100 terms
Sec+ Version 7 Set 1
Which of the following devices would be used to gain access to a secure network without affecting network connectivity?
A. Router
B. Vampire tap
C. Firewall
D. Fiber-optic splicer
A. Router
B. Vampire tap
C. Firewall
D. Fiber-optic splicer
Which of the following devices would be used to gain access to a secure network without affecting network connectivity?
B. Vampire tap
B. Vampire tap
Which of the following logical access control methods would a security administrator need to
modify in order to control network traffic passing through a router to a different network?
A. Configuring VLAN 1
B. ACL
C. Logical tokens
D. Role-based access control changes
modify in order to control network traffic passing through a router to a different network?
A. Configuring VLAN 1
B. ACL
C. Logical tokens
D. Role-based access control changes
Which of the following logical access control methods would a security administrator need to
modify in order to control network traffic passing through a router to a different network?
B. ACL
modify in order to control network traffic passing through a router to a different network?
B. ACL
Which of the following tools limits external access to the network?
A. IDS
B. VLAN
C. Firewall
D. DMZ
A. IDS
B. VLAN
C. Firewall
D. DMZ
Which of the following tools limits external access to the network?
C. Firewall
C. Firewall
Which of the following tools was created for the primary purpose of reporting the services that are open for connection on a networked workstation?
A. Protocol analyzer
B. Port scanner
C. Password crackers
D. Vulnerability scanner
A. Protocol analyzer
B. Port scanner
C. Password crackers
D. Vulnerability scanner
Which of the following tools was created for the primary purpose of reporting the services that are open for connection on a networked workstation?
B. Port scanner
B. Port scanner
Which of the following is MOST likely to be an issue when turning on all auditing functions within a system?
A. Flooding the network with all of the log information
B. Lack of support for standardized log review tools
C. Too much information to review
D. Too many available log aggregation tools
A. Flooding the network with all of the log information
B. Lack of support for standardized log review tools
C. Too much information to review
D. Too many available log aggregation tools
Which of the following is MOST likely to be an issue when turning on all auditing functions within a system?
C. Too much information to review
C. Too much information to review
Upon opening the browser, a guest user is redirected to the company portal and asked to agree to the acceptable use policy. Which of the following is MOST likely causing this to appear?
A. NAT
B. NAC
C. VLAN
D. DMZ
A. NAT
B. NAC
C. VLAN
D. DMZ
Upon opening the browser, a guest user is redirected to the company portal and asked to agree to the acceptable use policy. Which of the following is MOST likely causing this to appear?
B. NAC
B. NAC
USB devices with a virus delivery mechanism are an example of which of the following security threats?
A. Adware
B. Trojan
C. Botnets
D. Logic bombs
A. Adware
B. Trojan
C. Botnets
D. Logic bombs
USB devices with a virus delivery mechanism are an example of which of the following security threats?
B. Trojan
B. Trojan
Cell phones with network access and the ability to store data files are susceptible to which of the
following risks?
A. Input validation errors
B. SMTP open relays
C. Viruses
D. Logic bombs
following risks?
A. Input validation errors
B. SMTP open relays
C. Viruses
D. Logic bombs
Cell phones with network access and the ability to store data files are susceptible to which of the
following risks?
C. Viruses
following risks?
C. Viruses
When establishing a connection between two IP based routers, which of the following protocols is the MOST secure?
A. TFTP
B. HTTPS
C. FTP
D. SSH
A. TFTP
B. HTTPS
C. FTP
D. SSH
When establishing a connection between two IP based routers, which of the following protocols is the MOST secure
D. SSH
D. SSH
Which of the following algorithms provides better protection against brute force attacks by using a
160-bit message digest?
A. MD5
B. SHA-1
C. LANMAN
D. NTLM
160-bit message digest?
A. MD5
B. SHA-1
C. LANMAN
D. NTLM
Which of the following algorithms provides better protection against brute force attacks by using a
160-bit message digest?
B. SHA-1
160-bit message digest?
B. SHA-1
Which of the following access control technologies provides a rolling password for one-time use?
A. RSA tokens
B. ACL
C. Multifactor authentication
D. PIV card
A. RSA tokens
B. ACL
C. Multifactor authentication
D. PIV card
Which of the following access control technologies provides a rolling password for one-time use?
A. RSA tokens
A. RSA tokens
Which of the following technologies is used to verily that a file was not altered?
A. RC5
B. AES
C. DES
D. MD5
A. RC5
B. AES
C. DES
D. MD5
Which of the following technologies is used to verily that a file was not altered?
D. MD5
D. MD5
Which of the following uses an RC4 key that can be discovered by eavesdropping on plain text
initialization vectors?
A. WEP
B. TKIP
C. SSH
D. WPA
initialization vectors?
A. WEP
B. TKIP
C. SSH
D. WPA
Which of the following uses an RC4 key that can be discovered by eavesdropping on plain text
initialization vectors?
A. WEP
initialization vectors?
A. WEP
An administrator wants to crack passwords on a server with an account lockout policy. Which of
the following would allow this without locking accounts?
A. Try guessing passwords slow enough to reset the bad count interval.
B. Try guessing passwords with brute force.
C. Copy the password file offline and perform the attack on it.
D. Try only real dictionary words.
the following would allow this without locking accounts?
A. Try guessing passwords slow enough to reset the bad count interval.
B. Try guessing passwords with brute force.
C. Copy the password file offline and perform the attack on it.
D. Try only real dictionary words.
An administrator wants to crack passwords on a server with an account lockout policy. Which of
the following would allow this without locking accounts?
C. Copy the password file offline and perform the attack on it.
the following would allow this without locking accounts?
C. Copy the password file offline and perform the attack on it.
A user reports that each time they attempt to go to a legitimate website, they are sent to an
inappropriate website. The security administrator suspects the user may have malware on the
computer, which manipulated some of the user's files. Which of the following files on the user's
system would need to be checked for unauthorized changes?
A. SAM
B. LMhosts
C. Services
D. Hosts
inappropriate website. The security administrator suspects the user may have malware on the
computer, which manipulated some of the user's files. Which of the following files on the user's
system would need to be checked for unauthorized changes?
A. SAM
B. LMhosts
C. Services
D. Hosts
A user reports that each time they attempt to go to a legitimate website, they are sent to an
inappropriate website. The security administrator suspects the user may have malware on the
computer, which manipulated some of the user's files. Which of the following files on the user's
system would need to be checked for unauthorized changes?
D. Hosts
inappropriate website. The security administrator suspects the user may have malware on the
computer, which manipulated some of the user's files. Which of the following files on the user's
system would need to be checked for unauthorized changes?
D. Hosts
An administrator needs to limit and monitor the access users have to the Internet and protect the
internal network. Which of the following would MOST likely be implemented?
A. A heuristic firewall
B. DNS caching on the client machines
C. A pushed update modifying users' local host file
D. A content-filtering proxy server
internal network. Which of the following would MOST likely be implemented?
A. A heuristic firewall
B. DNS caching on the client machines
C. A pushed update modifying users' local host file
D. A content-filtering proxy server
An administrator needs to limit and monitor the access users have to the Internet and protect the
internal network. Which of the following would MOST likely be implemented?
D. A content-filtering proxy server
internal network. Which of the following would MOST likely be implemented?
D. A content-filtering proxy server
Which of the following is a malicious program used to capture information from an infected
computer?
A. Trojan
B. Botnet
C. Worm
D. Virus
computer?
A. Trojan
B. Botnet
C. Worm
D. Virus
Which of the following is a malicious program used to capture information from an infected
computer?
A. Trojan
computer?
A. Trojan
The security administrator needs to make a change in the network to accommodate a new remote location. The new location will be connected by a serial interface, off the main router, through a commercial circuit. This remote site will also have traffic completely separated from all other traffic.
Which of the following design elements will need to be implemented to accommodate the new
location?
A. VLANs need to be added on the switch but not the router.
B. The NAT needs to be re-configured to allow the remote location.
C. The current IP scheme needs to be subnetted.
D. The switch needs to be virtualized and a new DMZ needs to be created
Which of the following design elements will need to be implemented to accommodate the new
location?
A. VLANs need to be added on the switch but not the router.
B. The NAT needs to be re-configured to allow the remote location.
C. The current IP scheme needs to be subnetted.
D. The switch needs to be virtualized and a new DMZ needs to be created
The security administrator needs to make a change in the network to accommodate a new remote location. The new location will be connected by a serial interface, off the main router, through a commercial circuit. This remote site will also have traffic completely separated from all other traffic.
C. The current IP scheme needs to be subnetted
C. The current IP scheme needs to be subnetted
Which of the following is the MOST secure authentication method?
A. Smartcard
B. Iris
C. Password
D. Fingerprints
A. Smartcard
B. Iris
C. Password
D. Fingerprints
Which of the following is the MOST secure authentication method?
B. Iris
B. Iris
Mitigating security risks by updating and applying hot fixes is part of:
A. patch management.
B. vulnerability scanning.
C. baseline reporting.
D. penetration testing.
A. patch management.
B. vulnerability scanning.
C. baseline reporting.
D. penetration testing.
Mitigating security risks by updating and applying hot fixes is part of:
A. patch management.
A. patch management.
When reviewing IDS logs, the security administrator notices many events pertaining to a "NOOP sled". Which of the following attacks is occurring?
A. Man-in-the-middle
B. SQL injection
C. Buffer overflow
D. Session hijacking
A. Man-in-the-middle
B. SQL injection
C. Buffer overflow
D. Session hijacking
When reviewing IDS logs, the security administrator notices many events pertaining to a "NOOP sled". Which of the following attacks is occurring?
C. Buffer overflow
C. Buffer overflow
Which of the following is the MAIN difference between a hotfix and a patch?
A. Hotfixes follow a predetermined release schedule while patches do not.
B. Hotfixes are smaller than patches.
C. Hotfixes may be released at anytime and will later be included in a patch.
D. Patches can only be applied after obtaining proper approval, whilehotfixes do not need
management approval
A. Hotfixes follow a predetermined release schedule while patches do not.
B. Hotfixes are smaller than patches.
C. Hotfixes may be released at anytime and will later be included in a patch.
D. Patches can only be applied after obtaining proper approval, whilehotfixes do not need
management approval
Which of the following is the MAIN difference between a hotfix and a patch?
B. Hotfixes are smaller than patches.
B. Hotfixes are smaller than patches.
A vulnerability assessment was conducted against a network. One of the findings indicated an outdated version of software. This is an example of weak:
A. security policies.
B. patch management.
C. acceptable use policies.
D. configuration baselines.
A. security policies.
B. patch management.
C. acceptable use policies.
D. configuration baselines.
A vulnerability assessment was conducted against a network. One of the findings indicated an outdated version of software. This is an example of weak:
B. patch management.
B. patch management.
Which of the following tools can execute a ping sweep?
A. Protocol analyzer
B. Anti-virus scanner
C. Network mapper
D. Password cracker
A. Protocol analyzer
B. Anti-virus scanner
C. Network mapper
D. Password cracker
Which of the following tools can execute a ping sweep?
C. Network mapper
C. Network mapper
Which of the following is a newer version of SSL?
A. SSH
B. IPSec
C. TLS
D. L2TP
A. SSH
B. IPSec
C. TLS
D. L2TP
Which of the following is a newer version of SSL?
C. TLS
C. TLS
A technician visits a customer site which prohibits portable data storage devices. Which of the following items would be prohibited? (Select TWO).
A. USB Memory key
B. Bluetooth-enabled cellular phones
C. Wireless network detectors
D. Key card
E. Items containing RFID chips
A. USB Memory key
B. Bluetooth-enabled cellular phones
C. Wireless network detectors
D. Key card
E. Items containing RFID chips
A technician visits a customer site which prohibits portable data storage devices. Which of the following items would be prohibited? (Select TWO).
A. USB Memory key
B. Bluetooth-enabled cellular phones
A. USB Memory key
B. Bluetooth-enabled cellular phones
Which of the following is used when performing a qualitative risk analysis?
A. Exploit probability
B. Judgment
C. Threat frequency
D. Asset value
A. Exploit probability
B. Judgment
C. Threat frequency
D. Asset value
Which of the following is used when performing a qualitative risk analysis?
A. Exploit probability
A. Exploit probability
A certificate has been revoked, and the administrator has issued new keys. Which of the following must now be performed to exchange encrypted email?
A. Exchange private keys with each other
B. Recover old private keys
C. Recover old public keys
D. Exchange public keys with each other
A. Exchange private keys with each other
B. Recover old private keys
C. Recover old public keys
D. Exchange public keys with each other
A certificate has been revoked, and the administrator has issued new keys. Which of the following must now be performed to exchange encrypted email?
D. Exchange public keys with each other
D. Exchange public keys with each other
Exploitation of security vulnerabilities is used during assessments when which of the following is true?
A. Security testers have clear and written authorization to conduct vulnerability scans.
B. Security testers are trying to document vulnerabilities without impacting network operations.
C. Network users have permissions allowing access to network devices with security weaknesses.
D. Security testers have clear and written authorization to conduct penetration testing.
A. Security testers have clear and written authorization to conduct vulnerability scans.
B. Security testers are trying to document vulnerabilities without impacting network operations.
C. Network users have permissions allowing access to network devices with security weaknesses.
D. Security testers have clear and written authorization to conduct penetration testing.
Exploitation of security vulnerabilities is used during assessments when which of the following is true?
D. Security testers have clear and written authorization to conduct penetration testing
D. Security testers have clear and written authorization to conduct penetration testing
Which of the following should a technician deploy to detect malicious changes to the system and configuration?
A. Pop-up blocker
B. File integrity checker
C. Anti-spyware
D. Firewall
A. Pop-up blocker
B. File integrity checker
C. Anti-spyware
D. Firewall
Which of the following should a technician deploy to detect malicious changes to the system and configuration?
B. File integrity checker
B. File integrity checker
In order to prevent data loss in case of a disk error which of the following options would an
administrator MOST likely deploy?
A. Redundant connections
B. RAID
C. Disk striping
D. Redundant power supplies
administrator MOST likely deploy?
A. Redundant connections
B. RAID
C. Disk striping
D. Redundant power supplies
In order to prevent data loss in case of a disk error which of the following options would an
administrator MOST likely deploy?
B. RAID
administrator MOST likely deploy?
B. RAID
A technician has installed security software; shortly thereafter the response time slows
considerably. Which of the following can be used to determine the effect of the new software?
A. Event logs
B. System monitor
C. Performance monitor
D. Protocol analyzer
considerably. Which of the following can be used to determine the effect of the new software?
A. Event logs
B. System monitor
C. Performance monitor
D. Protocol analyzer
A technician has installed security software; shortly thereafter the response time slows
considerably. Which of the following can be used to determine the effect of the new software?
C. Performance monitor
considerably. Which of the following can be used to determine the effect of the new software?
C. Performance monitor
After installing database software the administrator must manually change the default
administrative password, remove a default database, and adjust permissions on specific files.
These actions are BEST described as:
A. vulnerability assessment.
B. mandatory access control.
C. application hardening.
D. least privilege
administrative password, remove a default database, and adjust permissions on specific files.
These actions are BEST described as:
A. vulnerability assessment.
B. mandatory access control.
C. application hardening.
D. least privilege
After installing database software the administrator must manually change the default
administrative password, remove a default database, and adjust permissions on specific files.
These actions are BEST described as:
B. mandatory access control.
administrative password, remove a default database, and adjust permissions on specific files.
These actions are BEST described as:
B. mandatory access control.
Which of the following is the BEST mitigation method to implement when protecting against a
discovered OS exploit?
A. NIDS
B. Patch
C. Antivirus update
D. HIDS
discovered OS exploit?
A. NIDS
B. Patch
C. Antivirus update
D. HIDS
Which of the following is the BEST mitigation method to implement when protecting against a
discovered OS exploit?
B. Patch
discovered OS exploit?
B. Patch
Which of the following is the primary concern of governments in terms of data security?
A. Integrity
B. Availability
C. Cost
D. Confidentiality
A. Integrity
B. Availability
C. Cost
D. Confidentiality
Which of the following is the primary concern of governments in terms of data security?
D. Confidentiality
D. Confidentiality
Which of the following is BEST used to change common settings for a large number of deployed
computers?
A. Group policies
B. Hotfixes
C. Configuration baselines
D. Security templates
computers?
A. Group policies
B. Hotfixes
C. Configuration baselines
D. Security templates
Which of the following is BEST used to change common settings for a large number of deployed
computers?
A. Group policies
computers?
A. Group policies
Which of the following solutions would a company be MOST likely to choose if they wanted to conserve rack space in the data center and also be able to manage various resources on the servers?
A. Install a manageable, centralized power and cooling system
B. Server virtualization
C. Different virtual machines on a local workstation
D. Centralize all blade servers and chassis within one or two racks
A. Install a manageable, centralized power and cooling system
B. Server virtualization
C. Different virtual machines on a local workstation
D. Centralize all blade servers and chassis within one or two racks
Which of the following solutions would a company be MOST likely to choose if they wanted to conserve rack space in the data center and also be able to manage various resources on the servers?
B. Server virtualization
B. Server virtualization
A rogue wireless network is showing up in the IT department. The network appears to be coming
from a printer that was installed. Which of the following should have taken place, prior to this
printer being installed, to prevent this issue?
A. Installation of Internet content filters to implement domain name kiting.
B. Penetration test of the network to determine any further rogue wireless networks in the area.
C. Conduct a security review of the new hardware to determine any possible security risks.
D. Implement a RADIUS server to authenticate all users to the wireless network.
from a printer that was installed. Which of the following should have taken place, prior to this
printer being installed, to prevent this issue?
A. Installation of Internet content filters to implement domain name kiting.
B. Penetration test of the network to determine any further rogue wireless networks in the area.
C. Conduct a security review of the new hardware to determine any possible security risks.
D. Implement a RADIUS server to authenticate all users to the wireless network.
A rogue wireless network is showing up in the IT department. The network appears to be coming
from a printer that was installed. Which of the following should have taken place, prior to this
printer being installed, to prevent this issue?
C. Conduct a security review of the new hardware to determine any possible security risks.
from a printer that was installed. Which of the following should have taken place, prior to this
printer being installed, to prevent this issue?
C. Conduct a security review of the new hardware to determine any possible security risks.
Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?
A. Eavesdropping
B. Process hiding
C. Self-replication
D. Popup displays
A. Eavesdropping
B. Process hiding
C. Self-replication
D. Popup displays
Which of the following characteristics distinguishes a virus from a rootkit, spyware, and adware?
C. Self-replication
C. Self-replication
Which of the following is used to generate keys in PKI?
A. AES
B. RSA
C. DES
D. 3DES
A. AES
B. RSA
C. DES
D. 3DES
Which of the following is used to generate keys in PKI?
B. RSA
B. RSA
Which of the following methods is a best practice for granting access to resources?
A. Add ACLs to computers; add computers to groups.
B. Add ACLs to users; add users to groups.
C. Add users to ACLs; add computers to groups.
D. Add groups to ACLs; add users and computers to groups.
A. Add ACLs to computers; add computers to groups.
B. Add ACLs to users; add users to groups.
C. Add users to ACLs; add computers to groups.
D. Add groups to ACLs; add users and computers to groups.
Which of the following methods is a best practice for granting access to resources?
D. Add groups to ACLs; add users and computers to groups.
D. Add groups to ACLs; add users and computers to groups.
Which of the following may cause a user, connected to a NAC-enabled network, to not be
prompted for credentials?
A. The user's PC is missing the authentication agent.
B. The user's PC is not fully patched.
C. The user's PC is not at the latest service pack.
D. The user's PC has out-of-date antivirus software.
prompted for credentials?
A. The user's PC is missing the authentication agent.
B. The user's PC is not fully patched.
C. The user's PC is not at the latest service pack.
D. The user's PC has out-of-date antivirus software.
Which of the following may cause a user, connected to a NAC-enabled network, to not be
prompted for credentials?
A. The user's PC is missing the authentication agent.
prompted for credentials?
A. The user's PC is missing the authentication agent.
When used to encrypt transmissions, which of the following is the MOST resistant to brute force
attacks?
A. SHA
B. MD5
C. 3DES
D. AES256
attacks?
A. SHA
B. MD5
C. 3DES
D. AES256
When used to encrypt transmissions, which of the following is the MOST resistant to brute force
attacks?
D. AES256
attacks?
D. AES256
Which of the following BEST describes how the private key is handled when connecting to a
secure web server?
A. The key is not shared and remains on the server
B. Anyone who connects receives the key
C. Only users from configured IP addresses received the key
D. All authenticated users receive the key
secure web server?
A. The key is not shared and remains on the server
B. Anyone who connects receives the key
C. Only users from configured IP addresses received the key
D. All authenticated users receive the key
Which of the following BEST describes how the private key is handled when connecting to a
secure web server?
A. The key is not shared and remains on the server
secure web server?
A. The key is not shared and remains on the server
A user visits their normal banking website. The URL is correct and the website is displayed in the
browser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by an
unknown authority. Which of the following has occurred?
A. Domain name kiting
B. Privilege escalation
C. Replay attack
D. Man-in-the-middle attack
browser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by an
unknown authority. Which of the following has occurred?
A. Domain name kiting
B. Privilege escalation
C. Replay attack
D. Man-in-the-middle attack
A user visits their normal banking website. The URL is correct and the website is displayed in the
browser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by an
unknown authority. Which of the following has occurred?
D. Man-in-the-middle attack
browser, but the user gets an SSL warning that the SSL certificate is invalid as it is signed by an
unknown authority. Which of the following has occurred?
D. Man-in-the-middle attack
A technician reviews the system log entries for an internal DNS server. Which of the following
entries MOST warrants further
A. DNS query from a source outside the organization
B. DNS query from a source inside the organization
C. Zone transfer to a source inside the organization
D. Zone transfer to a source outside the organization
entries MOST warrants further
A. DNS query from a source outside the organization
B. DNS query from a source inside the organization
C. Zone transfer to a source inside the organization
D. Zone transfer to a source outside the organization
A technician reviews the system log entries for an internal DNS server. Which of the following
entries MOST warrants further
D. Zone transfer to a source outside the organization
entries MOST warrants further
D. Zone transfer to a source outside the organization
Monitoring a computer's logs and critical files is part of the functionality of a
A. NIPS.
B. HIDS.
C. firewall.
D. honeypot.
A. NIPS.
B. HIDS.
C. firewall.
D. honeypot.
Monitoring a computer's logs and critical files is part of the functionality of a
B. HIDS.
B. HIDS.
Which of the following can be implemented as an OS hardening practice to mitigate risk?
A. Domain name kiting
B. Removable storage
C. Input validation
D. Security templates
A. Domain name kiting
B. Removable storage
C. Input validation
D. Security templates
Which of the following can be implemented as an OS hardening practice to mitigate risk?
D. Security templates
D. Security templates
Continuously documenting state and location of hardware from collection to disposition during a
forensic investigation is known as:
A. risk mitigation.
B. data handling.
C. chain of custody.
D. incident response.
forensic investigation is known as:
A. risk mitigation.
B. data handling.
C. chain of custody.
D. incident response.
Continuously documenting state and location of hardware from collection to disposition during a
forensic investigation is known as:
D. incident response.
forensic investigation is known as:
D. incident response.
Which of the following is an example of two factor authentication?
A. PIN and password
B. Smartcard and token
C. Smartcard and PIN
D. Fingerprint and retina scan
A. PIN and password
B. Smartcard and token
C. Smartcard and PIN
D. Fingerprint and retina scan
Which of the following is an example of two factor authentication?
C. Smartcard and PIN
C. Smartcard and PIN
Which of the following uses a three-way-handshake for authentication and is commonly used in PPP connections?
A. MD5
B. CHAP
C. Kerberos
D. SLIP
A. MD5
B. CHAP
C. Kerberos
D. SLIP
Which of the following uses a three-way-handshake for authentication and is commonly used in PPP connections?
B. CHAP
B. CHAP
A security analyst has been notified that one of the web servers has stopped responding to web
traffic. The network engineer also reports very high bandwidth utilization to and from the Internet.
Which of the following logs is MOST likely to be helpful in finding the cause and source of the
problem?
A. Access log
B. Event log
C. System log
D. Firewall log
traffic. The network engineer also reports very high bandwidth utilization to and from the Internet.
Which of the following logs is MOST likely to be helpful in finding the cause and source of the
problem?
A. Access log
B. Event log
C. System log
D. Firewall log
A security analyst has been notified that one of the web servers has stopped responding to web
traffic. The network engineer also reports very high bandwidth utilization to and from the Internet.
Which of the following logs is MOST likely to be helpful in finding the cause and source of the
problem?
C. System log
traffic. The network engineer also reports very high bandwidth utilization to and from the Internet.
Which of the following logs is MOST likely to be helpful in finding the cause and source of the
problem?
C. System log
Which of the following ports would need to be open to allow TFTP by default?
A. 69
B. 110
C. 137
D. 339
A. 69
B. 110
C. 137
D. 339
Which of the following ports would need to be open to allow TFTP by default?
A. 69
A. 69
Which of the following transmission types would an attacker most likely use to try to capture data
packets?
A. Shielded twisted pair
B. Fiberoptic
C. Bluesnarfing
D. Wireless
packets?
A. Shielded twisted pair
B. Fiberoptic
C. Bluesnarfing
D. Wireless
Which of the following transmission types would an attacker most likely use to try to capture data
packets?
D. Wireless
packets?
D. Wireless
Which of the following describes a port that is left open in order to facilitate access at a later date?
A. Honeypot
B. Proxy server
C. Open relay
D. Backdoor
A. Honeypot
B. Proxy server
C. Open relay
D. Backdoor
Which of the following describes a port that is left open in order to facilitate access at a later date?
D. Backdoor
D. Backdoor
Which of the following is often bundled with freely downloaded software?
A. Cookies
B. Logic bomb
C. Adware
D. Spam
A. Cookies
B. Logic bomb
C. Adware
D. Spam
Which of the following is often bundled with freely downloaded software?
C. Adware
C. Adware
Which of the following security types would require the use of certificates to verily a user's
identity?
A. Forensics
B. CRL
C. PKI
D. Kerberos
identity?
A. Forensics
B. CRL
C. PKI
D. Kerberos
Which of the following security types would require the use of certificates to verily a user's
identity?
C. PKI
identity?
C. PKI
Which of the following can increase risk? (Select TWO]
A. Vulnerability
B. Mantrap
C. Configuration baselines
D. Threat source
E. Mandatory vacations
A. Vulnerability
B. Mantrap
C. Configuration baselines
D. Threat source
E. Mandatory vacations
Which of the following can increase risk? (Select TWO]
A. Vulnerability
D. Threat source
A. Vulnerability
D. Threat source
An administrator believes a user is secretly transferring company information over the Internet. The network logs do not show any non-standard traffic going through the firewall. Which of the following tools would allow the administrator to better evaluate the contents of the network traffic?
A. Vulnerability scanner
B. Network anomaly detection
C. Protocol analyzer
D. Proxy server
A. Vulnerability scanner
B. Network anomaly detection
C. Protocol analyzer
D. Proxy server
An administrator believes a user is secretly transferring company information over the Internet. The network logs do not show any non-standard traffic going through the firewall. Which of the following tools would allow the administrator to better evaluate the contents of the network traffic?
C. Protocol analyzer
C. Protocol analyzer
Which of the following monitoring technology types is MOST dependent on receiving regular
updates?
A. Signature-based
B. Kerberos-based
C. Behavior-based
D. Anomaly-based
updates?
A. Signature-based
B. Kerberos-based
C. Behavior-based
D. Anomaly-based
Which of the following monitoring technology types is MOST dependent on receiving regular
updates?
A. Signature-based
updates?
A. Signature-based
A company has just recovered from a major disaster. Which of the following should signify the completion of a disaster recovery?
A. Verify all servers are back online and working properly.
B. Update the disaster recovery plan based on lessons learned.
C. Conduct post disaster recovery testing.
D. Verify all network nodes are back online and working properly.
A. Verify all servers are back online and working properly.
B. Update the disaster recovery plan based on lessons learned.
C. Conduct post disaster recovery testing.
D. Verify all network nodes are back online and working properly.
A company has just recovered from a major disaster. Which of the following should signify the completion of a disaster recovery?
B. Update the disaster recovery plan based on lessons learned.
B. Update the disaster recovery plan based on lessons learned.
Which of the following is a public key crypto system?
A. RSA
B. SHA-1
C. 3DES
D. MD5
A. RSA
B. SHA-1
C. 3DES
D. MD5
Which of the following is a public key crypto system?
A. RSA
A. RSA
A user tries to plug their laptop into the company's network and receives a warning that their patches and virus definitions are out-of-date. This is an example of which of the following mitigation techniques?
A. NAT
B. Honeypot
C. NAC
D. Subnetting
A. NAT
B. Honeypot
C. NAC
D. Subnetting
A user tries to plug their laptop into the company's network and receives a warning that their patches and virus definitions are out-of-date. This is an example of which of the following mitigation techniques?
C. NAC
C. NAC
A file has been compromised with corrupt data and might have additional information embedded
within it. Which of the following actions should a security administrator follow in order to ensure
data integrity of the file on that host?
A. Disable the wireless network and copy the data to the next available USB drive to protect the
data
B. Perform proper forensics on the file with documentation along the way.
C. Begin chain of custody for the document and disallow access.
D. Run vulnerability scanners and print all reports of all diagnostic results.
within it. Which of the following actions should a security administrator follow in order to ensure
data integrity of the file on that host?
A. Disable the wireless network and copy the data to the next available USB drive to protect the
data
B. Perform proper forensics on the file with documentation along the way.
C. Begin chain of custody for the document and disallow access.
D. Run vulnerability scanners and print all reports of all diagnostic results.
A file has been compromised with corrupt data and might have additional information embedded
within it. Which of the following actions should a security administrator follow in order to ensure
data integrity of the file on that host?
B. Perform proper forensics on the file with documentation along the way.
within it. Which of the following actions should a security administrator follow in order to ensure
data integrity of the file on that host?
B. Perform proper forensics on the file with documentation along the way.
Every company workstation contains the same software prior to being assigned to workers. Which of the following software options would give remote users the needed protection from outside attackers when they are outside of the company's internal network?
A. HIDS
B. Vulnerability scanner
C. Personal firewall
D. NIPS
A. HIDS
B. Vulnerability scanner
C. Personal firewall
D. NIPS
Every company workstation contains the same software prior to being assigned to workers. Which of the following software options would give remote users the needed protection from outside attackers when they are outside of the company's internal network?
C. Personal firewall
C. Personal firewall
To ensure users are logging into their systems using a least privilege method, which of the
following should be done?
A. Create a user account without administrator privileges.
B. Employ a BIOS password that differs from the domain password.
C. Enforce a group policy with the least amount of account restrictions.
D. Allow users to determine their needs and access to resources.
following should be done?
A. Create a user account without administrator privileges.
B. Employ a BIOS password that differs from the domain password.
C. Enforce a group policy with the least amount of account restrictions.
D. Allow users to determine their needs and access to resources.
To ensure users are logging into their systems using a least privilege method, which of the
following should be done?
A. Create a user account without administrator privileges.
following should be done?
A. Create a user account without administrator privileges.
A recent security audit shows an organization has been infiltrated with a former administrator's
credentials. Which of the following would be the BEST way to mitigate the risk of this vulnerability?
A. Conduct periodic audits of disaster recovery policies.
B. Conduct periodic audits of password policies.
C. Conduct periodic audits of user access and rights.
D. Conduct periodic audits of storage and retention policies.
credentials. Which of the following would be the BEST way to mitigate the risk of this vulnerability?
A. Conduct periodic audits of disaster recovery policies.
B. Conduct periodic audits of password policies.
C. Conduct periodic audits of user access and rights.
D. Conduct periodic audits of storage and retention policies.
A recent security audit shows an organization has been infiltrated with a former administrator's
credentials. Which of the following would be the BEST way to mitigate the risk of this vulnerability?
C. Conduct periodic audits of user access and rights.
credentials. Which of the following would be the BEST way to mitigate the risk of this vulnerability?
C. Conduct periodic audits of user access and rights.
A security administrator is analyzing the packet capture from an IDS triggered filter. The packet
capture shows the following string:
<scrip>source=http://www.evilsite.jp/evil.js</script>
Which of the following attacks is occurring?
A. SQL injection
B. Redirection attack
C. Cross-site scripting
D. XLM injection
capture shows the following string:
<scrip>source=http://www.evilsite.jp/evil.js</script>
Which of the following attacks is occurring?
A. SQL injection
B. Redirection attack
C. Cross-site scripting
D. XLM injection
A security administrator is analyzing the packet capture from an IDS triggered filter. The packet
capture shows the following string:
<scrip>source=http://www.evilsite.jp/evil.js</script>
Which of the following attacks is occurring?
C. Cross-site scripting
capture shows the following string:
<scrip>source=http://www.evilsite.jp/evil.js</script>
Which of the following attacks is occurring?
C. Cross-site scripting
A user wants to edit a file that they currently have read-only rights to; however, they are unable to provide a business justification, so the request is denied. This is the principle of:
A. separation of duties.
B. job-based access control
C. least privilege.
D. remote access policy.
A. separation of duties.
B. job-based access control
C. least privilege.
D. remote access policy.
A user wants to edit a file that they currently have read-only rights to; however, they are unable to provide a business justification, so the request is denied. This is the principle of:
C. least privilege.
C. least privilege.
Which of the following concepts addresses the threat of data being modified without authorization?
A. Integrity
B. Key management
C. Availability
D. Non-repudiation
A. Integrity
B. Key management
C. Availability
D. Non-repudiation
Which of the following concepts addresses the threat of data being modified without authorization?
A. Integrity
A. Integrity
An attacker sends packets to a host in hopes of altering the host's MAC table. Which of the
following is the attacker attempting to do?
A. Port scan
B. Privilege escalation
C. DNS spoofing
D. ARP poisoning
following is the attacker attempting to do?
A. Port scan
B. Privilege escalation
C. DNS spoofing
D. ARP poisoning
An attacker sends packets to a host in hopes of altering the host's MAC table. Which of the
following is the attacker attempting to do?
D. ARP poisoning
following is the attacker attempting to do?
D. ARP poisoning
Which of the following is a best practice for organizing users when implementing a least privilege model?
A. By function
B. By department
C. By geographic location
D. By management level
A. By function
B. By department
C. By geographic location
D. By management level
Which of the following is a best practice for organizing users when implementing a least privilege model?
A. By function
A. By function
Which of the following describes how long email messages are available in case of a subpoena?
A. Backup procedures
B. Retention policy
C. Backup policy
D. Email server configuration
A. Backup procedures
B. Retention policy
C. Backup policy
D. Email server configuration
Which of the following describes how long email messages are available in case of a subpoena?
B. Retention policy
B. Retention policy
Management would like to know if anyone is attempting to access files on the company file server.
Which of the following could be deployed to BEST provide this information?
A. Software firewall
B. Hardware firewall
C. HIDS
D. NIDS
Which of the following could be deployed to BEST provide this information?
A. Software firewall
B. Hardware firewall
C. HIDS
D. NIDS
Management would like to know if anyone is attempting to access files on the company file server.
Which of the following could be deployed to BEST provide this information?
C. HIDS
Which of the following could be deployed to BEST provide this information?
C. HIDS
Which of the following is the correct risk assessment equation?
A. Risk = exploit x number of systems x cost of asset
B. Risk = infections x number of days infected x cost of asset
C. Risk = threat x vulnerability x cost of asset
D. Risk = vulnerability x daysunpatched x cost of asset
A. Risk = exploit x number of systems x cost of asset
B. Risk = infections x number of days infected x cost of asset
C. Risk = threat x vulnerability x cost of asset
D. Risk = vulnerability x daysunpatched x cost of asset
Which of the following is the correct risk assessment equation?
C. Risk = threat x vulnerability x cost of asset
C. Risk = threat x vulnerability x cost of asset
Which of the following is of the GREATEST concern in regard to a rogue access point?
A. Rogue access points are hard to find and remove from the network.
B. Rogue access points can scan the company's wireless networks and find other unencrypted
and rouge access points
C. The radio signal of the rogue access point interferes with company approved access points.
D. Rogue access points can allow unauthorized users access the company's internal networks.
A. Rogue access points are hard to find and remove from the network.
B. Rogue access points can scan the company's wireless networks and find other unencrypted
and rouge access points
C. The radio signal of the rogue access point interferes with company approved access points.
D. Rogue access points can allow unauthorized users access the company's internal networks.
Which of the following is of the GREATEST concern in regard to a rogue access point?
D. Rogue access points can allow unauthorized users access the company's internal networks.
D. Rogue access points can allow unauthorized users access the company's internal networks.
The process of validating a user's claimed identity is called
A. identification.
B. authorization.
C. validation.
D. repudiation.
A. identification.
B. authorization.
C. validation.
D. repudiation.
The process of validating a user's claimed identity is called
A. identification.
A. identification.
Which of the following is a benefit of utilizing virtualization technology?
A. Lowered cost of the host machine
B. Less overhead cost of software licensing
C. Streamline systems to a single OS
D. Fewer systems to monitor physical access
A. Lowered cost of the host machine
B. Less overhead cost of software licensing
C. Streamline systems to a single OS
D. Fewer systems to monitor physical access
Which of the following is a benefit of utilizing virtualization technology?
D. Fewer systems to monitor physical access
D. Fewer systems to monitor physical access
The security administrator wants to increase the cipher strength of the company's internal root
certificate. Which of the following would the security administer use to sign a stronger root
certificate?
A. Certificate authority
B. Registration authority
C. Key escrow
D. Trusted platform module
certificate. Which of the following would the security administer use to sign a stronger root
certificate?
A. Certificate authority
B. Registration authority
C. Key escrow
D. Trusted platform module
The security administrator wants to increase the cipher strength of the company's internal root
certificate. Which of the following would the security administer use to sign a stronger root
certificate?
A. Certificate authority
certificate. Which of the following would the security administer use to sign a stronger root
certificate?
A. Certificate authority
Which of the following describes a semi-operational site that in the event of a disaster, IT operations can be migrated?
A. Hot site
B. Warm site
C. Mobile site
D. Cold site
A. Hot site
B. Warm site
C. Mobile site
D. Cold site
Which of the following describes a semi-operational site that in the event of a disaster, IT operations can be migrated?
B. Warm site
B. Warm site
Which of the following devices hooks into a LAN and captures traffic?
A. Protocol analyzer
B. Protocol filter
C. Penetration testing tool
D. Vulnerability assessment tool
A. Protocol analyzer
B. Protocol filter
C. Penetration testing tool
D. Vulnerability assessment tool
Which of the following devices hooks into a LAN and captures traffic?
A. Protocol analyzer
A. Protocol analyzer
When assessing a network containing resources that require near 100% availability, which of the following techniques should be employed to assess overall security?
A. Penetration testing
B. Vulnerability scanning
C. User interviews
D. Documentation reviews
A. Penetration testing
B. Vulnerability scanning
C. User interviews
D. Documentation reviews
When assessing a network containing resources that require near 100% availability, which of the following techniques should be employed to assess overall security?
B. Vulnerability scanning
B. Vulnerability scanning
Which of the following would MOST likely contain a <SCRIPT> tag?
A. Cookies
B. XSS
C. DOS
D. Buffer overflow
A. Cookies
B. XSS
C. DOS
D. Buffer overflow
Which of the following would MOST likely contain a <SCRIPT> tag?
B. XSS
B. XSS
Which of the following is a reason why wireless access points should not be placed near a
building's perimeter?
A. Rouge access points
B. Vampire taps
C. Port scanning
D. War driving
building's perimeter?
A. Rouge access points
B. Vampire taps
C. Port scanning
D. War driving
Which of the following is a reason why wireless access points should not be placed near a
building's perimeter?
D. War driving
building's perimeter?
D. War driving
A new enterprise solution is currently being evaluated due to its potential to increase the
company's profit margins. The security administrator has been asked to review its security implications. While evaluating the product, various vulnerability scans were performed. It was determined that the product is not a threat but has the potential to introduce additional vulnerabilities. Which of the following assessment types should the security administrator also take into consideration while evaluating this product?
A. Threat assessment
B. Vulnerability assessment
C. Code assessment
D. Risk assessment
company's profit margins. The security administrator has been asked to review its security implications. While evaluating the product, various vulnerability scans were performed. It was determined that the product is not a threat but has the potential to introduce additional vulnerabilities. Which of the following assessment types should the security administrator also take into consideration while evaluating this product?
A. Threat assessment
B. Vulnerability assessment
C. Code assessment
D. Risk assessment
A new enterprise solution is currently being evaluated due to its potential to increase the
company's profit margins. The security administrator has been asked to review its security implications. While evaluating the product, various vulnerability scans were performed. It was determined that the product is not a threat but has the potential to introduce additional vulnerabilities. Which of the following assessment types should the security administrator also take into consideration while evaluating this product?
D. Risk assessment
company's profit margins. The security administrator has been asked to review its security implications. While evaluating the product, various vulnerability scans were performed. It was determined that the product is not a threat but has the potential to introduce additional vulnerabilities. Which of the following assessment types should the security administrator also take into consideration while evaluating this product?
D. Risk assessment
Which of the following tools BEST identifies the method an attacker used after they have entered
into a network?
A. Input validation
B. NIDS
C. Port scanner
D. HIDS
into a network?
A. Input validation
B. NIDS
C. Port scanner
D. HIDS
Which of the following tools BEST identifies the method an attacker used after they have entered
into a network?
B. NIDS
into a network?
B. NIDS
Which of the following is a major risk associated with cloud computing?
A. Loss of physical control over data
B. Increased complexity of qualitative risk assessments
C. Smaller attack surface
D. Data labeling challenges
A. Loss of physical control over data
B. Increased complexity of qualitative risk assessments
C. Smaller attack surface
D. Data labeling challenges
Which of the following is a major risk associated with cloud computing?
A. Loss of physical control over data
A. Loss of physical control over data
Which of the following is MOST likely the reason why a security administrator would run a Nessus
report on an important server?
A. To analyze packets and frames
B. To report on the performance of the system
C. To scan for vulnerabilities
D. To enumerate and crack weak system passwords
report on an important server?
A. To analyze packets and frames
B. To report on the performance of the system
C. To scan for vulnerabilities
D. To enumerate and crack weak system passwords
Which of the following is MOST likely the reason why a security administrator would run a Nessus
report on an important server?
C. To scan for vulnerabilities
report on an important server?
C. To scan for vulnerabilities
Which of the following BEST describes how the mandatory access control (MAC) method works?
A. It is an access policy based on a set of rules.
B. It is an access policy based on the role that the user has in an organization.
C. It is an access policy based on biometric technologies.
D. It is an access policy that restricts access to objects based on security clearance.
A. It is an access policy based on a set of rules.
B. It is an access policy based on the role that the user has in an organization.
C. It is an access policy based on biometric technologies.
D. It is an access policy that restricts access to objects based on security clearance.
Which of the following BEST describes how the mandatory access control (MAC) method works?
D. It is an access policy that restricts access to objects based on security clearance.
D. It is an access policy that restricts access to objects based on security clearance.
Using a smartcard and a physical token is considered how many factors of authentication?
A. One
B. Two
C. Three
D. Four
A. One
B. Two
C. Three
D. Four
Using a smartcard and a physical token is considered how many factors of authentication?
A. One
A. One
Which of the following protocols is considered more secure than SSL?
A. TLS
B. WEP
C. HTTP
D. Telnet
A. TLS
B. WEP
C. HTTP
D. Telnet
Which of the following protocols is considered more secure than SSL?
A. TLS
A. TLS
A NIDS monitoring traffic on the public-side of a firewall provides which of the following?
A. Faster alerting to internal compromises
B. Intelligence about external threats
C. Protection of the external firewall interface
D. Prevention of malicious traffic
A. Faster alerting to internal compromises
B. Intelligence about external threats
C. Protection of the external firewall interface
D. Prevention of malicious traffic
A NIDS monitoring traffic on the public-side of a firewall provides which of the following?
B. Intelligence about external threats
B. Intelligence about external threats
Which of the following is an important part of disaster recovery training?
A. Schemes
B. Storage locations
C. Chain of custody
D. Table top exercises
A. Schemes
B. Storage locations
C. Chain of custody
D. Table top exercises
Which of the following is an important part of disaster recovery training?
D. Table top exercises
D. Table top exercises
Which of the following would a network administrator implement to control traffic being routed between networks or network segments in an effort to preserve data confidentiality?
A. NAT
B. Group policies
C. Password policies
D. ACLs
A. NAT
B. Group policies
C. Password policies
D. ACLs
Which of the following would a network administrator implement to control traffic being routed between networks or network segments in an effort to preserve data confidentiality?
D. ACLs
D. ACLs
The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it. Which of the following MUST be implemented to allow this type of authorization?
A. Use of digital certificates
B. Use of public keys only
C. Use of private keys only
D. Use of public and private keys
A. Use of digital certificates
B. Use of public keys only
C. Use of private keys only
D. Use of public and private keys
The security administrator wants each user to individually decrypt a message but allow anybody to encrypt it. Which of the following MUST be implemented to allow this type of authorization?
D. Use of public and private keys
D. Use of public and private keys
A security administrator is analyzing the packet capture from an IDS triggered filter. The packet
capture shows the following string:
a or1 ==1--
Which of the following attacks is occurring?
A. Cross-site scripting
B. XML injection
C. Buffer overflow
D. SQL injection
capture shows the following string:
a or1 ==1--
Which of the following attacks is occurring?
A. Cross-site scripting
B. XML injection
C. Buffer overflow
D. SQL injection
A security administrator is analyzing the packet capture from an IDS triggered filter. The packet
capture shows the following string:
a or1 ==1--
Which of the following attacks is occurring?
D. SQL injection
capture shows the following string:
a or1 ==1--
Which of the following attacks is occurring?
D. SQL injection
Which of the following has been implemented if several unsuccessful login attempts were made in a short period of time denying access to the user account, and after two hours the account
becomes active?
A. Account lockout
B. Password expiration
C. Password disablement
D. Screen lock
becomes active?
A. Account lockout
B. Password expiration
C. Password disablement
D. Screen lock
Which of the following has been implemented if several unsuccessful login attempts were made in a short period of time denying access to the user account, and after two hours the account
becomes active?
A. Account lockout
becomes active?
A. Account lockout
Which of the following BEST describes an intrusion prevention system?
A. A system that stops an attack in progress.
B. A system that allows an attack to be identified.
C. A system that logs the attack for later analysis.
D. A system that serves as ahoneypot.
A. A system that stops an attack in progress.
B. A system that allows an attack to be identified.
C. A system that logs the attack for later analysis.
D. A system that serves as ahoneypot.
Which of the following BEST describes an intrusion prevention system?
A. A system that stops an attack in progress.
A. A system that stops an attack in progress.
In the event of a disaster, in which the main datacenter is immediately shutdown, which of the following would a company MOST likely use with a minimum Recovery Time Objective?
A. Fault tolerance
B. Hot site
C. Cold site
D. Tape backup restoration
A. Fault tolerance
B. Hot site
C. Cold site
D. Tape backup restoration
In the event of a disaster, in which the main datacenter is immediately shutdown, which of the following would a company MOST likely use with a minimum Recovery Time Objective?
B. Hot site
B. Hot site
Which of the following methods involves placing plain text data within a picture or document?
A. Steganography
B. Digital signature
C. Transport encryption
D. Stream cipher
A. Steganography
B. Digital signature
C. Transport encryption
D. Stream cipher
Which of the following methods involves placing plain text data within a picture or document?
A. Steganography
A. Steganography