Which of the following terms indicates that information is to be read only by those people for whom it is intended?
a) confidentiality
b) integrity
c) availability
d) accounting
a) confidentiality
Confidentiality is a concept we deal with frequently in real life. For instance, we expect our doctors to keep our medical records confidential, and we trust our friends to keep our secrets confidential. The business world defines confi
What technology is not used to implement confidentiality?
a) encryption
b) access controls
c) auditing
d) authentication
c) auditing
Confidentiality is particularly critical in today's environment. Several technologies support confidentiality in an enterprise security implementation:
� Strong encryption
� Strong authentication
� Stringent access controls
Which of the following makes sure that data is not changed when it not supposed to be?
a) confidentiality
b) integrity
c) availability
d) accounting
b) integrity
In the information security context, integrity is defined as the consistency, accuracy, and validity of data. One goal of a successful information security program is to ensure that data is protected against any unauthorized or accidental cha
Which of the following is not a response when dealing with a risk?
a) avoidance
b) mitigation
c) transfer
d) patching
d) patching
After you prioritize your risks, you can choose from among the four generally accepted responses to these risks:
� Avoidance
� Acceptance
� Mitigation
� Transfer
What do you call the security discipline that requires that a user is given no more privilege necessary to perform his or her job?
a) defense in depth
b) reduction of attack surface
c) risk transfer
d) principle of least privilege
d) principle of least privilege
The principle of least privilege is a security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job. The principle of least privile
What do you call the scope that hacker can use to break into a system?
a) defense in depth
b) attack surface
c) principle of least privilege
d) risk mitigation
b) attack surface
An attack surface consists of the set of methods and avenues an attacker can use to enter a system and potentially cause damage. The larger the attack surface of a particular environment, the greater the risk of a successful attack.
What method used by a hacker relies on the trusting nature of the person being attacked?
a) social engineering
b) attack surface
c) principle of least privilege
d) risk avoidance
a) social engineering
Social engineering is a method used to gain access to data, systems, or networks, primarily through misrepresentation. This technique typically relies on the trusting nature of the person being attacked. In a typical social engineeri
What is the best way to protect against social engineering?
a) stronger encryption
b) stronger authentication
c) employee awareness
d) risk mitigation
c) employee awareness
The key to thwarting a social engineering attack is employee awareness. If your employees know what to watch for, an attacker will find little success.
What is needed to highly secure a system?
a) lots of time
b) more money
c) system update
d) disabled administrator account
b) more money
Security costs money. Typically, the more money you spend, the more secure your information or resources will be (up to a point). So, when looking at risk and threats, you need to consider how valuable certain confidential data or resources
What is the first line of defense when setting up a network?
a) physically secure the network
b) configure authentication
c) configure encryption
d) configure an ACL
a) physically secure the network
If someone can get physical access to a server where confidential data is stored, with the right tools and enough time, that person can bypass any security the server uses to protect the data.
Which concept determines what resources users can access after they log on?
a) authentication
b) auditing
c) access control
d) defense in depth
c) access control
Access control is a key concept when thinking about physical security. It can also be a little confusing, because you frequently hear the phrase used when discussing information security. In the context of physical security, access contr
What is used to provide protection when one line of defense is breached?
a) defense in depth
b) attack surface
c) principle of least privilege
d) risk mitigation
a) defense in depth
The term defense in depth means using multiple layers of security to defend your assets. That way, even if an attacker breaches one layer of your defense, you have additional layers to keep that person out of the critical areas of your
What is used to identify a person before giving access?
a) authentication
b) encryption
c) access control
d) auditing
a) authentication
Site security must address the need to identify and authenticate the people who are permitted access to an area. The first step is authentication, which proves that a person who is logging on is actually that person.
What is used to verify that an administrator is not accessing data that he should not be accessing?
a) authentication
b) encryption
c) access control
d) auditing
d) auditing
Site security must also provide the ability to audit activities within the facility. This can be done by reviewing camera footage, badge reader logs, visitor registration logs, or other mechanisms.
What type of device can be easily lost or stolen or can be used for espionage?
a) processors
b) RAM chips
c) removable devices
d) servers
c) removable devices
A removable storage device or drive is designed to be taken out of a computer without turning the computer off. Three basic types of security issues are associated with removable storage: loss, theft, and espionage. The loss of a stor
What is a physical or logical device used to capture keystrokes?
a) USB flash drive
b) PDA
c) Smartphone
d) keylogger
d) keylogger
A keylogger is a physical or logical device used to capture keystrokes. An attacker will either place a device between the keyboard and the computer or install a software program to record each keystroke taken, and then she can use software t
In dealing with risks, which response is done by buying insurance to protect your bottom line if such a disaster or threat is realized?
a) risk avoidance
b) risk acceptance
c) risk mitigation
d) risk transfer
d) risk transfer
Risk transfer is the act of taking steps to move responsibility for a risk to a third party through insurance or outsourcing. For example, you risk having an accident while driving your car. You transfer this risk by purchasing insurance
A ___________ is generally defined as the probability that an event will occur that can cause harm to a computer system, service, or network.
risk
A risk is generally defined as the probability that an event will occur. In reality, businesses are concerned about only risks that would negatively affect the computing environment. For instance, you might risk winning the lottery on Friday�but that
Over the last couple of years, small ___________________ devices have been become one of the largest challenges facing security professionals.
mobile
Mobile devices are one of the largest challenges facing many security professionals today. Mobile devices such as laptops, PDAs (personal digital assistants), and smartphones are used to process information, send and receive mail, store enormous am
What do the initials CIA stand for in relation to security?
confidentiality, integrity, and availability
When you are working in the information security field, one of the first acronyms you will encounter is CIA, but don't confuse this with a government agency. Rather, in this context, CIA represents the core goa
What is the process of identifying an individual?
a) authentication
b) authorization
c) accounting
d) auditing
a) authentication
In the world of information security, AAA (authentication, authorization, and accounting) is a leading model for access control. Here, authentication is the process of identifying an individual. After a user is authenticated, she can acc
What do you call the process in which a user is identified via a username and password?
a) authentication
b) authorization
c) accounting
d) auditing
a) authentication
Authentication is the process of identifying an individual, usually based on a username and password. After a user is authenticated, he can access network resources based on his authorization.
What is the process of giving individual access to a system or resource?
a) authentication
b) authorization
c) accounting
d) auditing
b) authorization
Authorization is the process of giving individuals access to system objects based on their identities. Of course, before authorization is to occur, authentication must occur.
What is the process of keeping track of a user's activity?
a) authentication
b) authorization
c) accounting
d) authoring
c) accounting
Accounting, also known as auditing, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transfer
What process prevents someone from denying that she accessed a resource?
a) accounting
b) authorization
c) sniffing
d) nonrepudiation
d) nonrepudiation
Nonrepudiation prevents one party from denying the actions it has carried out. If you have established proper authentication, authorization, and accounting, appropriate mechanisms of nonrepudiation should be in place, and no user should
Which of the following is a secret numeric password used for authentication?
a) security token
b) digital certificate
c) digital signature
d) PIN
d) PIN
A personal identification number (PIN) is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Because they consist of only digits and are relatively short (usually four digits), PINs
What type of electronic document contains a public key?
a) digital certificate
b) biometrics
c) PIN
d) PAN
a) digital certificate
A digital certificate is an electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because a digital certificate is used to prove a person's identity, it can also b
What item, about the size of a credit card, allows access to a network and its resources?
a) digital certificate
b) smart card
c) security token
d) biometric
b) smart card
A smart card is a pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic. Nonvolatile memory is memory that does not forget its content when power is disco
What type of authentication method identifies and recognizes people based on physical traits such as fingerprints?
a) digital certificates
b) WEP
c) biometrics
d) RADIUS
c) biometrics
Biometrics is an authentication method that identifies and recognizes people based on physical traits, such as fingerprints, facial recognition, iris recognition, retinal scans, and voice recognition. Many mobile computers include a finger s
What authentication type is the default for Active Directory?
a) NTLM
b) Kerberos
c) MS-CHAP
d) MS-CHAPv2
b) Kerberos
Kerberos is the default computer network authentication protocol that allows hosts to securely prove their identity over a nonsecure network. It can also provide mutual authentication so that both the user and server verify each other's identi
What directory service is used with Windows domains?
a) Active Directory
b) E-Directory
c) PAM
d) Kerberos
a) Active Directory
A directory service stores, organizes, and provides access to information in a directory. It is used for locating, managing, and administering common items and network resources, such as volumes, folders, files, printers, users, groups
What type of server runs Active Directory?
a) member server
b) file server
c) domain controller
d) NTLAN server
c) domain controller
A domain controller is a Windows server that stores a replica of the account and security information of a domain and defines the domain boundaries. To make a computer running Windows Server 2008 a domain controller, you first have to
When you access permissions to a folder, you should first grant permissions to __________ rather than users.
a) groups
b) computers
c) collections
d) organizational units
a) groups
A group is a collection or list of user accounts or computer accounts. Different from a container, a group does not store users or computers; rather, it just lists them. Using groups can simplify administration, especially when assigning rights
When you create a local user on a computer running in Windows 7, where is the user account stored?
a) Active Directory
b) SAM
c) PAN
d) SQL database
b) SAM
A user account allows users to log on and gain access to the computer where the account was created. The local user account is stored in the Security Account Manager (SAM) database on the local computer. The only Windows computer that does not have
Which type of group can be granted rights and permissions?
a) security
b) distribution
c) authorizing
d) SAM
a) security
Windows Active Directory employs two types of groups: security and distribution. A security group is used to assign rights and permissions and to gain access to network resources. It can also be used as a distribution group. A distribution gro
What authorizes a user to perform certain actions in Windows such as logging on or performing a backup?
a) right
b) permission
c) accessible
d) key
a) right
A right authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up a system's files and directories. User rights are assigned through local policies or Active Directory group policies.
When you grant access to print to a printer, what are you granting?
a) right
b) permission
c) accessible
d) key
b) permission
A permission defines the type of access granted to an object (an object can be identified with a security identifier) or object attribute. The most common objects assigned permissions are printers, NTFS files and folders, and Active Director
Where are users and permissions stored for an NTFS folder?
a) access log
b) access file
c) registry
d) ACL
d) ACL
Information about which users can access an object and what they can do is stored in the access control list (ACL), which lists all users and groups that have access to an object.
What type of permissions are assigned directly to a file or folder?
a) explicit
b) inherited
c) encompassing
d) overriding
a) explicit
NTFS uses two types of permissions. Explicit permissions are granted directly to a file or folder, whereas inherited permissions are granted to a parent object and flow down to child objects.
What is the process of converting data into a format that cannot be read by another user?
a) encryption
b) locking
c) keying
d) registering
a) encryption
Encryption is the process of converting data into a format that cannot be read by another user. After a file is encrypted, it automatically remains encrypted when stored on disk. Decryption is the process of converting data from encrypted fo
Which authentication sends the username and password in plain text?
a) MS-CHAP
b) CHAP
c) PAP
d) SPAP
c) PAP
Password Authentication Protocol (PAP) uses plain text (unencrypted passwords). PAP is the least secure form of authentication and is not recommended.
In Windows, what do you use to enable auditing?
a) registry
b) group policies
c) NTFS permissions
d) access log
c) NTFS permissions
Auditing is not enabled by default in Windows. To enable auditing, you must specify what types of system events to audit by using group policies or the local security policy (Security Settings\Local Policies\Audit Policy).
By default, the ____________ group has full access to all resources within a domain?
Domain Admins
Members of the Domain Admins group can perform administrative tasks on any computer within the domain. By default, the Administrator account is a member.
_____________ allows you to log on once and access multiple related by different systems without having to log on again.
Single sign-on (SSO)
Single sign-on (SSO) allows you to log on once and access multiple related but independent software systems without having to log on again. As you log on with Windows via Active Directory, you are assigned a token, which can then be u
_______________ is the term used to describe two or more authentication methods used to authenticate someone.
Multifactor authentication
When two or more authentication methods are used to authenticate someone, a multifactor authentication system is said to be in place. Of course, a system that uses two authentication methods (such as smart cards and passwords) c
______________ is the standard for logging program messages for UNIX and Linux machines.
Syslog
If you need to audit non-Microsoft products, you may need to use Syslog, standard for logging program messages that can be accessed by devices that would not otherwise would not have a method for communication. Cisco firewalls and routers, computer
What is the most common form of authentication?
password
For both individual computers and entire networks, the most common method of authentication is the password. A password is a secret series of characters that enables a user to access a particular file, computer, or program.
You are told that you should not log on to your local computer running Windows 7 as a domain administrator. However, some tools run only as a domain administrator. What should you do?
Log on with your normal user account and use RUNAS to run those tools.
Because administrators have full access to individual computers or entire networks, it is recommended that you use a standard non-administrator user account to perform most tasks. Then
What is the most common form of authentication?
a) password
b) PIN
c) digital certificates
d) smart cards
a) password
Much of today's data protection is based on the password. You use passwords to secure your voice mail, ATM access, email account, Facebook account, and a host of other things.
Anytime you use a password, you should make it ___________.
a) constantly changing
b) migrating
c) strong
d) simple
c) strong
One basic component of your information security program is ensuring that all employees select and use strong passwords. The strength of a password can be determined by looking at the password's length, complexity, and randomness.
What do you call a password that is at least seven characters long and uses three of the following categories (uppercase, lowercase, numbers, and special characters)?
a) healthy password
b) migrating password
c) standard password
d) complex password
d) complex password
Password complexity involves the characters used to make up a password. A complex password uses characters from at least three of the following categories:
� English uppercase characters (A through Z)
� English lowercase characters (a
What do you use to define how long a password is in Windows?
a) registry
b) Users applet in the Control Panel
c) group policies
d) NTFS files
c) group policies
A Group Policy Object (GPO) is a set of rules that give an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects. GPOs ar
Which of the following is not a complex password?
a) Platter*SAN
b) John!Taylor
c) Password01
d) ThereisTimetoLive&Die
b) John!Taylor
You should never use the user name as part of the password.
What settings are used to keep track of incorrect logon attempts and lock the account if too many attempts are detected within a certain set time?
a) account lockout
b) password policy
c) authentication tracker
d) user parameters
a) account lockout
Account lockout refers to the number of incorrect logon attempts permitted before a system locks an account. Each bad logon attempt is tracked by the bad logon counter, and when the counter exceeds the account lockout threshold, no furt
What setting is used to prevent users from reusing the same password over and over?
a) minimum password age
b) maximum password age
c) password history
d) account lockout
c) password history
Password history is the setting that determines the number of unique passwords that must be used before a password can be reused. This setting prevents users from recycling the same passwords through a system. The more often a password
What prevents users from changing a password multiple times so that they can change it to their original password?
a) minimum password age
b) maximum password age
c) password history
d) account lockout
a) minimum password age
The minimum password age setting controls how many days users must wait before they can reset their password. This setting can be a value from one to 998 days. If set to 0, passwords can be changed immediately. Although this seems
What setting forces users to change their password?
a) minimum password age
b) maximum password age
c) password history
d) account lockout
b) maximum password age
The maximum password age setting controls the maximum period of time that can elapse before you are forced to reset your password. This setting can range from one to 999 days, or it can be set to 0 if you never want passwords to ex
What type of attack tries to guess passwords by trying common words?
a) dictionary attack
b) brute-force attack
c) man-in-the-middle attack
d) smurf attack
a) dictionary attack
A dictionary attack uses a dictionary containing an extensive list of potential passwords that the attacker then tries with a user ID in an attempt to guess the appropriate password. The earliest versions of this type of attack actual
What type of attack tries to guess passwords by every combination of characters?
a) dictionary attack
b) brute-force attack
c) man-in-the-middle attack
d) smurf attack
b) brute-force attack
Another, more crude type of attack�called a brute-force attack�doesn't rely on lists of passwords, but rather tries all possible combinations of permitted character types. Although this type of attack was historically considered inef
What malicious software captures every keystroke and sends it to a hacker?
a) dictionary software
b) password leaker
c) keylogger
d) sniffer
c) keylogger
Anytime your computer can be physically accessed by an attacker, that computer is at risk. Physical attacks on your computer can completely bypass almost all security mechanisms, such as by capturing the passwords and other critical data dire
What type of software can you use to view usernames and passwords broadcasted over the network?
a) dictionary software
b) password leaker
c) keylogger
d) sniffer
d) sniffer
Sniffers are specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker. Sniffers are valid forms of test equipment, used to identify network a
What is the generally accepted minimum password length?
a) 4
b) 6
c) 8
d) 12
c) 8
The length of a password is a key component of its strength. Password length is the number of characters used in a password. A password with two characters is considered highly insecure, because a very limited set of unique passwords can be made usin
What are the only passwords that should not expire?
a) administrator accounts
b) power users
c) service accounts
d) standard user
c) service accounts
Passwords should always expire, except in extremely unique circumstances, such as service accounts for running applications. Although this may add administrative overhead to some processes, passwords that don't expire can be a serious
Which of the following should users not do when dealing with passwords?
a) Avoid allowing other users from seeing you type in your password.
b) Write down your password on a piece of paper and keep it near your computer.
c) Do not use names of children an
e) b, c, and d
Don't use common items that represent you, such as names of children, spouses, girlfriends, and pets. Protect your password by not giving it to other people and avoid allowing people from seeing you type in your password. Don't write your p
What might happen if you require passwords to be too long?
Users will try to circumvent the password.
A 14-character password is difficult for most users to remember. When passwords become this long, users often start breaking out the note paper and writing down their passwords, which defeats any security benefit
What limits how fast a password for an encrypted file is cracked?
The speed of your computer, particularly your processor
Passwords stored in an encrypted state are harder to break than passwords stored in clear text or in a hashed state. However, with today's computing power, even encrypted password stores are being co
What steps can you do to prevent someone from hacking your password?
Use strong passwords and change them frequently.
Dictionary and brute-force attacks tend to be most successful when a password's length is seven characters or less. Each additional character adds a significant number of possible passwords. Such attacks ar
What is used to prevent someone from guessing a password multiple times?
account lockout settings
The account lockout settings are a critical defense against guessing a password, because an account lockout will either slow or even stop a brute-force attack in its tracks after the configured number of incorrect logon attempts i
What type of device isolates a network by filtering the packets that can enter it?
a) firewall
b) bridge
c) gateway
d) switch
a) firewall
A firewall is a system designed to protect a computer or computer network from network-based attacks. A firewall does this by filtering the data packets traversing the network.
What seven-layer model is often used to describe networking technologies and services?
a) OSI
b) TCP/IP
c) IPX/SPX
d) DIX
a) OSI
The OSI model is a conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, to describe a network architecture that allows the passage of data between computer systems. Although never fully
On which OSI layer do routers function?
a) 1
b) 2
c) 3
d) 4
c) 3
The Network layer is primarily responsible for routing. This layer defines the mechanisms that allow data to be passed from one network to another. How the data is passed is defined by the routing protocols. As a result, a router is typically known a
n which OSI layer do TCP and UDP function?
a) 1
b) 2
c) 3
d) 4
d) 4
The Transport layer does exactly what its name implies: It provides the mechanisms for carrying data across a network. This layer uses three main mechanisms to accomplish this task: segmentation, service addressing, and error checking. TCP and UDP ar
What OSI layer do switches and bridges use?
a) 1
b) 2
c) 3
d) 4
b) 2
The Data Link layer (Layer 2) connects the data layer to the physical layer so that data can be transmitted across the network. The Data Link layer handles error detection, error correction, and hardware addressing (that is, the address of a network
What port does SMTP use?
a) 21
b) 23
c) 25
d) 443
c) 25
Simple Mail Transfer Protocol (SMTP) is used to relay and deliver email. It uses TCP port 25.
What port does LDAP use?
a) 25
b) 443
c) 389
d) 3389
c) 389
Lightweight Direct Access Protocol (LDAP) is a common directory service used to locate and access resources on a network. Users TCP port 389.
What type of firewall filters packets based on IP address and ports?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful
a) packet-filtering
When you configure a packet-filtering firewall rule, you generally use one or more of the following TCP/IP attributes:
� Source IP addresses
� Destination IP addresses
� IP protocol (telnet, ftp, http, https, etc.)
� Source TCP and UDP
What type of firewall is also known as a proxy server?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful
c) application-level
Application-level firewalls (also known as proxy servers) work by performing a deep inspection of application data as it traverses the firewall. Rules are set by analyzing client requests and application responses, and then by enforci
What type of firewall looks at the previous conversations to determine if a packet should enter a network?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful
d) stateful
Stateful inspection takes packet filtering to the next level. In addition to examining the header information of the packets traversing the firewall, a stateful inspection firewall considers other factors when determining whether traffic shoul
What Microsoft technology can verify that a client has the newest Windows updates and has an updated antivirus software package before being allowed access to the network?
a) IPsec
b) NAP
c) SCCM
d) SCOM
b) NAP
Recognizing the need for administrators to have more granular control over what systems connect to a network, Microsoft introduced Network Access Protection (NAP) as part of the Windows Server 2008 operating system. NAP is a solution that allows ad
What technology can you use to isolate a network of servers so that they cannot interact with other servers?
a) bridge
b) switch
c) router
d) VLAN
d) VLAN
Accordingly, virtual LANs (VLANs) were developed as an alternate solution to deploying multiple routers. VLANs are logical network segments used to create separate broadcast domains, but they still allow the devices on the VLAN to communicate at L
What type of device looks at a packet and forwards it based on its destination IP address?
a) bridge
b) switch
c) router
d) VLAN
c) router
When a router receives a packet that must be forwarded to a destination host, the router has to determine whether it can deliver the packet directly to the destination host, or whether it needs to forward the packet to another router. To make th
Which type of routing protocol sends the entire routing table to its neighbors?
a) distance vector
b) link state
c) scalable driven
d) infinity
a) distance vector
Distance vector-based routing protocols require that each router inform its neighbors of its routing table. This is done by sending the entire routing table when the router boots and then resending it at scheduled intervals. Each router
Which type of system detects unauthorized intruders and then takes action to stop them from proceeding?
a) IDS
b) IPS
c) VLAN
d) NAT
b) IPS
An intrusion prevention system (IPS) is similar to an IDS, except that in addition to detecting and alerting, an IPS can also take action to prevent a breach from occurring.
What type of server would you install that would be used to trap a hacker?
a) honeypot
b) NAT
c) IPS
d) IDS
a) honeypot
Honeypots, honey nets, and padded cells are complementary technologies to IDS/IPS deployments. A honeypot is designed to distract hackers from real targets, detect new vulnerabilities and exploits, and learn about the identity of attackers.
What special area serves as a buffer area between the Internet and the internal network and can be used to hold web servers that are accessed from the Internet?
a) DMZ
b) NAT
c) VLAN
d) PLC
a) DMZ
In computer networking, a demilitarized zone (DMZ) is a firewall configuration used to secure hosts on a network segment. In most DMZs, the hosts on the DMZ are connected behind a firewall that is connected to a public network such as the Internet.
How many firewalls would you use to create a sandwich DMZ?
a) 1
b) 2
c) 3
d) 4
b) 2
A sandwich DMZ model uses both an outer firewall and an inner firewall. The outer firewall secures the DMZ network segment from the external (insecure) network. Servers that are meant to be accessed from the external network (such as the Internet) ha
You have several Internet web servers that need to communicate with a SQL server. Where would you place the SQL server?
a) internal network
b) DMZ
c) Internet
d) isolated VLAN
a) internal network
Web servers are the most common servers found in DMZ networks. Accessed via HTTP over port 80 or HTTPS over port 443 for secure access, web servers are commonly Internet-accessible. However, because the SQL server needs more security,
Which of the following servers would you not place on the DMZ?
a) Internet web server
b) email relay servers
c) email mailbox servers
d) proxy servers
c) email mailbox servers
In computer networking, a DMZ is a firewall configuration used to secure hosts on a network segment. You should place Internet web servers, email relay servers, and reverse proxy servers on a DMZ. SQL servers and mailbox servers s
What technology allows a user at home to connect to the corporate network?
a) NAT
b) VPN
c) DMZ
d) PLC
b) VPN
VPN (Virtual Private Network) is a technology that uses encrypted tunnels to create secure connections across public networks such as the Internet. VPNs are commonly used by remote employees for access to the internal network, to create secure netw
Which IPsec protocol provides integrity protection for packet headers, data, and user authentication but does not encrypt the data load?
a) AH
b) ESP
c) IKE
d) LDAP
a) AH
Authentication Header (AH) provides integrity protection for packet headers, data, and user authentication. It can optionally provide replay protection and access protection. AH cannot encrypt any portion of packets. For AH to work with NAT, the IP
Which type of malware can copy itself and infect a computer without the user's consent or knowledge?
a) virus
b) Trojan horse
c) rootkit
d) backdoor
a) virus
A computer virus is a program that can copy itself and infect a computer without the user's consent or knowledge. Early viruses were usually some form of executable code that was hidden in the boot sector of a disk or as an executable file (that
What type of self-replicating program copies itself to other computers on a network without any user intervention and consumes bandwidth and computer resources?
a) virus
b) Trojan horse
c) worm
d) backdoor
c) worm
A worm is a self-replicating program that copies itself to other computers on a network without any user intervention. Unlike a virus, a worm does not corrupt or modify files on the target computer. Instead, it consumes bandwidth and processor and
What malware looks like a useful or desired executable program but is in reality program that is supposed to cause harm to your computer or steal information from your computer?
a) virus
b) Trojan horse
c) worm
d) backdoor
b) Trojan horse
A Trojan horse is an executable program that appears as a desirable or useful program. Because it appears to be desirable or useful, users are tricked into loading and executing it on their systems. After the program is loaded, it might ca
What malware collects a user's personal information or details about your browsing habits without your knowledge?
a) virus
b) Trojan horse
c) worm
d) spyware
d) spyware
Spyware is a type of malware that is installed on a computer to collect a user's personal information or details about browsing habits, often without the user's knowledge. Spyware can also install additional software, redirect your web browser
What malware gives administrator-level control over a computer system?
a) rootkit
b) Trojan horse
c) worm
d) spyware
a) rootkit
A rootkit is a software or hardware device designed to gain administrator-level control over a computer system without being detected. Rootkits can target the BIOS, hypervisor, boot loader, kernel, or (less commonly) libraries or applications.
What software component comes with Windows Vista and Windows 7 to defend against spyware?
a) Windows Firewall
b) Windows Defender
c) UAC
d) Windows Anti-virus
b) Windows Defender
Windows Defender is a software product from Microsoft that is intended to prevent, remove, and quarantine spyware in Microsoft Windows. This program helps protect your computer against pop-ups, slow performance, and security threats ca
What do you call a message warning you to delete an essential Windows file?
a) virus hoax
b) keylogger
c) backdoor
d) worm
a) virus hoax
A virus hoax is a message warning recipients of a nonexistent computer virus threat, usually sent as a chain email that tells the recipient to forward it to everyone they know. This is a form of social engineering that plays on people's igno
What server can be used to install Windows updates for your organization?
a) SCOM
b) WSUS
c) IIS
d) WDS
b) WSUS
For corporations, you can also use Windows Server Update Service (WSUS) or System Center Configuration Manager (SCCM) to keep your systems updated. The advantage of using one of these two systems is that it allows you to test the patch, schedule t
What do you call multiple Windows updates that have been packaged together as one installation and are well tested?
a) service packs
b) cumulative packs
c) critical update
d) optional update
a) service packs
A service pack is a tested cumulative set of hotfixes, security updates, critical updates, and updates, as well as additional fixes for problems found internally since the release of the product.
What Windows feature notifies you when something tries to make changes to your computer without your knowledge?
a) WDS
b) NAT
c) Windows Defender
d) UAC
d) UAC
User Account Control (UAC) is a feature that started with Windows Vista and is included with Windows 7. UAC helps prevent unauthorized changes to your computer and, in doing so, helps protect your system from malware.
What host firewall is included with Windows 7?
a) Windows Firewall
b) Windows Defender
c) Microsoft Protector
d) Microsoft Safety Net
a) Windows Firewall
Microsoft recommends that you always use Windows Firewall. However, because some security packages and antivirus packages include their own firewalls, you can choose to run an alternative firewall�but you should use only one firewall.
What do you call unsolicited junk email?
a) spam
b) j-mail
c) junkettes
d) Infected mail
a) spam
Email has become an essential service for virtually every corporation. Unfortunately, much of the email received by company employees consists of unsolicited messages called spam or junk email, some of which can carry malware and may lead to fraud
What email validation system is designed to stop spam that uses source address spoofing?
a) Foremost Relay System
b) Sender Policy Framework
c) Spam Checking Networking
d) Spoof Checker
b) Sender Policy Framework
Sender Policy Framework (SPF) is an email validation system designed to stop spam that uses source address spoofing. SPF allows administrators to specify in DNS SPF records in the public DNS which hosts are allowed to send email
What do spammers and hackers look for when they want to send email through your network?
a) open SMTP servers
b) open web servers
c) open POP3 servers
d) open FTP servers
a) open SMTP servers
Simple Mail Transfer Protocol (SMTP), one of the primary email protocols, is used to transfer email from one server to another and is responsible for outgoing mail transport. SMTP uses TCP port 25. Although you may think your email se
Which tab in Internet Explorer settings would you use to delete history and cookies?
a) General
b) Privacy
c) Security
d) Advanced
a) General
When you use a browser to access the Internet, you may be revealing personal information and a great deal about your personality. Therefore, you need to take steps to ensure that this information cannot be read or used without your knowledge. A
Which Internet Explorer zone is the least secure?
a) Internet zone
b) local intranet zone
c) trusted sites zone
d) restricted sites zone
c) trusted sites zone
The trusted sites zone contains sites from which you believe you can download or run files without damaging your system. You can assign sites to this zone. The default security level for the trusted sites zone is Low, which means Int
What technique is used to send you to a fake, but realistic-looking, website to verify your account information?
a) spoofing
b) smurfing
c) man-in-the-middle
d) phishing
d) phishing
Phishing is a technique based on social engineering. With phishing, users are asked (usually through email or websites) to supply personal information in one of two ways:
� By replying to an email asking for their username, password, and other
______________ is software that is designed to infiltrate or affect a computer system without the owner's informed consent.
malware
Malicious software, sometimes called malware, is software designed to infiltrate or affect a computer system without the owner's informed consent. The term malware is usually associated with viruses, worms, Trojan horses, spyware, rootkits, and di
A _____________ is a program that give someone remote, unauthorized control or a system or initiates an unauthorized task.
backdoor
A backdoor is a program that gives someone remote, unauthorized control of a system or initiates an unauthorized task. Some backdoors are installed by viruses or other forms of malware. Other backdoors may be created by programs on commercial app
What are the best two things can you to do protect yourself from viruses and other forms of malware?
Keep Windows up-to-date with the newest security updates and use an up-to-date anti-virus software package.
Some viruses, worms, rootkits, spyware, and adware gain access to a system by exploiting security holes in Windows, Internet Explorer, Microsoft Of
Which attack listens to network traffic of a computer resource?
A. Resource gathering
B. Denial of service
C. ARP poisoning
D. Eavesdropping
E. Logic bomb
D. Eavesdropping
In general, the majority of network communications occur in an unsecured or "cleartext"
format, which allows an attacker who has gained access to data paths in your network to
"listen in" or interpret (read) the traffic. When an attacker
What does NAT do?
A. It encrypts and authenticates IP packets.
B. It provides caching and reduces network traffic.
C. It translates public IP addresses to private addresses and vice versa.
D. It analyzes incoming and outgoing traffic packets
C.
translates Private IP addresses to Public IP addresses and Public IP addresses back to Private IP addresses.
Role separation improves server security by:
A. Enforcing principle of least privilege.
B. Installing applications on separate hard disks.
C. Physically separating high security servers from other servers.
D. Placing servers on separate VLANs.
A. Enforcing principle of least privilege.
The Graphic Design Institute hires you to help them set up a server for their 20-person
team.
As a general practice of hardening the server, you start by performing which two tasks?
(Choose two.)
A. Disable the guest account.
B. Rename the admin account.
A.Disable the guest account.
B. Rename the admin account.
A network sniffer is software or hardware that:
A. Records user activity and transmits it to the server
B. Captures and analyzes network communication
C. Protects workstations from intrusions
D. Catalogs network data to create a secure index
B. Captures and analyzes network communication
A network sniffer is a computer tool that captures network data in the form of low-level
packets. Network sniffers can be used for technical troubleshooting and analyzing the
communication
Your password is 1Vu*cI!8sT.
Which attack method is your password vulnerable to?
A. Rainbow table
B. Brute force
C. Spidering
D. Dictionary
A. Rainbow table
A group of users has access to Folder A and all of its contents. You need to prevent some
of the users from accessing a subfolder inside Folder A.
What should you do first?
A. Disable folder sharing
B. Hide the folder
C. Change the owner
D. Block inherita
A. Disable folder sharing
Many Internet sites that you visit require a user name and password.
How should you secure these passwords?
A. Save them to a text file
B. Enable session caching
C. Configure the browser to save passwords
D. Save them to an encrypted file
E. Reuse the sam
D. Save them to an encrypted file
Bridging is a process of sending packets from source to destination on OSI layer 3.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text makes the statement correct.
A. R
A. Routing
You need to install a domain controller in a branch office. You also need to secure the
information on the domain controller. You will be unable to physically secure the server.
Which should you implement?
A. Read-Only Domain Controller
B. Point-to-Point
A. Read-Only Domain Controller
A read-only domain controller (RODC) is a new type of domain controller in the Windows
Server 2008 operating system. With an RODC, organizations can easily deploy a domain
controller in locations where physical security cann
What are two attributes that an email message may contain that should cause a user to
question whether the message is a phishing attempt? (Choose two.)
A. An image contained in the message
B. Spelling and grammar errors
C. Threats of losing service
D. Use
B. Spelling and grammar errors
C. Threats of losing service
A group of users has access to Folder A and all of its contents. You need to prevent some
of the users from accessing a subfolder inside Folder A.
What should you do first?
A. Disable folder sharing
B. Hide the folder
C. Change the owner
D. Block inherita
A. Disable folder sharing
Many Internet sites that you visit require a user name and password.
How should you secure these passwords?
A. Save them to a text file
B. Enable session caching
C. Configure the browser to save passwords
D. Save them to an encrypted file
E. Reuse the sam
D. Save them to an encrypted file
Bridging is a process of sending packets from source to destination on OSI layer 3.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text makes the statement correct.
A. R
A. Routing
You need to install a domain controller in a branch office. You also need to secure the
information on the domain controller. You will be unable to physically secure the server.
Which should you implement?
A. Read-Only Domain Controller
B. Point-to-Point
A. Read-Only Domain Controller
Explanation:
A read-only domain controller (RODC) is a new type of domain controller in the Windows
Server 2008 operating system. With an RODC, organizations can easily deploy a domain
controller in locations where physical
What are two attributes that an email message may contain that should cause a user to
question whether the message is a phishing attempt? (Choose two.)
A. An image contained in the message
B. Spelling and grammar errors
C. Threats of losing service
D. Use
A. An image contained in the message
B. Spelling and grammar errors
The WPA2 PreShared Key (PSK) is created by using a passphrase (password) and salting
it with the WPS PIN.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text makes the s
A. Service Set Identifier (SSID)
To implement WPA2 Enterprise, you would need a/an:
A. RADIUS server
B. SSL server
C. WEP server
D. VPN server
A. RADIUS server
You are volunteering at an organization that gets a brand new web server. To make the
server more secure, you should add a second administrator account.
Select the correct answer if the underlined text does not make the statement correct. Select
"No chang
A. Disable unused services
Which two characteristics should you recommend for a user's domain password? (Choose
two.)
A. Hard to guess
B. Includes Unicode characters
C. Easy to remember
D. Easy to increment
A. Hard to guess
C. Easy to remember
What is a service set identifier (SSID)?
A. A wireless encryption standard
B. The wireless LAN transmission type
C. The broadcast name of an access point
D. A wireless security protocol
C. The broadcast name of an access point
Explanation:
SSID (service set identifier) is a function performed by an Access Point that transmits its
name so that wireless stations searching for a network connection can 'discover' it. It's
what allows your wi
For each of the following statements, select Yes if the statement is true. Otherwise, select
No. Each correct selection is worth one point.
1. you can view audit logs in Event Viewer Yes[1] No[2]
2. Audit Logs have a set size limit and cannot be adjusted
1. [1]
2. [2]
3. [1]
Which is the minimum requirement to create BitLocker-To-Go media on a client computer?
A. Windows XP Professional Service Pack 3
B. Windows Vista Enterprise Edition
C. Windows 7 Enterprise Edition
D. Windows 2000 Professional Service Pack 4
A. Windows XP Professional Service Pack 3
The Active Directory controls, enforces, and assigns security policies and access rights for
all users.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text makes the sta
D. No change is needed
Which two security settings can be controlled by using group policy? (Choose two.)
A. Password complexity
B. Access to the Run... command
C. Automatic file locking
D. Encrypted access from a smart phone
A. Password complexity
B. Access to the Run... command
Coho Winery wants to increase their web presence and hires you to set up a new web
server. Coho already has servers for their business and would like to avoid purchasing a
new one.
Which server is best to use as a web server, considering the security and
C. Domain Controller
Cookies impact security by enabling: (Choose two.)
A. Storage of Web site passwords.
B. Higher security Web site protections.
C. Secure Sockets Layer (SSL).
D. Web sites to track browsing habits
A. Storage of Web site passwords.
D. Web sites to track browsing habits
To protect systems from buffer overflow errors, you can use:
A. Antivirus software
B. Data Execution Prevention
C. A proxy server
D. An Intruder Prevention System
B. Data Execution Prevention
Account lockout policies are used to prevent which type of security attack?
A. Brute force attacks
B. Users sharing passwords
C. Social engineering
D. Passwords being reused immediately
A. Brute force attacks
A user who receives a large number of emails selling prescription medicine is probably
receiving pharming mail.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text makes
C. Spam
You want to make your computer resistant to online hackers and malicious software.
What should you do?
A. Configure a forward proxy.
B. Install anti-virus software.
C. Enable spam filtering.
D. Turn on Windows Firewall.
B. Install anti-virus software.
The certificate of a secure public Web server on the Internet should be:
A. Issued by a public certificate authority (CA)
B. Signed by using a 4096-bit key
C. Signed by using a 1024-bit key
D. Issued by an enterprise certificate authority (CA)
A. Issued by a public certificate authority (CA)
The primary method of authentication in an SSL connection is passwords.
To answer, choose the option "No change is needed" if the underlined text is correct. If the
underlined text is not correct, choose the correct answer.
A. No change is needed
B. Certi
B. Certificates
What is a common method for password collection?
A. Email attachments
B. Back door intrusions
C. SQL Injection
D. Network sniffers
D. Network sniffers
A digitally signed e-mail message:
A. Validates the recipient
B. Validates the sender
C. Is encrypted
D. Is virus-free
B. Validates the sender
Explanation:
By digitally signing a message, you apply your unique digital mark to the message. The
digital signature includes your certificate and public key. This information proves to the
recipient that you signed the contents o
To keep third-party content providers from tracking your movements on the web, enable
InPrivate Browsing.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed'' if the underlined text makes the
A. InPrivate Filtering
Keeping a server updated:
A. Maximizes network efficiency
B. Fixes security holes
C. Speeds up folder access
D. Synchronizes the server
B. Fixes security holes
Humongous Insurance needs to set up a domain controller in a branch office.
Unfortunately, the server cannot be sufficiently secured from access by employees in that
office, so the company is installing a Primary Domain Controller.
Select the correct answ
A. Read-Only Domain Controller
Phishing is an attempt to:
A. Obtain information by posing as a trustworthy entity.
B. Limit access to e-mail systems by authorized users.
C. Steal data through the use of network intrusion.
D. Corrupt e-mail databases through the use of viruses.
A. Obtain information by posing as a trustworthy entity.
Explanation:
Phishing is the act of attempting to acquire sensitive information such as usernames,
passwords, and credit card details (and sometimes, indirectly, money) by masquerading as
a trustwor
What is an example of non-propagating malicious code?
A. A back door
B. A hoax
C. A Trojan horse
D. A worm
A. A back door
You create a web server for your school. When users visit your site, they get a certificate
error that says your site is not trusted.
What should you do to fix this problem?
A. Install a certificate from a trusted Certificate Authority (CA).
B. Use a digi
A. Install a certificate from a trusted Certificate Authority (CA).
Windows Server Update Services (WSUS) is a tool that:
A. Updates data stored in Windows servers
B. Manages the services that run on a server
C. Updates licensing for Windows servers
D. Manages updates for Microsoft software
D. Manages updates for Microsoft software
Explanation:
Windows Server Update Services (WSUS) enables information technology administrators
to deploy the latest Microsoft product updates to computers that are running the Windows
operating system. By using
The purpose of Microsoft Baseline Security Analyzer is to:
A. List system vulnerabilities.
B. Apply all current patches to a server.
C. Set permissions to a default level.
D. Correct a company's security state.
A. List system vulnerabilities.
In Internet Explorer 8, the InPrivate Browsing feature prevents:
A. Unauthorized private data input.
B. Unencrypted communication between the client computer and the server.
C. User credentials from being sent over the Internet.
D. Any session data from b
D. Any session data from being stored on the computer.
Which enables you to change the permissions on a folder?
A. Take ownership
B. Extended attributes
C. Auditing
D. Modify
D. Modify
To prevent users from copying data to removable media, you should:
A. Lock the computer cases
B. Apply a group policy
C. Disable copy and paste
D. Store media in a locked room
B. Apply a group policy
Which technology enables you to filter communications between a program and the
Internet?
A. RADIUS server
B. Antivirus software
C. Software firewall
D. BitLocker To Go
C. Software firewall
Explanation:
There are two types of firewalls the Hardware Firewall and the Software Firewall. A
Software Firewall is a software program and a Hardware Firewall is a piece of hardware.
Both have the same objective of filtering communi
This question requires that you evaluate the underlined text to determine if it is correct.
The first line of defense against attacks from the Internet is a software firewall.
Select the correct answer if the underlined text does not make the statement co
A. hardware firewall
Which type of firewall allows for inspection of all characteristics of a packet?
A. NAT
B. Stateful
C. Stateless
D. Windows Defender
B. Stateful
You suspect a user's computer is infected by a virus.
What should you do first?
A. Restart the computer in safe mode
B. Replace the computer's hard disk drive
C. Disconnect the computer from the network
D. Install antivirus software on the computer
D. Install antivirus software on the computer
You need to prevent unauthorized users from reading a specific file on a portable computer
if the portable computer is stolen.
What should you implement?
A. File-level permissions
B. Advanced Encryption Standard (AES)
C. Folder-level permissions
D. Distri
E. BitLocker
Basic security questions used to reset a password are susceptible to:
A. Hashing
B. Social engineering
C. Network sniffing
D. Trojan horses
B. Social engineering
Which is a special folder permission?
A. Read
B. Modify
C. Write
D. Delete
D. Delete
Network Access Protection (NAP) enables administrators to control access to network
resources based on a computer's:
A. Encryption level
B. Warranty
C. Physical location
D. Configuration
D. Configuration
Explanation: Network Access Protection (NAP) is a new set of operating system
components included with the Windows Server 2008 and Windows Vista operating
systems that provides a platform to help ensure that client computers on a private
A mail system administrator scans for viruses in incoming emails to increase the speed of
mail processing.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text makes the
A. Decrease the chances of a virus getting to a client machine
Before you deploy Network Access Protection (NAP), you must install:
A. Internet Information Server (IIS)
B. Network Policy Server (NPS)
C. Active Directory Federation Services
D. Windows Update Service
B. Network Policy Server (NPS)
The company that you work for wants to set up a secure network, but they do not have any
servers.
Which three security methods require the use of a server? (Choose three.)
A. 802.1x
B. WPA2 Personal
C. WPA2 Enterprise
D. RADIUS
E. 802.11ac
A. 802.1x
C. WPA2 Enterprise
D. RADIUS
What are three major attack vectors that a social engineering hacker may use? (Choose
three.)
A. Telephone
B. Reverse social engineering
C. Waste management
D. Honey pot systems
E. Firewall interface
A. Telephone
B. Reverse social engineering
C. Waste management
Password history policies are used to prevent:
A. Brute force attacks
B. Users from sharing passwords
C. Social engineering
D. Passwords from being reused immediately
Explanation:
This security setting determines the number of unique new passwords that have to be
associated with a user account before an old password can be reused. The value must be
between 0 and 24 passwords.
This policy enables administrators to enhan
E-mail bombing attacks a specific entity by:
A. Redirecting all e-mail to another entity
B. Sending high volumes of e-mail
C. Tracing e-mail to the destination address
D. Triggering high levels of security alerts
B. Sending high volumes of e-mail
Explanation:
In Internet usage, an email bomb is a form of net abuse consisting of sending huge
volumes of email to an address in an attempt to overflow the mailbox or overwhelm the
server where the email address is hoste
Which two are included in an enterprise antivirus program? (Choose two.)
A. Attack surface scanning
B. On-demand scanning
C. Packet scanning
D. Scheduled scanning
B. On-demand scanning
D. Scheduled scanning
The Windows Firewall protects computers from unauthorized network connections.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed'' if the underlined text makes the statement correct.
A. Email
D. No change is needed
When conducting a security audit the first step is to:
A. Inventory the company's technology assets
B. Install auditing software on your servers
C. Set up the system logs to audit security events
D. Set up a virus quarantine area
A. Inventory the company's technology assets
Setting a minimum password age restricts when users can:
A. Request a password reset
B. Change their passwords
C. Log on by using their passwords
D. Set their own password expiration
B. Change their passwords
Explanation:
Configure the minimum password age to be more than 0 if you want Enforce password
history to be effective. Without a minimum password age, users can cycle through
passwords repeatedly until they get to an old favorit
The purpose of a digital certificate is to verify that a:
A. Public key belongs to a sender.
B. Computer is virus-free.
C. Private key belongs to a sender.
D. Digital document is complete.
A. Public key belongs to a sender.
Explanation:
In cryptography, a public key certificate (also known as a digital certificate or identity
certificate) is an electronic document that uses a digital signature to bind a public key with
an identity.
You create a new file in a folder that has inheritance enabled.
By default, the new file:
A. Takes the permissions of the parent folder
B. Does not take any permissions
C. Takes the permissions of other folders in the same directory
D. Takes the permissio
A. Takes the permissions of the parent folder
Dumpster diving refers to a physical threat that a hacker might use to look for information
about a computer network.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text
D. No change is needed
You need to grant a set of users write access to a file on a network share. You should add
the users to:
A. A security group
B. The Authenticated Users group
C. The Everyone group
D. A distribution group
B. The Authenticated Users group
Your company requires that users type a series of characters to access the wireless
network.
The series of characters must meet the following requirements:
? Contains more than 15 characters
? Contains at least one letter
? Contains at least one number
?
B. WPA2 PSK
Explanation: Pre-shared key mode (PSK, also known as Personal mode) is designed for
home and small office networks that don't require the complexity of an 802.1X
authentication server.[9] Each wireless network device encrypts the network traff
The manager of a coffee shop hires you to securely set up WiFi in the shop.
To keep computer users from seeing each other, what should you use with an access
point?
A. Client bridge mode
B. Client isolation mode
C. MAC address filtering
D. Client mode
B. Client isolation mode
Explanation:
Wireless Client Isolation is a unique security feature for wireless networks. When Client
Isolation is enabled any and all devices connected to the wireless LAN will be unable to talk
to each other.
You have two servers that run Windows Server. All drives on both servers are formatted by
using NTFS.
You move a file from one server to the other server. The file's permissions in the new
location will:
A. Enable full access to the everyone group
B. Rest
C. Inherit the destination folder's permissions
Explanation:
You can modify how Windows Explorer handles permissions when objects are copied or
moved to another NTFS volume. When you copy or move an object to another volume, the
object inherits the permis
Which three elements does HTTPS encrypt? (Choose three.)
A. Browser cookies
B. Server IP address
C. Port numbers
D. Website URL
E. Login information
A. Browser cookies
D. Website URL
E. Login information
Shredding documents helps prevent:
A. Man-in-the-middle attacks
B. Social engineering
C. File corruption
D. Remote code execution
E. Social networking
B. Social engineering
What are three examples of two-factor authentication? (Choose three.)
A. A fingerprint and a pattern
B. A password and a smart card
C. A username and a password
D. A password and a pin number
E. A pin number and a debit card
A. A fingerprint and a pattern
B. A password and a smart card
E. A pin number and a debit card
Explanation:
At minimum two-factor authentication requires two out of three regulatory-approved
authentication variables such as:
? Something you know (like the
Passwords that contain recognizable words are vulnerable to a:
A. Denial of Service attack
B. Hashing attack
C. Dictionary attack
D. Replay attack
C. Dictionary attack
Explanation:
A dictionary attack is a method of breaking into a password-protected computer or server
by systematically entering every word in a dictionary as a password. A dictionary attack can
also be used in an attempt to find the
A brute force attack:
A. Uses response filtering
B. Tries all possible password variations
C. Uses the strongest possible algorithms
D. Targets all the ports
B. Tries all possible password variations
The purpose of User Account Control (UAC) is to:
A. Encrypt the user's account
B. Limit the privileges of software
C. Secure your data from corruption
D. Facilitate Internet filtering
B. Limit the privileges of software
Explanation:
User Account Control (UAC) is a technology and security infrastructure introduced with
Microsoft's Windows machines. It aims to improve the security of Microsoft Windows by
limiting application software to
Windows Firewall is a built-in. host-based, stateless firewall.
Select the correct answer if the underlined text does not make the statement correct. Select
"No change is needed" if the underlined text makes the statement correct.
A. Stateful
B. Network l
A. Stateful
An attorney hires you to increase the wireless network security for the law firm's office. The
office has a very basic network, with just a modem and a router.
Which of these security modes offers the highest security?
A. WPA-Personal
B. WEP
C. WPA2-Perso
C. WPA2-Personal
What is the primary advantage of using Active Directory Integrated Zones?
A. Zone encryption
B. Password protection
C. Non-repudiation
D. Secure replication
D. Secure replication
You sign up for an online bank account. Every 6 months, the bank requires you to change
your password. You have changed your password 5 times in the past. Instead of coming up
with a new password, you decide to use one of your past passwords, but the bank
D. No change is needed.
You have a Windows 7 desktop computer, and you create a Standard User account for
your roommate so that he can use the desktop from time to time. Your roommate has
forgotten his password.
Which two actions can you take to reset the password? (Choose two.)
A. Use your password reset disk.
B. Use your administrator account.
Which password attack uses all possible alpha numeric combinations?
A. Social engineering
B. Brute force attack
C. Dictionary attack
D. Rainbow table attack
C. Dictionary attack
You need to limit the programs that can run on client computers to a specific list.
Which technology should you implement?
A. Windows Security Center
B. Security Accounts Manager
C. System Configuration Utility
D. AppLocker group policies
A. Windows Security Center
Creating MD5 hash for files is an example of ensuring what?
A. Confidentiality
B. Availability
C. Least privilege
D. Integrity
D. Integrity
Explanation:
The MD5 message-digest algorithm is a widely used cryptographic hash function producing
a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal
number. MD5 has been utilized in a wide variety
Physically securing servers prevents:
A. Theft
B. Compromise of the certificate chain
C. Man-in-the middle attacks
D. Denial of Service attacks
A. Theft
Which of the following describes a VLAN?
A. It connects multiple networks and routes data packets.
B. It is a logical broadcast domain across physical subnets.
C. It is a subnetwork that reveals a company's externally facing resources to the public networ
B. It is a logical broadcast domain across physical subnets.
Explanation:
VLAN (Virtual Local Network) is a logically separate IP subnetwork which allow multiple IP
networks and subnets to exist on the same-switched network.
VLAN is a logical broadcast do
E-mail spoofing:
A. Forwards e-mail messages to all contacts
B. Copies e-mail messages sent from a specific user
C. Obscures the true e-mail sender
D. Modifies e-mail routing logs
C. Obscures the true e-mail sender
The client computers on your network are stable and do not need any new features.
Which is a benefit of applying operating system updates to these clients?
A. Keep the software licensed
B. Keep the server ports available
C. Update the hardware firewall
D.
D. Close existing vulnerabilities