Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security Plus > Test #2 > Flashcards

Test #2 Flashcards

1
Q

An organization is looking for a filtering solution that will help eliminate some of the recent problems it has had with viruses and worms. Which of the following best meets this requirement?

❍ A. Intrusion detection
❍ B. Malware inspection
❍ C. Load balancing
❍ D. Internet content filtering

A

Answer B is correct. A malware inspection filter is basically a web filter
applied to traffic that uses the HTTP protocol. The body of all HTTP
requests and responses is inspected. Malicious content is blocked while legitimate
content passes through unaltered. Answer A is incorrect because
intrusion-detection systems are designed to analyze data, identify attacks, and
respond to the intrusion. Answer C is incorrect because load balancers are
servers configured in a cluster to provide scalability and high availability.
Answer D is incorrect because Internet content filters use a collection of
terms, words, and phrases that are compared to content from browsers and
applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which risk management response is being implemented when a company purchases
    insurance to protect against service outage?

❍ A. Acceptance
❍ B. Avoidance
❍ C. Mitigation
❍ D. Transference

A

Answer D is correct. The liability of risk is transferred through insurance
policies. Answer A is incorrect because accepting a risk is to do nothing in
response. Risk avoidance involves simply terminating the operation that produces
the risk, making answer B incorrect. Answer C is not correct because
mitigation applies a solution that results in a reduced level of risk or exposure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as what?

❍ A. Zombie
❍ B. Botnet
❍ C. Herder
❍ D. Virus

A

Answer B is correct. Answers A and C are incorrect but are related to a botnet
in that a zombie is one of many computer systems that make up a botnet,
whereas a bot herder is the controller of the botnet. Answer D is incorrect. A
virus is a program that infects a computer without the knowledge of the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?

❍ A. Buffer overflow
❍ B. Cross-site request forgery (XSRF)
❍ C. Cross-site scripting
❍ D. Input validation error

A

Answer B is correct. In order to mitigate cross-site request forgery (XSRF)
attacks, the most common solution is to add a token for every POST or GET
request that is initiated from the browser to the server. Answer A is incorrect
because buffer overflows are associated with input validation. Answer C is
incorrect because setting the HTTPOnly flag on the session cookie is used to
mitigate XXS attacks. Answer D is incorrect because input validation tests
whether an application properly handles input from a source outside the
application destined for internal processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following is one of the biggest challenges associated with database encryption?

❍ A. Multi-tenancy
❍ B. Key management
❍ C. Weak authentication components
❍ D. Platform support

A

Answer B is correct. One of the biggest challenges associated with database
encryption is key management. Answer A is incorrect because multi-tenancy is
a security issue related to cloud computing implementations. Answer C is
incorrect because lack of management software and weak authentication components
are associated with hardware hard drive encryption. Answer D is
incorrect because cost and platform support are concerns with smartphone
encryption products.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which form of access control enables data owners to extend access rights to other logons?

❍ A. MAC
❍ B. DAC
❍ C. Role-based (RBAC)
❍ D. Rule-based (RBAC)

A

Answer B is correct. Discretionary access control (DAC) systems enable data
owners to extend access rights to other logons. Mandatory access control
(MAC) systems require assignment of labels to extend access, making answer
A incorrect. Answers C and D are incorrect because both RBAC access control
forms rely on conditional assignment of access rules either inherited
(role-based) or by environmental factors such as time of day or secured terminal
location (rule-based).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. In a decentralized key management system, the user is responsible for which one of the following functions?

❍ A. Creation of the private and public key
❍ B. Creation of the digital certificate
❍ C. Creation of the CRL
❍ D. Revocation of the digital certificate

A

Answer A is correct. In a decentralized key system, the end user generates his
or her own key pair. The other functions, such as creation of the certificate,
CRL, and the revocation of the certificate, are still handled by the certificate
authority; therefore, answers B, C, and D are incorrect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What is the name given to the system of digital certificates and certificate authorities used for public key cryptography over networks?

❍ A. Protocol Key Instructions (PKI)
❍ B. Public Key Extranet (PKE)
❍ C. Protocol Key Infrastructure (PKI)
❍ D. Public Key Infrastructure (PKI)

A

Answer D is correct. Public Key Infrastructure describes the trust hierarchy
system for implementing a secure public key cryptography system over
TCP/IP networks. Answers A, B, and C are incorrect because these are bogus
terms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. If Sally wants to send a secure message to Mark using public-key encryption but is not worried about sender verification, what does she need in addition to her original message text?

❍ A. Sally’s private key
❍ B. Sally’s public key
❍ C. Mark’s private key
❍ D. Mark’s public key

A

Answer D is correct. Sally needs Mark’s public key to encrypt her original
message in a form that only Mark can decrypt. Neither of Sally’s keys is needed
because the originator does not need to be validated, making answers A
and B incorrect. Answer C is incorrect because Mark’s private key is used for
decrypting the encrypted message to reveal Sally’s original message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following methods would be the most effective method to physically secure laptops that are used in an environment such as an office?

❍ A. Security cables
❍ B. Server cages
❍ C. Locked cabinet
❍ D. Hardware locks

A

Answer A is correct. Security cables with combination locks can provide such
security and are easy to use. They are used mostly to secure laptops and leave
the equipment exposed. Answer B is incorrect because PC Safe tower and
server cages are designed to bolt to the floor and are meant to be in an environment
that is static. Answer C is incorrect because a locked cabinet is an
alternative for equipment that is not used or does not have to be physically
accessed on a regular, daily basis. Vendors provide solutions such as a security
cabinet locker that secures CPU towers. The housing is made of durable,
heavy-duty steel for strength. Answer D is incorrect because a hardware lock
is used for license enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which of the following serves the purpose of trying to lure a malicious attacker into a system?

❍ A. Honeypot
❍ B. Pot of gold
❍ C. DMZ
❍ D. Bear trap

A

Answer A is correct. A honeypot is used to serve as a decoy and lure a malicious
attacker. Answers B and D are incorrect answers and are not legitimate
terms for testing purposes. Answer C is incorrect because a DMZ is an area
between the Internet and the internal network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is the recommended range of humidity level according to the ASHRAE?

❍ A. 10%–20%
❍ B. 30%–40%
❍ C. 40%–55%
❍ D. 55%–65%

A

Answer C is correct. The American Society of Heating, Refrigerating and Air-
Conditioning Engineers (ASHRAE) recommends optimal humidity levels in the
40% to 55% range, making answers A, B, and D incorrect. Very low levels of
humidity can promote the buildup of electrostatic charges that can harm sensitive
electronic components. Very high levels of humidity can promote condensation
on chilled surfaces and introduce liquid into operating equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following is a network protocol that supports file transfers and is a combination of RCP and SSH?

❍ A. HTTPS
❍ B. FTPS
❍ C. SFTP
❍ D. SCP

A

Answer D is correct. The Secure Copy Protocol (SCP) is a network protocol
that supports file transfers. SCP is a combination of RCP and SSH. It uses the
BSD RCP protocol tunneled through the Secure Shell (SSH) protocol to provide
encryption and authentication. Answer A is incorrect because HTTPS is
used for secured web-based communications. Answer B is incorrect. FTPS,
also known as FTP Secure and FTP-SSL, is a FTP extension that adds support
for TLS and SSL. Answer C is incorrect because SFTP, or secure FTP, is
a program that uses SSH to transfer files. Unlike standard FTP, it encrypts
both commands and data, preventing passwords and sensitive information
from being transmitted in the clear over the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. You want to implement a technology solution for a small organization that can function as a single point of policy control and management for access to Internet content. Which of the following should you choose?

❍ A. Proxy gateway
❍ B. Circuit-level gateway
❍ C. Application-level gateway
❍ D. Web security gateway

A

Answer D is correct. Web security gateways offer a single point of policy control
and management for web-based content access. Answer A is too generic to
be a proper answer. Answer B is incorrect because a circuit-level gateway’s decisions
are based on source and destination addresses. Answer C is incorrect
because an application-level gateway understands services and protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have recently had security breaches in the network. You suspect they might be coming from a telecommuter’s home network. Which of the following devices would you use to require a secure method for employees to access corporate
resources while working from home?

❍ A. A router
❍ B. A VPN concentrator
❍ C. A firewall
❍ D. A network-based IDS

A

Answer B is correct. A VPN concentrator is used to allow multiple users to
access network resources using secure features that are built into the device and
are deployed where the requirement is for a single device to handle a very large
number of VPN tunnels. Answer A is incorrect because a router forwards information
to its destination on the network or the Internet. A firewall protects computers
and networks from undesired access by the outside world; therefore,
answer C is incorrect. Answer D is incorrect because network-based intrusiondetection
systems monitor the packet flow and try to locate packets that are not
allowed for one reason or another and might have gotten through the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

At which layer of the OSI model does the Internet Protocol Security protocol function?

❍ A. Network layer
❍ B. Presentation layer
❍ C. Session layer
❍ D. Application layer

A

Answer A is correct. IPsec validation and encryption function at the network
layer of the OSI model. Answers B, C, and D are incorrect because IPsec functions
at a lower level of the OSI model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. When troubleshooting SSL, which two layers of the OSI model are of most value?

❍ A. Application layer and Presentation layer
❍ B. Presentation layer and Session layer
❍ C. Application layer and Transport layer
❍ D. Physical layer and Data Link layer

A

Answer C is correct. SSL connections occur between the application and transport
layers. Answer A is incorrect because the Secure Sockets Layer SSL operates
at a deeper level. Answer B is incorrect because the Secure Sockets Layer transport
effectively fills the same role as these OSI model layers. Answer D is incorrect
because the data has been abstracted beyond the level at which SSL operates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. Which of the three principles of security is supported by an iris biometric system?

❍ A. Confidentiality
❍ B. Integrity
❍ C. Availability
❍ D. Vulnerability

A

Answer A is correct. Confidentiality involves protecting against unauthorized
access, which biometric authentication systems support. Integrity is concerned
with preventing unauthorized modification, making answer B incorrect. Answer
C is not correct because availability is concerned with ensuring that access to
services and data is protected against disruption. Answer D is incorrect because
a vulnerability is a failure in one or more of the C-I-A principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. _________ describes the potential that a weakness in hardware, software, process, or people will be identified and taken advantage of.

❍ A. Vulnerability
❍ B. Exploit
❍ C. Threat
❍ D. Risk

A

Answer C is correct. A threat is the potential that a vulnerability will be identified
and exploited. Answer A is incorrect because a vulnerability is the weakness
itself and not the likelihood that it will be identified and exploited.
Answer B is incorrect because an exploit is the mechanism of taking advantage
of a vulnerability rather than its likelihood of occurrence. Answer D is incorrect
because risk is the likelihood that a threat will occur and the measure of
its effect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. Which of the following is not a principal concern for first responders to a hacking
    incident within a corporation operating in the United States?

❍ A. Whether EMI shielding is intact
❍ B. Whether data is gathered properly
❍ C. Whether data is protected from modification
❍ D. Whether collected data is complete

A

Answer A is correct. EMI shielding is important to protecting data and services
against unauthorized interception as well as interference but is not a principal
concern for first responders following an incident. First responders must
ensure that data is collected correctly and protect it from modification using
proper controls, ensuring a clear chain of evidence, making answers B and C
incorrect. Answer D is incorrect because a first responder might be the only
agent able to ensure that all data is collected before being lost due to volatility
of storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. Which rule of evidence within the United States involves Fourth Amendment protections?

❍ A. Admissible
❍ B. Complete
❍ C. Reliable
❍ D. Believable

A

Answer A is correct. Admissibility involves collecting data in a manner that
ensures its viability in court, including legal requirements such as the Fourth
Amendment protections against unlawful search and seizure. Answers B and C
are incorrect because data must be collected completely and protected against
modification to ensure reliability, but these are not concerns of the Fourth
Amendment. Answer D is incorrect because believability focuses on evidence
being understandable, documented, and not subject to modification during
transition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. A user has downloaded trial software and subsequently downloads a key generator
    in order to unlock the trial software. The user’s antivirus detection software now alerts the user that the system is infected. Which one of the following best describes the type of malware infecting the system?

❍ A. Logic bomb
❍ B. Trojan
❍ C. Adware
❍ D. Worm

A

Answer B is correct. Trojans are programs disguised as something useful. In
this instance, the user was likely illegally trying to crack software, and in the
process infect the system with malware. Although answers A, C, and D are
types of malware, they are not the best choices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?

❍ A. DoS
❍ B. Masquerading
❍ C. DDoS
❍ D. Trojan horse

A

Answer C is correct. A distributed denial of service (DDoS) is similar to a
denial-of-service (DoS) attack in that they both try to prevent legitimate
access to services. However, a DDoS is a coordinated effort among many
computer systems; therefore, answer A is incorrect. Masquerading involves
using someone else’s identity to access resources; therefore, answer B is incorrect.
A Trojan horse is a program used to perform hidden functions; therefore,
answer D is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. What is the name given to the activity that consists of collecting information that will be later used for monitoring and review purposes?

❍ A. Logging
❍ B. Auditing
❍ C. Inspecting
❍ D. Vetting

A

Answer A is correct. Logging is the process of collecting data to be used for
monitoring and auditing purposes. Auditing is the process of verification that
normally involves going through log files; therefore, answer B is incorrect.
Typically, the log files are frequently inspected, and inspection is not the
process of collecting the data; therefore, answer C is incorrect. Vetting is the
process of thorough examination or evaluation; therefore, answer D is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
25. Which of the following are not methods for minimizing a threat to a web server? (Choose the two best answers.) ❍ A. Disable all non-web services ❍ B. Ensure Telnet is running ❍ C. Disable nonessential services ❍ D. Enable logging
Answers B and D are correct. Having Telnet enabled presents security issues and is not a primary method for minimizing threat. Logging is important for secure operations and is invaluable when recovering from a security incident. However, it is not a primary method for reducing threat. Answer A is incorrect because disabling all non-web services might provide a secure solution for minimizing threats. Answer C is incorrect because each network service carries its own risks; therefore, it is important to disable all nonessential services.
26
26. The organization is concerned about bugs in commercial off-the-shelf (COTS) software. Which of the following might be the only means of reviewing the security quality of the program? ❍ A. Fuzzing ❍ B. Cross-site scripting ❍ C. Input validation ❍ D. Cross-site request forgery
Answer A is correct. In some closed application instances, fuzzing might be the only means of reviewing the security quality of the program. Answer B is incorrect because cross-site scripting (XXS) vulnerabilities can be used to hijack the user’s session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer C is incorrect because input validation tests whether an application properly handles input from a source outside the application destined for internal processing. Answer D, Cross-site Request Forgery (XSRF), is an attack in which the end user executes unwanted actions on a web application while she is currently authenticated.
27
27. Which of the following is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated? ❍ A. Buffer overflow ❍ B. Input validation error ❍ C. Cross-site scripting ❍ D. Cross-site request forgery
Answer D is correct. Cross-site Request Forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect because input validation errors are a result of improper field checking in the code. Answer C is incorrect because cross-site scripting (XXS) vulnerabilities can be used to hijack the user’s session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.
28
28. Which of the follow methods would be the most effective method to physically secure computers that are used in a lab environment that operates on a part-time basis? ❍ A. Security cables ❍ B. Server cages ❍ C. Locked cabinet ❍ D. Hardware locks
Answer C is correct. A locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular, daily basis. Vendors provide solutions such as a security cabinet locker that secures CPU towers. The housing is made of durable, heavy-duty steel for strength. Answer A is incorrect because security cables with combination locks can provide such security and are easy to use but are used mostly to secure laptops and leave the equipment exposed. Answer B is incorrect because PC Safe tower and server cages are designed to bolt to the floor and are meant to be in an environment that is static. Answer D is incorrect because a hardware lock is used for license enforcement.
29
29. Which of the following methods would be the most effective to physically secure tower-style computers in a financial organization? ❍ A. Security cables ❍ B. Server cages ❍ C. Locked cabinet ❍ D. Hardware locks
Answer B is correct. Products such as PC Safe tower and server cages are designed to bolt to the floor and are meant to be in an environment that is static. For example, financial businesses have been hit hard by theft of desktop computers because they hold a lot of personal data. Answer A is incorrect because security cables with combination locks can provide such security and are easy to use and are used mostly to secure laptops and leave the equipment exposed. Answer C is incorrect because a locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular, daily basis. Answer D is incorrect because a hardware lock, also known as a software protection dongle, is used for license enforcement.
30
30. Your organization is exploring data loss prevention solutions. The proposed solution is an end-point solution. This solution is targeting which of the following data states? ❍ A. In motion ❍ B. At rest ❍ C. In use ❍ D. At flux
Answer C is correct. Protection of data in use is considered to be an endpoint solution and the application is run on end-user workstations or servers in the organization. Answer A is incorrect because protection of data in motion is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer B is incorrect because protection of data at rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer D is incorrect because there is no such data state.
31
31. Which of the following uses a secure crypto-processor to authenticate hardware devices such as PC or laptop? ❍ A. Public Key Infrastructure ❍ B. Full disk encryption ❍ C. File-level encryption ❍ D. Trusted Platform Module
Answer D is correct. TPM refers to a secure crypto-processor used to authenticate hardware devices such as PC or laptop. The idea behind TPM is to allow any encryption-enabled application to take advantage of the chip. Answer A is incorrect because Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Answer B is incorrect because fulldisk encryption involves encrypting the operating system partition on a computer and then booting and running with the system drive encrypted at all times. Answer C is incorrect because in file- or folder-level encryption, individual files or directories are encrypted by the file system itself.
32
32. Which process involves verifying keys as being authentic? ❍ A. Authorization ❍ B. Authentication ❍ C. Access control ❍ D. Verification
Answer B is correct. Authentication involves the presentation and verification of credentials of keys as being authentic. Answer A is incorrect because authorization involves checking authenticated credentials against a list of authorized security principles. Once checked, resource access is allowed or limited based on Access Control constraints, making answer C incorrect. Answer D is incorrect because verification of credentials occurs during authentication (as being authentic) and authorization (as being authorized to request resource access) and is not a recognized access control process.
33
33. Which category of authentication includes smart cards? ❍ A. Something you know ❍ B. Something you have ❍ C. Something you are ❍ D. Something you do
Answer B is correct. Something you have includes smart cards, tokens, and keys. Something you know includes account logons, passwords, and PINs, making answer A incorrect. Answers C and D are incorrect because both something you are and something you do involve measures of personal biological qualities and do not require an external device such as a smart card or key.
34
34. Which of the following is not a division of access control as defined by the Orange Book? ❍ A. Discretionary ❍ B. Limited ❍ C. Mandatory ❍ D. Verified
Answer B is correct. “Limited” is not an access control designation within the Trusted Computer System Evaluation Criteria (TCSEC) document DoD 5200.28-STD, often referred to as the “Orange Book.” The four divisions are Mandatory, Discretionary, Minimal, and Verified— making answers A, C, and D incorrect.
35
35. Which division of TCSEC access control includes the subdivisions Controlled Access Protection and Discretionary Security Protection? ❍ A. Division A ❍ B. Division B ❍ C. Division C ❍ D. Division D
Answer C is correct. Discretionary access control (C-level) includes subdivisions Discretionary Security Protection (C1) and Controlled Access Protection (C2) based on details such as data segmentation and logging. These are not subdivisions of the Minimal (D-level), Mandatory (B-level), or Verified (A-level) access control divisions—making answers A, B, and D incorrect.
36
36. Which of the following is a hybrid crypto system? ❍ A. IDEA ❍ B. MD5 ❍ C. RSA ❍ D. PGP
Answer D is correct. Pretty Good Privacy (PGP) is a hybrid cryptosystem that makes use of the incorrect choices, A, B, and C. IDEA is a symmetric encryption cipher, RSA is an asymmetric cipher, and MD5 is a hash.
37
37. Which of the following is the type of algorithm used by MD5? ❍ A. Block cipher algorithm ❍ B. Hashing algorithm ❍ C. Asymmetric encryption algorithm ❍ D. Cryptographic algorithm
Answer B is correct. Although the Message Digest (MD) series of algorithms is classified globally as a symmetric key encryption algorithm, the correct answer is hashing algorithm, which is the method that the algorithm uses to encrypt data. Answer A in incorrect because a block cipher divides the message into blocks of bits. Answer C is incorrect because MD5 is a symmetric key algorithm, not an asymmetric encryption algorithm (examples of this include RC6, Twofish, and Rijndael). Answer D is incorrect because cryptographic algorithm is a bogus term.
38
38. To check the validity of a digital certificate, which one of the following would be used? ❍ A. Corporate security policy ❍ B. Certificate policy ❍ C. Certificate revocation list ❍ D. Expired domain names
Answer C is correct. A certificate revocation list (CRL) provides a detailed list of certificates that are no longer valid. A corporate security policy would not provide current information on the validity of issued certificates; therefore, answer A is incorrect. A certificate policy does not provide information on invalid issued certificates, either; therefore, answer B is incorrect. Finally, an expired domain name has no bearing on the validity of a digital certificate; therefore, answer D is incorrect.
39
39. What is the acronym for the de facto cryptographic message standards developed by RSA Laboratories? ❍ A. PKIX ❍ B. X.509 ❍ C. PKCS ❍ D. Both A and C
Answer C is correct. The Public Key Cryptography Standards (PKCS) are the de facto cryptographic message standards developed and maintained by RSA Laboratories, a division of the RSA Security Corporation. PKIX describes the development of Internet standards for X.509-based digital certificates; therefore, answers A, B, and D are incorrect.
40
40. Which of the following is true of digital signatures? (Choose the two best answers.) ❍ A. They use the skipjack algorithm. ❍ B. They can be automatically time-stamped. ❍ C. They allow the sender to repudiate that the message was sent. ❍ D. They cannot be imitated by someone else.
Answers B and D are correct. Digital signatures offer several features and capabilities. This includes being able to ensure the sender cannot repudiate that he or she used the signature. In addition, non-repudiation schemes are capable of offering time stamps for the digital signature. Answer A is incorrect. The Skipjack algorithm was developed for use with a chipset developed by the U.S. government. Skipjack provides only for encryption. Answer C is incorrect, as a key feature of digital signatures is to provide for non-repudiation.
41
41. What is the recommended best model of privilege management in a large extended enterprise? ❍ A. DACLs ❍ B. User-based ❍ C. SACLs ❍ D. Group-based
Answer D is correct. Group-based privilege management is generally the best model for assignment of rights and denials in large extended enterprise environments, as a user’s rights can be easily reviewed by examining its group membership. Answer B is incorrect because user-based privilege management requires significant overhead to provision and de-provision individual permissions and can leave unauthorized access rights after personnel transfer between organizational roles or locales. Answers A and C are incorrect because both discretionary (DACLs) and system access control lists (SACLs) are produced as the result of privilege assignment and not models of management.
42
42. Which authorization protocol is generally compatible with TACACS? ❍ A. LDAP ❍ B. RADIUS ❍ C. TACACS+ ❍ D. XTACACS
Answer D is correct. The Extended Terminal Access Controller Access Control System (XTACACS) protocol is a proprietary form of the TACACS protocol developed by Cisco and is compatible in many cases. Neither LDAP nor RADIUS is affiliated with the TACACS protocol, making answers A and B incorrect. Answer C is incorrect because the newer TACACS+ is not backward-compatible with its legacy equivalent.
43
43. Your organization is exploring data loss prevention solutions. The proposed solution is a software storage solution that monitors how confidential data is stored. This solution is targeting which of the following data states? ❍ A. In motion ❍ B. At rest ❍ C. In use ❍ D. At flux
Answer B is correct. Protection of data at rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer C is incorrect because protection of data in use is considered to be an endpoint solution and the application is run on end-user workstations or servers in the organization. Answer A is incorrect because protection of data in motion is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer D is incorrect because there is no such data state.
44
44. Which of the following is needed to establish effective security baselines for host systems? (Select two correct answers.) ❍ A. Cable locks ❍ B. Mandatory settings ❍ C. Standard application suites ❍ D. Decentralized administration
Answers B and C are correct. In order to establish effective security baselines, enterprise network security management requires a measure of commonality between the systems. Mandatory settings, standard application suites, and initial setup configuration details all factor into the security stance of an enterprise network. Answer A is incorrect because cable locks have nothing to do with effective security baselines. Answer D is incorrect because decentralized management does not have anything to do with security baselines.
45
45. Which of the following types of attacks is executed by placing malicious executable code on a website? ❍ A. Buffer overflow ❍ B. Cross-site request forgery (XSRF) ❍ C. Cross-site scripting (XXS) ❍ D. Input validation error
Answer C is correct. Cross-site scripting (XXS) vulnerabilities can be used to hijack the user’s session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect. The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. Answer D is incorrect because input validation errors are a result of improper field checking in the code.
46
46. Which of the following are examples of protocol analyzers? (Select all correct answers.) ❍ A. Metasploit ❍ B. Wireshark ❍ C. SATAN ❍ D. Network Monitor
Answers B and D are correct. Windows Server operating systems come with a protocol analyzer called Network Monitor. Third-party programs such as Wireshark can also be used for network monitoring. Metasploit is a framework used for penetration testing, and SATAN is a network security testing tool; therefore, answers A and C are incorrect.
47
47. Which one of the following is not an example of a type of virus? ❍ A. Boot sector ❍ B. Macro ❍ C. Stealth ❍ D. Multiparisite
Answer D is correct. Answers A, B, and C each represent a different type of virus. Multiparisite is not a type of computer virus; however, a multipartite is a type of virus that describes a hybrid of a boot sector and program virus.
48
48. Which form of cabling is least susceptible to EM interference? ❍ A. STP ❍ B. UTP ❍ C. Co-axial ❍ D. Fiber-optic
Answer D is correct. Fiber-optic cabling is least subject to electromagnetic (EM) interference because its communications are conducted by transmitting pulses of light over glass, plastic, or sapphire transmission fibers. Twisted-pair (shielded STP as well as unshielded UTP) copper cables provide minimal shielding against interference but can function as antenna picking up nearby EM sources when extended over long cable runs, making answers A and B incorrect. Answer C is incorrect because, although co-axial cables limit EM interference by encasing one conductor in a sheath of conductive material, they are still conductive and not as resistant as purely optical forms of communication
49
49. Which of the following is not a factor used in asset identification? ❍ A. Methods of access ❍ B. Original and replacement costs ❍ C. Maintenance costs ❍ D. Profit generated
Answer A is correct. Methods of access are identified during the risk and threat assessment rather than during asset identification. Asset identification involves original and replacement costs along with maintenance costs and profits generated by the asset. Consequently, answers B, C, and D are incorrect.
50
50. It is suspected that some recent network compromises are originating from the use of SNMP. Which of the following UDP port traffic should be monitored? (Choose two correct answers.) ❍ A. 161 ❍ B. 139 ❍ C. 138 ❍ D. 162
Answers A and D are correct. UDP ports 161 and 162 are used by SNMP. Answer B is incorrect because UDP uses port 139 for network sharing. Answer C is incorrect because port 138 is used to allow NetBIOS traffic for name resolution.
51
51. You are implementing network access for several internal business units that work with sensitive information on a small organizational network. Which of the following would best mitigate risk associated with users improperly accessing other segments of the network without adding additional switches? ❍ A. Log analysis ❍ B. Access Control Lists ❍ C. Network segmentation ❍ D. Proper VLAN management
Answer D is correct. VLANs provide a way to limit broadcast traffic in a switched network. This creates a boundary and, in essence, creates multiple, isolated LANs on one switch. Answer A is incorrect because logging is the process of collecting data to be used for monitoring and auditing purposes. Answer B is incorrect because access control generally refers to the process of making resources available to accounts that should have access while limiting that access to only what is required. Answer C is incorrect because access network segmentation is used for interconnected networks where one compromised system on one network can easily spread to other networks.
52
52. Your organization is exploring data loss prevention solutions. The proposed solution is a software network solution installed near the network perimeter to monitor for and flag policy violations. This solution is targeting which of the following data states? ❍ A. In motion ❍ B. At rest ❍ C. In use ❍ D. At flux
Answer A is correct. Protection of data in motion is considered to be a network solution, and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer B is incorrect because protection of data at rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer C is incorrect because protection of data in use is considered to be an endpoint solution and the application is run on end-user workstations or servers in the organization. Answer D is incorrect because there is no such data state.
53
53. What is the first step in performing a basic forensic analysis? ❍ A. Ensure that the evidence is acceptable in a court of law ❍ B. Identify the evidence ❍ C. Extract, process, and interpret the evidence ❍ D. Determine how to preserve the evidence
Answer B is correct. It is necessary to first identify the evidence that is available to be collected. Answer A is incorrect because protecting the data’s value as evidence must come after the type and form of evidence is known. Extraction, preservation, processing, and interpretation of evidence also follow the identification of data types and storage that must be collected, making answers C and D incorrect.
54
54. Which of the following is not true regarding expiration dates of certificates? ❍ A. Certificates may be issued for a week. ❍ B. Certificates are issued only at yearly intervals. ❍ C. Certificates may be issued for 20 years. ❍ D. Certificates must always have an expiration date.
Answer B is correct. Digital certificates contain a field indicating the date to which the certificate is valid. This date is mandatory, and the validity period can vary from a short period of time up to a number of years; therefore, answers A, C, and D are incorrect.
55
55. Which of the following statements are true when discussing physical security? (Select all correct answers.) ❍ A. Physical security attempts to control access to data from Internet users. ❍ B. Physical security attempts to control unwanted access to specified areas of a building. ❍ C. Physical security attempts to control the effect of natural disasters on facilities and equipment. ❍ D. Physical security attempts to control internal employee access into secure areas.
Answers B, C, and D are correct. Natural disasters, unwanted access, and user restrictions are all physical security issues. Preventing Internet users from getting to data is data security, not physical security; therefore, answer A is incorrect.
56
56. Which type of authorization provides no mechanism for unique logon identification? ❍ A. Anonymous ❍ B. Kerberos ❍ C. TACACS ❍ D. TACACS+
Answer A is correct. During anonymous access, such as requests to a public FTP server, unique identify of the requester is not determined and so cannot be used for personalized logon identification. Answers B, C, and D are incorrect because authorization services such as Kerberos, TACACS, and its replacement TACACS+ all verify access requests against a list of authorized credentials and so can log individual visits and identify access request logons.
57
57. Which is the best rule-based access control constraint to protect against unauthorized access when admins are off-duty? ❍ A. Least privilege ❍ B. Separation of duties ❍ C. Account expiration ❍ D. Time of day
Answer D is correct. Time of day rules prevent administrative access requests during off-hours when local admins and security professionals are not on duty. Answer A is incorrect because least privilege is a principle of assigning only those rights necessary to perform assigned tasks. Answer B is incorrect because separation of duties aids in identification of fraudulent or incorrect processes by ensuring that action and validation practices are performed separately. Answer C is incorrect because account expiration protocols ensure that individual accounts do not remain active past their designated lifespan but do nothing to ensure protections are enabled during admin downtime.
58
58. Which of the following protocols supports DES, 3DES, RC2, and RSA2 encryption along with CHAP authentication, but was not widely adopted? ❍ A. S-HTTP ❍ B. S/MIME ❍ C. HTTP ❍ D. PPTP
Answer A is correct. An alternative to HTTPS is the Secure Hypertext Transport Protocol (S-HTTP), which was developed to support connectivity for banking transactions and other secure web communications. S-HTTP was not adopted by the early web browser developers (for example, Netscape and Microsoft) and so remains less common than the HTTPS standard. Additionally, S-HTTP encrypts individual messages so it cannot be used for VPN security. Answer B is incorrect. S/MIME is used to encrypt electronic mail transmissions over public networks. Answer C is incorrect because HTTP is used for unsecured web-based communications. Answer D is incorrect because Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks.
59
59. A new switch has been implemented in areas where there is very little physical access control. Which of the following would the organization implement as a method for additional checks in order to prevent unauthorized access? ❍ A. Loop protection ❍ B. Flood guard ❍ C. Implicit deny ❍ D. Port security
Answer D is correct. Port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port. Answer A is incorrect because the loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denialof- service attacks (DoS). Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access.
60
60. There have been some sporadic connectivity issues on the network. Which of the following is the best choice to investigate these issues? ❍ A. Protocol analyzer ❍ B. Circuit-level gateway logs ❍ C. Spam filter appliance ❍ D. Web application firewall logs
Answer A is correct. Protocol analyzers help you troubleshoot network issues by gathering packet-level information across the network. These applications capture packets and can conduct protocol decoding, putting the information into readable data for analysis. Answer B is incorrect because a circuit-level gateway filters based on source and destination addresses. Answer C is incorrect because all-in-one spam filter appliances allow for checksum technology, which tracks the number of times a particular message has appeared, and message authenticity checking, which uses multiple algorithms to verify authenticity of a message. Answer D is incorrect because a web application firewall is software or a hardware appliance used to protect the organization’s web server from attack.
61
61. Which of the following types of attacks can be done by either convincing the users to click on an HTML page the attacker has constructed or insert arbitrary HTML in a target website that the users visit? ❍ A. Buffer overflow ❍ B. Cross-site request forgery (XSRF) ❍ C. Cross-site scripting (XXS) ❍ D. Input validation error
Answer B is correct. The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. All they need to do is get the browsers to make a request to the website on their behalf. This can be done by either convincing the users to click on an HTML page the attacker has constructed or inserting arbitrary HTML in a target website that the users visit. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer C is incorrect because cross-site scripting (XXS) vulnerabilities can be used to hijack the user’s session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer D is incorrect because input validation errors are a result of improper field checking in the code.
62
62. Which of the following standards is used in HSMs? ❍ A. PKCS #11 ❍ B. PKCS #7 ❍ C. AES ❍ D. EFS
Answer A is correct. The PKCS #11 standard provides for access to public and private asymmetric keys, symmetric keys, X.509 certificates, and application data. PKCS #11 is the de facto standard for platform applications, although some newer HSMs include more advanced authentication and authorization models. Answer B is incorrect because PKCS #7 Cryptographic Message Syntax Standard describes the syntax for data streams such as digital signatures that may have cryptography applied to them. Answer C is incorrect because AES is most commonly found on USB drive encryption. Answer D is incorrect because EFS is the encrypting file system available in newer Microsoft operating systems.
63
63. Which of the following algorithms is not an example of a symmetric encryption algorithm? ❍ A. Rijndael ❍ B. Diffie-Hellman ❍ C. RC6 ❍ D. AES
Answer B is correct. Diffie-Hellman uses public and private keys, so it is considered an asymmetric encryption algorithm. Because Rijndael and AES are now one in the same, they both can be called symmetric encryption algorithms; therefore, answers A and D are incorrect. Answer C is incorrect because RC6 is symmetric, too.
64
64. Which of the following best describes the process of encrypting and decrypting data using an asymmetric encryption algorithm? ❍ A. Only the public key is used to encrypt, and only the private key is used to decrypt. ❍ B. The public key is used to either encrypt or decrypt. ❍ C. Only the private key is used to encrypt, and only the public key is used to decrypt. ❍ D. The private key is used to decrypt data encrypted with the public key.
Answer D is correct. When encrypting and decrypting data using an asymmetric encryption algorithm, you use only the private key to decrypt data encrypted with the public key. Answers A and B are both incorrect because in public key encryption, if one key is used to encrypt, you can use the other to decrypt the data. Answer C is incorrect because the public key is not used to decrypt the same data it encrypted
65
65. Which one of the following defines APIs for devices such as smart cards that contain cryptographic information? ❍ A. PKCS #11 ❍ B. PKCS #13 ❍ C. PKCS #4 ❍ D. PKCS #2
Answer A is correct. PKCS #11, the Cryptographic Token Interface Standards, defines an API named Cryptoki for devices holding cryptographic information. Answer B is incorrect because PKCS #13 is the Elliptic Curve Cryptography Standard. Both answers C and D are incorrect because PKCS #4 and PKCS #2 no longer exist and have been integrated into PKCS #1, RSA Cryptography Standard
66
66. Which of the following are steps that can be taken to harden FTP services? ❍ A. Anonymous access to share files of questionable or undesirable content should be limited. ❍ B. Regular review of networks for unauthorized or rogue servers. ❍ C. Technologies that allow dynamic updates must also include access control and authentication. ❍ D. Unauthorized zone transfers should also be restricted
Answer A is correct. Anonymous access to share files of questionable or undesirable content should be limited for proper FTP server security. Answer B is incorrect because it is a hardening practice for DHCP services. Answers C and D are incorrect because they are associated with hardening DNS service.
67
67. A situation in which a program or process attempts to store more data in a temporary data storage area than it was intended to hold is known as a what? ❍ A. Buffer overflow ❍ B. Denial of service ❍ C. Distributed denial of service ❍ D. Storage overrun
Answer A is correct. A buffer overflow occurs when a program or process attempts to store more data in a buffer than the buffer was intended to hold. The overflow of data can flow over into other buffers overwriting or deleting data. A denial of service is a type of attack in which too much traffic is sent to a host, preventing it from responding to legitimate traffic. A distributed denial of service is similar, but it is initiated through multiple hosts; therefore, answers B and C are incorrect. Although answer D sounds correct, it is not.
68
68. TEMPEST deals with which form of environmental control? ❍ A. HVAC ❍ B. EMI shielding ❍ C. Humidity ❍ D. Cold-aisle
Answer B is correct. TEMPEST protections involve the hardening of equipment against EMI broadcast and sensitivity. Answers A and C are incorrect because HVAC controls include temperature and humidity management techniques to manage evolved heat in the data center and to minimize static charge buildup. Answer D is incorrect because hot-aisle/cold-aisle schemes provide thermal management for data centers by grouping air intakes on cold aisles and air exhausts on designated hot aisles, making HVAC more effective.
69
69. Which of the following is included in hardening a host operating system? ❍ A. A policy for antivirus updates ❍ B. A policy for remote wipe ❍ C. An efficient method to connect to remote sites ❍ D. An effective system for file-level security
Answer D is correct. Hardening of the operating system includes planning against both accidental and directed attacks, such as the use of fault-tolerant hardware and software solutions. In addition, it is important to implement an effective system for file-level security, including encrypted file support and secured file system selection that allows the proper level of access control. Answer A is incorrect because it is a host protection measure, not an OS hardening measure. Answer B is incorrect because this is a feature associated with data security, not host hardening. Answer C is incorrect because this is a secure communication measure.
70
70. Which of the following is the preferred type of encryption used in SaaS platforms? ❍ A. Application level ❍ B. Database level ❍ C. Media level ❍ D. HSM leve
Answer A is correct. In an SaaS environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data from the user all the way to storage. Answer B is incorrect because in cloud implementations data should be encrypted at the application layer rather than within a database due to the complexity involved, and media encryption is managed at the storage layer. Answer C is incorrect because encryption of a complete virtual machine on IaaS could be considered media encryption. Answer D is incorrect because an HSM solution is mainly found in private datacenters that manage and offload cryptography with dedicated hardware appliances.
71
71. Several organizational users are experiencing network and Internet connectivity issues. Which of the following would be most helpful in troubleshooting where the connectivity problems might exist? ❍ A. SSL ❍ B. IPsec ❍ C. SNMP ❍ D. Traceroute
Answer D is correct. Traceroute uses an ICMP echo request packet to find the path between two addresses. Answer A is incorrect because SSL is a public key-based security protocol that is used by Internet services and clients for authentication, message integrity, and confidentiality. Answer B is incorrect because Internet Protocol Security (IPsec) authentication and encapsulation standard is widely used to establish secure VPN communications. Answer C is incorrect because SNMP is an application layer protocol whose purpose is to collect statistics from TCP/IP devices. SNMP is used for monitoring the health of network equipment, computer equipment, and devices such as uninterruptible power supplies (UPSs).
72
72. An organization has an access control list implemented on the border router, but it appears that unauthorized traffic is still being accepted. Which of the following would the organization implement to improve the blocking of unauthorized traffic? ❍ A. Loop protection ❍ B. Flood guard ❍ C. Implicit deny ❍ D. Port security
Answer C is correct. Implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access. Answer A is incorrect because the loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denial of service attacks (DoS). Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.
73
73. An asset is valued at $12,000; the threat exposure factor of a risk affecting that asset is 25%; and the annualized rate of occurrence is 50%. What is the SLE? ❍ A. $1,500 ❍ B. $3,000 ❍ C. $4,000 ❍ D. $6,000
Answer B is correct. The single loss expectancy (SLE) is the product of the value ($12,000) and the threat exposure (.25) or $3,000. Answer A is incorrect because $1,500 represents the annualized loss expectancy (ALE), which is the product of the SLE and the annualized rate of occurrence (ARO). Answers C and D are incorrect calculated values.
74
74. Which form of fire suppression functions best in an Alaskan fire of burning metals? ❍ A. Dry-pipe sprinkler ❍ B. Wet-pipe sprinkler ❍ C. Carbon dioxide ❍ D. Dry powder
Answer D is correct. Combustible metal fires (Class D) require sodium chloride and copper-based dry powder extinguishers. Although dry-pipe would be preferable to wet-pipe sprinklers in regions that experience very low temperatures such as Alaska, water is only appropriate for wood, paper, and trash fires (Class A), making answers A and B incorrect. Answer C is incorrect because carbon dioxide and Halon extinguishers are useful for fires involving live electric wiring (Class C) and would not be used for burning metals.
75
75. While performing regular security audits, you suspect that your company is under attack and someone is attempting to use resources on your network. The IP addresses in the log files belong to a trusted partner company, however. Assuming an attack, which of the following might be occurring? ❍ A. Replay ❍ B. Authorization ❍ C. Social engineering ❍ D. Spoofing
Answer D is correct. The most likely answer is spoofing because this enables an attacker to misrepresent the source of the requests. Answer A is incorrect because this type of attack records and replays previously sent valid messages. Answer B is incorrect because this is not a type of attack but is instead the granting of access rights based on authentication. Answer C is incorrect because social engineering involves the nontechnical means of gaining information.
76
76. Which mandatory access control label is appropriate for generally available data? ❍ A. ANONYMOUS ❍ B. PUBLIC ❍ C. SENSITIVE ❍ D. SECRET
Answer B is correct. The PUBLIC label can be applied to generally available data within MAC access control environments. Answer A is incorrect because the ANONYMOUS method of authorization is not available in MAC environments because it lacks logon identification. Answers C and D are incorrect because the SENSITIVE and SECRET labels indicate access control limitations that are more restrictive than PUBLIC.
77
77. After a new switch was implemented, some sporadic connectivity issues on the network have occurred. The issues are suspected to be device related. Which of the following would the organization implement as a method for additional checks in order to prevent issues? ❍ A. Loop protection ❍ B. Flood guard ❍ C. Implicit deny ❍ D. Port security
Answer A is correct. The loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denial-of-service attacks (DoS). Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.
78
78. Which of the following is an example of a false negative result? ❍ A. An authorized user is granted access to a resource. ❍ B. An unauthorized user is granted access to a resource. ❍ C. An authorized user is refused access to a resource. ❍ D. An unauthorized user is refused access to a resource.
Answer C is correct. A false negative result involves access refusal for an authorized user, which makes answer D incorrect. Answers A and B are incorrect because they represent granted resource access.
79
79. Which of the following is the best choice for encrypting large amounts of data? ❍ A. Asymmetric encryption ❍ B. Symmetric encryption ❍ C. Elliptical curve encryption ❍ D. RSA encryption
Answer B is correct. Public key encryption is not usually used to encrypt large amounts of data, but it does provide an effective and efficient means of sending a secret key from which to do symmetric encryption thereafter, which provides the best method for efficiently encrypting large amounts of data. Therefore, answers A, C, and D are incorrect.
80
80. You want to be sure that the FTP ports that are required for a contract worker’s functionality have been properly secured. Which of the following ports would you check? ❍ A. 25/110/143 ❍ B. 20/21 ❍ C. 137/138/139 ❍ D. 161/162
Answer B is correct. Ports 20 and 21 are used for FTP. Answer A is incorrect because these ports are used for email. Answer C is incorrect because these NetBIOS ports are required for certain Windows network functions such as file sharing. Answer D is incorrect because these ports are used for SNMP.
81
81. Security guards are a form of which specific type of control? ❍ A. Management ❍ B. Technical ❍ C. Physical ❍ D. Access
Answer C is correct. Physical controls include facility design details such as layout, door, locks, guards, and surveillance systems. Management controls include policies and procedures, whereas technical controls include access control systems, encryption, and data classification solutions, making answers A and B incorrect. Access controls include all three classifications: management, technical, and physical, making answer D incorrect because the question asks for a specific type.
82
82. Which utility allows for the compilation of a list of systems, devices, and network hardware? ❍ A. Port scanner ❍ B. Vulnerability scanner ❍ C. Protocol analyzer ❍ D. Network mapper
Answer D is correct. A network mapper identifies all devices within a network segment. Port scanners check service ports on a single device, making answer A incorrect. Answer B is incorrect because vulnerability scanners look for particular vulnerabilities associated with versions of software or services. Answer C is incorrect because protocol analyzers examine network traffic and identify protocols and endpoint devices in the identified transactions.
83
83. Which one of the following is not considered a physical security component? ❍ A. VPN tunnel ❍ B. Mantrap ❍ C. Fence ❍ D. CCTV
Answer A is correct. A VPN tunnel is an example of data security—not physical security. Mantrap, fence, and CCTV are all components of physical security; therefore, answers B, C, and D are incorrect.
84
84. A physical security plan should include which of the following? (Select all correct answers.) ❍ A. Description of the physical assets being protected ❍ B. The threats from which you are protecting against and their likelihood ❍ C. Location of a hard disk’s physical blocks ❍ D. Description of the physical areas where assets are located
Answers A, B, and D are correct. A physical security plan should be a written plan that addresses your current physical security needs and future direction. With the exception of answer C, all the answers are correct and should be addressed in a physical security plan. A hard disk’s physical blocks pertain to the file system.
85
85. Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.) ❍ A. Buffer overflow ❍ B. Cross-site request forgery (XSRF) ❍ C. Cross-site scripting ❍ D. Input validation error
Answers A and D are correct. A buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions, and input validation errors are a result of improper field checking in the code. Answer B is incorrect because Cross-site Request Forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while he or she is currently authenticated. Answer C is incorrect because cross-site scripting (XXS) vulnerabilities can be used to hijack the user’s session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.
86
86. An organization is looking to add a layer of security and improve enterprise desktop management. Which of the following fulfills this requirement? ❍ A. Virtualization ❍ B. Network storage policies ❍ C. VPN remote access ❍ D. Roaming profiles
Answer A is correct. Virtualization adds a layer of security as well as improves enterprise desktop management and control with faster deployment of desktops and fewer support calls due to application conflicts. Answer B is incorrect because network storage policies have nothing to do with desktop management. Answer C is incorrect because VPN remote access does not improve enterprise desktop management. Answer D is incorrect because roaming profiles do not add a layer of security.
87
87. Which of the following is a program that uses SSH to transfer files? ❍ A. S-HTTP ❍ B. S/MIME ❍ C. SFTP ❍ D. HTTPS
Answer C is correct. SFTP, or secure FTP, is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network. Answer A is incorrect because S-HTTP is an alternative to HTTPS, which was developed to support connectivity for banking transactions and other secure web communications. Answer B is incorrect. S/MIME is used to encrypt electronic mail transmissions over public networks. Answer D is incorrect because HTTPS is used for secured web-based communications.
88
88. Which one of the following best describes the type of attack designed to bring a network to a halt by flooding the systems with useless traffic? ❍ A. DoS ❍ B. Ping of death ❍ C. Teardrop ❍ D. Social engineering
Answer A is correct. A DoS attack (or denial of service) is designed to bring down a network by flooding the system with an overabundance of useless traffic. Although answers B and C are both types of DoS attacks, they are incorrect because DoS more accurately describes “a type of attack.” Answer D is incorrect because social engineering describes the nontechnical means of obtaining information.
89
89. The process of making an operating system more secure by closing known vulnerabilities and addressing security issues is known as which of the following? ❍ A. Handshaking ❍ B. Hardening ❍ C. Hotfixing ❍ D. All of the above
Answer B is correct. Hardening refers to the process of securing an operating system. Handshaking relates the agreement process before communication takes place; therefore, answer A is incorrect. A hotfix is just a security patch that gets applied to an operating system; therefore, answer C is incorrect. Hardening is the only correct answer; therefore, answer D is incorrect.
90
90. An organization is looking for a mobile solution that allows both executives and employees to discuss sensitive information without having to travel to secure company locations. Which of the following fulfills this requirement? ❍ A. GPS tracking ❍ B. Voice encryption ❍ C. Remote wipe ❍ D. Passcode policy
Answer B is correct. Mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. Answer C is incorrect because remote wipe allows a handheld’s data to be remotely deleted in the event the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.
91
91. Users received a spam email from an unknown source and chose the option in the email to unsubscribe and are now getting more spam as a result. Which one of the following is most likely the reason? ❍ A. The unsubscribe option does not actually do anything. ❍ B. The unsubscribe request was never received. ❍ C. Spam filters were automatically turned off when making the selection to unsubscribe. ❍ D. They confirmed that their addresses are “live.”
Answer D is correct. Often an option to opt out of further email does not unsubscribe users; instead it means, “send me more spam,” because it has been confirmed that the email address is not dormant. This is less likely to occur with email a user receives that he or she opted into in the first place, however. Answers A, B, and C are incorrect because these are less likely and not the best choices
92
92. Which form of data storage is the most subject to modification? ❍ A. Main memory ❍ B. Write-once memory ❍ C. Routing tables ❍ D. Secondary memory
Answer C is correct. Only CPU registers and caches are more volatile than routing and process tables, making answers A, B, and D incorrect as well.
93
93. Which of the following is not an example of multifactor authentication? ❍ A. Logon and password ❍ B. Smart card and PIN ❍ C. RFID chip and thumbprint ❍ D. Gait and iris recognition
Answer A is correct. Both logon and password represent a form of “what you know” authentication. Answers B, C, and D are all incorrect because they represent paired multifactor forms of authentication. A smart card and PIN represent what you have and know, and an RFID chip and thumbprint link what you have with what you are. Gait is a measure of what you do, and iris details are an example of what you are.
94
94. Which of the following is an example of role-based access control criteria? ❍ A. GPS coordinates ❍ B. Trusted OS ❍ C. Members of the Administrators group ❍ D. Time of day
Answer C is correct. Role-based access control involves assignment of access rights to groups associated with specific roles, with accounts inheriting rights based on group membership. Answers A and B are incorrect, as requirements for access only from specific locations or only from systems running a trusted OS are examples of rule-based access controls. Time of day restrictions are also rule-based access controls, making answer D incorrect.
95
95. The sender of data is provided with proof of delivery, and neither the sender nor receiver can deny either having sent or received the data. What is this called? ❍ A. Nonrepudiation ❍ B. Repetition ❍ C. Nonrepetition ❍ D. Repudiation
Answer A is correct. Nonrepudiation means that neither party can deny either having sent or received the data in question. Both answers B and C are incorrect. And repudiation is defined as the act of refusal; therefore, answer D is incorrect.
96
96. Which of the following are steps that can be taken to harden DHCP services? ❍ A. Anonymous access to share files of questionable or undesirable content should be limited. ❍ B. Regular review of networks for unauthorized or rogue servers. ❍ C. Technologies that allow dynamic updates must also include access control and authentication. ❍ D. Unauthorized zone transfers should also be restricted.
Answer B is correct. Regular review of networks for unauthorized or rogue servers is a practice used to harden DHCP services. Answer A is incorrect because anonymous access to share files of questionable or undesirable content should be limited for proper FTP server security. Answers C and D are incorrect because they are associated with hardening DNS servers.
97
97. Which of the fields included within a digital certificate identifies the directory name of the entity signing the certificate? ❍ A. Signature Algorithm Identifier ❍ B. Issuer ❍ C. Subject Name ❍ D. Subject Public Key Information
Answer B is correct. The Issuer field identifies the name of the entity signing the certificate, which is usually a certificate authority. The Signature Algorithm Identifier identifies the cryptographic algorithm used by the CA to sign the certificate; therefore, answer A is incorrect. The Subject Name is the name of the end entity identified in the public key associated with the certificate; therefore, answer C is incorrect. The Subject Public Key Information field includes the public key of the entity named in the certificate, including a cryptographic algorithm identifier; therefore, answer D is incorrect.
98
Which of the following rights assignments overrides all others in a DAC or RBAC environment? ❍ A. Implicit DENY ❍ B. Implicit ALLOW ❍ C. Explicit ALLOW ❍ D. Explicit DENY
Answer D is correct. An explicit DENY overrides all other access grants in a discretionary access control environment. Explicit rights assignments function in combination with inherited implicit rights in all other cases, making answers A, B, and C incorrect
99
99. Which type of biometric authentication involves identification of the unique patterns of blood vessels at the back of the eye? ❍ A. Facial recognition ❍ B. Iris ❍ C. Retina ❍ D. Signature
Answer C is correct. Retinal biometric systems identify unique patterns of blood vessels in the back of the eye. Facial recognition systems identify fixed spacing of key features of the face such as bones, eyes, and chin shape, making answer A incorrect. Answer B is incorrect because iris scanning involves identification of unique patterns in the outer colored part of the eye. Answer D is incorrect because signature analysis is a form of biometric authentication recording the speed, shape, and unique kinematics of a personal written signature.
100
100. Which version of X.509 supports an optional Extension field? ❍ A. Version 1 ❍ B. Version 2 ❍ C. Version 3 ❍ D. Answers B and C
Answer C is correct. Version 3 of X.509, which was introduced in 1996, supports an optional Extension field used to provide for more informational fields. Version 1 is the most generic and did not yet incorporate this feature;therefore, answer A is incorrect. Version 2 did introduce the idea of unique identifiers, but not the optional Extension field; therefore, answers B and D are incorrect.

Security Plus (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions