 150

Hash

Question 151

DES is what size?

Answer 151

64 bit (56 + 8 parity)

Question 152

3DES is what size?

Answer 152

192 bit (168 bit + 24 parity)

Question 153

AES is what size?

Answer 153

Variable (128- 192- 256)

Question 154

RC5 is what size?

Answer 154

Variable (up to 2048)

Question 155

MD5 is what size?

Answer 155

512 bit block processing/ 128 bit digest

Question 156

SHA-1 is what size?

Answer 156

512-bit processing/160 bit digest

Question 157

HMAC is what size?

Answer 157

Variable

Question 158

DES uses what algorithms?

Answer 158

Block cipher

Question 159

3DES uses what algorithms?

Answer 159

Block cipher

Question 160

AES uses what algorithms?

Answer 160

Rijndael Block cipher

Question 161

RC5 uses what algorithms?

Answer 161

RSA Block mode cipher

Question 162

RSA uses what algorithms?

Answer 162

Key transport

Question 163

Diffie-Hellman uses what algorithms?

Answer 163

Key exchange

Question 164

El Gamal uses what algorithms?

Answer 164

Key exchange

Question 165

MD5 uses what algorithms?

Answer 165

Rivest MD5 Block Hash

Question 166

SHA-1 uses what algorithms?

Answer 166

Rivest SHA Hash

Question 167

HMAC uses what algorithms?

Answer 167

Keyed Digest

Question 168

are more scalable and easier to manage than symmetric or secret key algorithms- but they require more overhead and are slower

Answer 168

Public-key or asymmetric algorithms

Question 169

refers to the idea that packets are encrypted at the source and decrypted at the destination

Answer 169

End-to-End encryption

Question 170

is a symmetric algorithm based on Rijndael Block Cipher

Answer 170

AES

Question 171

algorithms include: DES- 3DES- AES- IDEA

Answer 171

Symmetric

Question 172

algorithms include: Diffie-Hellman- RSA- El Gamal

Answer 172

Asymmetric

Question 173

do not allow for the decryption of cipher text

Answer 173

Hashes

Question 174

is the glass insulator in fiber optic cabling

Answer 174

Cladding

Question 175

cabling is said to be shielded against EMI- or electric interference

Answer 175

STP

Question 176

Maintains state information (connection-based)

Answer 176

Circuit-level gateway

Question 177

Examines each packet coming in for content

Answer 177

Application-level gateway

Question 178

Special application-level gateway that ensures no direct connection between an un-trusted and trusted network

Answer 178

Proxy server

Question 179

is the list that defines the rules that a packet filtering firewall follows

Answer 179

ACL

Question 180

One router between the trusted and un-trusted

Answer 180

Screening router

Question 181

A bastion host and router between trusted and un-trusted

Answer 181

Dual-homed gateway

Question 182

A bastion host that can examine traffic between trusted and un-trusted

Answer 182

Screened host gateway

Question 183

A bastion host (and DMZ zone) between two routers

Answer 183

Screened-subnet

Question 184

Finds and attempts to circumvent threats (more susceptible to attacks)

Answer 184

Active

Question 185

Finds threats and alerts administrator

Answer 185

Passive

Question 186

Operates as independent network node

Answer 186

Network-based

Question 187

Requires that special software be installed on each node

Answer 187

Host-based

Question 188

Works using signatures and known attacks

Answer 188

Knowledge-based

Question 189

Works by analyzing baseline v. real-time network traffic

Answer 189

Behavior-based

Question 190

refers to the behavior of SMTP servers that will send a message from any source (should be disabled)

Answer 190

Relaying

Question 191

fix security issues from vendors

Answer 191

Patches

Question 192

services allow access without authentication

Answer 192

Anonymous

Question 193

Technologies include PPP (widely used for dial-up TCP/IP access)- PPTP (tunneled PPP)- RADIUS (UDP-based)- TACACS+ (similar to radius- but TCP-based and Cisco proprietary)

Answer 193

Remote Access

Question 194

IPSec operates over ________ layer and has two protocols: AH and ESP

Answer 194

Network

Question 195

L2TP operates on the

Answer 195

Data-Link layer