Securitytest Flashcards
Lisa hid several plaintext documetns within an image file. Which security goal is she pursuing?
Stegangraphy
You are the security admin in your organization. You want to ensure that a file maintains integrity. Which of the following choices is the best choice to meet your goal? A. Steganography B. Encryption C. Hash D. AES
Hash
An e-commerce web site does not currently have an account recovery process for customers who have forgotten their passwords. Which of the following are the best items to include if web site designers add this process?
Create a web-based form that verifies customer identites using another method and Set temporary password that expires upon first use.
Your organization is planning to implement stronger authentication for remote access users. An updated security policy mandates the use of token based auth with a password that changes every 30 seconds. Which of the following choices best meets this requirement? A. CHAP B. Smart card C. HOTP D. TOTP
CHAP
Your oganization issues laptops to mobile users. Admins configured these laptops with full disk encryption, which requires users to enter a password when they first turn on the computer. After the operating system loads, users are required to log on with a username and password. Which of the following choices best describes this? A. Single-factor authentication B. Dual factor C. Multi factor D. SAML
Single factor authentication
A network includes a ticket granting ticket server used for authentication. What authentication services does this network use? A. TACACS+ B. SAML C. LDAP D. Kerberos
Kerberos
You are modifying a configuration file used to authenticate Unix accounts against an external server. The file includes phrases such as DC=Server1 and DC=com. Which authentication service is the external server using? A. Diameter B. RADIUS C. LDAP D. SAML
LDAP
Which of the following choices is an AAA protocal that uses shared secrets as a method of security? A. Kerberos B. SAML C. RADIUS D. MD5
RADIUS
Your organization wants to reduce the amount of money it is losing due to thefts. Which of the folliwng is the best example of an equipment theft deterrent? A. Remote Wiping B. Cable locks C. Strong passwors D. Disk Encryption
Cable locks
Management recent rewrote the organizations security policy to strengthen passwords created by users. It now states that passwords should support special characters. Which of the following choices is the best setting to help the organization achieve this goal?
Complexity
You have discovered that some users have been using the same passwords for months, even though the password policy requires users to change their password every 3o days. You want to ensure that users cannot resuse the same password. Which settings should you configure? Pick two, A. Maximum password age B. password length C. Password history D. Password complexity E. Minimum password age
A and C
A company recently hired you as a security admin. You notice that some former accounts used by temporary employees are currently enabled. Which of the following choices is the best response? A. Disable all the temporary accounts B. Disable the temporary accounts you noticed are enabled C. Craft a script to identify inactive accounts based on the last time they logged on. D. Set account expiration dates for all accounts when creating them
B
An organization supports remote access, allowing users to work from home. However, management wants to ensure that personnel cannot log on to systems from home during weekends and holidays. Which of the following best supports this goal? A. Least privilege B. Need to know C. Time of day restrictions D. Mandatory access control
C
You configure access control for users in your organization. Some departments have a high employee turnover, so you want to simply the account adminstration. Which of the following is the best choice? A. User assigned privileges B. Group based privileges C. Domain assigned privilges D. Network assigned privileges
B
You are configuring a file server used to share files and folders amonge employees within your organization. However, employees should not be able to access all the folders on this server. Which of the following choices is the best method to manaer security for these folders? A. Assign permissions to each user as needed B. Wait for users to request permission and then assign the appropriate permissions. C. Delegate authority to assign these permissions D. Use security groups with appropriate permissions
D
The Retirement Castle uses groups for ease of administration and management. They recently hired Jasper as their new accountant. Jasper needs access to all files and folders used by the accounting department. What should the admin do to give Jasper appropriate access?
LOOK UP
Your organization recently updated its security policy and indicated that Telnet should not be used within the network. Which of the following should be used instead of Telnet? A. SCP B. SFTP C. SSL D. SSH
D
One of your web servers was recently attached and you have been tasked with reviewing the firewall logs to see if you can determine how the attacker access the system remotely. You identified the following port numbers in the log entries: 21, 22, 25, 53, 80, 110, 443, AND 3389. Which of the following protocols did the attacker most likely use?
LOOKUP
Which of the following provides the largest address space? A. IPv4 B. IPv5 C. IPv6 D. IPv7
C
While analyzing a firewall log, you notice traffic going out of your netowrk on UDP port 53. What does this indicate? A. A connection with a botnet B. DNS traffic C. SMTP traffic D. SFTP traffic
B Dns traffic
A team of users in your organization needs a dedicated subnet. For security reasons, other users should not be able to connect to this subnet. Which of the following choices is the best solution?
D. Enable SNMP
An organization recently updated its security policy. A new equipment dictates a need to increase protection from rogue devices plugging into the physical ports. Which of the following choices provides the best solution?
C. Enable MAC limiting
What would administrators typically place at the end of an ACL of a firewall?
C. Password
Your organization wants to protect its web server from cross-site scripting attacks. Which of the following choices provides the best protection? A. WAF (Web app firewall) B. Network-based firewall C. Host-based firewall D. IDS
WAF - Web application firewall
Management recently learned that several employees are using the company network to visit gambling and gaming web sites. They want to implement a security control to prevent this in the future. Which of the following choices would meet this need? A. WAF B. UTM C. DMZ D. NIDS
UTM -unifed threat management device blocks url’s like a proxy server
Which of the following protocols operates on layer 7 of the OSI model? A. IPv6 B. TCP C. ARP D. SCP
SCP
Attackers frequently attack your organization, and admins want to learn more about zero-day attacks on the network. What can they use?
Honeypot
What type of encryption is used with WPA2 CCMP? A. AES B. TKIP C. RC4 D. SSL
AES
Admins in your company are planning to implement a wireless network. Mgmt has mandated that they use a RADIUS server and implement secure wireless authentication method. Which of the following should they use?
LEAP
Which of the following wirless security mechanisms is subject to a spoofing attack?
D. MAC address filtering
Which of the following is the best description of why disabling SSID broadcast is not an effective security measure against attackers? A. The network name is contained in wireless packets in plaintext. B. The passphrase is contained in wireless packets in plaintext C. The SSID is included in MAC filters D. The SSID is not used with WPA2
A.
You suspect that an executable file on a web server is malicious and includes a zero-day exploit. Which of the following steps can you take to verify your suspicious? A, Perform a code reivew B. Perform an architecture review C. Peform a design review D. Perform an O.S. baseline comparison
A. Perform a code review
Lisa has scanned all the user computers in the organization as part of a security audit. She is creating an inventory of these systems, including a list of applications running on each computer and the application versions. What is she most likely trying to identify? A. System architecture B. Application baseline C. Code vulnerabilities D, Attack surface
B. Application baseline
An updated security policy identifies authorized applications for company-issued mobile devices. Which of the following would prevent users from installing other applications on these devices? A.Geo-tagging B. Authentication C. ACL’s D. Whitelisting
ACL’s
Your company purchased new computers. A security professional has stressed all devices include TPM;s. What benefit does this provide? A. It uses hardward encryption, which is quicker than software encryption. B. It uses software encryption, which is faster than hardware. C. It includes an HSM file system D. It stores RSA keys
A and D
What functions does HSM include? A. Reduces risk of employees emailing confidential information outside the organizaton B. Provides webmail to clients C. Provides full drive encryption D. Generates and stores keys used with servers
D
Your orgnization has been receiving significant amout of spam with links to malicious websites. You want to stop the spam. Of the following choices, which provides the best solution?
C
Which of the following attacks will account lockout controls prevent choose two? A. DNS Poisoning B. Replay C. Brute force D. Buffer overflow E. Dictionary
C & E
A web developer wants to reduce the chances of an attacker successfully launching a XSRF attacks against web site applications. Which of the following provides the best chances? A. client-side input validation B. Web proxy C. Anti virus software D. Server-side input validation
D
A web developer is adding input validation techniques to a web site application. Which of the following should the developer implement during this process? A. Perform the validation on the server side B. Perform the validation on the client side C. Prevent boundary checks D. Encrypt data with TLS
A
An attacker is attempting to write more data into a web applications memory than it can handle. What type of attack is this? A. XSRF B. LDAP Injection C. Fuzzing D. Buffer overflow
D
During a penetration test, a tester injected extra input into an application causing the application to crash. What does this describe? A. SQL injection B. Fuzzing C. Transitive access D. XSRF
B
A security expert is attempting to identify the number of failures a web server has in a year. Which of the following is the expert MOST likely identifying? A. SLE B. MTTR C. ALE D. MTTF
C
A penetration tester is tasked with gaining informatin on one of your internal servers and he enters the following command: telnet server1 80 What is the purpose of this command?
A
A recent vulnerbility assessment identified several issues related to an organization’s security posture. Which of the following issuses is not MOST likely to affect the organization on a daty to day basis?
B
Which of the following tools would a security admin use to identify misconfigured systems within a network? A. Pentest B. Virus Scan C. Load test D. vulnerability scan
D Vulnerability scan
A security expert is running tests to identify the security posture of a network. Howerver, these test are not exploiting any weaknesses. Which of the following type of test is the security expert performing? A. Penetration test B. Virus scan C. Port scan D. Vulnerability scan
D. Vulnerability scan
Which of the following is the least invasive and can verify if security controls are in place? A. Pentest B. Protocol analyzer C. Vulnerability scan D. Host enumeration
C. Vulnerability scan
Your organzation develops web application software, which it sells to other companies for commerical use. To ensure the software is secure, your organization uses a peer assessment to help identify potential security issues related to the software. Which of the following is the best term for this process? A. Code review B. Change management C. Routine Audit D. Rights and permissions reviews
A. Code review
Your organization plans to deploy new systems within the network within the next six months. What should your organization implement to ensure these systems are developed properly? A. Code review B. design review C. baseline review D. attack surface review
B. design review
You need to periodically check the configuration of a server and identify any changes. What are you performing? A. Code review B. Design review C. Attack surface review D.Baseline review
D.Baseline review
Your organization hired an external security expert to test a web application. The security expert is not given any access to the application interfaces, code, or data. What type of test will the security expert perform? A. Black hat B. White box C. Gray box D. Black box
D. Black box
A security administrator needs to inspect protocal headers of traffic sent across the network. What tool is the best choice for t his task? A. web security gateway B. protocol analyzer C. honeypot D. vulnerability assessment
B. protocol analyzer
You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the best tool to capture and analyze this traffic? A. switch B. protocol analyzer C. firewall D. NIDS
B. protocol analyzer
Which of the following is the lowest cost solution for fault tolerance? A. Load balancing B. clustering C. RAID D. cold site
C. RAID
You need to modify the network infrastructure to increase availability of web-based applications for internet clients. Which of following choices provides the best solution? A. load balancing B. proxy server C. UTM D. content inspection
A. load balancing
A security analyst is creating a document that includes the expected monetary loss from a major outage. She is calculating the potential lost sales, fines, and impact on the organizations customers. Which of the following documents is she most likely creating? A. BCP B. BIA C. DRP D. RPO
B. BIA
Your organization is updating its business continunity documents. You’re asked to review the communications plans for possible updates. Which of the following should you ensure is included in the communications plan? A. a list of systems to recover in hierarchical order B. Incident response procedures C. list of critical systems and components D. methods used to respond to media requests, including templates
D. methods used to respond to media requests, including templates
What type of encryption does the RADIUS protocal use?
Symmetric
Your organization is planning to implement videoconferencing, but it wants to protect the confidentiality of the streaming video. Which of the following would best meet this need? A. PBKDF2 B. DES CMD5 D. RC4
D. RC4
An organization is implementing a PKI and plans on using public and private keys. Which of the following can be used to create strong key pairs? A. MD5 B. RSA C. AES D.HMAC
RSA
Your organization is investingating possible methods of sharing encryption keys over a public network. Which of the following is the best choice? A. CRL B. PBKDF2 C. Hashing D. ECDHE
D. Elliptic Curve Diffie-Hellman
You need to ensure data sent over an IP based netowrk remains confidential. Which of the following provides the BEST solution? A. stream ciphers B. block ciphers C. transport encryption D. hashing
C. transport encryption
Which two protocols provide strong security for the internet with the use of certificates? Choose two. A. SSH B. SSL C. SCP D. TLS E. SFTP
SSL & TLS
Homer works as a contractor at a company on a one year renewing contract. After renewing his contract the company gives him a new smart card. He is now having problems digitally signing email or opening encrypted email. What is most likely the solution? A. copy the original certificate to the new smart card B. copy his original private key to the new smart C. copy his original public key to the new smart card D. publish the certificate in his new smart card
D. publish the certificate in his new smart card can not copy certificates
An organization is implementing a data policy and wants to designate a recovery agent. Which of the following indicates what a recovery agent can do? A. a recovery agent can retrieve a users public key B. a recovery agent can decrypt data if users lose their private key C. a recovery agent can encrypt data if users lose thier private key D. a recovery agent can restore a system from backups
B. a recovery agent can decrypt data if users lose their private key
An organizational policy specifies that duties of application developers and administrators must be separated. What is the most likely result of implementing this policy? A. One group develops program code and the other group deploys the code B. One group develops program code and the other group modifies the code C. One group deploys program code and the other group administers the databases D. One group develops the databases and the other group modifies the databases
A. One group develops program code and the other group deploys the code
Application developers in your oganization currently update applications on live production servers when needed. However, they do not follow any pre-defined procedures before applying the updates. What should the organization implement to prevent any risk associated with this process?
Change management
Your organization wants to prevent damage from malware. Which stage of the common incident response procedures is the best stage to address this? A. Preparation B. Identification C. Mitigation D. Lessons learned
A. Preparation
You are reviewing incident response procedures related to the order of volatility. Which of the following is the Least volatile? A. Hard disk drive B. Memory C. RAID-6 cache D. CPU cache
A. Hard disk drive
A type of cloud computing that provides a location to centrally manage data, no local installation is required,and is used for common business functions such as payroll.
Software as a service (SaaS)
Google docs; Gmail are examples
What is the port number for SFTP (secure file transfer protocol)?
TCP 22 - transfers files securely
What port number does IMAP use? TCP OR UDP? Purpose?
TCP 143, internet message access protocol, retrieves & stores mail
What port number does SNMP use? TCP OR UDP? Purpose?
UDP 161, simple network management protocol, gathers statistics and manage network devices.
What port number does TFTP use & what protocol. Purpose?
UDP 69, trivial file transfer protocol, a very simple file transfer application
What port TCP OR UDP does Telnet use? Purpose?
TCP 23, telecommunications network, remote login to devices
Lisa hid several plaintext documetns within an image file. Which security goal is she pursuing?
Stegangraphy
You are the security admin in your organization. You want to ensure that a file maintains integrity. Which of the following choices is the best choice to meet your goal? A. Steganography B. Encryption C. Hash D. AES
Hash
An e-commerce web site does not currently have an account recovery process for customers who have forgotten their passwords. Which of the following are the best items to include if web site designers add this process?
Create a web-based form that verifies customer identites using another method and Set temporary password that expires upon first use.
Your organization is planning to implement stronger authentication for remote access users. An updated security policy mandates the use of token based auth with a password that changes every 30 seconds. Which of the following choices best meets this requirement? A. CHAP B. Smart card C. HOTP D. TOTP
CHAP
Your oganization issues laptops to mobile users. Admins configured these laptops with full disk encryption, which requires users to enter a password when they first turn on the computer. After the operating system loads, users are required to log on with a username and password. Which of the following choices best describes this? A. Single-factor authentication B. Dual factor C. Multi factor D. SAML
Single factor authentication
A network includes a ticket granting ticket server used for authentication. What authentication services does this network use? A. TACACS+ B. SAML C. LDAP D. Kerberos
Kerberos
You are modifying a configuration file used to authenticate Unix accounts against an external server. The file includes phrases such as DC=Server1 and DC=com. Which authentication service is the external server using? A. Diameter B. RADIUS C. LDAP D. SAML
LDAP
Which of the following choices is an AAA protocal that uses shared secrets as a method of security? A. Kerberos B. SAML C. RADIUS D. MD5
RADIUS
Your organization wants to reduce the amount of money it is losing due to thefts. Which of the folliwng is the best example of an equipment theft deterrent? A. Remote Wiping B. Cable locks C. Strong passwors D. Disk Encryption
Cable locks
Which of the following choices is an AAA protocal that uses shared secrets as a method of security? A. Kerberos B. SAML C. RADIUS D. MD5
Implement a physical security control
Management recent rewrote the organizations security policy to strengthen passwords created by users. It now states that passwords should support special characters. Which of the following choices is the best setting to help the organization achieve this goal?
Complexity
You have discovered that some users have been using the same passwords for months, even though the password policy requires users to change their password every 3o days. You want to ensure that users cannot resuse the same password. Which settings should you configure? Pick two, A. Maximum password age B. password length C. Password history D. Password complexity E. Minimum password age
A and C
A company recently hired you as a security admin. You notice that some former accounts used by temporary employees are currently enabled. Which of the following choices is the best response? A. Disable all the temporary accounts B. Disable the temporary accounts you noticed are enabled C. Craft a script to identify inactive accounts based on the last time they logged on. D. Set account expiration dates for all accounts when creating them
B
An organization supports remote access, allowing users to work from home. However, management wants to ensure that personnel cannot log on to systems from home during weekends and holidays. Which of the following best supports this goal? A. Least privilege B. Need to know C. Time of day restrictions D. Mandatory access control
C
You configure access control for users in your organization. Some departments have a high employee turnover, so you want to simply the account adminstration. Which of the following is the best choice? A. User assigned privileges B. Group based privileges C. Domain assigned privilges D. Network assigned privileges
B
You are configuring a file server used to share files and folders amonge employees within your organization. However, employees should not be able to access all the folders on this server. Which of the following choices is the best method to manaer security for these folders? A. Assign permissions to each user as needed B. Wait for users to request permission and then assign the appropriate permissions. C. Delegate authority to assign these permissions D. Use security groups with appropriate permissions
D
The Retirement Castle uses groups for ease of administration and management. They recently hired Jasper as their new accountant. Jasper needs access to all files and folders used by the accounting department. What should the admin do to give Jasper appropriate access?
A
Your organization recently updated its security policy and indicated that Telnet should not be used within the network. Which of the following should be used instead of Telnet? A. SCP B. SFTP C. SSL D. SSH
D
One of your web servers was recently attached and you have been tasked with reviewing the firewall logs to see if you can determine how the attacker access the system remotely. You identified the following port numbers in the log entries: 21, 22, 25, 53, 80, 110, 443, AND 3389. Which of the following protocols did the attacker most likely use?
D
Which of the following provides the largest address space? A. IPv4 B. IPv5 C. IPv6 D. IPv7
C
While analyzing a firewall log, you notice traffic going out of your netowrk on UDP port 53. What does this indicate? A. A connection with a botnet B. DNS traffic C. SMTP traffic D. SFTP traffic
B Dns traffic
A team of users in your organization needs a dedicated subnet. For security reasons, other users should not be able to connect to this subnet. Which of the following choices is the best solution?
D. Enable SNMP
An organization recently updated its security policy. A new equipment dictates a need to increase protection from rogue devices plugging into the physical ports. Which of the following choices provides the best solution?
C. Enable MAC limiting
What would administrators typically place at the end of an ACL of a firewall?
C. Password
Your organization wants to protect its web server from cross-site scripting attacks. Which of the following choices provides the best protection? A. WAF (Web app firewall) B. Network-based firewall C. Host-based firewall D. IDS
WAF - Web application firewall
Management recently learned that several employees are using the company network to visit gambling and gaming web sites. They want to implement a security control to prevent this in the future. Which of the following choices would meet this need? A. WAF B. UTM C. DMZ D. NIDS
UTM -unifed threat management device blocks url’s like a proxy server
Which of the following protocols operates on layer 7 of the OSI model? A. IPv6 B. TCP C. ARP D. SCP
SCP
Attackers frequently attack your organization, and admins want to learn more about zero-day attacks on the network. What can they use?
Honeypot
What type of encryption is used with WPA2 CCMP? A. AES B. TKIP C. RC4 D. SSL
AES
Admins in your company are planning to implement a wireless network. Mgmt has mandated that they use a RADIUS server and implement secure wireless authentication method. Which of the following should they use?
LEAP
Which of the following wirless security mechanisms is subject to a spoofing attack?
D. MAC address filtering
Which of the following is the best description of why disabling SSID broadcast is not an effective security measure against attackers? A. The network name is contained in wireless packets in plaintext. B. The passphrase is contained in wireless packets in plaintext C. The SSID is included in MAC filters D. The SSID is not used with WPA2
A.
You suspect that an executable file on a web server is malicious and includes a zero-day exploit. Which of the following steps can you take to verify your suspicious? A, Perform a code reivew B. Perform an architecture review C. Peform a design review D. Perform an O.S. baseline comparison
A. Perform a code review
Lisa has scanned all the user computers in the organization as part of a security audit. She is creating an inventory of these systems, including a list of applications running on each computer and the application versions. What is she most likely trying to identify? A. System architecture B. Application baseline C. Code vulnerabilities D, Attack surface
B. Application baseline
An updated security policy identifies authorized applications for company-issued mobile devices. Which of the following would prevent users from installing other applications on these devices? A.Geo-tagging B. Authentication C. ACL’s D. Whitelisting
ACL’s
Your company purchased new computers. A security professional has stressed all devices include TPM;s. What benefit does this provide? A. It uses hardward encryption, which is quicker than software encryption. B. It uses software encryption, which is faster than hardware. C. It includes an HSM file system D. It stores RSA keys
A and D
What functions does HSM include? A. Reduces risk of employees emailing confidential information outside the organizaton B. Provides webmail to clients C. Provides full drive encryption D. Generates and stores keys used with servers
D
Your orgnization has been receiving significant amout of spam with links to malicious websites. You want to stop the spam. Of the following choices, which provides the best solution?
C
Which of the following attacks will account lockout controls prevent choose two? A. DNS Poisoning B. Replay C. Brute force D. Buffer overflow E. Dictionary
C & E
A web developer wants to reduce the chances of an attacker successfully launching a XSRF attacks against web site applications. Which of the following provides the best chances? A. client-side input validation B. Web proxy C. Anti virus software D. Server-side input validation
D
A web developer is adding input validation techniques to a web site application. Which of the following should the developer implement during this process? A. Perform the validation on the server side B. Perform the validation on the client side C. Prevent boundary checks D. Encrypt data with TLS
A
An attacker is attempting to write more data into a web applications memory than it can handle. What type of attack is this? A. XSRF B. LDAP Injection C. Fuzzing D. Buffer overflow
D
During a penetration test, a tester injected extra input into an application causing the application to crash. What does this describe? A. SQL injection B. Fuzzing C. Transitive access D. XSRF
B
A security expert is attempting to identify the number of failures a web server has in a year. Which of the following is the expert MOST likely identifying? A. SLE B. MTTR C. ALE D. MTTF
C
A penetration tester is tasked with gaining informatin on one of your internal servers and he enters the following command: telnet server1 80 What is the purpose of this command?
A
A recent vulnerbility assessment identified several issues related to an organization’s security posture. Which of the following issuses is not MOST likely to affect the organization on a daty to day basis?
B
Which of the following tools would a security admin use to identify misconfigured systems within a network? A. Pentest B. Virus Scan C. Load test D. vulnerability scan
D Vulnerability scan
A security expert is running tests to identify the security posture of a network. Howerver, these test are not exploiting any weaknesses. Which of the following type of test is the security expert performing? A. Penetration test B. Virus scan C. Port scan D. Vulnerability scan
D. Vulnerability scan
Which of the following is the least invasive and can verify if security controls are in place? A. Pentest B. Protocol analyzer C. Vulnerability scan D. Host enumeration
C. Vulnerability scan
Your organzation develops web application software, which it sells to other companies for commerical use. To ensure the software is secure, your organization uses a peer assessment to help identify potential security issues related to the software. Which of the following is the best term for this process? A. Code review B. Change management C. Routine Audit D. Rights and permissions reviews
A. Code review
Your organization plans to deploy new systems within the network within the next six months. What should your organization implement to ensure these systems are developed properly? A. Code review B. design review C. baseline review D. attack surface review
B. design review
You need to periodically check the configuration of a server and identify any changes. What are you performing? A. Code review B. Design review C. Attack surface review D.Baseline review
D.Baseline review
Your organization hired an external security expert to test a web application. The security expert is not given any access to the application interfaces, code, or data. What type of test will the security expert perform? A. Black hat B. White box C. Gray box D. Black box
D. Black box
A security administrator needs to inspect protocal headers of traffic sent across the network. What tool is the best choice for t his task? A. web security gateway B. protocol analyzer C. honeypot D. vulnerability assessment
B. protocol analyzer
You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the best tool to capture and analyze this traffic? A. switch B. protocol analyzer C. firewall D. NIDS
B. protocol analyzer
Which of the following is the lowest cost solution for fault tolerance? A. Load balancing B. clustering C. RAID D. cold site
C. RAID
You need to modify the network infrastructure to increase availability of web-based applications for internet clients. Which of following choices provides the best solution? A. load balancing B. proxy server C. UTM D. content inspection
A. load balancing
A security analyst is creating a document that includes the expected monetary loss from a major outage. She is calculating the potential lost sales, fines, and impact on the organizations customers. Which of the following documents is she most likely creating? A. BCP B. BIA C. DRP D. RPO
B. BIA
Your organization is updating its business continunity documents. You’re asked to review the communications plans for possible updates. Which of the following should you ensure is included in the communications plan? A. a list of systems to recover in hierarchical order B. Incident response procedures C. list of critical systems and components D. methods used to respond to media requests, including templates
D. methods used to respond to media requests, including templates
What type of encryption does the RADIUS protocal use?
Symmetric
Your organization is planning to implement videoconferencing, but it wants to protect the confidentiality of the streaming video. Which of the following would best meet this need? A. PBKDF2 B. DES CMD5 D. RC4
D. RC4
An organization is implementing a PKI and plans on using public and private keys. Which of the following can be used to create strong key pairs? A. MD5 B. RSA C. AES D.HMAC
RSA
Your organization is investingating possible methods of sharing encryption keys over a public network. Which of the following is the best choice? A. CRL B. PBKDF2 C. Hashing D. ECDHE
D. Elliptic Curve Diffie-Hellman
You need to ensure data sent over an IP based netowrk remains confidential. Which of the following provides the BEST solution? A. stream ciphers B. block ciphers C. transport encryption D. hashing
C. transport encryption
Which two protocols provide strong security for the internet with the use of certificates? Choose two. A. SSH B. SSL C. SCP D. TLS E. SFTP
SSL & TLS
Homer works as a contractor at a company on a one year renewing contract. After renewing his contract the company gives him a new smart card. He is now having problems digitally signing email or opening encrypted email. What is most likely the solution? A. copy the original certificate to the new smart card B. copy his original private key to the new smart C. copy his original public key to the new smart card D. publish the certificate in his new smart card
D. publish the certificate in his new smart card can not copy certificates
An organization is implementing a data policy and wants to designate a recovery agent. Which of the following indicates what a recovery agent can do? A. a recovery agent can retrieve a users public key B. a recovery agent can decrypt data if users lose their private key C. a recovery agent can encrypt data if users lose thier private key D. a recovery agent can restore a system from backups
B. a recovery agent can decrypt data if users lose their private key
An organizational policy specifies that duties of application developers and administrators must be separated. What is the most likely result of implementing this policy? A. One group develops program code and the other group deploys the code B. One group develops program code and the other group modifies the code C. One group deploys program code and the other group administers the databases D. One group develops the databases and the other group modifies the databases
A. One group develops program code and the other group deploys the code
Application developers in your oganization currently update applications on live production servers when needed. However, they do not follow any pre-defined procedures before applying the updates. What should the organization implement to prevent any risk associated with this process?
Change management
Your organization wants to prevent damage from malware. Which stage of the common incident response procedures is the best stage to address this? A. Preparation B. Identification C. Mitigation D. Lessons learned
A. Preparation
You are reviewing incident response procedures related to the order of volatility. Which of the following is the Least volatile? A. Hard disk drive B. Memory C. RAID-6 cache D. CPU cache
A. Hard disk drive
A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called:
Firewall
A device designed to forward data packets between networks is called:
Router
Allowing a program through a firewall is known as creating:
Exception
A network device designed for managing the optimal distribution of workloads across multiple computing resources is called
Load balancer
The last default rule on a firewall is to:
Deny all traffic
A computer network service that allows clients to make indirect network connections to other network services is called
Proxy
A solution designed for filtering malicious / restricted content from entering corporate networks is known as:
Web security gateway
What type of protocols ensure the privacy of a VPN connection?
Tunneling
A software tool used to monitor and examine contents of network traffic is known as: (Select all that apply): A. Port Scanner B. Packet sniffer C. Vulnerability scanner D. Protocol analyzer
B. Packet sniffer and D. protocol analyzer
Which of the following answers list the protocol and port number used by a spam filter? (Select 2 answers): A. HTTPS B. 23 C. SMTP D. 443 E. TELNET F. 25
C. SMTP AND F. 25
