Advertisement Upgrade to remove ads

1
All of the following are valid approaches to providing switch port security EXCEPT:
A. Firewall rules.
B. 802.1x.
C. Disable unused ports.
D. ARP protection.

A

2
Which of the following ports are used for NetBIOS by default?
A. 135
B. 139
C. 143
D. 443

B

3
Which of the following services uses port TCP/23 by default?
A. FTP
B. TFTP
C. Telnet
D. SSH

C

4
Which of the following is the MOST secure authentication protocol?
A. CHAP
B. PEAP
C. EAP
D. LEAP

B

5
Which of the following BEST describes fuzzing?
A. Security architecture review to detect design flaws before they get implemented
B. Injecting faults into applications in order to discover security weaknesses
C. Prevention of system vulnerabilities by applying firewall techniques
D. Vulnerability scanning of both application and infrastructure components

B

6
Which of the following access control systems is BEST suited to assign rights based on a single policy administrator?
A. MAC
B. CAC
C. DAC
D. RBAC

A

7
Which of the following is an example of only allowing alphanumeric characters when submitting a website form?
A. SQL injection
B. Cross-site scripting
C. Input validation
D. Fuzzing

C

8
Which of the following provides authentication, authorization, and accounting services?
A. PKI
B. WPA2
C. NTLMv2
D. RADIUS

D

9
Setting the account lockout threshold too low can cause which of the following conditions?
A. Denial of service
B. Data loss
C. Unauthorized access
D. Non-secure passwords

A

10
Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?


A. Check the referrer field in the HTTP header
B. Disable Flash content
C. Use only cookies for authentication
D. Use only HTTPS URLs

A

11
To BEST mitigate the loss of corporate data on a stolen mobile device, the IT department should have the ability to do which of the following?
A. Monitor SMS
B. GPS tracking
C. Remote wipe
D. Enable screen locks

C

12
A purpose of LDAP authentication services is:
A. to implement mandatory access controls.
B. a single point of user management.
C. to prevent multifactor authentication.
D. to issue one-time hashed passwords.

B

13
Which of the following network principles will MOST effectively isolate network traffic?
A. Flood guards


B. VLAN
C. Loop protection
D. Bridged network

B

14
Which of the following wireless security technologies continuously supplies new keys for WEP?
A. TKIP
B. Mac filtering
C. WPA2
D. WPA

A

15
Which of the following application security principles involves inputting random data into a program?
A. Brute force attack
B. Sniffing
C. Fuzzing
D. Buffer overflow

C

16
Which of the following MOST likely has its access controlled by TACACS+? (Select TWO).
A. Mobile devices
B. Active directory
C. Router
D. Switch
E. Kerberos

C,D

17
Which of the following is MOST appropriate when storing backup tapes in a physically non-secure room?
A. Use an in-tape GPS tracking device.
B. Store the tapes in a locked safe.
C. Encrypt the tapes with AES.
D. Securely wipe the tapes.

B

18
Which of the following is an important step in the initial stages of deploying a host-based firewall?
A. Selecting identification versus authentication
B. Determining the list of exceptions
C. Choosing an encryption algorithm
D. Setting time of day restrictions

B

19
Identifying a list of all approved software on a system is a step in which of the following practices?
A. Passively testing security controls
B. Application hardening
C. Host software baselining
D. Client-side targeting

C

20
Which of the following threats can result from a lack of controls for personal webmail?
A. Bandwidth exhaustion
B. Cross-site request forgery
C. Data leakage
D. Least privilege

C

21
Which of the following can grant access based solely on TCP/IP information?
A. Time of day restrictions
B. Implicit deny
C. ACLs
D. Least privilege

C

22
Which of the following controls can prevent or detect specific information leaving a network in the form of an email?
A. Data loss prevention
B. Fuzzing
C. Antivirus
D. Network-based firewalls

A

23
Which of the following will terminate encrypted traffic?
A. Layer 3 switch
B. Sniffer
C. Router
D. VPN concentrator

D

24
Which of the following is used to perform end point posture assessment?
A. NAC
B. DMZ
C. VPN
D. NAT

A

25
A security administrator was recently terminated. Upon deleting their account, all the company data was also deleted from the servers. Which of the following malware types is being described in this situation?
A. Botnet
B. Trojan
C. Logic bomb
D. Virus

C

26
Which of the following, when used periodically, is MOST likely to detect users with multiple accounts?
A. Account logging
B. Account deletion
C. Account locking
D. Account revalidation

D

27
Which of the following is MOST likely to be detected during application security testing if secure coding techniques were not followed?
A. Malicious software embedded in the application web service
B. Outdated antivirus signatures and missing server patches
C. Invalid input data handling and possible cross-site scripting issues
D. Missing server patches leading to operating system exploits

C

28
Which of the following account policies would a security administrator implement to disable a user's account after a certain period of time?
A. Lockout
B. Expiration
C. Complexity
D. Recovery

B

29
Which of the following attacks allows access to contact lists on cellular phones?
A. War chalking
B. Blue jacking
C. Packet sniffing
D. Bluesnarfing

D

30
Which of the following can be implemented to prevent portable devices from being stolen?
A. Whole disk encryption
B. Cable locks
C. GPS tracking
D. Screen locks

B

31
In order for a user to visit a website without certificate warnings, the certificate MUST have been issued by a:
A. CA listed in the CRL.
B. CA the user's browser trusts.
C. CA trusted by the web server.
D. CRL trusted by the user's browser.

B

32
An administrator values transport security strength above network speed when implementing an SSL VPN. Which of the following encryption ciphers would BEST meet their needs?
A. SHA256
B. RC4
C. 3DES
D. AES128

D

33
Which of the following identifies certificates that have been compromised or suspected of being compromised?
A. Certificate revocation list
B. Access control list
C. Key escrow registry
D. Certificate authority

A

34
Users in a high crime area commonly report cell phone theft. These reports are made anywhere from hours to days after the theft. A security administrator is tasked with implementing a strategy to recover cell phones if they are stolen, as well as prevent their data from being accessed. Which of the following strategies would BEST accomplish these goals? (Select TWO).
A. WPA wireless
B. Mobile firewall
C. Device encryption
D. GPS tracking
E. Mobile antivirus

C,D

35
Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?
A. Spam filter
B. IDS
C. Firewall
D. Malware inspection

B

36
Which of the following network devices allows web traffic to be distributed amongst servers?
A. Web security gateway
B. Load balancers
C. NIDS
D. Routers

B

37
All of the following are encryption types EXCEPT:
A. full disk.
B. SMIME.
C. file and folder.
D. RADIUS.

D

38
The FIRST step when developing a contingency plan is to:
A. Determine if a business impact analysis is needed.
B. Identify the systems and resources impacted.
C. Test the disaster recovery plan.
D. Remove the single point of failure.

B

39
A company has had several known incidents of employees copying sensitive data to USB drives, posting trade secrets to Internet websites, and emailing trade secrets to competitors. This company should implement which of the following? (Select TWO).
A. Full disk encryption
B. Network IDS
C. Data loss prevention
D. Anti-spyware
E. USB device control

C,E

40
Highly sensitive data is stored in a database and is accessed by an application on a DMZ server.
The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server?
A. SQL Injection
B. Theft of the physical database server
C. Cookies
D. Cross-site scripting

A

41
An application vendor recommends that an application be installed with a non-administrative account. This is an example of:
A. A discretionary access control list.
B. Least privilege.
C. OS hardening.
D. Separation of duties.

B

42
Role-based access control is BEST defined as an authorization system by which:
A. Privileges are granted to persons based on membership in one or more functional groups.
B. A separate user account is created for each functional role a person has.
C. Access is limited to the time of day a person is expected to work.
D. Privileges are assigned to each person based upon authorized requests.

A

43
Security of data at rest and in transit is important in cloud computing because unlike traditional corporate server environments:
A. Applications in a cloud are load balanced across multiple hosts.
B. Data in a cloud is transient and moved regularly.
C. Systems in a cloud can be shared by multiple parties.
D. Hardware in a cloud is located overseas and accessed by a single party.

C

44
Full disk encryption is MOST effective against which of the following threats?
A. Denial of service by data destruction
B. Eavesdropping emanations
C. Malicious code
D. Theft of hardware

D

45
In order to use a two-way trust model the security administrator MUST implement which of the following?
A. DAC
B. PKI
C. HTTPS
D. TPM

B

46
A user was able to access a system when they arrived to work at 5:45 a.m. Just before the user left at 6:30 p.m., they were unable to access the same system, even though they could ping the system. In a Kerberos realm, which of the following is the MOST likely reason for this?
A. The user's ticket has expired.
B. The system has lost network connectivity.
C. The CA issued a new CRL.
D. The NTP server is down.

A

47
Which of the following would MOST likely be used to control the type of traffic going in and out of an email server?
A. Spam filter
B. Host based IDS
C. Host based firewall
D. Network based IDS

C

48
Which of the following should be implemented to prevent exposure of sensitive data when a smartphone is lost or stolen? (Select TWO).
A. Camera
B. Encryption
C. Removable SD card
D. PIN
E. GPS tracking software

B,D

49
When a security administrator cannot verify who provided a hard drive image, then:
A. chain of custody is preserved.
B. the image must be rehashed.
C. the hash must be verified.
D. chain of custody is destroyed.

D

50
Which of the following MUST be implemented when a company has only one available publicly addressable IP address and many users that need Internet connectivity?
A. DMZ
B. VLAN
C. NAT
D. Subnetting

C

51
Which of the following ports would need to be open to allow HTTPS by default?
A. 25
B. 80
C. 443
D. 530

C

52
An administrator begins the initial configuration of a replacement IPS. The device reports IRC attacks, SMTP relays, port scans, and other various malicious network activities. Which of the following is MOST likely occurring?
A. The old IPS was infected
B. False positives are being reported
C. There is a malicious insider threat
D. The new IPS is on the wrong subnet

B

53
Which of following is listed in order of highest volatility to lowest volatility?
A. Memory, Swap, Network Processes, System Processes, and File System
B. Swap files, Memory, Network Processes, System Processes, and File System
C. Network Process, Swap, System Processes, Memory, and File System
D. Memory, Swap, File System, Network and System Processes

A

54
Which of the following is a reason a security administrator would implement Kerberos over local system authentication?
A. Authentication to multiple devices
B. Centralized file integrity protection
C. Non-repudiation
D. Greater password complexity

A

55
Proper labeling of sensitive information supports which of the following security principles?
A. Enforces proper authentication of accessing users
B. Supports integrity in data backups
C. Ensures accountability for destruction of the document
D. Prevents disclosure of sensitive information

D

56
Which of the following is a correct formula for calculating mean time between failures (MTBF)?
A. MTBF = (Time observed) / (number of failures)
B. MTBF = (Number of failures) / (time observed)
C. MTBF = (Time observed) - (number of failures)
D. MTBF = (Number of failures) x (time observed)

A

57
Which of the following is often used to verify connectivity on a network?
A. DNS
B. DHCP
C. ICMP
D. NAC

C

58
Requiring technicians to report spyware infections is a step in which of the following?
A. Routine audits
B. Change management
C. Incident management
D. Clean desk policy

C

59
Routers are MOST often used as edge devices to:
A. remove viruses and scan content.
B. filter high volumes of traffic efficiently.
C. filter out spam from SMTP traffic.
D. authenticate multiple IPSec tunnels.

B

60
After performing a port scan, a network administrator observes that port 443 is open. Which of the following services is MOST likely running?
A. SSL
B. FTP
C. TELNET
D. SSH

A

61
Secure Shell uses which of the following ports by default?
A. 21
B. 22
C. 23
D. 25

B

62
Which of the following software types should be installed if users have issues with random browser screens appearing while working on the Internet?
A. Anti-spam
B. Screen locks
C. Antivirus
D. Pop-up blockers

D

63
An administrator successfully establishes an SSH tunnel between two servers for SMTP and FTP communication. However, attempts to establish a SSH tunnel for TFTP communication fails.
Which of the following is MOST likely the reason for the communication failure?
A. TFTP uses the same port as SSH.
B. SSH has a tunnel limitation of two.
C. TFTP and FTP cannot coexist with a SSH tunnel.
D. SSH tunnels are limited to TCP.

D

64
Which of the following would help secure a router? (Select TWO).
A. Disable Telnet
B. Enable HTTP
C. Enable IPX
D. Disable hash route updates
E. Enable encrypted passwords

A,E

65
Which of the following malware types typically allows an attacker to monitor a user's computer, is characterized by a drive-by download, and requires no user interaction?
A. Virus
B. Logic bomb
C. Spyware
D. Adware

C

66
Which of the following is a cryptographic attack against a WEP enabled access point?
A. Interference
B. IV attack
C. Bluesnarfing
D. Packet sniffing

B

67
An attacker tricks a user into authenticating to a fake wireless network and then inserts malicious code into strings as the user passes by. Which of the following describes this attack?
A. SQL injection
B. Malicious insider
C. Evil twin
D. User impersonation

C

68
Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?
A. Rogue access point
B. Zero day attack
C. Packet sniffing
D. LDAP injection

D

69
Which of the following application attacks MOST likely requires 'x90' to be placed into the malicious code?
A. MAC filtering
B. Buffer overflow
C. War driving
D. Code review

B

70
Which of the following is identified by the command:. 'INSERT INTO users ("admin", "admin");'?

A. SQL Injection
B. Directory traversal
C. LDAP injection
D. Session hijacking

A

71
Which of the following protocols provides transport security for web-enabled applications?
A. SSH
B. TLS
C. SFTP
D. IPSec

B

72
Which of the following mitigation strategies is intended to give the BEST ROI?
A. Implement security controls before routine audits
B. Implement security controls based on risk
C. Implement security controls based on training
D. Implement all possible security controls

B

73
Which of the following data restorations has to be performed in sequence?
A. Differential
B. Off-site
C. Incremental
D. Redundant

C

74
A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).
Which of the following attack types has occurred?
A. Buffer overflow
B. Cross-site scripting
C. XML injection
D. SQL injection

A

75
Examination of a compromised web server shows that an attacker was able to access a vulnerable sample script that was included with the default website instance as the entry point.
Which of the following would prevent this type of incident in the future?
A. OS hardening
B. Application hardening
C. IDS
D. Antivirus

B

76
A security administrator must be able to identify and validate every use of local administrative accounts across a large number of Windows and Linux servers. Which of the following offers the BEST solution?
A. Modify the system baseline to increase log retention and enable a host firewall.
B. Monitor LDAP and Active Directory for the use of Administrative accounts.
C. Add or enable a NIDS signature for administrative activity.
D. Implement centralized log collection for each server and define a log review process.

D

77
Which of the following, when incorporated into a disk encryption solution, adds the MOST security?
A. SHA256 hashing
B. Password complexity requirement
C. HMAC
D. Trusted platform module

D

78
When a username is checked against an access list, which of the following does it provide?
A. Identification and authentication
B. Identification and authorization
C. Authentication and authorization
D. Authentication and integrity

B

79
FTP/S uses which of the following TCP ports by default?
A. 20 and 21
B. 139 and 445
C. 443 and 22
D. 989 and 990

D

80
Which of the following should be considered when implementing WPA vs. WPA2?
A. LEAP vs. PEAP
B. SSID vs. MAC
C. SHA1 vs. MD5
D. CCMP vs. TKIP

D

81
Which of the following is an encapsulated authentication protocol?
A. CCMP
B. LEAP
C. TKIP
D. WEP

B

82
Following the order of volatility, taking hashes, and maintaining a chain of custody describes which of the following?
A. Forensics
B. Incident response
C. Business continuity
D. Disaster recovery

A

83
Which of the following attacks is MOST likely to be performed against an FTP server?
A. DLL injection
B. SQL injection
C. LDAP injection
D. Command injection

D

84
Which of the following should be used when deploying an e-commerce site?
A. Commercial CA certificate
B. Header manipulation
C. Self-signed certificate
D. Digital signature

A

85
Which of the following authentication services uses a ticket granting system to provide access?
A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos

D

86
Various users throughout the company are reporting heavy latency and even outage issues. The security administrator believes that the issues may be due to an incorrectly configured network.
Which of the following would assist the security administrator in finding the location of the faults?
A. Log analysis
B. ACLs
C. Vulnerability scan
D. Port scanner

A

87
During a recent protocol analysis, the security administrator notices that port 23 is being used to access various network devices. Which of the following protocols is MOST likely being used by default?
A. TELNET
B. SSH
C. SSL
D. SNMP

A

88
A security administrator wants to ensure that the message they are sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?
A. Availability
B. Integrity
C. Accounting
D. Confidentiality

B

89
The security administrator is implementing a new design to minimize the footprint in the datacenter and reduce the amount of wasted resources without losing physical control of the equipment.
Which of the following would they need to implement?
A. Virtualization
B. Cloud computing
C. New ACLs
D. VLAN management

A

90
Which of the following would a company use as photo identification as well as authorization and access control for physical and logical reasons?
A. ACLs
B. Smart card
C. Key fobs
D. Common access card

D

91
A company replaces a number of devices with a mobile appliance, combining several functions.
Which of the following descriptions fits this new implementation? (Select TWO).
A. Cloud computing
B. Virtualization
C. All-in-one device
D. Load balancing
E. Single point of failure

C,E

92
A security administrator with inside knowledge of a company is asked to perform a penetration test. Which of the following describes this type of testing?
A. White Hat
B. Black Hat
C. White Box
D. Black Box

C

93
A security consultant is asked to perform a penetration test with no inside knowledge of the company. Which of the following describes this type of testing?
A. White Hat
B. Black Hat
C. White Box
D. Black Box

D

94
A security administrator is asked to perform a penetration test for their company. Which of the following describes this type of penetration tester?
A. Black Box
B. White Hat
C. White Box
D. Black Hat

B

95
A security administrator decides to perform an unauthorized penetration test against a competing company. Which of the following describes this type of penetration tester?
A. White Box
B. Black Box
C. White Hat
D. Black Hat

D

96
Which of the following is used to encrypt defined groups of data before they are transmitted?
A. Digital signature
B. Block cipher
C. Hashing
D. Stream cipher

B

97
Which of the following technological implementations uses PKI? (Select TWO).
A. FTP
B. HTTPS
C. WEP
D. VPN
E. VLAN

B,D

98
Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption?
A. AES
B. Blowfish
C. RC5
D. 3DES

B

99
A corporation requires that all employees have a backup for their position in case of disaster. This is known as which of the following?
A. Succession planning
B. Collusion
C. Separation of duties
D. Job rotation

A

100
Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?
A. Train employees on correct data disposal techniques and enforce policies.
B. Only allow employees to enter or leave through one door at specified times of the day.
C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.
D. Train employees on risks associated with social engineering attacks and enforce policies.

D

101
An employee receives an email message that looks like it was sent from the Chief Executive Officer (CEO) but is attempting to sell them prescription medicine. This could be an example of which of the following?
A. XML injection
B. SQL injection
C. Spoofing
D. Session hijacking

C

102
The main difference between symmetric and asymmetric encryption is that:
A. symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses one key to encrypt and one to decrypt.
B. in symmetric encryption the encryption key must be of even number length so that it can be split in two, where one part is used for encryption and the other is used for decryption.
C. asymmetric encryption uses the same key for encryption and decryption, while symmetric encryption uses one key to encrypt and one to decrypt.
D. in asymmetric encryption the same key is given to one user in a hashed format and used for encryption, and to another used in plain text and used for decryption.

A

103
Which of the following is usually encrypted when stored or transmitted?
A. CRL
B. Private key
C. Root certificate
D. Public key

B

104
The private key is used to do which of the following? (Select TWO).
A. Encrypt messages
B. Perform key recovery
C. Validate the identity of an email receiver
D. Decrypt messages
E. Validate the CRL

A,D

105
A security administrator must block all incoming traffic, except for HTTP from the Internet to the company's web server with the IP 10.x.x.x. Which of the following ACLs BEST achieves this administrator's task?
A. PERMIT ANY 10.x.x.x 80
DENY ANY ANY

B. DENY ANY ANY
PERMIT 10.x.x.x 80

C. PERMIT 10.x.x.x any 80
DENY ANY ANY

D. PERMIT ANY ANY 80
DENY ANY ANY

A

106
A security administrator would implement 802.1x to establish:
A. VLAN trunking.
B. a complex ACL.
C. authenticated endpoints.
D. TKIP on a wireless.

C

107
Which of the following is a security administrator performing when redirecting the output of an OS random generator device into the input of an executable program?
A. Hardening the executable
B. Patching the executable
C. Fuzzing
D. Testing XSRF

C

108
Users in a financial office are reporting that they are not being asked for credentials anymore when successfully connecting to the company wireless. All other offices are still being authenticated on the wireless. Which of the following is this an example of?
A. Evil twin
B. Interference
C. IV attack
D. War driving

A

109
A security administrator has noticed a large number of ACL entries on the firewall for a specific host. Which of the following hardening practices can help reduce the complexity of the ACL?
A. Enabling the application logs
B. Enabling and configuring IPv6
C. Disabling unused accounts
D. Disabling unnecessary services

D

110
Which of the following measures can an administrator implement to prevent rootkits on a system? (Select TWO).
A. Antivirus
B. Stateful firewall
C. IDS
D. Log parser
E. Network sniffer

A,B

111
Which of the following is BEST used to separate and group devices based on business need or security requirements?
A. Virtualization
B. NAT
C. VLAN
D. Subnetting

C

112
Products like Metasploit and Cain & Abel are often used to perform which of the following?
A. SNMP trap collection
B. Penetration testing
C. Code review
D. Application baselining

B

113
Which of the following are the Rijndael ciphers chosen to replace DES?
A. 3DES
B. Serpent
C. Twofish
D. AES

D

114
Which of the following uses openly available standards to provide a hashing function? (Select TWO).
A. Twofish
B. AES
C. HMAC
D. RC4
E. GPG

C,E

115
Which of the following use port 22 by default? (Select TWO).
A. SSH
B. SMTP
C. SNMP
D. SCP
E. SSL

A,D

116
An attacker captures wireless traffic and changes their laptop's wireless card setting to 00-12-79-BD-65-7D to match an observed wireless client. Which AP security measure would this defeat?
A. WEP
B. SSID broadcast
C. WPA2
D. MAC filtering

D

117
Which of the following can be used to determine which services may be running on a host, but not if they are exploitable?
A. Baseline analyzer
B. Port scanner
C. Virus scanner
D. Vulnerability scanner

B

118
An administrator captures traffic sent between a router and a monitoring server on port 161. The packet payload contains the strings 'PUBLIC' and 'PRIVATE'. Which of the following was MOST likely used to capture this traffic?
A. Vulnerability scanner
B. Protocol analyzer
C. SNMPv3
D. SNMPv2c

B

119
An administrator is hardening email application communication to improve security. Which of the following could be performed?
A. Remove gateway settings from the route table
B. Password protect the server BIOS
C. Disabling high I/O services
D. Require TLS when using SMTP

D

120
Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services?
A. Hot site
B. Warm site
C. Cold site
D. Mobile site

D

121
Which of the following terms is used to describe predictable failure points for equipment or services?
A. RTO
B. MTTR
C. RPO
D. MTBF

D

122
Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?
A. Vulnerability scanning
B. Port scanning
C. Penetration testing
D. Black box

A

123
A security administrator is aware that a portion of the company's Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?
A. Patch management assessment
B. Business impact assessment
C. Penetration test
D. Vulnerability assessment

C

124
Which of the following BEST describes the primary business reasons to collect security incident data for trending purposes? (Select TWO).
A. To determine if security monitoring should be outsourced
B. To determine if protective controls are adequate
C. To determine if the cost of security controls are adequate
D. To determine if IDS products are functioning correctly
E. To determine if incident response capability is sufficient

B,E

125
Which of the following is a technical preventive control?
A. IDS
B. Data backup
C. Audit logs
D. ACLs

D

126
Data classification and labeling is an example of:
A. preventative administrative control.
B. deterrent technical control.
C. preventative technical control.
D. deterrent administrative control.

A

127
Which of the following authentication methods is typical among corporate environments to authenticate a list of employees?
A. Twofish
B. ACLs
C. LDAP
D. Kerberos

C

128
Which of the following tools can be used by an attacker to assess running applications on a remote host?
A. Baseline
B. Honeypot
C. Port scanner
D. Honeynet

C

129
Please be aware that if you do not accept these terms you will not be allowed to take this CompTIA exam and you will forfeit the fee paid.
A. RETURN TO EXAM
B. EXIT EXAM

A

130
Which of the following security controls would be applied on individual hosts to monitor suspicious activities, by actively analyzing events occurring within that host, and blocking any suspicious or abnormal activity?
A. HIPS
B. Spam filter
C. HIDS
D. Firewall

A

131
Which of the following is the STRONGEST algorithm for password hashes?
A. AES
B. SHA-1
C. 3DES
D. MD5

B

132
A company is looking to implement a new system of desktops to its employees based on thin client technology. Which of the following implementations would fit the company's needs and allow for quick reimaging of machines in case of a virus attack?
A. SCAP
B. VLAN
C. SAN
D. VDI

D

133
A maintenance director is requesting a new insurance quote through email from the insurance agent. The quote is for a new building complex that was bought last month by the director's company. Which of the following can be used to ensure that the quote is legitimate and from the trusted insurance agent?
A. Certificate revocation list
B. Hashing
C. Digital signature
D. Code signing

C

134
A technician would like to separate network access to the accounting department because of previous attacks targeting the accounting workstations. Which of the following allows the technician to separate networks by using existing network equipment?
A. DNS
B. OCSP
C. SAN
D. VLAN

D

135
An administrator is creating a new security policy and must consider many stakeholders as well as current regulations, and the company direction. For the BEST success in policy roll out, which stakeholder is the MOST important to consider?
A. End users
B. Information security team
C. Senior leadership team
D. Customers and vendors

C

136
Which of the following ports is used by FTPS by default?
A. 69
B. 443
C. 990
D. 1025

C

137
Which of the following ports is used by RDP by default?
A. 990
B. 1494
C. 3389
D. 8080

C

138
Which of the following increases proper airflow in a datacenter?
A. Humidity controls
B. Video monitoring
C. Temperature controls
D. Hot and cold aisles

D

139
Implementation of routine file hash validation is an example of which of the following security concepts?
A. Vulnerability
B. Confidentiality
C. Integrity
D. Availability

C

140
Which of the following should the security administrator implement to limit all network traffic based on country of origin?
A. URL filtering
B. Firewalls
C. Spam filtering
D. Proxies

B

141
In which of the following orders should an administrator capture a system's data for forensics investigation?
A. Hard disk, swap file, system memory, CPU cache
B. CPU cache, system memory, swap file, hard disk
C. System clock, flash BIOS, memory, hard disk
D. Flash BIOS, system memory, swap file, hard disk

B

142
Employees are reporting that unauthorized personnel are in secure areas of the building. This is MOST likely due to lack of security awareness in which of the following areas?
A. Impersonation
B. Logical controls
C. Physical security controls
D. Access control policy

C

143
A security administrator conducted a scan and generated a vulnerability report for the Chief Executive Officer (CEO). The vulnerability report indicated several vulnerabilities but the CEO has decided that cost and operational impact outweigh the risk. This is an example of which of the following?
A. Risk transference
B. Risk acceptance
C. Risk avoidance
D. Risk mitigation

B

144
A company suspects that one of its employees is conducting fraudulent activities by selling company information to its competitors through email. Which of the following should the company do FIRST?
A. Contain the email system
B. Conduct an analysis of the employee's system
C. Contact senior management
D. Activate the incident response team

D

145
Which of the following BEST represents the goal of a vulnerability assessment?
A. To test how a system reacts to known threats
B. To reduce the likelihood of exploitation
C. To determine the system's security posture
D. To analyze risk mitigation strategies

C

146
When physically installing wireless networks, one must consider that:
A. the access point is placed near structures to avoid attenuation-based attacks.
B. the access points have matching MACs to provide secure redundant connection profiles.
C. neighboring access points must operate on the same frequency.
D. the placement of the antennae does not allow network access outside of the building.

D

147
In an effort to secure data in the event of a stolen laptop with minimal user impact, which of the following strategies should the IT department use?
A. Require users to carry token identification
B. Enforce two-factor authentication using biometrics
C. Install full disk encryption on the system's hard drive
D. Disable the use of USB ports through group policy

C

148
Following the recovery from a major virus incident, the incident response team is assembled to perform post-mortem analysis and review lessons learned. This activity is MOST likely to occur during which of the following phases?
A. Validation
B. Identification
C. Recovery
D. Containment
E. Eradication
F. Follow-up

F

149
A financial services company is concerned about the risk of employees sending confidential and proprietary information outside of the network. Which of the following solutions will BEST mitigate the perceived risk?
A. Intrusion prevention system
B. Intrusion detection system
C. Vulnerability scanning
D. Data loss prevention

D

See More

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set