Final Exam Review

Home
Need Assignment Help?

The Federal Information Security Act of 2002 (FISMA) does not prescribe any logging log management, or security monitoring since it stays on a high level of policy, planning, and risk to federal systems. Therefore, the main source for detailed guidance fo

C. 800-53 - Recommended Security Controls for Federal Information Systems

Which of the following requires Federal agencies to "identify all computer systems that process sensitive data and prepare a plan for the security and privacy of each such system"?
A. Sarbanes Oxley (SOX) Act of 2002
B.The Gramm-Leach-Bliley Act (GLBA) of

D.The Computer Security Act of 1987

Users have to log on several times as they use different applications. One solution is to use an SSO system. What does SSO stand for?
A. Secure sign-on
B. Single secure-on
C. Secure sign-on system
D. Single secure onboard
E. Single sign-on

E. Single sign-on

The following are the basic steps required to establish a remote connection EXCEPT:
A. Identification
B. Accounting
C. Authentication
D. Authorization
E. A&B

B. Accounting

Which of the following is NOT true of the Remote Access Domain?
A.Provides an access path for remote users to your internal network
B.Commonly uses public wide area networks for data transfer
C. Automatically encrypts all data
D. May transfer sensitive da

C. Automatically encrypts all data

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
A. Monitoring
B. Detecting
C. Auditing
D. Securing
E. Improving

C. Auditing

Which of the following states the purpose of PCI DSS Requirement 6.1?
A. Examine policies and procedures to verify that processes are defined to identify new security vulnerabilities, and to assign a risk ranking to vulnerabilities.
B. Interview responsib

A. Examine policies and procedures to verify that processes are defined to identify new security vulnerabilities, and to assign a risk ranking to vulnerabilities.

A method that focuses on keeping or discarding log data you care about is called:
A. Monitoring
B. Correlation
C. Normalization
D. Filtering
E. Auditing

D. Filtering

The ____________ provides the environment for the applications you run as clients on your network and the computer systems that house them.
A. Storage Area Network
B. Distributed Applications
C. System/Application Domain
D. Test Environment
E. Production

C. System/Application Domain

Within the LAN-to-WAN Domain, what connects two or more separate networks?
A. Switch
B. Server
C. Multiprotocol Label Switching (MPLS)
D. Firewall
E. Router

E. Router

High priority log events that require immediate attention are sent to:
A. Organization CIO
B. IT Administrator
C. Analysts
D. Intrusion Detection Systems
E. Firewall

C. Analysts

A nonintrusive penetration test ____________.
A. may result in damage to the network
B. is always performed in a test environment
C. is always performed by an internal employee
D. validates the existence of and exploits a vulnerability
E. only validates t

E. only validates the existence of a vulnerability

Per the PCI DSS standard, compliance is verified by a(n):
A. IT representative.
B. Ordinary auditor.
C. Qualified Security Assessor.
D. Company executive.
E. Company auditor.

C. Qualified Security Assessor.

n the scenario in the lab, the client needs to be in compliance with the PCI DSS standard because it processes credit card transactions and:
A. obtains its customers' privacy data.
B. does not have a secure System/Application Domain.
C. has a history of n

A. obtains its customers' privacy data.

What is a protocol?
A. A specialized server
B. A set of standards
C. An operating system
D. A networking device
E. A set of rules

E. A set of rules

Which of the following statements is true regarding a company's security policies and applicable legislation?
A. They apply to the WAN and the servers, and even include the end user.
B. They apply to the WAN and the servers, but not to the end user.
C. Th

A. They apply to the WAN and the servers, and even include the end user.

Regarding an intrusion detection system (IDS) that uses stateful matching:
A. looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets.
B. does not try to look at more than one packet at a ti

A. looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets.

Which access control method is based on the data owner granting permissions?
A.
Need to know
B.
All of the above
C.
DAC
D.
RBAC
E.
MAC

A.
Need to know

Which of the following wide area network (WAN) types is the most secure and gives a subscriber exclusive access to all bandwidth?
A.
Packet switching
B.
Dedicated line/leased line
C.
Cell relay
D.
MPLS
E.
VPN over Internet

B.
Dedicated line/leased line

Transmission ________ means never sending information across the network in the clear.
A.
compliance
B.
virtual private network (VPN) encapsulation
C.
protocol
D.
encryption
E.
security

D.
encryption

There are many advantages to purchasing your own network monitoring system including, "Cash and carry"�pay and you get a solution to your log management and analysis needs, purchased solutions support a wide variety of log sources and formats, support agr

E. A & C

Why should you verify that all data flowing through your virtual private network (VPN) is encrypted?
A. To enhance the effectiveness of the NIDS
B. To prevent an attacker from capturing and reading the data
C. To ensure delivery of the data
D. To increase

B. To prevent an attacker from capturing and reading the data

The most accurate way to describe the roles of Firewalls and Network Intrusion Detection Systems for detecting and thwarting attacks on the network is:
A. Since the IDS sits at the boundary of the IP network segments, it can only monitor the traffic enter

B.NIDS and Firewalls play complementary roles in terms of detecting and thwarting network attacks

Logging Policies are generally concerned with all of the following except:
A. Log transmission: How logs are collected and centralized across the entire environment.
B. Log storage and disposal: How and where the logs are retained and then disposed of.
C.

D. Log incidents & events: Specific events & incidents that have been recorded rather than how events are interpreted.

Which of the following is NOT a common method of maximizing C-I-A in the LAN-to-WAN Domain?
A. Use redundant routers.
B. Configure dual-homed ISP connections.
C. Hard Drive Backup and Recovery
D. Use redundant firewalls.
E. Configure a single ISP connecti

E. Configure a single ISP connection.

A technique that corrupts the system that coverts web uniform resource locators names (like www.amazon.com) into IP addresses, causing the name server to return an incorrect IP address is an example of:
A. IP address spoofing
B. MAC address spoofing
C. DH

D. DNS name corruption

Which of the following is NOT a typical form of authentication used for accessing networks?
A. What you see
B. What you know
C. Two Factor
D. What you are
E. What you have

A.
What you see

Assuming a working IDS is in place, which of the following entities is BEST capable of stealing sensitive information due to the absence of system auditing?
A. Hacker
B. Disgruntled Employee
C. Auditors
D. Malicious software (malware)
E. Unhappy Customers

B. Disgruntled Employee

The components in the System/Application Domain commonly reside in the same room. The room in which central server computers and hardware reside is commonly called a _______________.
A. data center
B. physical access control room
C. command center
D. prod

A. data center

Using a virtual private network (VPN) solution allows for choices such as IPSEC, L2F, and GRE. What are these?
A. User security options
B. Encapsulating protocols
C. Applications
D. Policies
E. Encryption protocols

B. Encapsulating protocols

Per the PCI DSS standard, compliance is done:
A. randomly.
B. weekly.
C. every three years
D. monthly.
E. annually.

E. annually.

Which of the following is a type of firewall that makes requests for remote services on the behalf of local clients?
A. Proxy server
B. Stateful Firewall
C. Virtual private network (VPN)
D. Router
E. Demilitarized zone (DMZ)

A. Proxy server

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
A. CCTV
B.System configuration and integrity monitoring
C. Network IDS
D. Security Incident and Event Manager (SIEM)
E. Data loss preventio

B. System configuration and integrity monitoring

What is the primary type of control used to protect data in the WAN Domain?
A.
Antivirus software
B.
Username and password combination
C.
Periodic Patching
D.
Least privilege
E.
Encryption

E.
Encryption

A __________ is a hardware device that forwards input it receives only to the appropriate output port.
A.
router
B.
LAN
C.
proxy server
D.
hub
E.
switch

E.
switch

Today, __________ local area networks possesses a path to the Internet and/or some external network.
A.
no
B.
few
C.
about 50 percent of
D.
virtually all
E.
about 75 percent of

D.
virtually all

The hardware devices that connect other devices and computers using connection media are known as:
A.
NMAP
B.
Nodes
C.
Server computers and services devices
D.
Networking devices
E.
Connection media

D.
Networking devices

Which of the following wide area network (WAN) types is very inexpensive but performance and stability depend on the user's Internet connection?
A.
VPN over Internet
B.
Cell relay
C.
MPLS
D.
Dedicated line/leased line
E.
Packet switching

A.
VPN over Internet

According to the PCI SSC Data Security Standards Overview page you read in the lab, the PCI DSS provides an actionable framework for developing a payment card data security process that includes:
A.
tips for avoiding unnecessary auditing steps after a sec

E.
prevention, detection, and appropriate reaction to security incidents.

A technique by which an attacker sends (spoofed) address resolution protocol messages onto a local area network is an example of:
A.
IP address spoofing
B.
Address manipulation attack
C.
MAC address spoofing
D.
DNS name corruption
E.
ARP cache poisoning

E.
ARP cache poisoning

An important step in securing applications is to remove the _____________.
A.
source code
B.
STIGs
C.
compliance requirements
D.
backup media
E.
encryption

A.
source code

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
A.
False

C.
False positive error

Which of the following would be the best use for a packet sniffer?
A.
Wireshark
B.
To track configuration changes to specific LAN devices
C.
To encrypt confidential data
D.
To approve or deny traffic based on the destination address
E.
To analyze packet c

E.
To analyze packet contents for known inappropriate traffic

A ________ is a type of malware that is a self-contained program that replicates and sends copies of itself to other computers.
A.
Spyware
B.
Rootkit
C.
Worm
D.
Trojan horse
E.
Virus

C.
Worm

You want to configure devices to send an alert to the network manager when remote users connect to your network. Which protocol is the best choice for monitoring network devices?
A.
Simple Network Management Protocol (SNMP)
B.
Layer 2 Tunneling Protocol (

A.
Simple Network Management Protocol (SNMP)

The two main types of attacks that may originate from within an organization are internal attacks on the organization and _______________.
A.
internal attacks on employees
B.
external attacks on employees
C.
internal-to-external attacks on another organiz

C.
internal-to-external attacks on another organization

What is NOT a characteristic of an ordinary uninterruptible power supply (UPS)?
A.
Provides AC power on a long-term basis
B.
Protects against power surges
C.
Shuts down the device in a structured manner
D.
Provides backup battery power to a device when AC

A.
Provides AC power on a long-term basis

Which one of the following statements is true about Wireless Intrusion Prevention Systems (WIPS)?
A.
A WIPS not only detects rogue Wi-Fi access points but it also tracks the location of cell phones in the building
B.
The PCI Security Standards Council pub

the PCI Security Standards Council published wireless guidelines for PCI DSS recommending the use of WIPS to automate wireless scanning for large organizations

The term FCAPS represents the focal tasks necessary to effectively manage a network. What do F and C stand for?
A.
Fault, Control
B.
Fault, Configuration
C.
Focus, Configuration
D.
Fail, Control
E.
Fail, Configuration

B.
Fault, Configuration

In the STIGs you reviewed in the lab, who had the burden of responsibility for ensuring that the majority of the STIG rules were followed?
A.
The Company CEO
B.
The Network Security Assistant
C.
The Information Assurance Officer
D.
The Chief Information O

C.
The Information Assurance Officer

Penetration tests are ________.
A.
typically conducted by malicious attackers
B.
always intrusive
C.
are always done without knowledge of senior management
D.
simulations of attacks
E.
typically conducted by senior management

D.
simulations of attacks

RADIUS is a network protocol that supports remote connections by centralizing the management tasks. What do I, U, and S stand for?
A.
Internal, Unique, Security
B.
Internal, Unified, Service
C.
In, Unique, Security
D.
In, User, Service
E.
In, User, Securi

D.
In, User, Service

One formal method to control the software development life cycle is ______________.
A.
software application management
B.
secure software application management
C.
secure configuration management
D.
software configuration management
E.
hardware applicatio

D.
software configuration management

Which of the following statements is true regarding the Workstation Domain?
A.
This domain is much less at risk than the others.
B.
This domain is no less at risk than the others.
C.
This domain carries no risk.
D.
This domain is somewhat more at risk tha

B. This domain is no less at risk than the others.

The essential characteristics of log monitoring regulations can be summarized with all of the following except:
A.
Review log data
B.
Collect logs centrally
C.
Retain logs for a period of time
D.
E.
Perform annual penetration testing

E.
Perform annual penetration testing

What is the primary reason that heating, ventilating, and air conditioning (HVAC) is critical to a data center?
A.
It maintains a comfortable environment for data center staff.
B.
It helps to reduce the damage caused by a fire.
C.
It maintains a steady su

D.
It prevents hardware from overheating.

As an IS analyst your SEIM has alerted you that a system user is logged into your LAN which is in the United States and at the same time has just attempted to log in remotely through the organizations VPN from an IP address in Germany. The technique that

C.
Event Correlation

Which of the following is a primarily a corrective control in the WAN Domain?
A.
Business continuity plan (BCP)
B.
Traffic analysis
C.
Assurance of wide area network (WAN) availability
D.
Configuration change control
E.
Proxy server

A.
Business continuity plan (BCP)

A man in the middle attack is:
A.
where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
B.
the creation of Internet Protocol (IP) packets with a false sour

A. Where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Which of the following is the process of providing additional private credentials that match the user ID or username?
A.
Identification
B.
Authorization
C.
Authentication
D.
Whitelisting
E.
Revocation

C.
Authentication

Regarding a wide area network (WAN) lease, the SLA states a level of guaranteed uptime. What does SLA stand for?
A.
Site license agreement
B.
Subscriber logon agreement
C.
Software license agreement
D.
Service level agreement
E.
Site logon agreement

D. Service level agreement

You have the least amount of control over who accesses data in the ______ Domain.
A.
System/Application
B.
Workstation
C.
LAN
D.
WAN
E.
User

D.
WAN

Of the following controls, which is the best choice for protecting the confidentiality of data in the LAN Domain?
A.
Wireless connections
B.
A security awareness program
C.
Encryption
D.
VPN
E.
A proxy server

C. Encryption

Which of the following states the purpose of PCI DSS Requirement 6.2?
A.
Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered securi

D.
Ensure that all system components and software are protected from known vulnerabilities by installing all critical security patches are installed within one month of release.

What are data classifications used by the U.S. government?
A.
Proprietary, Private, Secret, and Top Secret
B.
Proprietary, Public, Restricted, Secret
C.
Unclassified, Confidential, Secret, and Top Secret
D.
Public, Private, Proprietary, and Secret
E.
Uncl

C.
Unclassified, Confidential, Secret, and Top Secret

This network device gives you the ability to aggressively control how users and applications use your local area networks.'
A.
hub
B.
proxy server
C.
switch
D.
node
E.
router

E.
router

How can you manage vulnerabilities in the System/Application Domain?
A.
Application patch management
B.
Both OS and application patch management
C.
Implement an Intrusion Prevention System (IPS)
D.
Domain management
E.
OS patch management

B. Both OS and application patch management

When implementing a wireless network in your LAN Domain, in order to help prevent intrusions, a best practice is:
A.
The wireless firewall itself should be in a DMZ
B.
The wireless firewall itself should block all Internet ports
C.
The wireless firewall i

E.
The wireless firewall itself should be separate from the existing Internet firewall

In order to mitigate risks of moving network monitoring to the cloud such as risk of insider breach (form inside the provider) of the organization's data, organizations should ensure:
I. Cloud providers use background checks as part of the hiring process.

B.
I, II, & III only

As you already know ISO 27001 covers Information Security Management Systems (ISMS) and requires monitoring whereas ISO 27002: provides:
A.
a guide to computer security log management
B.
security controls and assessment procedures for federal information

C.
a code of practice for information security controls

The DMZ is generally placed between two firewalls as follows:
A.
Two firewalls that face the internal network or WAN to LAN infrastructure
B.
One firewall that faces the internet and one firewall that faces the internal network or WAN to LAN infrastructur

B.
One firewall that faces the internet and one firewall that faces the internal network or WAN to LAN infrastructure

Your organization subscribes to a wide area network (WAN) service. What is the most reasonable step you can take to ensure uptime?
A.
Upgrade the WAN equipment.
B.
Use Multi-protocol Label Switching (MPLS)
C.
Switch to an Internet service provider (ISP).

E. Ensure the WAN provider's SLA meets or exceeds your required uptime goals.

Which of the following is primarily a preventive control in the Remote Access Domain?
A.
Disaster recovery planning
B.
Proxy server
C.
VPN/remote access component patching
D.
Business continuity planning
E.
Traffic analysis

B. Proxy server

The ongoing attention and care an organization places on security and compliance is called:
A.
Assessment
B.
Monitoring
C.
Auditing
CorrectD.
Due Diligence
E.
Log Management

D.
Due Diligence

Permitting users and systems remote access to the network demands a prudent combination of:
A.
laptops and mobile devices.
B.
company provided devices and users' own devices.
C.
policies and technology.
D.
judgement and standards.
E.
using free Wi-Fi and

C. policies and technology.

The Federal Information Security Act of 2002 (FISMA) does not prescribe any logging log management, or security monitoring since it stays on a high level of policy, planning, and risk to federal systems. Therefore, the main source for detailed guidance fo

C. 800-53 - Recommended Security Controls for Federal Information Systems

Which of the following requires Federal agencies to "identify all computer systems that process sensitive data and prepare a plan for the security and privacy of each such system"?
A. Sarbanes Oxley (SOX) Act of 2002
B.The Gramm-Leach-Bliley Act (GLBA) of

D.The Computer Security Act of 1987

Users have to log on several times as they use different applications. One solution is to use an SSO system. What does SSO stand for?
A. Secure sign-on
B. Single secure-on
C. Secure sign-on system
D. Single secure onboard
E. Single sign-on

E. Single sign-on

The following are the basic steps required to establish a remote connection EXCEPT:
A. Identification
B. Accounting
C. Authentication
D. Authorization
E. A&B

B. Accounting

Which of the following is NOT true of the Remote Access Domain?
A.Provides an access path for remote users to your internal network
B.Commonly uses public wide area networks for data transfer
C. Automatically encrypts all data
D. May transfer sensitive da

C. Automatically encrypts all data

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
A. Monitoring
B. Detecting
C. Auditing
D. Securing
E. Improving

C. Auditing

Which of the following states the purpose of PCI DSS Requirement 6.1?
A. Examine policies and procedures to verify that processes are defined to identify new security vulnerabilities, and to assign a risk ranking to vulnerabilities.
B. Interview responsib

A. Examine policies and procedures to verify that processes are defined to identify new security vulnerabilities, and to assign a risk ranking to vulnerabilities.

A method that focuses on keeping or discarding log data you care about is called:
A. Monitoring
B. Correlation
C. Normalization
D. Filtering
E. Auditing

D. Filtering

The ____________ provides the environment for the applications you run as clients on your network and the computer systems that house them.
A. Storage Area Network
B. Distributed Applications
C. System/Application Domain
D. Test Environment
E. Production

C. System/Application Domain

Within the LAN-to-WAN Domain, what connects two or more separate networks?
A. Switch
B. Server
C. Multiprotocol Label Switching (MPLS)
D. Firewall
E. Router

E. Router

High priority log events that require immediate attention are sent to:
A. Organization CIO
B. IT Administrator
C. Analysts
D. Intrusion Detection Systems
E. Firewall

C. Analysts

A nonintrusive penetration test ____________.
A. may result in damage to the network
B. is always performed in a test environment
C. is always performed by an internal employee
D. validates the existence of and exploits a vulnerability
E. only validates t

E. only validates the existence of a vulnerability

Per the PCI DSS standard, compliance is verified by a(n):
A. IT representative.
B. Ordinary auditor.
C. Qualified Security Assessor.
D. Company executive.
E. Company auditor.

C. Qualified Security Assessor.

n the scenario in the lab, the client needs to be in compliance with the PCI DSS standard because it processes credit card transactions and:
A. obtains its customers' privacy data.
B. does not have a secure System/Application Domain.
C. has a history of n

A. obtains its customers' privacy data.

What is a protocol?
A. A specialized server
B. A set of standards
C. An operating system
D. A networking device
E. A set of rules

E. A set of rules

Which of the following statements is true regarding a company's security policies and applicable legislation?
A. They apply to the WAN and the servers, and even include the end user.
B. They apply to the WAN and the servers, but not to the end user.
C. Th

A. They apply to the WAN and the servers, and even include the end user.

Regarding an intrusion detection system (IDS) that uses stateful matching:
A. looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets.
B. does not try to look at more than one packet at a ti

A. looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets.

Which access control method is based on the data owner granting permissions?
A.
Need to know
B.
All of the above
C.
DAC
D.
RBAC
E.
MAC

A.
Need to know

Which of the following wide area network (WAN) types is the most secure and gives a subscriber exclusive access to all bandwidth?
A.
Packet switching
B.
Dedicated line/leased line
C.
Cell relay
D.
MPLS
E.
VPN over Internet

B.
Dedicated line/leased line

Transmission ________ means never sending information across the network in the clear.
A.
compliance
B.
virtual private network (VPN) encapsulation
C.
protocol
D.
encryption
E.
security

D.
encryption

There are many advantages to purchasing your own network monitoring system including, "Cash and carry"�pay and you get a solution to your log management and analysis needs, purchased solutions support a wide variety of log sources and formats, support agr

E. A & C

Why should you verify that all data flowing through your virtual private network (VPN) is encrypted?
A. To enhance the effectiveness of the NIDS
B. To prevent an attacker from capturing and reading the data
C. To ensure delivery of the data
D. To increase

B. To prevent an attacker from capturing and reading the data

The most accurate way to describe the roles of Firewalls and Network Intrusion Detection Systems for detecting and thwarting attacks on the network is:
A. Since the IDS sits at the boundary of the IP network segments, it can only monitor the traffic enter

B.NIDS and Firewalls play complementary roles in terms of detecting and thwarting network attacks

Logging Policies are generally concerned with all of the following except:
A. Log transmission: How logs are collected and centralized across the entire environment.
B. Log storage and disposal: How and where the logs are retained and then disposed of.
C.

D. Log incidents & events: Specific events & incidents that have been recorded rather than how events are interpreted.

Which of the following is NOT a common method of maximizing C-I-A in the LAN-to-WAN Domain?
A. Use redundant routers.
B. Configure dual-homed ISP connections.
C. Hard Drive Backup and Recovery
D. Use redundant firewalls.
E. Configure a single ISP connecti

E. Configure a single ISP connection.

A technique that corrupts the system that coverts web uniform resource locators names (like www.amazon.com) into IP addresses, causing the name server to return an incorrect IP address is an example of:
A. IP address spoofing
B. MAC address spoofing
C. DH

D. DNS name corruption

Which of the following is NOT a typical form of authentication used for accessing networks?
A. What you see
B. What you know
C. Two Factor
D. What you are
E. What you have

A.
What you see

Assuming a working IDS is in place, which of the following entities is BEST capable of stealing sensitive information due to the absence of system auditing?
A. Hacker
B. Disgruntled Employee
C. Auditors
D. Malicious software (malware)
E. Unhappy Customers

B. Disgruntled Employee

The components in the System/Application Domain commonly reside in the same room. The room in which central server computers and hardware reside is commonly called a _______________.
A. data center
B. physical access control room
C. command center
D. prod

A. data center

Using a virtual private network (VPN) solution allows for choices such as IPSEC, L2F, and GRE. What are these?
A. User security options
B. Encapsulating protocols
C. Applications
D. Policies
E. Encryption protocols

B. Encapsulating protocols

Per the PCI DSS standard, compliance is done:
A. randomly.
B. weekly.
C. every three years
D. monthly.
E. annually.

E. annually.

Which of the following is a type of firewall that makes requests for remote services on the behalf of local clients?
A. Proxy server
B. Stateful Firewall
C. Virtual private network (VPN)
D. Router
E. Demilitarized zone (DMZ)

A. Proxy server

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
A. CCTV
B.System configuration and integrity monitoring
C. Network IDS
D. Security Incident and Event Manager (SIEM)
E. Data loss preventio

B. System configuration and integrity monitoring

What is the primary type of control used to protect data in the WAN Domain?
A.
Antivirus software
B.
Username and password combination
C.
Periodic Patching
D.
Least privilege
E.
Encryption

E.
Encryption

A __________ is a hardware device that forwards input it receives only to the appropriate output port.
A.
router
B.
LAN
C.
proxy server
D.
hub
E.
switch

E.
switch

Today, __________ local area networks possesses a path to the Internet and/or some external network.
A.
no
B.
few
C.
about 50 percent of
D.
virtually all
E.
about 75 percent of

D.
virtually all

The hardware devices that connect other devices and computers using connection media are known as:
A.
NMAP
B.
Nodes
C.
Server computers and services devices
D.
Networking devices
E.
Connection media

D.
Networking devices

Which of the following wide area network (WAN) types is very inexpensive but performance and stability depend on the user's Internet connection?
A.
VPN over Internet
B.
Cell relay
C.
MPLS
D.
Dedicated line/leased line
E.
Packet switching

A.
VPN over Internet

According to the PCI SSC Data Security Standards Overview page you read in the lab, the PCI DSS provides an actionable framework for developing a payment card data security process that includes:
A.
tips for avoiding unnecessary auditing steps after a sec

E.
prevention, detection, and appropriate reaction to security incidents.

A technique by which an attacker sends (spoofed) address resolution protocol messages onto a local area network is an example of:
A.
IP address spoofing
B.
Address manipulation attack
C.
MAC address spoofing
D.
DNS name corruption
E.
ARP cache poisoning

E.
ARP cache poisoning

An important step in securing applications is to remove the _____________.
A.
source code
B.
STIGs
C.
compliance requirements
D.
backup media
E.
encryption

A.
source code

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
A.
False

C.
False positive error

Which of the following would be the best use for a packet sniffer?
A.
Wireshark
B.
To track configuration changes to specific LAN devices
C.
To encrypt confidential data
D.
To approve or deny traffic based on the destination address
E.
To analyze packet c

E.
To analyze packet contents for known inappropriate traffic

A ________ is a type of malware that is a self-contained program that replicates and sends copies of itself to other computers.
A.
Spyware
B.
Rootkit
C.
Worm
D.
Trojan horse
E.
Virus

C.
Worm

You want to configure devices to send an alert to the network manager when remote users connect to your network. Which protocol is the best choice for monitoring network devices?
A.
Simple Network Management Protocol (SNMP)
B.
Layer 2 Tunneling Protocol (

A.
Simple Network Management Protocol (SNMP)

The two main types of attacks that may originate from within an organization are internal attacks on the organization and _______________.
A.
internal attacks on employees
B.
external attacks on employees
C.
internal-to-external attacks on another organiz

C.
internal-to-external attacks on another organization

What is NOT a characteristic of an ordinary uninterruptible power supply (UPS)?
A.
Provides AC power on a long-term basis
B.
Protects against power surges
C.
Shuts down the device in a structured manner
D.
Provides backup battery power to a device when AC

A.
Provides AC power on a long-term basis

Which one of the following statements is true about Wireless Intrusion Prevention Systems (WIPS)?
A.
A WIPS not only detects rogue Wi-Fi access points but it also tracks the location of cell phones in the building
B.
The PCI Security Standards Council pub

the PCI Security Standards Council published wireless guidelines for PCI DSS recommending the use of WIPS to automate wireless scanning for large organizations

The term FCAPS represents the focal tasks necessary to effectively manage a network. What do F and C stand for?
A.
Fault, Control
B.
Fault, Configuration
C.
Focus, Configuration
D.
Fail, Control
E.
Fail, Configuration

B.
Fault, Configuration

In the STIGs you reviewed in the lab, who had the burden of responsibility for ensuring that the majority of the STIG rules were followed?
A.
The Company CEO
B.
The Network Security Assistant
C.
The Information Assurance Officer
D.
The Chief Information O

C.
The Information Assurance Officer

Penetration tests are ________.
A.
typically conducted by malicious attackers
B.
always intrusive
C.
are always done without knowledge of senior management
D.
simulations of attacks
E.
typically conducted by senior management

D.
simulations of attacks

RADIUS is a network protocol that supports remote connections by centralizing the management tasks. What do I, U, and S stand for?
A.
Internal, Unique, Security
B.
Internal, Unified, Service
C.
In, Unique, Security
D.
In, User, Service
E.
In, User, Securi

D.
In, User, Service

One formal method to control the software development life cycle is ______________.
A.
software application management
B.
secure software application management
C.
secure configuration management
D.
software configuration management
E.
hardware applicatio

D.
software configuration management

Which of the following statements is true regarding the Workstation Domain?
A.
This domain is much less at risk than the others.
B.
This domain is no less at risk than the others.
C.
This domain carries no risk.
D.
This domain is somewhat more at risk tha

B. This domain is no less at risk than the others.

The essential characteristics of log monitoring regulations can be summarized with all of the following except:
A.
Review log data
B.
Collect logs centrally
C.
Retain logs for a period of time
D.
E.
Perform annual penetration testing

E.
Perform annual penetration testing

What is the primary reason that heating, ventilating, and air conditioning (HVAC) is critical to a data center?
A.
It maintains a comfortable environment for data center staff.
B.
It helps to reduce the damage caused by a fire.
C.
It maintains a steady su

D.
It prevents hardware from overheating.

As an IS analyst your SEIM has alerted you that a system user is logged into your LAN which is in the United States and at the same time has just attempted to log in remotely through the organizations VPN from an IP address in Germany. The technique that

C.
Event Correlation

Which of the following is a primarily a corrective control in the WAN Domain?
A.
Business continuity plan (BCP)
B.
Traffic analysis
C.
Assurance of wide area network (WAN) availability
D.
Configuration change control
E.
Proxy server

A.
Business continuity plan (BCP)

A man in the middle attack is:
A.
where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
B.
the creation of Internet Protocol (IP) packets with a false sour

A. Where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Which of the following is the process of providing additional private credentials that match the user ID or username?
A.
Identification
B.
Authorization
C.
Authentication
D.
Whitelisting
E.
Revocation

C.
Authentication

Regarding a wide area network (WAN) lease, the SLA states a level of guaranteed uptime. What does SLA stand for?
A.
Site license agreement
B.
Subscriber logon agreement
C.
Software license agreement
D.
Service level agreement
E.
Site logon agreement

D. Service level agreement

You have the least amount of control over who accesses data in the ______ Domain.
A.
System/Application
B.
Workstation
C.
LAN
D.
WAN
E.
User

D.
WAN

Of the following controls, which is the best choice for protecting the confidentiality of data in the LAN Domain?
A.
Wireless connections
B.
A security awareness program
C.
Encryption
D.
VPN
E.
A proxy server

C. Encryption

Which of the following states the purpose of PCI DSS Requirement 6.2?
A.
Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered securi

D.
Ensure that all system components and software are protected from known vulnerabilities by installing all critical security patches are installed within one month of release.

What are data classifications used by the U.S. government?
A.
Proprietary, Private, Secret, and Top Secret
B.
Proprietary, Public, Restricted, Secret
C.
Unclassified, Confidential, Secret, and Top Secret
D.
Public, Private, Proprietary, and Secret
E.
Uncl

C.
Unclassified, Confidential, Secret, and Top Secret

This network device gives you the ability to aggressively control how users and applications use your local area networks.'
A.
hub
B.
proxy server
C.
switch
D.
node
E.
router

E.
router

How can you manage vulnerabilities in the System/Application Domain?
A.
Application patch management
B.
Both OS and application patch management
C.
Implement an Intrusion Prevention System (IPS)
D.
Domain management
E.
OS patch management

B. Both OS and application patch management

When implementing a wireless network in your LAN Domain, in order to help prevent intrusions, a best practice is:
A.
The wireless firewall itself should be in a DMZ
B.
The wireless firewall itself should block all Internet ports
C.
The wireless firewall i

E.
The wireless firewall itself should be separate from the existing Internet firewall

In order to mitigate risks of moving network monitoring to the cloud such as risk of insider breach (form inside the provider) of the organization's data, organizations should ensure:
I. Cloud providers use background checks as part of the hiring process.

B.
I, II, & III only

As you already know ISO 27001 covers Information Security Management Systems (ISMS) and requires monitoring whereas ISO 27002: provides:
A.
a guide to computer security log management
B.
security controls and assessment procedures for federal information

C.
a code of practice for information security controls

The DMZ is generally placed between two firewalls as follows:
A.
Two firewalls that face the internal network or WAN to LAN infrastructure
B.
One firewall that faces the internet and one firewall that faces the internal network or WAN to LAN infrastructur

B.
One firewall that faces the internet and one firewall that faces the internal network or WAN to LAN infrastructure

Your organization subscribes to a wide area network (WAN) service. What is the most reasonable step you can take to ensure uptime?
A.
Upgrade the WAN equipment.
B.
Use Multi-protocol Label Switching (MPLS)
C.
Switch to an Internet service provider (ISP).

E. Ensure the WAN provider's SLA meets or exceeds your required uptime goals.

Which of the following is primarily a preventive control in the Remote Access Domain?
A.
Disaster recovery planning
B.
Proxy server
C.
VPN/remote access component patching
D.
Business continuity planning
E.
Traffic analysis

B. Proxy server

The ongoing attention and care an organization places on security and compliance is called:
A.
Assessment
B.
Monitoring
C.
Auditing
CorrectD.
Due Diligence
E.
Log Management

D.
Due Diligence

Permitting users and systems remote access to the network demands a prudent combination of:
A.
laptops and mobile devices.
B.
company provided devices and users' own devices.
C.
policies and technology.
D.
judgement and standards.
E.
using free Wi-Fi and

C. policies and technology.