Measuring and Weighing Risk
You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced
Guidelines
Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards.
Measuring and Weighing Risk
Consider the following scenario: The asset value of your company's primary servers is $2 million and they are housed in a single office building in Anderson, Indiana. You have field offices scattered throughout the United State
$1 million
SLE (single loss expectancy) is equal to asset value (AV) times exposure factor (EF). In this case, asset value is $2 million and exposure factor is 1/2.
Measuring and Weighing Risk
Refer to the scenario in question 2. Which of the following is the ALE for this scenario?
$16,666.67
ALE (annual loss expectancy) is equal to SLE times the annualized rate of occurrence. In this case, SLE is $1 million and the ARO is 1/60.
Measuring and Weighing Risk
Refer to the scenario in question 2. Which of the following is the ARO for this scenario?
0.0167
ARO (annualized rate of occurrence) is the frequency (in number of years) the event can be expected to happen. In this case, ARO is 1/60 or 0.0167.
Measuring and Weighing Risk
Which of the following strategies involves identifying a risk and making the decision to no longer engage in the action?
Risk avoidance
Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk.
Measuring and Weighing Risk
Which of the following policy statements may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact?
Exception
The exception policy statement may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact.
Measuring and Weighing Risk
Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization?
a. Separation of duties
b. Acceptable use
c. Least privilege
d. Physical access control
Separation of duties
The separation of duties policies are designed to reduce the risk of fraud and prevent other losses in an organization.
Measuring and Weighing Risk
What is the term used for events that mistakenly were flagged and aren't truly events to be concerned with?
False positives
False positives are events that mistakenly were flagged and aren't truly events to be concerned with.
Measuring and Weighing Risk
Which of the following is the structured approach that is followed to secure the company's assets?
Change management
Change management is the structured approach that is followed to secure the company's assets.
Measuring and Weighing Risk
Which of the following strategies involves sharing some of the burden of the risk with someone else such as an insurance company?
Risk transference
Risk transference involves sharing some of the burden of the risk with someone else such as an insurance company.
Measuring and Weighing Risk
The risk-assessment component, in conjunction with the ________, provides the organization with an accurate picture of the situation facing it.
BIA
The risk-assessment component, in conjunction with the BIA (Business Impact Analysis), provides the organization with an accurate picture of the situation facing it.
Measuring and Weighing Risk
Which of the following policy statements should address who is responsible for ensuring that it is enforced?
Accountability
The accountability policy statement should address who is responsible for ensuring that it is enforced.
Measuring and Weighing Risk
Which of the following strategies is accomplished anytime you take steps to reduce the risk?
Risk mitigation
Risk mitigation is accomplished anytime you take steps to reduce the risk.
Measuring and Weighing Risk
If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is:
$40,000
If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is $40,000 ($4,000 � 10).
Measuring and Weighing Risk
Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware?
Acceptable use
The acceptable use policies describe how the employees in an organization can use company systems and resources, both software and hardware.
Measuring and Weighing Risk
Separation of duties helps prevent an individual from embezzling money from a company. To successfully embezzle funds, an individual would need to recruit others to commit an act of ________ (an agreement between two or more pa
Collusion
Collusion is an agreement between two or more parties established for the purpose of committing deception or fraud. Collusion, when part of a crime, is also a criminal act in and of itself.
Measuring and Weighing Risk
Which of the following strategies involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you?
Risk deterrence
Risk deterrence involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you.
Measuring and Weighing Risk
If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE?
$6,250
If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then the ALE is $6,250 ($25,000 � .25).
Measuring and Weighing Risk
Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more?
Least privilege
The principle of least privilege should be used when assigning permissions. Give users only the permissions they need to do their work and no more.
Measuring and Weighing Risk
Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to accept?
Risk acceptance
Risk acceptance necessitates an identified risk that those involved understand the potential cost/damage and agree to accept.
Infrastructure and Connectivity
Which of the following devices is the most capable of providing infrastructure security?
Router
Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened.
Infrastructure and Connectivity
Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a
Prevents unauthorized packets from entering the network
Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic.
Infrastructure and Connectivity
Which device stores information about destinations in a network?
Router
Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router.
Infrastructure and Connectivity
As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the f
Switch
Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used.
Infrastructure and Connectivity
Which device is used to connect voice, data, pagers, networks, and almost any other conceivable application into a single telecommunications system?
PBX
Many modern PBX (private branch exchange) systems integrate voice and data onto a single data connection to your phone service provider. In some cases, this allows an overall reduction in cost of operations. These connections are made using existing n
Infrastructure and Connectivity
Most of the sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales fo
PPP
PPP can pass multiple protocols and is widely used today as a transport protocol for dial-up connections.
Infrastructure and Connectivity
Which protocol is unsuitable for WAN VPN connections?
PPP
PPP provides no security, and all activities are unsecure. PPP is primarily intended for dial-up connections and should never be used for VPN connections.
Infrastructure and Connectivity
You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this doc
IPSec
IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.
Infrastructure and Connectivity
A socket is a combination of which components?
IP and port number
A socket is a combination of IP address and port number. The socket identifies which application will respond to the network request.
Infrastructure and Connectivity
You're explaining protocols to a junior administrator shortly before you leave for vacation. The topic of Internet mail applications comes up, and you explain how communications are done now as well as how you expect them t
IMAP
IMAP is becoming the most popular standard for email clients and is replacing POP protocols for mail systems. IMAP allows mail to be forwarded and stored in information areas called stores.
Infrastructure and Connectivity
Which protocol is primarily used for network maintenance and destination information?
ICMP
ICMP is used for destination and error reporting functions in TCP/IP. ICMP is routable and is used by programs such as Ping and Traceroute.
Infrastructure and Connectivity
You're the administrator for Mercury Technical. A check of protocols in use on your server brings up one that you weren't aware was in use; you suspect that someone in HR is using it to send messages to multiple recipients.
IGMP
IGMP is used for group messaging and multicasting. IGMP maintains a list of systems that belong to a message group. When a message is sent to a particular group, each system receives an individual copy.
Infrastructure and Connectivity
IPv6, in addition to having more bits allocated for each host address, also has mandatory requirements built in for which security protocol?
IPSec
The implementation of IPSec is mandatory with IPv6. While it is widely implemented with IPv4, it is not a requirement.
Infrastructure and Connectivity
Which ports are, by default, reserved for use by FTP? (Choose all that apply.)
20 and 21 TCP
FTP uses TCP ports 20 and 21. FTP does not use UDP ports.
Infrastructure and Connectivity
Which of the following services use only TCP ports and not UDP? (Choose all that apply.)
SFTP
SFTP uses only TCP ports. IMAP, LDAP, and FTPS all use both TCP and UDP ports.
Infrastructure and Connectivity
Which of the following can be implemented as a software or hardware solution and is usually associated with a device�a router, a firewall, NAT, and so on�and used to shift a load from one device to another?
Load balancer
A load balancer can be implemented as a software or hardware solution, and is usually associated with a device�a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another.
Infrastructure and Connectivity
Which of the following are multiport devices that improve network efficiency?
Switches
Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network.
Infrastructure and Connectivity
Which service(s), by default, use TCP and UDP port 22? (Choose all that apply.)
SSH
SCP
Port 22 is used by both SSH and SCP with TCP and UDP.
Infrastructure and Connectivity
What protocol, running on top of TCP/IP, is often used for name registration and resolution with Windows-based clients?
NetBIOS
NetBIOS is used for name resolution and registration in Windows-based environments. It runs on top of TCP/IP.
Infrastructure and Connectivity
How many bits are used for addressing with IPv4 and IPv6, respectively?
32, 128
IPv4 uses 32 bits for the host address, while IPv6 uses 128 bits for this.
Protecting Networks
In order for network monitoring to work properly, you need a PC and a network card running in what mode?
Promiscuous
In order for network monitoring to work properly, you need a PC and a network card running in promiscuous mode.
Protecting Networks
Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on?
Whatis
In Linux, the whatis utility can show if there is more than one set of documentation on the system for a command you are trying to find information on.
Protecting Networks
In intrusion detection system parlance, which account is responsible for setting the security policy for an organization?
b.
Administrator
The administrator is the person/account responsible for setting the security policy for an organization.
Protecting Networks
Which of the following IDS types looks for things outside of the ordinary?
c.
Anomaly-based
An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it looks for things outside of the ordinary.
Protecting Networks
Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port?
a.
Port spanning
Port spanning (also known as port mirroring) copies the traffic from all ports to a single port and disallows bidirectional traffic on that port.
Protecting Networks
Which of the following implies ignoring an attack and is a common response?
d.
Shunning
Shunning, or ignoring an attack, is a common response.
Protecting Networks
Which IDS system uses algorithms to analyze the traffic passing through the network?
d.
Heuristic
A heuristic system uses algorithms to analyze the traffic passing through the network.
Protecting Networks
Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?
b.
faillog
Use the faillog utility in Linux to view a list of users' failed authentication attempts.
Protecting Networks
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
b.
Entrapment
Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead.
Protecting Networks
The IDS console is known as what?
a.
Manager
The IDS console is known as the manager.
Protecting Networks
Sockets are a combination of the IP address and which of the following?
a.
Port
Sockets are a combination of the IP address and the port.
Protecting Networks
Which type of active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken?
c.
Deception
A deception active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.
Protecting Networks
Which device monitors network traffic in a passive manner?
a.
Sniffer
Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting.
Protecting Networks
Security has become the utmost priority at your organization. You're no longer content to act reactively to incidents when they occur�you want to start acting more proactively. Which system performs active network monitoring and analys
a.
IDS
An IDS is used to protect and report network abnormalities to a network administrator or system. It works with audit files and rule-based processing to determine how to act in the event of an unusual situation on the network.
Protecting Networks
Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)
a.
Network sniffer
b.
NIDS
Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated.
Protecting Networks
You're the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems shoul
c.
HIDS
A host-based IDS (HIDS) is installed on each host that needs IDS capabilities.
Protecting Networks
Which of the following is an active response in an IDS?
c.
Reconfiguring a router to block an IP address
Dynamically changing the system's configuration to protect the network or a system is an active response.
Protecting Networks
A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of ID
a.
MD-IDS
By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.
Protecting Networks
Which IDS function evaluates data collected from sensors?
d.
Analyzer
The analyzer function uses data sources from sensors to analyze and determine whether an attack is under way.
Protecting Networks
What is a system that is intended or designed to be broken into by an attacker called?
a.
Honeypot
A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecuti
Threats and Vulnerabilities
You are the senior administrator for a bank. A user calls you on the telephone and says they were notified to contact you but couldn't find your information on the company website. Two days ago, an email told them there was som
b.
Phishing
Sending an email with a misleading link to collect information is a phishing attack.
Threats and Vulnerabilities
As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?
b.
DDoS
A DDoS attack uses multiple computer systems to attack a server or host in the network.
Threats and Vulnerabilities
An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?
c.
Backdoor
In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.
Threats and Vulnerabilities
An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer betwee
a.
Man-in-the-middle attack
A man-in-the-middle attack attempts to fool both ends of a communications session into believing the system in the middle is the other end.
Threats and Vulnerabilities
You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?
c.
Replay attack
A replay attack attempts to replay the results of a previously successful session to gain access.
Threats and Vulnerabilities
A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use an IP address to replace another system in the network to gain access. Which type of
d.
TCP/IP hijacking
TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network.
Threats and Vulnerabilities
A server on your network will no longer accept connections using TCP. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring?
a.
TCP ACK attack
A TCP ACK attack creates multiple incomplete sessions. Eventually, the TCP protocol hits a limit and refuses additional connections.
Threats and Vulnerabilities
A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack?
d.
ICMP
A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network.
Threats and Vulnerabilities
A user calls you in a panic. He is receiving emails from people indicating that he is inadvertently sending viruses to them. Over 200 such emails have arrived today. Which type of attack has most likely occurred?
c.
Worm
A worm is a type of malicious code that attempts to replicate using whatever means are available. The worm may not have come from the user's system; rather, a system with the user's name in the address book has attacked these people.
Threats and Vulnerabilities
Which type of attack denies authorized users access to network resources?
a.
DoS
A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.
Threats and Vulnerabilities
Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you dialed in to the Internet. Which kind of attack has probably occurred?
a.
Logic bomb
A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.
Threats and Vulnerabilities
You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that atte
a.
Armored virus
An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.
Threats and Vulnerabilities
What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?
b.
Stealth virus
A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.
Threats and Vulnerabilities
A mobile user calls you from the road and informs you that his laptop is exhibiting erratic behavior. He reports that there were no problems until he downloaded a tic-tac-toe program from a site that he had never visited before
a.
Trojan horse virus
A Trojan horse enters with a legitimate program to accomplish its nefarious deeds.
Threats and Vulnerabilities
Your system has been acting strangely since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system
b.
Retrovirus
Retroviruses are often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other, less-formidable viruses.
Threats and Vulnerabilities
Internal users are reporting repeated attempts to infect their systems as reported to them by pop-up messages from their virus-scanning software. According to the pop-up messages, the virus seems to be the same in every case. W
a.
A server is acting as a carrier for a virus.
Some viruses won't damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus.
Threats and Vulnerabilities
Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing?
a.
Password-guessing attack
A password-guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords.
Threats and Vulnerabilities
A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns on his computer. A static IP address has been assigned to this user's computer, and you're certain this address was
d.
TCP/IP hijacking
One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP address when the system is started.
Threats and Vulnerabilities
You're working late one night, and you notice that the hard disk on your new computer is very active even though you aren't doing anything on the computer and it isn't connected to the Internet. What is the most likely suspect?
b.
A virus is spreading in your system.
A symptom of many viruses is unusual activity on the system disk. This is caused by the virus spreading to other files on your system.
Threats and Vulnerabilities
You're the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to
a.
Software exploitation attack
A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access. Most email servers use port 25 for email connections u
Access Control and Identity Management
Most of your client's sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each membe
b.
PPP
PPP can pass multiple protocols and is widely used today as a transport protocol for remote connections.
Access Control and Identity Management
Which protocol is unsuitable for WAN VPN connections?
a.
PPP
PPP provides no security, and all activities are unsecure. PPP is primarily intended for remote connections and should never be used for VPN connections.
Access Control and Identity Management
You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use t
a.
IPSec
IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.
Access Control and Identity Management
The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be reduced s
a.
DAC
DAC allows some flexibility in information-sharing capabilities within the network.
Access Control and Identity Management
A newly hired junior administrator will assume your position temporarily while you attend a conference. You're trying to explain the basics of security to her in as short a period of time as possible. Which of the fo
a.
ACLs provide individual access control to resources.
Access control lists allow individual and highly controllable access to resources in a network. An ACL can also be used to exclude a particular system, IP address, or user.
Access Control and Identity Management
LDAP is an example of which of the following?
a.
Directory access protocol
Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book.
Access Control and Identity Management
Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recomm
a.
MAC
Mandatory Access Control (MAC) is oriented toward preestablished access. This access is typically established by network administrators and can't be changed by users.
Access Control and Identity Management
Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation?
c.
RBAC
Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles with specific privileges. A backup operator would need administrative privileges to back up a server. This privilege would be limited to the role and wouldn't
Access Control and Identity Management
You've been assigned to mentor a junior administrator and bring him up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, progra
b.
Kerberos
Kerberos uses a key distribution center (KDC) to authenticate a principal. The KDC provides a credential that can be used by all Kerberos-enabled servers and applications.
Access Control and Identity Management
After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the follow
a.
Multifactor
A multifactor authentication method uses two or more processes for logon. A two-factor method might use smart cards and biometrics for logon.
Access Control and Identity Management
You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into
a.
VLAN
Virtual local area networks (VLANs) break a large network into smaller networks. These networks can coexist on the same wiring and be unaware of each other. A router or other routing-type device would be needed to connect these VLANs.
Access Control and Identity Management
Which technology allows a connection to be made between two networks using a secure protocol?
a.
Tunneling
Tunneling allows a network to make a secure connection to another network through the Internet or other network. Tunnels are usually secure and present themselves as extensions of both networks.
Access Control and Identity Management
Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data you work with, it's imperative that authentication be established on each session and be valid only
a.
Tokens
Tokens are created when a user or system successfully authenticates. The token is destroyed when the session is over.
Access Control and Identity Management
Which of the following security areas encompasses network access control (NAC)?
b.
Operational security
Operational security issues include network access control (NAC), authentication, and security topologies after the network installation is complete.
Access Control and Identity Management
You have added a new child domain to your network. As a result of this, the child has adopted all the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for t
d.
Transitive access
Transitive access exists between the domains and creates this relationship.
Access Control and Identity Management
What is invoked when a person claims they are the user but cannot be authenticated�such as when they lose their password?
a.
Identity proofing
Identity proofing is invoked when a person claims they are the user but cannot be authenticated, such as when they lose their password.
Access Control and Identity Management
Which of the following is a client-server-oriented environment that operates in a manner similar to RADIUS?
b.
TACACS
Terminal Access Controller Access-Control System (TACACS) is a client-server-oriented environment, and it operates in a manner similar to how RADIUS operates.
Access Control and Identity Management
What is implied at the end of each access control list?
c.
Implicit deny
An implicit deny clause is implied at the end of each ACL, and it means that if the proviso in question has not been explicitly granted, then it is denied.
Access Control and Identity Management
Which of the following is a type of smart card issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?
d.
CAC
One type of smart card is the Common Access Card (CAC). These cards are issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees.
Educating and Protecting the User
As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain,
a.
Social engineering
Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment.
Educating and Protecting the User
Which classification of information designates that information can be released on a restricted basis to outside organizations?
d.
Limited distribution
Limited distribution information can be released to select individuals and organizations, such as financial institutions, governmental agencies, and creditors.
Educating and Protecting the User
You've recently been hired by ACME to do a security audit. The managers of this company feel that their current security measures are inadequate. Which information access control model prevents users from writing informat
a.
Bell-LaPadula model
The Bell-LaPadula model is intended to protect confidentiality of information. This is accomplished by prohibiting users from reading above their security level and preventing them from writing below their security level.
Educating and Protecting the User
The Cyberspace Security Enhancement Act gives law enforcement the right to:
b.
Gain access to encryption keys
The Cyberspace Security Enhancement Act gives law enforcement the right to gain access to encryption keys.
Educating and Protecting the User
For which U.S. organization was the Bell-LaPadula model designed?
a.
Military
The Bell-LaPadula model was originally designed for use by the military.
Educating and Protecting the User
Which of the following is another name for social engineering?
c.
Wetware
Wetware is another name for social engineering.
Educating and Protecting the User
The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all except:
b.
Spam
The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all the choices listed except spam.
Educating and Protecting the User
There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service and is known as:
b.
at.allow
at.allow configurations allow only users specifically named to use the service.
Educating and Protecting the User
______ information is made available to either large public or specific individuals, while ______ information is intended for only those internal to the organization.
b.
Public; Private
Public information is made available to either large public or specific individuals, while Private information is intended for only those internal to the organization.
Educating and Protecting the User
Which of the following actions would not be allowed in the Bell-LaPadula model?
d.
General with Top Secret clearance writing at the Confidential level
The first three actions would be allowed since you can write to your level and read at your level (or below). The situation that would not be allowed is the General with Top Secret cle
Educating and Protecting the User
Which of the following is the best description of tailgating?
a.
Following someone through a door they just unlocked
Tailgating is best defined as following someone through a door they just unlocked.
Educating and Protecting the User
An NDA (nondisclosure agreement) is typically signed by?
c.
Beta testers
An NDA (nondisclosure agreement) is typically signed by beta testers.
Educating and Protecting the User
What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request?
d.
Phishing
Phishing is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request.
Educating and Protecting the User
Users should be educated in the correct way to close pop-up ads in the workplace. That method is to:
b.
Click the "X" in the top right
Pop-up ads should be closed by clicking the "X" in the top right.
Educating and Protecting the User
Which act mandates national standards and procedures for the storage, use, and transmission of personal medical information?
b.
HIPAA
HIPAA mandates national standards and procedures for the storage, use, and transmission of personal medical information.
Educating and Protecting the User
When you combine phishing with Voice over IP, it is known as:
d.
Vishing
Vishing involves combining phishing with Voice over IP.
Educating and Protecting the User
Which of the following is the highest classification level in the government?
a.
Top Secret
Top Secret is the highest classification level in the government.
Educating and Protecting the User
at.allow is an access control that allows only specific users to use the service. What is at.deny?
a.
It does not allow users named in the file to access the system.
The at.deny file does not allow users named in the file to access the system.
Educating and Protecting the User
Which of the following is the best description of shoulder surfing?
c.
Watching someone enter important information
Shoulder surfing is best defined as watching someone enter important information.
Educating and Protecting the User
Which concept does the Bell-LaPadula model deal most accurately with?
c.
Confidentiality
The Bell-LaPadula model deals most accurately with confidentiality.
Operating System and Application Security
Which of the following terms refers to the process of establishing a standard for security?
a.
Baselining
Baselining is the process of establishing a standard for security.
Operating System and Application Security
You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted upon. Which of th
b.
Hardening
Hardening is the process of improving the security of an operating system or application. One of the primary methods of hardening an OS is to eliminate unneeded protocols.
Operating System and Application Security
What tool is used in Windows to encrypt an entire volume?
a.
BitLocker
BitLocker provides drive encryption and is available with Windows 7 and Windows Vista.
Operating System and Application Security
Which filesystem was primarily intended for desktop system use and offers limited security?
c.
FAT
FAT technology offers limited security options.
Operating System and Application Security
The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked
a.
Service pack
A service pack is one or more repairs to system problems bundled into a single process or function.
Operating System and Application Security
Which of the following statements is not true?
b.
You should share the root directory of a disk.
Never share the root directory of a disk if at all possible. Doing so opens the entire disk to potential exploitation.
Operating System and Application Security
Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applyi
c.
Hotfix
A hotfix is done while a system is operating. This reduces the necessity of taking a system out of service to fix a problem.
Operating System and Application Security
What is the process of applying manual changes to a program called?
c.
Patching
A patch is a temporary workaround of a bug or problem in code that is applied manually. Complete programs usually replace patches at a later date.
Operating System and Application Security
Users are complaining about name resolution problems suddenly occurring that were never an issue before. You suspect that an intruder has compromised the integrity of the DNS server on your network. What is one of
a.
Network footprinting
DNS records in a DNS server provide insights into the nature and structure of a network. DNS records should be kept to a minimum in public DNS servers. Network footprinting involves the attacker collecting data about the network to
Operating System and Application Security
LDAP is an example of which of the following?
a.
Directory access protocol
Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book.
Operating System and Application Security
Your company is growing at a tremendous rate, and the need to hire specialists in various areas of IT is becoming apparent. You're helping to write the newspaper ads that will be used to recruit new employees, and
b.
Relational
Relational database systems are the most frequently installed database environments in use today.
Operating System and Application Security
The flexibility of relational databases in use today is a result of which of the following?
a.
SQL
SQL is a powerful database access language used by most relational database systems.
Operating System and Application Security
You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform the best that it possibly can in order to be an asset to the sale.
c.
Three-tiered
A three-tiered model puts a server between the client and the database.
Operating System and Application Security
Which of the following is the technique of providing unexpected values as input to an application to try to make it crash?
b.
Fuzzing
Fuzzing is the technique of providing unexpected values as input to an application to try to make it crash. Those values can be random, invalid, or just unexpected.
Operating System and Application Security
Which systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed?
a.
DLP
DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.
Operating System and Application Security
What is it known as when an attacker manipulates the database code to take advantage of a weakness in it?
d.
SQL injection
SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.
Operating System and Application Security
If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as:
b.
Directory traversal
If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as directory traversal.
Operating System and Application Security
What is the term used when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party?
c.
Session hijacking
Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.
Operating System and Application Security
Which of the following involves unauthorized commands coming from a trusted user to the website?
d.
XSRF
XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge and employs some type of social networking to pull it off.
Operating System and Application Security
Which of the following is the name assigned to a chip that can store cryptographic keys, passwords, or certificates?
c.
TPM
TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect cell phones and devices other than PCs as well.
Cryptography Basics
What is the process of deriving an encrypted value from a mathematical process called?
a.
Hashing
Hashing algorithms are used to derive an encrypted value from a message or word.
Cryptography Basics
During a training session, you want to impress upon users how serious security and, in particular, cryptography is. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency s
b.
NIST
NIST is responsible for establishing the standards for general-purpose government encryption. NIST is also becoming involved in private-sector cryptography.
Cryptography Basics
Assuming asymmetric encryption, if data is encoded with a value of 5, what would be used to decode it?
c.
1/5
With asymmetric encryption, two keys are used�one to encode and the other to decode. The two keys are mathematical reciprocals of each other.
Cryptography Basics
You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new stand
c.
RFC
The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through
Cryptography Basics
Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments her company is working on. Telephone logs, however, show that such a call was placed from her phone, and time clock records
d.
Non-repudiation
Non-repudiation offers undisputable proof that a party was involved in an action.
Cryptography Basics
Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL ca
a.
TLS
TLS is a security protocol that uses SSL, and it allows the use of other security protocols.
Cryptography Basics
MAC is an acronym for what as it relates to cryptography?
c.
Message authentication code
A MAC as it relates to cryptography is a method of verifying the integrity of an encrypted message. The MAC is derived from the message and the key.
Cryptography Basics
You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately you notice that it's using a centralized key-generating process, and you make a note to dissuade them from that without delay. What pro
b.
Key transmission
Key transmission is the largest problem from among the choices given. Transmitting private keys is a major concern. Private keys are typically transported using out-of-band methods to ensure security.
Cryptography Basics
Which of the following terms refers to the prevention of unauthorized disclosure of keys?
c.
Access control
Access control refers to the process of ensuring that sensitive keys aren't divulged to unauthorized personnel.
Cryptography Basics
As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consid
a.
Environmental controls
Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls.
Cryptography Basics
What is the primary organization for maintaining certificates called?
c.
LRA
A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.
Cryptography Basics
Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate?
c.
CRL
A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.
Cryptography Basics
Which organization can be used to identify an individual for certificate issue in a PKI environment?
b.
LRA
A local registration authority (LRA) can establish an applicant's identity and verify that the applicant for a certificate is valid. The LRA sends verification to the CA that issues the certificate.
Cryptography Basics
Kristin, from Payroll, has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true?
c.
Suspended keys can be reactivated.
Suspending keys is a good practice: It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be reactivated when that person retur
Cryptography Basics
What document describes how a CA issues certificates and what they are used for?
a.
Certificate policies
The certificate policies document defines what certificates can be used for.
Cryptography Basics
After returning from a conference in Jamaica, your manager informs you that he has learned that law enforcement has the right, under subpoena, to conduct investigations using keys. He wants you to implement measures to make such an eve
a.
Key escrow
Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys.
Cryptography Basics
The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified?
d.
OCSP
Online Certificate Status Protocol (OCSP) can be used to immediately verify a certificate's authenticity.
Cryptography Basics
Which set of specifications is designed to allow XML-based programs access to PKI services?
a.
XKMS
XML Key Management Specification (XKMS) is designed to allow XML-based programs access to PKI services.
Cryptography Basics
Which of the following is similar to Blowfish but works on 128-bit blocks?
a.
Twofish
Twofish was created by the same creator of Blowfish. It performs a similar function on 128-bit blocks instead of 64-bit blocks.
Cryptography Basics
A brainstorming session has been called. The moderator tells you to pull out a sheet of paper and write down your security concerns based on the technologies that your company uses. If your company uses public keys, what should you wri
d.
Integrity
Public keys are created to be distributed to a wide audience. The biggest security concern regarding their use is ensuring that the public keys maintain their integrity. This can be accomplished by using a thumbprint or a second encryption sc
Cryptography Implementation
PKI (Public Key Infrastructure) is a key-asymmetric system utilizing how many keys?
b.
Two
PKI (Public Key Infrastructure) is a key-asymmetric system utilizing two keys.
Cryptography Implementation
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing:
Certificates
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.
Cryptography Implementation
A registration authority (RA) can do all the following except:
Give recommendations
A registration authority (RA) can distribute keys, accept registrations for the CA, and validate identities. It cannot give recommendations.
Cryptography Implementation
The primary difference between an RA and _____ is that the latter can be used to identify or establish the identity of an individual.
LRA
The primary difference between an RA and LRA is that the LRA can be used to identify or establish the identity of an individual.
Cryptography Implementation
The most popular certificate used is version 3 of:
X.509
The most popular certificate used is version 3 of X.509.
Cryptography Implementation
The process of requiring interoperability is called:
Cross certification
The process of requiring interoperability is called cross certification.
Cryptography Implementation
A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and ______ of the CA.
Implement policies
A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and implement policies of the CA.
Cryptography Implementation
Certificate revocation is the process of revoking a certificate before it:
Expires
Certificate revocation is the process of revoking a certificate before it expires.
Cryptography Implementation
Which of the following is not one of the four main types of trust models used with PKI?
Custom
The four main types of trust models used with PKI are hierarchical, bridge, mesh, and hybrid. Custom is not one of the main PKI trust models.
Cryptography Implementation
Which of the following refers to the ability to manage individual resources in the CA network?
Granularity
Granularity refers to the ability to manage individual resources in the CA network.
Cryptography Implementation
A hierarchical trust model is also known as a:
Tree
A hierarchical trust model is also known as a tree.
Cryptography Implementation
In a bridge trust model, a ______ to ______ relationship exists between the root CAs.
Peer, peer
In a bridge trust model, a peer-to-peer relationship exists between the root CAs.
Cryptography Implementation
The mesh trust model is also known as what?
Web structure
The mesh trust model is also known as a web structure.
Cryptography Implementation
Key management includes all of the following stages/areas except:
Key locking
Key management includes centralized versus decentralized key generation, key storage and distribution, key escrow, and key expiration. Key locking is not a part of key management.
Cryptography Implementation
Key destruction is the process of destroying keys that have become:
Invalid
Key destruction is the process of destroying keys that have become invalid.
Cryptography Implementation
Public Key Infrastructure (PKI) is a first attempt to provide all the aspects of security to messages and transactions that have been previously discussed. It contains four components including:
Certificate Authority (CA), Registration Authority (RA), RSA, and digital certificates
Public Key Infrastructure (PKI) contains four components: certificate authority (CA), registration authority (RA), RSA, and digital certificates.
Cryptography Implementation
Which of the following is responsible for issuing certificates?
a. Registration authority (RA)
b. Certificate authority (CA)
c. Document authority (DA)
d. Local registration authority (LRA)
b.
Certificate authority (CA)
The certificate authority (CA) is responsible for issuing certificates.
Cryptography Implementation
In a bridge trust model, each intermediate CA trusts only those CAs that are:
a. Above and below it
b. Above it
c. Below it
d. On the same level
a.
Above and below it
In a bridge trust model, each intermediate CA trusts those CAs that are above and below it.
Cryptography Implementation
Which of the following is an attack against the algorithm?
a. Birthday attack
b. Weak key attack
c. Mathematical attack
d. Registration attack
c.
Mathematical attack
A mathematical attack is an attack against the algorithm.
Cryptography Implementation
One disadvantage of decentralized key generation is:
a. It depends on key escrow.
b. It is more vulnerable to single point attacks.
c. There are more risks of attacks.
d. It creates a storage and management issue.
d.
It creates a storage and management issue.
A disadvantage of decentralized key generation is the storage and management issue it creates.
Physical and Hardware-Based Security
Which component of physical security addresses outer-level access control?
a. Perimeter security
b. Mantraps
c. Security zones
d. Locked doors
a.
Perimeter security
The first layer of access control is perimeter security. Perimeter security is intended to delay or deter entrance into a facility.
Physical and Hardware-Based Security
You've been drafted for the safety committee. One of your first tasks is to inventory all the fire extinguishers and make certain the correct types are in the correct locations throughout the building. Which of the fol
c.
Type C
Type C fire extinguishers are intended for use in electrical fires.
Physical and Hardware-Based Security
Which of the following won't reduce EMI?
a. Physical shielding
b. Humidity control
c. Physical location
d. Overhauling worn motors
b.
Humidity control
Electrical devices, such as motors, that generate magnetic fields cause EMI. Humidity control won't address EMI.
Physical and Hardware-Based Security
You're the administrator for MTS. You're creating a team that will report to you, and you're attempting to divide the responsibilities for security among individual members. Similarly, which of the following access met
a.
Zone
A security zone is a smaller part of a larger area. Security zones can be monitored individually if needed. Answers B, C, and D are examples of security zones.
Physical and Hardware-Based Security
You're the administrator for MTS. You're creating a team that will report to you, and you're attempting to divide the responsibilities for security among individual members. Similarly, which of the following access met
b.
Partition
Partitioning is the process of breaking a network into smaller components that can each be individually protected. This is analogous to building walls in an office building.
Physical and Hardware-Based Security
Which of the following is equivalent to building walls in an office building from a network perspective?
a. Perimeter security
b. Partitioning
c. Security zones
d. IDS systems
b.
Partitioning
Access control is the primary process of preventing access to physical systems.
Physical and Hardware-Based Security
After a number of minor incidents at your company, physical security has suddenly increased in priority. No unauthorized personnel should be allowed access to the servers or workstations. The process of preventing acce
b.
Access control
Access control is the primary process of preventing access to physical systems.
Physical and Hardware-Based Security
Which of the following is an example of perimeter security?
a. Chain link fence
b. Video camera
c. Elevator
d. Locked computer room
a.
Chain link fence
Perimeter security involves creating a perimeter or outer boundary for a physical space. Video surveillance systems wouldn't be considered a part of perimeter security, but they can be used to enhance physical security monitoring.
Physical and Hardware-Based Security
You're the leader of the security committee at ACME. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following best describes a motion detector mounted in the
c.
Security zone
A security zone is an area that is a smaller component of the entire facility. Security zones allow intrusions to be detected in specific parts of the building.
Physical and Hardware-Based Security
Which technology uses a physical characteristic to establish identity?
a. Biometrics
b. Surveillance
c. Smart card
d. CHAP authenticator
a.
Biometrics
Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.
Physical and Hardware-Based Security
The process of reducing or eliminating susceptibility to outside interference is called what?
a. Shielding
b. EMI
c. TEMPEST
d. Desensitization
a.
Shielding
Shielding keeps external electronic signals from disrupting operations.
Physical and Hardware-Based Security
You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you wan
d.
TEMPEST
TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.
Physical and Hardware-Based Security
Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all the necessary safety elements exist in the room when it's finished. Which fire-suppression system
a.
Gas based
Gas-based systems work by displacing the air around a fire. This eliminates one of the three necessary components of a fire: oxygen.
Physical and Hardware-Based Security
Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher?
a. Type A
b. Type B
c. Type C
d. Type D
b.
Type B
Type K fire extinguishers are a subset of Type B fire extinguishers.
Physical and Hardware-Based Security
Proximity readers work with which of the following? (Choose all that apply.)
a. 15.75 fob card
b. 14.32 surveillance card
c. 13.56 MHZ smart card
d. 125 kHz proximity card
c.
13.56 MHZ smart card
d.
125 kHz proximity card
Proximity readers work with 13.56 MHz smart card and 125 kHz proximity cards.
Physical and Hardware-Based Security
In a hot and cold aisle system, what is the typical method of handling cold air?
a. It is pumped in from below raised floor tiles.
b. It is pumped in from above through the ceiling tiles.
c. Only hot air is extracted a
a.
It is pumped in from below raised floor tiles.
With hot and cold aisles, cold air is pumped in from below raised floor tiles.
Physical and Hardware-Based Security
If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called:
a. Clipping
b. Desensitizing
c. Distorting
d. Crackling
b.
Desensitizing
If RF levels become too high, it can cause the receivers in wireless units to become deaf and is known as desensitizing. This occurs because of the volume of RF energy present.
Physical and Hardware-Based Security
RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following?
a. Network medium
b. Electrical wiring
c. Radio spectrum
d. Portable me
c.
Radio spectrum
RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across a radio spectrum. Motors with defective brushes can generate RFI, as can a number of other devices.
Physical and Hardware-Based Security
For physical security, what should you do with rack-mounted servers?
a. Run a cable from them to a desk.
b. Lock each of them into the cabinet.
c. Install them in safes.
d. Use only Type D, which incorporates its own s
b.
Lock each of them into the cabinet.
Server racks should lock the rack-mounted servers into the cabinets to prevent someone from simply pulling one and walking out the front door with it.
Physical and Hardware-Based Security
Which of the following is a method of cooling server racks in which hot air and cold are both handled in the server room?
a. Hot/cold vessels
b. Hot and cold passages
c. Hot/cold walkways
d. Hot and cold aisles
d.
Hot and cold aisles
Hot and cold aisles is a method of cooling server racks in which hot air and cold are both handled in the server room.
Physical and Hardware-Based Security
Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access?
Mantrap*
High-security installations use a type of intermediate access control mechanism called a mantrap. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed in num
Security and Vulnerability in the Network
In which type of testing do you begin with the premise that the attacker has no knowledge of the network?
a. Black box
b. White box
c. Gray box
d. Green box
a.
Black box
With black box testing, you begin with the premise that the attacker has no knowledge of the network.
Security and Vulnerability in the Network
Which IEEE standard is often referred to as EAP over LAN?
a. 802.1E
b. 802.1Z
c. 802.1Y
d. 802.1X
d.
802.1X
The IEEE standard 802.1X is often referred to as EAP over LAN. It defines port-based security for wireless network access control.
Security and Vulnerability in the Network
Which log visible in Event Viewer shows successful and unsuccessful login attempts in Windows 7?
a. System
b. Security
c. Audit
d. Application
b.
Security
The Security log in Windows 7 (as well as in all versions of Windows) shows successful and unsuccessful login attempts and can be viewed with Event Viewer.
Security and Vulnerability in the Network
During what process do you look at all custom written applications for holes that may exist (in the form of the finished application, configuration files, libraries, and so on)?
a. Network bridging
b. Design revie
c.
Code review
During a code review, you look at all custom written applications for holes that may exist (in the form of the finished application, configuration files, libraries, and the like).
Security and Vulnerability in the Network
What are the two states that an application can fail in?
a. Dependable
b. Failsafe
c. Failopen
d. Assured
b.
Failsafe
c.
Failopen
There are two states that an application can fail in. In a failsafe mode, the crash leaves the system secure. In a failopen state, the crash leaves the system exposed (not secure).
Security and Vulnerability in the Network
You want to implement MAC filtering on a small network but do not know the MAC address of a Linux-based workstation. Which command-line tool can you run on the workstation to find the MAC address?
a. ifconfig
b. i
a.
ifconfig
The command ifconfig will show the MAC address on the Linux or Unix-based workstation.
Security and Vulnerability in the Network
Which of the following is a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks?
a. MAC filter
b. Flood guard
c. MAC limiter
d. Security po
b.
Flood guard
A flood guard is a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks. By reducing this tolerance, it is possible to reduce the likelihood of a successful DoS attack
Security and Vulnerability in the Network
The goal of _____ is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.
a. EAPOL
b. EAP
c. ASR
d. 802.1X
c.
ASR
The goal of attack surface reduction (ASR) is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.
Security and Vulnerability in the Network
Which Windows workstation feature is accused of�sometimes inadvertently�making network bridging possible and introducing security concerns?
a. Internet Connection Sharing
b. Windows Firewall
c. Network Address Tra
a.
Internet Connection Sharing
ICS�Internet Connection Sharing�is accused of (sometimes inadvertently) making network bridging possible and introducing security concerns.
Security and Vulnerability in the Network
Which of the following is a software application that checks your network for any known security holes?
a. Logic bomb
b. Log analyzer
c. Vulnerability scanner
d. Design reviewer
c.
Vulnerability scanner
A vulnerability scanner is a software application that checks your network for any known security holes.
Security and Vulnerability in the Network
In which type of testing do you begin with the premise that the attacker has inside knowledge of the network?
White box
With white box testing, you begin with the premise that the attacker has inside knowledge of the network.
Security and Vulnerability in the Network
Rule-based management defines conditions for access to objects and is also known as:
a. Distributed management
b. Management by objective
c. Role-based management
d. Label-based management
d.
Label-based management
Rule-based management, also known as label-based management, defines conditions for access to objects.
Security and Vulnerability in the Network
Nessus is a tool that performs which security function?
a. Vulnerability scanning
b. Penetration testing
c. Ethical hacking
d. Loop protection
a.
Vulnerability scanning
Nessus is one of the better-known vulnerability scanners.
Security and Vulnerability in the Network
The approach a business takes to security is known as its:
a. Rule-based management
b. Network bridging
c. Security posture
d. Assessment technique
c.
Security posture
The security posture is the approach a business takes to security.
Security and Vulnerability in the Network
Which of the following is the area of an application that is available to users�those who are authenticated and more importantly those who are not?
a. Exposed liability
b. Attack surface
c. Security weakness
d. Su
b.
Attack surface
The attack surface of an application is the area of an application that is available to users�those who are authenticated and more importantly those who are not.
Security and Vulnerability in the Network
You want to implement MAC filtering on a small network but do not know the MAC address of a Windows-based workstation. Which command-line tool can you run on the workstation to find the MAC address?
a. ifconfig
b.
d.
ipconfig /all
The command ipconfig /all will show the MAC address as the physical address.
Security and Vulnerability in the Network
Your manager has purchased a program intended to be used to find problems during code review. The program will read the code and look for any possible bugs or holes. What type of assessment is this known as?
a. Me
b.
Automated
Simply reading the code is known as manual assessment, while using tools to scan the code is known as automated assessment.
Security and Vulnerability in the Network
What checks to make sure that things are operating status quo and that change detection is used to alert when modifications are made?
a. Baseline reporting
b. Code review
c. Attack surfacing
d. Risk analysis
a.
Baseline reporting
Baseline reporting checks to make sure that things are operating status quo and that change detection is used to alert when modifications are made.
Security and Vulnerability in the Network
In which type of testing do you begin with the premise that an outsider attacker is being fed some knowledge from someone inside the network?
a. Black box
b. White box
c. Gray box
d. Green box
c.
Gray box
With gray box testing, you begin with the premise that an outsider attacker is being fed some knowledge from someone inside the network.
Security and Vulnerability in the Network
Which of the following involves trying to get access to your system from an attacker's perspective?
a. Loop recon
b. Flood gating
c. Vulnerability scanning
d. Penetration testing
d.
Penetration testing
Penetration testing involves trying to get access to your system from an attacker's perspective.
Wireless Networking Security
Which protocol is mainly used to enable access to the Internet from a mobile phone or PDA?
a. WEP
b. WTLS
c. WAP
d. WOP
c.
WAP
Wireless Application Protocol (WAP) is an open international standard for applications that use wireless communication.
Wireless Networking Security
Which protocol operates on 2.4GHz and has a bandwidth of 1 Mbps or 2 Mbps?
a. 802.11
b. 802.11a
c. 802.11b
d. 802.11g
a.
802.11
802.11 operates on 2.4GHZ. This standard allows for bandwidths of 1 Mbps or 2 Mbps.
Wireless Networking Security
You're outlining your plans for implementing a wireless network to upper management. Suddenly, a paranoid vice president brings up the question of security. Which protocol was designed to provide security to a wireless network
c.
WPA2
Wi-Fi Protected Access 2 (WPA2) was intended to provide security that's equivalent to the security on a wired network and implements elements of the 802.11i standard.
Wireless Networking Security
Which of the following is a primary vulnerability of a wireless environment?
a. Decryption software
b. IP spoofing
c. A gap in the WAP
d. Site survey
d.
Site survey
A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect.
Wireless Networking Security
Which of the following is synonymous with MAC filtering?
a. TKIP
b. Network lock
c. EAP-TTLS
d. MAC secure
b.
Network lock
The term network lock is synonymous with MAC filtering.
Wireless Networking Security
Which of the following 802.11 standards is often referenced as WPA2?
a. 802.11a
b. 802.11b
c. 802.11i
d. 802.11n
c.
802.11i
The WPA2 standard is also known as 802.11i.
Wireless Networking Security
Which of the following 802.11 standards provides for bandwidths of up to 300 Mbps?
a. 802.11n
b. 802.11i
c. 802.11g
d. 802.11b
a.
802.11n
The 802.11n standard provides for bandwidths of up to 300Mbps.
Wireless Networking Security
An IV attack is usually associated with which of the following wireless protocols?
a. WEP
b. WAP
c. WPA
d. WPA2
a.
WEP
An IV attack is usually associated with the WEP wireless protocol.
Wireless Networking Security
Which type of encryption does CCMP use?
a. EAP
b. DES
c. AES
d. IV
c.
AES
CCMP uses 128-bit AES encryption.
Wireless Networking Security
Which encryption technology is associated with WPA?
a. TKIP
b. CCMP
c. WEP
d. LDAP
a.
TKIP
The encryption technology associated with WPA is TKIP.
Wireless Networking Security
Which of the following is not one of the three transmission technologies used to communicate in the 802.11 standard?
a. DSSS
b. FHSS
c. VITA
d. OFDM
c.
VITA
The three technologies available for use with the 802.11 standard are DSSS (direct-sequence spread spectrum), FHSS (frequency-hopping spread spectrum), and OFDM (orthogonal frequency division multiplexing). VITA (Volunteer Income Tax Assistance) i
Wireless Networking Security
What is the size of the initialization vector (IV) that WEP uses for encryption?
a. 6-bit
b. 24-bit
c. 56-bit
d. 128-bit
b.
24-bit
The initialization vector (IV) that WEP uses for encryption is 24-bit.
Wireless Networking Security
Which of the following is a script language WAP-enabled devices can respond to?
a. WXML
b. Winsock
c. WIScript
d. WMLScript
d.
WMLScript
WAP-enabled devices can respond to scripts using an environment called WMLScript.
Wireless Networking Security
Which of the following authentication levels with WAP requires both ends of the connection to authenticate to confirm validity?
a. Relaxed
b. Two-way
c. Server
d. Anonymous
b.
Two-way
Two-way authentication requires both ends of the connection to authenticate to confirm validity.
Wireless Networking Security
Which of the following manages the session information and connection between wireless devices?
a. WSP
b. WPD
c. WPT
d. WMD
a.
WSP
WSP (Wireless Session Protocol) manages the session information and connection between wireless devices.
Wireless Networking Security
Which of the following provides services similar to TCP and UDP for WAP?
a. WTLS
b. WDP
c. WTP
d. WFMD
c.
WTP
The Wireless Transaction Protocol (WTP) provides services similar to TCP and UDP for WAP.
Wireless Networking Security
Which of the following authentication levels with WAP allows virtually anyone to connect to the wireless portal?
a. Relaxed
b. Two-way
c. Server
d. Anonymous
d.
Anonymous
Anonymous authentication allows virtually anyone to connect to the wireless portal.
Wireless Networking Security
If the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted. What is this vulnerability known as?
a. Packet sniffing
b. Minding the gap
c. Middle man
d. Broken
a.
Packet sniffing
If the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted and this is known as packet sniffing.
Wireless Networking Security
WAP uses a smaller version of HTML for Internet displays. This is known as:
a. DSL
b. HSL
c. WML
d. OFML
c.
WML
WAP uses a smaller version of HTML called Wireless Markup Language (WML) for Internet displays.
Wireless Networking Security
What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet?
a. 128-bit
b. 64-bit
c. 56-bit
d. 12-bit
a.
128-bit
TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet.
Disaster Recovery and Incident Response
Which plan or policy helps an organization determine how to relocate to an emergency site?
Disaster-recovery plan*
The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.
Disaster Recovery and Incident Response
Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which
b.
Working copies
Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.
Disaster Recovery and Incident Response
You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the fil
b.
Incremental backup
An incremental backup backs up files that have changed since the last full or partial backup.
Disaster Recovery and Incident Response
Which backup system backs up all the files that have changed since the last full backup?
a. Full backup
b. Incremental backup
c. Differential backup
d. Archival backup
c.
Differential backup
A differential backup backs up all the files that have changed since the last full backup.
Disaster Recovery and Incident Response
You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't utilize a good tape-rotation scheme. Which backup method uses a rotating schedu
a.
Grandfather, Father, Son method
The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.
Disaster Recovery and Incident Response
Which site best provides limited capabilities for the restoration of services in a disaster?
a. Hot site
b. Warm site
c. Cold site
d. Backup site
b.
Warm site
Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.
Disaster Recovery and Incident Response
You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both com
d.
Reciprocal agreement
A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency.
Disaster Recovery and Incident Response
The process of automatically switching from a malfunctioning system to another system is called what?
a. Fail safe
b. Redundancy
c. Fail-over
d. Hot site
c.
Fail-over
Fail-over occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.
Disaster Recovery and Incident Response
You've been brought in as a temporary for FRS, Inc. The head of IT assigns you the task of evaluating all servers and their disks and making a list of any data not stored redundantly. Which disk technology isn't fau
a.
RAID 0
RAID 0 is a method of spreading data from a single disk over a number of disk drives. It's used primarily for performance purposes.
Disaster Recovery and Incident Response
Which agreement outlines performance requirements for a vendor?
a. MTBF
b. MTTR
c. SLA
d. BCP
c.
SLA
A service-level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MTBF and MTTR as performance measures in the SLA.
Disaster Recovery and Incident Response
Your company is about to invest heavily in an application written by a new startup. Because it is such a sizable investment, you express your concerns about the longevity of the new company and the risk this organiz
a.
Code escrow
Code escrow allows customers to access the source code of installed systems under specific conditions, such as the bankruptcy of a vendor.
Disaster Recovery and Incident Response
Which of the following would normally not be part of an incident response policy?
a. Outside agencies (that require status)
b. Outside experts (to resolve the incident)
c. Contingency plans
d. Evidence collection pr
c.
Contingency plans
A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan.
Disaster Recovery and Incident Response
Which of the following is the measure of the anticipated incidence of failure for a system or component?
a. CIBR
b. AIFS
c. MTBF
d. MTTR
c.
MTBF
Mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component.
Disaster Recovery and Incident Response
With high availability, the goal is to have key services available 99.999 percent of the time. What is this availability also known as?
a. Five nines
b. Three nines
c. Perfecta
d. Trifecta
a.
Five nines
With high availability, the goal is to have key services available 99.999 percent of the time (also known as five nines availability).
Disaster Recovery and Incident Response
Which of the following outlines those internal to the organization who have the ability to step into positions when they open?
a. Succession planning
b. Progression planning
c. Emergency planning
d. Eventuality plan
a.
Succession planning
Succession planning outlines those internal to the organization who have the ability to step into positions when they open.
Disaster Recovery and Incident Response
What is another name for working copies?
a. Functional copies
b. Running copies
c. Operating copies
d. Shadow copies
d.
Shadow copies
Working copies are also known as shadow copies.
Disaster Recovery and Incident Response
What is the maximum number of drive failures a RAID 5 array can survive from and still be able to function?
a. 0
b. 1
c. 2
d. More than 2
b.
1
A RAID 5 array can survive the failure of any one drive and still be able to function. It can't survive the failure of multiple drives.
Disaster Recovery and Incident Response
The only difference between mirroring and which of the following is the addition of one more controller card?
a. Additioning
b. Duplexing
c. Failing over
d. Sanctifying
b.
Duplexing
The only difference between mirroring and duplexing is one more controller card.
Disaster Recovery and Incident Response
Which redundancy strategy has one spare part for every component in use?
a. 1+1
b. JWDO
c. JIT
d. Rollovers
a.
1+1
The redundancy strategy 1+1 has one spare part for every component in use.
Disaster Recovery and Incident Response
With five nines availability, the total amount of downtime allowed per year is:
a. 4.38 hours
b. 526 minutes
c. 52.65 minutes
d. 5.26 minutes
d.
5.26 minutes
With five nines availability, the total amount of downtime allowed per year is 5.26 minutes.
Security-Related Policies and Procedures
Which policy dictates how an organization manages certificates and certificate acceptance?
a. Certificate policy
b. Certificate access list
c. CA accreditation
d. CRL rule
a.
Certificate policy
A certificate policy dictates how an organization uses, manages, and validates certificates.
Security-Related Policies and Procedures
You're giving hypothetical examples during a required security training session when the subject of certificates comes up. A member of the audience wants to know how a party is verified as genuine. Which party in a
c.
Third party
The third party is responsible for assuring the relying party that the subscriber is genuine.
Security-Related Policies and Procedures
MTS is in the process of increasing all security for all resources. No longer will the legacy method of assigning rights to users as they're needed be accepted. From now on, all rights must be obtained for the netw
a.
Security group
A security group is used to manage user access to a network or system.
Security-Related Policies and Procedures
Which process inspects procedures and verifies that they're working?
a. Audit
b. Business continuity plan
c. Security review
d. Group privilege management
a.
Audit
An audit is used to inspect and test procedures within an organization to verify that those procedures are working and up-to-date. The result of an audit is a report to management.
Security-Related Policies and Procedures
Which ISO standard states: "Privileges should be allocated to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum requirement for their functional role when needed"?
a. 27002
b. 2710
a.
27002
The ISO standard 27002 (which updates 17799) states: "Privileges should be allocated to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum requirement for their functional role when needed.
Security-Related Policies and Procedures
On a NetWare-based system, which account is equivalent to the administrator account in Windows?
a. Auditor
b. Supervisor
c. Root
d. Master
b.
Supervisor
The supervisor user in NetWare is equivalent to the administrator user in Windows.
Security-Related Policies and Procedures
Which type of policy would govern whether employees can engage in practices such as taking gifts from vendors?
a. Termination policy
b. Endowment policy
c. Ethics policy
d. Benefit policy
c.
Ethics policy
An ethics policy is the written policy governing accepted organizational ethics.
Security-Related Policies and Procedures
Which of the following occurs under the security policy administered by a trusted security domain?
a. Positive inspection
b. Confident poll
c. Voucher session
d. Trusted transaction
d.
Trusted transaction
A trusted transaction occurs under the security policy administered by a trusted security domain. Your organization may decide that it can serve as its own trusted security domain and that it can use third-party CAs, thus allowing f
Security-Related Policies and Procedures
A periodic security audit of which of the following can help determine whether privilege-granting processes are appropriate and whether computer usage and escalation processes are in place and working?
a. Event log
c.
User access and rights review
A periodic security audit of user access and rights review can help determine whether privilege-granting processes are appropriate and whether computer usage and escalation processes are in place and working.
Security-Related Policies and Procedures
Which Windows Firewall events are logged by default in Windows 7?
a. Dropped packets
b. Successful connections
c. Both dropped packets and successful connections
d. Neither dropped packets nor successful connection
d.
Neither dropped packets nor successful connections
By default, Windows Firewall in Windows 7 logs neither dropped packets nor successful connections. Logging occurs only when one or both of these are turned on.
Security-Related Policies and Procedures
Which audits help ensure that procedures and communications methods are working properly in the event of a problem or issue?
a. Communication
b. Escalation
c. Selection
d. Preference
B.
Escalation
Escalation audits help ensure that procedures and communications methods are working properly in the event of a problem or issue.
Security-Related Policies and Procedures
Most CAs require what to define certificate issue processes, record keeping, and subscribers' legal acceptance of terms?
a. CPS
b. DAC
c. SRC
d. GPM
a.
CPS
Most CAs require a Certificate Practice Statement (CPS), which defines certificate issue processes, record keeping, and subscribers' legal acceptance of the terms of the CPS.
Security-Related Policies and Procedures
Which of the following is one of the most common certificates in use today?
a. X.733
b. X.50
c. X.509
d. X.500
c.
X.509
One of the most common certificates in use today is the X.509 certificate. It includes encryption, authentication, and a reasonable level of validity.
Security-Related Policies and Procedures
People in an organization can withhold classified or sensitive information from others in the company when governed by what type of policy?
a. Nondisclosure
b. Suppression
c. Need-to-know
d. Revelation
c.
Need-to-know
People in an organization can withhold classified or sensitive information from others in the company when governed by need-to-know policies.
Security-Related Policies and Procedures
The process of establishing boundaries for information sharing is called:
a. Disassociation
b. Compartmentalization
c. Isolation
d. Segregation
b.
Compartmentalization
The process of establishing boundaries for information sharing is called compartmentalization.
Security-Related Policies and Procedures
Which policies define how individuals are brought into an organization?
a. Service policies
b. Continuity policies
c. Pay policies
d. Hiring policies
d.
Hiring policies
Hiring policies define how individuals are brought into an organization. They also establish the process used to screen prospective employees for openings.
Security-Related Policies and Procedures
A policy of mandatory vacations should be implemented in order to assist in:
a. The prevention of fraud
b. Identifying employees no longer needed
c. Reducing insurance expenses
d. Enforcing privilege management
a.
The prevention of fraud
A policy of mandatory vacations should be implemented in order to assist in the prevention of fraud.
Security-Related Policies and Procedures
On a Linux-based system, which account is equivalent to the administrator account in Windows?
a. Auditor
b. Supervisor
c. Root
d. Master
c.
Root
The root user in Linux is equivalent to the administrator user in Windows.
Security-Related Policies and Procedures
Which of the following is the basic premise of least privilege?
a. Always assign responsibilities to the administrator who has the minimum permissions required.
b. When assigning permissions, give users only the pe
b.
When assigning permissions, give users only the permissions they need to do their work and no more.
The basic premise of least privilege is: When assigning permissions, give users only the permissions they need to do their work and no more.
Security-Related Policies and Procedures
Which policy defines what constitutes sensitive data and applies protection to it?
a. Classification
b. BCP
c. Data review
d. Data theft
d.
Data theft
A data theft policy defines what constitutes sensitive data and applies protection to it.
Security and Vulnerability in the Network
An organization is looking for a filtering solution that will help eliminate some of the recent problems it has had with viruses and worms. Which of the following best meets this requirement?
a. Intrusion detectio
b.
Malware inspection
A malware inspection filter is basically a web filter applied to traffic that uses HTTP. The body of all HTTP requests and responses is inspected. Malicious content is blocked, but legitimate content passes through unaltered. Answer
Disaster Recovery and Incident Response
Which risk management response is being implemented when a company purchases insurance to protect against service outage?
a. Acceptance
b. Avoidance
c. Mitigation
d. Transference
d.
Transference
The liability of risk is transferred through insurance policies. Answer A is incorrect because accepting a risk is to do nothing in response. Risk avoidance involves simply terminating the operation that produces the risk, making answer B
Threats and Vulnerabilities
A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as which of the following?
a. Zombie
b. Botnet
c. Herder
d. Virus
b.
Botnet
Answers A and C are incorrect but are related to a botnet in that a zombie is one of many computer systems that make up a botnet, whereas a bot herder is the controller of the botnet. Answer D is incorrect. A virus is a program that infects a co
Security and Vulnerability in the Network
Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?
a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cros
b.
Cross-site request forgery (XSRF)
To mitigate cross-site request forgery (XSRF) attacks, the most common solution is to add a token for every POST or GET request that is initiated from the browser to the server. Answer A is incorrect because buffer ove
Cryptography Implementation
Which of the following is one of the biggest challenges associated with database encryption?
a. Multitenancy
b. Key management
c. Weak authentication components
d. Platform support
b.
Key management
One of the biggest challenges associated with database encryption is key management. Answer A is incorrect because multitenancy is a security issue related to cloud computing implementations. Answer C is incorrect because lack of managem
Access Control and Identity Management
Which form of access control enables data owners to extend access rights to other logons?
a. MAC
b. DAC
c. Role-based (RBAC)
d. Rule-based (RBAC)
b.
DAC
Discretionary access control (DAC) systems enable data owners to extend access rights to other logons. Mandatory access control (MAC) systems require assignment of labels to extend access, making answer A incorrect. Answers C and D are incorrect be
Access Control and Identity Management
In a decentralized key management system, the user is responsible for which one of the following functions?
a. Creation of the private and public key
b. Creation of the digital certificate
c. Creation of the CRL
d. R
a.
Creation of the private and public key
In a decentralized key system, the end user generates his or her own key pair. The other functions, such as creation of the certificate, CRL, and the revocation of the certificate, are still handled by the certifi
Access Control and Identity Management
What is the name given to the system of digital certificates and certificate authorities used for public key cryptography over networks?
a. Protocol key instructions (PKI)
b. Public key extranet (PKE)
c. Protocol key
d.
Public key infrastructure (PKI)
Public key infrastructure describes the trust hierarchy system for implementing a secure public key cryptography system over TCP/IP networks. Answers A, B, and C are incorrect because these are bogus terms.
Access Control and Identity Management
If Sally wants to send a secure message to Mark using public key encryption but is not worried about sender verification, what does she need in addition to her original message text?
a. Sally's private key
b. Sally's
d.
Mark's public key
Sally needs Mark's public key to encrypt her original message in a form that only Mark can decrypt. Neither of Sally's keys is needed because the originator does not need to be validated, making answers A and B incorrect. Answer C is
Physical and Hardware-Based Security
Which of the following methods is the most effective way to physically secure laptops that are used in an environment such as an office?
a. Security cables
b. Server cages
c. Locked cabinet
d. Hardware dongle
a.
Security cables
Security cables with combination locks can provide such security and are easy to use. They are used mostly to secure laptops and leave the equipment exposed. Answer B is incorrect because PC Safe tower and server cages are designed to b
Security and Vulnerability in the Network
Which of the following serves the purpose of trying to lure a malicious attacker into a system?
a. Honeypot
b. Pot of gold
c. DMZ
d. Bear trap
a.
Honeypot
A honeypot is used to serve as a decoy and lure a malicious attacker. Answers B and D are incorrect answers and are not legitimate terms for testing purposes. Answer C is incorrect because a demilitarized zone (DMZ) is an area between the Inte
Infrastructure and Connectivity
What is the recommended range of humidity level according to the ASHRAE?
a. 10% to 20%
b. 30% to 40%
c. 40% to 55%
d. 55% to 65%
c.
40% to 55%
The American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) recommends optimal humidity levels in the 40% to 55% range, making answers A, B, and D incorrect. Very low levels of humidity can promote the buildup of e
Operating System and Application Security
Which of the following is a network protocol that supports file transfers and is a combination of RCP and SSH?
a. HTTPS
b. FTPS
c. SFTP
d. SCP
d.
SCP
The Secure Copy Protocol (SCP) is a network protocol that supports file transfers. SCP is a combination of RCP and SSH. It uses the BSD RCP protocol tunneled through the Secure Shell (SSH) protocol to provide encryption and authentication. Answer A
Infrastructure and Connectivity
You want to implement a technology solution for a small organization that can function as a single point of policy control and management for access to Internet content. Which of the following should you choose?
a. Proxy ga
d.
Web security gateway
Web security gateways offer a single point of policy control and management for web-based content access. Answer A is too generic to be a proper answer. Answer B is incorrect because a circuit-level gateway's decisions are based on
Educating and Protecting the User
You have recently had security breaches in the network. You suspect they might be coming from a telecommuter's home network. Which of the following devices would you use to require a secure method for employees to access
b.
A VPN concentrator
A VPN concentrator is used to allow multiple users to access network resources using secure features that are built in to the device and are deployed where the requirement is for a single device to handle a very large number of VPN t
Infrastructure and Connectivity
At which layer of the OSI model does the Internet Protocol Security protocol function?
a. Network layer
b. Presentation layer
c. Session layer
d. Application layer
a.
Network layer
IPsec validation and encryption function at the network layer of the OSI model. Answers B, C, and D are incorrect because IPsec functions at a lower level of the OSI model.
Infrastructure and Connectivity
When troubleshooting SSL, which two layers of the OSI model are of most value?
a. Application layer and presentation layer
b. Presentation layer and session layer
c. Application layer and transport layer
d. Physical layer a
c.
Application layer and transport layer
SSL connections occur between the application and transport layers. Answer A is incorrect because SSL operates at a deeper level. Answer B is incorrect because the Secure Sockets Layer transport effectively fills t
Access Control and Identity Management
Which of the three principles of security is supported by an iris biometric system?
a. Confidentiality
b. Integrity
c. Availability
d. Vulnerability
a.
Confidentiality
Confidentiality involves protecting against unauthorized access, which biometric authentication systems support. Integrity is concerned with preventing unauthorized modification, making answer B incorrect. Answer C is not correct becaus
Threats and Vulnerabilities
_________ describes the potential that a weakness in hardware, software, process, or people will be identified and taken advantage of.
a. Vulnerability
b. Exploit
c. Threat
d. Risk
c.
Threat
A threat is the potential that a vulnerability will be identified and exploited. Answer A is incorrect because a vulnerability is the weakness itself and not the likelihood that it will be identified and exploited. Answer B is incorrect because
Security-Related Policies and Procedures
Which of the following is not a principal concern for first responders to a hacking incident within a corporation operating in the United States?
a. Whether EMI shielding is intact
b. Whether data is gathered prope
a.
Whether EMI shielding is intact
EMI shielding is important to protecting data and services against unauthorized interception as well as interference but is not a principal concern for first responders following an incident. First responders must ensure
Security-Related Policies and Procedures
Which rule of evidence within the United States involves Fourth Amendment protections?
a. Admissible
b. Complete
c. Reliable
d. Believable
a.
Admissible
Admissibility involves collecting data in a manner that ensures its viability in court, including legal requirements such as the Fourth Amendment protections against unlawful search and seizure. Answers B and C are incorrect because data mus
Threats and Vulnerabilities
A user has downloaded trial software and subsequently downloads a key generator in order to unlock the trial software. The user's antivirus detection software now alerts the user that the system is infected. Which one of the fo
b.
Trojan
Trojans are programs disguised as something useful. In this instance, the user was likely illegally trying to crack software, and in the process infected the system with malware. Although answers A, C, and D are types of malware, they are not th
Threats and Vulnerabilities
Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?
a. DoS
b. Masquerading
c. DDoS
d. Trojan horse
c.
DDoS
A distributed denial of service (DDoS) attack is similar to a denial-of-service (DoS) attack in that they both try to prevent legitimate access to services. However, a DDoS attack is a coordinated effort among many computer systems; therefore, ans
Security and Vulnerability in the Network
What is the name given to the activity that consists of collecting information that will be later used for monitoring and review purposes?
a. Logging
b. Auditing
c. Inspecting
d. Vetting
a.
Logging
Logging is the process of collecting data to be used for monitoring and auditing purposes. Auditing is the process of verification that normally involves going through log files; therefore, answer B is incorrect. Typically, the log files are fr
Protecting Networks
Which of the following are not methods for minimizing a threat to a web server? (Choose the two best answers.)
a. Disable all nonweb services
b. Ensure Telnet is running
c. Disable nonessential services
d. Enable logging
b.
Ensure Telnet is running
d.
Enable logging
Having Telnet enabled presents security issues and is not a primary method for minimizing threat. Logging is important for secure operations and is invaluable when recovering from a security incident. However,
Security-Related Policies and Procedures
The organization is concerned about vulnerabilities in commercial off-the-shelf (COTS) software. Which of the following might be the only means of reviewing the security quality of the program?
a. Fuzzing
b. Cross-
a.
Fuzzing
In some closed application instances, fuzzing might be the only means of reviewing the security quality of the program. Answer B is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to caus
Threats and Vulnerabilities
Which of the following is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated?
a. Buffer overflow
b. Input validation error
c. Cross-site scripting
d. Cross-site re
d.
Cross-site request forgery
Cross-site request forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated. Answer A is incorrect because a buffer overflow is a direct result of po
Physical and Hardware-Based Security
Which of the following methods would be the most effective method to physically secure computers that are used in a lab environment that operates on a part-time basis?
a. Security cables
b. Server cages
c. Locked cabin
c.
Locked cabinet
A locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular, daily basis. Vendors provide solutions such as a security cabinet locker that secures CPU towers. The housing is m
Operating System and Application Security
An organization is looking to add a layer of security and maintain strict control over the apps employees are approved to use. Which of the following fulfills this requirement?
a. Blacklisting
b. Encryption
c. Loc
d.
Whitelisting
Application whitelisting only permits known good apps. When security is a concern, whitelisting applications is a better option because it allows organizations to maintain strict control over the apps employees are approved to use. Answer
Security and Vulnerability in the Network
Your organization is exploring endpoint data-loss prevention (DLP) solutions. This solution is targeting which of the following data states?
a. In-transit
b. At-rest
c. In-use
d. In-flux
c.
In-use
Protection of data in-use is considered to be an endpoint solution and the application is run on end user workstations or servers in the organization. Answer A is incorrect because protection of data in-transit is considered to be a network solu
Cryptography Implementation
Which of the following uses a secure crypto-processor to authenticate hardware devices such as a PC or laptop?
a. Public key infrastructure
b. Full disk encryption
c. File-level encryption
d. Trusted Platform Module
d.
Trusted Platform Module
Trusted Platform Module (TPM) refers to a secure crypto-processor used to authenticate hardware devices such as a PC or laptop. The idea behind TPM is to allow any encryption-enabled application to take advantage of the chip. An
Access Control and Identity Management
Which process involves verifying keys as being authentic?
a. Authorization
b. Authentication
c. Access control
d. Verification
b.
Authentication
Authentication involves the presentation and verification of credentials of keys as being authentic. Answer A is incorrect because authorization involves checking authenticated credentials against a list of authorized security principles
Access Control and Identity Management
Which category of authentication includes smart cards?
a. Something you know
b. Something you have
c. Something you are
d. Something you do
e. Somewhere you are
b.
Something you have
Something you have includes smart cards, tokens, and keys. Something you know includes account logons, passwords, and PINs, making answer A incorrect. Answers C and D are incorrect because both something you are and something you do
Operating System and Application Security
Which of the following will help track changes to the environment when an organization needs to keep legacy machines?
a. Virtualization
b. Network storage policies
c. Host software baselining
d. Roaming profiles
c.
Host software baselining
Host software baselining can be done for a variety of reasons including malware monitoring and creating system images. Generally, the environment needs of an organization will fall into a legacy, enterprise, or high-security cl
Measuring and Weighing Risk
Which of the following is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected?
a. Public data
b. Confidential data
c. Sensitive data
d. Priva
d.
Private data
Private data is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected. Answer A is incorrect because the unauthorized disclosure, alteration, or destructio
Cryptography Basics
Which of the following is a hybrid cryptosystem?
a. PAP
b. MD5
c. RSA
d. GPG
d.
GPG
Privacy Guard (GnuPG or GPG) is a hybrid cryptosystem that uses combination of public key and private key encryption. The incorrect choices are A, B, and C: PAP is a basic form of authentication during which the username and password are transmitte
Cryptography Basics
Which of the following is the type of algorithm used by MD5?
a. Block cipher algorithm
b. Hashing algorithm
c. Asymmetric encryption algorithm
d. Cryptographic algorithm
b.
Hashing algorithm
Although the message digest (MD) series of algorithms is classified globally as a symmetric key encryption algorithm, the correct answer is hashing algorithm, which is the method that the algorithm uses to encrypt data. Answer A in in
Access Control and Identity Management
To check the validity of a digital certificate, which one of the following would be used?
a. Corporate security policy
b. Certificate policy
c. Certificate revocation list
d. Expired domain names
c.
Certificate revocation list
A certificate revocation list (CRL) provides a detailed list of certificates that are no longer valid. A corporate security policy would not provide current information on the validity of issued certificates; therefore, answ
Cryptography Basics
What is the acronym for the de facto cryptographic message standards developed by RSA Laboratories?
a. PKIX
b. X.509
c. PKCS
d. Both A and C
c.
PKCS
The Public Key Cryptography Standards (PKCS) are the de facto cryptographic message standards developed and maintained by RSA Laboratories, the Security Division of EMC. PKIX describes the development of Internet standards for X.509-based digital
Access Control and Identity Management
Which of the following is true of digital signatures? (Choose the two best answers.)
a. They are the same as a hash function.
b. They can be automatically time-stamped.
c. They allow the sender to repudiate that the
b.
They can be automatically time-stamped.
d.
They cannot be imitated by someone else.
Digital signatures offer several features and capabilities. This includes being able to ensure the sender cannot repudiate that he or she used the signature. In additio
Disaster Recovery and Incident Response
Which of the following designates the amount of data loss that is sustainable and up to what point in time data recovery could happen before business is disrupted?
a. RTO
b. MTBF
c. RPO
d. MTTF
c.
RPO
Recovery point objective (RPO) is the amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds the BCP's maximum allowable threshold. Simply put, RPO specifies the allowable data loss. It determ
Cryptography Basics
Which authorization protocol is generally compatible with TACACS?
a. LDAP
b. RADIUS
c. TACACS+
d. XTACACS
d.
XTACACS
The Extended Terminal Access Controller Access Control System (XTACACS) protocol is a proprietary form of the TACACS protocol developed by Cisco and is compatible in many cases. Neither LDAP nor RADIUS is affiliated with the TACACS protocol, ma
Disaster Recovery and Incident Response
Your organization is exploring data-loss prevention (DLP) solutions. The proposed solution is a software storage solution that monitors how confidential data is stored. This solution is targeting which of the follow
b.
At-rest
Protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer A is incorrect because protection of data in-transit is considered to be a network solu
Operating System and Application Security
Which of the following is needed to establish effective security baselines for host systems? (Select two correct answers.)
a. Cable locks
b. Mandatory settings
c. Standard application suites
d. Decentralized admin
b.
Mandatory settings
c.
Standard application suites
To establish effective security baselines, enterprise network security management requires a measure of commonality between the systems. Mandatory settings, standard application suites, and initial setu
Threats and Vulnerabilities
Which of the following types of attacks is executed by placing malicious executable code on a website?
a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cross-Site Scripting (XSS)
d. Input validation error
c.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answ
Protecting Networks
Which of the following are examples of protocol analyzers? (Check all correct answers.)
a. Metasploit
b. Wireshark
c. OVAL
d. Microsoft Message Analyzer
b.
Wireshark
d.
Microsoft Message Analyzer
Windows Server operating systems come with a protocol analyzer called by Microsoft Message Analyzer. Third-party programs such as Wireshark can also be used for network monitoring. Metasploit is a framework used
Measuring and Weighing Risk
An executive from ABC Corp receives an email from a vice president of XYZ Corp, which is a prestigious partner organization of ABC Corp. This email was formatted using XYZ's corporate logo, images, and text from their website (
d.
Spear phishing
This is an example of a spear phishing attack, which uses fraudulent email to obtain access to data of value (here, the executive's credentials) from a targeted organization. Answer A is incorrect because while phishing attacks involve e
Physical and Hardware-Based Security
Which form of cabling is least susceptible to EM interference?
a. STP
b. UTP
c. Coaxial
d. Fiber optic
d.
Fiber optic
Fiber-optic cabling is least subject to electromagnetic interference because its communications are conducted by transmitting pulses of light over glass, plastic, or sapphire transmission fibers. Twisted-pair (shielded STP as well as unshie
Security-Related Policies and Procedures
An organization is partnering with another organization which requires shared systems. Which of the following documents would outline how the shared systems interface?
a. SLA
b. BPA
c. MOU
d. ISA
d.
ISA
An interconnection security agreement (ISA) is an agreement between organizations that have connected IT systems. Answer A is incorrect because a service level agreement (SLA) is a contract between a service provider and a customer that specifies t
Protecting Networks
It is suspected that some recent network compromises are originating from the use of RDP. Which of the following TCP port traffic should be monitored?
a. 3389
b. 139
c. 138
d. 443
a.
3389
TCP port 3389 is used by RDP. Answer B is incorrect because UDP uses port 139 for network sharing. Answer C is incorrect because port 138 is used to allow NetBIOS traffic for name resolution. Answer D is incorrect because port 443 is used for HTTP
Educating and Protecting the User
You are implementing network access for several internal business units that work with sensitive information on a small organizational network. Which of the following would best mitigate risk associated with users imprope
d.
Proper VLAN management
VLANs provide a way to limit broadcast traffic in a switched network. This creates a boundary and, in essence, creates multiple, isolated LANs on one switch. Answer A is incorrect because logging is the process of collecting data
Disaster Recovery and Incident Response
Your organization is exploring data-loss prevention (DLP) solutions. The proposed solution is a software network solution that would be installed near the network perimeter to monitor for and flag policy violations.
a.
In-transit
Protection of data in-transit is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer B is incorrect because protection of da
Measuring and Weighing Risk
What is the first step in performing a basic forensic analysis?
a. Ensure that the evidence is acceptable in a court of law
b. Identify the evidence
c. Extract, process, and interpret the evidence
d. Determine how to preserve t
b.
Identify the evidence
It is necessary to first identify the evidence that is available to be collected. Answer A is incorrect because protecting data's value as evidence must come after the type and form of evidence is known. Extraction, preservation,
Access Control and Identity Management
Which of the following is not true regarding expiration dates of certificates?
a. Certificates may be issued for a week.
b. Certificates are issued only at yearly intervals.
c. Certificates may be issued for 20 years
b.
Certificates are issued only at yearly intervals.
Digital certificates contain a field indicating the date to which the certificate is valid. This date is mandatory, and the validity period can vary from a short period of time up to a number of years;
Physical and Hardware-Based Security
Which of the following statements are true when discussing physical security? (Select all correct answers.)
a. Physical security attempts to control access to data from Internet users.
b. Physical security attempts to
b.
Physical security attempts to control unwanted access to specified areas of a building.
c.
Physical security attempts to control the effect of natural disasters on facilities and equipment.
d.
Physical security attempts to control internal employee acc
Access Control and Identity Management
Which type of authorization provides no mechanism for unique logon identification?
a. Anonymous
b. Kerberos
c. TACACS
d. TACACS+
a.
Anonymous
During anonymous access, such as requests to a public FTP server, unique identify of the requester is not determined and so cannot be used for personalized logon identification. Answers B, C, and D are incorrect because authorization services
Access Control and Identity Management
Which is the best rule-based access control constraint to protect against unauthorized access when admins are off-duty?
a. Least privilege
b. Separation of duties
c. Account expiration
d. Time of day
d.
Time of day
Time-of-day rules prevent administrative access requests during off-hours when local admins and security professionals are not on duty. Answer A is incorrect because least privilege is a principle of assigning only those rights necessary to
Protecting Networks
Which of the following protocols supports DES, 3DES, RC2, and RSA2 encryption along with CHAP authentication, but was not widely adopted?
a. S-HTTP
b. S/MIME
c. HTTP
d. PPTP
a.
S-HTTP
An alternative to HTTPS is the Secure Hypertext Transport Protocol (S-HTTP), which was developed to support connectivity for banking transactions and other secure web communications. S-HTTP was not adopted by the early web browser developers (fo
Physical and Hardware-Based Security
A new switch has been implemented in areas where there is very little physical access control. Which of the following would the organization implement as a method for additional checks to prevent unauthorized access?
a
d.
Port security
Port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port. Answer A is incorrect
Disaster Recovery and Incident Response
There have been some sporadic connectivity issues on the network. Which of the following is the best choice to investigate these issues?
a. Protocol analyzer
b. Circuit-level gateway logs
c. Spam filter appliance
d.
a.
Protocol analyzer
Protocol analyzers help you troubleshoot network issues by gathering packet-level information across the network. These applications capture packets and can conduct protocol decoding, putting the information into readable data for ana
Threats and Vulnerabilities
Which of the following types of attacks can be done by either convincing the users to click on an HTML page the attacker has constructed or insert arbitrary HTML in a target website that the users visit?
a. Buffer overflow
b. C
b.
Cross-site request forgery (XSRF)
The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. All they need to do is get the browsers to make a request t
Protecting Networks
Which of the following is most likely to use network segmentation as an alternate security method?
a. SCADA systems
b. Mainframes
c. Android
d. Gaming consoles
a.
SCADA systems
Network segmentation is one of the most effective controls an organization can implement in order to mitigate the effect of a network intrusion. Due to the sensitive nature of supervisory control and data acquisition (SCADA) systems, they
Cryptography Basics
Which of the following algorithms is not an example of a symmetric encryption algorithm?
a. Rijndael
b. Diffie-Hellman
c. RC6
d. AES
b.
Diffie-Hellman
Diffie-Hellman uses public and private keys, so it is considered an asymmetric encryption algorithm. Because Rijndael and Advanced Encryption Standard (AES) are now one in the same, they both can be called symmetric encryption algorithms
Cryptography Basics
Which of the following best describes the process of encrypting and decrypting data using an asymmetric encryption algorithm?
a. Only the public key is used to encrypt, and only the private key is used to decrypt.
b. The public key is
d.
The private key is used to decrypt data encrypted with the public key.
When encrypting and decrypting data using an asymmetric encryption algorithm, you use only the private key to decrypt data encrypted with the public key. Answers A and B are both in
Access Control and Identity Management
Which one of the following defines APIs for devices such as smart cards that contain cryptographic information?
a. PKCS #11
b. PKCS #13
c. PKCS #4
d. PKCS #2
a.
PKCS #11
PKCS #11, the Cryptographic Token Interface Standards, defines an API named Cryptoki for devices holding cryptographic information. Answer B is incorrect because PKCS #13 is the Elliptic Curve Cryptography (ECC) standard. Both answers C and D
Network Security
What is the primary role of a firewall?
a. To forward packets across different network computer networks
b. To intercept user requests from the internal secure network and then process that request on behalf of the user
c. To connect netw
d.
To inspect packets and either accept or deny entry
Although a host-based application software firewall that runs as a program on one client is different from a hardware-based network firewall designed to protect an entire network, their functions are e
Network Security
Which type of firewall packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator?
a. Stateless packet filtering
b. Stateful packet filtering
c. Switched packet f
a.
Stateless packet filtering
Packets can be filtered by a firewall in one of two ways. Stateless packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator. Stateful packet filte
Network Security
When a modern firewall receives a packet, it tends to use a(n) _______________ method to determine the action to be taken.
a. rule-based
b. role-based
c. application-based
d. authentication-based
c.
application-based
Traditional firewalls are rule-based while more modern firewalls are application-based.
Network Security
What type of firewall systems are static in nature and cannot do anything other than what they have been expressly configured to do?
a. Application-based
b. Authentication-based
c. Role-based
d. Rule-based
d.
Rule-based
Rule-based systems are static in nature and cannot do anything other than what they have been expressly configured to do.
Network Security
What is the role of a router?
a. To inspect packets and either accept or deny entry
b. To forward packets across different computer networks
c. To intercept user requests from the internal secure network and then process that request on b
b.
To forward packets across different computer networks
A router is a network device that can forward packets across different computer networks. When a router receives an incoming packet, it reads the destination address and then, using information in i
Network Security
What is the role of a switch?
a. To inspect packets and either accept or deny entry
b. To forward packets across different network computer networks
c. To intercept user requests from the internal secure network and then process that requ
d.
To connect networks together so that they function as a single network segment
Early local area networks (LANs) used a hub, which is a standard network device for connecting multiple network devices together so that they function as a single network se
Network Security
Which type of switch network monitoring is best suited for high-speed networks that have a large volume of traffic?
a. Network tapping
b. Port mirroring
c. Load balancing
d. Packet filtering
a.
Network tapping
A network tap is generally best for high-speed networks that have a large volume of traffic, while port mirroring is better for networks with light traffic.
Network Security
A load balancer is typically located _______________ in a network configuration.
a. in front of a server
b. in front of a router
c. between a router and a server
d. between a router and a switch
c.
between a router and a server
Because load balancers generally are located between routers and servers, they can detect and stop attacks directed at a server or application.
Network Security
Load balancing that is used for distributing HTTP requests received is sometimes called _______________.
a. content filtering
b. IP spraying
c. content inspection
d. port mirroring
b.
IP spraying
Load balancing that is used for distributing HTTP requests received is sometimes called IP spraying.
Network Security
A(n) _______________ is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.
a. proxy server
b. load balancer
c. network tap
d. Internet
a.
proxy server
A proxy server is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.
Network Security
A(n) _______________ can block malicious content in real time as it appears.
a. uniform resource locator (URL) filter
b. virtual private network (VPN)
c. Internet content filter
d. web security gateway
d.
web security gateway
A web security gateway can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).
Network Security
What term refers to a technology that enables authorized users to use an unsecured public network, such as the Internet, as if it were a secure private network?
a. Virtual private network (VPN)
b. Gateway
c. Intrusion detection system (ID
a.
Virtual private network (VPN)
A virtual private network (VPN) is a technology that enables authorized users to use an unsecured public network, such as the Internet, as if it were a secure private network.
Network Security
VPN transmissions are achieved through communicating with _______________.
a. network taps
b. endpoints
c. Internet content filters
d. proxy servers
b.
endpoints
VPN transmissions are achieved through communicating with endpoints. An endpoint is the end of the tunnel between VPN devices. An endpoint can be software on a local computer, a dedicated hardware device such as a VPN concentrator (which aggr
Network Security
*Which statement concerning behavior-based monitoring is correct?
*
a. It is necessary to update signature files before monitoring can take place.
b. It is necessary to compile a baseline of statistical behavior before monitoring can take
c.
It can more quickly stop new attacks as compared to anomaly- and behavior-based monitoring.
One of the advantages of behavior-based monitoring is that it is not necessary to update signature files or compile a baseline of statistical behavior before mo
Network Security
Which statement concerning signature-based monitoring is correct?
a. Signature-based monitoring is designed for detecting statistical anomalies.
b. Signature-based monitoring uses an algorithm to determine if a threat exists.
c. Signature
d.
Signature-based monitoring looks for well-known patterns.
A method for auditing usage is to examine network traffic, activity, transactions, or behavior and look for well-known patterns, much like antivirus scanning. This is known as signature-based mo
Network Security
Which statement concerning anomaly-based monitoring is correct?
a. Anomaly-based monitoring is founded on experience based techniques.
b. Anomaly-based monitoring looks for well-known patterns.
c. Anomaly-based monitoring operates by bein
d.
Anomaly-based monitoring is designed for detecting statistical anomalies.
Anomaly-based monitoring is designed for detecting statistical anomalies.
Network Security
Which statement concerning heuristic monitoring is correct?
a. Heuristic monitoring operates by being adaptive and proactive.
b. Heuristic monitoring is founded on experience-based techniques.
c. Heuristic monitoring is designed for detec
b.
Heuristic monitoring is founded on experience-based techniques.
Heuristic monitoring is founded on experience-based techniques. It attempts to answer the question, "Will this do something harmful if it is allowed to execute?
Network Security
A(n) _______________ captures packets to decode and analyzes their contents.
a. protocol analyzer
b. load balancer
c. Internet content filter
d. spam filter
a.
protocol analyzer
A protocol analyzer captures packets to decode and analyzes their contents.
Network Security
Which option for installing a corporate spam filter is considered to be the most effective approach?
a. Install the spam filter on the Domain Name Server (DNS).
b. Install the spam filter on the Post Office Protocol (POP3) server.
c. Inst
c.
Install the spam filter with the Simple Mail Transfer Protocol (SMTP) server.
Installing the spam filter with the SMTP serve is the simplest and most effective approach.
Network Security
Which type of Internet content filtering restricts unapproved websites from being displayed by searching for and matching keywords?
a. Uniform resource locator (URL filtering)
b. Profiling
c. Malware inspection
d. Content inspection
d.
Content inspection
Internet content filters monitor Internet traffic and block access to preselected websites and files. A requested webpage is displayed only if it complies with the specified filters. Unapproved websites can be restricted based on the
Network Security
Using _______________, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.
a. malware inspection and filtering
b. content inspection
a.
malware inspection and filtering
With malware inspection and filtering, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.
Network Security
A _______________ is a special type of firewall that looks at the applications using HTTP.
a. network intrusion detection system (NIDS)
b. network intrusion prevention system (NIPS)
c. spam filter
d. web application firewall
d.
web application firewall
A Web application firewall is a special type of firewall that looks at the applications using HTTP.
Network Security
A more "intelligent" firewall is a(n) _______________ firewall, sometimes called a next-generation firewall (NGFW).
a. rule-based
b. application-aware
c. hardware-based
d. host-based
b.
application-aware
A more "intelligent" firewall is an application-aware firewall, sometimes called a next-generation firewall (NGFW).
Network Security
What feature distinguishes a network intrusion prevention system (NIPS) from a network intrusion detection system (NIDS)?
a. A NIPS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central devi
b.
A NIPS is located "in line" on the firewall itself.
One of the major differences between a NIDS and a NIPS is its location. A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis
Network Security
Which statement concerning a network intrusion detection system (NIDS) is correct?
a. A NIDS knows such information as the applications that are running as well as the underlying operating systems so that it can provide a higher degree of
d.
A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis.
A network intrusion prevention system (NIPS) is similar to a NIDS in that it monitors network traffic to immediately react
Which of the following are steps that can be taken to harden FTP services?
a. Anonymous access to shared files of questionable or undesirable content should be limited.
b. Regular review of networks for unauthorized or rogue servers.
c. Technologies that
a.
Anonymous access to shared files of questionable or undesirable content should be limited.
Anonymous access to shared files of questionable or undesirable content should be limited for proper FTP server security. Answer B is incorrect because it is a h
A situation in which a program or process attempts to store more data in a temporary data storage area than it was intended to hold is known as which of the following?
a. Buffer overflow
b. Denial of service
c. Distributed denial of service
d. Storage ove
a.
Buffer overflow
A buffer overflow occurs when a program or process attempts to store more data in a buffer than the buffer was intended to hold. The overflow of data can flow over into other buffers, overwriting or deleting data. A denial of service is
TEMPEST deals with which of the following forms of environmental control?
a. HVAC
b. EMI shielding
c. Humidity
d. Cold-aisle
b.
EMI shielding
TEMPEST protections involve the hardening of equipment against EMI broadcast and sensitivity. Answers A and C are incorrect because HVAC controls include temperature and humidity management techniques to manage evolved heat in the data ce
Which of the following is included in hardening a host operating system?
a. A policy for antivirus updates
b. A policy for remote wipe
c. An efficient method to connect to remote sites
d. An effective system for file-level security
d.
An effective system for file-level security
Hardening of the operating system includes planning against both accidental and directed attacks, such as the use of fault-tolerant hardware and software solutions. In addition, it is important to implement a
Which of the following is the preferred type of encryption used in SaaS platforms?
a. Application level
b. Database level
c. Media level
d. HSM level
a.
Application level
In a software-as-a-service (SaaS) environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data f
Several organizational users are experiencing network and Internet connectivity issues. Which of the following would be most helpful in troubleshooting where the connectivity problems might exist?
a. SSL
b. IPsec
c. SNMP
d. Traceroute
d.
Traceroute
Traceroute uses an ICMP echo request packet to find the path between two addresses. Answer A is incorrect because SSL is a public key-based security protocol that is used by Internet services and clients for authentication, message integrity
An organization has an access control list implemented on the border router, but it appears that unauthorized traffic is still being accepted. Which of the following would the organization implement to improve the blocking of unauthorized traffic?
a. Loop
c.
Implicit deny
Implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access. Answer A is incorrect because the loop protection feature makes additional checks in Layer 2 switched
An asset is valued at $12,000, the threat exposure factor of a risk affecting that asset is 25%, and the annualized rate of occurrence is 50%. What is the SLE?
a. $1,500
b. $3,000
c. $4,000
d. $6,000
b.
$3,000
The single loss expectancy (SLE) is the product of the value ($12,000) and the threat exposure (.25), or $3,000. Answer A is incorrect because $1,500 represents the annualized loss expectancy (ALE), which is the product of the SLE and the annual
Which form of fire suppression functions best in an Alaskan fire of burning metals?
a. Dry-pipe sprinkler
b. Wet-pipe sprinkler
c. Carbon dioxide
d. Dry powder
d.
Dry powder
Combustible metal fires (Class D) require sodium chloride and copper-based dry powder extinguishers. Although dry-pipe would be preferable to wet-pipe sprinklers in regions that experience very low temperatures such as Alaska, water is only
While performing regular security audits, you suspect that your company is under attack and someone is attempting to use resources on your network. The IP addresses in the log files belong to a trusted partner company, however. Assuming an attack, which o
d.
Spoofing
The most likely answer is spoofing because this enables an attacker to misrepresent the source of the requests. Answer A is incorrect because this type of attack records and replays previously sent valid messages. Answer B is incorrect because
Due to organizational requirements, strong encryption cannot be used. Which of the following is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access p
c.
Wired Equivalent Privacy (WEP)
WEP is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point. Answer A is incorrect. Wireless Application Envir
After a new switch was implemented, some sporadic connectivity issues on the network have occurred. The issues are suspected to be device related. Which of the following would the organization implement as a method for additional checks in order to preven
a.
Loop protection
The loop protection feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denial-of-service (DoS) attacks. Answer C is
Which of the following is an example of a false negative result?
a. An authorized user is granted access to a resource.
b. An unauthorized user is granted access to a resource.
c. An authorized user is refused access to a resource.
d. An unauthorized user
c.
An authorized user is refused access to a resource.
A false negative result involves access refusal for an authorized user, which makes answer D incorrect. Answers A and B are incorrect because they represent granted resource access.
Which of the following is the best choice for encrypting large amounts of data?
a. Asymmetric encryption
b. Symmetric encryption
c. Elliptical curve encryption
d. RSA encryption
b.
Symmetric encryption
Public key encryption is not usually used to encrypt large amounts of data, but it is does provide an effective and efficient means of sending a secret key from which to do symmetric encryption thereafter, which provides the best m
You want to be sure that the FTP ports that are required for a contract worker's functionality have been properly secured. Which of the following ports would you check?
a. 25/110/143
b. 20/21
c.137/138/139
d. 53
b.
20/21
Ports 20 and 21 are used for FTP. Answer A is incorrect because these ports are used for email. Answer C is incorrect because these NetBIOS ports are required for certain Windows network functions such as file sharing. Answer D is incorrect becau
Security guards are a form of which specific type of control?
a. Management
b. Technical
c. Physical
d. Access
c.
Physical
Physical controls include facility design details such as layout, door, locks, guards, and surveillance systems. Management controls include policies and procedures, whereas technical controls include access control systems, encryption, and da
You have been tasked with mitigating the risk of password-based attacks. Which of the following should you consider to provide a control beyond just what someone knows?
a. Enforce complex passwords
b. Prevent the user from entering more than three incorre
c.
Implement use of a one-time use token
Although both A and B provide controls for passwords, they are still both based on something the user knows: a password. A one-time use token can be a dedicated hardware token or may be a software token or text mes
Which one of the following is not considered a physical security component?
a. VPN tunnel
b. Mantrap
c. Fence
d. CCTV
a.
VPN tunnel
A VPN tunnel is an example of data security, not physical security. Mantrap, fence, and CCTV are all components of physical security; therefore, answers B, C, and D are incorrect.
A physical security plan should include which of the following? (Select all correct answers.)
a. Description of the physical assets being protected
b. The threats from which you are protecting against and their likelihood
c. Location of a hard disk's phys
a.
Description of the physical assets being protected
b.
The threats from which you are protecting against and their likelihood
d.
Description of the physical areas where assets are located
A physical security plan should be a written plan that addresses
Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.)
a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cross-Site Scripting (XSS)
d. Input validation error
a.
Buffer overflow
d.
Input validation error
A buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions, and input validation errors are a result of improper field checking in the code. Answer B is incorrect becaus
Which of the following is included in a BYOD policy?
a. Key management
b. Data ownership
c. Credential management
d. Transitive trusts
b.
Data ownership
When formulating a bring-your-own-device (BYOD) policy, the organization should clearly state who owns the data stored on the device, specifically addressing what data belongs to the organization. Answer A is incorrect because key manage
Which of the following is a common storage networking standard chosen by businesses for ease of installation, cost, and utilization of current Ethernet networks?
a. Fibre Channel
b. FTP
c. iSCSI
d. HTTPS
c.
iSCSI
Businesses choose Internet Small Computer System Interface (iSCSI) due to ease of installation, cost, and utilization of current Ethernet networks. Answer A is incorrect. Fibre Channel infrastructure generally is more costly and complex to manage
Which one of the following best describes the type of attack designed to bring a network to a halt by flooding the systems with useless traffic?
a. DoS
b. Ping of death
c. Teardrop
d. Social engineering
a.
DoS
A DoS attack is designed to bring down a network by flooding the system with an overabundance of useless traffic. Although answers B and C are both types of DoS attacks, they are incorrect because DoS more accurately describes "a type of attack." A
The process of making an operating system more secure by closing known vulnerabilities and addressing security issues is known as which of the following?
a. Handshaking
b. Hardening
c. Hotfixing
d. All of the above
b.
Hardening
Hardening refers to the process of securing an operating system. Handshaking relates the agreement process before communication takes place; therefore, answer A is incorrect. A hotfix is just a security patch that gets applied to an operating
An organization is looking for a mobile solution that allows both executives and employees to discuss sensitive information without having to travel to secure company locations. Which of the following fulfills this requirement?
a. GPS tracking
b. Voice en
b.
Voice encryption
Mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer A is incorrect because in the event a mobile device is lost, GPS tracking ca
Users received a spam email from an unknown source and chose the option in the email to unsubscribe and are now getting more spam as a result. Which one of the following is most likely the reason?
a. The unsubscribe option does not actually do anything.
b
d.
They confirmed that their addresses are "live."
Often an option to opt out of further email does not unsubscribe users; instead it means, "send me more spam" because it has been confirmed that the email address is not dormant. This is less likely to oc
Which of the following provides a clear record of the path evidence takes from acquisition to disposal?
a. Video capture
b. Chain of custody
c. Hashes
d. Witness statements
b.
Chain of custody
The chain of custody provides a clear record of the path evidence takes from acquisition to disposal. Answer A is incorrect because videotaping the actual entrance of a forensics team into the area helps refute claims that evidence was
Which of the following is not an example of multifactor authentication?
a. Logon and password
b. Smart card and PIN
c. RFID chip and thumbprint
d. Gait and iris recognition
e. Location and CAC
a.
Logon and password
Both logon and password represent a form of "what you know" authentication. Answers B, C, D, and E are all incorrect because they represent paired multifactor forms of authentication. A smart card and PIN represent what you have and
Which of the following is an example of role-based access control criteria?
a. GPS coordinates
b. Trusted OS
c. Members of the Administrators group
d. Time of day
c.
Members of the Administrators group
Role-based access control involves assignment of access rights to groups associated with specific roles, with accounts inheriting rights based on group membership. Answers A and B are incorrect, as requirements for a
The sender of data is provided with proof of delivery, and neither the sender nor receiver can deny either having sent or received the data. What is this called?
a. Nonrepudiation
b. Repetition
c. Nonrepetition
d. Repudiation
a.
Nonrepudiation
Nonrepudiation means that neither party can deny either having sent or received the data in question. Both answers B and C are incorrect. And repudiation is defined as the act of refusal; therefore, answer D is incorrect.
Which of the following are steps that can be taken to harden DHCP services?
a. Anonymous access to share files of questionable or undesirable content should be limited.
b. Regular review of networks for unauthorized or rogue servers.
c. Technologies that
b.
Regular review of networks for unauthorized or rogue servers.
Regular review of networks for unauthorized or rogue servers is a practice used to harden DHCP services. Answer A is incorrect because anonymous access to share files of questionable or unde
Which of the fields included within a digital certificate identifies the directory name of the entity signing the certificate?
a. Signature algorithm identifier
b. Issuer
c. Subject name
d. Subject public key information
b.
Issuer
The Issuer field identifies the name of the entity signing the certificate, which is usually a certificate authority. The Signature Algorithm Identifier identifies the cryptographic algorithm used by the CA to sign the certificate; therefore, an
Which type of authorization provides a mechanism for validation of both sender and receiver?
a. Anonymous
b. Kerberos
c. TACACS
d. RADIUS
b.
Kerberos
Kerberos authentication enables validation of both endpoints and can help protect against interception attacks such as the "man-in-the-middle." Anonymous connections do not even allow verification of the access requestor, making answer A incor
Which type of biometric authentication involves identification of the unique patterns of blood-vessels at the back of the eye?
a. Facial recognition
b. Iris
c. Retina
d. Signature
c.
Retina
Retinal biometric systems identify unique patterns of blood vessels in the back of the eye. Facial recognition systems identify fixed spacing of key features of the face such as bones, eyes, and chin shape, making answer A incorrect. Answer B is
An organization that relies heavily on cloud and SaaS service providers, such as Salesforce.com, WebEx, and Google, would have security concerns when implementing which of the following?
a. TACACS+
b. Secure LDAP
c. SAML
d. XTACACS
c.
SAML
SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) framework for creating and exchanging security information between online partners. The weakness in the SAML identity chain is the integrity of users. To mitigate ris
In which of the following types of architecture is the user responsible for the creation of the private and public key?
a. Decentralized key management
b. Centralized key management
c. Revocation key management
d. Multilevel key management
a.
Decentralized key management
In a decentralized key-management scheme, the user creates both the private and public key and then submits the public key to the CA to allow it to apply its digital signature after it has authenticated the user. Answer B i
Which of the following standards ensures privacy between communicating applications and clients on the Web and has been designed to replace SSL?
a. Secure Sockets Layer 4
b. Point-to-Point Tunneling Protocol
c. Transport Layer Security
d. Internet Protoco
c.
Transport Layer Security
Transport Layer Security (TLS) is a network protocol that replaces Secure Sockets Layer (SSL) to provide communication security over networks. Answer A is incorrect, as such a thing was never developed. Answers B and D are inco
Lynn needs access to the Accounting order-entry application but keeps getting an error that indicates inadequate access permissions. Bob assigns Lynn's account to the Administrator's group to overcome the error until he can work on the problem. Which acce
b.
Least privilege
Least privilege is a principle of assigning only those rights necessary to perform assigned tasks. By making Lynn a member of the Administrators group, Bob not only bypassed the application's access control protocols but may also have g
An authentication system relies on an RFID chip embedded in a plastic key together with the pattern of blood vessels in the back of an authorized user's hand. What types of authentication are being employed in this system?
a. Something you have and someth
a.
Something you have and something you are
The RFID-enabled key is a form of "something you have," and the blood vessel biometric signature is a form of "something you are." Answers B and C are incorrect because there are no "something you know" requirem
Which of the following is a commonly applied principle for fault tolerance against accidental faults designed into critical facilities planning?
a. Firmware version control
b. Wrappers
c. Manual updates
d. Control redundancy
d.
Control redundancy
Control redundancy is replication of a component in identical copies to compensate for random hardware failures. Redundancy is usually dispersed geographically as well as through backup equipment and databases, or hot sparing of syst
Which of the following methods can be used to locate a device in the event it is lost or stolen?
a. GPS tracking
b. Voice encryption
c. Remote wipe
d. Passcode policy
a.
GPS tracking
If a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company
Which of the following is a security concern when implementing NoSQL databases?
a. NoSQL databases do not provide any authentication mechanisms.
b. The NoSQL design uses server-side validation.
c. NoSQL databases lack confidentiality and integrity.
d. NoS
c.
NoSQL databases lack confidentiality and integrity.
The NoSQL design does not place security as a high priority, lacking confidentiality and integrity. Answer A is incorrect because NoSQL databases such as MongoDB have added support for Kerberos authen
Which one of the following is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building?
a. Mantrap
b. Biometric
c. Honeypot
d. Honeynet
a.
Mantrap
A mantrap is a physical security control that is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building. Biometrics typically incorporate something about the pe
Bluejacking and bluesnarfing make use of which wireless technology?
a. Wi-Fi
b. Bluetooth
c. Blu-Fi
d. All of the above
b.
Bluetooth
Both bluejacking and bluesnarfing refer to types of attacks over short-range Bluetooth technology. Answers A, C, and D are incorrect.
If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must be restored following a disaster on Friday?
a. 1
b. 2
c. 5
d. 6
b.
2
With a differential backup scheme, only the last full and last differential backup need to be restored, making answer C incorrect as well. Daily full backups would require only the last full backup, making answer A incorrect in this configuration. An
Which risk reduction policy does not aid in identifying internal fraud?
a. Mandatory vacations
b. Least privilege
c. Separation of duties
d. Job rotation
b.
Least privilege
Although least privilege can aid in protecting against internal fraud, it does not particularly aid in identifying it if occurring. Mandatory vacations, job rotation, and separation of duties such as monetary processing and validation a
Due to organizational requirements strong encryption cannot be used. Which of the following is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access po
c.
Wired Equivalent Privacy (WEP)
WEP is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point. Answer A is incorrect. Wireless Application Envir
Which of the following methods of cloud computing enables the client to literally outsource everything that would normally be in a typical IT department?
a. SaaS
b. DaaS
c. PaaS
d. IaaS
d.
IaaS
Infrastructure-as-a-service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet. This method of cloud computing enables the client to literally outsource everything that would normally be in a typical IT d
Which of the following is considered best practice when formulating minimum standards for developing password policies?
a. Password length set to 6 characters
b. Require password change at 90 days
c. Maximum password age set to zero
d. Account lockout thr
b.
Require password change at 90 days
Require users to change passwords every 90 to 180 days, depending on how secure the environment needs to be. Remember that the more often users are required to change passwords, the greater the chance that they will w
You manage a network on which there are mixed vendor devices and are required to implement a strong authentication solution for wireless communications. Which of the following would best meet your requirements? (Select two correct answers.)
a. EAP
b. WEP
a.
EAP
d.
PEAP
The IEEE and IETF specify 802.1X and EAP as the standard for secure wireless networking, and Protected EAP (PEAP) is standards based. PEAP was jointly developed by Microsoft, RSA Security, and Cisco Systems. It is an IETF open standard. PEA
Which of the following makes it difficult for an eavesdropper to spot patterns and contains a message integrity method to ensure that messages have not been tampered with?
a. ICMP
b. CCMP
c. WEP
d. LEAP
b.
CCMP
CCMP makes it difficult for an eavesdropper to spot patterns, and the CBC-MAC message integrity method ensures that messages have not been tampered with. Answer A is incorrect because ICMP is a network troubleshooting protocol. Answer C is incorre
Which risk management response is being implemented when a company decides to close a little-used legacy web application identified as vulnerable to SQL Injection?
a. Acceptance
b. Avoidance
c. Mitigation
d. Transference
b.
Avoidance
Risk avoidance involves simply terminating the operation that produces the risk, such as when shutting down a vulnerable site. Answer A is incorrect because accepting a risk is to do nothing in response except document the risk-management dec
A video surveillance system is a form of which type of access control?
a. Quantitative
b. Management
c. Technical
d. Physical
d.
Physical
Physical controls include facility design details such as layout, door, locks, guards, and electronic surveillance systems. Quantitative risk analysis involved the use of numerical metrics and is used to identify and sort risks rather than to
Which element of business continuity planning (BCP) is most concerned with hot-site/cold-site planning?
a. Network connectivity
b. Facilities
c. Clustering
d. Fault tolerance
b.
Facilities
Facilities continuity planning is focused around alternative site management, hardware, and service contracts. Network connectivity BCP involves establishing alternative network access paths and dedicated recovery administrative connections,
What aspect of disaster recovery planning details training requirements for managers, administrators, and users?
a. Impact and risk assessment
b. Disaster recovery plan
c. Disaster recovery policies
d. Service level agreements
b.
Disaster recovery plan
The disaster recovery plan documents how organizations will recover from a disaster. It includes risk evaluations, restoration procedures application, and training required. Answer A is incorrect because the impact and risk asses
A man-in-the-middle attack takes advantage of which of the following?
a. TCP handshake
b. UDP handshake
c. Juggernaut
d. All of the above
a.
TCP handshake
TCP is a connection-oriented protocol, which uses a three-way handshake to establish and close a connection. Answers B, C, and D are incorrect. A man-in-the-middle attack takes advantage of this handshake by inserting itself in the middle
Which of the following best describes why a requesting device might believe that incoming ARP replies are from the correct devices?
a. ARP requires validation.
b. ARP does not require validation.
c. ARP is connection oriented.
d. ARP is connectionless.
b.
ARP does not require validation.
ARP is a protocol used for mapping IP addresses to MAC addresses. It does not require validation, thus answer A is incorrect. Answers C and D are incorrect because connection oriented and connectionless are used to desc
Which of the following describes a network of systems designed to lure an attacker away from another critical system?
a. Bastion host
b. Honeynet
c. Vulnerability system
d. Intrusion-detection system
b.
Honeynet
Honeynets are collections of honeypot systems interconnected to create networks that appear to be functional and that can be used to study an attacker's behavior within the network. A bastion host is the first line of security that a company a
An organization has agreed to collaborate on a business project with another organization. Which of the following documents would outline the terms and details of an agreement between parties, including each party's requirements and responsibilities?
a. S
c.
MOU
A memorandum of understanding (MOU) is a document that outlines the terms and details of an agreement between parties, including each party's requirements and responsibilities. Answer A is incorrect because a service level agreement (SLA) is a cont
An organization has had a rash of malware infections. Which of the following can help mitigate the number of successful attacks?
a. Application baselining
b. Patch management
c. Network monitoring
d. Input validation
b.
Patch management
Proactive patch management is necessary to keep your technology environment secure and reliable. Answer A is incorrect because application baselining is similar to operating system baselining in that it provides a reference point for n
In which of the following phases should code security first be implemented?
a. Testing
b. Review
c. Implementation
d. Design
d.
Design
It is important that security is implemented from the very beginning. In the early design phase, potential threats to the application must be identified and addressed. Ways to reduce the associated risks must also be taken into consideration. Th
Which of the following applications should be used to properly protect a host from malware? (Select two correct answers.)
a. Antispam software
b. Antivirus software
c. Content-filtering software
d. Web-tracking software
a.
Antispam software
b.
Antivirus software
All host devices must have some type of malware protection. A necessary software program for protecting the user environment is antivirus software. Antivirus software is used to scan for malicious code in email a
An organization is looking for a basic mobile solution which will be used to prevent unauthorized access to users' phones. Which of the following fulfills this requirement?
a. GPS tracking
b. Voice encryption
c. Remote wipe
d. Passcode policy
d.
Passcode policy
A screen lock or passcode is used to prevent access to the phone. Answer A is incorrect because if a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because mobile voice encryption can allow e
Which of the following is the formal process of assessing risk involved in discarding particular information?
a. Sanitization
b. Declassification
c. Degaussing
d. Overwriting
b.
Declassification
Declassification is a formal process of assessing the risk involved in discarding particular information. Answer A is incorrect because sanitization is the process of removing the contents from the media as fully as possible, making it
Which of the following is the most useful when you're dealing with data that is stored in a shared cloud environment?
a. Full disk encryption
b. File-level encryption
c. Media-level encryption
d. Application-level encryption
d.
Application-level encryption
In a cloud environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data from the user
If Bob wants to send a secure message to Val using public key encryption without sender validation, what does Val need?
a. Bob's private key
b. Bob's public key
c. Val's private key
d. Val's public key
c.
Val's private key
Val needs her own private key to decrypt the message Bob encrypted with her public key. Neither of Bob's keys is needed because the originator does not need to be validated, making Answers A and B incorrect. Answer D is incorrect beca
Which category of authentication includes your ATM card?
a. Something you are
b. Something you do
c. Somewhere you are
d. Something you have
d.
Something you have
"Something you have" includes ATM cards, smart cards, and keys. "Somewhere you are" is a location, making answer C incorrect. Answers A and B are incorrect because both "something you are" and "something you do" are biometric measure
Which is the best access control constraint to protect against accidental unauthorized access?
a. Implicit denial
b. Least privilege
c. Separation of duties
d. Account expiration
a.
Implicit denial
The default assignment of an implicit denial, overridden by explicit grants of access aids in protecting resources against accidental access during normal network operations. Answer B is incorrect because least privilege is a principle
Your organization provides a secure web portal. You discover another portal that mimics your organization's portal look and feel. This portal has a similar URL but is different by one letter. Which of the following are most likely true? (Select two correc
b.
This is typo squatting.
c.
The site is collecting usernames and passwords.
Typo squatting takes advantage of mistyped domain names. Sometimes for advertising purposes, but it can also be for more malicious intent. The unauthorized site may be looking t
What type of algorithm is SHA-1?
a. Asymmetric encryption algorithm
b. Digital signature
c. Hashing algorithm
d. Certificate authority
c.
Hashing algorithm
SHA-1 is a cryptographic hash function and is an updated version of the original Secure Hash Algorithm (SHA). Answer A is incorrect because this is an algorithm that uses a public and private key pair and is not associated with SHA-1.
Which of the following is true of Pretty Good Privacy (PGP)? (Select the two best answers.)
a. It uses a web of trust.
b. It uses a hierarchical structure.
c. It uses public key encryption.
d. It uses private key encryption.
a.
It uses a web of trust.
c.
It uses public key encryption.
PGP uses a web of trust rather than the hierarchical structure. It also uses public key encryption. Based on this, answers B and D are incorrect.
Which one of the following best identifies the system of digital certificates and certification authorities used in public key technology?
a. Certificate practice system (CPS)
b. Public key exchange (PKE)
c. Certificate practice statement (CPS)
d. Public
d.
Public key infrastructure (PKI)
PKI represents the system of digital certificates and certificate authorities. Answers A, B, and C are incorrect. A CPS is a document created and published by a CA that provides for the general practices followed by the
Which of the following is not a certificate trust model for the arranging of certificate authorities?
a. Bridge CA architecture
b. Sub-CA architecture
c. Single-CA architecture
d. Hierarchical CA architecture
b.
Sub-CA architecture
Sub-CA architecture does not represent a valid trust model. Answers A, C, and D, however, all represent legitimate trust models. Another common model also exists, called cross-certification; however, it usually makes more sense to i
Which of the following is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network?
a. Mobile application management
b. Onboarding
c. Mobile device management
d. Device access contr
b.
Onboarding
On-boarding is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network. Answer A is incorrect because mobile application management (MAM) focuses on application manag
Which of the following are advantages of honeypots and honeynets? (Select all correct answers.)
a. Attackers are diverted to systems that they cannot damage.
b. Administrators are allotted time to decide how to respond to an attack.
c. Attackers' actions
b.
Administrators are allotted time to decide how to respond to an attack.
On-boarding is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network. Answer A is incorrect because mob
You are setting up an FTP server that needs to be accessed by both the employees and external contractors. What type of architecture should you implement?
a. VLAN
b. DMZ
c. NAT
d. VPN
a.
VLAN
b.
DMZ
c.
NAT
All except answers D and E are advantages of honeypots and honeynets. Currently, the legal implications of using such systems are not that well defined, and the use of these systems typically requires more administrative resources.
A CA with multiple subordinate CAs would use which of the following PKI trust models?
a. Cross-certified
b. Hierarchical
c. Bridge
d. Linked
b.
Hierarchical
A DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer A is incorrect. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardles
*Which of the following are types of updates applied to systems? (Select all correct answers.)
*
a. Hotfix
b. Service packs
c. Patches
d. Coldfix
a.
Hotfix
b.
Service packs
c.
Patches
Each of these describes types of updates that can be applied to a system. Answer D is incorrect.
Which of the following types of cloud computing is designed to meet industry-specific needs such as healthcare, public sector, or energy?
a. Public
b. Private
c. Hybrid
d. Community
d.
Community
Community clouds are designed to accommodate the mutual needs of a particular business community. This is generally industry-specific such as healthcare, public sector, or energy. Answer A is incorrect because a public cloud is an environment
What is a potential concern to weaker encryption algorithms as time goes on? (Select the best answer.)
a. Performance of the algorithm worsens over time
b. Keys generated by users start to repeat on other users' systems
c. Hackers using distributed comput
c.
Hackers using distributed computing might be able to finally crack algorithms.
As computers get faster, so does the ability for hackers to use distributed computing as a method of breaking encryption algorithms. With computer performance, in some cases
Which of the following is not a common quality of quantitative risk analysis?
a. Difficult for management to understand
b. Less precise
c. Labor intensive
d. Time-consuming
b.
Less precise
Qualitative risk assessments tend to be less precise than quantitative assessments. Quantitative risk assessments tend to be more difficult for management to understand properly without additional explanation, require intensive labor to ga
Which of the following should be implemented if the organization wants to monitor unauthorized transfers of confidential information?
a. Content inspection
b. Proxy server
c. Protocol analyzer
d. Packet-filtering firewall
a.
Content inspection
Content inspection appliances use access control filtering software on a dedicated filtering appliance. The device monitors every packet of traffic that passes over a network. Answer B is incorrect. When a proxy server receives a req
Which of the following provides the output for an example of banner grabbing?
a. http://www.example.com/index.htm
b. This is a government computer system. Authorized access only.
c. Server Apache 2.0.46 (Red Hat Linux)
d. Welcome to our FTP site
c.
Server Apache 2.0.46 (Red Hat Linux)
Banner grabbing is a technique used to discover information about a computer system. This information is used to further understand the underlying system. In this example, a vulnerability scanner can narrow down whi
Which of the following is a method that can be used to prevent data from being accessed in the event the device is lost or stolen?
a. GPS tracking
b. Voice encryption
c. Remote wipe
d. Asset tracking
c.
Remote wipe
A remote wipe allows the handheld's data to be remotely deleted in the event the device is lost or stolen. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorr
A certificate authority discovers it has issued a digital certificate to the wrong person. What needs to be completed?
a. Certificate practice statement (CPS)
b. Revocation
c. Private key compromise
d. Fraudulent practices statement (FPS)
b.
Revocation
A certificate might need to be revoked (including a certificate being issued to the incorrect person) for any number of reasons. A CPS is a published document from the CA describing their policies and procedures for issuing and revoking cert
You are setting up a switched network in which each department requires a logical separation. Which of the following meets these requirements?
a. DMZ
b. VPN
c. VLAN
d. NAT
c.
VLAN
The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer A is incorrect because a DMZ is a small network between the internal network and the Internet t
Which of the following is the most useful when you're dealing with machines that are being taken on the road by traveling executives, sales managers, or insurance agents?
a. Full disk encryption
b. File-level encryption
c. Media-level encryption
d. Applic
a.
Full disk encryption
Full disk encryption is most useful when you're dealing with machines that are being taken on the road by traveling executives, sales managers, or insurance agents. Answer B is incorrect because in file- or folder-level encryption,
Which type of biometric authentication system is not subject to false rejection due to illness or minor injury?
a. Fingerprint
b. Voiceprint
c. Facial recognition
d. Retina
c.
Facial recognition
Facial recognition systems measure relative spacing between underlying features such as the bone structure and eye placement, requiring more than a minor injury to modify this biometric signature. Fingerprint signatures can be modifi
If an asset is valued at 100,000, the threat exposure factor of a risk affecting that asset is 25%, and the annualized rate of occurrence is 20%, what is the ALE?
a. $5,000
b. $20,000
c. $25,000
d. $45,000
a.
$5,000
The annualized loss expectancy (ALE) is the product of the SLE (value times exposure factor) and the ARO or $20% of 100,000 � 25% = $5,000. Answer B is incorrect because $20,000 represents the asset value times ARO. Answer C is incorrect because
What is the minimal level of alternative site that includes live networking?
a. Cold
b. Warm
c. Hot
d. Remote
b.
Warm
A warm site generally includes power, phone, and networking. It might include computers that are not yet set up or kept fully up to date. Cold sites generally have little more than space, restrooms, and electricity until activated, making answer A
Which of the following statements is true about SSL?
a. SSL provides security for both the connection and the data after it is received.
b. SSL only provides security for the connection, not the data after it is received.
c. SSL only provides security for
b.
SSL only provides security for the connection, not the data after it is received.
Secure Sockets Layer (SSL) provides security only for the connection, not the data after it is received. The data is encrypted while it is being transmitted, but when rec
Which of the following is widely used as a controlled access measure in businesses that offer free Wi-Fi hotspots to Internet users such as hotels and restaurants?
a. Captive portal
b. Site survey
c. VPN (over open wireless)
d. Omnidirectional antenna
a.
Captive portal
Captive portals are widely used in businesses that offer free Wi-Fi hotspots to Internet users such as hotels and restaurants. Answer B is incorrect because a site survey is conducted before implementing any WLAN solution to optimize net
Which utility allows the identification of all devices conducting network traffic both to and from a network segment?
a. Port scanner
b. Vulnerability scanner
c. Protocol analyzer
d. Network mapper
c.
Protocol analyzer
Protocol analyzers examine network traffic and identify protocols and endpoint devices in the identified transactions. Port scanners check service ports on a single device, making answer A incorrect. Answer B is incorrect because vuln
Which of the following is commonly used in the banking sector to secure numerous large bulk transactions?
a. Full disk encryption
b. HSM
c. TPM
d. File-level encryption
b.
HSM
Traditionally, hardware security modules (HSMs) have been used in the banking sector to secure numerous large bulk transactions. Answer A is incorrect because full disk encryption is most useful when you're dealing with a machine that is being take
Which of the following is the length of time a device or product is expected to last in operation?
a. RTO
b. MTBF
c. RPO
d. MTTF
d.
MTTF
Mean time to failure (MTTF) is the length of time a device or product is expected to last in operation. Answer A is incorrect because recovery time objective (RTO) is the amount of time within which a process must be restored after a disaster to m
Which of the following algorithms is now known as the Advanced Encryption Standard (AES)?
a. Rijndael
b. 3DES
c. RC6
d. Twofish
e. CAST
a.
Rijndael
Rijndael was the winner of the new AES standard. Although RC6 and Twofish competed for selection, they were not chosen. 3DES and CAST did not participate; therefore, answers B, C, D, and E are incorrect.
Which of the following services/protocols operate on port 22?
a. DNS
b. HTTPS
c. SSH
d. RDP
c.
SSH
Secure Shell (SSH) operates on port 22. Answer A is incorrect because Domain Name Service (DNS) uses port 53. Answer B is incorrect because HTTPS uses port 443. Answer D is incorrect because Remote Desktop Protocol (RDP) uses port 3389.
Which of the following best describes a host-based intrusion detection system (HIDS)?
a. Examines the information exchanged between machines
b. Collects and analyzes data that originates on the local machine
c. Controls the information coming in and out o
b.
Collects and analyzes data that originates on the local machine
A host-based intrusion detection system (HIDS) collects and analyzes data that originates on the local machine. Answer A is incorrect; a network-based intrusion detection system (NIDS) tri
Which of the following best describes the difference between phishing and whaling?
a. They are the same.
b. Whaling makes use of the voice channel, whereas phishing uses email.
c. Whaling uses SMS, whereas phishing uses email.
d. Whaling is similar to phi
d.
Whaling is similar to phishing but specifically targets high-profile individuals.
Whaling specifically targets high-profile individuals. Phishing attempts to acquire sensitive information from anyone. Although they are very similar, they differ in the
Which of the following is not focused on recovering after loss of function?
a. RTO
b. DRP
c. RPO
d. BCP
d.
BCP
Business continuity planning (BCP) / continuity of operations (COO) is focused on maintaining continued service availability even if in a limited form. Recovery time objectives (RTOs) and recovery point objectives (RPOs) are components of disaster
Which form of access control relies on labels for access control management?
a. MAC
b. DAC
c. Role-based (RBAC)
d. Rule-based (RBAC)
a.
MAC
Mandatory access control (MAC) systems require assignment of labels such as Public, Secret, and Sensitive to provide resource access. Answer B is incorrect because discretionary access control (DAC) systems allow data owners to extend access rights
Which password standard provides the best opportunity to detect and react to a high-speed, brute-force password attack?
a. Password length
b. Account lockout
c. Password expiration
d. Logon banner
b.
Account lockout
By locking an account after a limited number of failed attempts, administrative action is necessary to unlock the account and can raise awareness of repeated unauthorized access attempts while reducing the overall number of tests that c
Which of the following is not one of the vulnerabilities of LDAP authentication services?
a. Buffer overflow vulnerabilities can be used to enact arbitrary commands on the LDAP server.
b. Loss of time synchronization between the service, client, and KDC p
b.
Loss of time synchronization between the service, client, and KDC prevents communication.
Kerberos is a time-synchronized protocol that relies on a common time base for session ticket lifetime verification. LDAP is not a ticket-based or a lifetime-base
Which of the following types of attacks is characterized by client-side vulnerabilities presented by ActiveX or JavaScript code running within the client's browser?
a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cross-Site Scripting (XSS)
d. I
c.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) attacks take advantage of vulnerabilities in ActiveX or JavaScript code running within the client's browser. The attack hijacks the user's session or to cause the user accessing malware-tainted Site
Which of the following is a hardware solution typically attached to the circuit board of the system used for greater security protection for processes such as digital signing, mission-critical applications, and businesses where high security is required?
c.
TPM
At the most basic level, a trusted platform module (TPM) provides for the secure storage of keys, passwords, and digital certificates, and it is hardware based (typically attached to the circuit board of the system). Answer A is incorrect because f
Which of the following is a non-proprietary protocol that provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests?
a. TACACS+
b. SAML
c. Secure LDAP
d. XTACACS
a.
TACACS+
TACACS+, released as an open standard, is a protocol that provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests. TACACS+ is similar to RADIUS but us
The new biometric authentication system has been identified as having a high FAR. What does this mean?
a. Authorized users are being allowed access.
b. Unauthorized users are being allowed access.
c. Authorized users are being denied access.
d. Unauthoriz
b.
Unauthorized users are being allowed access.
The false acceptance rate (FAR) is a measure of unauthorized biometric signatures being accepted as valid. Answers A and D are incorrect because they represent valid biometric operations. Answer C is incorre
Which of the following provide a "sandboxed" system that can be used to investigate malware?
a. Virtualization
b. Network storage
c. Host software baselining
d. Application baselining
a.
Virtualization
A virtualized "sandboxed" guest system can help in computer-security research, which enables the study of the effects of some viruses or worms without the possibility of compromising the host system. Answer B is incorrect because network
Which one of the following is an indication that a system might contain spyware?
a. The system is slow, especially when browsing the Internet.
b. It takes a long time for the Windows desktop to come up.
c. Clicking a link does nothing or goes to an unexpe
d.
All of the above.
Each of these represents common symptoms of a computer that has had spyware installed.
Which of the following models is useful for individuals and businesses that want to have the right to access a certain application without having to purchase a full license?
a. PaaS
b. IaaS
c. SaaS
d. DaaS
c.
SaaS
Software-as-a-service (SaaS) is the delivery of a licensed application to customers over the Internet for use as a service on demand. Answer A is incorrect. Platform-as-a-service (PaaS) is the delivery of a computing platform, often an operating s
You are conducting a penetration test on an application for a client. The client provides you with no details about the source code and development process. What type of test will you likely be conducting?
a. Black box
b. White box
c. Vulnerability
d. Ans
a.
Black box
Black box testing does not provide any information about the environment. Answer B is incorrect as white box testing is more transparent and would provide details around the particular application. A vulnerability test and penetration test ar
Which type of power variation includes short-term decreases in voltage levels?
a. Spikes
b. Surges
c. Brownouts
d. Blackouts
c.
Brownouts
A brownout is a short-term decrease in voltage, often occurring when motors are started or due to provider faults. Both spikes and surges are increases of voltage, making answers A and B incorrect. Blackouts involve a complete loss of power r
Which of the following is the most effective method that can be used to prevent data from being accessed in the event the device is lost or stolen?
a. GPS tracking
b. Device encryption
c. Remote wipe
d. Passcode policy
b.
Device encryption
Just like the data on hard drives, the data on mobiles can be encrypted. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. Answer C is incorrect. A remote wipe allows th
Which of the following would be used to detect unauthorized or unintentional access or escalation of privileges?
a. Change management
b. Incident management
c. Auditing
d. Data-loss prevention
c.
Auditing
Auditing is used to detect unauthorized or unintentional access or escalation of privileges. Answer A is incorrect because change management provides specific details when system changes are made, such as the files being replaced, the configur
When a certificate authority revokes a certificate, notice of the revocation is distributed via what?
a. Certificate revocation list
b. Certificate policy
c. Digital signature
d. Certificate practice statement
a.
Certificate revocation list
Certificate revocation lists are used to identify revoked certificates; however, the Online Certificate Status Protocol (OCSP), which provides certificate status in real time, has been created as an alternative to CRLs. Answ
In which of the following types of fuzzing are forged packets sent to the tested application and then replayed?
a. Application fuzzing
b. Protocol fuzzing
c. File format fuzzing
d. Web page fuzzing
b.
Protocol fuzzing
In protocol fuzzing, forged packets are sent to the tested application, which can act as a proxy and modify requests on the fly and then replay them. Answer A is incorrect because in an application fuzzing attack vectors are within its
Which of the following describes a type of algorithm where data is broken into several units of varying sizes (dependent on algorithm) and encryption is applied to those chunks of data?
a. Symmetric encryption algorithm
b. Elliptic curve
c. Block cipher
d
c.
Block cipher
When data that is going to be encrypted is broken into chunks of data and then encrypted, the type of encryption is called a block cipher. Although many symmetric algorithms use a block cipher, answer A is incorrect because block cipher is
Which form of media sanitization might be required for flash-based solid state drives to be considered fully sanitized?
a. Declassification
b. Degaussing
c. Destruction
d. Overwriting
c.
Destruction
In some forms of nonferric solid-state storage devices, only destruction may provide full data sanitization. Answer A is incorrect because declassification is a formal process for assessing the risk associated with discarding information, r
Which of the following is the best measure to prevent divulging sensitive information through dumpster diving? (Select two correct answers.)
a. A firewall
b. Antivirus software
c. Proper disposal policy
d. Training and awareness
c.
Proper disposal policy
d.
Training and awareness
Dumpster diving describes a physical means of acquiring sensitive data, often by digging through discarded material. A policy that clearly describes an organization's stance on proper disposal of data an
What is the last step in the access control process?
a. Identification
b. Authentication
c. Authorization
d. Access control
d.
Access control
Only after credentials have been provided, authenticated, and authorized will access control list (ACL) values be assigned based on explicit and inherited grant and denial constraints. Answer A is incorrect because identification involve
Which of the following are used to verify the status of a certificate? (Select two correct answers.)
a. OCSP
b. CRL
c. OSPF
d. ACL
a.
OCSP
b.
CRL
The Online Certificate Status Protocol (OCSP) and the certificate revocation list (CRL) are used to verify the status of digital certificates. OSPF is a routing protocol; therefore, answer C is incorrect. An ACL is used to define access con
Buffer overflows, format string vulnerabilities, and utilization of shell-escape codes can be mitigated by which of the following practices?
a. Fuzzing
b. Testing
c. Input validation
d. Browser initiated token request
c.
Input validation
Input validation tests whether an application properly handles input from a source outside the application destined for internal processing. Answer A is incorrect because fuzzing allows an attacker to inject random-looking data into a
Which one of the following controls are physical security measures? (Select all correct answers.)
a. Motion detector
b. Antivirus software
c. CCTV
d. Fence
a.
Motion detector
c.
CCTV
d.
Fence
Motion detectors, CCTV, and fencing are all controls used for physical security. Antivirus is not a physical security control, but a control used to protect computer systems from malware, and therefore Answer B is incor
Which of the following would be implemented for secure communications when the organization is using an application that authenticates with Active Directory Domain Services (AD DS) through simple BIND?
a. TACACS+
b. SAML
c. Secure LDAP
d. XTACACS
c.
Secure LDAP
Reasons for enabling Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) / Transport Layer Security (TLS) also known as LDAPS, include protection of the authentication session when an application authenticates with
Which of the following would best mitigate the risks associated with allowing organizational network access required by the terms of a joint project with a business partner?
a. Captive portal
b. Access control lists
c. Network segmentation
d. Log analysis
c.
Network segmentation
With interconnected networks, the potential for damage greatly increases because one compromised system on one network can easily spread to other networks. Networks that are shared by partners, vendors, or departments should have c
Which of the following does not describe techniques for assessing threats and vulnerabilities?
a. Understanding attack surface
b. Baseline reporting
c. Reviews of architecture, design, and code
d. System hardening
d.
System hardening
System hardening refers to reducing a system's security exposure and strengthening its defenses against unauthorized access attempts and other forms of malicious attention. Answers A, B, and C, in contrast, are specific techniques to a
Which of the following statements best describes nonrepudiation?
a. A set of mathematical rules used in encryption
b. A means of proving that a transaction occurred
c. A method of hiding data in another message
d. A drive technology used for redundancy an
b.
A means of proving that a transaction occurred
Nonrepudiation means that neither a sender nor a receiver can deny sending or receiving a message or data. Answer A is incorrect because it describes an algorithm. Answer C is incorrect because it describe
Which of the following provides government-grade security by implementing the AES encryption algorithm and 802.1X-based authentication?
a. WPA2
b. WEP
c. WPA
d. WAP
a.
WPA2
WPA2 is based on the IEEE 802.11i standard and provides government-grade security by implementing the AES encryption algorithm and 802.1X-based authentication. Answer B is incorrect because the WEP standard was proven to be unsecure and has been r
Which of the following is a cloud-based security solution mainly found in private data centers?
a. VPC
b. HSM
c. TPM
d. PKI
a.
VPC
The HSM and cloud machines can both live on the same virtual private network through the use of a virtual private cloud (VPC) environment. This type of solution is mainly found in private datacenters that manage and offload cryptography with dedica
Your organization has organized a trade show in the United States. With the goal of increasing revenue, you decide to operate a Wi-Fi hotspot for a fee. Which of the following are reasons your organization could use wireless jamming? (Select all correct a
b.
To prevent degraded service
d.
To prevent attacks
Wireless jamming may be a legal way to prevent degraded service or attacks. Answers A and C are incorrect. Wireless jamming may provide an effective means to ensure that no other Wi-Fi network may opera
What is the minimum number of drives necessary to provide a RAID 5 redundant with distributed parity disk array?
a. 1
b. 2
c. 3
d. 5
c.
3
The minimum number of drives in a RAID 5 array is three, making answers B and D incorrect. A single drive does not provide fault tolerance, making Answer A incorrect.
Which of the following describes a simple form of social engineering in which an unauthorized individual follows closely behind someone who has authorized physical access to an environment?
a. Tailgating
b. Piggybacking
c. Answers A and B
d. None of the a
c.
Answers A and B
Both tailgating and piggybacking describe a simple method to gain unauthorized access to an environment by closely following behind someone with authorized access. Neither answer A nor B alone is correct. Answer D is incorrect.
Which of the three principles of security is supported by an offsite tape backup system?
a. Confidentiality
b. Integrity
c. Availability
d. Sanitization
c.
Availability
Availability is concerned with ensuring that access to services and data is protected against disruption, including disasters and other events that could require recovering from offsite backup media. Answer A is incorrect because confident
Which of the following should you deploy within your PKI to provide a method for initially verifying a user's identity so that a certificate may be issued?
a. Certificate authority (CA)
b. Registration authority (RA)
c. Certificate practice statement (CPS
b.
Registration authority (RA)
A registration authority is used to first verify the user's identity before passing the request along to the certificate authority to issue a digital certificate. So, answer A is incorrect. Answer C is also incorrect because
Which of the following is not an example of the principles of influence used in social engineering attacks?
a. Authority
b. Intimidation
c. Scarcity and urgency
d. Authenticity and authorization
e. Trust
d.
Authenticity and authorization
Authenticity and authorization both relate to identity and access control and are not principle reasons for effectiveness as related to social engineering. Answers, A, B, C, and E are all legitimate principles and so are
Each firewall rule is essentially a separate instruction with a(n) _______________ construction.
a. FOR-EACH
b. DO-UNTIL
c. IF-THEN
d. WHILE-DO
c.
IF-THEN
Firewall rules are essentially an IF-THEN construction. IF these rule conditions are met, THEN the action occurs.
Within a firewall rule, the _______________ describes the TCP/IP port number being used to send packets of data through.
a. source port
b. destination port
c. source address
d. destination address
a.
source port
The source port is the TCP/IP port number being used to send packets of data through. Options for setting the source port often include a specific port number, a range of numbers, or Any (port).
What statement accurately describes a best practice for managing a virtual LAN (VLAN)?
a. Configure empty switch ports to connect to a used VLAN.
b. Keep all default VLAN names.
c. Configure the ports on the switch that pass tagged VLAN packets to explici
c.
Configure the ports on the switch that pass tagged VLAN packets to explicitly forward specific tags.
Some general principles for managing VLANs are: (1) Configure empty switch ports to connect to an unused VLAN (2) Change any default VLAN names (3) Con
Which statement represents a best practice for securing router configurations?
a. Allow remote configuration for dynamic installation in case of an emergency.
b. Store the router configuration on a public network for easy access in case of an emergency.
c
d.
Perform changes in the router configuration from the console.
The configuration of the router should be performed from the console and not a remote location. This configuration can then be stored on a secure network drive as a backup and not on a lapto
Which statement accurately describes an access control list characteristic?
a. Access control lists are efficient.
b. Access control lists are simple to manage in an enterprise setting.
c. The structure behind an access control list table can be complex.
c.
The structure behind an access control list table can be complex.
Although access control lists (ACLs) can be associated with any type of object, these lists are most often viewed in relation to files maintained by the operating system. ACLs have limit
Ports can be secured through disabling unused interfaces, using _______________, and through IEEE 802.1x.
a. media access control (MAC) limiting and filtering
b. virtual private network (VPN) tunneling
c. packet sniffers
d. virtual local area networks (VL
a.
media access control (MAC) limiting and filtering
Ports can be secured through disabling unused interfaces, using MAC limiting and filtering, and through IEEE 802.1x.
The IEEE 802.1x standard provides the highest degree of port security by implementing port-based _______________.
a. encryption
b. authentication
c. auditing
d. integrity
b.
authentication
The IEEE 802.1x standard provides the highest degree of port security by implementing port-based authentication.
A _______________ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a denial of service (DoS) attack.
a. flood guard
b. virtual local area network (VLAN)
c. network intrusion detection system (NIDS)
d. vi
a.
flood guard
One defense against DoS and DDoS SYN flood attacks is to use a flood guard. A flood guard is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack.
_______________ can be prevented with loop protection.
a. IP address spoofing
b. Man-in-the-middle attacks
c. Denial of service (DoS) attacks
d. Broadcast storms
d.
Broadcast storms
Broadcast storms can be prevented with loop protection, which uses the IEEE 802.1d standard spanning-tree algorithm (STA).
Loop protection uses the _______________ standard spanning-tree algorithm (STA).
a. IEEE 801.2d
b. IEEE 802.3
c. IEEE 802.11n
d. IEEE 802.1d
d.
IEEE 802.1d
Broadcast storms can be prevented with loop protection, which uses the IEEE 802.1d standard spanning-tree algorithm (STA).
_______________ in access control means that if a condition is not explicitly met, the request for access is rejected.
a. Static allow
b. Explicit allow
c. Implicit deny
d. Dynamic deny
c.
Implicit deny
Implicit deny in access control means that if a condition is not explicitly met, the request for access is rejected. (Implicit means that something is implied or indicated but not actually expressed.)
One way to provide network separation is to physically separate users by connecting them to different _______________.
a. switches and routers
b. hubs
c. mirrored ports
d. operating systems
a.
switches and routers
One way to provide network separation is to physically separate users by connecting them to different switches and routers. This prevents bridging and even prevents a reconfigured device from allowing that connection to occur.
A security _______________ log can provide details regarding requests for specific files on a system.
a. event
b. administration
c. audit
d. access
d.
access
A security access log can provide details regarding requests for specific files on a system while an audit log is used to record which user performed an action and what that action was. System event logs document any unsuccessful events and the
What item is considered to be the biggest obstacle to log management?
a. Offsite storage accessibility
b. Very large volume of data
c. Multiple devices generating logs
d. Different log formats
d.
Different log formats
Perhaps the biggest obstacle to log management is that different devices record log information in different formats and even with different data captured. Combining multiple logs, each with a different format, can be a major chal
An integrated device that combines several security functions is called a(n) _______________ security product.
a. demilitarized zone (DMZ)
b. unified threat management (UTM)
c. virtual private network (VPN)
d. application-aware IPS
b.
unified threat management (UTM)
An integrated device that combines several security functions, called a Unified Threat Management (UTM) security product.
A _______________ functions as a separate network that rests outside the secure network perimeter.
a. gateway
b. segment
c. virtual private network (VPN)
d. demilitarized zone (DMZ)
d.
demilitarized zone (DMZ)
In order to allow untrusted outside users access to resources such as web servers, most networks employ a demilitarized zone (DMZ). The DMZ functions as a separate network that rests outside the secure network perimeter: untrus
Allowing an IP address to be split anywhere within its 32 bits is known as _______________.
a. splitting
b. spanning
c. subnetting
d. IP spraying
c.
subnetting
Allowing an IP address to be split anywhere within its 32 bits. This is known as subnetting or subnet addressing.
With subnetting, rather than simply having networks and hosts, networks can effectively be divided into three parts: _______________.
a. network, subnet, and port
b. port, subnet, and IP address
c. network, port, and host
d. network, subnet, and host
d.
network, subnet, and host
Improved addressing techniques introduced in 1985 allowed an IP address to be split anywhere within its 32 bits. This is known as subnetting or subnet addressing. Instead of just having networks and hosts, with subnetting, net
Networks are usually segmented by using _______________ to divide the network into a hierarchy.
a. hubs
b. routers
c. switches
d. proxies
c.
switches
Networks are usually segmented by using switches to divide the network into a hierarchy.
_______________ switches reside at the top of the hierarchy and carry traffic between switches, while _______________ switches are connected directly to the devices on the network.
a. Workgroup; core
b. Core; workgroup
c. Public; private
d. Private; publi
b.
Core; workgroup
Core switches reside at the top of the hierarchy and carry traffic between switches, while workgroup switches are connected directly to the devices on the network.
Segmenting a network by separating devices into logical groups is known as creating a _______________.
a. cloud
b. virtual LAN (VLAN)
c. flood guard
d. unified threat management (UTM) system
b.
virtual LAN (VLAN)
Segmenting a network by separating devices into logical groups is known as creating a virtual LAN (VLAN).
Which term describes a technique that allows private IP addresses to be used on the public Internet?
a. Network address translation (NAT)
b. Port address translation (PAT)
c. Network access control (NAC)
d. Loop protection
a.
Network address translation (NAT)
Network address translation (NAT) is a technique that allows private IP addresses to be used on the public Internet.
By using _______________, instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number.
a. port address translation (PAT)
b. network access control (NAC)
c. network address transla
a.
port address translation (PAT)
A variation of NAT is port address translation (PAT). Instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number. This allows a single public IP
_______________ refers to any combination of hardware and software that enables remote users to access a local internal network.
a. Virtual LAN (VLAN) management
b. Cloud computing
c. Unified threat management (UTM)
d. Remote access
d.
Remote access
Remote access refers to any combination of hardware and software that enables remote users to access a local internal network.
Which term describes the concept of using a data based IP network to add digital voice clients and new voice applications onto the IP network?
a. IP telephony
b. Virtualization
c. Loop protection
d. Captive portals
a.
IP telephony
Using Internet Protocol (IP), various services such as voice, video, and data can be combined (multiplexed) and transported under a universal format. IP telephony is using a data based IP network to add digital voice clients and new voice
Which statement accurately describes IP telephony?
a. IP telephony requires an increase in infrastructure requirements.
b. IP telephony convergence provides the functionality of managing and supporting a single network for all applications.
c. New IP tele
b.
IP telephony convergence provides the functionality of managing and supporting a single network for all applications.
Instead of managing separate voice and data networks, convergence provides the functionality of managing and supporting a single netwo
The goal of _______________ is to prevent computers with suboptimal security from potentially infecting other computers through the network.
a. network access control (NAC)
b. virtualization
c. captive portals
d. port security
a.
network access control (NAC)
The goal of NAC is to prevent computers with suboptimal security from potentially infecting other computers through the network.
Which term describes a means of managing and presenting computer resources by function without regard to their physical layout or location?
a. Port mirroring
b. Virtualization
c. Cloud computing
d. Virtual LAN (VLAN) management
b.
Virtualization
Virtualization is a means of managing and presenting computer resources by function without regard to their physical layout or location.
In _______________ virtualization, an entire operating system environment is simulated.
a. host
b. network
c. application
d. cloud
a.
host
One type of virtualization in which an entire operating system environment is simulated is known as host virtualization. Instead of using a physical computer, a virtual machine, which is a simulated software-based emulation of a computer, is creat
Which term refers to the expansion and contraction of random access memory (RAM) or hard drive space as needed?
a. On-demand computing
b. Host computing
c. Host availability
d. Host elasticity
d.
Host elasticity
Virtualization has several advantages. First, new virtual server machines can be quickly made available (host availability), and resources such as the amount of Random Access Memory (RAM) or hard drive space can easily be expanded or co
Which term refers to a pay-per-use computing model in which customers pay only for the online computing resources they need?
a. Host computing
b. Cloud computing
c. Patch computing
d. Server computing
b.
Cloud computing
Cloud computing, which is a pay-per-use computing model in which customers pay only for the online computing resources they need, has emerged as a revolutionary concept that can dramatically impact all areas of IT, including network des
Which cloud computing service model allows the consumer to install and run their own specialized applications on the cloud computing network without requiring the consumer to manage or configure any of the underlying cloud infrastructure?
a. Application a
d.
Platform as a Service (PaaS)
Unlike Software as a Service (SaaS), in which the application software belonging to the cloud computing vendor is used, in Platform as a Service (PaaS), consumers can install and run their own specialized applications on th
In the _______________ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure.
a. Infrastructure as a Service (IaaS)
b. Application as a Service (AaaS)
c. Software as a Service (SaaS)
d. P
c.
Software as a Service (SaaS)
In the Software as a Service (SaaS) model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. These applications, which can be accessed through a web browser,
Which cloud computing service model provides the customer the highest level of control?
a. Application as a Service (AaaS)
b. Software as a Service (SaaS)
c. Platform as a Service (PaaS)
d. Infrastructure as a Service (IaaS)
d.
Infrastructure as a Service (IaaS)
In the Infrastructure as a Service (IaaS) model, the customer has the highest level of control. The cloud computing vendor allows customers to deploy and run their own software, including operating systems and applica
A _______________ cloud offers the highest level of security and control.
a. public
b. community
c. private
d. hybrid
c.
private
A private cloud is created and maintained on a private network. Although this type offers the highest level of security and control (because the company must purchase and maintain all the software and hardware), it also reduces any cost savings
A _______________ cloud is one in which the services and infrastructure are offered to all users with access provided remotely through the Internet.
a. private
b. public
c. hybrid
d. community
b.
public
A public cloud is one in which the services and infrastructure are offered to all users with access provided remotely through the Internet.
A _______________ cloud is a combination of public and private clouds.
a. community
b. hybrid
c. mixed
d. connected
b.
hybrid
A hybrid cloud is a combination of public and private clouds.
A _______________ cloud is a cloud that is open only to specific organizations that have common concerns.
a. community
b. public
c. hybrid
d. private
a.
community
A community cloud is a cloud that is open only to specific organizations that have common concerns.
Another name for layered security is _______________.
a. network separation
b. VPN tunneling
c. Unified threat management (UTM)
d. defense in depth
d.
defense in depth
A basic level of security can be achieved through using the security features found in standard network hardware. And because networks typically contain multiple types of network hardware, this allows for layered security, also called
_______________ is a protocol suite for securing Internet Protocol (IP) communications.
a. Internet Small Computer System Interface (iSCSI)
b. Internet Control Message Protocol (ICMP)
c. Internet Protocol Security (IPsec)
d. Hypertext Transport Protocol S
c.
Internet Protocol Security (IPsec)
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications.
What two encryption modes are supported by Internet Protocol Security (IPsec)?
a. Electronic code book (ECB) and cipher block chaining (CBC)
b. Kerberos and Secure Shell (SSH)
c. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
d. Transport a
d.
Transport and tunnel
IPsec supports two encryption modes: transport and tunnel.
Which protocol is used to manage network equipment and is supported by most network equipment manufacturers?
a. Simple Network Management Protocol (SNMP)
b. Internet Control Message Protocol (ICMP)
c. Secure Copy Protocol (SCP)
d. Transmission Control Pro
a.
Simple Network Management Protocol (SNMP)
The Simple Network Management Protocol (SNMP) is a popular protocol used to manage network equipment and is supported by most network equipment manufacturers.
_______________ is an encrypted alternative to the Telnet protocol that is used to access remote computers.
a. Internet Control Message Protocol (ICMP)
b. Internet Small Computer System Interface (iSCSI)
c. Secure Shell (SSH)
d. Secure Network Management
c.
Secure Shell (SSH)
Secure Shell (SSH) is an encrypted alternative to the Telnet protocol that is used to access remote computers.
Which protocol is a TCP/IP protocol that resolves (maps) a symbolic name (www.cengage.com) with its corresponding IP address (69.32.133.11)?
a. Internet protocol (IP)
b. Internet Control Message Protocol (ICMP)
c. Domain Name System (DNS)
d. Hypertext Tra
c.
Domain Name System (DNS)
The Domain Name System (DNS) is a TCP/IP protocol that resolves (maps) a symbolic name (www.cengage.com) with its corresponding IP address (69.32.133.11).
A newer secure version of DNS known as _______________ allows DNS information to be digitally signed so that an attacker cannot forge DNS information.
a. Domain Name System Security (DNSS)
b. Advanced Domain Name System (ADNS)
c. Domain Name System2 (DNS2
d.
Domain Name System Security Extensions (DNSSEC)
A newer secure version of DNS known as Domain Name System Security Extensions (DNSSEC) allows DNS information to be digitally signed so that an attacker cannot forge DNS information.
_______________ is a cryptographic transport algorithm.
a. Secure Shell (SSH)
b. Data Encryption Standard (DES)
c. Advanced Encryption Standard (AES)
d. Transport Layer Security (TLS)
d.
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a cryptographic transport algorithm.
Which common cryptographic transport algorithm was developed by Netscape in 1994 in response to the growing concern over Internet security?
a. Hypertext Transport Protocol Secure (HTTPS)
b. Secure Shell (SSH)
c. Secure Sockets Layer (SSL)
d. Transport Lay
c.
Secure Sockets Layer (SSL)
One of the most common cryptographic transport algorithms is Secure Sockets Layer (SSL). This protocol was developed by Netscape in 1994 in response to the growing concern over Internet security.
What is the most common protocol used today for both local area networks (LANs) and the Internet?
a. Transmission Control Protocol/Internet Protocol (TCP/IP)
b. Secure Sockets Layer (SSL)
c. Hypertext Transport Protocol Secure (HTTPS)
d. Domain Name Syste
a.
Transmission Control Protocol/Internet Protocol (TCP/IP)
Computer networks also have protocols, or rules for communication. These protocols are essential for proper communication to take place between network devices. The most common protocol used toda
TCP/IP uses its own four-layer architecture that includes _______________ layers.
a. Network Interface, Internet, Transport, and Application
b. Network Interface, Network, Transport, and Application
c. Network Interface, Internet, Transport, and Authentic
a.
Network Interface, Internet, Transport, and Application
TCP/IP uses its own four-layer architecture that includes Network Interface, Internet, Transport, and Application layers.
Which statement accurately describes a characteristic of FTP Secure (FTPS)?
a. FTPS is an entire protocol itself.
b. FTPS is a combination of two technologies (FTP and SSL or TLS).
c. FTPS uses a single TCP port.
d. FTPS encrypts and compresses all data a
b.
FTPS is a combination of two technologies (FTP and SSL or TLS).
There are several differences between SFTP and FTPS. First, FTPS is a combination of two technologies (FTP and SSL or TLS), whereas SFTP is an entire protocol itself and is not pieced toge
A weakness of FTPS is that although the control port commands are encrypted, the data port (_______________) may or may not be encrypted.
a. port 20
b. port 21
c. port 25
d. port 80
a.
port 20
A weakness of FTPS is that although the control port commands are encrypted, the data port (port 20) may or may not be encrypted.
Which protocol uses TLS and SSL to secure Hypertext Transport Protocol (HTTP) communications between a browser and a web server?
a. FTP Secure (FTPS)
b. Secure Shell (SSH)
c. Hypertext Transport Protocol Secure (HTTPS)
d. Internet Protocol Security (IPsec
c.
Hypertext Transport Protocol Secure (HTTPS)
One common use of TLS and SSL is to secure Hypertext Transport Protocol (HTTP) communications between a browser and a web server. This secure version is actually "plain" HTTP sent over SSL or TLS and is calle
Which protocol is used for file transfers?
a. Internet Small Computer System Interface (iSCSI)
b. Network Basic Input/Output System (NetBIOS)
c. Secure Network Management Protocol (SNMP)
d. Secure Copy Protocol (SCP)
d.
Secure Copy Protocol (SCP)
Secure Copy Protocol (SCP) is used for file transfers. SCP is an enhanced version of Remote Copy Protocol (RCP). SCP encrypts files and commands.
Which statement describes a limitation of Secure Copy Protocol (SCP)?
a. SCP can only operate in the Windows environment.
b. SCP cannot encrypt commands.
c. SCP is being replaced by Remote Copy Protocol (RCP).
d. A file transfer cannot be interrupted and
d.
A file transfer cannot be interrupted and then resumed in the same session.
Secure Copy Protocol (SCP) encrypts files and commands, yet has limitations. For example, a file transfer cannot be interrupted and then resumed in the same session; the sessio
Communications between different IP devices on a network is handled by one of the core protocols of TCP/IP, namely, _______________.
a. Internet Control Message Protocol (ICMP)
b. Network Basic Input/Output System (NetBIOS)
c. Telnet
d. Simple Network Man
a.
Internet Control Message Protocol (ICMP)
Different IP devices on a network often need to share between them specific information. However, IP does not have the capability for devices to exchange these low-level control messages. The communications betw
In a(n) _______________ attack, an Internet Control Message Protocol (ICMP) redirect packet is sent to the victim that asks the host to send its packets to another "router," which is actually a malicious device.
a. network discovery
b. smurf
c. ICMP redir
c.
ICMP redirect
In an Internet Control Message Protocol (ICMP) redirect attack, an ICMP redirect packet is sent to the victim that asks the host to send its packets to another "router," which is actually a malicious device.
In a(n) _______________ attack, a malformed ICMP ping that exceeds the size of an IP packet is sent to the victim's computer potentially causing the host to crash.
a. network discovery
b. smurf
c. ICMP redirect
d. ping of death
d.
ping of death
In a ping of death attack, a malformed ICMP ping that exceeds the size of an IP packet is sent to the victim's computer. This can cause the host to crash.
An Internet Protocol version 4 (IPv4) address is _______________ in length.
a. 64 bits
b. 64 bytes
c. 32 bytes
d. 32 bits
d.
32 bits
An Internet Protocol version 4 (IPv4) address is 32 bits in length, providing about 4.3 billion possible IP address combinations. This no longer is sufficient for the number of devices that are being connected to the Internet.
An Internet Protocol version 6 (IPv6) address is _______________ in length.
a. 128 bits
b. 64 bytes
c. 32 bytes
d. 32 bits
a.
128 bits
IPv6 expands the length of source and destination IP addresses from IPv4's 32 bits to 128 bits.
_______________ is an IP-based storage networking standard for linking data storage facilities.
a. Internet Small Computer System Interface (iSCSI)
b. Internet Control Message Protocol (ICMP)
c. Simple Network Management Protocol (SNMP)
d. Network Basic I
a.
Internet Small Computer System Interface (iSCSI)
iSCSI (Internet Small Computer System Interface) is an IP-based storage networking standard for linking data storage facilities. Because it works over a standard IP network, iSCSI can transmit data over
Fiber channel (FC) is a high-speed storage network protocol that can transmit up to _______________ per second.
a. 16 bits
b. 16 megabits
c. 16 gigabits
d. 16 terabits
c.
16 gigabits
Fibre Channel (FC) is a high-speed storage network protocol that can transmit up to 16 gigabits per second.
Fibre Channel over Ethernet (FCoE) encapsulates Fibre Channel _______________ over Ethernet networks.
a. headers
b. addresses
c. frames
d. packets
c.
frames
A variation of FC is Fibre Channel over Ethernet (FCoE) that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use fast Ethernet networks while preserving the Fibre Channel protocol.
Transferring files can be performed using the File Transfer Protocol (FTP), which is a(n) _______________ TCP/IP protocol.
a. unsecure
b. secure
c. open
d. closed
a.
unsecure
Transferring files can be performed using the File Transfer Protocol (FTP), which is an unsecure TCP/IP protocol. FTP is used to connect to an FTP server, much in the same way that HTTP links to a web server.
Which statement accurately describes Secure FTP (SFTP)?
a. SFTP is a combination of two technologies (FTP and SSL or TLS).
b. SFTP uses two ports.
c. SFTP is an entire protocol itself.
d. SFTP encrypts and compresses only data, not commands.
c.
SFTP is an entire protocol itself.
There are several differences between Secure FTP (SFTP) and FTP Secure (FTPS). First, FTPS is a combination of two technologies (FTP and SSL or TLS), whereas SFTP is an entire protocol itself and is not pieced togethe
Which protocol is often used for the automated transfer of configuration files between devices?
a. Hypertext Transfer Protocol (HTTP)
b. Secure Copy Protocol (SCP)
c. Trivial File Transfer Protocol (TFTP)
d. Secure FTP (SFTP)
c.
Trivial File Transfer Protocol (TFTP)
A "light" version of File Transfer Protocol (FTP) known as Trivial File Transfer Protocol (TFTP) uses a small amount of memory but has limited functionality. It is often used for the automated transfer of configura
Which term describes both an older TCP/IP protocol for text-based communication and a terminal emulation program?
a. Telnet
b. File Transfer Protocol (FTP)
c. Network Basic Input/Output System (NetBIOS)
d. Secure Network Management Protocol (SNMP)
a.
Telnet
Telnet is an older TCP/IP protocol for text-based communication. In addition, Telnet is also an application. This application is a terminal emulation program that runs on a local computer that connects to a server on the network. Commands can be
Which protocol is the standard protocol for Internet usage?
a. Internet Control Message Protocol (ICMP)
b. Hypertext Transport Protocol (HTTP)
c. Network Basic Input/Output System (NetBIOS)
d. Secure Network Management Protocol (SNMP)
b.
Hypertext Transport Protocol (HTTP)
Hypertext Transport Protocol (HTTP), which is the standard protocol for Internet usage.
NetBIOS (Network Basic Input/Output System) is a transport protocol used by _______________ systems to allow applications on separate computers to communicate over a LAN.
Microsoft Windows*
NetBIOS (Network Basic Input/Output System) is a transport protocol used by Microsoft Windows systems to allow applications on separate computers to communicate over a LAN.
Which port does the File Transfer Protocol (FTP) use for commands?
a. 20
b. 21
c. 22
d. 25
b.
21
The File Transfer Protocol (FTP) uses port 21 for commands.
Which port does the Secure Shell (SSH) protocol use?
a. 21
b. 22
c. 139
d. 443
b.
22
The Secure Shell (SSH) protocol uses port 22.
Which port does the Simple Mail Transfer Protocol (SMTP) use?
a. 25
b. 53
c. 110
d. 143
a.
25
The Simple Mail Transfer Protocol (SMTP) uses port 25.
Which port does the Domain Name System (DNS) protocol use?
a. 25
b. 53
c. 80
d. 443
b.
53
The Domain Name System (DNS) protocol uses port 53.
Which port does the Hypertext Transfer Protocol (HTTP) use?
a. 20
b. 21
c. 80
d. 443
c.
80
The Hypertext Transfer Protocol (HTTP) uses port 80.
Which port does the Post Office Protocol v3 (POP3) use?
a. 22
b. 25
c. 80
d. 110
d.
110
The Post Office Protocol v3 (POP3) uses port 110.
Which port does NetBIOS use?
a. 80
b. 139
c. 143
d. 443
b.
139
NetBIOS uses port 139.
Which port does the Internet Message Access Protocol (IMAP) use?
a. 25
b. 143
c. 443
d. 3389
b.
143
The Internet Message Access Protocol (IMAP) uses port 143.
Which port does the Hypertext Transfer Protocol Secure (HTTPS) use?
a. 53
b. 143
c. 443
d. 3389
c.
443
The Hypertext Transfer Protocol Secure (HTTPS) uses port 443.
Which port does the Microsoft Terminal Server use?
a. 53
b. 143
c. 443
d. 3389
d.
3389
The Microsoft Terminal Server uses port 3389.
TCP/IP uses its own _______________ architecture that corresponds generally to the OSI reference model.
a. two-layer
b. three-layer
c. four-layer
d. seven-layer
c.
four-layer
TCP/IP uses its own four-layer architecture that includes Network Interface, Internet, Transport, and Application layers. This corresponds generally to the OSI reference model.
There are two modes for Wi-Fi Protected Access (WPA): _______________.
a. WPA Personal and WPA Enterprise
b. WPA Private and WPA Public
c. WPA Open and WPA Closed
d. WPA Shortwave and WPA Longwave
a.
WPA Personal and WPA Enterprise
There are two modes of WPA. WPA Personal was designed for individuals or small office/home office (SOHO) settings, which typically have 10 or fewer employees. A more robust WPA Enterprise was intended for larger enterpri
What are the two major security areas of WLANs addressed by WPA2?
a. Access and integrity
b. Encryption and authentication
c. Encryption and access
d. Authentication and access
b.
Encryption and authentication
WPA2 addresses the two major security areas of WLANs, namely, encryption and authentication.
_______________ is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information.
a. PSK2-mixed mode
b. Temporal Key Integrity Protocol (TKIP)
c. Wired Equivalent Privacy (WEP)
d. Extensible Aut
c.
Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP) is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information.
_______________ was created as a more secure alternative than the weak Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP).
a. Temporal Key Integrity Protocol (TKIP)
b. Advanced Encryption Standard (AES)
c. Protec
d.
Extensible Authentication Protocol (EAP)
A framework for transporting the authentication protocols is known as the Extensible Authentication Protocol (EAP). EAP was created as a more secure alternative than the weak Challenge Handshake Authentication P
_______________ is designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords.
a. Protected EAP (PEAP)
b. Lightweight EAP (LEAP)
c. Temporal Key Integrity Protocol (TKIP)
d. PSK2-mixed mode
a.
Protected EAP (PEAP)
Protected EAP (PEAP) is designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords. PEAP is considered a more flexible PEAP scheme because it creates an encrypted channel between the client and th
_______________ is a proprietary EAP method developed by Cisco Systems and is based on the Microsoft implementation of Challenge Handshake Authentication Protocol (CHAP).
a. Lightweight EAP (LEAP)
b. Advanced Encryption Standard (AES)
c. Protected EAP (PE
a.
Lightweight EAP (LEAP)
Lightweight EAP (LEAP) is a proprietary EAP method developed by Cisco Systems and is based on the Microsoft implementation of CHAP. It requires mutual authentication used for WLAN encryption using Cisco client software (there is
What is the most common type of wireless access control?
a. Electronic Access Control (EAC)
b. Media Access Control (MAC) address filtering
c. Extensible Authentication Protocol-Transport Layer Security (EAP/TLS)
d. Port Based Access Control (PBAC)
b.
Media Access Control (MAC) address filtering
The most common type of wireless access control is Media Access Control (MAC) address filtering. The MAC address is a hardware address that uniquely identifies each node of a network.
Which statement accurately describes a weakness in disabling SSID broadcasts?
a. Turning off the SSID broadcast may allow users to freely roam from one AP coverage area to another.
b. For most hardware routers, the effect is temporary and the disabling ac
d.
Attackers with protocol analyzers can still detect the SSID.
The SSID can be easily discovered even when it is not contained in beacon frames because it is transmitted in other management frames sent by the AP. Attackers with protocol analyzers can sti
The heart and soul of WPA is a newer encryption technology called _______________.
a. Temporal Key Integrity Protocol (TKIP)
b. Advanced Encryption Standard (AES)
c. Triple DES
d. Counter Mode with Cipher Block Chaining Message Authentication Code Protoco
a.
Temporal Key Integrity Protocol (TKIP)
The heart and soul of WPA is a newer encryption technology called Temporal Key Integrity Protocol (TKIP). TKIP functions as a "wrapper" around WEP by adding an additional layer of security but still preserving WEP
The encryption protocol used for WPA2 is the _______________.
a. Triple DES
b. Advanced Encryption Standard (AES)
c. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
d. Temporal Key Integrity Protocol (TKIP)
c.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
The encryption protocol used for WPA2 is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and specifies the use of CCM (a general
Why do experts recommend that access points (APs) be mounted as high as possible?
a. Antennas must hang upside down for best performance.
b. The radio frequency (RF) signal may experience fewer obstructions.
c. The air is "heavier" as it rises, providing
b.
The radio frequency (RF) signal may experience fewer obstructions.
Generally the AP can be secured to the ceiling or high on a wall. It is recommended that APs be mounted as high as possible for two reasons: there may be fewer obstructions for the RF s
What is the advantage of using an access point's (AP's) power level control?
a. The power can be adjusted to "jam" frequencies of sniffers used by potential hackers.
b. The power can be adjusted to provide a cleaner signal with less interference.
c. The p
d.
The power can be adjusted so that less of the signal leaves the premises and reaches outsiders.
A security feature on some APs is the ability to adjust the level of power at which the WLAN transmits. On devices with that feature, the power can be adjus
A(n) _______________ access point (AP) uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.
a. captive portal
b. ope
a.
captive portal
A captive portal AP uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.
All wireless network interface card (NIC) adapters have _______________ antennas.
a. external
b. peripheral
c. embedded
d. focused
c.
embedded
Although all wireless network interface card (NIC) adapters have embedded antennas, attaching an external antenna will significantly increase the ability to detect a wireless signal.
A(n) _______________ is an in-depth examination and analysis of a wireless LAN site.
a. network log
b. site survey
c. captive portal
d. threat vector
b.
site survey
Ensuring that a wireless LAN can provide its intended functionality and meet its required design goals can best be achieved through a site survey. A site survey is an in-depth examination and analysis of a wireless LAN site.
A(n) _______________ VPN, often used on mobile devices like laptops in which the VPN endpoint is actually software running on the device itself, offers the most flexibility in how network traffic is managed.
a. closed
b. open
c. hardware-based
d. software
d.
software-based
Software-based VPNs, often used on mobile devices like laptops in which the VPN endpoint is actually software running on the device itself, offer the most flexibility in how network traffic is managed.
Risk _______________ involves identifying the risk, but making a decision to not engage in the activity.
a. deterrence
b. mitigation
c. acceptance
d. avoidance
d.
avoidance
Risk avoidance involves identifying the risk but making the decision to not engage in the activity.
Risk _______________ simply means that the risk is acknowledged but that no steps are taken to address it.
a. deterrence
b. mitigation
c. acceptance
d. avoidance
c.
acceptance
Acceptance simply means that the risk is acknowledged but no steps are taken to address it.
Risk _______________ is the attempt to address risks by making risk less serious.
a. deterrence
b. mitigation
c. acceptance
d. avoidance
b.
mitigation
Risk mitigation is the attempt to address the risks by making risk less serious.
Risk _______________ involves understanding something about the attacker and then informing him of the harm that may come his way if he attacks an asset.
a. deterrence
b. mitigation
c. transference
d. avoidance
a.
deterrence
Risk deterrence involves understanding something about the attacker and then informing him of the harm that may come his way if he attacks an asset.
The term risk _______________ refers to the act of shifting risk to a third party.
a. deterrence
b. mitigation
c. transference
d. avoidance
c.
transference
Risk transference is the act of transferring the risk to a third party.
Which statement concerning virtualized environments is correct?
a. Existing security tools, such as antivirus, antispam, and IDS, are designed for single physical servers and do not always adapt well to multiple virtual machines.
b. All hypervisors have t
a.
Existing security tools, such as antivirus, antispam, and IDS, are designed for single physical servers and do not always adapt well to multiple virtual machines.
Existing security tools, such as antivirus, antispam, and IDS, were designed for single p
With _______________, the customer's data should be properly isolated from that of other customers, and the highest level of application availability and security must be maintained.
a. virtualization
b. IP telephony
c. Sandboxing
d. cloud computing
d.
cloud computing
In cloud computing, the customer's data must be properly isolated from that of other customers, and the highest level of application availability and security must be maintained.
One of the best practices for access control is _______________, which requires that if the fraudulent application of a process might potentially result in a breach of security, the process should be divided between two or more individuals.
a. job rotatio
c.
separation of duties
Separation of duties requires that if the fraudulent application of a process could potentially result in a breach of security, the process should be divided between two or more individuals.
An advantage of _______________ is that it helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someone else may have overlooked.
a. job rotation
b.
a.
job rotation
An advantage of job rotation is that it helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someone else may have overlooked.
_______________ limits the amount of time that individuals have to manipulate security configurations.
a. Job rotation
b. Mandatory vacation
c. Separation of duties
d. Least privilege
a.
Job rotation
Job rotation limits the amount of time that individuals are in a position to manipulate security configurations.
Limiting access to rooms in a building is a model of the information technology security principle of _______________.
a. job rotation
b. mandatory vacations
c. separation of duties
d. least privilege
d.
least privilege
Limiting access to rooms in a building is a model of the information technology security principle of least privilege.
In many fraud schemes, the perpetrator must be present every day in order to continue the fraud or keep it from being exposed. Many organizations require _______________ for all employees to counteract this.
a. job rotation
b. mandatory vacations
c. separ
b.
mandatory vacations
In many fraud schemes, the perpetrator must be present every day in order to continue the fraud or keep it from being exposed. Many organizations require mandatory vacations for all employees to counteract this.
In redundancy and fault tolerance, the term _______________ describes the average amount of time that it will take a device to recover from a failure that is not a terminal failure.
a. mean time to recovery
b. failure In Time
c. mean time between failures
a.
mean time to recovery
Mean time to recovery (MTTR) is the average amount of time that it will take a device to recover from a failure that is not a terminal failure.
The term _______________ refers to the average (mean) amount of time until a component fails, cannot be repaired, and must be replaced.
a. mean time to recovery
b. failure in time
c. mean time between failures
d. mean time to failure
c.
mean time between failures
The term mean time between failures refers to the average (mean) amount of time until a component fails, cannot be repaired, and must be replaced.
The _______________ is the maximum length of time that an organization can tolerate between backups.
a. mean time to failure
b. recovery point objective
c. mean time to recovery
d. recovery time objective
b.
recovery point objective
The recovery point objective (RPO) is the maximum length of time that an organization can tolerate between backups.
The _______________ is the length of time it will take to recover the data that has been backed up.
a. mean time to recovery
b. recovery point objective
c. mean time to failure
d. recovery time objective
d.
recovery time objective
The recovery time objective is the length of time it will take to recover the data that has been backed up.
An event that, in the beginning, is considered to be a risk, yet turns out not to be one, is called a _______________.
a. false negative
b. false positive
c. negative-positive
d. positive-negative
b.
false positive
An event that, in the beginning, is considered to be a risk yet turns out not to be one is called a false positive.
A _______________ is an event that does not appear to be a risk but actually turns out to be one.
a. false positive
b. negative-positive
c. false negative
d. positive-negative
c.
false negative
A false negative is an event that does not appear to be a risk but actually turns out to be one.
Which type of risk control is administrative in nature and includes the laws, regulations, policies, practices, and guidelines that govern overall requirements and controls?
a. Technical
b. System
c. Management
d. Operational
c.
Management
Management risk control types are administrative in their nature and are the laws, regulations, policies, practices, and guidelines that govern the overall requirements and controls.
Which type of risk control involves enforcing technology to control risk, such as antivirus software, firewalls, and encryption?
a. Technical
b. System
c. Management
d. Operational
a.
Technical
Technical risk control types involve enforcing technology to control risk, such as antivirus software, firewalls, and encryption.
Which type of risk control may include using video surveillance systems and barricades to limit access to secure sites?
a. Technical
b. System
c. Management
d. Operational
d.
Operational
Operational risk control types may include using video surveillance systems and barricades to limit access to secure sites.
The _______________ approach to calculating risk uses an "educated guess" based on observation.
a. cumulative
b. qualitative
c. technical
d. quantitative
b.
qualitative
The qualitative approach to calculating risk uses an "educated guess" based on observation.
The _______________ approach to calculating risk attempts to create "hard" numbers associated with the risk of an element in a system by using historical data.
a. cumulative
b. qualitative
c. technical
d. quantitative
d.
quantitative
The quantitative approach to calculating risk attempts to create "hard" numbers associated with the risk of an element in a system by using historical data.
What is the average amount of time expected until the first failure of a piece of equipment?
a. Mean Time to Recovery
b. Failure In Time
c. Mean Time Between Failures
d. Mean Time To Failure
d.
Mean Time To Failure
Mean Time To Failure (MTTF) is the average amount of time expected until the first failure of a piece of equipment.
Historical data can be used to determine the likelihood of a risk occurring within a year. This is known as the _______________.
a. Annualized Loss Expectancy
b. Single Loss Expectancy
c. Multiple Loss Expectancy
d. Annualized Rate of Occurrence
d.
Annualized Rate of Occurrence
Historical data can be used to determine the likelihood of a risk occurring within a year. This is known as the Annualized Rate of Occurrence (ARO).
The _______________ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
a. Single Loss Expectancy
b. Annualized Rate of Occurrence
c. Annualized Loss Expectancy
d. Multiple Loss Expectancy
c.
Annualized Loss Expectancy
The Annualized Loss Expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
Consider a building with a value of $10,000,000 (AV) of which 75 percent of it is likely to be destroyed by a tornado (EF). The SLE is _______________.
a. $7,500
b. $75,000
c. $750,000
d. $7,500,000
d.
$7,500,000
Consider a building with a value of $10,000,000 (AV) of which 75 percent of it is likely to be destroyed by a tornado (EF). The SLE would be calculated as follows: $7,500,000 = $10,000,000 x 0.75
The _______________ is the expected monetary loss every time a risk occurs.
a. Annualized Loss Expectancy
b. Single Loss Expectancy
c. Annualized Rate of Occurrence
d. Multiple Loss Expectancy
b.
Single Loss Expectancy
The Single Loss Expectancy (SLE) is the expected monetary loss every time a risk occurs.
What is a written document that states how an organization plans to protect the company's information technology assets?
a. Privacy notice
b. Acceptable use
c. Security policy
d. Data insurance
c.
Security policy
A security policy is a written document that states how an organization plans to protect the company's information technology assets.
What two key elements must be carefully balanced in an effective security policy?
a. Trust and control
b. Due process and due care
c. Due process and due diligence
d. Privilege and threat
a.
Trust and control
An effective security policy must carefully balance two key elements: trust and control.
A(n) _______________ policy outlines how the organization uses the personal information it collects.
a. acceptable use
b. privacy
c. data acquisition
d. data storage
b.
privacy
A privacy policy outlines how the organization uses personal information it collects.
A(n) _______________ policy is one that defines the actions users may perform while accessing systems and networking equipment.
a. data acquisition
b. privacy
c. data storage
d. acceptable use
d.
acceptable use
An Acceptable Use Policy (AUP) is a policy that defines the actions users may perform while accessing systems and networking equipment.
_______________ business partners refers to the start-up relationship between partners.
a. Enrolling
b. On-boarding
c. Unrolling
d. Off-boarding
b.
On-boarding
On-boarding business partners refers to the start-up relationship between partners
Firewalls provide security through what mechanism?
a. Watching for intrusions
b. Controlling traffic entering and leaving a network
c. Requiring strong passwords
d.
b.
Controlling traffic entering and leaving a network
Firewalls provide protection by controlling traffic entering and leaving a network.
A network-based IDS is not suitable for detecting or protecting against which of the following?
a. Email spoofing
b. Denial-of-service attacks
c. Attacks against the network
d. Attacks against an environment that produces significant traffic
Email spoofing
Network-based IDSs aren't suitable for protecting against email spoofing.
Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?
a. Intranet
b. DMZ
c. Extranet
d. Switch
DMZ
A DMZ provides a network segment where publicly accessible servers can be deployed without compromising the security of the private network.
A switch can be used to prevent broadcast storms between connected systems through the use of what?
a. SSL
b. S/MIME
c. VLANs
d. LDAP
c.
VLANs
Switches can create VLANs. Broadcast storms aren't transmitted between one VLAN and another.
llegal or unauthorized zone transfers are a significant and direct threat to what type of network server?
a. Web
b. DHCP
c. DNS
d. Database
c.
DNS
Illegal or unauthorized zone transfers are a significant and direct threat to DNS servers.
What form of storage or file-transfer technology was originally designed to be operated over an optical network but was adapted to run over a copper network as well?
a. FTP
b. iSCSI
c. SATA
d. Fibre Channel
d.
Fibre Channel
Fibre Channel is a form of network data-storage solution (SAN or NAS) that allows for high-speed file transfers upwards of 16 Gbps. It was designed to be operated over fiber optic cables, but support for copper cables was added later to o
What mechanism of loop protection is based on an element in a protocol header?
a. Spanning Tree Protocol
b. Ports
c. Time to live
d. Distance vector protocols
c.
Time to live
Time to live (TTL) is a value in the IP header used to prevent loops at Layer 3.
A goal of NAC is which of the following?
a. Reduce social engineering threats
b. Map internal private addresses to external public addresses
c. Distribute IP address configurations
d. Reduce zero-day attacks
d.
Reduce zero-day attacks
The goals of Network Access Control (NAC) include preventing/reducing zero-day attacks, enforcing security policy throughout the network, and using identities to perform access control.
What type of wireless antenna can be used to send or receive signals in any direction?
a. Cantenna
b. Yagi
c. Rubber duck
d. Panel
c.
Rubber duck
A rubber duck antenna is an omnidirectional antenna.
What mechanism of wireless security is based on AES?
a. TKIP
b. CCMP
c. LEAP
d. WEP
b.
CCMP
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is based on the AES encryption scheme.
Which of the following risk-assessment formulas represents the total potential loss a company may experience within a single year due to a specific risk to an asset?
a. EF
b. SLE
c. ARO
d. ALE
d.
ALE
The annualized loss expectancy (ALE) represents the total potential loss a company may experience within a single year due to a specific risk to an asset. EF is the percentage of asset value loss that would occur if a risk was realized. SLE is the
Which of the following is more formal than a handshake agreement but not a legal binding contract?
a. SLA
b. BIA
c. DLP
d. MOU
d.
MOU
A memorandum of understanding (MOU) is an expression of agreement or aligned intent, will, or purpose between two entities. An MOU is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentlema
Evidence is inadmissible in court if which of the following is violated or mismanaged?
a. Chain of custody
b. Service-level agreement
c. Privacy policy
d. Change management
a.
Chain of custody
If the chain of custody is violated or mismanaged, evidence is inadmissible in court. Service-level agreements (SLAs), privacy policies, and change management aren't associated with evidence gathering or forensics.
When a user signs a(n) _____, it's a form of consent to the monitoring and auditing processes used by the organization.
a. Acceptable use policy
b. Privacy policy
c. Separation of duties policy
d. Code of ethics policy
a.
Acceptable use policy
When a user signs an acceptable use policy, it's a form of consent to the monitoring and auditing processes used by the organization. A privacy policy usually explains that there is no privacy on company systems. A separation of d
When is business continuity needed?
a. When new software is distributed
b. When business processes are interrupted
c. When a user steals company data
d. When business processes are threatened
d.
When business processes are threatened
Business continuity is used when business processes are threatened. Security policy is used when new software is distributed. Disaster recovery is used when business processes are interrupted. Incident response is
What form of recovery site requires the least amount of downtime before mission-critical business operations can resume?
a. Cold
b. Warm
c. Hot
d. Offsite
d.
Hot
A hot site requires the least amount of downtime before mission-critical business operations can resume, because it is a real-time mirror of the primary site.
An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem?
a. Single point of failure
b. Redundant connections
c. Backup genera
c.
Single point of failure
Having only a single high-speed fiber Internet connection represents the security problem of a single point of failure.
What is the proper humidity level or range for IT environments?
a. Below 40 percent
b. 40 percent to 60 percent
c. Above 60 percent
d. 20 percent to 80 percent
b.
40 percent to 60 percent
The proper humidity level or range for IT environments is 40% RH to 60% RH.
You run a full backup every Monday. You also run a differential backup every other day of the week. You experience a drive failure on Friday. Which of the following restoration procedures should you use to restore data to the replacement drive?
a. Restore
b.
Restore the full backup and then the last differential backup.
The proper procedure is to restore the full backup, and then the last differential backup. The other three options are incorrect or incomplete.
Which of the following is a security control type that is not usually associated with or assigned to a security guard?
a. Preventive
b. Detective
c. Corrective
d. Administrative
d.
Administrative
A security guard is not an administrative control. A security guard can be considered a preventive, detective, and/or corrective control.
What communications technique can a hacker use to identity the product that is running on an open port facing the Internet?
a. Credentialed penetration test
b. Intrusive vulnerability scan
c. Banner grabbing
d. Port scanning
c.
Banner grabbing
Banner grabbing is the communications technique a hacker can use to identify the product that is running on an open port facing the Internet.
A rootkit has been discovered on your mission-critical database server. What is the best step to take to return this system to production?
a. Reconstitute it.
b. Run an antivirus tool.
c. Install an HIDS.
d. Apply vendor patches.
a.
Reconstitute it.
The only real option to return a system to a secure state after a rootkit is reconstitution.
Which of the following is a denial-of-service attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?
a. Land
b. Teardrop
c. Smurf
d. Fraggle
a.
Land
A land DoS attack uses network packets that have been spoofed so that the source and destination address are that of the victim. A teardrop attack uses fragmented IP packets. Smurf and fraggle attacks use spoofed ICMP and UDP packets, respectively
If user awareness is overlooked, what attack is more likely to succeed?
a. Man-in-the-middle
b. Reverse hash matching
c. Physical intrusion
d. Social engineering
d.
Social engineering
Social engineering is more likely to occur if users aren't properly trained to detect and prevent it. The lack of user awareness training won't have as much impact on man-in-the-middle, reverse hash-matching, or physical intrusion at
A pirated movie-sharing service was discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users?
a. Typo squatting
b. Intege
c.
Watering hole attack
A watering hole attack could be used to plant phone-home-to-identity malware on the systems of subsequent visitors.
What type of virus is able to regenerate itself if a single element of its infection is not removed from a compromised system?
a. Polymorphic
b. Armored
c. Retro
d. Phage
d.
Phage
A phage virus is able to regenerate itself from any of its remaining parts.
A security template can be used to perform all but which of the following tasks?
a. Capture the security configuration of a master system
b. Apply security settings to a target system
c. Return a target system to its precompromised state
d. Evaluate compl
c.
Return a target system to its precompromised state
A security template alone cannot return a system to its precompromised state.
What tool is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network?
a. Firewall
b. IDS
c. Router
d. Honeypot
d.
Honeypot
A honeypot is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network.
What is an asset?
a. An item costing more than $10,000
b. Anything used in a work task
c. A threat to the security of an organization
d. An intangible resource
b.
Anything used in a work task
An asset is anything used in a work task.
What is a significant difference between vulnerability scanners and penetration testing?
a. One tests both the infrastructure and personnel.
b. One only tests internal weaknesses.
c. One only tests for configuration errors.
d. One is used to find problems
a.
One tests both the infrastructure and personnel.
The primary difference between vulnerability assessment and penetration testing is that penetration testing tests both the infrastructure and the personnel. Vulnerability assessment is performed by a sec
What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software?
a. Dictionary attacks
b. Fuzzing
c. War dialing
d. Cross-site request forgery
b.
Fuzzing
Fuzzing is a software-testing technique that generates input for targeted programs. The goal of fuzzing is to discover input sets that cause errors, failures, and crashes, or to discover other unknown defects in the targeted program.
Which of the following is not a way to prevent or protect against XSS?
a. Input validation
b. Defensive coding
c. Allowing script input
d. Escaping metacharacters
c.
Allowing script input
A programmer can implement the most effective way to prevent XSS by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input.
What technology provides an organization with the best control over BYOD equipment?
a. Encrypted removable storage
b. Mobile device management
c. Geo-tagging
d. Application whitelisting
b.
Mobile device management
Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, e
When a vendor releases a patch, which of the following is the most important?
a. Installing the patch immediately
b. Setting up automatic patch installation
c. Allowing users to apply patches
d. Testing the patch before implementation
d.
Testing the patch before implementation
It is most important to test patches before installing them onto production systems. Otherwise, business tasks can be interrupted if the patch does not perform as expected. Never rush to install a patch, if that
What is a security risk of an embedded system that is not commonly found in a standard PC?
a. Power loss
b. Access to the Internet
c. Control of a mechanism in the physical world
d. Software flaws
c.
Control of a mechanism in the physical world
Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, Internet acc
The most effective means to reduce the risk of losing the data on a mobile device, such as a notebook computer, is _____.
b.
Minimize sensitive data stored on the mobile device.
The risk of a lost or stolen notebook is the data loss, not the loss of the system itself. Thus, keeping minimal sensitive data on the system is the only way to reduce the risk. Hard-drive encryption
The most commonly overlooked aspect of mobile phone eavesdropping is related to _____.
Overhearing conversations
The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networ
Which of the following is not true in regards to NoSQL?
It is a relational database
NoSQL is not a relational database structure. NoSQL can support SQL expressions, supports hierarchies or multilevel nesting/referencing, and does not support ACID.
In order to ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?
Screen lock the system overnight.
An attack can steal the encryption key from memory, so systems with whole-drive encryption that are only screen-locked are vulnerable. Requiring a boot password, locking the system, and powering down ensure the protection
Which security stance will be most successful at preventing malicious software execution?
Whitelisting
Whitelisting is a security option that prohibits unauthorized software from being able to execute. Whitelisting is also known as deny by default or implicit deny. Blacklisting, also known as deny by exception or allow by default, is the least
What method of access control is best suited for environments with a high rate of employee turnover?
RBAC
Role-based access control (RBAC) is best suited for environments with a high rate of employee turnover because access is defined against static job descriptions rather than transitive user accounts (DAC and ACL) or assigned clearances (MAC).
What mechanism is used to support the exchange of authentication and authorization details between systems, services, and devices?
SAML
SAML is an open standard data format based on XML for the purpose of supporting the exchange of authentication and authorization details between systems, services, and devices. A biometric is an authentication factor, not a means of exchanging authen
Kerberos is used to perform what security service?
Authentication protection
Kerberos is a third-party authentication service; thus it provides authentication protection. Kerberos can't be used to encrypt files, secure non-authentication communications, or protect data transfer.
Which is the strongest form of password?
One-time use
A one-time password is always the strongest form of password. A static password is always the weakest form of password. Passwords with more than eight characters and those that use different types of keyboard characters are usually strong, bu
Which of the following technologies can be used to add an additional layer of protection between a directory services-based network and remote clients?
RADIUS
RADIUS is a centralized authentication solution that adds an additional layer of security between a network and remote clients. SMTP is the email-forwarding protocol used on the Internet and intranets. PGP is a security solution for email. VLANs ar
LDAP operates over what TCP ports?
636 and 389
LDAP operates over TCP ports 636 and 389. POP3 and SMTP operate over TCP ports 110 and 25, respectively. TLS operates over TCP ports 443 and 80 (SSL operates only over TCP port 443; HTTP operates over TCP port 80). FTP operates over TCP ports
In a MAC environment, when a user has clearance for assets but is still unable to access those assets, what other security feature is in force?
Need to know
Need to know is the MAC environment's granular access-control method. The principle of least privilege is the DAC environment's concept of granular access control. Privacy and SLAs aren't forms of access control.
Which of the following is not a benefit of single sign-on?
More granular access control
Single sign-on doesn't address access control and therefore doesn't provide granular or nongranular access control. Single sign-on provides the benefits of the ability to browse multiple systems, fewer credentials to memorize,
Federation is a means to accomplish _____.
Single sign-on
Federation or federated identity is a means of linking a subject's accounts from several sites, services, or entities in a single account. Thus it is a means to accomplish single sign-on. Accountability logging is used to relate digital act
Which of the following is an example of a Type 2 authentication factor?
Something you have, such as a smart card, an ATM card, a token device, or a memory card
A Type 2 authentication factor is something you have. This could be a smart card, an ATM card, a token device, or a memory card.
Which of the following is most directly associated with providing or supporting perfect forward secrecy?
ECDHE
Elliptic Curve Diffie-Hellman Ephemeral or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE) implements perfect forward secrecy through the use of elliptic curve cryptography (ECC). PBKDF2 is an example of a key-stretching technology not directly supp
Which of the following symmetric-encryption algorithms offers the strength of 168-bit keys?
Triple DES
Triple DES (3DES) offers the strength of 168-bit keys. The Data Encryption Standard (DES) offers the strength of 56-bit keys. The Advanced Encryption Standard (AES) offers the strength of 128-, 192-, or 256-bit keys. The International Data Encr
Diffie-Hellman is what type of cryptographic system?
Asymmetric
Diffie-Hellman is an asymmetric cryptographic system. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric cryptography. Message Digest 5 (MD5) and Secure Hash Algorithm version 1 (SHA-1) are e
The security service that protects the secrecy of data, information, or resources is known as what?
Confidentiality
The security service that protects the secrecy of data, information, or resources is known as confidentiality. Integrity protects the reliability and correctness of data. Authentication verifies the identity of the sender or receiver of a
Digital signatures can be created using all but which of the following?
Key escrow
Key escrow isn't used in digital signatures, but it's a fault-tolerance feature of certificate and key management. Asymmetric and symmetric cryptography along with hashing are used in digital signatures.
Certificates have what single purpose?
Proving identity
Certificates have the single purpose of proving identity. They don't prove quality or provide encryption security, and they aren't used to exchange encryption keys.
When a subject or end user requests a certificate, they must provide which of the following items? (Choose all that apply.)
Proof of identity
A public key
Proof of identity and the subject's public key must be provided to the CA when the subject requests a certificate. The private key should never be revealed to anyone, not even the CA. A hardware storage device is used after
From a private corporate perspective, which of the following is most secure?
Centralized key management
Centralized key management is more secure, or at least more desirable, from a private corporate perspective. From a public or individual perspective, decentralized key management is more secure. Individual and distributed key ma
Which of the following is a description of a key-stretching technique?
Adding iterative computations that increase the effort involved in creating the improved result
Often, key stretching involves adding iterative computations that increase the effort involved in creating the improved key result, usually by several orders o
When should a key or certificate be renewed?
Just before it expires
Keys and certificates should be renewed just before they expire. All the other choices are incorrect.