Advertisement Upgrade to remove ads

Which of the following logical access control methods would a security administrator need to
modify in order to control network traffic passing through a router to a different network?

A. Configuring VLAN 1
B. ACL
C. Logical tokens
D. Role-based access control changes

ACL

Which of the following tools limits external access to the network?

A. IDS
B. VLAN
C. Firewall
D. DMZ

Firewall

Which of the following tools was created for the primary purpose of reporting the services that are
open for connection on a networked workstation?

A. Protocol analyzer
B. Port scanner
C. Password crackers
D. Vulnerability scanner

Port scanner

Which of the following is MOST likely to be an issue when turning on all auditing functions within a
system?

A. Flooding the network with all of the log information
B. Lack of support for standardized log review tools
C. Too much information to review
D. Too many available log aggregation tools

Too much information to review

Upon opening the browser, a guest user is redirected to the company portal and asked to agree to
the acceptable use policy. Which of the following is MOST likely causing this to appear?

A. NAT
B. NAC
C. VLAN
D. DMZ

NAC

USB devices with a virus delivery mechanism are an example of which of the following security
threats?

A. Adware
B. Trojan
C. Botnets
D. Logic bombs

Trojan

Cell phones with network access and the ability to store data files are susceptible to which of the
following risks?

A. Input validation errors
B. SMTP open relays
C. Viruses
D. Logic bombs

Viruses

When establishing a connection between two IP based routers, which of the following protocols is
the MOST secure?

A. TFTP
B. HTTPS
C. FTP
D. SSH

SSH

Which of the following algorithms provides better protection against brute force attacks by using a
160-bit message digest?

A. MD5
B. SHA-1
C. LANMAN
D. NTLM

SHA-1

Which of the following access control technologies provides a rolling password for one-time use?

A. RSA tokens
B. ACL
C. Multifactor authentication
D. PIV card

RSA Tokens

Which of the following technologies is used to verify that a file was not altered?

A. RC5
B. AES
C. DES
D. MD5

MD5

Which of the following uses an RC4 key that can be discovered by eavesdropping on plain text
initialization vectors?

A. WEP
B. TKIP
C. SSH
D. WPA

WEP

An administrator wants to crack passwords on a server with an account lockout policy. Which of
the following would allow this without locking accounts?

A. Try guessing passwords slow enough to reset the bad count interval.
B. Try guessing passwords with brute force.
C. Copy the passwordfile offline and perform the attack on it.
D. Try only real dictionary words.

Copy the password file offline and perform the attack on it

A user reports that each time they attempt to go to a legitimate website, they are sent to an
inappropriate website. The security administrator suspects the user may have malware on the
computer, which manipulated some of the user's files. Which of the following files on the user's
system would need to be checked for unauthorized changes?

A. SAM
B. LMhosts
C. Services
D. Hosts

Hosts

An administrator needs to limit and monitor the access users have to the Internet and protect the
internal network. Which of the following would MOST likely be implemented?

A. A heuristic firewall
B. DNS caching on the client machines
C. A pushed update modifying users' local host file
D. A content-filtering proxy server

A content-filtering proxy server

Which of the following is a malicious program used to capture information from an infected
computer?

A. Trojan
B. Botnet
C. Worm
D. Virus

Trojan

The security administrator needs to make a change in the network to accommodate a new remote
location. The new location will be connected by a serial interface, off the main router, through a
commercial circuit. This remote site will also have traffic completely separated from all other traffic.
Which of the following design elements will need to be implemented to accommodate the new
location?

A. VLANs need to be added on the switch but not the router.
B. The NAT needs to be re-configured to allow the remote location.
C. The current IP scheme needs to besubnetted.
D. The switch needs to be virtualized and a new DMZ needs to be created

The current IP scheme needs to be subnetted

Which of the following is the MOST secure authentication method?

A. Smartcard
B. Iris
C. Password
D. Fingerprints

Iris

Mitigating security risks by updating and applying hot fixes is part of:

A. patch management.
B. vulnerability scanning.
C. baseline reporting.
D. penetration testing.

Patch Management

When reviewing IDS logs, the security administrator notices many events pertaining to a "NOOP
sled". Which of the following attacks is occurring?

A. Man-in-the-middle
B. SQL injection
C. Buffer overflow
D. Session hijacking

Buffer Overflow

Which of the following is the MAIN difference between a hotfix and a patch?

A. Hotfixes follow a predetermined release schedule while patches do not.
B. Hotfixes are smaller than patches.
C. Hotfixes may be released at anytime and will later be included in a patch.
D. Patches can only be applied after obtaining proper approval, whilehotfixes do not need
management approval

Hotfixes may be released at anytime and will later be included in a patch

A vulnerability assessment was conducted against a network. One of the findings indicated an outdated
version of software. This is an example of weak:

A. security policies.
B. patch management.
C. acceptable use policies.
D. configuration baselines.

Patch Management

Which of the following tools can execute a ping sweep?

A. Protocol analyzer
B. Anti-virus scanner
C. Network mapper
D. Password cracker

Network Mapper

Which of the following is a newer version of SSL?
A. SSH
B. IPSec
C. TLS
D. L2TP

TLS

A technician visits a customer site which prohibits portable data storage devices. Which of the
following items would be prohibited? (Select TWO).

A. USB Memory key
B. Bluetooth-enabled cellular phones
C. Wireless network detectors
D. Key card
E. Items containing RFID chips

USB Memory Key, Bluetooth-Enabled Cellular Phones

Which of the following is used when performing a qualitative risk analysis?

A. Exploit probability
B. Judgment
C. Threat frequency
D. Asset value

Exploit Probability

A certificate has been revoked, and the administrator has issued new keys. Which of the following
must now be performed to exchange encrypted email?

A. Exchange private keys with each other
B. Recover old private keys
C. Recover old public keys
D. Exchange public keys with each other

Exchange public keys with each other

Exploitation of security vulnerabilities is used during assessments when which of the following is
true?

A. Security testers have clear and written authorization to conduct vulnerability scans.
B. Security testers are trying to document vulnerabilities without impacting network operations.
C. Network users have permissions allowing access to network devices with security weaknesses.
D. Security testers have clear and written authorization to conduct penetration testing.

Security testers have clear and written authorization to conduct penetration testing

Which of the following should a technician deploy to detect malicious changes to the system and
configuration?

A. Pop-up blocker
B. File integrity checker
C. Anti-spyware
D. Firewall

File Integrity Checker

In order to prevent data loss in case of a disk error which of the following options would an
administrator MOST likely deploy?

A. Redundant connections
B. RAID
C. Disk striping
D. Redundant power supplies

RAID

A technician has installed security software; shortly thereafter the response time slows
considerably. Which of the following can be used to determine the effect of the new software?

A. Event logs
B. System monitor
C. Performance monitor
D. Protocol analyzer

Performance Monitor

After installing database software the administrator must manually change the default
administrative password, remove a default database, and adjust permissions on specific files.
These actions are BEST described as:

A. vulnerability assessment.
B. mandatory access control.
C. application hardening.
D. least privilege

Mandatory Access Control

Which of the following is the BEST mitigation method to implement when protecting against a
discovered OS exploit?

A. NIDS
B. Patch
C. Antivirus update
D. HIDS

Patch

Which of the following is the primary concern of governments in terms of data security?

A. Integrity
B. Availability
C. Cost
D. Confidentiality

Confidentiality

Which of the following is BEST used to change common settings for a large number of deployed
computers?
A. Group policies
B. Hotfixes
C. Configuration baselines
D. Security templates

Group Policies

Which of the following solutions would a company be MOST likely to choose if they wanted to
conserve rack space in the data center and also be able to manage various resources on the
servers?

A. Install a manageable, centralized power and cooling system
B. Server virtualization
C. Different virtual machines on a local workstation
D. Centralize all blade servers and chassis within one or two racks

Server Virtualization

A rogue wireless network is showing up in the IT department. The network appears to be coming
from a printer that was installed. Which of the following should have taken place, prior to this
printer being installed, to prevent this issue?

A. Installation of Internet content filters to implement domain name kiting.
B. Penetration test of the network to determine any further rogue wireless networks in the area.
C. Conduct a security review of the new hardware to determine any possible security risks.
D. Implement a RADIUS server to authenticate all users to the wireless network.

Conduct a security review of the new hardware to determine any possible security risks

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. Eavesdropping
B. Process hiding
C. Self-replication
D. Popup displays

Self-Replication

Which of the following is used to generate keys in PKI?

A. AES
B. RSA
C. DES
D. 3DES

RSA

Which of the following methods is a best practice for granting access to resources?

A. Add ACLs to computers; add computers to groups.
B. Add ACLs to users; add users to groups.
C. Add users to ACLs; add computers to groups.
D. Add groups to ACLs; add users and computers to groups.

Add groups to ACLs; add users and computers to groups

Which of the following may cause a user, connected to a NAC-enabled network, to not be
prompted for credentials?

A. The user's PC is missing the authentication agent.
B. The user's PC is not fully patched.
C. The user's PC is not at the latest service pack.
D. The user's PC has out-of-date antivirus software.

The user's PC is missing the authentication agent

When used to encrypt transmissions, which of the following is the MOST resistant to brute force
attacks?

A. SHA
B. MD5
C. 3DES
D. AES256

AES256

Which of the following BEST describes how the private key is handled when connecting to a
secure web server?

A. The key is not shared and remains on the server
B. Anyone who connects receives the key
C. Only users from configured IP addresses received the key
D. All authenticated users receive the key

The key is not shared and remains on the server

A user visits their normal banking website. The URL is correct and the website is displayed in the
browser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by an
unknown authority. Which of the following has occurred?

A. Domain name kiting
B. Privilege escalation
C. Replay attack
D. Man-in-the-middle attack

Man-in-the-middle attack

A technician reviews the system log entries for an internal DNS server. Which of the following
entries MOST warrants further investigation?

A. DNS query from a source outside the organization
B. DNS query from a source inside the organization
C. Zone transfer to a source inside the organization
D. Zone transfer to a source outside the organization

Zone transfer to a source outside the organization

Monitoring a computer's logs and critical files is part of the functionality of a:

A. NIPS.
B. HIDS.
C. firewall.
D. honeypot.

HIDS

Which of the following can be implemented as an OS hardening practice to mitigate risk?

A. Domain name kiting
B. Removable storage
C. Input validation
D. Security templates

Security templates

Continuously documenting state and location of hardware from collection to disposition during a
forensic investigation is known as:

A. risk mitigation.
B. data handling.
C. chain of custody.
D. incident response.

Incident Response

Which of the following is an example of two factor authentication?

A. PIN and password
B. Smartcard and token
C. Smartcard and PIN
D. Fingerprint and retina scan

Smartcard and PIN

Which of the following uses a three-way-handshake for authentication and is commonly used in
PPP connections?

A. MD5
B. CHAP
C. Kerberos
D. SLIP

CHAP

A security analyst has been notified that one of the web servers has stopped responding to web
traffic. The network engineer also reports very high bandwidth utilization to and from the Internet.
Which of the following logs is MOST likely to be helpful in finding the cause and source of the
problem?

A. Access log
B. Event log
C. System log
D. Firewall log

Firewall Log

Which of the following ports would need to be open to allow TFTP by default?

A. 69
B. 110
C. 137
D. 339

69

Which of the following transmission types would an attacker most likely use to try to capture data
packets?

A. Shielded twisted pair
B. Fiberoptic
C. Bluesnarfing
D. Wireless

Wireless

Which of the following describes a port that is left open in order to facilitate access at a later date?

A. Honeypot
B. Proxy server
C. Open relay
D. Backdoor

Backdoor

Which of the following is often bundled with freely downloaded software?

A. Cookies
B. Logic bomb
C. Adware
D. Spam

Adware

Which of the following security types would require the use of certificates to verify a user's
identity?

A. Forensics
B. CRL
C. PKI
D. Kerberos

PKI

Which of the following can increase risk? (Select TWO)

A. Vulnerability
B. Mantrap
C. Configuration baselines
D. Threat source
E. Mandatory vacations

Vulnerability, Threat Source

An administrator believes a user is secretly transferring company information over the Internet.
The network logs do not show any non-standard traffic going through the firewall. Which of the
following tools would allow the administrator to better evaluate the contents of the network traffic?

A. Vulnerability scanner
B. Network anomaly detection
C. Protocol analyzer
D. Proxy server

Protocol Analyzer

Which of the following monitoring technology types is MOST dependent on receiving regular
updates?

A. Signature-based
B. Kerberos-based
C. Behavior-based
D. Anomaly-based

Signature-based

A company has just recovered from a major disaster. Which of the following should signify the
completion of a disaster recovery?

A. Verify all servers are back online and working properly.
B. Update the disaster recovery plan based on lessons learned.
C. Conduct post disaster recovery testing.
D. Verify all network nodes are back online and working properly.

Update the disaster recovery plan based on lessons learned

Which of the following is a public key cryptosystem?

A. RSA
B. SHA-1
C. 3DES
D. MD5

RSA

A user tries to plug their laptop into the company's network and receives a warning that their
patches and virus definitions are out-of-date. This is an example of which of the following
mitigation techniques?

A. NAT
B. Honeypot
C. NAC
D. Subnetting

NAC

A file has been compromised with corrupt data and might have additional information embedded
within it. Which of the following actions should a security administrator follow in order to ensure
data integrity of the file on that host?

A. Disable the wireless network and copy the data to the next available USB drive to protect the
data
B. Perform proper forensics on the file with documentation along the way.
C. Begin chain of custody for the document and disallow access.
D. Run vulnerability scanners and print all reports of all diagnostic results.

Perform proper forensics on the file with documentation along the way

Every company workstation contains the same software prior to being assigned to workers. Which
of the following software options would give remote users the needed protection from outside
attackers when they are outside of the company's internal network?

A. HIDS
B. Vulnerability scanner
C. Personal firewall
D. NIPS

Personal Firewall

To ensure users are logging into their systems using a least privilege method, which of the
following should be done?

A. Create a user account without administrator privileges.
B. Employ a BIOS password that differs from the domain password.
C. Enforce a group policy with the least amount of account restrictions.
D. Allow users to determine their needs and access to resources.

Create a user account without administrator privileges

A recent security audit shows an organization has been infiltrated with a former administrator's
credentials. Which of the following would be the BEST way to mitigate the risk of this vulnerability?

A. Conduct periodic audits of disaster recovery policies.
B. Conduct periodic audits of password policies.
C. Conduct periodic audits of user access and rights.
D. Conduct periodic audits of storage and retention policies.

Conduct periodic audits of user access and rights

A security administrator is analyzing the packet capture from an IDS triggered filter. The packet
capture shows the following string:
<scrip>source=http://www.evilsite.jp/evil.js</script>
Which of the following attacks is occurring?

A. SQL injection
B. Redirection attack
C. Cross-site scripting
D. XLM injection

Cross-site scripting

A user wants to edit a file that they currently have read-only rights to; however, they are unable to
provide a business justification, so the request is denied. This is the principle of:

A. separation of duties.
B. job-based access control
C. least privilege.
D. remote access policy.

Least Privilege

Which of the following concepts addresses the threat of data being modified without authorization?

A. Integrity
B. Key management
C. Availability
D. Non-repudiation

Integrity

An attacker sends packets to a host in hopes of altering the host's MAC table. Which of the
following is the attacker attempting to do?

A. Port scan
B. Privilege escalation
C. DNS spoofing
D. ARP poisoning

ARP Poisoning

Which of the following is a best practice for organizing users when implementing a least privilege
model?

A. By function
B. By department
C. By geographic location
D. By management level

By Function

Which of the following describes how long email messages are available in case of a subpoena?

A. Backup procedures
B. Retention policy
C. Backup policy
D. Email server configuration

Retention Policy

Management would like to know if anyone is attempting to access files on the company file server.
Which of the following could be deployed to BEST provide this information?
A. Software firewall
B. Hardware firewall
C. HIDS
D. NIDS

HIDS

Which of the following is the correct risk assessment equation?

A. Risk = exploit x number of systems x cost of asset
B. Risk = infections x number of days infected x cost of asset
C. Risk = threat x vulnerability x cost of asset
D. Risk = vulnerability x daysunpatched x cost of asset

Risk = threat x vulnerability x cost of asset

Which of the following is of the GREATEST concern in regard to a rogue access point?

A. Rogue access points are hard to find and remove from the network.
B. Rogue access points can scan the company's wireless networks and find other unencrypted
and rouge access points
C. The radio signal of the rogue access point interferes with company approved access points.
D. Rogue access points can allow unauthorized users access the company's internal networks.

Rogue access points can allow unauthorized users access to the company's internal networks

The process of validating a user's claimed identity is called:

A. identification.
B. authorization.
C. validation.
D. repudiation.

Identification

Which of the following is a benefit of utilizing virtualization technology?

A. Lowered cost of the host machine
B. Less overhead cost of software licensing
C. Streamline systems to a single OS
D. Fewer systems to monitor physical access

Fewer systems to monitor physical access

The security administrator wants to increase the cipher strength of the company's internal root
certificate. Which of the following would the security administer use to sign a stronger root
certificate?

A. Certificate authority
B. Registration authority
C. Key escrow
D. Trusted platform module

Certificate Authority

Which of the following describes a semi-operational site that in the event of a disaster, IT
operations can be migrated?

A. Hot site
B. Warm site
C. Mobile site
D. Cold site

Warm Site

Which of the following devices hooks into a LAN and captures traffic?

A. Protocol analyzer
B. Protocol filter
C. Penetration testing tool
D. Vulnerability assessment tool

Protocol Analyzer

When assessing a network containing resources that require near 100% availability, which of the
following techniques should be employed to assess overall security?

A. Penetration testing
B. Vulnerability scanning
C. User interviews
D. Documentation reviews

Vulnerability Scanning

Which of the following would MOST likely contain a <SCRIPT> tag?

A. Cookies
B. XSS
C. DOS
D. Buffer overflow

XSS

Which of the following is a reason why wireless access points should not be placed near a
building's perimeter?

A. Rouge access points
B. Vampire taps
C. Port scanning
D. War driving

War Diving

A new enterprise solution is currently being evaluated due to its potential to increase the
company's profit margins. The security administrator has been asked to review its security
implications. While evaluating the product, various vulnerability scans were performed. It was
determined that the product is not a threat but has the potential to introduce additional
vulnerabilities. Which of the following assessment types should the security administrator also take
into consideration while evaluating this product?

A. Threat assessment
B. Vulnerability assessment
C. Code assessment
D. Risk assessment

Risk Assessment

Which of the following tools BEST identifies the method an attacker used after they have entered
into a network?

A. Input validation
B. NIDS
C. Port scanner
D. HIDS

NIDS

Which of the following is a major risk associated with cloud computing?
A. Loss of physical control over data
B. Increased complexity of qualitative risk assessments
C. Smaller attack surface
D. Data labeling challenges

Loss of physical control over data

Which of the following is MOST likely the reason why a security administrator would run a Nessus
report on an important server?

A. To analyze packets and frames
B. To report on the performance of the system
C. To scan for vulnerabilities
D. To enumerate and crack weak system passwords

To scan for vulnerabilities

Which of the following BEST describes how the mandatory access control (MAC) method works?

A. It is an access policy based on a set of rules.
B. It is an access policy based on the role that the user has in an organization.
C. It is an access policy based on biometric technologies.
D. It is an access policy that restricts access to objects based on security clearance.

It is an access policy that restricts access to objects based on security clearance

Using a smartcard and a physical token is considered how many factors of authentication?
A. One
B. Two
C. Three
D. Four

One

Which of the following protocols is considered more secure than SSL?

A. TLS
B. WEP
C. HTTP
D. Telnet

TLS

A NIDS monitoring traffic on the public-side of a firewall provides which of the following?

A. Faster alerting to internal compromises
B. Intelligence about external threats
C. Protection of the external firewall interface
D. Prevention of malicious traffic

Intelligence about external threats

Which of the following is an important part of disaster recovery training?

A. Schemes
B. Storage locations
C. Chain of custody
D. Table top exercises

Table top exercises

Which of the following would a network administrator implement to control traffic being routed
between networks or network segments in an effort to preserve data confidentiality?

A. NAT
B. Group policies
C. Password policies
D. ACLs

ACLs

The security administrator wants each user to individually decrypt a message but allow anybody to
encrypt it. Which of the following MUST be implemented to allow this type of authorization?

A. Use of digital certificates
B. Use of public keys only
C. Use of private keys only
D. Use of public and private keys

Use of public and private keys

A security administrator is analyzing the packet capture from an IDS triggered filter. The packet
capture shows the following string:
a or1 ==1--
Which of the following attacks is occurring?

A. Cross-site scripting
B. XML injection
C. Buffer overflow
D. SQL injection

SQL injection

Which of the following has been implemented if several unsuccessful login attempts were made in
a short period of time denying access to the user account, and after two hours the account
becomes active?

A. Account lockout
B. Password expiration
C. Password disablement
D. Screen lock

Account lockout

Which of the following BEST describes an intrusion prevention system?

A. A system that stops an attack in progress.
B. A system that allows an attack to be identified.
C. A system that logs the attack for later analysis.
D. A system that serves as ahoneypot.

A system that stops an attack in progress

In the event of a disaster, in which the main datacenter is immediately shutdown, which of the
following would a company MOST likely use with a minimum Recovery Time Objective?

A. Fault tolerance
B. Hot site
C. Cold site
D. Tape backup restoration

Hot site

Which of the following methods involves placing plain text data within a picture or document?

A. Steganography
B. Digital signature
C. Transport encryption
D. Stream cipher

Steganography

Which of the following is a detective security control?

A. CCTV
B. Firewall
C. Design reviews
D. Bollards

CCTV

Which of the following can cause hardware based drive encryption to see slower deployment?

A. A lack of management software
B. USB removable drive encryption
C. Role/rule-based access control
D. Multifactor authentication with smart cards

USB Removable drive encryption

Which of the following is a reason to implement Kerberos over local system authentication?

A. Authentication to multiple devices
B. Centralized file integrity protection
C. Non-repudiation
D. Greater password complexity

Centralized file integrity protection

Which of the following should a security administrator implement to ensure there are no security
holes in the OS?

A. Encryption protocols
B. Firewall definitions
C. Patch management
D. Virus definitions

Patch Management

Which of the following cipher types is used by AES?

A. Block
B. Fourier
C. Stream
D. Turing

Block

Which of the following control systems is used to maintain proper environmental conditions in a
datacenter?

A. HVAC
B. Bollards
C. CCTV
D. Mantrap

HVAC

A penetration test shows that almost all database servers were able to be compromised through a
default database user account with the default password. Which of the following is MOST likely
missing from the operational procedures?

A. Application hardening
B. OS hardening
C. Application patch management
D. SQL injection

OS Hardening

A user reports that their 802.11n capable interface connects and disconnects frequently to an
access point that was recently installed. The user has a Bluetooth enabled laptop. A company in
the next building had their wireless network breached last month. Which of the following is MOST
likely causing the disconnections?

A. An attacker inside the company is performing abluejacking attack on the user's laptop.
B. Another user's Bluetooth device is causing interference with the Bluetooth on the laptop.
C. The new access point wasmis-configured and is interfering with another nearby access point.
D. The attacker that breached the nearby company is in the parking lot implementing a war driving
attack.

The new access point wasmis-configured and is interfering with another nearby access point.

Which of the following facilitates computing for heavily utilized systems and networks?

A. Remote access
B. Provider cloud
C. VPN concentrator
D. Telephony

VPN Concentrator

A security administrator finished taking a forensic image of a computer's memory. Which of the
following should the administrator do to ensure image integrity?

A. Run the image through AES128.
B. Run the image through a symmetric encryption algorithm.
C. Compress the image to a password protected archive.
D. Run the image through SHA256.

Run the image through SHA256

Which of the following is a reason to use TACACS+ over RADIUS?

A. Combines authentication and authorization
B. Encryption of all data between client and server
C. TACACS+ uses the UDP protocol
D. TACACS+ has less attribute-value pairs

Encryption of all data between client and server

A customer has called a company to report that all of their computers are displaying a rival
company's website when the user types the correct URL into the browser. All of the other websites
the user visits work correctly and other customers are not having this issue. Which of the following
has MOST likely occurred?

A. The website company has amisconfigured firewall.
B. The customer has a virus outbreak.
C. The customer's DNS has been poisoned.
D. The company's website has been attacked by the rival company

The customer's DNS has been poisoned

A targeted email attack sent to the company's Chief Executive Officer (CEO) is known as which of the following?

A. Whaling
B. Bluesnarfing
C. Vishing
D. Dumpster diving

Whaling

Which of the following describes an attack technique by which an intruder gains physical access
by following an authorized user into a facility before the door is closed?

A. Shoulder surfing
B. Tailgating
C. Escalation
D. Impersonation

Tailgating

Which of the following should be reviewed periodically to ensure a server maintains the correct
security configuration?

A. NIDS configuration
B. Firewall logs
C. User rights
D. Incident management

Firewall Logs

Which of the following is true when a user browsing to an HTTPS site receives the message: a
Site name mismatch'?

A. The certificate CN is different from the site DNS A record.
B. The CA DNS name is different from the root certificate CN.
C. The certificate was issued by the intermediate CA and not by the root CA.
D. The certificate file name is different from the certificate CN.

The certificate CN is different from the site DNS A record.

Which of the following will contain a list of unassigned public IP addresses?

A. TCP port
B. 802.1x
C. Loop protector
D. Firewall rule

Firewall Rule

DRPs should contain which of the following?

A. Hierarchical list of non-critical personnel
B. Hierarchical list of critical systems
C. Hierarchical access control lists
D. Identification of single points of failure

Hierarchical list of critical systems

Which of the following access control methods provides the BEST protection against attackers
logging on as authorized users?

A. Require a PIV card
B. Utilize time of day restrictions
C. Implement implicit deny
D. Utilize separation of duties

Utilize separation of duties

Several PCs are running extremely slow all of a sudden. Users of the PCs report that they do a lot
of web browsing and explain that a disgruntled employee from their department was recently fired.
The security administrator observes that all of the PCs are attempting to open a large number of
connections to the same destination. Which of the following is MOST likely the issue?

A. A logic bomb has been installed by the former employee
B. A man-in-the-middle attack is taking place.
C. The PCs have downloaded adware.
D. The PCs are being used in a botnet

The PCs are being used as a botnet

Which of the following is the BEST way to secure data for the purpose of retention?

A. Off-site backup
B. RAID 5 on-site backup
C. On-site clustering
D. Virtualization

Off-site backup

In the event of a disaster resulting in the loss of their data center, a company had determined that
they will need to be able to be back online within an hour or two, with all systems being fully up to
date. Which of the following would BEST meet their needs?

A. Off-site storage of backup tapes
B. A hot backup site
C. A cold backup site
D. A warm backup site

A hot backup site

Which of the following has a programmer MOST likely failed to consider if a user entering
improper input is able to compromise the integrity of data?

A. SDLM
B. Error handling
C. Data formatting
D. Input validation

Input Validation

Which of the following provides EMI protection?

A. STP
B. UTP
C. Grounding
D. Anti-static wrist straps

Anti-static wrist straps

A user reports that a web browser stopped working after it was updated. Which of the following
BEST describes a probable cause of failure?

A. The browser was previously compromised and corrupted during the update.
B. Anti-spyware is preventing the browser from accessing the network.
C. A faulty antivirus signature has identified the browser as malware.
D. A network based firewall is blocking the browser as it has been modified.

A network based firewall is blocking the browser as it has been modified.

Which of the following devices is MOST likely to be installed to prevent malicious attacks?

A. VPN concentrator
B. Firewall
C. NIDS
D. Protocol analyzer

Firewall

Which of the following would allow traffic to be redirected through a malicious machine by sending
false hardware address updates to a switch?
A. ARP poisoning
B. MAC spoofing
C. pWWN spoofing
D. DNS poisoning

MAC Spoofing

Which of the following protocols uses UDP port 69 by default?

A. Kerberos
B. TFTP
C. SSH
D. DNS

TFTP

Which of the following would a security administrator use to diagnose network issues?

A. Proxy
B. Host-based firewall
C. Protocol analyzer
D. Gateway

Protocol Analyzer

Which of the following should be implemented on a mobile phone to help prevent a conversation
from being captured?

A. Device encryption
B. Voice encryption
C. GPS tracking
D. Sniffer

Voice Encryption

A user wishes to encrypt only certain files and folders within a partition. Which of the following
methods should a technician recommend?

A. EFS
B. Partition encryption
C. Full disk
D. BitLocker

EFS

Centrally authenticating multiple systems and applications against a federated user database is an
example of:

A. smart card.
B. common access card.
C. single sign-on.
D. access control list.

Single Sign-On

Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?

A. Eavesdropping
B. Process hiding
C. Self-replication
D. Popup displays

Self-replication

A security administrator needs to implement a site-to-site VPN tunnel between the main office and
a remote branch. Which of the following protocols should be used for the tunnel?

A. RTP
B. SNMP
C. IPSec
D. 802.1X

IPSec

Which of the following uses tickets to identify users to the network?

A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos

Kerberos

Which of the following forensic artifacts is MOST volatile?

A. CD-ROM
B. Filesystem
C. Random access memory
D. Network topology

Filesystem

A security administrator notices an unauthorized vehicle roaming the area on company grounds.
The security administrator verifies that all network connectivity is up and running and that no
unauthorized wireless devices are being used to authenticate other devices; however, the
administrator does notice an unusual spike in bandwidth usage. This is an example of which of the
following attacks?

A. Rogue access point
B. Bluesnarfing
C. Evil twin
D. War driving

War driving

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts
B. Print baseline configuration
C. Enable access lists
D. Disable unused ports

Disable unused ports

Risk can be managed in the following ways EXCEPT:

A. mitigation.
B. acceptance.
C. elimination.
D. transference.

Mitigation

A security administrator needs to implement a wireless system that will only be available within a
building. Which of the following configurations can the administrator modify to achieve this?
(Select TWO).

A. Proper AP placement
B. Disable SSID broadcasting
C. Use CCMP
D. Enable MAC filtering
E. Reduce the power levels

Proper AP placement, Enable MAC Filter

Which of the following environmental variables reduces the potential for static discharges?

A. EMI
B. Temperature
C. UPS
D. Humidity

Humidity

Which of the following is an example of implementing security using the least privilege principle?

A. Confidentiality
B. Availability
C. Integrity
D. Non-repudiation

Availability

A user reports that the spreadsheet they use for the department will not open. The spreadsheet is
located on a server that was recently patched. Which of the following logs would the technician
review FIRST?

A. Access
B. Firewall
C. Antivirus
D. DNS

Access

Which of the following helps prevent a system from being fingerprinted?

A. Personal firewall
B. Complex passwords
C. Anti-spam software
D. OS patching

Personal Firewall

An attacker captures valid wireless traffic in hopes of transmitting it repeatedly to generate enough
traffic to discover the encryption key. Which of the following is the attacker MOST likely using?

A. War driving
B. Replay attack
C. Bluejacking
D. DNS poisoning

Replay Attack

Which of the following is an authentication method that uses symmetric key encryption and a key
distribution center?

A. MS-CHAP
B. Kerberos
C. 802.1x
D. EAP

Kerberos

Which of the following is a preventative physical security measure?

A. Video surveillance
B. External lighting
C. Physical access log
D. Access control system

Access Control System

An employee keeps getting pop-ups from a program on their computer stating it blocked an
attacking IP address. Which of the following security applications BEST explains this behavior?

A. Antivirus
B. Anti-spam
C. Personal firewall
D. Pop-up blocker

Personal Firewall

A Maintenance Manager requests that a new group be created for a new development project,
concerning power distribution, in order to email and setup conference meetings to the whole
project team. Which of the following group types would need to be created?

A. Default power users
B. Restricted group
C. Distribution
D. Security

Distribution

Which of the following is an example of data obfuscation within a data stream?

A. Cryptography
B. Steganography
C. Hashing
D. Fuzzing

Cryptography

See More

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording