All of the following provide confidentiality protection as part of the underlying protocol EXCEPT:
L2TP
Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data?
Steganography
Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?
TCP/IP hijacking
How should a company test the integrity of its backup data?
By restoring part of the backup
Which of following can BEST be used to determine the topology of a network and discover unknown devices?
Network mapper
When should a technician perform penetration testing?
When the technician has permission from the owner of the network
An administrator has implemented a new SMTP service on a server. A public IP address
translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the servers public IP address is now reported in
SMTP open relaying is enableD
Which of the following is MOST efficient for encrypting large amounts of data?
Symmetric key algorithms
Which of the following is a reason why a company should disable the SSID broadcast of the wireless
access points?
War driving
Which of the following BEST describes ARP?
Discovering the MAC address of a device from the IP address
Which of the following would be BEST to use to apply corporate security settings to a device?
A security template
A small call center business decided to install an email system to facilitate communications in the
office.
As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance
$2,290
Which of the following is the main objective of steganography?
Hide information
Which of the following would allow for secure key exchange over an unsecured network without a pre-shared key?
DH-ECC
Which of the following improves security in a wireless system?
MAC filtering
A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default?
636
On which of the following is a security technician MOST likely to find user names?
Application logs
How many keys are utilized with asymmetric cryptography?
Two
During a risk assessment it is discovered that only one system administrator is assigned several
tasks critical to continuity of operations. It is recommended to cross train other system administrators to perform these tasks and mitigate which of the foll
Single point of failure
Which of the following network filtering devices will rely on signature updates to be effective?
NIDS
Which of the following is a single server that is setup in the DMZ or outer perimeter in order to
distract attackers?
Honeypot
Which of the following encryption algorithms is decrypted in the LEAST amount of time?
AES
An administrator is trying to secure a network from threats originating outside the network. Which
of the following devices provides protection for the DMZ from attacks launched from the Internet?
Firewall
Which of the following is a way to manage operating system updates?
Hotfix management
Which of the following is a list of discrete entries that are known to be benign?
Whitelist
Which of the following increases the collision resistance of a hash?
Salt
A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production
application server, which of the following processes should be fol
Change management
When deploying 50 new workstations on the network, which of following should be completed FIRST?
Apply the baseline configuration.
Which of the following should be implemented to have all workstations and servers isolated in their
own broadcast domains?
VLANs
End users are complaining about receiving a lot of email from online vendors and pharmacies.Which of the following is this an example of?
Spam
Which of the following BEST describes a private key in regards to asymmetric encryption?
The key owner has exclusive access to the private key.
Which of the following logs might reveal the IP address and MAC address of a rogue device within the local network?
DHCP logs
Which of the following is commonly used in a distributed denial of service (DDOS) attack?
Botnet
Which of the following practices is MOST relevant to protecting against operating system security
flaws?
Patch management
Which of the following is a best practice for coding applications in a secure manner?
Input validation
Which of the following technologies can be used as a means to isolate a host OS from some types of security threats?
Virtualization
Which of the following network tools would provide the information on what an attacker is doing to compromise a system?
Honeypot
Assigning proper security permissions to files and folders is the primary method of mitigating which of the following?
Trojan
Which of the following logical access controls would be MOST appropriate to use when creating an account for a temporary worker?
Account expiration
Which of the following may be an indication of a possible system compromise?
A performance monitor indicates a recent and ongoing drop in speed, disk space or memory utilization
An administrator suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which of the following logs would be the BEST place to look for information?
Firewall logs
Which of the following access control methods gives the owner control over providing permissions?
Discretionary Access Control (DAC)
Which of the following access control methods grants permissions based on the users position in the company?
Role-Based Access Control (RBAC)
Which of the following access control methods includes switching work assignments at preset intervals?
Job rotation
Which of the following authentication methods would MOST likely prevent an attacker from being able to successfully deploy a replay attack?
Kerberos
Which of the following would an attacker use to footprint a system?
Port scanner
Which of the following ensures a user cannot deny having sent a message?
Non-repudiation
Which of the following allows an attacker to embed a rootkit into a picture?
Steganography
Which of the following is a publication of inactivated user certificates?
Certificate revocation list
Which of the following is a method of encrypting email?
S/MIME
Which of the following risks would be reduced by implementing screen filters?
Shoulder surfing
Which of the following allows an attacker to hide the presence of malicious code by altering the systems process and registry entries?
Rootkit
Which of the following will propagate itself without any user interaction?
Worm
An administrator wants to setup their network with only one public IP address. Which of the following would allow for this?
NAT
An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?
Honeypot
Which of the following allows a technician to correct a specific issue with a solution that has not been fully tested?
Hotfix
A technician wants to regulate and deny traffic to websites that contain information on hacking.Which of the following would be the BEST solution to deploy?
Internet content filter
Which of the following is the LEAST intrusive way of checking the environment for known software
flaws?
Vulnerability scanner
If a certificate has been compromised, which of the following should be done?
Put the certificate on the CRL.
Which of the following requires an update to the baseline after installing new software on a machine?
Behavior-based HIDS
Which of the following would be the MOST secure choice to implement for authenticating remote connections?
RADIUS
Which of the following is the BEST way to reduce the number of accounts a user must maintain?
SSO
Which of the following can be used as a means for dual-factor authentication?
Iris scan and proximity card
After implementing file auditing, which of the following logs would show unauthorized usage attempts?
Security
Which of the following type of attacks requires an attacker to sniff the network?
Man-in-the-Middle
If a user attempts to go to a website and notices the URL has changed, which of the following attacks is MOST likely the cause?
DNS poisoning
Which of the following attacks can be caused by a user being unaware of their physical surroundings?
Shoulder surfing
Which of the following actions should be performed upon discovering an unauthorized wireless access point attached to a network?
Unplug the Ethernet cable from the wireless access point.
Which of the following redundancy solutions contains hardware systems similar to the affected organization, but does not provide live data?
Warm site
During the implementation of LDAP, which of the following will typically be changed within the organizations software programs?
Authentication credentials
Which of the following would be MOST useful to determine why packets from a computer outside the network are being dropped on the way to a computer inside the network?
Firewall log
Which of the following security policies is BEST to use when trying to mitigate the risks involved with allowing a user to access company email via their cell phone?
The cell phone should require a password after a set period of inactivity.
An administrator has been asked to encrypt credit card data. Which of the following algorithms would be the MOST secure with the least CPU utilization?
AES (Advanced Encryption Standard)
Which of the following algorithms is the LEAST secure?
LANMAN
Which of the following algorithms is MOST closely associated with the signing of email messages?
PGP (Pretty Good Privacy)
An executive uses PKI to encrypt sensitive emails sent to an assistant. In addition to encrypting
the body of the email, the executive wishes to encrypt the signature so that the assistant can verify that the email actually came from the executive. Which
Private
A technician needs to detect staff members that are connecting to an unauthorized website. Which of the following could be used?
Protocol analyzer
An administrator suspects that multiple PCs are infected with a zombie. Which of the following
tools could be used to confirm this?
Antivirus
Which of the following is an example of security personnel that administer access control functions, but do not administer audit functions?
Separation of duties
A malware incident has just been detected within a company. Which of the following should be the administrators FIRST response?
Containment
Taking into account personal safety, which of the following types of fire suppression substances would BEST prevent damage to electronic equipment?
CO2
Which of the following describes the process of securely removing information from media (E. g. hard drive) for future use?
Sanitization
Which of the following principles should be applied when assigning permissions?
Least privilege
Which of the following type of strategies can be applied to allow a user to enter their username and password once in order to authenticate to multiple systems and applications?
Single sign-on
User A is a member of the payroll security group. Each member of the group should have
read/write permissions to a share. User A was trying to update a file but when the user tried to access the file the user was denied. Which of the following would expla
Rights are not set correctly
Which of the following threats is the MOST difficult to detect and hides itself from the operating system?
Rootkit
Which of the following methods is used to perform denial of service (DoS) attacks?
Botnet
Which of the following is an attack that is triggered by a specific event or by a date?
Logic bomb
Which of the following can an attacker use to gather information on a system without having a user ID or password?
Null session
Which of the following is a way to logically separate a network through a switch?
VLAN
Which of the following is a security threat when a new network device is configured for first-time installation?
Use of default passwords
Which of the following is an exploit against a device where only the hardware model and manufacturer are known?
Default passwords
A technician is implementing a new wireless network for an organization. The technician should be concerned with all of the following wireless vulnerabilities EXCEPT:
80211 mode
----------------------------
rogue access points
weak encryption
SSID broadcasts
Which of the following tools will allow the technician to find all open ports on the network?
A. Performance monitor
B. Protocol analyzer
C. Router ACL
D. Network scanner
Answer: D
An organization is installing new servers into their infrastructure. A technician is responsible for making sure that all new servers meet security requirements for uptime. In which of the following is the availability requirements identified?
Service level agreement
After issuance a technician becomes aware that some keys were issued to individuals who are not
authorized to use them. Which of the following should the technician use to correct this problem?
Certificate revocation list
Password crackers are generally used by malicious attackers to:
gain system access.
Which of the following properly describes penetration testing?
Penetration tests are generally used to demonstrate a weakness in a system and then provide documentation on the weakness.
Which of the following should a technician review when a user is moved from one department to another?
User access and rights
Which of the following is a reason to implement security logging on a DNS server?
To monitor unauthorized zone transfers
A technician is rebuilding the infrastructure for an organization. The technician has been tasked
with making sure that the virtualization technology is implemented securely. Which of the following is a concern when implementing virtualization technology?
The technician should verify that the virtual servers and the host have the latest service packs
and patches applied.
A technician is reviewing the logical access control method an organization uses. One of the
senior managers requests that the technician prevent staff members from logging on during nonworking days.
Which of the following should the technician implement
A. Enforce Kerberos
B. Deploy smart cards
C. Time of day restrictions
D. Access control lists
Answer: C
How would a technician implement a security patch in an enterprise environment?
Download the patch from the vendors secure website, test the patch and install it on all workstations.
Which of the following is considered the weakest encryption?
DES (Data Encryption Standard)
Which of the following encryption schemes is the public key infrastructure based on?
Asymmetric
Which of the following BEST describes the term war driving?
Driving from point to point with a laptop and an antenna to find unsecured wireless access
points.
Which of the following statements BEST describes the implicit deny concept?
Blocks everything and only allows explicitly granted permissions
When is the BEST time to update antivirus definitions?
As the definitions become available from the vendor
Why would a technician use a password cracker?
To look for weak passwords on the network
Users on a network report that they are receiving unsolicited emails from an email address that
does not change. Which of the following steps should be taken to stop this from occurring?
Install an anti-spam filter on the domain mail servers and filter the email address.
Which of the following is a true statement with regards to a NIDS?
A NIDS monitors and analyzes network traffic for possible intrusions
Network Intrusion Detection System
A technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which of the following will help determine the amount of CPU cycles that are being consumed?
Run performance monitor to evaluate the CPU usage.
Which of the following are characteristics of a hash function? (Select TWO).
One-way
Fixed length output
Which of the following is the MOST secure alternative for administrative access to a router?
SSH
Which of the following might an attacker resort to in order to recover discarded company documents?
Dumpster diving
Which of the following creates a security buffer zone between two rooms?
Mantrap
Which of the following tools would be used to review network traffic for clear text passwords?
Protocol analyzer
Kerberos uses which of the following trusted entities to issue tickets?
Key Distribution Center
Which of the following specifies a set of consistent requirements for a workstation or server?
Configuration baseline
A companys website allows customers to search for a product and display the current price and
quantity available of each product from the production database. Which of the following would
invalidate an SQL injection attack launched from the lookup field a
Input validation
Which of the following virtual machine components monitors and manages the various virtual instances?
Hypervisor
A smurf attack is an example of which of the following threats?
DoS
Which of the following is the BEST tool for allowing users to go to approved business-related websites only?
Internet content filter
Which of the following is a security trait of a virtual machine?
Provides a restricted environment for executing
An unauthorized user intercepted a users password and used this information to obtain the
companys administrator password. The unauthorized user can use the administrators password to access sensitive information pertaining to client data. Which of the fo
Privilege escalation
Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives.Which of the following mitigation techniques would address this concern? (Select TWO).
Disable the USB root hub within the OS
Disable USB within the workstations BIOS.
An administrator has developed an OS install that will implement the tightest security controls possible.
In order to quickly replicate these controls on all systems, which of the following should be established?
Create an image from the OS install
After registering an email address on a website, a user starts receiving messages from unknown sources. The email account is new, and therefore the user is concerned. This type of message traffic is referred to as:
spam
A technician is testing the security of a new database application with a website front-end. The technician notices that when certain characters are input into the application it will crash the server. Which of the following does the technician need to do
Input validation
An administrator in a small office environment has implemented an IDS on the network perimeter
to detect malicious traffic patterns. The administrator still has a concern about traffic inside the network originating between client workstations. Which of t
HIDS
host-based intrusion detection system
A user is redirected to a different website when the user requests the DNS record www.xyz.comptiA. com. Which of the following is this an example of?
DNS poisoning
A company wants to host public servers on a new network. These servers will include a website
and mail server.Which of the following should be implemented on the network to isolate these public hosts from the rest of the network?
DMZ
A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user w
NAT
An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST
utilize stateful packet inspection?
Firewall
Which of the following is the primary purpose of a honeypot?
To provide a decoy target on the network
An administrator wants to ensure that that no equipment is damaged when there is a fire or false
alarm in the server room. Which of the following type of fire suppression systems should be used?
Carbon Dioxide
Which of the following is a CRL composed of?
Expired or revoked certificates
Which of the following is the primary purpose of a CA?
Issue private/public keys
An administrator wants to replace telnet with a more secure protocol to manage a network device. Which of the following should be implemented on the network?
SSH
A user is attempting to receive digitally signed and encrypted email messages from a remote
office.
Which of the following protocols does the system need to support?
S/MIME
An administrator does not want anyone to VPN from inside the network to a remote office or network.
Which of the following protocols should be blocked outbound on the network?
ISAKMP
An administrator is implementing a public website and they want all client connections to the
server to be encrypted via their web browser.
Which of the following should be implemented?
SSL
Which of the following is MOST likely provided by asymmetric key cryptography?
Confidentiality
All of the following are symmetric key algorithms EXCEPT:
ECC
Which of the following is true about ECC algorithms?
It is implemented in portable devices
Which of the following is a way to encrypt session keys using SSL?
Session keys are encrypted using an asymmetric algorithm.
Which of the following can reduce the risk associated with password guessing attacks? (Select
TWO).
Implement account-lockout thresholds
Implement stronger password complexity policies
Which of the following is a common practice in forensic investigation?
Performing a binary copy of the systems storage media
Which of the following is done to ensure appropriate personnel have access to systems and networks?
(Select TWO).
Conduct periodic personnel employment verifications
Conduct rights review of users and groups.
Antivirus software products detect malware by comparing the characteristics of known instances against which of the following type of file sets?
Signature
Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?
Water
Which of the following is the BEST process of removing PII data from a disk drive before reuse?
Sanitization
When assigning permissions, which of the following concepts should be applied to enable a person to perform their job task?
Least privilege
While conducting a review of the system logs, a user had attempted to log onto the network over 250 times. Which of the following type of attacks is MOST likely occurring?
Brute force
Users do not want to enter credentials to each server or application to conduct their normal work. Which of the following type of strategies will resolve this issue?
SSO
A user was trying to update an open file but when they tried to access the file they were denied. Which of the following would explain why the user could not access the file?
Rights are not set correctly
Accessing a system or application using permissions from another users account is a form of which of the following?
Privilege escalation
Which of the following is an important reason for password protecting the BIOS?
To keep a user from changing the boot order of the system
Which of the following is a software bundle containing multiple security fixes?
Service pack
A company uses a policy of assigning passwords to users, by default the passwords are based off of the word $ervicexx, where xx is the last two numbers of the users cell phone number. The users are not required to change this password. Which of the follow
Weak passwords
Which of the following is an installable package that includes several patches from the same vendor for various applications?
Service pack
Which of the following is a best practice to prevent users from being vulnerable to social engineering?
Provide thorough and frequent user awareness training.
The RAS logs on a server show 100 errors in a two minute time period from an attempt to access an account. The error log shows unknown username or password. Which of the following is this an example of?
An unauthorized attempt to access the server
An administrator notices that former temporary employees accounts are still active on a domain.
Which of the following can be implemented to increase security and prevent this from happening?
Implement an account expiration date for temporary employees
Which of the following is the primary security risk with coaxial cable?
Data emanation from the core
Which of the following is a collection of patches?
A service pack
Which of the following would allow an administrator to find weak passwords on the network?
A rainbow table
Which of the following is the BEST place where the disaster recovery plan should be kept?
At multiple offsite locations
Which of the following is established immediately upon evidence seizure?
Chain of custody
Which of the following is a required privilege that an administrator must have in order to restore a public/private key set on a certificate authority (CA)?
Recovery agent
Which of the following algorithms have the smallest key space?
DES
Which of the following is the MOST recent addition to cryptography?
AES
Which of the following requires a common pre-shared key before communication can begin?
Symmetric key cryptography
Which of the following provides the MOST comprehensive redundancy for an entire site with the least downtime?
A hot site
Which of the following allows devices attached to the same switch to have separate broadcast domains?
VLAN
Which of the following allows for notification when a hacking attempt is discovered?
NIDS
Network Intrusion Detection System
When dealing with a 10BASE5 network, which of the following is the MOST likely security risk?
A vampire tap
Which of the following allows a technician to scan for missing patches on a device without actually attempting to exploit the security problem?
A vulnerability scanner
Which of the following allows for proof that a certain person sent a particular email?
Non-repudiation
Which of the following uses a key ring?
PGP
Pretty Good Privacy
Which of the following allows for the highest level of security at time of login?
Two-factor authentication
Sending a patch through a testing and approval process is an example of which of the following?
Change management
Sending continuous TCP requests to a device and ignoring the return information until the device ceases to accept new connections is an example of which of the following?
DoS
Which of the following would use a group of bots to stop a web server from accepting new requests?
DDoS
Which of the following is the MOST likely to generate static electricity?
Low humidity and high temperature
Using an asymmetric key cryptography system, where can a technician generate the key pairs?
A certificate authority
Which of the following media is the LEAST likely to be successfully tapped into?
Fiber optic cable
Which of the following allows a person to find public wireless access points?
SSID broadcast
Which of the following allows a file to have different security permissions for users that have the same roles or user groups?
Discretionary Access Control (DAC)
A DMZ has a fake network that a hacker is attacking. Which of the following is this an example of?
Honeypot
A company decides that the purchasing agent and the accounts receivable agent should
exchange positions in order to allow for more oversight of past transactions. Which of the following is this an example
of?
the accounts receivable agent should
exchange
A. Least privilege
B. Implicit deny
C. Separation of duties
D. Job rotation
Answer: D
A user complains that the color laser printer continuously gives an access denied message while attempting to print a text document. The administrator logs onto the PC and print successfully. Which of the following should the administrator check FIRST?
A. That the printer has the correct size of paper in each of the trays
B. That the toner should be changed in the printer
C. That the user has sufficient rights to print to the printer
D. That the user is attempting to print to the correct printer tray
An
Which of the following uses a sandbox to manage a programs ability to access system resources?
A. Java
B. ActiveX
C. JavaScript
D. Cold Fusion
Answer: A
Which of the following allows a technician to view the security permissions of a file?
A. The access control list
B. The security baseline
C. The data emanation
D. The local security template
Answer: A
A user is denied access to a file. The user had access to the file yesterday. Which of the following is the FIRST action for the technician to take?
A. Deny the users request and forward to the human resources department.
B. Reboot the system.
C. Verify that the users permissions are correct.
D. Grant access to the filE.
Answer: C
A user is convinced that someone is attempting to use their user account at night. Which of the following should an administrator check FIRST in order to prove or disprove this claim?
A. The IDS logs
B. The security application logs
C. The local security logs
D. The firewall logs
Answer: C
A user reports that a web based application is not working after a browser upgrade. Before the
upgrade, a login box would appear on the screen and disappear after login. The login box does
not appear after the upgrade. Which of the following BEST describe
A. That the software based firewall application trusts this site
B. That the pop-up blocker application trusts this site
C. That the antivirus application trusts this site
D. That the anti-spam application trusts this site
Answer: B
An intrusion has been detected on a companys network from the Internet. Which of the following should be checked FIRST?
A. The firewall logs
B. The DNS logs
C. The access logs
D. The performance logs
Answer: A
A user needs to verify that a patch file downloaded from a third party has not been modified since the time that the original manufacturer released the patch. Which of the following is the BEST way to verify that the file has not been modified?
Compare the final MD5 hash with the original.
A technician suspects that one of the network cards on the internal LAN is causing a broadcast
storm.
Which of the following would BEST diagnose which NIC is causing this problem?
A protocol analyzer
A user does not understand why the domain password policy is so stringent. Which of the following BEST demonstrates the security basis for the password policy?
Explain how easy it is for a hacker to crack weak passwords
A company needs to have multiple servers running low CPU utilization applications. Which of the following is the MOST cost efficient method for accomplishing this?
Install a single high end server, running multiple virtual servers.
A programmer creates an application to accept data from a websitE. A user places more
information than the program expects in the input field resulting in the back end database placing the extra information into the databasE. Which of the following is thi
SQL injection
Which of the following security threats is MOST commonly associated with a targeted distributed denial of service (DDoS)?
Botnets
A developer added code to a financial system designed to transfer money to a foreign bank account on a specific time and date. The code would activate only if human resources processed the developers termination papers. The developer implemented which of
Logic bomb
A CEO is concerned about staff browsing inappropriate material on the Internet via HTTPS. It has been suggested that the company purchase a product which could decrypt the SSL session, scan the content and then repackage the SSL session without staff know
Man-in-the-middle
After a system risk assessment was performed it was found that the cost to mitigate the risk was higher than the expected loss if the risk was actualized. In this instance, which of the following is the BEST course of action?
Accept the risk
A small call center business decided to install an email system to facilitate communications in the
office. As part of the upgrade the vendor offered to supply anti-malware software for a cost of $5,000 per year. The IT manager read there was a 90% chance
$7,290b
A technician is deciding between implementing a HIDS on the database server or implementing a
NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO).
Network Intrusion Detection System
Many HIDS are not able to detect network attacks
Many HIDS have a negative impact on system performance
Host-based Intrusion Detection System
Which of the following scenarios is MOST likely to benefit from using a personal software firewall on a laptop?
Office laptop connected to a home users network
Virtualized applications, such as virtualized browsers, are capable of protecting the underlying operating system from which of the following?
Malware installation from suspects Internet sites
A flat or simple role-based access control (RBAC) embodies which of the following principles?
Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role
A number of unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated that this behavior stops. Which of the following is the BEST technology to install at the data center to prevent piggybacking?
Mantrap
Which of the following is a security threat that hides its processes and files from being easily detected?
Rootkit
Security templates are used for which of the following purposes? (Select TWO).
To ensure that all servers start from a common security configuration
To ensure that servers are in compliance with the corporate security policy
Frequent signature updates are required by which of the following security applications? (Select
TWO).
Antivirus
IDS
When choosing an antivirus product, which of the following are the MOST important security considerations? (Select TWO).
The frequency of signature updates
The number of viruses the software can detect
Three generally accepted activities of patch management are: determining which patches are needed, applying the patches and which of the following?
Auditing for the successful application of the patches
In which of the following situations would it be appropriate to install a hotfix?
A patch is not available and workarounds do not correct the problem.
Social engineering, password cracking and vulnerability exploitation are examples of which of the following?
Penetration testing
If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?
Protocol analyzer
Configuration baselines should be taken at which of the following stages in the deployment of a new system?
After initial configuration
Which of the following practices should be implemented to harden workstations and servers?
Install only needed software
Which of the following is a mechanism that prevents electromagnetic emanations from being captured?
Faraday cage
Which of the following describes the difference between a secure cipher and a secure hash?
A cipher can be reversed, a hash cannot.
Which of the following physical threats is prevented with mantraps?
Piggybacking
Which of the following BEST describes the differences between SHA-1 and MD5?
SHA-1 produces few collisions than MD5
Which of the following BEST applies in the secure disposal of computers?
Computer media must be sanitized
Which of the following BEST describes the differences between RADIUS and TACACS?
TACACS separates authentication, authorization and auditing capabilities
Which of the following BEST describes the differences between RADIUS and TACACS?
TACACS encrypts client-server negotiation dialog
Which of the following authentication mechanisms performs better in a secure environment?
TACACS because it encrypts client-server negotiation dialogs.
To evaluate the security compliance of a group of servers against best practices, which of the following BEST applies?
Run a vulnerability assessment tool.
Which of the following is a problem MOST often associated with UTP cable?
Crosstalk
An administrator notices on the monthly firewall log that many of the internal PCs are sending
packets on a routine basis to a single external PC. Which of the following BEST describes what is occurring?
The remote PC has a zombie master application running and the local PCs have a zombie slave application running.
An administrator notices that a PC is sending an unusual amount of email at odd times of the day. Which of the following should the administrator check for FIRST?
A SMTP open relay
Which of the following would a password cracker help an administrator to find?
Weak passwords
Which of the following is setup within a router?
DMZ
Which of the following would BEST allow for fast, highly secure encryption of a USB flash drive?
AES256
When is the correct time to discuss the appropriate use of electronic devices with a new employee?
At time of hire
Which of the following could BEST assist in the recovery of a crashed hard drive?
Forensics software
Which of the following facilitates the creation of an unencrypted tunnel between two devices?
L2TP
Which of the following allows for a secure connection to be made through a web browser?
SSL
Which of the following is the BEST order in which crucial equipment should draw power?
UPS line conditioner, UPS battery, and backup generator
Which of the following would require a pre-sharing of information before a home user could attach to a neighbors wireless adapter?
SSID broadcasting disabled
Which of the following would BEST allow an administrator to quickly find a rogue server on the network?
A network mapper
Which of the following would BEST allow an administrator to quickly find a PC with a blank database administrator password?
Vulnerability scanner
An administrator is backing up all server data nightly to a local NAS device. Which of the following additional steps should the administrator take for protection from disaster in the case the primary site is permanently lost?
Backup all data at a preset interval to tape and store those tapes at a sister site in another city.
Which of the following is the MOST intrusive on a network?
Penetration testing
A single sign-on requires which of the following?
A unified trust model
All of the following are where backup tapes should be kept EXCEPT:
near a power line.
All of the following require periodic updates to stay accurate EXCEPT:
pop-up blocker applications
Which of the following is the quickest method to create a secure test server for a programmer?
Create a virtual server on existing equipment.
Which of the following is a collection of fixes for an application or operating system that has been tested by the vendor?
A service pack
Which of the following usually applies specifically to a web browser?
Pop-up blocker
Pre-shared keys apply to which of the following?
PGP
Which of the following is a risk associated with a virtual server?
If the physical server crashes, all of the local virtual servers go offline immediately.
Which of the following exploits is only triggered by a specific date or time key?
Logic bomb
Threats to a network could include: (Select TWO)
Disgruntled employees.
Dial-up access.
An antivirus server keeps flagging an approved application that the marketing department has installed on their local computers as a threat. This is an example of:
false positive
A vendor releases an application update to a recent service pack that addresses problems being experienced by some end users. This update would be considered a:
hotfix
A technician is working on an end users desktop which has been having performance issues. The technician notices there seems to be a lot of activity on the NIC. A good tool to quickly check the current network connections of the desktop would be:
netstat
A company has an issue with field users logging into VPN to connect to the mail server, and
leaving their computers connected while in public places. The administrator needs to prevent both unauthorized access to the company email and data, and limit the
Use group policy to lock computers after five minutes of inactivity, and limit VPN connections to one hour.
The service provided by message authentication code (MAC) hash is:
integrity
An administrator is running a network monitoring application that looks for behaviors on the
network outside the standard baseline that has been established. This is typical of a(n):
anomaly-based tool.
Some examples of hardening techniques include all of the following EXCEPT:
running weekly spy-ware applications.
An administrator wants to block users from accessing a few inappropriate websites as soon as possible. The existing firewall allows blocking by IP address. To achieve this goal the
administrator will need to:
upgrade to a URL based filter to achieve the desired result
A CRL contains a list of which of the following type of keys?
Both public and private keys
A user logs into their network with a smart card. Which of the following keys is used?
Private key
An administrator wants to ensure that when an employee leaves the company permanently, that
the company will have access to their private keys. Which of the following will accomplish this?
Store the keys in escrow.
When a server and workstation communicate via SSL, which of the following keys are being used? (Select TWO).
Public key
Session key
A user is going to dispose of some old hard drives. Which of the following should the user do to
the drives before disposing of them?
Use a certified wipe program to erase data.
A user wants to implement very tight security controls for technicians that seek to enter the users data center. Which of the following solutions offers the BEST security controls?
Biometric reader and smartcard
Which of the following concepts, requires users and system processes to be assigned minimum levels of permission to carry out the assigned task?
Least privilege
When using discretionary access control (DAC), who determines access and what privileges they
have?
Owner
Which of the following is a security benefit of mandatory vacations?
Detecting fraud
The data custodian in an organization is responsible for:
recover-ability of the data.
Which of the following organizational documentation describes how tasks or job functions should be conducted?
Procedures
Which of the following organizational documentation provides high level objectives that change infrequently?
Policy
Which of the following sites can be online the QUICKEST and does not require data restoration from backup media to ensure the production data is as current as possible?
Mirrored site
Which of the following are MOST likely to be analyzed by Internet filter appliances/servers?
(Select THREE).
Certificates
URLs
Content
The primary function of risk management in an organization is to reduce risk to a level:
the organization will accept.
Which of the following BEST describes risk analysis?
Evaluation and assessment
A financial institution performed a risk assessment on the DLT backup system used to store customer
account details. The main risk highlighted was the long-term retention of electronically stored datA.
Which of the following is the MOST likely reason for
Compatibility of media and application systems
Which of the following hashing techniques is commonly disabled to make password cracking more difficult?
NTLM (NT LAN Manager)
An organization has recently implemented a work from home program. Employees need to connect
securely from home to the corporate network. Which of the following encryption technologies might BEST accomplish this?
IPSec
The use of a physical token, PIN and a password during authentication is an example of which of
the following?
Two-factor authentication
Port 3535 is typically blocked for outbound traffic on a companys LAN. An end-user has recently purchased a legitimate business program that needs to make outbound calls using this port.
Which of the following steps should a technician take to allow this?
Open the port on the companys firewall.
Open the port on the users personal software firewall
Which of the following describes software that is often written solely for a specific customers application?
Hotfix
A security manager believes that too many services are running on a mission critical database
server.
Which of the following tools might a security analyst use to determine services that are running on
the server, without logging into the machine
Port scanner
A manufacturing corporation has decided to send a highly sensitive message to one of their suppliers.
The message is concealed inside a JPEG image of a beach resort. Which of the following is this
an example of?
Steganography
Which of the following encryption methods is often used along with L2TP?
IPSec
An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause?
DoS
Which of the following methods will help to identify when unauthorized access has occurred?
Implement previous logon notification.
Ensuring administrators have both a regular user account and a privileged user account is an example of applying which security principle?
Least privilege
All of the following are steps in the incident response process EXCEPT:
repudiation
Which of the following is an example of two-factor authentication for an information system?
ATM card and PIN
Which of the following describes a spanned switch port in the context of IDS traffic analysis?
An association of a set of source ports with a single destination port
A technician is performing an assessment on a router and discovers packet filtering is employed. Which of the following describes a security concern with stateless packet filtering?
. Packet payload is not checked
Which of the following describes the process of comparing cryptographic hash functions of system executables, configuration files, and log files?
File integrity auditing
Which of the following is a cryptographic representation of non-repudiation?
Digital signature
Which of the following reduces the effectiveness of telephone social engineering?
Awareness training
Which of the following will execute malicious code at a pre-specified time?
Logic Bomb
All of the following are weaknesses of WEP EXCEPT:
A. lack of integrity checking.
B. initialization vector.
C. replay attacks.
D. lack of strong keys.
Answer: A
Which of the following is LEAST likely to help reduce single points of failure?
Mandatory vacations
Which of the following reduces the attack surface of an operating system?
Disabling unused services
Which of the following is LEAST effective when hardening an operating system?
Installing HIDS
Which of the following provides the MOST control when deploying patches?
Patch management
If a technician wants to know when a computer application is accessing the network, which of the following logs should be reviewed?
Host firewall log
All of the following are components of IPSec EXCEPT:
temporal key interchange protocol
IPSec connection parameters are stored in which of the following?
Security association database
Which of the following will provide a 128-bit hash?
MD5
Which of the following describes a hash algorithms ability to avoid the same output from two guessed inputs?
Collision resistance
Which of the following should be included in a forensic toolkit?
Digital camera
Which of the following BEST describes the form used while transferring evidence?
Chain of custody
Which of the following is the primary incident response function of a first responder?
To secure the scene and preserve evidence
Which of the following is the GREATEST problem with low humidity in a server room?
Static electricity
Which of the following protocols is used to ensure secure transmissions on port 443?
HTTPS
When should a technician perform disaster recovery testing?
In accordance with the disaster recovery plan
Which of the following is the BEST backup method to restore the entire operating system and all related software?
Disk Image
How many keys are utilized in symmetric cryptography?
One
Which of the following terms is BEST associated with public key infrastructure (PKI)?
Digital signatures
Which of the following is the LAST step to granting access to specific domain resources?
Authorize the user
After an attacker has successfully gained remote access to a server with minimal privileges, which of the following is their next step?
Elevate system privileges
Which of the following should the technician recommend as a way to logically separate various
internal networks from each other?
VLAN
An organization has requested the ability to monitor all network traffic as it traverses their network. Which of the following should a technician implement?
Protocol analyzer
A large amount of viruses have been found on numerous domain workstations. Which of the following should the technician implement?
Centralized antivirus
Which of the following is the MOST difficult security concern to detect when contractors enter a secured facility?
Copying sensitive information with cellular phones
When are port scanners generally used on systems?
At the beginning of a vulnerability assessment
The staff must be cross-trained in different functional areas so that fraud can be detected. Which of the following is this an example of?
Job rotation
Human Resources has requested that staff members be moved to different parts of the country into new positions. Which of the following is this an example of?
Job rotation
An administrator is worried about an attacker using a compromised user account to gain administrator
access to a system. Which of the following is this an example of
Privilege escalation
Which of the following is used to deny authorized users access to services?
Botnets
An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and
strong authentication techniques to a server administrator. Which of the following threats are being addressed?
Spam
An administrator is asked to improve the physical security of a data center located inside the office
building. The data center already maintains a physical access log and has a video surveillance
system.
Which of the following additional controls could b
Mantrap
In regards to physical security, which of the following BEST describes an access control system which implements a non-trusted but secure zone immediately outside of the secure zone?
Mantrap
A technician notices delays in mail delivery on the mail server. Which of the following tools could
be used to determine the cause of the service degradation?
Performance monitor
Penetration testing should only be used once which of the following items is in place?
Written permission
An administrator recommends that management establish a trusted third party central repository to maintain all employees private keys. Which of the following BEST describes the administrators
recommendation?
Key escrow
To combat transaction fraud, a bank has implemented a requirement that all bank customers enter a different, unique code to confirm every transaction. Which of the following is the MOST effective method to accomplish this?
One-time password
All of the following should be identified within the penetration testing scope of work EXCEPT:
a complete list of all network vulnerabilities
Which of the following is the MOST efficient way that an administrator can restrict network access
to certain ports enterprise wide?
ACL
An administrator is responsible for a server which has been attacked repeatedly in the past. The only recourse has been to reload the server from scratch. Which of the following techniques could be used to decrease the recovery time following an incident?
Implement the server as a virtual server instance
Validating the users claimed identity is called which of the following?
Authentication
Which of the following is planted on an infected system and deployed at a predetermined time?
Logic bomb
Which of the following allows a user to float a domain registration for a maximum of five days?
Kiting
According to company policy an administrator must logically keep the Human Resources department
separated from the Accounting department.Which of the following would be the simplest way to accomplish this?
VLAN
Which of the following is an attack which is launched from multiple zombie machines in attempt to bring down a service?
DDoS
Which of the following will MOST likely allow an attacker to make a switch function like a hub?
MAC flooding
Which of the following is commonly programmed into an application for ease of administration?
Back door
Which of the following is a technique used by hackers to identify unsecured wireless network locations to other hackers?
War chalking
Which of the following authentication models uses a KDC?
Kerberos
Which of the following disaster recovery components is a location that is completely empty, but allows the infrastructure to be built if the live site goes down?
Cold site
Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed?
Apply proper forensic techniques
Which of the following documents specifies the uptime guarantee of a web server?
Service level agreement
Which of the following authentication models uses a time stamp to prevent the risks associated
with a replay attack?
Kerberos
Which of the following protocols can be implemented as an alternative to the overhead of a VPN?
SSL
Which of the following will set an account to lockout for 30 minutes after the maximum number attempts have failed?
Account lockout duration
Which of the following logs would reveal activities related to an ACL?
Firewall
Which of the following encryption algorithms has the largest overhead?
3DES
Which of the following hashing algorithms is the MOST secure?
MD5
Which of the following would allow a technician to compile a visual view of an infrastructure?
Network mapper
Which of the following creates separate logical networks?
Subnetting
Which of the following is an area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure?
DMZ
Which of the following attacks commonly result in a buffer overflow?
DoS
Which of the following type of attacks is TCP/IP hijacking?
Man-in-the-middle
Which of the following ports does SNMP run on?
161
Which of the following is a collection of servers that is setup to attract hackers?
Honeynet
Which of the following could be used to determine which flags are set in a TCP/IP handshake?
Protocol analyzer
Which of the following would be the BEST choice to ensure only ports 25, 80 and 443 were open from outside of the network?
Firewall
Which of the following media is LEAST susceptible to a tap being placed on the line?
Fiber
Which of the following is responsible for establishing trust models?
The certificate authority
Which of the following allows attackers to gain control over the web camera of a system?
ActiveX component
Which of the following type of attacks sends out numerous MAC resolution requests to create a buffer overflow attack?
ARP poisoning
Which of the following would a former employee MOST likely plant on a server that is not traceable?
Logic bomb
Which of the following would be MOST effective in stopping phishing attempts?
User training
Which of the following consists of markings outside a building that indicate the connection speed of a nearby unsecured wireless network?
War chalking
Which of the following would be of MOST interest to someone that is dumpster diving?
Business card of computer contractor
Which of the following could involve moving physical locations every two years to help mitigate security risks?
Job rotation
Which of the following could be used to capture website GET requests?
Protocol analyzer
Which of the following does the process of least privilege fall under?
Confidentiality
Which of the following hashing algorithms is the LEAST secure?
LANMAN
Which of the following is the MOST secure transmission algorithm?
TKIP
Which of the following protocols is used for encryption between email servers?
TLS
Which of the following scenarios would a penetration test BEST be used for?
When providing a proof of concept demonstration for a vulnerability
Which of the following would be the easiest to use in detection of a DDoS attack?
Performance monitor
Which of the following implements the strongest hashing algorithm?
NTLMv2
Which of the following is BEST used to determine whether network utilization is abnormal?
Performance baseline
Which of the following is the BEST solution to implement to reduce unsolicited email?
Anti-spam
Identification is a critical component of the authentication process because it is:
when the user is verified
Identity proofing occurs during which phase of identification and authentication?
Identification
Which of the following BEST describes the practice of dumpster diving?
Sorting through the garbage of an organization to obtain information used for a subsequent
attack.
Implementation of proper environmental controls should be considered by administrators when recommending facility security controls because of which of the following?
Proper environmental controls help ensure availability of IT systems
An administrator is asked to recommend the most secure transmission media. Which of the following should be recommended?
Fiber optic cable
An administrator is selecting a device to secure an internal network segment from traffic external
to the segment. Which of the following devices could be selected to provide security to the network segment?
NIPS (network-based intrusion prevention system)
Which of the following devices should be deployed to protect a network against attacks launched from a business to business intranet? (Select TWO).
NIPS (network-based intrusion prevention system)
Firewall
To prevent the use of previously issued PKI credentials which have expired or otherwise become invalid, administrators should always design programs to check which of the following?
CRL
To prevent the use of stolen PKI certificates on web servers, which of the following should an administrator ensure is available to their web servers?
CRL
Which of the following describes an implementation of PKI where a copy of a users private key is stored to provide third party access and to facilitate recovery operations?
Key escrow
A security administrator has been asked to deploy a biometric authentication system in a corporation.
Which of the following devices is the MOST reliable and has the lowest cross over error rate?
Retina scanner
To increase the security of the network authentication process, an administrator decides to
implement three-factor authentication. Which of the following authentication combinations is a three-factor system?
A retina scanner, PKI enabled smart card and a six-digit PIN
To facilitate compliance with the Internet use portion of the corporate acceptable use policy, an administrator implements a series of proxy servers and firewalls. The administrator further
recommends installation of software based firewalls on each host
Internet content filter
The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing depart
The risks associated with the large capacity of USB drives and their concealable nature
USB drives create a potential security risk due to which of the following?
Potential for software introduction
As a best practice, risk assessments should be based upon which of the following?
A quantitative measurement of risk, impact and asset value
Which of the following is a cryptographic hash function?
SHA
From a security standpoint, which of the following is the BEST reason to implement performance monitoring applications on network systems?
To detect availability degradations caused by attackers
All of the following are methods used to conduct risk assessments EXCEPT:
disaster exercises.
After conducting a risk assessment, the main focus of an administrator should be which of the following?
To ensure risk mitigation activities are implemented
Which of the following is a BEST practice when implementing a new system?
Disable unneeded services
When installing and securing a new system for a home user which of the following are best practices? (Select THREE).
Use a strong firewall
Apply all system patches
Apply all service packs
Which of the following describes a logic bomb?
A piece of malicious code that executes based on an event or date
Which of the following is a prerequisite for privilege escalation to occur?
The attacker must have already gained entry into the system.
Which of the following is an example of an attack that executes once a year on a certain date?
Logic bomb
Which of the following is the GREATEST threat to highly secure environments?
USB devices
Management has asked a technician to prevent data theft through the use of portable drives. Which of the following should the technician implement?
Disable USB drives.
A technician has been informed that many of the workstations on the network are flooding servers. Which of the following is the MOST likely cause of this?
Worm
Which of the following BEST describes a way to prevent buffer overflows?
Apply all security patches to workstations
Which of the following is a security reason to implement virtualization throughout the network infrastructure?
To isolate the various network services and roles
Which of the following is a reason to use a Faraday cage?
To mitigate data emanation
Weak encryption is a common problem with which of the following wireless protocols?
WEP
Which of the following describes a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?
Mandatory vacations
Which of the following is a cross-training technique where organizations minimize collusion amongst staff?
Job rotation
Which of the following will allow a technician to restrict a users access to the GUI?
Group policy implementation
Which of the following is the MOST common logical access control method?
Usernames and password
Which of the following verifies control for granting access in a PKI environment?
Certificate authority
Which of the following explains the difference between a public key and a private key?
The private key is only used by the client and kept secret while the public key is available to all.WBerlinSans
Which of the following is a countermeasure when power must be delivered to critical systems no matter what?
Backup generator
Which of the following is the MOST important step to conduct during a risk assessment of computing systems?
The identification of missing patches
Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
Performance monitor
Which of the following monitoring methodologies will allow a technician to determine when there is a security related problem that results in an abnormal condition?
Anomaly-based
Which of the following systems is BEST to use when monitoring application activity and modification?
HIDS
Which of the following is the MOST important thing to consider when implementing an IDS solution?
The personnel to interpret results
Which of the following is the FIRST step in the implementation of an IDS?
Document the existing network
Which of the following encryption algorithms is used for encryption and decryption of data?
RC5
Which of the following are the authentication header modes?
Transport and Tunnel
Which of the following would a technician use to check data integrity?
Message authentication code
Which of the following are the functions of asymmetric keys?
Encrypt, sign, decrypt and verify
Which of the following is the purpose of the AH?
Provides integrity
Which of the following describes the insertion of additional bytes of data into a packet?
Padding
Which of the following is true regarding authentication headers (AH)?
The authentication information is a keyed hash based on all of the bytes in the packet.
Which of the following will allow wireless access to network resources based on certain ports?
8021x
The method of controlling how and when users can connect in from home is called which of the following?
Remote access policy
Which of the following is the main limitation with biometric devices?
They are expensive and complex
Who is ultimately responsible for the amount of residual risk?
The senior management
Which of the following typically use IRC for command and control activities?
Botnets
When designing a firewall policy, which of the following should be the default action?
Implicit deny
If hashing two different files creates the same result, which of the following just occurred?
A collision
Which of the following type of protection is hashing used to provide?
Integrity
All of the following are part of the disaster recovery plan EXCEPT:
patch management software
Which of the following is MOST likely to make a disaster recovery exercise valuable?
Learning from the mistakes of the exercise
Which of the following allows directory permissions to filter down through the sub-directory hierarchy?
Inheritance
Which of the following access control models BEST follows the concept of separation of duties?
Role-based access control (RBAC)
Which of the following would MOST likely prevent a PC application from accessing the network?
Host-based firewall
A technician is investigating intermittent switch degradation. The issue only seems to occur when the buildings roof air conditioning system runs. Which of the following would reduce the
connectivity issues?
Shielding
A technician tracks the integrity of certain files on the server. Which of the following algorithms provide this ability?
SHA-1
Which of the following describes the standard load for all systems?
Configuration baseline
When testing a newly released patch, a technician should do all of the following EXCEPT:
deploy immediately using Patch Management
A botnet zombie is using HTTP traffic to encapsulate IRC traffiC. Which of the following would detect this encapsulated traffic?
Anomaly-based IDS
Documentation review, log review, rule-set review, system configuration review, network sniffing,
and file integrity checking are examples of:
passive security testing techniques.
To determine whether a system is properly documented and to gain insight into the systems security aspects that are only available through documentation is the purpose of:
passive security testing techniques
Which of the following BEST describes external security testing?
Conducted from outside the organizations security perimeter
Port scanners can identify all of the following EXCEPT:
vulnerabilities
All of the following are limitations of a vulnerability scanner EXCEPT:
it generates less network traffic than port scanning.
Which of the following can BEST aid in preventing a phishing attack?
Conducting user awareness training
A travel reservation company conducts the majority of its transactions through a public facing website.
Any downtime to this website results in substantial financial damage for the company. One web
server is connected to several distributed database serve
Single point of failure
Which of the following is MOST commonly used to secure a web browsing session?
HTTPS
One of the reasons that DNS attacks are so universal is DNS services are required for a computer to access
the Internet
One of the security benefits to using virtualization technology is:
if an instance is compromised the damage can be compartmentalized
A virtual server implementation attack that affects the:
RAM will affect all virtual instances
An administrator wants to set up a new web server with a static NAT. Which of the following is the BEST reason for implementing NAT?
Hides the organizations internal network addressing scheme
Which of the following is the BEST reason for an administrator to use port address translation (PAT) instead of NAT on a new corporate mail gateway?
PAT allows external users to access the mail gateway on pre-selected ports.
Which of the following describes a static NAT?
A static NAT uses a one to one mapping.
Which of the following if disabled will MOST likely reduce, but not eliminate the risk of VLAN jumping?
DTP on all ports
An administrator is concerned that PCs on the internal network may be acting as zombies
participating in external DDoS attacks. Which of the following could BEST be used to confirm the administrators suspicions?
Firewall logs
Restricting access to files based on the identity of the user or group is an example of which of the following?
DAC
Restricting access to files based on the identity of the user or group and security classification of the information is an example of which of the following?
MAC
A new Internet content filtering device installed in a large financial institution allows IT
administrators to log in and manage the device, but not the content filtering policy. Only the IT
security operation staff can modify policies on the Internet fil
Role-Based Access Control (RBAC)
Which of the following would BEST describe a disaster recovery plan (DRP)?
Addresses the recovery of an organizations IT infrastructure
Which of the following is the primary objective of a business continuity plan (BCP)?
Addresses the recovery of an organizations business operations
A software manufacturer discovered a design flaw in a new application. Rather than recall the
software, management decided to continue manufacturing the product with the flaw. Which of the following risk management strategies was adopted by management?
Risk acceptance
Which of the following BEST describes an application or string of code that cannot automatically spread from one system to another but is designed to spread from file to file?
Virus
Which of the following is considered an independent program that can copy itself from one system to another and its main purpose is to damage data or affect system performance?
Worm
All of the following are considered malware EXCEPT:
spam
Which of the following NIDS configurations is solely based on specific network traffic?
Signature-based
Which of the following only looks at header information of network traffic?
Packet filter
Which of the following access control methods could the administrator implement because of constant hiring of new personnel?
Role-based
When using a single sign-on method, which of the following could adversely impact the entire network?
Authentication server
RADIUS uses all of the following authentication protocols EXCEPT:
L2TP
A HIDS is installed to monitor which of following?
System files
Which of the following intrusion detection systems uses statistical analysis to detect intrusions?
Anomaly
Which of the following intrusion detection systems uses well defined models of how an attack occurs?
Signature
Which of the following is a system that will automate the deployment of updates to workstations and servers?
Patch management
A user is concerned with the security of their laptops BIOS. The user does not want anyone to be able to access control functions except themselves. Which of the following will make the BIOS more secure?
Password
Which of the following is a method to apply system security settings to all workstations at once?
A security template
Which of the following would be a method of securing the web browser settings on all network workstations?
Group policy
Which of the following is a limitation of a HIDS?
Someone must manually review the logs
A technician has implemented a new network attached storage solution for a client. The technician has created many shares on the storage. Which of the following is the MOST secure way to
assign permissions?
Least privilege
Which of the following is an example of a trust model?
Managing the CA relationships
Which of the following is the common mail format for digitally signed and encrypted messages?
S/MIME
Which of the following is the common way of implementing cryptography on network devices for encapsulating traffic between the device and the host managing them?
SSH
Which of the following describes penetration testing?
Simulating an actual attack on a network
When an IDS is configured to match a specific traffic pattern, then which of the following is this referring to?
Signature-based
An application that gets downloaded onto a system by appearing to be a useful tool for cleaning out duplicate contacts in a users emails would be considered:
A Trojan
Installing an application on every desktop in a companys network that watches for possible intrusions would be an example of:
a HIDS
An administrator suspects an issue retrieving files on the network and accesses the file servers performance monitor to check the results against:
the performance baseline
An administrator runs a tool checking SMTP, DNS, POP3, and ICMP packets on the network. This is an example of which of the following?
A protocol analyzer
A company runs a backup after each shift and the main concern is how quickly the backups are
completed between shifts. Recovery time should be kept to a minimum. The administrator decides that backing up all the data that has changed during the last shift
differential backup
Users should be able to access their email and several secure applications from any workstation on the network. Additionally, the administrator has implemented an authentication system
requiring the use of a username, password, and a company issued smart
SSO
Both the client and the server authenticate before exchanging data. This is an example of:
mutual authentication
Which of the following could be used to institute a tunneling protocol for security?
IPSec
Which of the following is an encryption program used to secure email and voice over the Internet?
PGP
Which of the following is used for securing communication between a client and a server?
NTLM
Which of the following processes are used to monitor and protect the DNS server?
Check DNS records regularly
Which of the following is the MOST effective method for stopping a phishing attempt?
User education
A corporation has a contractual obligation to provide a certain amount of system uptime to a client. Which of the following is this contract an example of?
SLA
Which of the following would allow for a network to remain operational after a T1 failure?
Redundant ISP
Which of the following asymmetric encryption algorithms was utilized FIRST?
DES
A ticket granting server is an important concept in which of the following authentication models?
Kerberos
Which of the following is an example of two-factor authentication?
Smart card and PIN
Which of the following could physically damage a device if a long term failure occurred?
HVAC
Which of the following is the easiest way to disable a 10Base2 network?
Remove a terminator
Which of the following is the BEST method for securing the data on a coaxial network?
Run all cables through a conduit
Which of the following is the weakest password?
A. Indu5tr1als
B. F%r3Walke3r
C. C0mpt!a2**8
D. P^s5W0rd
Answer: A
Which of the following is the GREATEST security risk regarding removable storage?
Confidentiality of data
Which of the following mimics a legitimate program in order to steal sensitive data?
Trojan
Which of the following allows for a user to have only the minimum level of access required for their job duties?
Least privilege
A manager needs to control employee overtime. Which of the following would BEST allow for the manager to control when the employees are on the network?
Time of day restriction
Which of the following BEST describes hashing?
Computing a unique mathematic identifier in order to detect change during transport.
Which of the following is MOST likely to crash a workstation?
Penetration test
Which of the following is the critical piece of an encrypted communication that must be kept
secret?
The initial salt value
A PC is rejecting push updates from the server; all other PCs on the network are accepting the updates successfully. Which of the following should the administrator check FIRST?
Local firewall
Which of the following describes an encrypted connection across public communication lines?
VPN
After a period of high employee turnover, which of the following should be implemented?
A review of user access and rights
All PCs in a network share a single administrator ID and password. When the administrator attempts to
remotely control a users PC the attempt fails.
Which of the following should the administrator check FIRST?
The HIPS on the remote PC
All of the following are considered key exchange protocols EXCEPT:
SAFER
Which of the following keys is generally applied FIRST to a message digest to provide nonrepudiation using asymmetric cryptography?
Private key of the sender
Which of the following describes a weakness of the hash functions?
Collision
All of the following are organizational policies that reduce the impact of fraud EXCEPT:
password complexity rules
A technician is conducting a forensics analysis on a computer system. Which of the following should be done FIRST?
Get a binary copy of the system
A technician noticed a remote attack taking place on a system. Which of the following should be done FIRST?
Follow the incident management procedure in place
Which of the following IDS generally follows a learning process?
Anomaly-based IDS
Which of the following algorithms is faster when encrypting data?
Symmetric key algorithms
Which of the following is a reason why DNS logs should be archived?
For use in an investigation in the future
Which of the following is a best practice for securing log files?
Copy or save the logs to a remote log server.
Which of the following logs shows when the workstation was last shutdown?
System
Which of the following is a best practice auditing procedure?
Review user access and rights
Which of the following tools is commonly used to detect security anomalies on a host?
A file system integrity checker
Snort, TCPDump and Wireshark are commonly used for which of the following?
Network sniffing
Which of the following would typically require the use of a network protocol analyzer?
Determining why authentication between two machines failed
Which of the following security related anomalies are MOST likely to be detected by a protocol analyzer?
Many malformed or fragmented packets
Users and computers are generally grouped into domains for security purposes.
Which of the following is a common attribute used to determine which domain a user or computer belongs to?
Location
Malware that uses virtualization techniques can be difficult to detect because of which of the following?
The malware may be running at a more privileged level than the antivirus software
Which of the following is a reason why virtualization techniques are often used to implement a honeynet?
To reduce the number of physical devices needed
Which of the following is an industry standard for remote logging?
syslog
Audit trails are used for which of the following?
Accountability
Which of the following can be used to centrally manage security settings?
Group policy
Which of the following is a best practice disaster recovery strategy?
Test the recovery plan.
Which of the following activities is MOST closely associated with DLL injection?
Penetration testing
Which of the following is true about penetration testing or vulnerability assessments?
Penetration testing exploits a vulnerability
Which of the following is a security risk of not password protecting the BIOS?
The system may be changed to boot from alternative media
Executing proper logging procedures would be the proper course of action in which of the following scenarios? (Select TWO).
Need to know which files have been accessed
Need to know who is logging on to the system
Executing proper logging procedures would facilitate which of the following requirements?
Investigate suspicious queries to the DNS server
Which of the following is a concern when setting logging to a debug level?
The log may fill up with extraneous information.
Which of the following should be considered when executing proper logging procedures? (Select
TWO).
The information that is needed to reconstruct events
The amount of disk space required
Which of the following malicious activities might leave traces in a DNS log file?
Poisoning
Which of the following NAC scanning types is the LEAST intrusive to the client?
Agentless
Common settings configured on an Internet content filtering device are database update settings, log settings and which of the following?
Content rules
Which of the following activities commonly involves feedback from departmental managers or human resources?
User access and rights review
While auditing a list of active user accounts, which of the following may be revealed?
Accounts that need to be removed
Which of the following is the BEST option for securing an email infrastructure?
Set up an email proxy in the DMZ and the email server in the internal network.
Which of the following provides the BEST mechanism for non-repudiation?
Digital signatures
Which of the following is the BEST logical access control method for controlling system access on teams working in shifts?
Time of day restrictions
Which of the following key types does Kerberos use?
Asymmetric keys
Which of the following are recommended security measures when implementing system logging procedures? (Select TWO).
Apply retention policies on the log files.
Perform hashing of the log files
Which of the following should be considered when implementing logging controls on multiple systems? (Select TWO).
Systems clock synchronization
Systems capacity and performance
Which of the following BEST describes actions pertaining to user account reviews? (Select TWO).
User account reports are periodically extracted from systems and employment verification is performed
User accounts and their privileges are periodically extracted from systems and are reviewed for the appropriate level of authorization
All of the following are attributes of an x.509 certificate EXCEPT:
the symmetric key of the owner
A user complains that pop-up windows continuously appear on their screen with a message stating that they have a virus and offering to see a program that will remove it. The technician is skeptical because the antivirus definitions on the machine are up-t
Adware
The GREATEST security concern in regards to data leakage with USB devices is:
physical size
Which of the following is the main difference between a substitution cipher and a transposition cipher when used to encode messages?
One replaces blocks with other blocks while the other rearranges only.
All of the following can be found in the document retention policy EXCEPT:
password complexity rules
Which of the following reduces effectiveness when deploying and managing NIPS?
Encrypting all network traffic
Which of the following authentication methods prevents a replay attack from occurring?
Kerberos
To prevent disk integrity errors due to small line-power fluctuations, a system administrator should install which of the following?
Line conditioner
Which of the following is the BEST way to mass deploy security configurations to numerous workstations?
Security templates
Virtual machines are MOST often used by security researchers for which of the following purposes?
To provide an environment where malware can be executed with minimal risk to equipment and software
Which of the following is a password cracker?
Cain & Abel
Which of the following characteristics of RAID increases availability?
Mirroring
A document shredder will BEST prevent which of the following?
Dumpster diving
Which of the following would BEST prevent the spread of a hoax?
User education
Which of the following is a term referring to the situation when a programmer leaves an unauthorized entry point into a program or system?
Back door
Which of the following refers to a system that is unable to accept new TCP connections due to a SYN flood attack?
DoS
Which of the following would refer to a key fob with a periodically changing number that is used as part of the authentication process?
Physical token
Which of the following is the MOST common method of one-factor authentication?
User ID and password
An attorney demands to know exactly who had possession of a piece of evidence at a certain time after seizure. Which of the following documents would provide this?
Chain of custody
Which of the following prevents damage to evidence during forensic analysis?
Read-only drive connectors
Which of the following is a drawback of using PAP authentication?
PAP sends all passwords across the network as clear text.
Which of the following BEST describes using a third party to store the public and private keys?
Key escrow
Which of the following requires the server to periodically request authentication from the client?
CHAP
A biometric fingerprint scanner is an example of which of the following?
Single-factor authentication
A user ID, PIN, and a palm scan are all required to authenticate a system. Which of the following is this an example of?
Two-factor authentication
Which of the following would be disabled to prevent SPIM?
Instant messaging
A user sees an MD5 hash number beside a file that they wish to download. Which of the following BEST describes a hash?
A hash is a unique number that is generated based upon the files contents and should be verified after download
According to a good disaster recovery plan, which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery?
The backup generator activates
Which of the following would give a technician the MOST information regarding an external attack on the network?
NIDS
Which of the following would BEST prevent night shift workers from logging in with IDs and passwords stolen from the day shift workers?
Time of day restriction
Which of the following would BEST ensure that users have complex passwords?
Domain password policy
A technician finds that a malicious user has introduced an unidentified virus to a single file on the network. Which of the following would BEST allow for the user to be identified?
Access logs
Which of the following would BEST allow an administrator to find the IP address of an external attacker?
Firewall logs
After performing a vulnerability analysis and applying a security patch, which of the following non-intrusive actions should an administrator take to verify that the vulnerability was truly removed?
Repeat the vulnerability scan.
Which of the following could be used by a technician needing to send data while ensuring that any data tampering is easily detectible?
SHA-1
Which of the following BEST allows for a high level of encryption?
AES with ECC
Which of the following is the primary security risk associated with removable storage?
Confidentiality
After reading about the vulnerability issues with open SMTP relays, a technician runs an application to see if port 25 is open. This would be considered a:
port scan
A companys accounting application requires users to be administrators for the software to function
correctly. Because of the security implications of this, a network administrator builds a user profile
which allows the user to still use the application bu
Security template
Which of the following backup techniques resets the archive bit and allows for the fastest recovery?
Full backup
The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many tapes will the technician need to restore the data on the file server for Thurs
Three
A company is addressing backup and recovery issues. The company is looking for a compromise between speed of backup and speed of recovery. Which of the following is the BEST
recommendation?
Full backups weekly with differential backups daily
Which of the following would define document destruction requirements?
Storage and retention policies
Part of a standard policy for hardening workstations and servers should include applying the company security template and:
closing unnecessary network ports
Setting a baseline is required in which of the following? (Select TWO).
Anomaly-based monitoring
Behavior-based monitoring
Which of the following hidden programs gathers information with or without the users knowledge with the primary purpose of advertising?
Spyware
Which of the following provides best practice with a wireless network?
WPA with RADIUS
Which of the following sites has the means (E. g. equipment, software, and communications) to facilitate a full recovery within minutes?
Hot site
When conducting an environmental security assessment, which of the following items should be included in the assessment? (Select THREE).
HVAC
Utilities
Fire detection
Which of the following security steps must a user complete before access is given to the network?
Identification and authentication
When placing a NIDS onto the network, the NIC has to be placed in which of the following modes to monitor all network traffic?
Promiscuous
An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. The recommended placement of a NIDS would be:
outside the firewall
Once a system has been compromised, often the attacker will upload various tools that can be used at a later date. The attacker could use which of the following to hide these tools?
Rootkit
Which of the following is the perfect encryption scheme and is considered unbreakable when properly used?
One-time pad
When using a digital signature, the message digest is encrypted with which of the following keys?
Senders private key
Which of the following is the MOST basic form of IDS?
Signature
Which of the following BEST applies to steganography?
Algorithms are not used to encrypt data
Which of the following can steganography be used for?
Watermark graphics for copyright.
Steganography could be used by attackers to:
hide and conceal messages in WAV files.
Which of the following BEST describes how steganography can be accomplished in graphic files?
Replacing the least significant bit of each byte
An application developer is looking for an encryption algorithm which is fast and hard to break if a large key size is used. Which of the following BEST meets these requirements?
Symmetric
Which of the following if used incorrectly would be susceptible to frequency analysis?
Transposition ciphers
An administrator in an organization with 33,000 users would like to store six months of Internet proxy logs on a dedicated logging server for analysis and content reporting. The reports are not time critical, but are required by upper management for legal
performance baseline and audit trails.
Which of the following BEST describes when a hashing algorithm generates the same hash for two different messages?
A collision occurred
Which of the following is BEST known for self-replication in networks?
Worm
Which of the following security threats affects PCs and can have its software updated remotely by a command and control center?
Zombie
Multiple web servers are fed from a load balancer. Which of the following is this an example of?
Redundant servers
An outside auditor has been contracted to determine if weak passwords are being used on the network.
Vulnerability assessment
Password crackers:
are sometimes able to crack both Windows and UNIX passwords.
Logic bombs differ from worms in that:
logic bombs always have a date or time component.
A firewall differs from a NIDS in which of the following ways?
A firewall operates on a rule list and a NIDS attempts to detect patterns.
A vulnerability has recently been identified for a servers OS. Which of the following describes the BEST course of action?
Visit the operating system manufacturers website for a possible patch.
Personal software firewalls can be updated automatically using:
group policy
An accountant has logged onto the companys external banking websitE. An administrator using a TCP/IP monitoring tool discovers that the accountant was actually using a spoofed banking
websitE. Which of the following could have caused this attack? (Select
Altered hosts file
DNS poisoning
Which of the following tools would be BEST for monitoring changes to the approved system baseline?
Enterprise performance monitoring software
All of the following security applications can proactively detect workstation anomalies EXCEPT:
A. antivirus softwarE.
B. NIDS.
C. personal software firewall.
D. HIPS.
Answer: B
A periodic security audit of group policy can:
show that unnecessary services are blocked on workstations.
Which of the following is the primary purpose of an audit trail?
To detect when a user changes security permissions
Which of the following describes a characteristic of the session key in an SSL connection?
It is symmetriC
Which of the following describes the cryptographic algorithm employed by TLS to establish a session key?
Diffie-Hellman
Which of the following describes how TLS protects against man-in-the-middle attacks?
The client compares the actual DNS name of the server to the DNS name on the certificate
Which of the following is the primary purpose of removing audit logs from a server?
To protect against the log file being changed
Which of the following describes a common problem encountered when conducting audit log reviews?
The timestamp for the servers are not synchronized
A technician is conducting a web server audit and discovers that SSLv2 is implemented. The technician wants to recommend that the organization consider using TLS. Which of the following reasons could the technician use to support the recommendation?
SSLv2 is susceptible to man-in-the-middle attacks.
A technician is conducting a password audit using a password cracking tool. Which of the following describes a BEST business practice when conducting a password audit?
Use password masking
Which of the following is a security risk when using peer-to-peer software?
Data leakage
Which of the following overwrites the return address within a program to execute malicious code?
Buffer overflow
Heaps and stacks are susceptible to which of the following?
Buffer overflows
All of the following are inline devices EXCEPT:
HIDS
Which of the following would a technician use to validate whether specific network traffic is indeed an attack?
Protocol analyzer
Which of the following creates an emulated or virtual environment to detect and monitor malicious activity?
Honeypot
A technician wants better insight into the websites that employees are visiting.Which of the following is BEST suited to accomplish this?
Proxy server
Bluetooth discover mode is similar to which of the following?
SSID broadcast
All of the following are Bluetooth threats EXCEPT:
A. bluesnarfing.
B. discovery modE.
C. blue jacking.
D. a smurf attack.
Answer: D
Which of the following is the BEST approach when reducing firewall logs?
Discard known traffic first.
In which of the following logs would notation of a quarantined file appear?
Antivirus
Which of the following provides the MOST mathematically secure encryption for a file?
AES256
Which of the following encryption algorithms relies on the inability to factor large prime numbers?
RSA
All of the following provide a host active protection EXCEPT:
HIDS
Which of the following simplifies user and computer security administration?
Directory services
Which of the following is MOST likely to cause pop-ups?
Adware
Which of the following is MOST likely to open a backdoor on a system?
Trojan
If a company has a distributed IT staff, each being responsible for separate facilities, which of the following would be the BEST way to structure a directory information tree?
By location
A technician wants to be able to add new users to a few key groups by default, which of the following would allow this?
Template
Which of the following is a reason to use digital signatures?
Non-repudiation
All of the following are logical access control methods EXCEPT:
biometrics
Using the same initial computer image for all systems is similar to which of the following?
Configuration baseline
Which of the following has the LEAST amount of issues when inspecting encrypted traffic?
Antivirus
A technician has come across content on a server that is illegal. Which of the following should the technician do?
Stop and immediately follow company approved incident response procedures.
Which of the following is a true statement in regards to incident response?
If a technician finds illegal content, they should follow company incident response procedures
If a technician is unable to get to a website by its address but the technician can get there by the IP address, which of the following is MOST likely the issue?
DNS server
Which of the following is placed in promiscuous mode, in line with the data flow, to allow a NIDS to monitor the traffic?
Sensor
In a NIDS, which of the following provides a user interface?
Console
An instance where an IDS identifies legitimate traffic as malicious activity is called which of the following?
False positive
An instance where a biometric system identifies legitimate users as being unauthorized is called which of the following?
False rejection
An instance where a biometric system identifies users that are authorized and allows them access is called which of the following?
True positive
An instance where an IDS identifies malicious activity as being legitimate activity is called which of the following?
False negative
An instance where a biometric system identifies unauthorized users and allows them access is
called:
false acceptance
When executing a disaster recovery plan the MOST important thing to consider is:
safety and welfare of personnel
When choosing a disaster recovery site, which of the following is the MOST important consideration?
The distance and size of the facility
Who should be notified FIRST before testing the disaster recovery plan?
Senior management
Which of the following BEST describes the disaster recovery plan?
A detailed process of recovering information or IT systems after a catastrophic event
Which of the following is the MOST important consideration when developing a disaster recovery
plan?
Management buy-in
In order to provide management with a prioritized list of time critical business processes, an administrator would assist in conducting a:
business impact assessment.
Which of the following BEST allows a technician to mitigate the chances of a successful attack against the wireless network?
Implement an authentication system and WPA.
A technician is reviewing the system logs for a firewall and is told that there is an implicit deny within the ACL. Which of the following is an example of an implicit deny?
Items which are not specifically given access are denied by default.
Which of the following is the MOST likely reason that an attacker would use a DoS attack?
The attacker wants to prevent authorized users from using a certain service.
Which of the following is a way to gather reconnaissance information from a printer resource?
SNMP
A technician gets informed that there is a worm loose on the network.Which of the following should the technician review to discover the internal source of the worm?
Antivirus logs
Which of the following BEST allows for the encryption of an entire hard drive?
Symmetric algorithm
Which of the following would a Faraday cage prevent usage of?
Cell phone
Which of the following will allow a technician to block certain HTTP traffic from company staff members?
Content filter
Which of the following is a security threat to a workstation that requires interaction from a staff member?
Virus
Which of the following will prevent a person from booting into removal storage media if the correct boot sequence is already set?
BIOS password settings
Which of the following ports need to be open to allow a user to login remotely onto a workstation?
3389
Which of the following, if intercepted, could allow an attacker to access a users email information?
Browser cookies
Which of the following would allow a technician to minimize the risk associated with staff running port scanners on the network?
Group policy
Which of the following is the MOST effective application to implement to identify malicious traffic on a server?
HIDS software
Which of the following is the MOST appropriate type of software to apply on a workstation that needs to be protected from other locally accessible workstations?
Personal software firewall
Which of the following is a way for a technician to identify security changes on a workstation?
Configuration baseline
Which of the following is a way to correct a single security issue on a workstation?
A patch
Which of the following protects a home user from the Internet?
Personal firewall
Computer equipment has been stolen from a companys office. To prevent future thefts from occurring and to safeguard the companys trade secrets which of the following should be
implemented?
Hardware locks and door access systems
Which of the following is the primary purpose for a physical access log in a data center?
Maintain a list of personnel who enter the facility.
Which of the following biometric authentication devices also carries significant privacy implications due to personal health information that can be discovered during the authentication process?
Retina scanner
An administrator has already implemented two-factor authentication and now wishes to install a third authentication factor. If the existing authentication system uses strong passwords and PKI tokens which of the following would provide a third factor?
Fingerprint scanner
A biometric authentication system consists of all of the following components EXCEPT:
hardware token
Which of the following is an example of remote authentication?
A user in one city logs onto a network by connecting to a domain server in another city.
Which of the following is a three-factor authentication system?
Username, password, token and iris scanner
Which of the following is an acceptable group in which to place end users?
Domain users
According to industry best practices, administrators should institute a mandatory rotation of duties policy due to which of the following?
Continuity of operations in the event of absence or accident
According to industry best practices, administrators should institute a mandatory rotation of duties policy due to which of the following?
To detect an inside threat
Which of the following is considered the strongest encryption by use of mathematical evaluation techniques?
AES
Which of the following should be implemented when protecting personally identifiable information
(PII) and sensitive information on IT equipment that can be easily stolen (E. g. USB drive,
laptops)?
Whole disk encryption
Which of the following is the BEST wireless security practice that could be implemented to prevent unauthorized access?
WPA2 with TKIP
Which of the following can prevent malicious software applications from being introduced while browsing the Internet?
Pop-up blockers
Which of the following are reasons to implement virtualization technology? (Select TWO).
To reduce recovery time in the event of application failure
To provide a secure virtual environment for testing
Network security administrators should implement which of the following to ensure system abuse by administrators does not go undetected in the logs?
Separation of duties
After completing a risk assessment and penetration test against a network, a security administrator recommends the network owner take actions to prevent future security incidents. Which of the following describes this type of action?
Risk mitigation
Public key infrastructure uses which of the following combinations of cryptographic items?
Private keys, public keys and asymmetric cryptography
An administrator wants to implement a procedure to control inbound and outbound traffic on a network segment. Which of the following would achieve this goal?
ACL
In PKI, the CA is responsible for which of the following?
Maintaining the CRL
In PKI, which of the following entities is responsible for publishing the CRL?
CA
Which of the following is a security risk associated with USB drives?
Easy to conceal and large storage capacity
Which of the following is a security risk associated with introducing cellular telephones with mobile OS installed on a closed network?
New vector to introduce viruses and malware to the network
The availability of portable external storage such as USB hard drives has increased which of the following threats to networks?
Removal of sensitive and PII data
An administrator finds a device attached between the USB port on a host and the attached USB keyboard. The administrator has also noticed large documents being transmitted from the host to a host on an external network. The device is MOST likely which of
In-line keystroke logger
A user is receiving an error which they have not seen before when opening an application. Which of the following is MOST likely the cause of the problem?
A patch was pushed out.
Which of the following is used to encrypt email and create digital signatures?
S/MIME
Which of the following can be used to encrypt FTP or telnet credentials over the wire?
SSH
Which of the following is a vulnerability assessment tool?
Nessus
Which of the following is a vulnerability scanner?
Microsoft Baseline Security Analyzer
Which of the following is a password cracking tool?
John the Ripper
Which of the following is a protocol analyzer?
A. John the Ripper
B. WireShark
C. Cain & Abel
D. Nessus
Answer: B
Which of the following is a system setup to distract potential attackers?
Honeypot
Changing roles every couple of months as a security mitigation technique is an example of which of the following?
Job rotation
Which of the following should be checked if an email server is forwarding emails for another domain?
SMTP open relay
Which of the following will allow the running of a system integrity verifier on only a single host?
HIDS
Which of the following has the ability to find a rootkit?
Malware scanner
Which of the following will be prevented by setting a BIOS password?
Changing the system boot order
Which of the following is a security limitation of virtualization technology?
If an attack occurs, it could potentially disrupt multiple servers.
Which of the following must be used to setup a DMZ?
Router
Which of the following would be used to push out additional security hotfixes?
Patch management
Which of the following would be used to allow a server to shut itself down normally upon a loss of
power?
Uninterruptible Power Supply (UPS)
Which of the following is the BEST security measure to use when implementing access control?
Password complexity requirements
Applying a service pack could affect the baseline of which of the following?
Heuristic-based NIDS
Which of the following is the strongest encryption form that can be used in all countries?
A. WPA2
B. TKIP
C. WEP
D. WPA
Answer: C
When would it be appropriate to use time of day restrictions on an account?
As an added security measure if employees work set schedules
Which of the following could be used to restore a private key in the event of a CA server crashing?
Recovery agent
Which of the following is a possible security risk associated with USB devices?
A. Domain kiting
B. Cross-site scripting
C. Input validation
D. Bluesnarfing
Answer: D
Which of the following is MOST effective in preventing adware?
A. Firewall
B. HIDS
C. Antivirus
D. Pop-up blocker
Answer: D
Which of the following is the MOST important when implementing heuristic-based NIPS?
Ensure the network is secure when baseline is established.
Which of the following attacks enabling logging for DNS aids?
A. Virus infections
B. SQL injection
C. Local hosts file corruption
D. Botnet attacks
Answer: D